* Posts by Nick Kew

1974 posts • joined 16 Jan 2007

WTF is OpenResty? The world's fifth-most-used Web server, that's what!

Nick Kew Silver badge


Once upon a time, taobao took the lead developing an nginx-based platform with some juicy extras. The one that originally drew me was loadable module support (albeit still very limited compared to Apache). Lua is another - though of course Apache also has lua, and I rather thought nginx did too. It was called tengine, and has a website here.

Now we have a new name, which may have been the suggestion of an english-speaker with a rather cruel sense of humour. But what's the relationship to tengine? Is this an attempt to throw it over the wall to the English-speaking world or something?

Brits: Can banks do biometric security? We'd trust them before the government

Nick Kew Silver badge

A rational explanation ...

Surveys rarely ask exactly the question their published results suggest. Even if they do, there's likely to be a subtext.

A very plausible explanation of this survey result is that the measured difference actually represents fear of abuse by an organisation. That is, not incompetence, but malice. A bank might spam you with unwanted crap, but isn't going to send the spooks or the taxman to blight your life. And if the banks mess up, you probably stand a better chance getting redress than if government thinks you've been visiting the wrong websites.

Petulant Facebook claims it can't tell the difference between child abuse and war photography

Nick Kew Silver badge
Big Brother

Re: Just a thought...

Powers-that-be already deny them and other big internet companies "common carrier" status when it suits them: see for example this story. And when someone has submitted a complaint of "naked child pic", there's no common carrier case: they know it's there.

Besides, isn't the story here that they've deleted facebook profiles? Not the same as editing them, and less sinister than doctoring someone's work behind their back.

Nick Kew Silver badge
Big Brother

Are you, or have you ever been, a child?

It's more than just that ...

Images of naked children are a huge taboo (look at what happened to Wikipedia a few years back - and it's got much worse since then). The default expectation of any website today must be that if they fail to take down such an image, they're likely to be prosecuted. Not to mention subject to all kinds of vigilante attacks, including the risk of violence against personnel.

Much as I hate to defend Facebook, in this instance their behaviour seems entirely rational. The underlying problem is the mad witch-hunt against people taking an interest in any child.

EU 'net neutrality' may stop ISPs from blocking child abuse material

Nick Kew Silver badge

Re: And the monthly award

I can't even see it. Adblock kills Reg images, 'cos some of them move (animations or scripted) and it's not (yet) smart enough to give me the inoffensive ones while cutting out the crap.

French, German ministers demand new encryption backdoor law

Nick Kew Silver badge

Politicians and Crypto

Forever talk. Get slightly worked up. Someone explains a few things. Rinse and repeat.

It's kind-of a lingering bad smell. Ignore if you can.

MySQL daddy Widenius: Open-source religion won't feed MariaDB

Nick Kew Silver badge

Re: poor dude

I thought it was $two billion. But what's a billion between friends? It's not as if one could take a profit of that kind and then bankroll Ubuntu .... oh, hang on ...

Nick Kew Silver badge

He has form

MySQL had a commercial element before Sun overpaid for it. Let alone Oracle's time.

Sun paid handsomely for MySQL, and would doubtless have been happy to go on paying His Lordship a very ample salary while also having a leading say in ongoing development. One might suggest, a happy and successful outcome to someone wanting to do open source and make a living from it. Yet he not merely turned down that opportunity, but savaged the hand that fed him.

Only with an opensource project could he have his cake again having already eaten it. IMHO you need a lot of ruthlessness and brass neck to do both. While I respect mixed business models, I think on balance I'd sleep easier with Larry's MySQL than the serial teaser-merchant.

Corbyn lied, Virgin Trains lied, Harambe died

Nick Kew Silver badge

Where's his missus?

Corbyn was on the wireless this morning 'clarifying' the situation by saying what he actually looked for and couldn't find was two seats together for himself and his missus.

OK, fairy nuff, though it's more usually youngsters who prioritise keeping a group together over getting seats. But it begs the question: was his wife sitting with him on the floor? His own video should show that. If she's with him, that supports his story, or at least today's version. If not, then he pulled a stunt, and is now in a hole and still digging.

Nick Kew Silver badge


Isn't it actually a joint venture, with Stagecoach as lead partner and majority owner?

As a very small stagecoach shareholder, I don't think I'll lose sleep over this. Strikes are (potentially) more of an issue if that situation were to escalate.

False Northern Lights alert issued to entire UK because of a lawnmower

Nick Kew Silver badge

Hancock rides again

Radio 4 recently broadcast a reconstructed episode of Hancock's Half Hour, where he gets himself a telescope and starts seeing things. This story could so easily have been one of his.

BBC website isn't responding just now, so I can't follow/confirm the link from google, but the Tony Hancock Appreciation Society's website lists it as Series 3, episode 7.

Nuclear fallout shelter becomes cloud storage bunker

Nick Kew Silver badge

An increasingly popular model

Thebunker hosting here in Blighty has been around quite a few years, on similar sites acquired from the military. I daresay they'd be happy to explain the advantages if asked. I understand security features quite prominently in the business case.

Coincidence? Or is the acquisition of military sites by hosting companies a match made in heaven?

If this headline was a security warning, 90% of you would ignore it

Nick Kew Silver badge

Re: Perhaps popups aren't the way to communicate this

"Bad at multitasking" here presumably means "don't want some idiot interrupting uninvited".

I do often take notice of popups. Just enough notice to adblock the buggers and get rid of them for good.

VMware survives GPL breach case, but plaintiff promises appeal

Nick Kew Silver badge

Red herring

Much GPL software is likewise pretty much a copy

If that claim is true, and if it applies to code in question here (two big assumptions), then it would be a defence for VMWare to say "no, we didn't copy the GPL code, we copied the similar BSD code".

Was that defence used? If yes, then I'd expect the report to comment on it. If no then your claim is utterly irrelevant.

Funny story, this. UK.gov's 'open banking app revolution'. Security experts not a fan of it

Nick Kew Silver badge

Re: Am I the only one?

Who said anything about smart meters? I was referring to the energy regulator's proposals to circulate your details to every spammer and his dog if you decline to play their game and stick with a single provider for three years!

Thou shalt be a whore or face the consequences!

Nick Kew Silver badge

Am I the only one?

Am I the only one to think that, compared to what the Energy Market folks are proposing, this is a thoroughly Good Thing?

Energy market: we WILL circulate all your details to lots of spammers. You need to jump through hoops if you want to opt out.

Banking Market: it's all in a smartphone app. So the opt-out is obvious.

China forms 27-strong alliance to grow silicon standards

Nick Kew Silver badge

No mention whether this builds on ARM or from a clean slate, or may have projects in both camps. Does this have potential to lead in due course to an ecosystem to rival ARM?

Not saying it's likely: the market remains ARM's to lose. But if a realistic challenge were to arise, it would start with a technology consortium that might just possibly look something like this. And coming after ARM appears to be turning Japanese, an event that might just have rung alarm bells in China.

BlackBerry: Forget phones, Lawsuits In Motion is back – and it's firing off patent claims

Nick Kew Silver badge

@bazza - chicken or egg

They rested on their laurels in the first half of the 2000s,

Yes, I know.

But what came first? Stagnation or lawsuits? My impression was that the trauma of the NTP nonsense was a trigger for a change in corporate culture that stifled innovation. But that's not based on any real knowledge.

Any reg readers who were RIM engineers in the '90s and/or '00s, your insights would be great!

Oh, and none of those keyboard 'phones you pointed at would be a substitute for the E71. Too big to fit comfortably in the hand or pocket.

Nick Kew Silver badge

Hmmm ...

I thought the story was one of the NTP pirates turning a former innovator into a company driven by lawyers. Kind of, bitten by the undead, and you become them. But if they sued someone else as early as 2002, that suggests they may not have been innocent victims even at the start of it all.

Does El Reg have the journalistic resources to give a decent history of how, when and where it really started going wrong? I mean, with a bit more meat than this little list, and with a timeline comparing the decline of engineering and innovation to the rise of lawsuits, and such things?

And with both Blackberry and Nokia down the plughole, where can I get a phone with decent mini querty keyboard? I still *really* miss the Nokia E71!

Email proves UK boffins axed from EU research in Brexit aftermath

Nick Kew Silver badge

Re: Thank you Mr.Farage

My guess would be that Moedas regards funding as a privilege and not a right.

Erm, are you suggesting he was less than sincere?

All he can do is (re)state EU policy. He can't micromanage individual decisions by individual teams. He can't even hear appeals: that would ultimately be for a court, not a civil servant.

Academics are concerned with planning their projects. One element of that is to deal with risks. Those risks have just changed, and we shouldn't be surprised if that affects planning decisions. Nor if those adversely affected are unhappy.

Ofgem sets up database so energy companies can spam Brits

Nick Kew Silver badge


Has anyone started a petition against being put in a government-sanctioned spam list and having (at best) to jump through hoops to opt out?

Where do I sign? Or if it doesn't exist, where do I go to create it?

Got a genius enterprise tech idea? Tell the world about it

Nick Kew Silver badge

Re: You've got less than 24 hours

RoseRoss, you're not damned for doing a deal with El Reg and getting them to publish. It's the timing that's an issue. If the publication date was out of your control, move the bloomin' earlybird deadline instead and you'll still come across as honest!

Nick Kew Silver badge

You've got less than 24 hours

The classic con-man line. No pressure there then.

Fork YOU! Sure, take the code. Then what?

Nick Kew Silver badge

Re: Forking Debian...

Quod erat demonstrandum.

US standards lab says SMS is no good for authentication

Nick Kew Silver badge

They're behind the curve

The BBC's investigative department has run a number of articles about criminals hijacking a phone number to get through a victim's SMS authentication. Fairly recently they persuaded one of the main banks (I forget which) to drop it after several verified cases.

That's why we have better technologies, going back as far as PGP, and forward to Milagro for the next quantum leap.

15-year-old security hole HTTPoxy returns to menace websites – it has a name, logo too

Nick Kew Silver badge

Re: From the linked article

OK, that is a direct quote, and it's not even something that's completely different taken in context.

Does anyone have contact details for that httpoxy page? It really needs correcting. It's true that a Proxy: header plays no role in implementing HTTP, but it's absolutely wrong to suggest that a standards-compliant agent will never use it.

Nick Kew Silver badge

Re: From the linked article

Standards-compliant HTTP clients and servers will never read or send this header

Not quite correct. HTTP allows agents to define custom headers, so "Proxy" is allowed as such. To the bog-standard server, such as Apache or nginx out-of-the-box, it's as meaningful as "Vhjsrmwb" or "jasswe33d". And equally harmless.

The problem is that due to popular convention many web servers simply prefix HTTP_

That's not popular convention, it's the original CGI standard - which is inherited by all the CGI-imitators like PHP. A way to make headers available to applications that might be interested. All HTTP end-to-end or undefined headers except a few enumerated ones SHOULD be treated this way, but MAY be suppressed if they give rise to security issues.

The trouble arises where languages and libraries use HTTP_PROXY to mean something they shouldn't be taking from untrusted input. I haven't tested it, but I should imagine Perl used with taint-checking (as it always should be on the web) is safe. On the other hand, PHP is always vulnerable to everything, and more generally YMMV. Hence the web servers taking it on themselves to block an incoming Proxy header from propagating to the CGI environment.

The good news is that Apache and others are preventing the Proxy header specifically from being turned into an environmental variable, but we can't just automatically drop it because that is unexpected and somewhat rude.

Actually we can just drop it. If the backend application has a legitimate use for an HTTP_PROXY environment variable, it can be set in the server configuration, for example with Apache's SetEnv directive. But not from an untrusted source.

Brit chip biz ARM legs it to Softbank for $32bn

Nick Kew Silver badge

Re: ARM is 10% cheaper than it was a month ago.

I bought at £8.55 earlier this year. It's not been above £10.75 until this morning and Independence served ARM well as most of their revenue is in dollars

Friday's closing price was £11.89, and that wasn't any sudden jump.

I bought ARM for under £1 (indeed, just under 80p at best). It stayed around £1 for a year or two, and only really took off when it leaked to the financial markets that it was in the Iphone. Someone is looking for a repeat performance with IoT, after a few years in the £10 ballpark.

Nick Kew Silver badge

Do I get a vote?

ARM is still my biggest single shareholding. My inclination as shareholder is to vote against any loss of independence. It'll take more than a just a five-figure boost to my pot to change my vote: it'll need a convincing story about being a Good Thing for the industry (can't see that), or at worst a real fabulous "retire rich" premium (which I doubt even Apple could offer).

So, what will the big institutional shareholders do? Who's pulling their strings?

UK.gov flings £30m at driverless car R'n'D, wants plebs to speek their branes

Nick Kew Silver badge


Isn't one of the big motivators here supposed to be mobility? Reduce the number of people socially-excluded by virtue of being medically unable to drive.

Nick Kew Silver badge

Re: "Some of the safest roads..."

It isn't something to be that proud of, when that safety comes at the expense of so many kids being stuck at home because their parents don't dare to let them out. Not to mention my late neighbour - who could walk only slowly on two sticks - being stuck at home because parked cars block the pavements and going round them was too hazardous.

De-facto house arrest for the vulnerable is a terrible price to pay for the relative safety of the more-privileged.

EU cybersecurity directive will reach Britain, come what May

Nick Kew Silver badge

Re: Our server, thou art in the cloud, hallowed shall be your drives!!!!!!!!

We've had a UK Great Firewall for years. Google "Internet Watch Foundation". Hit the headlines in 2008 when it momentarily blocked wikipedia.

Nick Kew Silver badge

You enforce it by making it illegal for a non-compliant company to do business.

Same as any other regulation. If a company makes a car with no brakes, it would (I presume) not be legal to sell those for use on Europe's roads. Or all those lead-painted toys we used to import.

Paper wasps that lie to their mates get a right kicking, research finds

Nick Kew Silver badge

Re: They didn't cheat

Agreed, they didn't cheat. Pleased to see mine is just one of many upvotes for that comment.

By contrast, El Reg did cheat. A clickbait headline suggesting a really interesting story, leading to this.

Israel's security minister suckers Zucker for Facebook'ed killings

Nick Kew Silver badge
Big Brother

The UK was there first

... we blamed Facebook back in 2014. A high-profile case to coincide with Mrs May's 1984 surveillance bill.

I recollect blogging about it at the time.

Prominent Brit law firm instructed to block Brexit Article 50 trigger

Nick Kew Silver badge

Re: Politicians

I like spineless gits. Imagine how bad things would be if the clueless twits did something.

W.S. Gilbert put that point rather well in 1882, taking a long historic perspective.

Nick Kew Silver badge

Re: "No, No, No. Let me resign..."

I only hope that his leaving UKIP doesnt mean that he is defecting to the conservatives where he might end up in a position with some influence.

What, and be expected to kowtow to another leader? I think that calls for a milliner to do the catering.

Nick Kew Silver badge

Re: And the house of lords?

The EU laws are decided upon and drawn up by an unelected council. The elected members only get to vote on whether it passes or fails (they might have a right to amend, I'm not sure).

Bit like Westminster then. Or would be, if "EU laws" existed.

People have tried to improve democratic accountability within the EU, but UK governments (of both parties) have blocked such attempts. Perhaps the reason we can get out now is because eastward expansion has made it unlikely they'll get agreement on that kind of reform any more even without the UK to block it?

Nick Kew Silver badge

Re: From another angle...

Sorry but that is absolutely the case due to UK Parliamentary Sovereignty, whether you or I think it is right or wrong.

Isn't parliamentary sovereignty supposed to be the question at issue? Those who say a Prime Minister can act without it are denying that sovereignty.

Under UK law, only a court can say who's right. Not the PM, nor parliament, nor the people. Indeed (shock, horror) not even Reg commentards.

Parliament takes axe to 2nd EU referendum petition

Nick Kew Silver badge

Re: The IP address is not a great way to decide validity

Funny definition of gerrymandered.

You miss the point.

The whole point of the referendum was to deal with the Tory party split. So many things were gerrymandered in favour of the maximum Out vote, so they'd have the maximum lack of credibility crying Foul.

Hence gerrymandering the electorate, the date, and the terms of debate.

Hence "negotiating" that worse-than-useless pretend-two-wrongs-make-a-right deal.

Everyone saw it as an internal Tory party row, which of course wrong-footed most of the non-Tory-party population and the rest of the world. Even the electoral commission played along, appointing the Tory Out faction rather than the Faragists as the official out campaign to keep things within the Party.


Nick Kew Silver badge

Re: The IP address is not a great way to decide validity

Maybe the Vatican runs ISP and proxy services? Maybe the Vatican has licensed out some of its allocated IP numbers? Or other such explanations.

That would seem broadly equivalent to some of the places around the world - from Moscow to Minneapolis - that IP location services have placed me without any such thing as a VPN.

The referendum was gerrymandered, not least by reneging on the 2015 manifesto commitment to enfranchise Brits long-term abroad (as I pointed out back in February). If the same happens to this and other petitions, shouldn't that just be seen as par for the course?

Dutch court says BREIN should get e-book uploaders' names

Nick Kew Silver badge

Isn't this a non-story?

Unless the ISPs defy the court order, this would seem a non-story. They're not taking any kind of a stand by refusing to hand over details without a court order.

Though it could become a story if something interesting happens after handing over the details. For instance, the customer was offering free wifi and can't be held responsible for its users. Or can it? Now the world is worried again over public wifi ....

Brexit: More cash for mobile operators or consumers? Pick one

Nick Kew Silver badge

Re: UK legislation

They could. I have no insight into how such legislation might work in practice: whether there might be unintended consequences.

Maybe if the EU rules prove successful you could start to lobby the UK government to legislate along those lines for roaming outside the EU? Or maybe someone is already lobbying?

Nick Kew Silver badge

Not a zero-sum game

If we vote for isolation, the total pot of travel is likely to be a little subdued as the UK and to a lesser extent the rest of the EU (and indeed world) take an economic hit. Though perhaps the gap will be filled with more rest-of-world visitors taking advantage of cheaper currency.

Low prices will of course also drive volumes, regardless of anything the EU and the vote may do. I tend to treat roaming data as emergency-only, and stick to wifi spots for connectivity (including VOIP for voice calls). That kind of decision by millions of individuals reacting to high charges makes for a non-zero-sum game.

Patent trolls, innovation and Brexit: What the FT won't tell you

Nick Kew Silver badge

Trade with the US

The EU has history of standing up to US bullying. Even if it has, at times, hinged on a single courageous member (remember ThankPoland?). UK is more likely to roll over and take it from Uncle Sam.

A post-brexit UK, in need of trade agreements with anyone who'll play, will be desperate for whatever it can get. So that'll be US patents automatically enforceable here. Along with all those other little things - like no question of labelling US food imports that might contain growth hormones illegal here, lest such labelling be prejudicial to their ability to sell (and of course the corollary, nothing to be labelled as free of such things, or GM, or whatever).

Microsoft and LinkedIn: What the CEOs are planning

Nick Kew Silver badge

"Microsoft SEO Satya Nadella" (sic)

A Freudian slip for our times?

No 10's online EU vote signup crash 'inevitable' – GDS overseer

Nick Kew Silver badge

Re: “I am very surprised that it crashed” - Liam Fox MP

I take it you're not one of the many reg commentards who would've screamed loudly about UK citizens' personal data being outsourced to a commercial entity and to servers in jurisdictions lacking our level of data protection?

There are a lot of people who care about that kind of thing, and would take a dim view if it happened. They might very well seek and get a court order declaring it illegal.

Anyway, a sufficient DoS attack can bring any server down for a while (see my post below for thoughts on who might've expected to benefit from that).

Nick Kew Silver badge


Can we say one way or the other whether anyone might have deliberately DoSed the system? Cui bono?

The alacrity with which a minority of "out"ers jumped on it with cries of Judicial Review tells us someone thinks they may have something to gain from what happened: they're preparing the ground for a "vote again until you get it right" scenario. If the deadline hadn't been put back, they exclude a bunch of voters who everyone supposes to be predominantly-young, predominantly-in. A win-win for a DoS attack.

If it was regular cockup - lack of capacity - it would seem more than likely it should've gone down again before the extended deadline. As noted on Wednesday (before the event), whether it survived Thursday would provide cockup-vs-conspiracy evidence.

England just not windy enough for wind farms, admits renewables boss

Nick Kew Silver badge

Re: Tidal?

Tidal is what we (UK) should be concentrating on above all else. Our geography more than any other country[1] gives us a huge resource to tap.

The downside there is, those countries which have committed more seriously to renewables (from China to the USA to more enlightened Europeans) have proportionally less of it and more of other sources. So noone has taken the lead in developing it. We have some pioneering projects, but only in Scotland have we got a government more-or-less prepared to back their pioneers.

And there still seems to be a lot of ignorance. Generic anti-green knee-jerks and a claim that greens don't like it have already popped up in this thread.

[1] With possible exceptions amongst tiny island countries whose total needs might be a the size of single UK power station.

Bloke flogs $40 B&W printer on Craigslist, gets $12,000 legal bill

Nick Kew Silver badge

Re: Vexatious little ...

Welcome to the Real World.

Though I find your size-ism disturbing.

Biting the hand that feeds IT © 1998–2019