* Posts by Lee D

1690 posts • joined 14 Feb 2013

EU security think tank ENISA looks for IoT security, can't find any

Lee D
Silver badge

Re: please...

I can do it much more simply.

Customers may return a product for a full refund for up to five years after the purchase date if it has a demonstrated security weakness under "not fit for purpose" regulations.

Nice and easy to determine in a court of law.

Minimal additional legislation required over existing.

Decent amount of comeback on manufacturer's who push out junk.

Decent incentive to actually make things work properly.

Already handled under existing product returns, etc. processes for all involved.

In the same way that a bank vault that doesn't shut would be sent back to the manufacturer, an IoT device that can't be secured from the Internet should be sent back too.

3
0

New York Attorney General settles with Bluetooth lock maker over insecurity claims

Lee D
Silver badge

Re: Get real.

Then just use a stick.

The point of taking the key is that others CAN'T DO IT EVEN IF THEY WANT TO.

3
1

ZX Spectrum reboot firm slapped with £52k court costs repayment order

Lee D
Silver badge

Re: Get GPWIN!

I coded some things up for the GP2X, which also worked on some of its successors.

They were cool little gadgets precisely because they were just Linux and you could run anything on them.

The GPWin looks really enticing, I keep seeing it pop up, but I think things like the OpenPandora have tainted me against trying them.

Problem is, nowadays, that we all carry out full-screen, high-res consoles wherever we go. Occasionally people phone us on them, but other than that...

2
0
Lee D
Silver badge

Re: RetroPi on a Raspberry Pi

More accurately:

Just add TZX's.

No ROMs required.

1
0

Payroll-for-contractors company named at centre of AU$165m tax scam scheme

Lee D
Silver badge

Re: As if...

It's not "Is nobody going to notice this scam, ever?"

It's "can we make our money and run before anyone notices?"

Which, let's be honest, could easily have happened here.

13
0

Chelsea Manning leaves prison, heads straight for booze and pizza

Lee D
Silver badge

Re: Here we go again

Assange is irrelevant.

Certainly to the point where he gets ignored as someone who thinks they can stand on the prison roof and shout demands that their friend in America gets released, while below the judge waits to sentence him for breaching bail.

7
2

Good news, OpenVPN fans: Your software's only a little bit buggy

Lee D
Silver badge

You don't want to use lower entropy sources for - of all things - a VPN that's exhausted entropy.

If you don't have the hardware to provide the security you want, software can't fix that for you except by - literally - pretending otherwise and carrying on regardless. Guess where the security problem is with that?

And it doesn't take much to add entropy if you are running a VPN device on even a virtualised machine. If you don't know how, then you shouldn't be designing or operating virtualised VPN devices.

Refusing to allow low-entropy sources is no different to refusing to allow low-size keys. It's purely a security decision. Anything else means someone will knock out a "VPN router" that has OpenVPN's name on it in the firmware, but is actually so low on entropy as to be bog-useless. Not having the option means you can't do that without literally having to patch it in (and release your patches?). And then the problem is in your patch, not in every OpenVPN device ever made.

1
0
Lee D
Silver badge

Re: Only analysed Linux platform?

If something can override, say, %WINDIR% or %SYSTEMROOT% or %SYSTEM% or %ProgramFiles% before your program starts then you already have problems far beyond what OpenVPN can inflict - and if you're that paranoid, you use the hard-coded override as specified above in your quoted manpage.

Setting an environment variable on Windows like that is already a privileged operation, so if you can do that, you’ve pretty much owned the system already,

The fact that is that any number of programs DON'T use the system API at all for that at all. There are no warnings against their use on any MS KB page that I can find. They are used in everything from batch scripts to hard-coded into programs (via library calls to look up environment variables).

So, they are probably not-unreasonable in their refusal to use a proprietary, likely platform-specific API, over allowing you to pick up environment variables and hard-override the options and - better - NOT USING THE COMMAND LINE AT ALL, but a locked-down, permissioned, isolated config file anyway.

5
0
Lee D
Silver badge

Re: Those are bugs?

Oh, gosh, look... people who know to wrap the things that are known to cause trouble, so they don't cause trouble.

If this is really this surprising and "good example" in this day and age, it explains a lot about why other things are so rubbish.

Don't even get me started on people who don't wrap malloc and free to prevent double-free's, etc.

And, seriously, once done once it can carry over in other projects really quite easily. Literally a page of code that wraps calls, and then forcing people to use your safe alternatives by some kind of redefinition or overloading.

OpenVPN is good quality code, no doubt, but it mostly looks like that because OpenSSL and similar are just pieces of unfathomable shite in comparison.

2
0

More UPNP woes: Crashable library bites routers and software

Lee D
Silver badge

Was an ED pre-orderer.

You're wrong.

I literally DO NOT HAVE UPnP enabled on any device.

Everything works.

2
0
Lee D
Silver badge

Re: Why is ANYONE allowing UPNP to run on his router?

Almost EVERY modern game uses central servers - Steam, Origin or some proprietary server - as a go-between. Peers do not talk direct to peers any more. That was why you required UPnP/port-forwards, as you didn't know what IP would be contacting you in advance, so you had to open the port.

All modern games instead communicate to a server (which has open-ports) which co-ordinates the passing of data between you and the people who want to join. It's called matchmaking, but that's a side-effect of being the central server that everyone relies on to be open and handle connection-formation.

Nothing since DirectPlay has required UPnP to work. P.S. I have Skype. I turn off Skype UPnP options, it works. Same for torrents, for VoIP, for messengers, etc. - all things that you USED to have to port-forward for and don't any more.

UPnP is an unauthenticated (authentication exist but it's not necessary in teh core protocols unless configured, and nobody configures it, and some software doesn't work when it IS configured) method to forward arbitrary ports on the Internet to arbitrary ports on your local network. This means it can LITERALLY serve requests to open your SMB port to the world. And it will do so, without question, confirmation, password or the user knowing. Literally, any bit of malware can expose your network immediately, permanently, through your firewall, and without you knowing - and there are viruses that do just this.

It's a stupid idea and needs to die because it's NOT NECESSARY. You can run servers on modern games no problem (matchmaking) and if you're opening up ports to the world for older games, that needs to be a conscious action, not something that happens automatically and without confirmation affecting not just your computer but EVERY computer on your local network.

Your kids, upstairs in their bedroom, on the isolated wireless VLAN you made for them so they don't infect you, can run a program that will send a UPnP request that will open your router, network and every VLAN / port to the world. And you have no way to stop it, while UPnP is still enabled, because UPnP is basically designed to do just this for ANY request it receives.

Switch it off.

1
0
Lee D
Silver badge

Re: Why is ANYONE allowing UPNP to run on his router?

Rubbish.

It doesn't affect gamers at all.

1000+ games on my Steam account, including years spent on CS from 1.6 up to GO, and no UPnP whatsoever.

The only need for UPnP is if you need to punch a PORT-FORWARD which is only necessary if you are running the server yourself (hint: Don't. That's why people rent game and dedicated servers if they are serious).

I've never had UPnP enabled, and yet I can do EVERYTHING that normal people do, for many years through a double-NAT set of firewalls. It's only use was punching holes for bypassing NAT for, e.g. SIP and video conferencing, but those problems are long-ago dealt with and no workaround like that necessary.

If your software needs UPnP or even a port-forward (including servers, which shouldn't need UPnP or port-forward, they should just be opening the relevant port and not be behind a NAT), then you have no idea how to program and shouldn't be writing networked games.

Certainly, nothing on Steam from CS to GTA V, AOE2 to Worms etc. has ever needed UPnP or a port-forward on the client end.

If you do not understand this, or what UPnP does, or why it's dangerous to even have enabled, you shouldn't be the person giving advice to others.

5
2
Lee D
Silver badge

Re: Kan you speak Engrish?

Er... which word would you use?

"Signedness" is a term often used in programming. There's a Wikipedia article on that exact word, for instance.

Though it may not be fully correct dictionary English, it's certainly an acceptable term in the field.

It's whether or not the variable is signed. The state of that is its signedness. Not pretty, but certainly not ugly.

And no, the "sign" of the variable isn't sufficient. That describes, from a mathematical point of view, whether or not it currently holds a negative value or not. NOT whether the variable itself is capable of holding a signed value.

13
0

PC repair chap lets tech support scammer log on to his PC. His Linux PC

Lee D
Silver badge

I don't need to.

They both start the conversation talking about shit like the weather, and whether I watched the football the other night, before telling me who they are, what they want and why they're speaking to me.

Literally, it's a flag on my mental "Hang Up" list to waffle incessantly to a person you clearly have never spoken to in your life about things which - anyone who knows me would know - I don't even discuss with the best of friends anyway.

The people who I do actually have dealings with generally start conversations like:

"Is that Lee? Cool, I've got some more of those laptops in stock, would you be interested?"

Or "Hey Lee, what was the date of install for that equipment you wanted?"

Or "Lee, mate, did we ever hear back about that quote?"

Because they quickly learn if they don't keep things that terse, their calls mysteriously can't make it through to even our main switchboard for some obscure technical reason. (clicks button, closes telephony server control software, whistles innocently).

0
0
Lee D
Silver badge

Re: For the phone scammers ...

I usually employ the phrase "You do know that you're committing fraud for a living?". You follow it up with not-so-much pleas to their better nature, but attempts to embarrass them. "Is this what you went to school for? So you can scam old ladies to earn a pittance? Would your friends be proud if you were to tell them what you do? What if someone phoned up your mother and tried this? Would you be proud of that? Hey, mum, that's cool! I scam people for a living in the same way! How funny! How's it working out, the fraud game? Does it earn you a lot? More than just sitting in a respectable job making the same kind of phone calls but with a genuine purpose for a real company? What are you going to do if you get caught? Is that going to go down well? Are you going to still be able to afford to keep that job when the police knock on the door and start asking for your victim's money back?"

I've had everything from "Microsoft" to "BT" calling up to try to tinker with my systems, but no one has lasted more than a minute or so against that, even the ones who protest and want to argue and think being forceful will just make me comply. I'm sure they don't go off and rethink their lives immediately but hopefully if enough people do it, the ones who are just "led" into doing it and don't think about what they're doing will drift away from that kind of enterprise.

And no genuine person on the phone is going to tolerate that kind of phrasing, so if they are actually trying to help (e.g. you're in a large company, not very techy, and you didn't know that they were contracted to provide IT support or whatever), the chances are they'll then set out to provide proof that they're authorised to do what they're doing.

37
1

For now, GNU GPL is an enforceable contract, says US federal judge

Lee D
Silver badge

Though the clarification is nice, does ANYONE actually think the GPL and any other licence isn't valid in any sensible country?

If there was even a modicum of doubt, there would be thousands of infringements a year, for more than anyone could chase up, to take advantage of a grey area if nothing else.

I think people quite understand that US/EU law won't take kindly to ripping off GPL or other licenses on code, so they don't try - unless they're in a country that wouldn't care less about doing that.

I can't imagine, say, Microsoft just shoving a GPL library into Office and then trying to argue it in court. That's a massive hint that they know they'd lose in seconds.

Though I'm sure there are code violations (e.g. things in firmwares that were sold by some random Chinese firm to an American wifi-router maker or similar), I think it's been quite clear-cut for many, many years that you rip off GPL code at your peril. It doesn't mean it doesn't happen. But it's quite obvious that you wouldn't get away with it in any first-world country. Or the US.

4
1

Taiwan government to block Google's public DNS in favor of HiNet's

Lee D
Silver badge

This could have worked 10 years ago.

Surely DNSSEC and associated record-pinning will make this just stop lots of website etc. working entirely?

0
1

Agile consultant behind UK's disastrous Common Platform Programme steps down

Lee D
Silver badge

Re: Agile and government do not mix

You used "agile", "deliverable", "waterfall" and "mandarin" (in the context of bureaucrat) in the space of one comment.

And you complain about others being buzzword-compliant?

11
18

Email client lib blown apart by CC: list of death

Lee D
Silver badge

When writing a library that you intend other people to use to communicate over the public Internet, at least have the courtesy to make some basic tests to check, e.g. that all NULL calls to functions are caught and the like.

People whine about it being C, but this is just sloppy anyway. If you can't spot that NULL can slip through to a function, AND you don't bother to check pointers handed to you for NULL, what the hell kind of other junk has slipped through that you don't care about testing?

Seriously, I have a game that I wrote for myself in C99. Even *that* has NULL checks on every pointer inside every function. I can't say it's "secure" (I wasn't trying for secure) but it's dumb to act on any pointer without checking it's not NULL first. Hell, make a macro or wrapper for your functions if you're that bored of writing things like that. At least you can sort-of forgive "oops, didn't realise the macro would expand that way", even if you are still an idiot - especially if you're writing libraries for public consumption.

9
0

Spend your paper £5 notes NOW: No longer legal tender after today

Lee D
Silver badge

But environmentalists make very bad oils for fivers when we extract their juices.

4
0

BT to pay £22m in interest to rivals in ethernet overcharging case

Lee D
Silver badge

Re: Where's my cut?

You weren't overcharged. You agreed to a price and contract and paid it to those third-parties.

Any refund would have come from those companies direct because your contract would have guaranteed it and was much more clear-cut. Or you had no refund owing whatsoever.

This is those companies recouping anything they may have had to refund you (likely zero given most of the guarantees on those circuits) and the interest on them being out of pocket during that time based on their contract. Not you recouping from them based on yours.

As always, your contract is with the company who supplied you, not the underlying contractor they choose to use. Otherwise you'd be in a whole heap of trouble because no end of shouting would ever fix your problems and they'd just tell you "talk to BT, nothing to do with us, oh by the way you owe us this month's payment".

3
0

Unpaid tech contractor: 'I have to support my family. I have no money for medicines'

Lee D
Silver badge

Which is when you add 20% to your price to cover that uncertainty and all it brings with it.

If you have the qualification enough to be in demand, you should be negotiating a pay that you can live off.

0
1
Lee D
Silver badge

Re: How it made money is therefore a mystery...

And when they have a bill they can't pay, they just need to sit on your money for another week to pay it.

Sounds suspiciously true.

7
0
Lee D
Silver badge

Re: I lack sympathy, somewhat.

So it's either they can't handle a single week without income and thus risk debt and maybe even bankruptcy (or literally not being able to go into work the next day!), or they have to accept lower monthly wages spread over a year with longer guarantees of employment in a job they don't enjoy?

Isn't that simple economics? I cannot walk out the door without it immediately impacting my next employment, but equally my employer can't kick me out without justification and consequences. Self-employment is exactly the opposite of that. I didn't say that either situation is nice, but they VOLUNTARILY opted-out of the guarantees because they don't want to work the lower-paid jobs. Per-hour they earn more, but they have VOLUNTARILY gambled that they won't break their leg, lose their car, get a sudden bill, or be paid late. That's NOT a sensible position for someone who is being "forced" to do that in order to earn a living, and especially not if you have no backup plan.

If you have no money, can't get a job, and the options are "go self-employed" or "take lower money", then you have chosen to go self-employed at risk to yourself and your family. Sure, you can say "but we couldn't survive on the lower money" but - guess what - it means you CAN'T SURVIVE on the higher money either, should ANYTHING go wrong. That gamble was a conscious choice, the overall situation is still no better on average.

Not only that, getting loans, mortgages, credit or even jobseeker's allowance is a lot harder if you're in -

or have come from - self-employment. There's a reason for that. Those places know your income is much more likely to be unpredictable. I was once refused a mortgage when regularly self-employed by a set number of long-term clients while earning TWICE what I was earning when properly employed (when they did grant me a mortgage without batting an eyelid).

Yes, I'm British. And I have been in this exact position you describe. That situation is a no-win, it has nothing to do with self-employment.

And I have consciously chosen - after a career in self-employment straight out of uni - to go to normal employment for many good reasons. And one of those is precisely this: When faced with the gamble, you can't guarantee it will pay off, even if the alternative situation looks worse than you can afford to take.

Hey, you have no money? I'll pay you £500 a week. Or £1000 a week but only if you spin heads on a coin - spin tails and you have to work that week for free. The offers are mathematically equivalent. If you "need" £700 a week to cover costs, can you ever really win on either option? No. One run of bad luck and you're stuffed and won't recover.

And especially if you have no savings, you cannot afford to take the gamble. Even if it's "your only option" and "forced" onto you.

7
10
Lee D
Silver badge

I lack sympathy, somewhat.

Either you have a contract with that company that they'll pay within a certain time, and you should be working to the maximum of that window. Or threatening them with collection if they don't pay on time as per the contract.

Or you have a contract that doesn't say a word about payment schedules, which means you have almost no fallback without going to a court and proving they were unreasonable (which will cost you more than it's worth).

Though they haven't declared bankruptcy, a "commercial dispute" could easily mean their suppliers have turned off all their IT because they haven't paid, or the bank has shut their account for similar reasons. Just because they haven't declared bankruptcy YET doesn't mean they aren't in serious trouble. Especially if they can't tell you what's happening.

But, this is the risk of self-employment, which is more an opt-out from all kinds of employee and income protections (which still don't save you if you the company goes bankrupt, by the way!). There's a reason you "get paid more" - because you need a reserve of cash, have to fight your own battles, etc. which employed people get paid for them.

Yes, I've been self-employed. For 10+ years. Made a good living out of it, and I gave it up not for any reason relating to not being able to live off it, or being screwed over (I never used an umbrella company, though, but also never had a non-paying client - because a non-paying client isn't a client, they are a debtor). But if a client doesn't pay, you stop working for them and move on. If your umbrella company doesn't pay, you do the same. Pretty much, the excuse does not matter.

In fact, being self-employed, are you not perfectly able to approach your clients direct and ask them to employ you through any other umbrella or even directly? I'm not guaranteeing they'd even consider it, but if you're any good, they'll be glad to hear it surely? And if not, that's the price you pay for freedom of employment like that.

When you choose to opt out of being tied to particular company, client, job, task or obligation that you don't like, this is your price to pay for that flexibility and freedom - though nobody deserves to have their money withheld.

However if you want that freedom and then go back and tie yourself into a company to get the amount of work you need, surely that's the worst of both worlds - absolute reliance on a company that has no obligation to push any work your way? And to not have sufficient reserves to tide you over that is unrelated to self-employment at all - it just means you've not saved for ANY eventuality.

7
6

ISPs must ensure half of punters get advertised max speeds

Lee D
Silver badge

Re: Money talks

It's open to scamming, though.

You go away for a week, you stick a huge interfering electromagnet on the line.

The sync speed drops, they charge you nothing for the week, despite having to pay for all the infrastructure and capacity *IF* you'd suddenly decided to sync at full speed.

You come back off holiday, take the magnet off. You've saved yourself a tenner, they can't detect it, but they had to provide all the backend for it.

Same for each night, of throughout the day based on your desired usage.

Suddenly, they are required to give you 100Mbps backend 24/7 but you're paying precisely only for the a fraction of that, only in peak period, and nothing else.

You could save a lot of money, that wouldn't be visible as you turning it off, not using it, etc. for which they'd normally still be billing you, and it wouldn't be their fault.

Either cost it by megabyte with a "best efforts" line speed (the faster your line speed, the more money they make quicker, so it's in their interest to give you the fastest possible and give priority to HEAVY users!!), or cost it flat-rate per month for a given minimum line-speed.

Anything else is open to abuse, and it's already hard enough to recoup the pricing of telephone and broadband lines to rural locations, etc.

1
0
Lee D
Silver badge

It's a good idea.

There's no point having a specification if only a tiny portion of users ever achieve it.

Ofcom should have enforced this DECADES ago.

That said, pretty much I get the speed I'm promised:

Package - 75 Mbps

Min - 21.1 Mbps

Max - 73.2 Mbps

Avg - 55.7 Mbps

But that's probably because I have a SamKnows broadband monitor sitting on my router (isolated from the network, so all it can do it test outside speed, but it seems to make the ISP reaction times a bit quicker... :-) )

1
0

You only need 60 bytes to hose Linux's rpcbind

Lee D
Silver badge

Not being funny:

What Linux distro does not start from the equivalent of:

ACCEPT RELATED, ESTABLISHED

ACCEPT ssh <-- possibly!

DENY all

as default rule on iptables?

Even ufw has defaults that basically correspond to the same.

Who is installing rpcbind, opening it to the world in the configuration and then again in the firewall? Because, pretty much, the package maintainer ought to be shot if they are adding firewall rules, and the firewall package people who ought to be shot if they're allowing rpcbind to the world by default.

6
2

Waiter? There's a mouse in my motherboard and this server is greasy!

Lee D
Silver badge

Train the rodents to attack the infrastructure of your enemies.

Nobody would ever suspect...

"A rat brought down Google last night" is much less attributable to malice than cutting a submarine cable in the middle of a war.

11
0
Lee D
Silver badge

Re: I'm not surprised in the slightest

My dad has always worked for breweries, delivering beer around London, since the days of Watney's.

You ask him before you go to a gastro-pub for a meal, because he gets to see their cellars, where they often store all their food. You'd be amazed at what you find down there.

I mean, beer, you're probably alright with (it's in metal kegs, and gets pressurised through waterproof pipes, so the chances of contamination are low from a fresh keg), but whether or not the burger is cooked fresh in front of you or not matters not if it's sitting in moudly, damp, rodent-infested conditions.

A flash-cooking of, say, a pre-cooked burger like that can't kill everything it picks up, it just makes it appear edible.

6
0

Oh lordy, WD just SCHOOLED Seagate in running a disk drive biz

Lee D
Silver badge

Re: I'll never buy Seagate again

It's all anecdotal, and I've been having the same conversation for decades (remember Maxtor / IBM etc.?)

But when I took over my latest workplace they had Seagate in all their servers and all their NAS (some of which were brand-new).

Within a year, I'd had so many failures that I was sick of it and replaced them all with WD. I'd literally never done more rebuilding of RAID arrays in any other job until I took over those Seagate devices (and, yes, they were "enterprise" versions and not just cheap consumer junk). Even the Seagate replacements (I literally order identical model numbers when the server-drives fail, to get an exact match) died at just the same kind of rates.

Meanwhile the clients were all WD Blue and never had a single problem.

Since I replaced them all, I haven't had a single failure in 3 years, and I estimate there are probably 200-250 hard drives on site for various jobs (from CCTV to NAS to RAID to workstation etc.).

I always avoided the arguments of old (back in the IDE / 20Mb drive days) of which manufacturer was better as it was mostly subjective and we only ever had a couple of hard drives anyway. But I have to say that this place has completely destroyed my trust in Seagate drives.

I actually get better reliability out of the cheapest-of-cheapio SSDs that are used 24 hours a day than I did out of enterprise Seagate hard drives.

And, just for reference, I have Samsung / Crucial SSDs in dozens of machines, WD Blue in hundreds of machines, WD Reds in their dozens, plus dozens of IBM-supplied (HGST really?) drives for the "serious kit" on the server / storage end.

4
0

Having a monopoly on x86 chips and charging eyewatering prices really does pay off – Intel CEO

Lee D
Silver badge

Intel's had plenty of competitors over the years.

Remember Cyrix? Via? Now AMD are still around but they don't own anything near a decent portion of the market. Not because they couldn't, but because they haven't. AMD, to me, has always seemed one generation down. Even my completely non-techy bosses specify "proper Intel" (meaning not mobile or low-end i3 chips, and not AMD) because of their years of dealing with things even if they are removed from the end hardware. I can't say that I'll be the IT manager to disagree and change their spec (even though I have the power to do so).

In fact, Intel's biggest threat now is ARM. Their only ally against ARM is really Microsoft. While Windows doesn't "work the same" on ARM, Intel can maintain their position. But if Windows falls out of favour, or if the PC truly does start to die or being just a web device, Intel could be in real trouble very quickly.

I bought an RPi 3 the other day. Have you seen the speed of that thing, for a tiny 5v, 2A = 10W device? Your phone is ARM, even if it's Apple. Your tablet is almost certainly ARM if you paid less than a grand for it.

It's not a huge leap to imagine that in a decade or so, we'll be using Office 365 (harder to kill off) on mobile devices and non-Windows machines (Chromebooks, etc.) and the x86 will be the reserve of, say, gamers.

7
1

Straight outta Shandong cluster noobs set new LINPACK world record

Lee D
Silver badge

Re: ??

Gosh, I wonder how they can do better next year?

0
1

TVs are now tablet computers without a touchscreen

Lee D
Silver badge

Re: Chromecast

Any number of cheap knock-off Chromecast-like things will also do it.

But privacy isn't really an issue if - like mine - the Chromecast is only powered when the HDMI is selected, and is properly - like any client should be - restricted in what it can do (i.e. it can't see any of my local network). And, pretty much, I use it for showing Google Play movies on the screen.

If you're that paranoid, just use DLNA.

Needs broadband is ridiculous in this day and age. We're talking about streaming video, if you don't have broadband, your choices are severely limited anyhow.

Needs additional hardware - yes. That you can replace for £20 a throw rather than £2000.

For reference, I have a Chromecast, a VM box, a Blu-Ray player which can play DLNA, a Android-based satellite box that can do DVB-S for Freesat / Italian satellite. The TV, however, is as dumb as they come with only SCART and HDMI and an RF interface for analogue/Freeview that's not even plugged in.

TVs are display devices. Buying a TV because it runs the app you want or accesses the content you want is stupid, because someday it will stop working like the article. Buy a TV that has a port on it you can put video and audio down, put all your "content" on cheap, replaceable, throwaway boxes that you can upgrade and replace as suits the situation, that don't all need to talk to each other, and that you can add new ones of whenever you like. Even that Android will be out-of-date and unsupported in a couple of years, and then it's just a health hazard sitting on your local network.

Last time I counted, including games consoles, etc. I had about 10 ways to view BBC iPlayer on my TV. Everything from an app on a smartphone pushed over a Samsung proprietary link, to Chromecast from a browser, to the Blu-Ray/Wii having access to it built-in. When one goes "wrong", who cares when you have so many other ways to access, or so many other services to do the same. And my entire setup - with all those boxes and necessary cabling - doesn't come to half what that guy paid for his TV. Probably not even a quarter. And I've had the same setup for nearly 10 years now, and just added to it piecemeal (it is in fact the second Chromecast as the new ones do 5GHz Wifi, which the old ones didn't).

And I bet an Android-based Smart TV is much more privacy-infringing than a ChromeCast, if that's what you're worried about. You have absolutely no clue what that's doing with its data. At least a ChromeCast that you only use for watching ChromeCasted things you have a chance of isolating and seeing what it's doing.

10
2

'Grueling' record-breaking VR movie marathon triggers hallucinations

Lee D
Silver badge

Re: Thus neatly proving ...

Yeah, not something to put on your CV.

"I hold a world record."

"Really, what in?"

"Hallucinating periodically and nodding off, while sitting on a sofa eating finger-food for 48 hours".

8
0

Another ZX Spectrum modern reboot crowdfunder pops up

Lee D
Silver badge

Re: Why?

Most new TV's I've seen don't even HAVE Scart any more.

Multiple HDMIs.

And maybe a digital-only RF-in.

Honestly, go look at the back of the display models in John Lewis or wherever. An awful lot of them don't have SCART, analogue or composite at all. And VGA is almost dead too unless you're buying ones made for digital signage.

Also, the composite on Spectrum is a hack anyway. The original Speccy does not output composite without soldering. I think the +2/+3 had R/G/B in some fashion on a DIN plug (which tells you its age!).

0
0
Lee D
Silver badge

Re: Why?

As someone who owns three Spectrum's at the moment, including one that was re-jigged to include modern composite video via a ULA soldering-hack, new memory boards and new caps, let me just say:

Emulators are perfect. Just pick a good emulator.

Spectaculator on Windows, for instance, I can't find a single thing that it doesn't run - intended and unintended bugs and all. Does sound input from real tape, plays back to real tape while doing all the debugging and snapshotting and Multifacing and emulation/passthrough of everything from MIDI to the Currah MicroSpeech.

So, yes, you can do everything you ever want on emulation, including even TV raster simulation, curved screen, etc.

To be honest, though, RetroPie and a TZX file does just as good a job for any game you've ever heard of (I think it uses fbzx but there are lots of alternative cores for all the systems on it).

I wouldn't buy this, but then I wouldn't buy the Vega either.

And with RetroPie, for £30 on a Raspberry Pi and a handful of Xbox 360 controllers I already had, I can run every game I've ever owned, for every system I've ever owned, from one box which makes no noise heat or wiring mess, from a single menu, and it "just works" once you've done the initial configuration.

If anything, just wiring up the old Speccy's gives me the heebies-jeebies that I'll break them or discover they've stopped working, but they certainly don't add anything. And who has composite on their TV still nowadays? Certainly nobody has RF input anymore, certainly not one they want to faff trying to tune a Speccy into (because although it might output over RF, "modern" TVs that can still tune analogue TV have a hard time spotting the Speccy signal and it often requires a lot of fine-tuning).

Don't even get me started on trying to load from tape. Even on my original Speccy's I tend to just plug the audio cable into a smartphone which outputs the necessary tones from a TZX file in perfect, crisp sound rather than trying to get it back from an old tape deck into an ageing Speccy.

20
3

Seagate launches non-flying disk drive for drones

Lee D
Silver badge

Would be much easier to just slap in a wireless chip into the drone so you can just clone it to your laptop or even phone, and then you can just carry a wireless-connected drive of your choice rather than partner up with a terrible drive manufacturer.

As it says, 250 flights of an hour each. You aren't going to do all that without being near a computer at some point.

Years ago I bought a Wifi SD card, which has 32Gb of storage and also shares it over a Wifi network of your choice when it's full (e.g. to a phone or to a real network). Amazing technology for something that just works like an SD card to the recording device. I bought it for astrophotography, so I didn't have to touch the camera mounted to the telescope in order to access the images, but I'm sure they could come up with something sensible, much cheaper than a £200 drive, that basically only does what an £80 drive and a USB adaptor does.

And I can get a Samsung 256 GB EVO Plus MicroSDXC for £133. You're not telling me I'd need more than that. That's "only" 50 flights of 4K video by their same estimations.

5
1

Stanford Uni's intro to CompSci course adopts JavaScript, bins Java

Lee D
Silver badge

Re: Introductory

I'd be concerned if it wasn't for my own computing degree.

At the time, Java was still quite "new" but it was the course language.

As part of the three year degree I had to do a programming course that covered the whole three years.

It literally started at Hello World (fair enough), but at that point I realised that I could do it all without having to be in the lecture at all.

I skipped three years of programming courses by the simple precept of downloading the coursework from the FTP server, knocking something up on the train on the way in, making sure it compiled and run (pretty much, always did once you take account of the missing semicolon or whatever - and I was the only person I knew who logged the dual-boot machines into Linux and ran it in there, the number of people who wrote programs that only worked on one OS was amazing, given it was Java), and then emailing it in.

I don't think once that I struggled to do what was asked, with zero reference to the course material. There was nothing fantastically difficult there, that wasn't covered in literally the only reference material I had - a copy of the O'Reilly book for Java, complete with 1/3rd of the book being nothing but a class / function reference (which is why I bought it, really).

As such, what language you choose to do THAT kind of stuff in, it really doesn't matter.

I still remember sitting in the IT labs as a 1st year, and being consulted by the master students on why their Java minimax implementation for a game of draughts wasn't working. I literally debugged it with one glance, it was that obvious from the code.

I'm not anywhere near an expert programmer, but it was quite worrying that Masters and 3rd year pure-computing students were struggling with that stuff.

2
9

Ofcom chisels away at BT Openreach's cold, dead hands

Lee D
Silver badge

Re: Stupid

Letting BT's monopoly steal Virgin's fibre-only customers sounds a great plan!

And then, obviously, what they'll do is sink millions into cabling up a couple of streets that weren't served by either company anyway, just to give people faster speeds at prices that they won't recoup the money from in decades (*).

I think you forget that, apart from new builds that pay for it, the only "cabled" areas in the country were put in by a company that went bankrupt and was bought out by Virgin for a pittance. Everything else is BT / Openreach over cables that have been there for 50 years and/or you have to pay quite a lot to install a new line.

And the rest of the "fibre", even on BT, is not really fibre at all. It's VDSL or DOCSIS 3 with a fibre backend. Unless you have a leased line and paid through the nose to install it, you're not getting fibre anyway (I know - I've bought three of them for workplaces, they aren't cheap but they are real fibre).

(* Do the maths - a leased line install to a cabinet costs on the region of £10k for the install alone.

Connecting that cab to the nearest cab/exchange costs the same because it's all wayleave and digging pipes, not the actual thing you lay inside them.

That cabinet will happily serve the street, if you dig the entire streeet up or run phone lines to every house, costing a lot more than £10k.

And you want to pay, what, even £50 a month? How much of that goes to the people who put in the infrastructure rather than the ISP? Less than a quarter? That's going to take them something like 2000-5000 monthly payments alone just to get their install money back, not counting ongoing costs and actually providing the service to you. How many houses in your street? 50? That means either every house for 10 years, guaranteed, or most of the houses for, say, 20 years. JUST TO RECOUP INSTALL COSTS.

There's a reason nobody wants to pay to connect up people, especially in rural areas where you run 10s of km of cable to service a handful of people. It just doesn't scale without massive subsidies)

10
1

Mastercard launches card that replaces PIN with fingerprint sensor

Lee D
Silver badge

Re: Maybe I'm not as smart as these card tech guys...

"That's not how the card, or mobile phones work"

I'll think you'll find that he means he can get an image of your fingerprint quite easily.

And your phone fingerprint sensor can be fooled by an sufficiently good image of a fingerprint, printed onto certain surfaces. You don't even have to get very technical.

Every smartphone fingerprint sensor (and this card sensor) on the market can be fooled with nothing more than a picture of the fingerprint smudge you left on the card as you last took it out of your wallet. It just depends how many times you want to try it to refine your technique.

Last year, someone pulled the fingerprint of a German politician from a photograph of them raising a wine glass. All the "temperature/heat/light/pulse/etc." sensors in the world can't do much that isn't easily fooled, and the actual "fingerprint ID" process is still - to this day - finding the edges on a high-contrast B&W image of the fingerprint in question as it lays flat on a surface. Whether the sensor is swipe, scan, optical, or whatever.

I have a bunch of Gemalto etc. fingerprint readers in my junk box if you'd like to play. They almost all have open-source software that presents the image as a B&W TIFF from the sensors to something that edge-detects and then hashes / stores the result. How they store it is irrelevant if you can present the same image to the sensor and the sensor then hashes that to the same hash as a real fingerprint would hash. The hardware doesn't do anything fancy, but a bit of image processing and maybe a particular wavelength of light / check for colour variation for pulse (and that's an "advanced" model).

There's a reason they're all in my junk box despite being "state-of-the-art" for banking security at one point or another.

1
0
Lee D
Silver badge

Re: Just a little question...

Almost all EU banks allow longer PINs.

And, in fact, our cash machines handle their cards just fine and ask for 6-or-more digit PINs.

It's just the UK that's stupid and doesn't ask it's users to set longer ones. The capability is already in all our ATMs and in daily use by thousands of foreigner with 6-8 digit PINs.

0
1
Lee D
Silver badge

Re: Problem

"or any item you have touched when making a purchase"

Like, say... the shiny, glossy, credit card that they just nicked off you and now need a fingerprint to unlock.

Nick card from wallet.

Bit of sticky tape and a gummi bear.

Hey, presto, card with "full authority" to spend what you like with no cardholder co-operation (or even knowledge) required.

Fingerprints ARE NOT AUTHENTICATION. They are IDENTIFICATION. They say who you are / claim to be. They do not verify that you are actually that person.

Any card company that tries this on me will be informed that I don't have fingers.

6
0

Game authors demand missing ZX Spectrum reboot royalties

Lee D
Silver badge

Re: Where's my Ferrari, that's what I want to know...

They come to whatever the authors demand.

Even at a penny each, that's one pound per console and they haven't paid that.

But if the authors still say it's 10p or a pound for their game, they either have to pay THAT or cannot distribute.

Theft is not a case of value of the item.

3
1
Lee D
Silver badge

Re: From the Facebook page...

Corporate law doesn't distinguish between one MD and the next. It's up to the company as an entity to sort it out.

Lying by saying "we had rights" or not is just misdirection.

Either you say "We had problems, we are now working to fix them", or you deny that there ever was a problem.

Pointing and saying "his fault" is - in the eyes of the law - essentially the same as saying: It's OUR fault. That company over here. WE did that. It's all OUR fault.

As I like to distinguish, the REASON may be the previous MD. But that is not an excuse - it does not EXCUSE you from having done it. And, in law, "you" refers to the company, not any singular person.

4
0
Lee D
Silver badge

Re: From the Facebook page...

"The current management has spent a huge amount of time dealing with nearly 300 rights owners to establish legal ownership of a number of games and we have removed a number of games accordingly. These include the titles claimed by..."

I translate that as "we did in fact sell these people's intellectual property to other people illegally, but we stopped doing that once we bothered to check".

Not a good sign. "We can" by default, because you never bothered to actually check, is not a good position to take in the law.

That said, if there is anything factually inaccurate in The Reg article, please do initiate your complaints and maybe even lawsuit for libel. I'm sure The Reg would add on an editor's update at the bottom if they bothered to ask. Even if it was a sarcastic one.

3
0
Lee D
Silver badge

Why is Spindizzy so fecking hard?

I can barely keep the thing in a straight line.

Expecting a patch any day now.

1
0

Apple's zippy silicon leaves Android rivals choking on dust

Lee D
Silver badge

Re: My exact thought

Modern android pre-compiles the app to a closer-to-native format. The Dalvik / Java thing is basically gone, and it's all JIT and ahead-of-time compilation, with on-the-fly profiling and optimisation.

I would put this down to being more about "we only have one phone with fixed hardware, so you can massively optimise all your apps towards that" versus "anything can run Android, your app has to check for everything, so your optimisations will never be perfect on all devices". There's also an Internet speed factor here, too, Super Mario Run and those other apps do a lot of network activity on startup (try it without data and wifi turned off - it just bugs out) that can slow such tests down. And I'm sure I can find a hundred tests that the iPhone "fails" on just the same.

I guess that by the time the S8 gets to the point that I would bother to touch it, I won't even notice anyway. The iPhone will basically just never come down in price.

To be honest, raw performance isn't what I buy smartphones for, though.

I hate pissing contests over raw numbers when, actually, things like "I'd like to plug headphones in", "can I change the battery", "can I change the SIM", "can I buy an approved charger for a non-ridiculous price", "can I expand the onboard storage", "do I *need* an account to make it work", etc. are much bigger questions for a smartphone to my mind.

Sadly, Samsung et al are following the stupid Apple answers for some of those questions even now. I stuck on the S5 Mini - fast enough (and hence, can't really see why I'd need it significantly faster and I do all kinds on my smartphone), stable enough, cheap enough, sensible enough, accessorisable enough (though USB host would have been nice), small enough and big enough, and lasts long enough.

36
5

Half-baked security: Hackers can hijack your smart Aga oven 'with a text message'

Lee D
Silver badge

And the H in this instance is for Hydrant?

0
0

Far out: Dark matter bridges millions of light-years long spotted between galaxies

Lee D
Silver badge

Re: Webs!!!

Giant alien spiders are no joke!

Have you never played FTL?

2
0

Forums

Biting the hand that feeds IT © 1998–2017