Posts by sweh 49 publicly visible posts • joined 6 Jul 2017
Note that a US floz is larger than a UK floz (29.6ml vs 28.4ml) so you can't directly compare 16 to 20.
It's better to convert to a common unit (metric, in this case) where a US pint is 473ml, vs a UK pint of 568ml; this makes it clearer that a UK pint is "only" 20% larger than a US pint and not the 25% you might expect due to floz counts.
I got my Beeb for Christmas 1983 when I was 15. When I started earning money it got a Solidisk DDFS and Solidisk 2M128 board. It traveled with me when I moved to America (with a link in the PSU set to make it 120V) and is still working just fine. It's gained a few friends (another B, a couple of Masters, econet, a Pi400 running RiscOS) but that original machine is still the one I use most.
It probably also helped me become the geek I am today; just playing with the thing whenever I could taught me a lot. My whole career might have been different if it wasn't for that Christmas present!
I guess I must have clicked the right buttons at some point; my phone has timeline data _in maps_ going back to 11th November 2015. The data looks a little wrong (eg it has my "driving" when I was on a train) but it seems mostly OK.
Not sure what phone I was using back then... maybe Galaxy S4.
Maps has never been terribly accurate with locations; eg when I walk to the shops (maybe a mile) it can show that it's missed the path I've taken and just drawn a straight line between them. I still see that 9 years later!
It's trivially simple to extract the minimum necessary files from the container and run this "native". You don't even need docker engine to do the extract.
Even better, they document the process at https://github.com/dani-garcia/vaultwarden/wiki/Pre-built-binaries using the docker-image-extract script
Very very few mega enterprises (y'know; your banks, credit card processors) have it that automated because they have a dozen different technologies between you and their server (WAFs, load balancers, k8s, whatever).
In an old school enterprise changing a cert may require 3 different teams (WAF team, load balancer team. server team). And this isn't automatable because the server stuff was designed 20+ years ago and is a unique snow flake. (Hell, it might even be on a VMS system, definitely could be mainframe). And the underlying network is a hodge-podge of mergers and NAT that you literally _can't_ get there from here.
Backend processing (eg card transactions) can still survive because "fuck apple"... until they demand this for ApplePay.
45 days won't break the internet, but it _will_ break services we depend on, daily.
"And amazingly C++ for DOS, UNIX, Xenix etc was available by 1987. Linux Kernel 1st release was 1993."
FWIW, Linux kernel 0.11 was 1991, 0.95 (where it was going mainstream and early distros appearedl e.g. https://en.wikipedia.org/wiki/MCC_Interim_Linux#Version_0.95c+) was 1992, 0.99 was end 1992; 1.0 was 1994.
There _was_ an attempt to allow C++ in the kernel in the past but it was pretty much abandoned 'cos the state of the compilers weren't that good and Torvalds was not a fan of the language; https://lkml.org/lkml/2004/1/20/20
Back in the early 90s (in my first job), I convinced my boss to play games (OK, OK, Solitaire)...
This was early in Windows days (3.1?) and he came into my office with a new laptop and a copy of windows and office and told me to get it working. OK, no problem. Install..install..install..lots of floppy swaps later...
I took the machine into his office and showed him it working.
"Great, now how do I learn how to use this?"
Thinking furiously, I made up some bullshit on the spot. "There's these games <here>. I recommend playing Solitaire. It sounds silly but it will get you used to basic functions like moving the mouse accurately, clicking, drag'n'drop and so on". He looked skeptical, but agreed to try.
Two days later he came back into my office and slapped me on the back and said "That game you told me to play? It worked! Thank you"
OpenAI will crack Quantum Computing so efficiently that it will run on a "Raspberry Pi 6 (Quantum Edition)". All TLS cryptography is rendered useless as a result. Internet banking collapses and banks have to re-open branches, with the Post Office opening new offices to support smaller communities. Cash becomes king again.
The extra foot traffic revitalises the small town High Street. Public transit requirements grow and the bus networks expand to cope. Employment levels approach 100%.
I also have the 6 account "family" plan; with work discount that's $75/yr for 6TB of cloud storage.
I use it as an offsite copy of my backups, using rclone to do the copying (which encrypts while uploading). So I have primary backups onto my raid6, which is my normal "oops, I deleted a file I need it back" store. I rsync that to external USB disks, just incase the raid dies totally. It'd take a while, but I'd be able to restore almost everything. And then I rclone the important bits that to the cloud, just incase there's a fire or something; in this case I wouldn't be able to recover my ripped DVDs/BDs but I would be able to get everything else.
Is that overkill for a home network? Probably! But then I also have 2 DNS servers, 2 DHCP servers, run my own web/smtp/dns/nntp/vpn/... Overkill is kinda what I do :-)
There's a reason why we now have WSL2; this uses hypervisor technology to run Linux in a micro-VM. This increases compatibility (eg "docker" won't run on WSL1, it runs fine on WSL2). But at a cost. For example, with WSL1 your processes show up in the windows task manager but with WSL2 this doesn't happen; Windows is mostly blind to what happens inside the VM.
Microsoft can easily deprecate WSL1 if they need to, but retain the ability to run Linux apps via WSL2.
Android is a Linux distribution. It's just not _desktop_ Linux.
It has a native shell that you can reach without needing to root/break/hack; just enable debug mode and "adb shell" (just like you need to put ChromeOS into developer mode to enable crosh shell). Or you can install termux app (from the app store, so easier than enabling crosh) if you want something more fully featured.
No, it doesn't come with glibc, but then neither do other linux distros like "Alpine Linux", nor other embedded Linux systems (eg OpenWRT).
Because it's not a desktop Linux, programs written expecting a desktop won't easily work nor be portable. But CLI programs and the like mostly just work as expected; you just need to compile for the target hardware and libraries.
In every respect it's Linux; it's just not _desktop_ Linux.
> Nobody has the right to redistribute source under the GPL
GPL says "1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium"
So once I have the source code I have the right to distribute it anywhere (as long as I "conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program."
There's no _mandate_ that I distribute the source (unless I distribute a binary based on that source) but I do have the right to do it. And whoever I send the source to _also_ has the right to distribute it, and so on.
This isn't the first time this sort of "You get our binaries and GPL but if you exercise your GPL rights you lose further access to our binaries" issue.
The first one I can recall was sveasoft, who were early in creating an alternate software for the Linksys WRT54G based on Linksys GPL'd releases. They tried this sort of them and were condemned. Sveasoft died, and other alternatives like DD-WRT, OpenWRT etc thrived instead.
Later we had Grsecurity doing the same thing; Bruce Perens was sued for claiming this broke the GPL, but a judge threw it out ( https://www.theregister.com/2017/12/22/grsecurity_defamation_perens_dismissed/ )
In both cases no decision was actually made on whether restrictions like this broke the GPL license.
Now RedHat/IBM are doing this; I wonder if this is now high profile enough to get proper legal attention. Unfortunately any case could take years to resolve :-(
Hmm, I'm paying US$75/yr for a family O365 account; that's 6 users, each with 1Tb of OneDrive storage. 6Tb for $75? That's not a bad price, on its own, for off-site storage!
And with `rclone` (www.rclone.org) to send encrypted backups, and `https://github.com/abraunegg/onedrive` for "live-ish" syncing it means my Linux machines can happily make use of that space.
The hue hub does not need to receive incoming connections from the internet; it reaches out to a google cloud hosted service via https. It does this to receive firmware updates, and to allow for remote control when out of house, and for integration with voice assistants, etc.
If the cert was being used for passive TLS decryption (a common technique for Data Loss Prevention) then an expired cert may not trigger alarms (the device manufacturer may consider that a normal case; certs do expire, especially if the cert store can handle multiple ones) but the TLS decryption would fail (also a normal scenario).
Since, in this scenario, it's passive no traffic gets blocked and data is no longer inspected.
Cert management needs to be proactive, not reactive.
Interesting demographic niche there: old enough to like "Merry Christmas Everybody", young enough to think Alexa is a good idea.
Or maybe old enough to be able to decide for themselves the pros and cons of Alexa and feel that the "fun" factor outweighs the minimal risk.
https://www.sweharris.org/post/2017-01-02-always-listening/
BTW, I'm 50 this year. Hardly a youngster.
UPnP? Ugh. That's just asking for remote attacks. Let's expose my IOT device to the whole internet. We've never seen that cause a problem before.
The other option is to have the devices reach out to a central server (which is what things like TP-Link Kasa, Frigidaire, Hue, Echo, TiVo...) all do. Now we're dependent on the central server keeping running! We've never seen those companies stop supporting devices or shutdown servers...
At least Kasa devices and Hue hub expose local network endpoints (unauthenticated so anyone on the local network can reach them) so if the central server does go away then at least freeware alternatives can be written.
There is no win... just various shades of lose.
"Shoot me now. Please, someone. Just end it before it gets any worse."
At Christmas time I plan on putting the tree lights on a smart switch and programming the echo so I can say "Alexa, it's Christmas!" and the tree lights will turn on and Slade will start playing.
Now that's smart :-)
In the US, ISPs are mostly a local monopoly. You get your local cableco... or maybe Verizon if you're lucky. No real choice.
And when we've seen Verizon, Comcast, AT&T all MITM traffic...
And then you have people using Starbucks WiFi (are you sure you're on the Starbucks hotspot and not someone pretending to be it?) and other free hotspots...
Basically, the underlying transport must be considered insecure.
Yes, mixed content is not secure. The browser doesn't (shouldn't!) even attempt to access the http content, by default, which is why some people are screaming ("our ad network is http only; it'll stop working if we move the main server to TLS").
The ad networks will catch up. They'll have to.
Umm, you might want to look at the Server Name Indication (SNI) field of TLS; it allows exactly for the situation where multiple hosts share the same IP address.
This solution is only about 10 years old. If your client supports TLS1.2 (and if it doesn't then you have bigger problems) then it should support SNI.
I've been messing around with a Hues Emulator; a python script that runs on a VM and pretends to have light bulbs attached. The Alexa device detects these and adds them. Now when I use voice control I see a connection from the Echo (oddly, not the one I'm speaking to but another one in another room!) to the emulator. So Alexa voice control appears to be local (once it's been sent to Amazon for processing, of course).
For "out of home" connections, the Hue Bridge makes an outgoing persistent connection to a Hues website. My router conntrack is telling me it is currently connected to 104.155.18.91 - which is "....bc.googleusercontent.com" and has a certificate for ws.meethue.com (signed by some Philips intermediate) - I'm guessing a websockets layer.
Given this is google cloud compute, it's likely Philips pushed bad code...
No, clouds are not meant to be fault tolerant. "The cloud" may always be there and running, but individual instances inside the cloud may die at any time.
Clouds allow you to build applications that are fault tolerant. Indeed, applications should be designed to assume failure. There are many design patterns that can help with this.
This is why "lift and shift" doesn't buy you anything except "outsourced data center". If you build traditional applications and deploy them to the cloud then you need traditional HA solutions as well; duplicated service in a different datacenter, data copying, "DR" processes...
The responsibility for availability in the cloud rests solely on the application owner.
This is most likely what happened.
Chase has not changed policies. The surcharge for cash advances has been around for many many years.
Merchant classifications, however, change all the time. Mostly you don't see them because you (as the card user) don't really care. It can affect what merchants may be in-scope for "5% bonus points" promotions, and end of year breakdowns, but normally it's invisible to you. Given the millions of merchants, it would be pointless telling you of changes.
So if this particular merchant had their classification changed so that it now counts as a cash advance then Chase would be perfectly entitled to put the surcharge on.
I fully expect this case to be dismissed.
This all reminds me of the early-ish days of WRT54G router hacking. Early/mind 2000s. A company called Sveasoft produced some quite interesting firmware, but then went to a subscription only model; pay a subscription, get their firmware and (to be GPL compliant) get the sources. However if you then passed the source on (as is your right under the GPL) they would terminate your subscription, your support, and refuse to sell to you ever again.
All the discussions around GRSecurity are the same as the discussions around Sveasoft.
Some fun at https://slashdot.org/~TheIndividual/journal/ and http://wrt54g.oliver-arp.de/
Sveasoft are now dead in the water (there's a stub web page still taking subscriptions, but I don't think James Ewing actualy delivers anything any more - http://www.linksysinfo.org/index.php?threads/sveasoft-did-i-just-mess-up-here.33599/ - It's been 10 years quiet), while OpenWRT, DD-WRT et al are going gangbusters.
AT&T offer free HBO; T-mobile offer free Netflix; it's not surprising Verizon Wireless also offer these promotions just for "feature parity" (especially since Verizon FIOS regularly has free HBO bonuses; there's probably existing commercial agreements between Verizon and HBO).
It's interesting to note that Sprint's current TV adverts are "within 1% of Verizon in terms of reliability", which doesn't address the coverage issue; yes the service may be as reliable... in the areas where coverage is available, but Verizon have the better coverage. Of course, for 70% of the US population that extra coverage doesn't make a difference. (See https://www.komando.com/happening-now/388850/the-truth-about-these-cellphone-ads for a breakdown).
It's also interesting that Sprint position themselves as the cheapo option ("would you pay twice as much for 1% more"); given how many people pay for Apple's premium branding, I wonder if they've thought this through :-)
Me, I still have an area on my daily commute (New Jersey heading to New York) where there's no signal. Yay :-(
In my town in NJ, Verizon FIOS is costing me $95/month for gigabit internet. speedtest results on my desktop give 805/515 as "real" speeds.
And that's with almost no competition (cablevision tops out at 400/40).
AT&T are just trying to protect their revenue by any means they can, 'cos they know they'll lose money if they have to compete.
systemd with faint praise
FWIW, POSIX doesn't say that a leading digit is disallowed.
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_437
"
To be portable across systems conforming to POSIX.1-2008, the value is composed of characters from the portable filename character set. The <hyphen-minus> character should not be used as the first character of a portable user name.
"
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_282
"
3.282 Portable Filename Character Set
The set of characters from which portable filenames are constructed.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
a b c d e f g h i j k l m n o p q r s t u v w x y z
0 1 2 3 4 5 6 7 8 9 . _ -
"
So we can see that "0day" is a perfectly valid username.
It may be a bad choice for a username because it can expose bugs but it's _valid_.
(Fun: "1234" is a valid username... just imagine the chaos that'd cause!)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
