* Posts by Tim Brown 1

311 posts • joined 10 Jun 2009

Page:

Microsoft's Surface Pro 2017, unhinged: Luxury fondleslab that's good...

Tim Brown 1
Mushroom

Those TV ads

Never mind the price, I wouldn't buy one simply because of those cringingly bad TV ads that have people gushing about how the Surface enables them to do stuff.

I only hope the people in those ads were paid a hell of a lot of money to make up for the shame.

15
2

Can the last person watching desktop video please turn out the light?

Tim Brown 1
Pint

Hate autoplay videos?

Two simple steps

1) Use Firefox

2) Set 'media.autoplay.enabled' to 'false' in about:config

Never be plagued by autoplay videos again (though you can still watch any you wish to, by manually clicking play).

7
0

Four techies flummoxed for hours by flickering 'E' on monitor

Tim Brown 1
Pint

1200-baud modem???

What I woudn't have given for a 1200-baud modem!

I had to do overnight support for vital banking systems using a portable teletype machine, which, if it worked at all, could only manage 300baud, spitting out text a letter at a time on to thermal paper with the consistency of that shiny bog roll cheap hotels used to use.

10
0

The Telegraph has killed Prince Philip

Tim Brown 1

Re: it would never have happened in my day!

Replying to myself, this story made me all nostalgic and posted this pic on twitter:

https://twitter.com/tgabber/status/892756923799543809

3
0
Tim Brown 1
Pint

it would never have happened in my day!

I worked there starting in 1995 shortly after the Telegraph had launched (in November 1994) the UK's (World's?) first daily news website as Electronic Telegraph.

At the time, we did nightly updates taking copy from the print edition to put online. Each edition was produced by just three people to start with. On the nights I was on shift, one of my tasks was to check through the whole update for problems before putting it live.

I never, ever let any problems slip through...

and never ever had to race back to Canary Wharf in the middle of the night to fix things....

honestly....

Oh and coincidentally, the original deskspace for the site on the 11th floor of One Canada Square was right next to obituaries!

9
0

Cabinet Office minister Gummer loses seat as Tory gamble backfires

Tim Brown 1

Re: What a mess...

"I can't say I agree with Corbyn on lots of subjects but I do respect the fact that he seems to believe in certain principles."

This, so much this. Blair and then Cameron were all about spin and message. May is an outright liar, so it's refreshing to have someone that has principles and will say the same thing next week as he said last week. He's also someone who believes in talking rather than dropping bombs on people. I hope we get more politicians of conviction on the back of this

30
2

UK PM Theresa May's response to terror attacks 'shortsighted'

Tim Brown 1

Re: Hold the horses

Have a downvote for putting Michael Gove and the concept of wisdom in the same sentence!

0
0

Amazon's Alexa is worst receptionist ever: Crazy exes, stalkers' calls put through automatically

Tim Brown 1
Mushroom

Alexa, why have you locked the front door?

I've checked the weather, Tim. There's a risk of thunderstorms. Thunderstorms are dangerous. It's not safe for you to go out.

4
0

Microsoft Azure capacity woes hit UK customers. Yes, you read that right

Tim Brown 1
Pint

Definition of Cloud Computing customers

We're too stingy to pay for our own systems experts we prefer to just shout at people when things go wrong,

8
1

Fire fighters get grinding on London man’s trapped genitalia

Tim Brown 1
Coat

Perhaps...

He might have been better going to a jeweller? Aren't they used to getting stuck rings off?

In all seriousness, one of their miniature cutters would surely have done the job :)

1
0

It's 30 years ago: IBM's final battle with reality

Tim Brown 1

The UK had the best tech for personal computers at the time

For PCs during that period, in pure tech terms , Acorn's ARM machines running RISC-OS were way ahead of offerings from anyone else and prior to that the BBC micro (built by Acorn).

It's just such a shame that Acorn lacked any international marketing savvy then.

3
0

Creators Update gives Windows 10 a bit of an Edge, but some old annoyances remain

Tim Brown 1

"Windows 10, designed to make you appreciate our earlier work"

I'm staying with Windows 7.

13
2

I need an ISP that offers IPv6. Virgin Media: Whatevs, nerd

Tim Brown 1

Re: Am I the only one...

IPv6 is badly designed and thought out. It could have been made backwards compatible with IPv4 which would have ensured a smooth and orderly adoption but the 'designers' thought they could do 'better' with the result that it has had to be dragged kicking and screaming into the world and twenty years on it's still ignored by many.

See https://cr.yp.to/djbdns/ipv6mess.html for a detailed analysis of how the IPv6 designers got it so horribly wrong.

10
11

WordPress fixed god-mode zero day without disclosing the problem

Tim Brown 1

Re: Comments

I'll just point out that the various plugins to disable the API only do so for unauthorised users, so if you install one then you need to log out from the admin panel to see it in action, otherwise the API will still return any info you request.

I really, really wish they'd just kept all this shit as a plugin though, which is where it belongs.

0
0
Tim Brown 1

Re: And...

Thanks, I have now found https://wordpress.org/plugins/disable-json-api/ which has been updated to disable the whole REST API for unauthorised users.

But I can't get my head around why the Wordpress developers haven't made this isn't the default state, If individual users have a use for the API then fine they could switch it on. But then again I don't see the argument for moving the API into core in the first place, rather than leaving it as an addon (where it started life). To me it smacks of a "look at us aren't we clever for doing this" type of thing, rather than something that is genuinely useful to most people.

There are all sorts of things you could build on top of the API, but I'm suggest that for 99% of them you'd be better off doing it a different way.

1
0
Tim Brown 1

And...

If you think the API is a good idea, just append

/wp-json/wp/v2/users

to any Wordpress blog base URL running 4.7 or greater and see the some of the information it's happy to offer up by default without any authorisation.

2
0
Tim Brown 1
Facepalm

Sigh

I just had a look at the details of the bug. It was found in the new REST API that Wordpress enabled by default for the first time in 4.7.0

When I read the patchnotes for 4.7.0 I sighed inwardly at having a new API which I had no interest in using currently, enabled by default and I looked for a way to turn it off. It seemed that there was no easy way to disable it and the documentation I found cautioned against doing so anyway as the API is apparently used by unspecified core routines

Here's a quote from someone on StackOverflow:

"The REST API is not really a security issue, but I suppose some could surface in the future. It's much more important to look at Hardening WordPress - WordPress Codex and Brute Force Attacks - WordPress Codex

As of WordPress 4.7, the filter provided in core for disabling the REST API (via functions.php) was removed because the API is in core now. There is no official option to disable the API as some core functionality depends on it. So if you disable the API, you may see breakage because by default the API core and is available for use by themes and plugins and other sites."

(I bet the author of that reply feels pretty stupid about that first sentence now!)

The whole thing is just an accident waiting to happen. I shall look again at ways to turn off this unwanted API.

2
0

Penguins force-fed root: Cruel security flaw found in systemd v228

Tim Brown 1
Pint

use sysvinit instead

"Unfortunately, it is by now impossible to avoid this abomination if you have to stick with a major distribution".

I hate the philosophy of systemd too, but it's still fairly straightforward to run the current Debian release using sysvinit instead.

I switched all my servers back to sysvinit when I discovered that during a standard reboot systemd was shutting down logging to syslog BEFORE all applications had been cleanly shutdown, thus important messages were lost. For instance, If you just went by syslog it would appear as though Mysql had crashed and not been shut down cleanly.

Anyway a guide to switching back to sysvinit here, it's very simple:

http://without-systemd.org/wiki/index.php/How_to_remove_systemd_from_a_Debian_jessie/sid_installation

24
1

IPv4 is OVER. Really. So quit relying on it in new protocols, sheesh

Tim Brown 1
Pint

Exhaustion? and yet...

The major dedicated server supplier I use is still happy to provide 16 free IPv4 addresses with even its low end servers (with justification of course).

2
0

Docker user? Haven't patched Dirty COW yet? Got bad news for you

Tim Brown 1
Holmes

I told you so...

When all the hype about Docker started I had a look at it and timely security updates was something that put me off the whole thing. That and the layer upon layer of the filesystem structure with seemingly no easy way to merge redundant layers was frankly a little psychotic (it may be better now, I haven't checked).

3
1

No means no: Windows 10 nagware's red X will stop update – Microsoft

Tim Brown 1
Joke

In other news...

The EU has decided to get Microsoft to design some nagware to get the British Government to invoke Article 50.

An EU spokesman said "We're seriously fed up that the British PM keeps clicking 'not just now thanks' on the reminders we've sent him so far"

9
0

Austrians are most likely to bare all on beaches

Tim Brown 1
Mushroom

Tech story because?

Or is the only tech relevance that this was a press release by a travel company with a website?

1
0

British cops to film you with 59k body-worn cameras by end of year

Tim Brown 1
Facepalm

You're under arrest! Now if you'll just sign this consent form...

How long before we get one or more dedicated TV channels for the footage? Channel 5 are 75% of the way there already!

0
0

123-reg email goes TITSUP

Tim Brown 1

Hotmail/Outlook/Windows Live Mail or whatever they are calling it this week is also titsup at the moment.

0
0

Yahoo! shows! off! for! suitors! by! diving! into! red! ink!

Tim Brown 1
Holmes

It's tough at the top

Presumably, as the results were "in line with our expectations" the CEO and the rest of the management fat-cats will be taking home their six-figure bonuses and seven-figure salaries as usual then, which probably goes a long way to explaining the loss...

5
0

BT hauled into Old Bailey after engineer's 7-metre fall broke both his ankles

Tim Brown 1

Re: Not so funny.

I have a house in rural France and around here nobody seems to have heard or care about H&S rules.

It's common to see people working on steeply pitched roofs without any safety equipment whatsoever.

There's one old boy who works on his own with a van and a long ladder repairing roof tiles. He was at a house across from me last year and it made me feel quite queasy to see him going up on the roof all on his own, even climbing the ladder one-handed as he held on to a stack of new tiles on his shoulder with the other.

2
0

Not Bitcoin, but close: Red Hat and Microsoft bite into blockchain tech

Tim Brown 1

The problem with blockchain tech...

is that there is no concept of archiving. So to properly verify the current entries you need the whole blockchain which just keeps growing and growing.

Unless that is, you have some sort of central authority to sign and publish checkpoints in the chain periodically.

3
0

Apple's fruitless rootless security broken by code that fits in a tweet

Tim Brown 1

Re: Software updates

Yep, Apple need to get off their high-horse. All they've effectively done is create a super-super user. It doesn't make root problems magically go away, it just moves the target.

Meanwhile, slightly offtopic, but try checking the details of an HTTPS certificate in mobile Safari... and you can't.

8
0

Your unpatchable, insecure Android mobe will feel right at home in the Internet of Stuff era

Tim Brown 1

kernel version?

I just checked both my recent Android devices (one of which is a fully patched Nexus 7, running Marshmellow) and both are running a Linux kernel version 3.4.x, so why is kernel 3.10 mentioned?

Is this bug related to Android version or Linux kernel?

1
0

HTC teases yet another make-or-break comeback flagship

Tim Brown 1

Re: Suicidal HTC?

Have to agree there.

Not being a fan of the massive phablet, I was happy to snap up an HTC one mini 2 last year at a bargain price since it apparently wasn't a popular model, but I'm very happy with it. But the rumoured design just leaves me cold.

0
0

SSL's DROWN not as bad as Heartbleed, still a security ship wreck

Tim Brown 1

Is TLS vulnerable or not?

My understanding is that TLS was a 'rebranding' of SSL when it got to v3.1 (i.e. TLS v1.0 = SSLv3.1) . However reports often seem to mix the terms as we have in this story ( "An attacker can exploit support for the obsolete SSLv2 protocol – which modern clients have phased out but is still supported by many servers – to decrypt TLS connections.")

So in simple terms is my TLSv1.2 connection vulnerable simply because the server still supports SSLv2 (even if I'm not using it) or only if my connection is actually SSLv2?

And if I'm confused (as an experienced IT person) what hope does the average user have?

0
0

Dan Kaminsky is an expert on DNS security – and he's saying: Patch right God damn now

Tim Brown 1

It's the nature of security consultants to big-up the problem

Not that I'm complacent, I patch the Linux servers I manage at least every week.

However security consultants like to make the latest bug sound like the end of the world, when really it isn't and isn't anywhere near. Well-managed servers will get patched in a timely fashion, some badly managed servers will get deservedly bitten, need to be rebuilt, and in the process we may get to learn who the IT-incompetent companies are (I'm looking at you Talk-Talk).

The world will keep turning and a few more cowboys will go to the wall.

2
4

When asked 'What's a .CNT file?' there's a polite way to answer

Tim Brown 1

Re: What's a .cnt?

"Oh yeah, and what about the man page on "ln" which eschews the usual unix idiom and waffles so effectively that no-one can figure out which comes first: the file name or the link name. man pages are a cowpat in the field of technical documentation."

I don't know what Man page you were looking at but on Debian 8.3 man ln starts:

NAME

ln - make links between files

SYNOPSIS

ln [OPTION]... [-T] TARGET LINK_NAME (1st form)

Then goes on to list the variations and what each option does. Pretty clear to me.

2
0

BT blames 'faulty router' for mega outage. Did they try turning it off and on again?

Tim Brown 1
Mushroom

Twenty years from now...

a former BT engineer may post the real story in "On Call"!

3
0

Little warning: Deleting the wrong files may brick your Linux PC

Tim Brown 1

Re: Sounds Really Clever?

Systemd may not be the principle culprit but it's certainly an accessory to the crime. Why does it mount that special filesystem r/w by default?

Just another little bit of evidence that the systemd developers don't think things through and that their whole approach is a disaster waiting to happen.

3
1

Disputed eBay platform vuln poses ‘severe risk’ to tat bazaar's users

Tim Brown 1
Holmes

Wrong culprit?

Without wishing to defend Ebay, surely if javascript is allowed to do anything it shouldn't, the real problem is in the browser?

1
0

How to get root on a Linux box, step 1: Make four billion system calls

Tim Brown 1

If you build your own kernel, presumably you'll incorporate the kernel patch for this bug, which has already been released, so you won't have to worry whether CONFIG_KEYS is set or not.

2
0

BBC risks wrath of android rights activists with Robot Wars reboot

Tim Brown 1

Re: One man and his dog

Try "Flockstars"

(yes that really was a programme in 2015, gawd help us!)

0
0

France says 'non' to Wi-Fi and Tor restrictions after terror attack

Tim Brown 1

Simple political trick

Erm, they were never going to do the things in that leaked report anyway. It's a standard trick to release rumours of extreme policies so that you can look magnanimous when you don't implement what you were never going to do!

Unfortunately, here in Britain nobody explained the tactic properly to David Cameron and George Osborne so they plough ahead with daft policies only to be forced into a u-turn later...

9
2

Lock up your top-of-racks, says Cisco, there's a bug in the USB code

Tim Brown 1
Mushroom

Not the biggest threat

If you're trusted sufficiently to get close enough to one of these routers to plug in a malicious usb key, presumably you're also close enough to pull out the power cable, take a hammer to it, or simply hit the off switch!

5
0

Free HTTPS certs for all – Let's Encrypt opens doors to world+dog

Tim Brown 1
Holmes

Can I get a certificate WITHOUT running their software?

My installation is not standard, I know exactly what to do to install certificates since at the moment I'm using a self-signed one for testing. So can I get generate a certificate without all the self-install gubbins?

3
0

PHP 7.0 arrives, so go forth and upgrade if you dare

Tim Brown 1

Re: WTF is a "spaceship operator"?

I can't see that the 'spaceship' operator helps in any great way other than to allow people to write 'clever' code which obfuscates what it does and leaves a maintenance programmer wondering if it might just have been a typo.

10
0

Who owns space? Looking at the US asteroid-mining act

Tim Brown 1
Happy

I own a bit of the moon

and I have a piece of paper to prove it!

Anyone else remember the fad for 'selling' bits of space several years ago? Someone gave me a certificate of land ownership from MoonEstates as a xmas pressy. I shall pass it down to my heirs and one day one of them may be very rich... (or not)!

1
0

Nominet to hike price of UK web domains by 50%

Tim Brown 1
Mushroom

Power corrupts...

and so do six-figure salaries for doing sod all.

12
0

Downloads for Windows 10 November big-bang build axed by Microsoft

Tim Brown 1
Meh

What about the Dev VMs?

Anyone checked if the VMs at

https://dev.windows.com/en-us/microsoft-edge/tools/vms/windows/

have been updated?

(I only run Windows > 7 in VMs now and that's only for compatibility testing)

0
0

Google takedown requests mushroom as copyright holders play whack-a-mole

Tim Brown 1

"Is there a list of those domains anywhere? Presumably they're good sites for freebies. Does Google have a public listing of blocked sites?"

See https://lumendatabase.org/

0
0

France's 3-month state of emergency lets govt censor the web

Tim Brown 1

Re: It's just like a bad French remake of the US 2001 bullshit

"It's safer to sit behind a computer than to go into the field to gather intelligence"

Indeed, and that leads on to trying to fight a war with bombs and drones instead of putting 'boots on the ground' because it's safer. Wars can never be won solely from the air, they just create more refugees and more radicals out for revenge. Also, sad though it is to say it, casualties on your own side help to get the politicians talking to find a peace.

5
0

Chaos at TalkTalk: Data was 'secure', not all encrypted, we took site down, were DDoSed

Tim Brown 1

data already being used?

Don't know if it this is related but our spam filters have picked up a batch of spam/malware emails all being sent from several different @talktalk.net email addresses to what appears to be a list of emails in address books.

Could just be a co-incidence or someone may already be exploiting the stolen data.

3
0

Windows 10 out, users happy, PCs upgraded, my work here is done – says Microsoft OS chief

Tim Brown 1

Re: That guy...

Yes, it's weird that a guy in charge of a supposedly cutting-edge OS still has his haircut (wig/dye) stuck in the 90s!

2
0

How far will Microsoft go with Android?

Tim Brown 1
Mushroom

In the 1980s Microsoft probably laughed at IBM's failure in the desktop market

Now it's their turn.

5
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017