* Posts by Lunatic Looking For Asylum

131 publicly visible posts • joined 24 Mar 2020


Hillary Clinton: 2024 will be 'ground zero' for AI election manipulation

Lunatic Looking For Asylum

Re: Photo ID in UK

I don't have a passport, it's over 20 years since I last had one and it was only because work was in NL and it was only stupid UK law that meant I had to have one then. We were in the EU (it was Maastricht Agreement and currency union time and my Dutch colleagues were very agitated about losing the Guilder) and I just walked in and out of Schipol without problem.

I don't currently have ANY form of photo ID. My driving licence was updated 35 years ago when we last changed houses.

When I got SC a few years ago, they had no problems with the above.

How am I too dumb and lazy ?

It's the same with these stupid anti-money laundering laws - they just get in the way of normal citizens going about their business while the intended targets just find another loophole to circumvent the problem.

ELKS and Fuzix: Linux – and Unix – writ very, very small

Lunatic Looking For Asylum

And having to write overlays to keep the code under 64kb.

Make-me-root 'Looney Tunables' security hole on Linux needs your attention

Lunatic Looking For Asylum

Re: re: a buffer overflow vulnerability in the GNU C Library

Blame the coder and the process - not the language.

There is NO excuse for buffer overruns - it's sloppy coding and these people shouldn't be allowed to access a Tamagotchi let alone a core library.

Lunatic Looking For Asylum

Amazing really

You would think by now that _ANYBODY_ writing C code would know that buffer overflows are to be watched out for and good coding practice should be to never EVER EVER use *cpy etc. without bounds checking but we keep getting buffer overflows. Why ?

It's not as if it's a new problem or old code. glibc-2.34 was released in 2021.

I spent most of yesterday looking into this and learned more about the Red Hat philosophy than I really wanted. Their mitigation is basically to install a script that checks for a the environment variable being set and borking if setuid. Oh and if you reboot the machine, you have to manually repeat the process.

Why not just release a properly patched glibc - or perhaps stop doing just *ing stupid backport patching. glibc-2.28 on RHEL8 is vulnerable - 'but it's 2.28, this is a 2.34 bug' I hear you say. I'd agree but the *wits have backported code from 2.34 into 2.28 and that includes the bug.

Maybe the RUST people can help out here.

FFS - why isn't there a 'head in hands icon'

MIT boffins build battery alternative out of cement, carbon black, water

Lunatic Looking For Asylum

Why bother with a big lump of concrete ?

Make bricks out of the stuff. Add a surface solar cell and use wall ties to wire everything up. Whole house becomes one giant solar battery.

If they're aiming for a car battery sized lump in a few months, a brick should be done by last week.

Is it time to retire C and C++ for Rust in new programs?

Lunatic Looking For Asylum

My latest project

I could have done the work in C or C++* but I wanted something different - purely for the sake of it, I'm comfortable with them so why not try something else.

I started at GO (where else) but didn't like the enforced style and funny brace rules, then went to Rust and spent a lot of time reading the book and trying different things and tutorials, felt quite good and happy with how it was going then went to write my first bit of code for the project and started getting warnings and compile fails that I'd never had before so back to the tutorials and experimenting.

In the end I got fed up and found D (https:://dlang.org) and it's really quite nice, there are a couple of minor issues with it but the community is very helpful and it's not been that difficult to get up and running with it. It certainly fits my brain wiring better than Rust.

I had my first module written after about four hours and while not complete, it's workable for what I want at the moment and will grow as the project grows.

& there's no evangelism either denigrating other languages and telling you how D's going to take over the world.

It's just quietly good.

This is where I think Rust is really getting it wrong - it's being rammed down our throats and pushed but it just ain't a better mousetrap.

*I used to like C++, but C++ as it was in the early days, it's now a bit of a dogs breakfast with C++11 or C++17 etc flavours and new ones coming every few years and each new one getting more arcane (and still not trapping IDIV0 exceptions) & (or && if you will) constantly changing the spec says to me that they haven't got it right.

Lunatic Looking For Asylum

Why not do this

Write a program in Rust (probably better in Perl IMHO) that converts C to Rust - you can call it crust - I won't trademark it.

Then run the Linux kernel code (and the GNU stuff) through crust and fork a new distro, let's call it crustux and see how well it goes.

Let's face it, most of the code at this level is idiomatic so it should be a fairly simple task to do the convert.

It'll be useful as well, it will show up all the errors in C that are in the kernel and hopefully lead to a better kernel so those of us who are not bright enough* to master Rust and love the simplicity of C can be left in our own little C kernel space in peace.

* me included because I have tried Rust a couple of times and keep falling over when I hit str and String and borrows and traits and structs with strings....

Lunatic Looking For Asylum



Systemd supremo Lennart Poettering leaves Red Hat for Microsoft

Lunatic Looking For Asylum

Re: Depart, I say, and let us have done with you.

> Systemd may still be with us but at least there is a chance that the rot will stop with Poetterings departure.

Guido van Rossum now at M$ - Python is still rolling on.

It's typical M$ MO - no talent, just buy the competition.

Lunatic Looking For Asylum

Re: one step forward

You missed the icon....

Only Microsoft can give open source the gift of NTFS. Only Microsoft needs to

Lunatic Looking For Asylum

Beware Obvious Click Bait articles - I should know better

Who cares really. I've been using Linux for almost three decades and can honestly say I've never wanted to write to an NTFS volume. I think NTFS write is an edge case. The existing read only NTFS driver is more than adequate, if you want to write something to an NTFS volume then go and buy a Windows licence. If a project says it has to use NTFS I doubt very much it will say it also has to use Linux. Right tool for the job etc.

I'm struggling to think of a case where you would need NTFS write with Linux as well or even where there is a need for write to co-exist. Just read the data and store it on ext4 etc. or as mentioned in a previous post use SMBFS or NFS. NTFS really is a non issue. If NTFS is the solution, you have been asked the wrong question.

We then come to the politics. M$ will _NEVER_ release NTFS source code. They could release a kernel module or blob so that anybody that wanted write functionality could have it but why would they bother, almost nobody would use it so it's a lot of effort for nothing really.

Releasing the source code isn't as simple as dropping a tarchive out and it's done. There will be a lot of work needed to modify the low level calls to the drivers, problems with endianness, sector translations etc. They would also have to visit every line of code and check that everything is perfectly formatted, logically correct and well written and they would probably have to strip the comments out as well then make sure that it all compiles cleanly on GCC and LLVM and performs in a native Linux environment. They will then release it and some poor OS developer will have it land on their lap and try and make sense of it, make sure that there are no hidden nasties in the code (intentional or unintentional) and then test it thoroughly before letting it free to the community.

Once it's out there, you'll get the sad people poring over the code and criticising every line of it - "oooh look they've used camelCase on line 454 here and CamelCase on line 427 - that's BAAAD...." and even if it's perfectly written, as soon as one bug is found the whole thing will be spread all over the net as M$ flusterCluck and nobody will use it again ever...

I'm still struggling to think why we need it and what the positives are for M$ - as I said click bait article.

The wild world of non-C operating systems

Lunatic Looking For Asylum

Re: In terms of popularity [ ... ] Rust is eclipsing C++

Have a beer sir. Sorry about the icon but it was the nearest I could get to oxidisation.

When I was reading the article I just knew there'd be a 'rust angle' in it somewhere. It wasn't _really_ about C was it.

I think we're going to need another icon before too long, rust gets way too much air time here, it's in danger of becoming the new systemd.

DBAs massively over-provision Oracle to protect themselves: Microsoft

Lunatic Looking For Asylum

Gouge away

Oracle are gouging you, can we do it instead.

US Senate to vote on stopping Big Tech extracting 'monopolist rent' from app developers

Lunatic Looking For Asylum

Re: Aim high

Have one of these ---->

If it was open hardware we'd be a lot better off. We can probably blame IBM for the mess we're in with phones. If they hadn't made their PC so bloody open that everybody copied it the phone companies wouldn't be so cautious about their proprietories* ...

*I know it's not a real word but it should be :-)

Linux distros haunted by Polkit-geist for 12+ years: Bug grants root access to any user

Lunatic Looking For Asylum

Re: Glad I use Alpine!

I like Alpine too Have one of these.

I'm not too chuffed with musl not supporting utmp/wtmp, their reasons seem spurious at best Scroll down here https://wiki.musl-libc.org/faq.html for more info)

Administering big multi user systems, seeing who is online and having a history of logins/reboots etc. is pretty fundamental.

Lunatic Looking For Asylum

Re: CLI strikes again...

It's not the CLI.

It's the usual suspects desire to have everything graphical in front of the CLI that's causing this.

I really hate Red Hat for this very reason. When I build a system I don't want X installing on it, I don't want a graphical boot or install process, I don't want avahi (lets sniff round the network and look for shares and printers...) installing on it, I don't want graphical tools on it for basic system admin tasks. polkit et. al. is in place to allow circumvention of the command line and good system management practice.

When I build a server I want nothing on it apart from the bare minimum required to perform its functions, everything extraneous to that just adds another attack vector.

Rusty Linux kernel draws closer with new patch adding support for Rust as second language

Lunatic Looking For Asylum

Is it just me ?

or is Rust just trying too hard - it wants to join the party it's knocking on the door and nobody's answering.

From what I see, the biggest issue with Rust is the evangelical zeal of its proponents/proselytisers. It's a solution looking for a problem and they are trying to push it everywhere. Unfortunately when you try pushing and over hyping stuff, people just turn off and reject your advances. I'd far rather see a language just creep up on us and discover it was brilliant for a particular task and be adopted than be lectured to by a bunch of wannabes trying to be the next big thing because they've nailed themselves to the floor and they want you to do the same.

Yes, you probably can't compile something that's not safe but you can still compile flawed logic and no amount of language design is going to cater for developers (and we're all capable of it - no matter how good we are) getting the logic wrong so Rust really doesn't add a lot.

Can Rust save the planet? Why, and why not

Lunatic Looking For Asylum

Re: Thrashing about wildly looking for straws to clutch...

Where did I say energy consumption didn't matter ?

In the examples you mention I'd hope that the programmers were aware of the power consumption issue and used the most appropriate languages and techniques to minimise that.

The reason we're using so much energy is because we have a "throw more CPU's at it" mentality rather than 'can we write it better'.

Rust (and any other language) isn't going to solve the problem - (almost) nobody tries to write efficient code anymore or revisits their old code to clean it up - if it works - leave it.

All languages allow you to produce bad, inefficient results, e.g. pretty much everybody would write a bubble sort, rust is no exception so using power consumption as a marketing message is spurious.

Lunatic Looking For Asylum

Thrashing about wildly looking for straws to clutch...

Standing on a stage and saying 'but look how we can save energy' smacks of desperation to me. Maybe they've realised that nobody's listening.

Locked up: UK's Labour Party data 'rendered inaccessible' on third-party systems after cyber attack

Lunatic Looking For Asylum

Let there be smug....

Cue the Conservative & Unionist party chortling away until next week when it happens to them....

Microsoft surpasses Apple as world's most valuable biz, by stock price at least

Lunatic Looking For Asylum

Diversification Needed by Apple

M$ have effectively re-invented themselves over the last few years. Almost nobody buys their stuff anymore, they rent it and effectively make M$ a none state tax entity, HMRC where the M is for Microsoft. Apple are currently exploiting their monopoly position i.e. locking every apple user into the system, but that is all they have. If you take away the iPhone name, there is very little of substance for them to fall back on. They got lucky with the phones, M$ got lucky with the desktop, M$ have moved on and are reaping the 'rewards' (AKA screwing the gullible in another manner) Apple are sitting on their laurels.

Sadly while we have a brain dead corporate model that favours OPEX (lets give our money to somebody else) over CAPEX (lets innovate and do stuff ourselves) these two corporations will continue to prosper and laugh all the way to the bank.

Raspberry Pi Zero 2 W: Nippy stocking filler for the nerd in your life – if you can get one

Lunatic Looking For Asylum

Re: Bloody BBC

... the BBC spaffed a shit ton of license fee money on

strictly, the archers, the today program, Gary Lineker ....

rather than backing the tremendous UK success that is the Raspberry Pi project.

DDoSers take weekend off only to resume campaign against UK's Voipfone on Monday

Lunatic Looking For Asylum

Re: this is what happens when you dont enforce authentication

Question #3: What should I do if I receive a ransom/threat?

1 Do not pay the ransom

Paying the ransom only encourages bad actors—and there’s no guarantee that they won’t attack your network now or later.

2 Notify Cloudflare*

We can help ensure your website and network infrastructure are safeguarded against these attacks.

3 Notify local law enforcement

They will also likely request a copy of the ransom letter that you received.

Alright there's no ambulance to chase here but how blatant is that of the marketing people.

* Other parasitic scumbags are available.

Cleanup on aisle C: Tesco app back online after attack led to shopping app outages

Lunatic Looking For Asylum

Non story - the press tried to big up to another fuel shortage..

R4 had disgruntled customers complaining - what a bunch of whiney whingers we have in this country - "Tesco .. can't deliver for me this week / change my order - my kids will starve" - F-OFF go and walk to the shop and push a f*ing trolley round...

Crims target telcos' Linux and Solaris boxes, which don't get enough infosec love

Lunatic Looking For Asylum

"The firm also recommends that *nix implementations in telco-land need "basic security controls and logging in place (e.g., SSH logging forwarded to a SIEM, endpoint detection and response (EDR) for process execution, file integrity monitoring (FIM) for recording file changes of key configuration files)".

which you can buy from us of course.....

G7 countries outgun UK in worldwide broadband speed test

Lunatic Looking For Asylum

Re: I'm not surprised

Have a beer on me - I think you might be me in a parallel universe because that's exactly what I was going to write.

Still stuck with ADSL2 here and because NTBloodyHell rolled cable down the close there is no way BT/OpenReach are going to bother too much as we have an alternative.

I like beer in this universe, I hope I like it in the alternative one. NTBllodyHell/Virgin will be sh*t in whatever alternative universes there are.

Oh the humanity: McDonald's out of milkshakes across Great Britain

Lunatic Looking For Asylum

Re: "The Army being called in"

Middlesbrough's a sh*thole. I suspect that a lot of them would rather be on duty in Afghanistan.

Middlebrough lad born & bred BTW and it's a shame how it is now - and most of the problems are the boro natives not the foreigners that the boro natives are very vocal about.

Perl's Community Affairs Team chair quits as org put on ice by code language's foundation

Lunatic Looking For Asylum

Re: Is that still a thing?

Have TWO of these for that :-)

The Register just found 300-odd Itanium CPUs on eBay

Lunatic Looking For Asylum

How long before we see Vintage/rare/collectible in the titles (possible all at once...)

Malaysian Police crush crypto-mining kit to punish electricity thieves

Lunatic Looking For Asylum

Looks good but probably ineffective

The drives will probably still be intact and the data read pretty easily. There is no way that a roller could crush aall those PC's flat enough to destroy the inner disks, even if they were running them over one at a time.

Publicity stunt just about sums it up. Probably a lot of bent coppers using bent disks to carry on the mining :-)

Dedicated (Local) Cloud Infrastructure-as-a-Service to grow almost 1000 per cent in five years

Lunatic Looking For Asylum

Yes but but but it's :-

"That’s a compound annual growth rate (CAGR) of 151.8 per cent."

compound - all the bean counters and shareholders love that.

They're still wrong though - 138 million to 14 billion is ~ 251% compounded...

Happy days for the bean counters and shareholders.

Lunatic Looking For Asylum

Great News Suckers - On Prem Really Is Better

Providing it's our kit that's on prem - not yours.

The cloud providers must be wetting themselves with laughter over this. The tin vendors as well. It's a win win for everybody apart from the poor customer who's decimated their data centre, culled their staff and outsourced everything.

Cue the architects going to the board telling them this is the future and polishing their CV for the next job.

I *&^%ing hate this industry at times.

Big Blue's big email blues signal terminal decline – unless it learns to migrate itself

Lunatic Looking For Asylum

Could this also be the end for Dead Rat ?

It's over complex, over priced, under supported and TBH making M$ Windows look good.

I'll not be crying if DeadRat is dragged down the same sewer as IBM - even if I do get paid to manage it.

Lunatic Looking For Asylum

Re: not an IT company any more

I was just thinking of this earlier.

There were regular articles that started with "Researchers at IBM's....." or "IBM research labs release ..."

It's rare nowadays to see anything new and innovative with IBM in the name.

I can remember them writing the letters IBM out in individual atoms (Silicon I think) back in the 1980's.

This is what happens when you let accountants run the show.

Microsoft wasn't joking about the Dev Channel not enforcing hardware checks: Windows 11 pops up on Pi, mobile phone

Lunatic Looking For Asylum

Does anybody

"For now, Windows 11 on a Raspberry Pi (or phone for that matter) remains an intellectual exercise – a fun thing to try, but you wouldn't use it for serious work."

Use windows on anything for serious work ?

VMs were a fad fit for the Great Recession. Containers’ time has finally come

Lunatic Looking For Asylum

Before long we'll be just running several apps on the server, get rid of the dock overhead as well.

Fashion repeats.

'I put the interests of the country first': Colonial Pipeline CEO on why oil biz paid off ransomware crooks

Lunatic Looking For Asylum

To quote his Bobness, parphrasing Dr J I think

"They say that patriotism is the last refuge to which a scoundrel clings"

Fastly 'fesses up to breaking the internet with an 'an undiscovered software bug' triggered by a customer

Lunatic Looking For Asylum

...and fire (the scapegoat) who let it through as soon as we find out who to blame....

Global Fastly outage takes down many on the wibbly web – but El Reg remains standing

Lunatic Looking For Asylum

It's not single point of failure - it's the cloud, never happens according to my mate Gary in marketing...

Home Office slams PNC tech team: 'Inadequate testing' of new code contributed to loss of 413,000 records

Lunatic Looking For Asylum

Re: Realities

I resemble that remark :-)

As another vendor promises 3 years of Android updates, we ask: How long should mobile devices receive support?

Lunatic Looking For Asylum

You do realise that you have now condemned your battery to fail, the digitser to stop working and and the CPU to develop a thermal fault - and all so you could say how wonderful it was :-)

Namecheap hosted 25%+ of fake UK govt phishing sites last year – NCSC report

Lunatic Looking For Asylum

Re: Tangential rant - there - I feel better :-)

Glad to know I'm not alone.

I thought that playing their game would get it workiing so I went down the SPF, DKIM, DANE and TLS route and it made not a blind bit of difference. Never had a problem so far with gmail - just M$.

It's still happening - maybe I should try something other than Exim :-)

Lunatic Looking For Asylum

Re: only a hundred thousand

1.1 million complaints, 100k linked - policy appears to be only worry if we get 10 or more complaints.

They also said 'linked to' - they didn't say they did anything about them so I wonder how many were actually deleted.

I use Namecheap myself - have done for almost 20 years - they were Enom resellers when I first started using them. The service has been quite good over the years though I am sick of asking them to stop sending emails out in HTML only format.

Recently, my account has been getting locked due to failed login attempts - I suspect that Namecheap are now being bombarded with speculative logon attempts, they are now a nice big target.

They also supported the Nominet EGM so they earned some respect there :-)

Lunatic Looking For Asylum

Tangential rant - there - I feel better :-)

My RANT with MS is the fact that most of my mails to outllook/hotmail go to clients JUNK folders and you get no feedback from M$ as to why - at the moment I'm getting regular spam offering the services of sweet young things from outlook via what looks like some sort of injection into sharepointonline.com.

Of course M$ won't do anything about it.

It's in their interest to give externals a sh*t service - there's peer pressure from clients to do even more of their dirty work :-

DId you get my email ?


Is it in Junk ?


Cool, any ideas why it went to junk ?

No. Why don't you use outlook for you mail - we never get stuff in junk from other microsoft clients...


US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day

Lunatic Looking For Asylum

Re: Accountants and Financials

But shouldn't they have been told ?

Realistically, somebody somewhere down the food chain will have warned them about the possibility of the attack - I bet there's some techy guy rubbing his hands with glee and running round shouting I told you so - naa naa na naa naaa :-)

21 nails in Exim mail server: Vulnerabilities enable 'full remote unauthenticated code execution', millions of boxes at risk

Lunatic Looking For Asylum

Re: Exim rules!

Philip Hazel retired years ago - Exim was at 3 something when he went and he's had nothing to do with it since.

Exim 4 has been pretty solid but it is getting unwieldy, it's configuration is arcane and idiosyncratic and it's documentation obtuse (never mind the quality - look how many pages we've got).

It's certainly suffered from feature creep.

I don't think the devs have anything to to be proud of really.

Even this emergency release, they mentioned a feature that turns off the taint checking but also said it's immediately deprecated and that feature isn't in the main release - you have to download a slightly different release '-fixes' which there isn't a tarball of on the main download server.

Alternatively you can download the previous 4.93-fixes stable (release without the tainting checks) that they have generously applied the patches to but again the tar files are not on the main site.

Yep, you have to pull a git release from the source repository to get those fixes - sigh :-(

I'm definitely thinking of an alternative now - Exim's credibility is at 0 now and I have a load of work to do because of how they have handled it - a comment from the mailing earlier mentioned they had been sitting on these bugs for 7 months.

They then go and release and publish and everybody is left running around like idiots hastily patching, rebuilding and fixing stuff. It will all end in tears.

I know it's not polite to criticise volunteer efforts but sometimes being too polite creates more trouble. If people had been more critical, Exim may not be in the mess it now is.

Lunatic Looking For Asylum

I still use exim

Been using it since 1993 ish.

Just been and compiled and rolled out the new release. Ended up having to do a lot of reading and farting around.

Exim has copious documentation but it is really difficult to digest. Most of the problems today weren't with the compile, it was trying to find what I needed to do to the configuration file so that it would used de-tainted data.

What's de-tainted data ? I hear you all cry. In their wisdom the Exim developers decided that any data that could possibly come from the outside world was dangerous and couldn't be used directly in, for example the name of a file. Seems like a good plan but they didn't tell anybody they were doing this, they just rolled it out and mentioned it in the release notes (not even at the top of the release notes either). Consequently the mailing list was flooded with people screaming because their 'working for decades' configs suddenly stopped.

It's generally been accepted thet the exim devs could have handled the release better.

It's particularly galling that while the devs were busy looking at the tainted data splinter they missed the *()&ing planks that today's release is hopefully in mitigation of.

It does make me wonder what else they have missed and has dented my (and I suspect a lot of other postmastes) confidence in the product.

Facebook, it's cool to see you using Rust and joining the foundation, but please don't Zuck it up for all of us

Lunatic Looking For Asylum

Re: Rust - the language for coders who can't.

> Good coders who use Rust are prevented from the occasional mistake.

Only if Rust detects them.

Bad coders are prevented from the majority of mistakes.

There is the problem that all coders will over rely on the compiler and have the 'it must be good code because the compile was clean' attitude.

I don't see any of the those as benefits.

A good cautious slow C programmer is preferable to a dozen sloppy rust code monkeys putting blind faith in the compiler.

Lunatic Looking For Asylum

Re: Rust - the language for coders who can't.

I can imagine that they would spend all that time dreaming up new algorithms and horizons and better more efficient ways of doing it.

In reality, they'll just go and yak about daytime telly and watch more soaps.

Too many programmers don't give a flying fig - if they did we wouldn't have as many security breaches, OOM errors, patch Tuesday's and segfaults as we do.

Manglement are as much to blame - quality vs quantity etc. and deadlines trump correctness.