* Posts by CommodorePet

30 publicly visible posts • joined 2 Mar 2016

The Quantum of Firefox: Why is this one unlike any other Firefox?


3 strikes


I knew tab session manager was going away, but thought it would be just a matter of days till a good replacement came along. The first one I tried failed completely at its purpose - saved tabs but didn't even reload one out of a 100 in the set. Lip bit, maybe it'll get better.

But then:

New Tab - no longer seeing a nice big list of the sites I usually open. Strike 1

Refuses to login and show an internal work webpage (Chrome / IE ok) Strike 2

Font changed on the webapps that I use at work, completely ugly now Strike 3

Just loaded chrome, probably not going back...

Parity calamity! Wallet code bug destroys $280m in Ethereum


bad analogy time

Imagine the entry hall to an apartment building that has 200 units. 200 post boxes on the wall. Behind 199 of them are shredders that destroy anything put into them (no one lives there). Don't get the address wrong on your letter!

(i.e. when you're sending crypto).

Now imagine the instructions on how the posty should decode addresses is in the first letter he delivers.

Multiply by a million. That's how safe this whole industry is.

Oh Brother: Hackers can crash your unpatched printers – researchers


Re: Sloppy or Oddness:

September 10th:


Not sure if @0xz00n found it first, given that CVE-2017-12568 was created on August 5th


Sloppy or Oddness:

The timing between "attempt to contact vendor" and exposure as zero day is pretty short. Exactly 3 months from creation of proof of concept - file created in August: 1 month from "chat" to publish.


Is "online chat with customer support" a reasonable attempt to get the vendor to realize what the problem is?

#09/11/2017 - Attempt to contact vendor

#10/03/2017 - Live chat communications with vendor regarding no reply

#10/25/2017 - Attempt to contact vendor

#11/02/2017 - Advisory published

Web searches for "Debut Embedded HTTP server" don't turn up any open source, and I can't find any mention on Brother's page that their HTTP server is called "Debut". That name only occurs in the reports about this problem.

CVE-2017-16249 doesn't exist yet. CVE-2017-12568 does contain the same info.

Five ways Apple can fix the iPhone, but won't


DAC chip manufacturing is a niche industry...

It's the wallmart / pickles story in chip form.

There aren't that many companies making these hybid analog/digital chips. If a company that has a wide range of cheap/low-end and more expensive/high-quality parts was to supply Apple, it would do so by shutting its ability to supply parts to the hundreds of other companies that want them. You can't keep Apple happy and all your other customers. If you can't sell your high end parts because you can't switch your fab over from the firehose of low end parts needed - that kinda negates your business model.

VW engineer sent to the clink for three years for emissions-busting code


Code of Ethics

It is literally the first rule in the IEEE code of Ethics.

"to accept responsibility in making decisions consistent with the safety, health, and welfare of the public, and to disclose promptly factors that might endanger the public or the environment;"

Apple gives world ... umm ... not much new actually


Re: Sign of a mature market?

> You can recycle them for free.

Sure, as long as you now realize you effectively leased the computer, you never bought it.

Crapness of WannaCrypt coding offers hope for ransomware victims


Re: What about battery life

This (moving library dirs to a 2nd drive) is known to break Apple iCloud on Windows though. Ask me how I know and you might need to step back from the fragments of my screen as I hit it in frustration.

MP3 'died' and nobody noticed: Key patents expire on golden oldie tech


Re: Patents expired whether Fraunhofer like it or not

There is an important point that the commentary on this is missing. Sure the final patents expired and the technology is now free to use. But the source code that Fraunhofer provided to implement that technology is still their IP. Companies paid a licence fee for the source code and the patent. Since they are discontining both, companies can no longer ask for new licenses to Franhofer source code either.

LAME and others are GPL'ed implementations of the technology - still can't be used by companies to embed inside a little audio player. So this cuts off access to one known good source code that isn't GPL, it's not just about the patents. The fraunhofer code included efficient fixed point encoder and decoders that worked well on chips from 20 years ago. Cheap and powerful processors are easy to find now, but you still don't want to waste cycles.

Spend your paper £5 notes NOW: No longer legal tender after today


Re: Banks will take fivers for a while

Good to know. Got at least one fiver in my drawer here in Los Angeles from previous visits; visiting the UK in July, so was resigned to using them to decorate a pencil box with the useless notes ala Blue Peter.

Back to the future: Honda's new electric car can go an incredible 80 miles!


Re: What about battery life

California electric rates are also more expensive than most of the rest of the US, and come with the double whammy that the rate goes up (significantly) the more you use. Since charging an electric vehicle is an additional load, the economies here are not good (Los Angeles resident here). In Summer running the cooler can easily put the price per kilowatthour at 4x the base rate.

The only way to mitigate that is to have an extra power meter installed that is just for the EV charger. That costs $2-3K, which would pay for a lot of dino-juice.

80 miles would be out of the question here. Daily commute is OK, but if I need to drive to the airport (35 miles), park for a couple of days and then drive back, I'd be scr*wed.

Confirmed: TSA bans gear bigger than phones from airplane cabins


It's a complicated rule, but the lithium battery that is part of the product itself is OK. It's spare batteries that are not allowed at all. Spare batteries as carry on have their own set of restrictions as well.

A router with a fear of heights? Yup. It's a thing


Re: Less air to insulate a PSU

Pedantic - that's 6KV ESD (Electrostatic Disccharge, i.e. a static build up), not a lightniing surge.

IEC 61000-4-2 is the relevant test.

Intel Atom chips have been dying for at least 18 months – only now is truth coming to light


Supermicro servers too?

Supermicro has a range of servers that use C2000 class processors.


Trump's visa plan leaks: American techies first


Re: As long as the H1B visa has the present restrictions, it needs to be cut

You may be right about workers pay to play, but H1B (and L1) visas are valid only for the employer that sponsered it. If you quit, the visa is immediately invalid and your become an illegal alien.

Source : I was L1, now GC.

Apple eats itself as iPhone fatigue spreads


Re: The timing of this 'release'

You're not serious, right?

<quote>$121? My how the mighty have fallen.... Didn't this stock used to be in the $600s?</quote>


Wi-Fi for audiophiles: Alliance preps TimeSync certification program


Plenty to be confused about - PTP doesn't work over WiFi - The IEEE 802.11 working group peeps took their sweet time to come up with this version which is the same basic idea but uses the WiFi mechanisms.

Dotdot. Who's there? Yet another IoT app layer


Problem: There are 27 competing standards and no-one knows ours is the best

Solution : Rename ours to something that no-one will be able to Google properly and tell everyone that it's coming in about 9-12 months.

Result: Developers give up on the current standard because all the deep-linked online documentation became stale overnight.

Didn't Google themselves already do this with Thread?

Reg man 0: Japanese electronic toilet 1


Re: I guess he should just be happy he didn't get one of the newer models...

Yep, even the flush button is on that touchscreen. Which is awkward if you don't spot it when you go into a bathroom for the first time - "I know it's here somewhere, people are going to think I'm going #2 if I don't find it and get out of the bathroom soon". Turns out it was on the wall facing the toilet, which you'd only notice once you sat down. If you just visited for No 1, it wasn't in your sight...

A successor to Mirai? Newly discovered malware aims to create fresh IoT botnet


Cheap Linux/ARM tat will always ship with hard-coded Telnet passwords. There's no getting past that, so the only solution is for ISPs to port-block incoming Telnet by default.

You can run Telnet in your private network, or acually /shock/ configure SSH if that tat allows it, or contact your ISP if you want that block lifted.

Unpopular idea for some reason, but the security of the internet overweighs lip service to net neutrality.

Today the web was broken by countless hacked devices – your 60-second summary


Re: Home Router Traffic

Mostly port 23 / Telnet. MIRAI looks for that port, tries a bunch of known hardcoded values, then it usually finds a busybox shell running on ARM. It can then run busybox commands to download additional scripts and apps that perform the DDOS at whatever target they desire.


Time to block port 23 (Telnet) for ever

All ISPs need to disallow port 23 to and from consumers / end users. Nothing needs this anymore.

No, the VCR is not about to die. It died years ago. Now it's VHS/DVD combo boxes' turn


Re: Actually VCRs still exist

>And at some time in the future they'll have a big panic because they find they've got a large library and nothing that can read it. How many times has that happened?

Here's the most famous one that I know of... 1500 tapes, no working tape drives, so took many years to find and repair them, even after they were stored in a Chicken shed.


Amazingly insecure industrial control systems + internet = Cupful of nope


Probably Systems originally accessed via dial-up

My best guess: For remote access, these kind of systems would have been accessed via a dial-up line - giving it some level of security via the phone system (drop the call if the caller-id doesn't match a known number, automatic call back, etc). As part of cost cutting, dedicated phone lines get absorbed into VOIP fabric, and then it's "let's get rid of this modem and connect it directly to the router".

What little security it had was thusly stripped.

It could be that the systems were always crap, but if you think back to Windows 3.1 / Windows 95 days, dial up was the only way to do networked stuff remotely.

We have hit peak Silicon Valley: New crazy goal to disrupt entire cities


Unlike Software, construction is not scalable

Tearing down buildings and putting up new ones is an intensely manual process, also requiring hundreds of hours of (real) engineering (*1) and planning.

This process doesn't scale at all - you can't bring in a hundred construction companies at once to speed up the process, and the resulting labour cost dictates the price of the new buildings. It doesn't get cheaper.

Until robotic teraforming and house building machines are developed, there's no way to get there from here at low cost, and without lower cost it's just more of the same.

*1 Civil & structural engineering, the ones where you need a license, rather than expertise at writing software and documents.

Verizon peeps gobbled by Frontier enter week two of crap internet


Re: @CommodorePet: Guess I'm a lucky one

Verizon did a "free HBO for 2 months" promotion last year, and they didn't turn it off until after 4 months. I grabbed (scheduled record) a ton of movies during that time for later enjoyment, so I was happy that I had a copy-once compatible install (I've borked that in previous computers by adding codec packs). Definitely need to look at MythTV soon though. I have Kodi/XBMC on a laptop to watch the WMC content in bed, but that leaves a lot to be desired as well - it wants everything renamed for it to match TVDB, won't cope with the raw WMC file names even though they have plenty of metadata.


Re: Guess I'm a lucky one

Copy Once would definitely suck. Hope that doesn't happen. Though I'm WMC/Ceton/Cablecard here, close to 10 years of WMC since XP MCE 2005, still using the same remote.

My only billing snafu was getting the package promotion ($15) extended when the contract renewed. Got it all sorted via an on-line chat, then when the bill comes, didn't include it. Always, always save a copy of the chat and any order #s!


Still the best value in Los Angeles though.

Happy Verizon FIOS user here in LA.

The choices here for most people are Time Warner Cable or AT&T DSL. The few areas that had FIOS infrastructure installed years back get a third choice.

I regularly check if I can get a better deal via cable internet, but the FIOS solution beats the other choices on price and bandwidth, and in my experience, reliability too.

The only grumble - I wish they'd introduce lower price tiers when they up the bandwidth. When I fiorst signed up, 15Mbps up/down was plenty enough for me, but now I get 25/25 for the same price. Would love to save a few dollars by dropping down to 15/15 again, but that probably will never happen.

Get ready to patch Git servers, clients – nasty-looking bugs surface


Static Analysis ftw

Stratic analysis tools would raise a bunch of issues here.

strlen returns a size_t, which is unsigned. Mixing signed and unsigned with an inequality if statement is a big red flag.

I agree with an earlier point, concating strings and general path manipulation should be a solved problem.

Bloke cuffed for blowing low-flying camera drone to bits with shotgun


Re: @d3vy -- Yeah...

Here in California, the mineral and oil/petroleum rights to the land under your property were sold decades before the land was parcelled out for individual houses. I forget the exact depth, but there is a very definite edge to what is yours.