* Posts by mihares

81 publicly visible posts • joined 7 May 2019


Google's Chrome OS Flex could revive old PCs, Macs


Gratis? Really?

“but this one comes gratis from a big, well-known name and it has existing management tools.”

That big, well known name enjoys part of its well-known-ness to massive data slurping.

Which, that well known name, says is the reason for many of its gratis offerings.

So… what about that?

Re-volting: AMD Secure Encrypted Virtualization undone by electrical attack


Attach wires

Exactly at that point my stoke level for this vuln dropped very near the floor…

Chocolate beer barred from sale after child mistakes it for chocolate milk


Would someone think of the children?!

Specifically: were they unhappy after finishing the beverage they mistakenly chose?

Apple responds to critics of CSAM scan plan with FAQs, says it'd block governments subverting its system


Think about it the next time you vote

Governments, even if it has been very recently proven that is not necessary, are pushing for mass scanning user devices. Because they see that it’s easily done —think of how many mischiefs they’d catch if they were allowed to do so!

They don’t give a damn about privacy if busting it is in theirs and not in Facebook’s or Apple’s interest.

This mechanism will be rolled out in the EU to implement the famed copyright filter, which has been already mandated by the Union and it’s waiting for uptake in the various states.

Apple was sick and tired of denying (or obliging) to requests along the lines “give us access or we’ll tell everyone you defend child molesters”. And this is the result.

The “good thing” is that the machinery is based on a feature extractor that happens to be on the device owned by its adversary, so it’s just a matter of time I hope before some hack finds a way to break it or, probably, DoS it with a class of adversarial examples.

Nonetheless, this was an answer to a request that is done all over the western world by the governments and that is: easy, gratuitous snooping on everyone’s device.

Contrary to China, most of us can and do elect their representatives: watch what you vote the next time because this shit was asked to Apple by them.


It comes down to trusting Apple: yes, of course. But it was already that way since the iSoftware is very much proprietary and very closed. This is a different but related problem: there are less mobile OSes than car brands in the DDR so the choice now is, effectively, having your pictures scanned by Apple or being key logged by Google.

Or send them all to the deuce and have a dumb mobile phone, a tablet PC running GNU+Linux and a desktop workstation doing the same.

New GNOME Human Interface Guidelines now official – and obviously some people hate it


Don’t waste your resources!

GNU Screen and part time XFCE user passing by…

Google: Linux kernel and its toolchains are underinvested by at least 100 engineers


I was kind of hoping for this kind of comment, because now I can unload further. Thanks!

In software engineering (engineering and life at large, if you will), there’s such a thing as the correct tool for the job.

There are things C sucks at, even before security concerns. Arguably, there are many of them. From my old field of expertise: data understanding and data analysis prototyping is one of them. If you are trying to make sense of a signal to noise ratio of 1e-7, the last thing you want is care about what exactly you’re doing with your memory. Failing to recognise this leads to monstrosities like CERN’s Root —interpreted, JIT-compiled C++ dialect… and you thought C was bad?

When it comes to system programming (from embedded to kernels), C is the way to go. Because it lets you free, unfettered range in exactly the things that matter (not even C++, C).

This also means that you are totally free to shoot yourself in the face with it if you’re not careful. So you need to be careful —or at least think about what you are writing.

People trained to connect their brains, have a think and then write are expensive, though, and there is a damn good reason why large corporations (one that does not do OSes, one that shamelessly leeches them and the other that has an effective monopoly on ElReg’s BORK!BORK!BORK!) are attracted to things that require less thinking —> less expensive people to deliver the same amount of risk.

So my point stands: if you do the Kernel, you need to be able to C well. If you can’t handle the latter, you’re unfit for the former. It’s as simple as that.


Waiting for Torvalds’ death ray to discharge in Cook’s direction (still hoping for an uncensored, un-PC version) I will say that:

0) C is not difficult, it’s the opposite of that —that is what makes it a very good choice, possibly the best choice, for low level system programming. If you come around annoying the fsck out of people claiming that C is too difficult to do things securely (or: well) the solution is that neither you nor who trained you should touch it. Or the Kernel. Let alone opinate about them.

1) There are generally two ways to think about security: the first is the wrong one, in which you do stuff not thinking about it, then you pass it on to someone who just thinks about it and ruins your work’s performance and usability because hey, a safe box with the door welded shut is the best!

The second is to think about what you’re doing in the first place and design it so that it is decently secure without someone welding it shut for you —AFAIK, this is the Kernel approach. Which is constantly broken by pillocks at Google, btw.

2) Should Google contribute 100 engineers to the Kernel, I want 200 people checking their work for damn backdoors, since Google’s anus’ track record for improper, surreptitious access is really not clean.

Survey of astronomers and geophysicists shines a light on 'bleak' systemic bullying


The very existence of this difficulty should ring a few bells, shouldn’t it?

Anyway, I think a sensible way to go about the business is to define it internally as a set of behaviours and then ask people if they experienced those, without leaking the definition or what you’re after —to be on the safe side, have the questionnaire written in 5 different ways so you can catch yourself suggesting answers.

Something you don’t do is stating that bullying may be a problem, you’re investigating it and then ask if the respondent has experienced it. Because that’s just harvesting meaningless answers that confirm whatever you wanted to “prove”.

Of course we don’t know whether any of that happened, because the survey hasn’t been published yet. We just know the results. And that it was self reporting —which frankly stinks of the paragraph above. And stinks because of self reporting. Self reporting always stinks.


Self reported experience, someone else’s or your own, is not a good basis for quantitative science. That’s how we moved from astrology to astronomy.

That doesn’t mean that “bullying” doesn’t happen around stones and telescopes, it just means that studies based on self reporting stink a priori.

Lenovo says it’s crammed a workstation into a litre of space – less than three cans of beer


Re: Small RAM

That would be a lot better.


Small RAM

Aside from the fact that I want AMD, not Intel, 32 GiB of RAM are too less if you plan to use your 16 threads to do something that involves, you know, processing data…

Smuggler caught with 256 Intel Core processors wrapped around him in cling film


Once it was the other way ‘round —the cost thing, especially. The first system I put together had two Xeon’s, in the early 2000’s, and the mobo costed an entire lobe of my liver.

Thumb Up

It can’t be an accident

The fact that this individual tried to smuggle 256 computer CPUs gives the whole story something /just/ better…

Linux Foundation celebrates 30 years of Torvalds' kernel with a dry T-shirt contest


Re: designing a T-shirt to celebrate 30 years of the software

It might just be that the possibility of having a celebratory t-shirt for the most important piece of software that is Free and Open Source might be done on, say, a mac running some Adobe product, both of which stand for exactly the opposite of FOSS, is not lost on everybody.

Because of yes, you can do awesome image editing and art on Linux, so you really do _not_ need to go proprietary.

Belgian boffins dump Starlink dish terminal's firmware, gain root access and a few ideas


Re: Here's my guess

login: joint

password: joint

After 15 years and $500m, the US Navy decides it doesn't need shipboard railguns after all


Re: It’s not 15 years

Well, it might be enormously more effective to just walk up to their enemies, give them $500m and tell them to go away or be nuked…


Re: It’s not 15 years

Yup, rate is a strong point of interest in the thing.


Re: It’s not 15 years

Nah, the power supply is not the issue: they tend to be big and bulky but on an aircraft carrier there’s plenty of space. And on some you already have a nuclear reactor on board —the worse that can happen is that you can’t charge fast enough and then your gun is rate limited. In general, as long as you don’t want to switch off a current of several thousands of amps, you’re fine.

Also heat build-up due to electrical resistance is not _such_ a big deal —it’s not as bad as keeping cool a superconductor, not make it quench and figure out a way to have a working sliding contact between the rails and the armature (*) across a thermal gradient of a couple of hundreds of degrees. Having to do that at room temperature with copper is already bad enough.

The problem is that you have to open the gun and change the rails every 1-20 shots, because they simply wear out (they will melt, develop holes, get smeared with whatever you’re using as the armature and not flatly or uniformly enough) and they don’t contact any more. And that’s no fun when you’re in a battle.


(*) the projectile is not used to close the circuit but there usually is another piece of metal behind it, for lower speed railguns. Once you start going above 3-4 km/s, you have to use a big fat spark between the rails which ionises whatever it’s in there and turns into plasma. Which as cool as it sounds, it will fsck up your rails even faster.


I’d be happy with one of the allegedly self steering projectiles: they are probably the Raspberry PIs in the baddest-ass case you can ever imagine.

Or Arduinos if they were already cash strapped…


It’s not 15 years

It’s from the early 1900 that people have been trying to exploit the Lorentz force to propel things into other things, very far away and very fast —one of those thing-thing combinations was: manned capsule and earth’s orbit.

The largest problem, by far and away, has been one and it’s not even the humongous capacitor bank, compulsator or gazillions of hamsters on wheels to generate the current pulse (Megaamps in nanoseconds), but the fact that you have to overhaul the gun every few shots or so, ranging from 0, i.e. congrats: it exploded in your face!, to a couple of dozens, depending on how much current you lob inside.

Until someone comes up with Unoptanium or some other invincible material, it’s hopeless —also for the Chinese: as stated, the difficult part is not shooting it once or twice, also from a boat, but shooting it enough times to successfully engage something slightly more manoeuvrable than Mount Everest.

So, of course, the French are still hoping…

Microsoft struggles to wake from PrintNightmare: Latest print spooler patch can be bypassed, researchers say


It’s a

Patchsterfuck! Again…

On the other hand, they introduced this vuln in every version of Windows: a quick fix was unlikely, since it must relate to very old and established code —or how their heads are warped.


Same experience here, since 11 years.

Once you get used to make things happen with your keyboard rather than pumping the mouse, GNU+Linux makes your life better.

Not for children: Audacity fans drop the f-bomb after privacy agreement changes


Re: Absolutely standard privacy provisions

0) If you leave user data alone, you don’t need to ask permission for slurping it. It’s as simple as that.

1) Audacity is released under GPL, which means that you can access the code and verify by yourself that, up to the last pre-Muse commit, they didn’t need to ask permission because of 0)

2) Because Muse have their balls tied up in the GPL, 1) dictates that if they did not disclose people would have called them out and it would have been even worse.

3) Business that slurp data do attract attention (and not of the loving kind, since a long time): the news of the GDPR should have permeated also under the heaviest rocks by now.


Freenode vibes

So The Muse Group saw what happened to the user base of Freenode and thought to themselves “yes, we want some of that, and we want it quick”.

The only thing that would deter users and devs more than this license violations and blatant data slurpage and tracking would be to physically smear a dog’s turd on said people screen upon downloading any guise of the application.

Have an happy fork everyone.

Dell SupportAssist contained RCE flaw allowing miscreants to remotely reflash your BIOS with code of their creation


Yup. Except I do it with GNU+Linux —sometimes I shrink the original OS partition and keep it there until the warranty runs out (you never know).

A few years ago, though, they were discussing a norm (at least in the EU) for which you could walk up to someone selling you a computer and tell them to keep their pre installed OS and don’t charge the license price, walk away with just the hardware.

Did that happen? Wouldn’t it be awesome if it did?

Facebook granted patent for 'artificial reality' baseball cap. Repeat, an 'artificial reality' baseball cap


It can be any hat

So it’s kind of a template hat — a Facebook Artificial Reality Template hat, which shall be abbreviated to FART hat.

But aside of that, can you begin to imagine how much of an apocalyptic dork would you look like wearing something like that?

Windows 11: Meet the new OS, same as the old OS (or close enough)



I’m dusting off that juicy Office XP premium edition CD-ROM in a box right now. It’s got FrontPage in it!



I don’t play video games (at all, not only on a computer), so I’m not affected.

But the situation, at least as far as the underlying graphical subsystem is concerned, has massively improved on Linux: for AMD we have a nice nice driver in the Kernel and, as long as you don’t do too much crazy s**t with your setup, you’re also very fine with Nvidia.

So games can come to GNU+Linux as soon as they feel like, which will be as soon as the desktop user base will be large enough I guess.



Personally, I completely lost interest in Windows after 7 —having started with 3.1. The best of the bunch, IMHO, has been XP x64 edition, which actually was a Windows Server 2003 with XP written on it in crayon.

I have the feeling that, when MS Office will work decently on Wine (or whatever future Linux Subsystem for Windows), there will be very little point left in having a Windows OS anyway…

Systemd 249 release candidate includes better support for immutable OSes and provisioning images



Why the fuck should the init system mingle with passwords of all things?


Neither does Artix Linux.

Sorry. I had to plug Artix.

Open-source projects glibc and gnulib look to sever copyright ties with Free Software Foundation


Re: Why assign copyright?

So, effectively, arethe decisions og GCC, glibc and gnulib going to significantly weaken the GPL that covers them?

Looks like that.


Firefox 89: Can this redesign stem browser's decline?


Back in the days when Windows 7 was a new thing and before I left the whole thing for GNU+Linux, I tried Chrome —all the cool kids had it and The Undisputable Truth was that Chrome was faster: heck, if you searched it with Google, it said it was faster so it must have been, right?

It wasn’t. It was shit. It also was the first time I appreciated the meaning of the term “bloatware”: it managed to eat up tens of GiB worth of memory and crash the system more than once.

So I switched to SeaMonkey and stuck to it until a couple of years back, when I just went with the flow of the GNU+Linux distro I was using and parked myself on Firefox. I might go back to SeaMonkey if this UI change dumbs things down too much. But I’m not touching Chromium based things with a barge pole.

Maybe I am giving the first awful impression too much importance here: since then, browsers turned themselves into monstre-interpreters to run apocalyptically bad code instead of just displaying documents… but I won’t get over it: I’m not using anything Chromium based, ever. Even before beginning the privacy topic —which is why I wouldn’t use the stuff even if I could get over it.

Internet fruition is, in general, in a very sorry state…

Space junk damages International Space Station's robot arm


It’s the SDoS!

So it seems that humanity will not become a space-dwelling species any time soon: with a couple of apocalyptically idiotic “satellite constellations” (*) underway —most notably yet another of Musk’s brain-dead-children— it’s going to be a few years before space is unreachable and millennia before it’s reachable again.

It’s the Space DoS and it’s not even clever or ingenious: it’s just junk pile-up.

(*) Which if by any stroke of luck they won’t self destruct in a massive chain reaction, they at least would make sky observation from the planet’s surface a lot more miserable —and as cool as space telescopes are, ground based ones are the bleeding edge ones.

Day 3 of the Apple vs Epic trial: What actually is an iPhone anyway?


BS, BS everywhere

“ nobody would purchase the Xbox with plans to use it like an open-ended platform.”

That’s sounds like a challenge… should I accept it? Or just search the internetZ for someone who already did it? Or both?

The difference between “locked down”, special purpose computers and general purpose ones is essentially the number of bugs you need to exploit to make them do what you want.

Although I concede that running a text editor on a jailbroken smart toilet is not the most practical thing…

Computer security world in mourning over death of Dan Kaminsky, aged 42


Dang, opening El Reg to be hit by news of Dan’s death is really a bad way to start the day. But thanks for a very well written article.

He will be missed. A lot.


University duo thought it would be cool to sneak bad code into Linux as an experiment. Of course, it absolutely backfired


Have these two researchers been living under a rock for the last many tears? Tell me if that sounds like news:

“Penetration without consent is not OK”.

Yes, bad joke, but the principle stands: the experiment might have been interesting also for the Kernel, but the big fishes should have been informed (also only Torvalds, probably, would have been enough).

Done like this is just a waste of everybody’s time, and banning trolls is usually good policy.

The only regret at this point is that probably we won’t have an uncensored commentary from Linus... given the dumbassery of the two, it would have been just gold.

Debian devs decide best response to Richard Stallman controversy is … nothing


A bit of wisdom

Debian developers decided to use their time to develop software instead of using it to develop controversies.

Ah, had they been so wise while considering systemd...

Is it still possible to run malware in a browser using JavaScript and Rowhammer? Yes, yes it is (slowly)


Re: Intel?

Seems that ECC doesn’t completely defeat rowhammer attacks, if that’s what you mean.


Although yes, it is annoying that ECC memory is quite expensive. After Xeon processors’ prices started being quoted in kidneys and liver lobes instead of currency, I moved to AMD for my own machine: I should be able to run ECC memory, but I must admit I was not willing to make the investment.

Anyhow, it’s still possible to run ECC modules without spending tens of thousands on a computer. But it’s difficult for under 3-4k, yes.


Well, another problem that could get fixed is the propensity of using browsers as interpreters (oh sorry, JIT compilers) for bad code written by strangers on the internet...

I know it’s unlikely, but I’ll still be hoping.

Or just use Lynx: you can still read and comment on El Reg with it, so it means that you don’t need more —if you really want pictures, curl them.

FSF doubles down on Richard Stallman's return: Sure, he is 'troubling for some' but we need him, says org


Re: "An organised campaign from some group with a motive"

Now I’m curious: just why does that seem that way?

Is it that the name Nicolaj sounds more foreign that Todd to English-speaking ears?

Is it that you think that in central, eastern Europe and Russia Kremlin undercover officials recruit the youth in the streets to post with their real name and location in support of a fat hippie?

Or are you implying somehow that in the regions listed above there are less developed culture and feelings?

Or is it because it’s cold and smells funny there?

Or what?

Also: did you notice that the “3000+“ that would like to free(rms); rms = NULL; seem to come from the United States? What do we make of that?


Re: Progressive hierarchies.

The underlying assumption is that Russian Trolls from the Factory did not discover yet that you can register yourself on a site with a non-Russian sounding name, or without disclosing your real location, I suppose...


Re: He got where he was by being an irritant and not taking "no" for an answer

Oh he looks pretty chilled out.

The angry mob, however...


Progressive hierarchies.

“Curiously many from Central and Eastern Europe and Russia”

Oh I see. There’s a hierarchy then: don’t let others think you might say something “against women” comes before the whole not being a racialist thing.

I suppose that if I were from the US, my two enormous adenoids and me would be very offended, take it on to twatter and demand(!!1!) the removal of El Reg.

Being born in southern Europe and currently living in the central sort, I’ll just make fun of you a little bit, and then read on.


Facebook job ads algorithm still discriminates on gender, LinkedIn not so much


Is there still something immoral that the facial book is not yet doing?

Time for an upgrade: Dev of the last modern browser for PowerPC Macs calls it a day


So many thanks

When the PowerBooks G4 came out I was too little and no amount of small kid pocket money would have bought me one —yet they looked and went like starships (real ones, not the fireworks relatives that SpaceX makes these days).

This was sad then and actually still is: it would have started me off on Unix much earlier and, therefore, I’d probably be a better computer person now.

Anyway, with my first job’s money I decided to go back in time and got myself, well, a few PBs. One arrived from California and, along the way, something like a washing machine must have fallen onto it —which was actually not so bad, because it gave me the opportunity of going inside the thing to replace all broken bits: real depth of engineering, also compared with modern Macs.

The thing is: those machines are still very good computers for everything you’d like to do. Wrote my thesis and compiled the LaTeX on one. Run also a particle physics simulation on it and, although not on par with a fat Ryzen, still could handle.

The only nonfunctional bit was the Internet browsing, until I came across TenFourFox, which re-made it possible. Yes, the poor CPU would run at egg-cooking temperatures and streaming videos was asking it a bit much, but functional.

It’s such a shame that sites (not ElReg, which works also under Lynx!) are now bad, inefficient applications that you have to JIT-compile and that all this is too much for a one-man-dev-team.

I for one think he did an absolutely awesome job, and deserves a very large supply of these —>

Island in the Stream: AlmaLinux project issues first stable release of CentOS replacement


I don’t think at Red Hat anybody will be particularly surprised or miffed.

At IBM, however...

Red Hat pulls Free Software Foundation funding over Richard Stallman's return


Granted, nobody seems to be interested in eating RMS.


Calling out: OK.

Asking for an apology: still OK.

Demanding him to be fired, killed, eaten, dereferenced and forgotten: a bit much, what is happening right now, and also not OK.

Read the story of Savonarola. It did not end well.