* Posts by really_adf

165 posts • joined 21 Feb 2017


Adobe yanks freebie Creative Cloud offer – now universities and colleges have to put up or shut up


Nowadays, if you asked someone to name a vacuum cleaner brand they'd probably say Dyson.

If you ask people to name a hoover brand, I think more would say Dyson than Hoover.

Venerable text editor GNU Nano reaches version 5.0 and adds the modern frippery that is scrollbars


It seems typical of the GNU mindset to think "Ah! But the user may be using a machine without function keys!" It's 2020.

Personally I find function keys just a little too far away from my fingers, and I can't find them without looking (but I guess that's at least partly because I don't use them much). So perhaps "machine without function keys" is not the reason, or at least not the only reason.

With a wave of Nokia's wand, behold as your 4G network magically becomes... 5G


Re: Whats not to like ?

The catch is that NR makes a whole slew of optional and rarely used features in LTE-A mandatory. The big one IMHO is carrier aggregation, ...

Sounds like this is something that the software update doesn't need to enable: use of the feature is controlled by the network. That is, it's a problem if not supported by phones, which won't work if the network uses it.

Call it a hunch but from Suri's previous comments I suspect the approach is technically questionable (ie will not deliver various intended benefits of 5G), and has been pursued by Nokia for non-technical reasons.

Apple said to be removing charger, headphones from upcoming iPhone 12 series


Re: Yes please

Just... don't expect to be able to tell the difference in the price. After all, combined these two things together probably only cost a couple of quid at the volume Apple makes them...

Possibly more saving from reduced packaging and transporting more boxed phones per unit volume than the cost of the electronics.

GitHub to replace master with main across its services


Re: "There's no slave in git though"

Masters are the official finalized recordings from which copies are made. A Git master branch constantly updates, so it should be main or devel.

The "master" branch is analogous to a master copy in that it is (in many cases) the one from which copies are made (new branches). Of course, I can't deny the "finished" aspect breaks the analogy, but then there's no such thing as finished software :).

Also, some people seem to think that by changing the word from master to main (or blacklist to blocklist) it's a condemnation of those who previously used the terms. It's not.

Regardless of the motive for change, the problem is that there are some people who will see it as a reason to condemn those who previously used the terms.

Edit: the point of this being that you can't win.

An Internet of Trouble lies ahead as root certificates begin to expire en masse, warns security researcher


Re: What problem are the certificates solving?

iPlayer can ship with Public Key A

I think you're describing the same thing as I was trying to. I called it key0.

So it works as long as the first connection is within the expiry date of the initial download or pre-installation, and it's run often enough.

The same is true if you use certificates from a public CA, and embed the roots in the client with a way to update them (provided that's done in time).

It's the expiry that makes it functionally similar, even though the detail is different. The benefit you describe comes down to having control over expiry. You could equally get this with certificates by using a private CA, without the wheel reinvention: you just need to be able to specify which CA certificate you trust and have a way to update that certificate.


Re: What problem are the certificates solving?

So is the PKI there to perform some other function, or is it just being used because the code is there already so it's easier than finding a domain-specific solution?

Just because it's easier doesn't mean it's a bad thing: as with encryption, using existing code is generally a good thing for authenticating a server.

To answer your question in the title: I think the obvious answer is that certificates are intentionally providing a time limit to the trust, because eventually, the private key matching the public key in the root certificate will be discovered.

Say you wish to avoid PKI. On the face of it, embedding (say) an RSA public key in the client and validating signatures would work fine. But there would need to be some mechanism to periodically change the key, because eventually the private key will be discovered.

I think this could work safely through a chain (key0 used to sign key1, key1 used to sign key2 etc), but only if that chain is unbroken, which can't be guaranteed unless you trust key0 forever, which is a bad idea because eventually the private key will be discovered.

I can't see a way out of this...


Re: start using DANE and CA if you must


Doesn't this either just move the problem to DNSSEC, so you get the same issue due to https://www.icann.org/resources/pages/ksk-rollover, or (more likely) avoid it only because of absolute trust of wherever you get your DNS answers from? (Genuine question.)

Guess who came thiiis close to signing off a €102k annual budget? Austria. Someone omitted 'figures in millions'


It's not really about marketing (well OK, maybe a little bit.) Hard disk capacity used base 10 units once the average disk size got a little too big for conveniently using base 2 units, as they are a linear/serial storage medium which means a disk platter's capacity can be any number of bytes you like.

At the read/write head, hard drives are basically serial, but (for a long time) from the outside, they are random access devices addressed by sector. The capacity is actually any number of sectors you like. Sectors have a power-of-two size, as a natural consequence of the fact they are buffered in RAM. This may explain 1MB = 1,024,000 bytes being used for a while; this is the definition applicable to a "1.44MB" floppy disk.

Binary prefixes are a natural convention for memory chip sizes: they simplify expressing exact values because the chips have both a power-of-two addresses (a number of address lines) and a power-of-two data lines. Decimal prefixes are a natural convention for line rates: they simplify expressing exact values when, as is typical, a factor in the rate is a clock frequency defined with a decimal prefix.

The rationale for a convention is less clear-cut and often varies in other cases, such as hard drive sizes. This, I assume, led to kibibyte etc to disambiguate.

There's a new comet in town and you don't need a fancy multi-million-dollar telescope to see it. Just regular eyeballs


Re: I'd like to see it

I'm in the middle of Austin. We see no stars at all. Just the Moon, Venus, possibly Mars and maybe, just maybe Jupiter at times

"Possibly Jupiter and maybe, just maybe Mars at times" is more likely. Put another way, if you can ever see Mars, you will be able to see Jupiter regularly.

The maximum apparent brightness is basically the same, but Mars is more variable. I think the primary reason for this is that the orbit of Mars is more eccentric. An instructive diagram and more here.

Coronavirus didn't hurt UK broadband speeds in March. Call of Duty: Modern Warfare, on the other hand...


"Ofcom attributes the resiliency ... to their ability to scale with demand."

"Ofcom attributes the resiliency shown by broadband providers to their ability to scale with demand."

I'd have thought it's more down to daytime not being the normal peak for domestic ISPs; no need to scale (much) if capacity is already (mostly) there.

Fancy some post-weekend reading? How's this for a potboiler: The source code for UK, Australia's coronavirus contact-tracing apps


I am sceptical that it has to have location permissions granted to use bluetooth.


'Optional' is the new 'Full' in Windows 10: Microsoft mucks about with diagnostic slurpage levels for Fast Ring Insiders


Re: How can "Diagnostic Data Off" and "Required Diagnostic Data" coexist?

Or is this like saying if you go out for dinner tonight, it's required that you dress a certain way—but you can still choose to stay at home instead?

I think that's basically the logic. I can see some sense in the wording by reading it from Microsoft's perspective, but surely the wording should have been chosen for the users' perspective. For example, "required" is the minimum required for any useful diagnostics.

I think off/minimum/full would be the most clear (to the user) options for the implied result of the choice. Whether the actual result matches this (ie whether "off" really means "off", as you mentioned) is a different matter.

Amazon staffer based just a stone's throw away from Seattle HQ tests positive for COVID-19 coronavirus


Re: Doesn't check out

No, I don't think this virus is really as scary as people make it, the main problems are that it seems to spread easier and quicker than an influenza and that there is no vaccine.


Mortality seems to be comparable, so maybe we are overreacting a tad?

More infectious and no vaccine with the same mortality means more people dying, no?

Dual screens, fast updates, no registry cruft and security in mind: Microsoft gives devs the lowdown on Windows 10X


Microsoft; you need to learn what legacy means before you can even think about improving Windows.

I think Microsoft know full well what legacy means, this is just the (wishful) thinking of one part of the organisation that is at odds with other parts, those being more in touch with reality.

Is it a make-up mirror? Is it a tiny frisbee? No, it's the bonkers Cyrcle Phone, with its TWO headphone jacks


Re: On the plus side...

The snap had been shot by my wife on her smartphone (Ugh) so it was in 3:2 format (re-ugh). I took care to re-frame it properly and change it to the proper 4:3 format for photographs, only to have the millenial shopkeeper tell me that she'd have to crop it as it was not in a standard format.

"Proper photographs" - that is, on 35mm film - are 3:2 (https://en.m.wikipedia.org/wiki/135_film). Hence 6x4 (inch) prints.

Who loves Brexit? Irish distributors ... after their sales jump by a third


Re: Insurance

It’s very rare insurance predictions are wrong.

Natural selection: insurance companies making bad predictions die?

Physicists are rather giddy after creating a rare type of laser using laughing gas


Re: Radar

Much more than twice the range, surely: reflection won't be perfect, and a "useful" return signal will be stronger than the minimum detectable.

Complete with keyboard and actual, literal, 'physical' escape key: Apple emits new 16" $2.4k+ MacBook Pro


Re: Selective deafness

Most people who buy a computer (laptop or desktop) for work don't care so much about looks.

I'm not sure about "most"; I think it depends on whether you want to actually do work on it or because you are a superficial twat, eg many in sales, marketing and management.

Google warns devs as it tightens Chrome cookie security: Stuff will break if you're not clued up


Re: Finger Printing and The DMCA

If corporations can have a law that prevents circumvention of the what they do to protect their data (DMCA), then why can't we have one to prevent circumvention of tracking and privacy tools/controls that we use to protect our data?

That's a very clear way to put it, and I can't see a reasonable argument against it. Have an upvote.

We read the Brexit copyright notices so you don't have to… No more IP freely, ta very much


So that’s the end of cross-EU mobile roaming, then. Why would companies pay for this when they can pass the costs on to the customer?

The obvious answer is because none of them want to be the first company to start charging for EU roaming.

We're going deeper Underground: Vulture clicks claws over London's hidden tracks


Re: Why obsolete?

According to the totally reliable Wikipedia it was five times more expensive to operate than on road vehicles (disputed by the Communications Workers Union who said it was only three times as expensive).

Could be viewed as: road vehicles should be three/five times as expensive as they are...

Sudo? More like Su-doh: There's a fun bug that gives restricted sudoers root access (if your config is non-standard)


Re: As a ex sys-admin....

You should be able to assign administration accounts only the rights actually needed in a "JEA security" type model.

Err, that is literally exactly what sudo does (bugs aside). Its configuration says which users can do which things as which users. Such as "members of this (administrative) group may stop/start this service".

The NetCAT is out of the bag: Intel chipset exploited to sniff SSH passwords as they're typed over the network


Why is SSH (as a protocol) singled out here?

Because it's by far the most likely way to access a machine with an application warranting the vulnerable infrastructure requirements?

Cu in Hell: Thousands internetless after copper thieves pinch 500m of cable in Cambridgeshire


Re: A simple (but costly) answer

If 1km is worth 20k

At a guess: it's not 500m of cable = £10k, but a 500m stretch of (say) 10x 100-cable bundles = 500km of cable = £10k.

Allowlist, not whitelist. Blocklist, not blacklist. Goodbye, wtf. Microsoft scans Chromium code, lops off offensive words


Re: This is stupid

I'm surprised not to have seen mention of Android's Log.wtf(), "Report a condition that should never happen."

They say piracy killed the Amiga. Know what else it's killing? Malware sales. Awww, diddums


Re: This reminds me on Son May

Throatwarbler Mangrove: "... fundamentally, it's hard to work up the same level of outrage about "software piracy" as it is to do so about stealing food."

This, along with some other things you wrote, did make me wonder about any differences in society's views of "piracy" between software, music and video.

I think, of the three, music may be seen as more "personal" as opposed to "corporate" and therefore somehow closer to stealing food, although I have no basis for that.

It's so hot, UK needs to start naming heatwaves like we do when it's a bit windy – climate boffins


Re: Shameless plug.

Downstairs is a bit more difficult


Scientist, war hero and gay icon Alan Turing is new face of the £50 note


I think I've only had one or two fifty quid notes in my possession ever

Same. Not so surprising when the current note was introduced, but seems strange when the inflation-adjusted value of a (rare) £50 note now must be similar to a (common) £20 note then.

Train maker's coder goes loco, choo-choo-chooses to flee to China with top-secret code – allegedly


Re: "Which hasn't struck me as particularly advanced either"

And mixing passenger and goods traffic on the same lines is much more common. Which makes for a lot of specific rules in the signalling logic if you don't want to treat every train as the slowest heaviest goods train that line might carry.

Can you elaborate? It looks to me in the UK like passenger trains may have a higher speed limit, presumably if their braking is good enough, with the default limit presumably being for the heaviest goods train (both presumably for trains with the worst brakes in the worst conditions, plus margin). No need for special signalling logic in this case.

Mixed speed traffic is very obviously a headache for timetabling though, same as stopping vs non-stop passenger trains of the same type.

Metropolitan Police's facial recognition tech not only crap, but also of dubious legality – report


Re: Help with "Innovative Solutions"

"Surely what matters with such cameras is what they do with the information."

Absolutely, but in general people seem to trust what computers say more than I think they should.

Yes, facial recognition may have prevented the tragedy in Stockwell, but the concern due to the above is how to ensure it doesn't end up causing more such tragedies because "computer says he's armed and dangerous".

Unfortunately, I fear the answer will come too late for some, but research like that reported here offers some hope that fear will not be realised.

Mmm, instant Java: Visual Studio Code 1.36 brings tasty updates – unless you run 32-bit Linux


Indent guides

"Indent guides, vertical lines which connect items of equal indentation, are now optionally available in tree views such as those in the File Explorer."

So, more like they used to be (on Windows at least)? Maybe those GUI designers of yesteryear had a point after all...

The Eldritch Horror of Date Formatting is visited upon Tesco


Re: Dates? Don't talk to me about dates...

... "Oh, it's ok", they eventually exclaimed. "We'll just delete any double-quotes from each line before we process it. And as we asked, you're sending the file with pipe delimiters, so we don't need to worry about escaping commas".

This story resonates with my own experience. Things like this seem to be increasingly common. I've gone past getting mad, now it just makes me sad...

Oblivious 'influencers' work on 3.6-roentgen tans in Chernobyl after realising TV show based on real nuclear TITSUP


Re: iPhone?

Q. How do you know if somebody is a vegan.

A. They tell everyone.

Better, I think:

A. Don't worry, they'll tell you.

Have I Been S0ld? Troy Hunt's security website is up for acquisition



All of the MFA implementations I've seen so far are much less convenient than passwords and/or require information disclosure to unsavory companies.

All security is a trade-off with convenience. (Wouldn't it be more convenient if you just had your user name, with no password to remember?)

From a convenience/handing over data perspective, I've used:

- Mobile app notification: minimal inconvenience, who knows about data (though not an inherent issue)

- Phone call: slightly more inconvenient than an app for most, but you need to hand over your telephone number.

- SMS OTP: probably slightly more inconvenient than a phone call in most cases; again, you need to hand over your number.

- TOTP/HOTP and similar (RSA SecurID springs to mind): like SMS OTP except no data.

The only other option I'm aware of (am I missing any?), and looks very interesting to me, is U2F. This keeps the "no data" aspect of TOTP etc, while reducing inconvenience to be similar to a mobile app. From a security perspective, it also allows a lot of potential weaknesses affecting the above to be avoided.

Amazon Alexa: 'Pre-wakeword' patent application suggests plans to process more of your speech


Re: How is this patentable?

I really hope the buffering isn't patentable. The technique for identifying the start of the sentence containing the wakeword could be novel.

Bad news from science land: Fast-charging li-ion batteries may be quick to top up, but they're also quick to die


Re: Scanning...

It's worth noting that the average reader of the Register would probably enjoy a visit to the Diamond Light Source

I have been there, and concur. An astonishing amount of infrastructure around the (comparatively small) storage ring, yet minute compared to (eg) the LHC... (I know DLS and LHC have other differences apart from size.)

Let's see. Translation, facial recognition, running people over... What else can AI do? Ah yes, predict planet mass


Humans, and I expect other animals too, seen to develop an innate ability to "solve" some mathematical problems apparently quite efficiently, eg predicting where a ball can be caught. Are there cases where this is effectively solving differential equations? (I don't think the example I gave is, but happy to be corrected.)

If so, does this kind of ability bear any resemblance to the machine learning in this article (or vice versa if you prefer)?

Boeing... Boeing... Gone: Canada, America finally ground 737 Max jets as they await anti-death-crash software patches


Re: More of this to come

Red Ted: "In the automotive world the deaths happen in ones and twos, in aviation when something goes wrong [a plane-full may die]"

True of course, but aren't overall numbers higher for roads? And there have been high profile safety issues in the past, perhaps causing some deaths and many "lucky escapes", so similar issues seem likely to be picked up.

eldakka: "Not to mention that if you feel something is wrong with your car, bus, truck, you can just pull over to the side of the road and stop."

Again true, but in general, drivers are far less trained to deal with such situations; for some problems, probably less likely to realise until it's too late, and in some others, less able to react correctly to avert disaster.

F5 Networks buys into open source, hands over $670m for Nginx! Double Nginx! Infinity Nginx!


Sometimes in English we use silent letters.

If you pretend the N is a silent letter, you get Jinx

Not sure about a silent N at the start of an English word. Between that and the fact "engine X" is so embedded in my brain, I'm not surprised I didn't get it, so thanks for that.

Although as the old adage goes, if you have to explain a joke, it isn't funny :).


I'm definitely missing something with the headline. How is nginx supposed to be (mis)pronounced for it to make any sense?

Radio gaga: Techies fear EU directive to stop RF device tinkering will do more harm than good


Re: What's the problem....

"None of which has anything whatsoever to do with this article, which is about regulations covering interference."

I disagree that it's unrelated. Playing devil's advocate, the argument I see from a few comments (but not sure I agree with) is that if there was regulation that ensured better security and support by manufacturers of devices with radios, then there would be less need for the custom firmware that the regulation in this article would prohibit, ie that regulation would be less of a problem.

"A smart heater should be exactly the same - no matter what clever stuff it does to decide when and how to heat up, it should be physically impossible to actually be dangerous no matter how the instructions are modified."

This amounts to saying that the hardware should be designed to prevent the problem. I agree, but this seems impossible for software defined radio.

How to make people sit up and use 2-factor auth: Show 'em a vid reusing a toothbrush to scrub a toilet – then compare it to password reuse


Re: The elephant in the room

Thereby, how many tokens/application/etc we should carry around? Do some of those devices allow for different "identities" to avoid tracking?

I think this is the intention, if not a requirement. See the first paragraph here: https://www.w3.org/TR/webauthn/#intro

UK tech has a month left to bare gender pay gaps, but less than a fifth of firms have ponied up


Re: Like for like figures please

The all-employee median pay gap has little meaning...

Oh, I think it has meaning, just not necessarily the meaning people will ascribe to it.


Re: This is the "pay gap" that ignores the job title right?

Does it ignore the board, executive officers, etc. of those who rake in the most cash?

There's nothing I can see to suggest it does.

Since those groups are the highest paid, it would skew the numbers somewhat.

Because executives are so few in number, even if they are all the same gender, using median instead of mean means executive pay does not affect the result (if you assume it does not affect other people's pay).

Techie in need of a doorstop picks up 'chunk of metal' – only to find out it's rather pricey


Re: Have you ever heard a story about something you did told second-hand?

It's when you go searching on Google for a solution to a problem, and find the solution that you posted yourself six months earlier, that you know your brain is not what it once was...

In my case it was a few years rather than six months. Maybe more understandable, but I didn't even recognise my own writing and it was some time before I realised...

Oxford University reportedly turns off its Huawei money tap



"Pcaps or it didn't happen"

Excuse me, sir. You can't store your things there. Those 7 gigabytes are reserved for Windows 10


Re: Progress?

I remember the Archimedes 420 with a whole 4MEG ram and 20MEG hard drive.

I may be misremembering but I think the A420 was 2MB RAM and the A440 had 4MB.

The OS was in ROM though; 512KB for RISC OS 2, including CLI, GUI, and even a BASIC interpreter and ARM assembler.

The ROM jumped to 2MB in RISC OS 3, but that included the above plus several applications. Among them were a text editor (Edit), and bitmap (Paint) and vector (Draw) graphics.

(All IIRC.)



Biting the hand that feeds IT © 1998–2021