* Posts by Richard Lloyd

356 posts • joined 25 Nov 2006

Page:

President Trump tweets from insecure Android, security boffins roll eyes

Richard Lloyd

Android Central already had a guess (by looking at photos of Trump using the phone) that Trump uses a Galaxy S3:

http://www.androidcentral.com/which-android-phone-does-donald-trump-use

4
0

National Lottery whacked with £3m fine for suspect ticket win

Richard Lloyd

7 years?

What no-one out there has commented on is why it took 7 years for this dodgy payout to be publicly revealed, never mind how the allegedly "winning" ticket was damaged. Considering lottery tickets have a security code on them, you do suspect some inside involvement (i.e. either the "winner" had access to the security code algorithm or they paid someone off to falsely validate the ticket).

3
0

Blu Vivo 6: Top value trendsetter marred by Chino-English mangle

Richard Lloyd

Blu Vivo 6 is probably the best 2016 phone sold in the UK under 200 quid

I got this phone on Black Friday and, for the price, it's quite impressive. If its missing features (NFC, waterproofing, Nougat) are important to you, then you'll have to spend quite a lot more to get them I suspect. I only saw a couple of mangled English mesages in the Settings - this article overblows that in the extreme. The display is good, the phone doesn't lag and the Android interface has only minor changes (use Nova Launcher to bring more sanity), with swiping the Quick Settings from the bottom rather than the top being the most obvious.

You get a shed-load of accessories in the box - so much so, that maybe a second type C cable is the only optional purchase you might consider. I think the only concern I might have about the Vivo 6 is the timeliness of the updates. It's currently only got the Sep 2016 Android security updates and although Blu have promised Nougat in the future, there's no firm date for that yet.

BTW, Amazon UK dropped the price back to 184.99 for the end of its Cyber Week - as I write this, it's probably got one more day (Sunday) left before it returns to 239.99. At the lower price, the Vivo 6 beats or equals its nearest rival (the Moto G4 Plus) in most categories except the rear camera specs.

0
0

SQL Server on Linux: Runs well in spite of internal quirks. Why?

Richard Lloyd

Re: Installing on CentOs 7 / RedHat 7

I stuck it on my work CentOS 7 desktop after removing unixODBC (this conflicts with unixODBC-utf16 in MS'es repo when installing the tools - whoops!) - here's the figure for the DB install:

# du -s /opt/mssql

671136 /opt/mssql

That figure is in K, so it's actually 655 MB, which seems more in the right ballpark. The MS tools install into /opt/mssql-tools and are only 860K in total.

Note that this beta has an 180-day evaluation period, which is something I didn't see mentioned on the MS site or indeed in *any* IT articles on its release (including this El Reg article!).

CPU usage when doing "nothing" (just installed, no DBs, service running) isn't close to zero - it's used around 5 hours of CPU in 4 days being "idle" - about 5% of a core on average. The sqlservr-telemetry process is a persistent blighter - "systemctl stop mssql-server" didn't kill it and a "kill -9" caused it to respawn! I eventually got bored and uninstalled the mssql RPMs (yep, process still running after that!) and then I could finally kill -9 it...

Oh, and the critical download link that was crazily left out of this article is:

https://www.microsoft.com/en-us/sql-server/sql-server-vnext-including-Linux

1
0

Cheap, lousy tablets are killing the whole market says IDC

Richard Lloyd

Not seen a decent new tablet released recently

Having a lot of tablets myself, I've come to the conclusion that you do indeed get what you pay for. To me, the most critical aspect of a tablet is its display (i.e. must be >= 8", 16:9 or 16:10, a high resolution and ideally AMOLED) and owning a Galaxy Tab S 10.5" has spoiled me in that respect.

What we've seen from Google and Samsung with their last "flagship" tablets is the wrong aspect ratio (sorry, but 4:3 is an epic fail for videos and games) and eye-watering prices. Google skipped tablets completely with their latest launch and no sign of a Samsung S3 yet (and if it's 4:3 again, I for one won't be buying it).

Now if the Yoga Book could have detached its display from everything else then it might have piqued my interest more, but the specs are a bit underwhelming for the price anyway, IMHO.

0
0

Three LibTIFF bugs found, only two patched

Richard Lloyd

It's about time there was a new official release...

"Released in September" forgot "2015" on the end - it's been over a year now since the latest release came out, during which there's been dozens of commits (including the two security fixes). It is bizarre that there hasn't been an official release for so long, especially considering it's still being actively developed (last commit was less than 2 weeks ago).

1
0

Dirty COW explained: Get a moooo-ve on and patch Linux root hole

Richard Lloyd

No Red Hat patch yet

Despite the article claiming Red Hat have a patch out, the article link is only to the CVE announcement on Red Hat's site. If you check the Bugzilla bug for it here:

https://bugzilla.redhat.com/show_bug.cgi?id=1384344

You'll see that there isn't actually a patch out yet as of Monday morning UK time. There is a (fiddly) mitigation procedure involving systemtap documented at the above URL, but no new kernel RPM to fix the issue yet. This means that CentOS and other RHEL clones are also unpatched at this moment in time as well.

0
0

First look at Windows Server 2016: 'Cloud for the masses'? We'll be the judge of that

Richard Lloyd

Works in VirtualBox...

The article failed to link to where you can download the 4.5GB eval ISO:

https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016

I slapped it on VirtualBox and selected the "Desktop Experience" version (did I read somewhere that you can't convert from non-DE to DE later on?). It's a 180-day trial and I didn't seem to need a license key for it. Overall impression is that for typical small business use, it's only a small upgrade from 2012 and the nastier licensing terms for 2016 might make SME's hold back on the upgrade.

It's nowhere near as big an upgrade as, say, RHEL/CentOS 6 to 7 was (systemd is still doing my head in!).

5
0

My Nest smoke alarm was great … right up to the point it went nuts

Richard Lloyd

No-one saw this early 2015 YouTube video then?

I'd have thought this video would have sent people screaming (ha!) for the hills when it was posted by a Google (who own Nest) employee over 18 months ago:

https://www.youtube.com/watch?v=BpsMkLaEiOY

Apparently the 2nd gen version is supposed to have fixed most false alarms by using a better sensor, but the video still gives a really bad impression of the product!

1
0

Google may just have silently snuffed the tablet computer

Richard Lloyd

Tablet specs have plateaued

The last widescreen tablet Google produced was the Nexus 10 way back in November 2012 (I don't count the disappointment that was the Nexus 9, because 4:3 doesn't cut it for videos/gaming). To succeed the Nexus 10, I picked up a Galaxy Tab S 10.5" which has a sweet display (sorry, the 4:3 of the Tab S2 again is an epic fail and with a lower resolution!) and I suspect still represents pretty well the peak of Android tablets (certainly w.r.t. the display at least) and it's over 2 years old.

I've not seen any tablet in the last 2 years that significantly improves on what I've got and that's the real problem with the tablet market - each generation is only making small improvements on the previous one, so people are hanging onto their tablets for longer and hence the falling sales.

0
2

Heathrow airport and stock exchange throw mystery BSODs

Richard Lloyd

Ancient coin counter

Using the ancient coin counter in the big HSBC in Liverpool has been fun for me in the recent past. Ignoring the fact you have to type your account number and sorting code manually (no card swipe!) complete with stars displayed for numbers so you have no idea whose account you're paying into, I had a spectacular crash with it (way better than a BSOD).

While I was tipping in my coins, the screen started showing virus-like red steaky vertical lines until I actually couldn't read the text on the screen at all. Luckily, it had finished counting my coins before I called over an HSBC assistant who promptly knocked on the wall behind the machine and 5 seconds later the machine rebooted!

I thought that was some clever reset switch embedded in the wall until the assistant opened the door next to it and it turns out someone had rebooted it behind the scenes - obviously such a common problem that knocking on the wall was a good enough signal :-) Oh, it booted into Windows XP (didn't say Embedded - does the logo include that?) and that was only last year...

6
0

Sony wins case over pre-installed Windows software

Richard Lloyd

Re: Why not just grow up?

I think the problem here is the lack of choice - almost all laptops (barring Apple of course) from the major OEMs ship with Windows pre-installed. It's obvious why: MS gives a big discount on its OS if you sell gazillions of them (so selling another OS or no OS would lose the discount) and no OEM usually wants to support 2 OS'es because of the cost.

I think the missing tricks here are:

!. Persuading OEMs to ship with no OS and maybe with a hardware diagnostic live Linux distro on USB or CD that would allow the user to run and have it report issues (i.e. "hardware fault detected - please return for repair or refund if inside warranty"). Support costs for the OEM would just be keeping the distro up-to-date for all their models. In an ideal world, all major OEMs would get involved and Github the whole thing, but that's probably stretching the dream too far..

2. Certify the hardware to run Linux, even if Linux isn't shipped with it. This could be as simple as booting a couple of the most popular live Linux distros (Mint, Fedora, whatever) and runing through a hardware (and some software) checklist to ensure things are working. Cue a penguin logo on the product page if it passes the testing (would need small print to confirm which distro versions passed). Still make it clear that a machine shipped without an OS has no OS/software support from the OEM, even if it has a penguin logo.

3
0
Richard Lloyd

Re: OS Refund

I just went through most of Dell UK's home and business laptop range and I didn't see a single model that was shipping without an OS. Almost every single model forced either Win 10 Home or Pro with no choice. The only tiny exception was the rare "Developer Editon" (e.g. XPS 13) with Ubuntu which at least added larger RAM/SSD to compensate for charging the same as the Windows version.

I suspect you may have been thinking of servers - for example, Dell's PowerEdge range not only lets you customise the hardware up the wazoo (much better than the annoying zillion different Dell desktop/laptop models), but also lets you buy it with no OS, which is ideal for Linux servers.

5
1
Richard Lloyd

Re: "without pre-installed software"

I've found the unicorn you were looking for:

https://www.pcspecialist.co.uk/custom-built-laptops/

What I like about pcspecialist's laptops is not only can you configure almost everything inside them, you can buy them without an OS too! This typically knocks a substantial 89 quid off the price, but I wish they'd tell you about Linux compatibility, because if you're going to buy it without Windows, it's fairly likely you'd be putting some Linux distro on it.

14
0

Adobe reverses decision to kill NPAPI Flash plugin for Linux

Richard Lloyd

We've had updates for years, just for 11.2 though...

Strangely, Adobe have been regularly updating Linux for Flash, but just for their zillion security fixes for version 11.2. It is a bit bizarre that after years being stuck on 11.2 (though seemingly not causing any compatibility issues with the sites I visit), we're suddenly going to jump 12 major versions in one fell swoop.

What I want to know is whether this will see the resurrection of the Android Flash plugin too - that's even more out of date than the Linux version. Weirdly, it's become useless for me in recent years - plays 10 seconds of video in Android Firefox and then freezes...

5
0

MySQL daddy Widenius: Open-source religion won't feed MariaDB

Richard Lloyd

Alternative to Maxscale...

...there's always good old MySQL Proxy (it never went GA, but I've used it) or the newer MySQL Router, both of which don't appear to have any sort of BSL-style licence tied to them and both can be used with MariaDB server installs as the backends.

MySQL Proxy was a bit too simplistic perhaps (very simple round robin by default, requiring some Lua-based work to balance based on load/connections) and I certainly didn't like the number of g_assert() calls in the production source code (262 at the last count), but it seemed to do its job OK.

1
0

Let's Encrypt ups rate limits

Richard Lloyd

90 day limit is to encourage automation

If you only had to renew certs every year, a fair chunk of admins wouldn't even bother installing a cron job to run the certbot script to do auto-renewals. One of the major goals of Let's Encrypt is automation - get the initial cert and then forget about renewals because a cron job will handle those automatically (if the renewals fail, Let's Encrypt will email you automatically if expiry is getting close for any cert). A short expiry period really does focus the mind on getting the automation working.

I think Let's Encrypt is an idea that's been long overdue - the commercial secure cert market is a licence to print money, especially where the entire process is automated and rarely involves a human on the cert vendor side. As for Extended Validation certs, this seems to be an excuse to charge double for one or two extra checks that probably take less than a minute each...

1
0

The calm before the storm: AMD's Zen bears down on Intel CPUs

Richard Lloyd

If nothing else, the Zen series might force Intel's top-end CPU prices down from their current crazy levels. According to Amazon, the 5960X 8-core *desktop* CPU has an unbelievable 1,336.73 pounds RRP (though in reality, Amazon are selling it for 849 quid). If a roughly equivalent 8-core Zen comes in at 500 quid or less, I can see it selling like hot cakes (but hopefully that doesn't mean the CPU burns cakes :-) ).

1
0

Mozilla 404s '404 Not Found' pages: Firefox fills in blanks with archive.org copies

Richard Lloyd

It's a banner across the top that asks if you want to load the archived version

Unlike most people here (or the original article author I suspect), I actually went ahead and installed Test Pilot. Here's one of the screen shots showing the 404 not found thing in action:

https://testpilot-prod.s3.amazonaws.com/experiments_experimentdetail/2/4/24ddd4335aca6b96cca9106a6f3411d2_image_1470245154_0440.jpg

This seems like a good way to do things - show a banner at the top of the page giving the option of seeing the archived version. If the original article here at El Reg had made that clear, I suspect there'd be a lot less outrage. I, too, think that auto-replacing a 404 not found page with an archive.org version is a very bad idea - that's what this article implied...

4
0

Fedora 24 is here. Go ahead – dive in

Richard Lloyd

Re: I will wait for Fedora24 to work for me. It is not what I want to use as it now is.

UPS'es for desktop computers that auto-shutdown so many minutes after a power failure are only useful if you're regularly away from your desk and need to leave the PC on for some number-crunching exercise that is potentially longer than the UPS battery lasts.

The APC UPS that's hooked up to my desktop beeps loudly 3 times every 15 secs or so when the power has died - even a beefy PC should have 10-15 mins of juice in the UPS left to allow for a manual shutdown. For a desktop, the main UPS benefit is that you do actually get time for a manual shutdown - I don't run any APC software on my CentOS desktops hooked up to APC UPS'es because I don't leave my PC on for long periods when I'm not there.

0
0

Your WordPress and Drupal installs are probably obsolete

Richard Lloyd

Wordfence and readme.html

Wordfence is a useful plugin, though I really don't like the fact that it renames readme.html to readme<long_hex_string>.html at the top level of your WP site by default, in the name of "security through obscurity" (the file has the WP version number in it). The snag is that readme.html is a *core* WP file (involved in the core checksumming routines used by WP-CLI amongst others) and no plugin should ever modify/rename/delete a core file. I've posted up to the Wordfence forums about it, but can't convince the devs to make the default not to "Hide WordPress version"...

0
0

Google asks the public to name the forthcoming Android N operating system

Richard Lloyd

Not a lot of sweets/desserts beginning with N...

Apart from the "obvious" Nutella, only a couple of others spring to mind: Nesquik (milk shake) and Neapolitan (ice cream, but they've already done Ice Cream Sandwich...).

I hope they go for another brand name and associated promo like they did with Kit Kat - I won in their Kit Kat/Android compy after consuming a fair number of them (but to be fair, Kit Kat is one of my favourite choc bars).

0
0

Compression tool 7-Zip pwned, pain flows to top security, software tools

Richard Lloyd

Re: Linux/BSD port p7zip

I was going to ask the same question - the Sourceforge p7zip (shipped with a *lot* of Linux distros) remains at 15.14.1 released on 23rd March 2016. No idea how much code it shares with the Windows 7-Zip though (none? some?).

0
0

Falling flat: Silicon Valley satire is a no show

Richard Lloyd

Final scene was ridiculous

Was it just me or was the final scene in this episode just the most ludicrous thing ever? Spend all night devising a skunkworks, bizarrely decide to print it out (they all have computers FFS!), then take the printouts to work (a major WTF moment).

I know the lead Richard character has done a lot of stupid things, but this was just so unbelievable, especially with the "we don't have a shredder at home" line (don't print anything out that's highly confidential then...duh!). A truly awful end to the episode and probably the worst scene of all 3 seasons so far (even beating the bottle of booze on a keyboard utter nonsense from a while back).

1
1

Mozilla slings Firefox patches at flaw found by GCHQ's infosec arm

Richard Lloyd

Re: Comma placement

> No UI fuckery, amazingly enough.

Er, unless you run Linux Firefox 46, in which case a major change was made with a move from GTK+2 to GTK+3. Apart from the different in-page chrome (e.g. form selector looks different and the scroll bars are horribly narrow now), it also now fails to run on some still-supported LTS distros that don't ship GTK+3 (e.g. CentOS 6, which still has more then 4 years of support left).

Yes, you can fall back to the ESR release for the moment, but I suspect the next ESR release will also use GTK+3...

0
0

How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript

Richard Lloyd

Name clashes aren't uncommon - I have one

I got name-clashed by MySQL (and now MariaDB too) no less - they include a binary called "replace" (despite almost all their binaries having a "mysql" prefix), which was first shipped years after the "replace" utility I wrote was released. A polite request from me asking them to rename it to "mysqlreplace" was ignored, which is annoying because MySQL's replace command is not good to say the least...

0
0

Ben Nevis embiggened by a metre

Richard Lloyd

Embiggened - only in The Simpsons please

Embiggened is a made up word which should only be used in The Simpsons where it made one of its earliest appearances. I'm surprised Americans use it because it's actually a longer word (both to speak and spell) than the correct word ("enlarged") that's actually in, you know, real dictionaries.

0
2

Get ready to patch Git servers, clients – nasty-looking bugs surface

Richard Lloyd

Cygwin git needs updating...

Yes, the irony of it - Cygwin source code is git-hosted, but their copy of git is version 2.7.0 without any of the fixes mentioned in the article:

https://cygwin.com/packages/x86_64/git/

Gitlab's restriction to a minimum of 2.7.3 is a little harsh when a) 2.8 will contain one of the fixes (so another raise of the min version then?) and b) Cygwin git is languishing at 2.7.0.

On a similar note, CentOS 7 git is actually way back at version 1.8.3.1 (with backported fixes) - does the latest Gitlab lock out CentOS 7 users then? One trick is to rebuild the Fedora Rawhide 2.7.3 src.rpm on CentOS 7 and use it to replace 1.8.3.1 (though it means you have to track Rawhide for updates...).

0
0

Dell PowerEdge R730: Reg rack monkeys crack smiles over kindness of engineers

Richard Lloyd

You need Enterprise iDRAC and I hate Java consoles too

The standard iDRAC doesn't let you do much (shows info you can already get from the free OMSA tool and also can power cycle the server), but the "Enterprise" iDRAC costing many hundreds of pounds extra gives you the crucial remote console that can save your bacon on many occasions.

Sadly, the remote console uses a Java VNC applet (even on this R730 it seems!) which is the flakiest known software to man/woman. You're presented with a myriad of security pop-ups (at least one of which comes up every time with no way to say "don't alert me next time"), you have to auth the iDRAC URL in your Java control panel because the iDRAC web interface uses a self-signed cert and even when you finally get to the console window, Java will either crash or refuse to connect most of the time (spawning a second console from the first one will often fix this).

Add the fact that Java plugin support is rapidly disappearing from browsers (it was dropped ages ago with Linux Chrome for example) and the existence of the non-Java noVNC tool (yoohoo Dell - why not try it? Proxmox have used it for a while and it's really sweet to use), then the iDRAC console is nothing short of an abomination. When you really need to use it quickly, working 1 time in 6 doesn't cut it.

2
0

Containers! Containers! Containers! And RHEL 7.2. Employ as you wish

Richard Lloyd

MATE desktop recommended

If you're coming from RHEL/CentOS 6 like I was, then I'd recommend the MATE desktop (yum groupinstall "MATE Desktop" then select MATE via the cogwheel icon you'll see when you're about to type your login password) for the smoothest transition to CentOS 7 - it's the closest look and feel you'll get to GNOME 2.

One slightly annoying thing recently - the latest MATE updates turned on the software compositing window manager by default without even asking me. This put annoying shadowing (on all 4 sides!) for windows/menus and an "exploding" task bar icon when you clicked on it. Luckily, you can turn it off via the main MATE menu -> System -> Preferences -> Look and Feel -> Windows -> General -> Compositing Manager (yep, pretty buried...).

1
0

Got a Nexus? Google has five critical Android security fixes for you

Richard Lloyd

Nexus or CyanogenMod - only 2 choices

If you're non-techie and concerned about security (which you should always be!), then the Nexus range is pretty well the only sensible Android choice. If you are techie, then it's either Nexus or a device that has CyanogenMod support (Nexus can run CM of course, which is what I do on my Nexus devices).

At least Google is actually releasing monthly security updates now, which puts a little pressure on OEMs/carriers to up their game with similarly scheduled updates. The fact that you can see the security patch level month in "Settings -> About device" helps as well.

4
1

Feds widen probe into lottery IT boss who rooted game for profit

Richard Lloyd

Don't win the jackpot...

I suspect jackpot winners are scrutinised a lot more thoroughly than lower tier winners, so why not fiddle a second place win (or, if you want to be very safe, the highest tier where you can claim the prize with no ID required). Of course, you'd either play online via proxies/Tor/VPN (though payments could be traceable then if they're done online too) or play offline at different locations and don't claim the prize in person (CCTV, remember?), though you'll have to cut your stooge(s) in for a percentage share and they'd have to be very trustworthy.

1
0

Launch embiggens Galileo satnav fleet

Richard Lloyd

Embiggens....groan

Embiggens? A made-up word from a Simpsons episode not in any standard dictionary. It's annoying when someone uses this fictional word when "enlarges" is not only actually in a dictionary, but also it's shorter!

0
0

Lower video resolution can deliver better quality, says Netflix

Richard Lloyd

480p Netflix on a fibre connection

My Humax Freesat DVR finally got a Netflix app this week, so I signed up for a free month to the HD package (and immediately cancelled to avoid auto-payment when the free month is up, but you still get to use your free month). I couldn't understand why the picture wasn't sharp on my wired 40 Mbps fibre connection and 1080p plasma though.

It turns out Netflix defaults to "Auto" playing mode and the info button on the remote confirmed it was only playing HD content at 480p despite my decent setup. I had to go onto the Netflix Web site and flick the playing mode to "High" - as soon as I did that, the HD movie I was playing flicked from 480p to 1080p mid-stream, with no buffering or pixellation and a much sharper picture. In other words, Auto mode is terrible at estimating your bandwidth and I wonder how many HD subscribers have been playing back at 480p because of the crappy Auto mode?

Talking of HD, if the vast majority of Netflix content is available in HD and it's likely the vast majority of Netflix potential or paid-up subscribers have HD TVs, then why do Netflix charge an extra 1.50 per month for HD? Netflix will claim it's for the bandwidth usage (they muddy this by offering 2 simultaneous devices in the HD package), but the Auto default playing mode selecting 480p (at least for me) sounds like a convenient bug/feature to save using bandwidth on HD accounts to me....

1
0

Mozilla looses Firefox 43, including Windows 64-bit variant

Richard Lloyd

Had 64-bit Firefox for ages...

Linux has had official 64-bit Firefox for ages and even Windows users have had both official (nightly) and unofficial (Palemoon/Waterfox) 64-bit builds too, so 64-bit isn't big news for those who really wanted it on Windows.

One minor relief on the Linux side is that they've postponed the move from GTK+2 to GTK+3 until maybe version 45 in March next year - at which point it would break on at least one prominent LTS distro (CentOS 6) that's got support until Nov 2020.

0
0

Google to end updates, security bug fixes for Chrome on 32-bit Linux

Richard Lloyd

It's not 32-bit that's the issue

I've been running 64-bit Linux desktops for 10 years now, so the death of 32-bit can't come soon enough. However, Chrome dropping support for 64-bit Linux distros that have 5 years of support left (CentOS 6 - though I have a workaround at http://chrome.richardlloyd.org.uk/ for that) and NPAPI plugins (bang goes Java applets, which stuff like VNC viewers use...e.g. Dell iDRAC/HP iLO) were far worse than dropping 32-bit support.

4
1

Finding security bugs on the road to creating a verifiably secure TLS lib

Richard Lloyd

Why not work on an existing TLS project?

So here we go again - another reinvention of the wheel :-( Surely it would be a better use of their time to work on improving an existing TLS Open Source project? OpenSSL and GnuTLS are both very obvious candidates (and probably the most popular ones out there) and while I can see they are providing some benefit to those by discovering possible flaws in them, working directly on them would be a superior solution surely?

1
5

Doctor Who: Even the TARDIS key can't unpick the chronolock in Face the Raven

Richard Lloyd

Audio badly mixed for me

I recorded the Sat night showing from BBC One HD on Freesat onto my trusty Humax DVR and got a terrible audio mix coming out of my 5.1 system (which has never happened before). The background music was twice as loud as it should have been and almost obliterated the dialogue.

I "obtained" another copy of the show and the mix was much better, though the odd dialogue snippet was competing with the background music again. Did anyone else out there have a similar audio issue? As for the episode, it yet another "meh" reaction from me, like so many of the episodes in recent years. My weekend was better spent watching Jessica Jones, which is so much better than Doctor Who currently is...

0
0

Linus looses Linux 4.3 on a waiting world

Richard Lloyd

Loose can mean to release or to set free...

...but it's normally used in the context of an object that's tied up tight in the first place and I'd probably use "loosens" myself anyway. I don't think you can use the word to refer a kernel that's already gone through several RC versions, because that's hardly tied up or tight :-)

0
0

Bletchley Park remembers 'forgotten genius' Gordon Welchman

Richard Lloyd

Re: Please can we keep the accolades coming...

Straight after watching the interesting BBC Four documentary, I had a look online and Amazon UK had it for about 9 quid. Fast forward several weeks and it's now 350 quid! Amazon Germany (I had to pick that variant didn't I? :-) ) has it for 13 Euros though.

Bear in mind that it's the revised paperback edition though - the original isn't available new (I believe all unsold copies were actually pulped).

1
0

Adobe patches Flash dirty dozen, ignores 155 in Shockwave shocker

Richard Lloyd

Linux Flash player nowhere near version 19.x

For some inexplicable reason, years ago Adobe decided that there'd be no new major versions of their Flash Player for Linux after 11.x. It's a strange decision because they are still patching 11.x anyway because it too has a shed-load of vulnerabilities. Note that Google Chrome for Linux does indeed include Flash Player 19.x (embedded into the browser) via a sneaky deal between Google and Adobe no doubt involving large brown envelopes of cash.

They did a similar "we're not doing any more major versions" trick with the Android Flash player, but have dubiously refused to update it for security fixes since it was frozen at 11.1.115.81 a full two years ago! So if you prefer Android Firefox and want to see Flash content, you're stuck with a version that probably has 200+ vulnerabilities in it - way to go Adobe.

3
0

Asus ZenBook UX305: With Windows 10, it suddenly makes perfect sense

Richard Lloyd

Nice ultrabook but hard to buy with Win Pro pre-installed

We were definitely considering this Asus for work, but it appears almost all retailers were selling it without Windows Pro pre-installed, which would force an additional 150 quid purchase of the OS for work use. In the end, we went for the Dell XPS 13 because of this.

0
0

Doctor Who returns to our screens next week – so, WHO is the worst Time Lord of them all?

Richard Lloyd

McCoy, but mainly because the stories were awful

I hated the McCoy era with a passion, but it was the terrible scripts (the Bertie Bassett one in particular) that mostly contributed towards that. Remember that there was a 16-year gap (ignoring the McGann failed one-off) to the next Who TV series...that's the legacy that the horrible McCoy era left behind.

Since the 2005 reboot, I've found Dr. Who to be wildly inconsistent - 1 or 2 good stories per series and an awful lot of sub-standard stories padding each series. It's certainly not a "must see" any more.

4
0

'Major' outage at Plusnet borks Brits' browsing, irate folk finger DNS

Richard Lloyd

I've always used Google DNS on Plusnet

I've always used an external DNS provider with my ISPs (and I never use their mail, because that's not portable between ISPs) because it can go wrong occasionally. I used to use OpenDNS years ago, but got fed up them intercepting wrong lookups and putting up a search page, which is simply awful.

When my Linux machine boots, I put something at the end of the boot sequence to insert "nameserver 8.8.8.8" and "nameserver 8.8.4.4" into /etc/resolv.conf (overriding whatever DHCP sets) and I'm good to go with Google's DNS. Never had a problem with it ever snce I switched to them - Google's DNS infrastructure is likely to be much better than any UK ISPs I suspect.

0
0

Storage boosters: Six mSATA format SSDs on test

Richard Lloyd

Whilst the form factor is nice (good for laptops), the performance is yawnsome beyond belief - showing figures that are the same or worse than 2.5" SSDs from over 3 years ago. This is why I'm never buying any SATA-based SSDs ever again - they have speed-plateaued for years now and PCIe-based SSDs are where it's at (although they're priced where SATA SSDs were 5 years ago, so adoption hasn't ramped up yet).

0
0

Budget UHD TVs arrive – but were the 4Kasts worth listening to?

Richard Lloyd

Inputs, content and external devices...

I'm a bit baffled why you'd buy a 4K TV at the moment - there simply isn't enough 4K content (or indeed high enough broadband speeds to cater for it if it's Net-streamed). Heck there's not even that much 1080p content either unless you have a large Blu-Ray collection.

For me, a 4K TV should be as dumb as possible (will there *ever* be a non-smart 4K TV sold?), with as many 4K-capable inputs as possible (to attach whatever 4K external devices turn up, including a PC with a beefy graphics card).

Heck, there's even little point in putting a TV tuner in a 4K TV at the moment :-) Mind you, 4K DVRs are going to need to start at 4TB HDDs and go upwards...this assumes that 4K bandwidth will actually available OTA (maybe with satellite, but I doubt it for terrestrial). That's something I never see mentioned in 4K TV reviews - will there ever be a "Freeview UHD" or "Freesat UHD"?

0
0

Wordpress issues second urgent patch in two weeks

Richard Lloyd

Re: At least WordPress' updating system is good...

Obviously, you should have a staggered update policy - dev updates first, then UAT updates next (perhaps a day or two later) and then live last (again another day or two gap). You can't leave the live updates too long - plugin security issues are far more common than core WP issues and if a site has a fair number of plugins, chances are you'll see a security update on one or more of them at least weekly.

0
0
Richard Lloyd

Re: At least WordPress' updating system is good...

> There are 'web developers' out there who think nothing of hacking away at the core code in order to achieve their end result

Which is why any homebrew solution (yes, I've cooked one up using bash calling WP-CLI where necessary) needs to do the following:

* Use curl to request the home page and check it comes back with a 200 success code - if it doesn't, don't do any updates (any errors like this need to be e-mailed to someone obviously).

* Run WP-CLI's "core verify-checksums" to confirm no-one's hacked core code - if it fails the checksums, don't do the updates.

* Check some hasn't set up home page redirection in a manner that breaks WP-CLI (yes, it's possible to do that) - again, no updates if there's redirection.

* Check you can find the WP version with WP-CLI and that it's >= 3.5.2 (WP-CLI doesn't work with older) - again, abort if no version or too old.

* Backup the Web tree (I exclude wp-content/uploads since core/plugins/themes updates don't touch those) and DB if updates are to be applied.

* Do your updates (calls to WP-CLI) and re-check the site with curl again for a 200 success code. If it fails, rollback using the Web/DB backups.

Other tips include removing inactive plugins/themes - if you leave them installed, they *do* still have to be updated! Also add this wp-config.php to turn off WP's own core auto-updates:

define('WP_AUTO_UPDATE_CORE',false);

The steps above are why tweaking WP settings to auto-update much or everything like another poster said without pre and post update checks aren't a good idea.

2
0
Richard Lloyd

At least WordPress' updating system is good...

One of the big selling points for me about WordPress is that it is *very* easy to update (though I'd like to see more thought put into easy rollback other than "restore the Web/DB dumps you took before the updates"). The recent 4.2.3 and 4.2.4 security releases actually got applied "automatically", generating an e-mail to the site admin to inform them of this. 4.2.3 broke the Types/Views plugins for a lot of sites (and it took about a week before Toolset released a fix, though it was possible to workaround the issue or indeed manually rollback, which is why I think easy rollback would be a nice WP feature to add).

Perhaps the weakest issue with WordPress updates is that there is usually no way to specify an auto-update for all your plugins and themes (or indeed for a major WP core release either), though you can homebrew something up with the WP-CLI tool.

Easy updating, to me, is a *major* selling point - some CMS'es I've seen are utterly appalling when it comes to updates, often requiring days (I'm not kidding) of work to upgrade them.

3
0

Assessing the power of Intel’s SSD 750 … but check your motherboard before buying

Richard Lloyd

Linux support?

A shame the article failed to mention if there's any Linux driver support for this Intel SSD. A quick Google suggests that kernel 3.19 and later has NVMe support, though I'm not sure if recent distros have enabled it or not. It would be nice if El Reg PCIe SSD reviewers even just booted a (very recent) live Linux ISO to see if the drive is recognised - surely that's not asking too much?

3
0

Page:

Forums