* Posts by HighTension

54 publicly visible posts • joined 11 Feb 2016


Tesla owners in deep freeze discover the cold, hard truth about EVs


My '17 Leaf has a reversible heat pump (and LED lights) - but the lower trim has only resistive heat (and incandescent lights). Not sure on the current models.


Raynauds? I have that and it's horrible. Once went fishing on a Welsh hill lock in August. Rain moved in, the fish stopped rising, and by the time I got back to the car I could not feel the keys in my pocket. I had to tip the pocket upside down to drop then out and manipulate the key with what felt like two lumps of frozen chicken. And the pain as they started to thaw out, not much fun.

Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections


If the friendly CA is under their control, what is there to stop them getting a cert for ANY domain with a new private key and impersonating another way, eg mandated DNS hijacking (for anti-piracy, or "protecting kids", MITMs forcibly installed at ISPs/peering points, etc? Even typojacking would get them something.

Red Hat strikes a crushing blow against RHEL downstreams


Re: I am surprised that IBM took this long

Have a look at Foreman, it's the upstream for Satellite. With Katello it can manage deb and rpm based products.

Follow the instructions to start installing it on Rocky/Alma and to get Puppet and Katello integration use this installer command line:

foreman-installer --scenario katello --enable-foreman-plugin-puppetdb --foreman-proxy-puppet true --foreman-proxy-puppetca true --enable-foreman-plugin-puppet --enable-foreman-proxy --enable-foreman-compute-ovirt --enable-foreman-compute-libvirt --enable-foreman-plugin-remote-execution --enable-foreman-cli-puppet --enable-puppet --puppet-server true --puppet-server-environment-class-cache-enabled true

Create products for your deb-based distros and work from there. You can use Puppet, Ansible, Salt or Chef plugins to manage your servers. With Puppet you can use Chocolately to manage Windows packages too.

Microsoft changes the way it certifies network cards for Windows Server


What shocked me about Storage Spaces Direct is that they will not support a mirrored cluster if the two storage hosts are not in the same room (within 5m). We asked if they would support a cluster with a 15m separation (2 buildings on the same site with 2 dedicated fibres for cluster and a resilient topology for other VLANs) and they said "no".


If a NIC can't push and pull packets at its rated speed across all possible workloads (not regarding any kind of acceleration) surely it's a) garbage or b) the OS is garbage and is unable to use it optimally?

Yes, there are some bad 10Gb+ NICs out there, but generally they make themselves evident pretty quickly on any workload. Intel, Mellanox and Broadcom enterprise adapters all work well enough in Linux in my experience. Or is this only about SR-IoV or PCI passthrough to Hyper-V usage?

Terminal downgrade saves the day after a client/server heist


Re: Green screens were great!

Similar memories from UCL in the mid 90's. We had VT100/220s in the halls connected to the timesharing system. You could log in with your IS account, browse the web with Lynx, get your mail with mutt or pine, and telnet to the library system to reserve books/manuscripts - I even used to dial in from home (direct modem PAD connection) just before the end of holidays and reserve books for the upcoming courses - I was altruistic and offered to tell others when I'd deposited them, or take requests for copies. You could also access library databases from many other institutions across the greater London area, eg the resource centre at Harrow/Northwick Park which had a lot of periodicals not available in the college libraries (you couldn't reserve without a library card though, but that was free to register for in person and then you were sorted).

Using the RS/6000 terminals with their 1600x1200 CRTs was also a joy - they were the first to get web browsers (Mosaic and later pre-1.0 Netscape) and you could just pop open another xterm to telnet into what you needed. Still didn't master LaTeX though, one day I will!

Don't be a fool, cover your tool: How IBM's mighty XT keyboard was felled by toxic atmosphere of the '80s


Re: I miss IBM keyboards

I've got a Redragon K552 now after a number of Model Ms started failing after a spill (they seem to have got more fragile as they age). For 30 quid or so it's a really nice keyboard.

Play stupid games, win stupid prizes: UK man gets 3 years for torching 4G phone mast over 5G fears


Re: EM proliferation

Oh FFS, are you a troll or simply an imbecile? We *can not* by definition be 100% certain that B will always follow A, that the sun will rise tomorrow, that the LHC won't suck the solar system into its own black hole, that we won't all die within 1 year of COVID, that god does or doesn't exist, that it's safe to eat red meat, white meat, eggs, milk, carrots, alfalfa, or carburettors.

There is no, I repeat *no* way to say "this thing is 100% safe, for everyone, under every possible circumstance. We simply cannot be because to be 100% certain of that we'd have to know the entire future, and every possible future. The only thing we can do is:

a) observe the universe and form a conjecture

b) formally state that conjecture and propose one or more methods of testing it

c) test the above

d) ask others to retest the conjectures with the same methods to confirm or otherwise

e) the above with other documented methods

f) rinse and repeat until a pattern emerges

Even if we repeat b-f a trillion times and all the results point to the conjecture being correct, we can never say it's certain. Newton's laws of motion were seen as certain until Einstein came along.

It's just the same thing to try to say "This type of phone signal is 100% safe, forever" - we can never prove that conclusively, but we can say "on the basis of all experience so far, it is far more likely that 5G is safe than it is unsafe for general exposure".

If you find this difficult, please tell me how homeopathy and herbal medicine has never lead to any deaths worldwide (because it's natural!).


Re: 3 years for a terrorist offence ?

Quote: As to the effects of lifelong exposure to these particular radiations, this logically can not be known by anyone until scientifically sufficient subjects that have lived with these radiation for all their life are both dead and cleared of significant impact.

And this will never be know precisely because 100% of people die at some point of many other "causes" that are in some cases educated guesses and in others "old age". Can you tell me the precise day *you* will die and from what cause? Can you give the precise sequence of events that lead to the death of those you have known who have departed? I understand the yearning for certainty, to be able to know exactly what we should seek and what we should avoid - but our universe just doesn't work like that. In fact, I think it would take the value out of all human happiness and joy if we could predict our lives with complete certainty - we have to evaluate risks and choose to accept, ignore or avoid them, and there by the grace of God go we...

Quote: So for my part your statements and claims of knowing what you are talking about are unbelievable. This does not mean that I know either but at least I am willing to live and let live whilst waiting for impartial validation by people who have the skills and the evidence to back up their statements.

I don't understand what you mean by "impartial". I get the feeling you think that means someone who agrees with you. I'll give you a clue - if a majority of well informed and qualified people using or trusting in the scientific method (not that it's always perfect - but it's sure as hell better than most other ways of predicting outcomes) disagree with you - regardless of political views or state affiliation - there stands a very high possibility that you may be mistaken and misguided. It's not certain, but highly probable.

There's a 0.00000000001% chance I'll step on a stonefish and die next time I go on holiday. I will still choose to take that holiday as the benefit outweighs the risk. I'll leave the exercise of evaluating the benefits of ubiquitous, high speed, low-latency IP connectivity versus the risks for others.


Re: If the offender is indeed insane -

Really? Can you give me a peer-reviewed paper (or preferably more), and then maybe a review of other studies, that clearly demonstrates a deleterious effect from "5G radiation". I think you'll find it hard to come up with anything credible

What most miss it that 5G, by and large, will be using the same bands as 4G when not in dense urban environments. When it is used in dense urban areas, that's where the higher frequency bands come into play - short range, very low power - in fact made even lower by the ability to use active phased array antennas to send the power where needed rather than spaffing kilowatts in all directions from the dreaded "mast on top of a primary school" in the hope it will get to a subscriber - in all ways it's much less exposure for everyone - people near the access points and the users themselves.

Newer encoding techniques mean even in the "traditional" scenario with more remote base stations (NB, still on the same bands as 4G), you'll get a better connection with *less* power radiating into your head.

This is all just Physics and Information Theory - it's all out there to read for free, but if you choose to ignore decades experimental results and all the studies confounding EMF sensitivity (ie people would respond to a fake flashing light on a fake router almost 100% of the time and a real WiFi signal <0.1% of the time) please feel free to go and live in the wilderness and eat roadkill rather than moaning about the very tech you're using to comment here.

And what the hell your comparison with running ethernet via my house is, I have no idea - I'd love it if I could get gigabit here and share it with others. Are you using a psychic connection to el Reg by any chance?


Re: 3 years for a terrorist offence ?

I think you'll find that there is no such thing as "EM Proliferation". If anything, you are probably exposed to far less EMF than you were 20 years ago with only 2G phones, DECT stilll in nappies and far more local overhead cables than now. Modern electronics and software means we need far less power in watts to reach each other than we ever did. We can even communicate "below the noise floor" thanks to experimentation by both amateurs and the military. 5G is another leap in that direction, especially with microcells - instead of your phone ramping up to 5 or 10 watts to reach the cell over the hill, you'll be running microwatts to get to your nearest lamp post or traffic light. Your brain therefore should avoid the roasting that you are probably already suffering every time you call your co-conspiracy-theorist mates.


Re: If the offender is indeed insane -

Anytime - I'll charge you £250 pcm per metre of cable inside my house for 5e. Cat6 or higher £300 per month. Setup fee £15k, as I need a new heating system, fridge freezer and oven.That's clearly not going to be of much use if you don't live in North Herts, but you can't always get what you want.

Watt the f... Dim smart meters caught simply making up readings


Re: pah....

I think that was before SMETS2 came along which was much more strict on standardisation and has as one if its goals the ability to seamlessly change supplier. Don't forget that the government has been the opposite of the energy suppliers' best mate in recent years, setting price caps that have seen even the biggest fall, and even before that they were (justly) legislated into changing their methods of "customer retention". Smaller players like Ovo and Octopus have changed the market radically since the days of the "big three".

In fact it is possible under SMETS2 to enable a full bid/place energy market, switching tariffs and even suppliers in real-time as demand ad supply change. It's also designed to enable consumers to become suppliers and offer their own energy (eg from PV, wind) back onto the market.

Someone else also mentioned having to change in-home display when you switch - hint - you don't if you buy one from the people that make it (disclaimer - I work for an IHD company).

It's a no to ZFS in the Linux kernel from me, says Torvalds, points finger of blame at Oracle licensing


Re: Hypocritical

zfsonlinux isn't FUSE, it's a kernel module. I don't think anyone uses the FUSE implementation any more.

Delayed, over-budget smart meters will be helpful – when Blighty enters 'Star Trek phase'


Re: You learn something new everyday

Cwtch is the new hygge.


You don't need a smart meter for that though - just an in-home Display with a remote that has clamp meters on your incoming main. (Disclaimer, I work for an IHD company).

The D in Systemd is for Directories: Poettering says his creation will phone /home in future


Re: That was a serious breath of fresh nerdiness

Bloody hell, another immediate vote-down with no reply to the comment. Voter - have you ever heard of the "Clipper Chip"? Read Schneier's "Practical Cryptography" or Singh's "Crypto", or Sterling's "Hacker Crackdown"? TPM actually turned out to be useful in locked-down environments, but not solely "locked OS" ones. Poettering does some good things, and some bad. I think Pulseaudio is the best compromise so far on sound in Linux. networkd and systemd not so much - solving problems that upstart and NM had already solved adequately.


Re: That was a serious breath of fresh nerdiness

I think that's exactly the wrong place to put trust. Look at the controversy around TPM when it was first introduced, and internal memos from Microsoft were leaked saying how great it was that they could leverage their OEM market by ensuring the TPM would not allow the installation of anything other than Windows. I think the backlash on that revelation was what ended the Ballmer era and paved the way for the increased openness we see today (and the "Internet will never amount to anything" misjudgement).

What I don't like at all about Poettering's outputs is that it's just way to complicated and intertwined with so may other parts of systemd, instead of being just one reusable part in a chain. The opacity and "tight integration" to the point of being monolithic is frustrating. The learning curve is fine when it works, but appalling when it goes wrong, as it's really hard to pin down what is really misbehaving and how to fix it. OTOH, yes, it's faster to boot, easier to integrate your own services and targets with no real shell knowledge and its ability to safely override distro installed scripts is great.

And worse, the "pluggability" breeds repeated reinvention of the wheel, eg /etc/network or /etc/sysconfig/network moving to NetworkManager, and now on Ubuntu to the terrible netplan. You cannot even properly set MTUs on bridge interfaces - it just takes what the parent interface has. As a sysadmin/architect of 20 years experience I like the results of a configuration to match the documented ones.


Re: That was a serious breath of fresh nerdiness

In 1998? I don't remember NT3 or 4 having any such provision, and ME and 98 were laughable in terms of security (oh the joys of unpassworded access to C$ shares on US cable networks, had some juvenile fun with that!). I may be wrong, I'm officially ancient in IT terms.

Migrating an Exchange Server to the Cloud? What could possibly go wrong?


One more reason to avoid exchange then?

I can't even begin to imagine how that upgrade path was allowed. Glad I've never had to use it, and have always administrated standards-based IMAP and SMTP systems that just used AD, as, well, a directory!

Tesla touts totally safe, not at all worrying self-driving cars – this time using custom chips


Re: Benchmarks and other deceptions

You don't even need to steer down Cornish/Devon lanes. You just bounce off the sides. Preferably in a beat-up defender just after last orders while wearing wellies.

User secures floppies to a filing cabinet with a magnet, but at least they backed up daily... right?


Re: Then there is the "send me a copy"

Yep, auditors. **** then ten times sideways for their stupid requests. I had one ask me for "a screenshot" of the firewall rules. I tried to explain that it was a headless system but they would not listen. So I printed out all of the (text based) config files (Shorewall) and they seemed OK with that. A week later they wanted a printout of a screenshot of "all share, directory and file permissions". So, let's do the "obey to the letter even if it's stupid" thing...

We ran a Samba NT domain, so again no GUI to shoot. So I go to the root of the shares on the fileserver and do a "getfacl -R | nc <IP of my desktop:port>" and on my desktop piped the "nc -l <port>" stream via lpr straight to the little printer we'd set up on their desk. After page 1000 they begged us to stop (little desktop HP laser, 50 page paper capacity) as she couldn't print out any of her interim reports. Amazingly they stopped bothering us and accepted somewhat more concise reports the next day.

What the hell do they do going into a big bank with a mainframe?

NB total output would have been 75,000 pages in the Courier font that HP Laserjets use when printing plain text...

Microsoft reveals terrible trio of bugs that knocked out Azure, Office 362.5 multi-factor auth logins for 14 hours


Yes, all those Windows supercomputers in the Top500 sure are impressive!

Official: IBM to gobble Red Hat for $34bn – yes, the enterprise Linux biz


Re: And no mention of JBoss?

Perfectly forkable, However RH do produce the only vaguely reliable version of GlusterFS (I've tried the community version more than enough times, thanks very much!).

Blueprint of modern construction can be found in a tech cluster... of 19th century England


And Shropshire and the Marches have some fantastic pubs!

Dead retailer's 'customer data' turns up on seized kit, unencrypted and very much for sale



Someone seems to be randomly downvoting completely innocuous posts here. Can't fathom what they are getting out of it...



Just get a 10 tonne or higher hydraulic press from a DIY/Car repair retailer. Much cheaper and essentially the same thing. Manual 10 tonne presses are probably $300-400.

They will easily crack the cases of any drive, bend the platters to hell and strip the hub from the middle. With glass platters you get a satisfying crunch and tinkle as they shatter!

Sitting pretty in IPv4 land? Look, you're gonna have to talk to IPv6 at some stage


Re: Never!

@Charles9 One of the commentards was talking about a Home/SOHO router. You have to assume in this case that most devices behind it will be trying to talk to something on the outside (looking for updates, phoning home, checking for mail/tweets etc). And if nothing is connecting in or out you'd not really need any NAT awyway!


Re: Never!

Because, in the absence of a firewall, they can probe all ports on the public IP, and if they find any open, one or more of those could be the open external port of a NATed session. If they connect to said IP/port, they can reach the device behind the NAT.


Re: Never!

Thanks for your support Chronos. Unfortunately it seems stating facts is not a way to popularity. Perhaps it was the wording "with no NAT", which I should have phrased as "no requirement for NAT".

Having end-to-end addressing is also vastly more convenient for difficult protocols like SIP/RTP, IPSec, FTP and so on, without having to work around endless brain-dead ALGs and helpers that never work properly.


Re: Never!

With /horrible/ things like uPNP on consumer routers (which more often than not implement it and other things badly or incorrectly), it's not NAT that really provides the real security, it's the firewall (which on every consumer router I've seen in the last decade is turned on by default).

And just to reiterate, at no point did I claim that NAT is not possible with IPv6. It's just not necessary.


Re: Never!

Can you point out exactly where I said that? All I was trying to point out is that you don't really /need/ NAT for IPv6 and it certainly doesn't automatically mean any real loss of security. I see I know have ten thumbs down for a technically correct post!


Re: Never!

Wow, two thumbs down for that! Some real IPv6 loathing on here!


Re: Never!

NAT is *not* a security feature! Firewall policies and rules are applicable to IPv6 in the same way as IPv4. Eg in shorewall, a policy for a simple two-interface firewall looks like:


int net ACCEPT

fw net ACCEPT

all all DROP info

works equally well for both - accept outbound connections from the internal network and the firewall, drop and log everything else. It's really not that complicated, and with no NAT way more flexible (no more port-forwarding!)

Um, excuse me. Do you have clearance to patch that MRI scanner?


Re: obvious solution ...

The closest you could probably get is a set of separate VLANs for medical devices with NAC and a heavily locked down layer2 firewall. Given that WannaCry by all accounts only affected admin functions this may already be the case. However you still have to protect the admin network otherwise patients don't get their ops/scans etc.

It seems like it was the admin net that was the source and the major victim in this case - and that matches the experience when my SO had a serious illness - the medical side was fine, but the admin was so woeful and creaky at the hospital she was diagnosed (to the extent that had to *fax* critical docs between departments on the same site, and managed to lose her entire case history) that we demanded she was moved to another (UCH) which was vastly better.

NHS has amazing staff and medical expertise but the inconsistency of admin procedures, tools and more importantly investment across the estate seems to be the major breaking point.

High-end router flinger DrayTek admits to zero day in bunch of Vigor kit


Re: DrayTek routers are considered high end in the UK

They suck far, far, less than Zyxel. Or Netgear. The same features on Cisco you'd pay £600+. Only D-Link seems to come close in this price range.

I think most of the problem is a complex interface but most competent admins (who understand SIP especially) can negotiate it. Have one in my work basement that uses a VoIP account over an IPSEC VPN logged into our PBX. The only time it's not worked is when the bloody BMS management people have unplugged it.

IMHO they are really good for SIP but you need to know what you are doing to get them to work.

The Zyxels we had that preceded these would drop ADSL, VPN, or VoIP maybe 3-4 times a week. Draytek maybe once a month, and always sync/line issues.

OK, this time it's for real: The last available IPv4 address block has gone


Re: Compatibility

So what is a legacy IPv4 stack going to do when it receives one of these hypothetical "IPv8" packets? It's just going to puke on a corrupted header. So you'll still have to rip and replace the stack in every device!

Using Outlook? You should probably do some patching


"stopping inbound and outbound SMB connections at the network border by blocking ports 445/tcp, 137/tcp, 139/tcp, as well as 137/udp and 139/udp."

Pretty much any home ISP connection will block those anyway. Any corporate that's allowing those ports freely out to (or worse, in from) the general internet needs a serious clue-by-four application. I continually am flabbergasted in this day and age when we see stories of, eg, NoSQL servers being attacked from the internet. Who the hell configures a firewall that's not "block everything by default"? This is kindergarten level stuff...

'Disappearing' data under ZFS on Linux sparks small swift tweak


I don't think this bug is as really that terrible. At least it exposes an error when it happens - there's no silent data loss or corruption thank god...

Long haul flights on a one-aisle plane? Airbus thinks you’re up for it


Re: The Golden Age of flying is over

Love the Saab 2000s from London City to the Isle of Man. Especially the emergency exit seats - one reason to wake up early the day before to book them...

I've twice had two breakfasts on the way out on that trip - very quiet for a turboprop.

Openreach ups investment plans: Will shoot out full fibre to 3 million premises


There is a difference - at least with FTTP you have the chance of reaching full speed. With copper if you're too far away you'll have to suffer with your 500k down and 50 up (if you're lucky and it's not raining).

'Twas the night before Y2K and a grinch stole the IT department's overtime payout


New Year's Eve

I'm keeping my fingers crossed for this year. Last year was a disaster. At about 3pm on NYE, some alerts were raised by our ISP. Trying to get in to have a look I found a number of machines strangely non-reponsive (including our main monitoring server). Thinking the worst, I had a look at the UPS logs which showed the output had gone down for a few seconds. I managed to reboot a number of machines via remote PDUs and get to a more-or less working state.

15 minutes later *everything* went dark, so I was off to the DC. When I got there, I was greeted by silence for the racks and a 160kVA UPS festooned with red lights. One phase of input was gone and the UPS was in shutdown. Managed to get hold of an electrician and on-call UPS engineer. The sparky arrived first and found a blown 300A fuse in the UPS feed. We searched in vain for spares but managed to come up with a 200A in the same size which would do at a pinch. I went back up to the DC and via the radio asked the sparky to switch the breaker back on. I was confronted by a 6 foot fountain of sparks leaping from the front of one of the redundant UPS rack units and a very loud bang indeed. If I'd been standing in front of it it would not have been pretty.

Not too long after the UPS guy arrived with the smell of smoke still heavy in the air. The scorched unit was opened up, revealing a main board covered in soot and the input wires from the rectifiers melted back by over half an inch from where they had been soldered into the board, blobs of molten metal scattered around. The UPS chap although rather surprised checked all the contacts in the frame, which had luckily survived and set off back to base to get a replacement unit.

At about 5am he returned, new unit in hand. We had to replace all 3 phase fuses and then where was a very tense moment as the breaker was thrown again. Luckily power was finally restored. Thankfully due to the way the days fell we had two more days to recover everything. I called in the rest of the team and managed to get 3 people to help me sequencing the power-on (about 120 physical machines and a few hundred VMs). I left exhausted by 7pm (but still was connected at home) and by 11pm on the 1st we had all the servers up, with the application guys in Melbourne finishing up on the holiday Monday.

Ruined New Years for a good few of us that year. And we only got 1.5 TOIL/OT from it - but at least the "right" people remembered what we did and thanked us just a few days ago. Fingers crossed for this year.

Postscript: An IGBT had cracked open in the UPS module, had never been seen before by the engineers. One 300A fuse and 4 more 200A blown...

Alcatel wants to be Android, but different – and another crack at the Windows market


Had a couple of Alcatel "soap bar" style feature phones

IMHO they were really nice. Simple interface, great voice quality, no bother at all. They were emergency burners for DR/BCP, and we never had a problem when we handed them out.

The orange-coloured display made them really nice at night too.

I think they were almost a part of Lucent back then though...

Fancy a wee quasi-DRAM? Supermicro bulks up server memory


Re: 2TB?

Supermicro boxes are generally:

a) cheap

b) rock solid reliability. I've only had one or two server failures in about 10 years where I've had to invoke RMA or warranty.

c) free IPMI with all features included, eg KVM and remote media

d) easily available with practically any combination of drives, backplanes, PSUs, and other accessories. I've got a couple of 1U boxes that even have 3 PCIe x16 slots available. Getting even vaguely custom builds out of HP has been way harder for us as an SMB. With SM vendors, no problem.

e) lots of warranty options

f) OEM front panel/bezel service available.

I think these are the reason that HCIA vendors' products seem to be largely based on OEM's SM boxes.

I am not affiliated with Supermicro in any way, just a very happy customer.


Excel abuse hits new heights as dev uses VBA to code spreadsheet messaging app


Re: And why not...

I did a disassembler in 6502 assembly (BBC B) because the one I wrote in BASIC was too damn slow, and the curses-like hex editor I'd just done wasn't difficult enough. Fun days!

Peer tables motion to kill vaping rules


Re: madness

They are in no way "almost as bad as the real thing". All the so-called "studies" that have reached that conclusion have been thoroughly debunked.

Nicotine is not a carcinogen and never has been. In fact it can be beneficial *without* all the deadly tar produced by cigarettes.

It's crap like this that has distorted the picture so badly - and this is clearly the intent of its backers.

Big Pharma wrote EU anti-vaping diktat, claims Tory ex-MEP


Again, citations please

You need to at least provide a temperature at which this happens. E-cigs only need to heat the liquid up to about 140-200C in a matter of milliseconds. Can you provide evidence that levels of TSNAs higher than or similar to lit tobacco products in use are present in e-cig/cigar/pipe devices?


@Brian Allan 1

I enjoyed smoking. I now enjoy vaping. Yes, I'm probably addicted to nicotine, in the same way that I am addicted to caffeine. Thankfully now I'm much healthier and don't stink like a damp bonfire.

I don't listen to busybodies who cast judgement on my life choices.