* Posts by cdrcat

71 posts • joined 24 May 2015


South American nations open fire on ICANN for 'illegal and unjust' sale of .amazon to zillionaire Jeff Bezos


And “amazon” is only an English word

In Spanish: Amazonas, selva amazónica

In Portuguese: Amaozonas, floresta amazônica

I have no love for Amazon Inc, but neither do I want to give up the word nice because there is a homonym(?) in France etc

Go on, eat your fibre, new build contractors. It's free! OpenReach lowers limit for free FTTP connections


Crazy fibre to the premises connections?

Who's connected only their chicken coop?

Train-knackering software design blunder discovered after lightning sparked Thameslink megadelay


Re: Load shedding?

Presumably avoiding domino effects throughout the country is a good idea.

Presumably some of the engineers to reset the trains took flights?

Smart speaker maker Sonos takes heat for deliberately bricking older kit with 'Trade Up' plan


> What it doesn't have is security weaknesses

It has a Bluetooth implementation - which could easily have security flaws.

Where's our data, Google? Chrome 79 update 'a catastrophe' for Android devs with WebView apps


Re: Well ...

Fortunately there is a partial wet backup in the pet owners' brains.

ZTE Nubia Z20: It's £499. It's a great phone. Buy it. Or don't. We don't care


Re: I am from Gdańsk and I beg for help

Kiwi polish: invented by some Scots in Australia with a logo using a Maori name for a flightless New Zealand bird, made in England and owned by a corporation in the US.

Socket to the energy bill: 5-bed home with stupid number of power outlets leaves us asking... why?


I have a friend who just had some sockets added to his living room for jamming, installed by an electrician (with some audio chops apparently), with their own analogue earth to help reduce hum, and sockets in the floor for further convenience.

I'm not sure how they manage ground loops.

Microsoft explains self-serve Power platform's bypassing of Office 365 admins to cries of 'are you completely insane?'


Re: Microsoft knows best

Microsoft have already gone too far.

We had two true Microsoft believers in a team, deep into the cult, but they have slowly become more and more quiet about the wonders of their religion as the OS and development tools have become shittier and shittier.

I have slowly become luke-watm towards some of their open source efforts, but frankly they have to work hard to recover from decades of abuse.


Re: Employees buying software for their company?

> and any other sane browser choice is glitchy

There is no other sane browser.

Safari, Internet Explorer, Edge (before Blink), and Firefox are all dogs to develop for. I've written and supported a custom web framework, I know the pain. Edge changed engines in part because theirs was so hideously shitty.

You are implying web developers are lazy mindless scumbags, but supporting borken non-conforming browsers takes up 25% to 50% of dev time, so understandably web developers are keener to deliver new work than fight their platforms.

I hate Google's tentacles as much as any card carrying geek, but the Chromium team's engineering is unquestionably superb (and the other browser teams are weenies in comparison).

Your kids will be glad a UK government-funded robot will be changing your nappy and not them


Re: Immoral fuckers!

Your nirvana works for the wealthy (can pay for X people to help them) or it works for a population that doesn't require much help (1 hour of personal help for every 24 of life).

Once a population needs significant help (40 hours per week per week of life) then there is simply not *enough* people to do the "humane" thing.

Even worse, some of the carers are doing shitty inhumane work (lifting the elderly but damaging themselves; elderly looking after the elderly but unwillingly).

We should offload as much of the drudgery as possible and keep our elderly as *independent* as they wish. If we can use machines to do this we should - try telling your mum she should replace her scooter with coolies!

Reserve the human hours for real care - human touch, interaction, and brotherhood.

Like the Death Star on Endor, JEDI created a ton of fallout and stormy weather in cloud market


I thought the Borg was the traditional M$ reference. Or is that reference too dated*†, or taken over by Gooplle?

* I have never received a geek card, so I can't hand mine in.

† Where can I buy a geek card? Preferably electrically and physically S100 compatible.

Google lashes out at DoJ, Oracle as it asks US Supremes to sniff Java suit one last time


We are lucky that corporations are not completely amoral - 8G$ would buy a lot of snipers. Perhaps that shows that corporations have some morals?

Lies, damn lies, and KPIs: Let's not fix the formula until we have someone else to blame


Re: Reminds me of two things..

But the KPI is correct - there's a sunken cost fallacy in there somewhere.

Sell 10 stale buns at $1 each = $7 profit.

Throw away 10 stale buns, make 10 new buns, sell at $2 each = $14 profit.

Throwing away buns is likely to increase profits (assuming most new buns get sold, ignoring elasticity or price discrimination, and ignoring some other issues).

We, Wall, we, Wall, Raku: Perl creator blesses new name for version 6 of text-wrangling lingo


I am hoping that they rename Perl 5 to Perl 7 to breath life into the old reliable (perhaps add a linter to justify the leap ;-p)

Openreach's cunning plan to 'turbocharge' the post-Brexit economy: Getting everyone on full-fibre broadband by 2025



> Full fibre is a vehicle to turbocharge our economy

Such bullshit. The exact same bullshit was said over in New Zealand: but the only measurable result is that we get better NetFlix - that is not something that should be paid for with tax money.

I have high-tech software friends that have stayed on broadband.

Today's data whoopsie is brought to you by CircleCI: Source safe, but look out for phishers


Re: Insecure third-party scripts

It's possible the third party was Segment which has also just notified of a breach - https://news.ycombinator.com/item?id=20887809


Insecure third-party scripts

They haven't locked down their web app JavaScript includes: Facebook, Hotjar, Amplitude, Google, and others have access to your production SSL keys, code, passwords, etc.

It's a quick smell test for whether a company actually cares about security: what third-party scripts are included in their "secure" web page areas. The default web developer doesn't know better, and it is hard to lock down third parties (best solution is to avoid unnecessary third-party shit like analytics, also can use iframes or more complex solutions like caja).

This guy asked them about this issue 2 years ago, and apparently they haven't done anything much about it which signals CircleCI's security is poor: https://kevin.burke.dev/kevin/circleci-is-hopelessly-insecure/

More Linux than Windows: El Reg takes Docker Desktop for WSL 2 preview out for a spin


> The main rationale is to be able to use a full Linux toolchain while still using a Windows editor such as Visual Studio Code

Correction: Visual Studio Code is cross-platform (uses electron, runs on Linux), and Visual Studio does not run on Linux. The naming blows.

Rocket Lab CEO tucks into hat as company shares plans to reuse Electron first stage


Same technique as NASA investigated for recapturing a Saturn V booster: The helicopter would be gigantic. The rotor diameter would be over 120 meters. Its empty weight would be over 200,000 kilograms, with a gross weight of a whopping 453,000 kilograms. From: http://www.thespacereview.com/article/3741/1

To see vid, start just before 10 minutes: https://youtu.be/joONWIGtcdY?t=583

Trump continues on the warpath: Now US tariffs cover nearly everything arriving from China


Re: Worrying...

> If they were to dump their holding of US dollars at well below market price, it could easily provoke a run on the dollar

Ummmm, you don't think the US has heard of that and might have a plan? Maybe as simple as freezing their account!

German privacy probe orders Google to stop listening in on voice recordings for 3 months


Simple: automatically ask users to review clip first

Just politely ask. Most people are happy to help, especially when it is something "personalised" like that. It would have to be immediate, and only people with app installed, and located near the device. You want to avoid asking husband John at work about a recording made while wife Julie was shagging the electrician.

Same issue (which I fucking hate) with phone calls where you are told your voice is recorded for quality control etc. Wankers don't provide an opt out.

Outsourcing giant Capita handed £145m for UK.gov's Personal Independence Payment extension


£112m + £33m

How many people are recipients of the system?

If the number is low then the percentage cost is high.

Dutch cheesed off at Microsoft, call for Rexit from Office Online, Mobile apps over Redmond data slurping


Re: My precious data, it's ours

> there is a special version of Office 365 for Germany with the telemetry disabled which talks to servers located in Germany.

There was.

Microsoft is no longer accepting new customers or deploying any new services from the currently available Microsoft Cloud Germany: https://mspoweruser.com/microsoft-is-discontinuing-the-german-data-trustee-model/

npm uninstall co-founder --global: Laurie Voss rides off into the sunset waving goodbye


Why is there no secure npm?

I want to use some of the build tools, but there is no way to judge if packages are secure.

Presumably many organisations are vetting code they use, so many packages have been checked, but the information is not public...

Hope to keep your H-1B visa? Don't become a QA analyst. Uncle Sam's not buying it: Techie's new job role rejected


Re: Good testers

> If you need someone to look at a problem and realize that the requested solution is not in fact possible

What if you need someone to develop a solution that has a good UI, is secure, and reliable (maybe even someone who groks race conditions)?

The vast majority of what makes someone good at development is not taught in a degree.

Take the bus... to get some new cables: Raspberry Pi 4s are a bit picky about USB-Cs


Re: "the Pi is not a toy but increasing used for serious jobs"

> The Apollo mission to the moon used components from the lowest bidder

For a final score of 15 out of 17! (Apollo 1 electrical fire, Apollo 13 tank rupture).

Who needs 4th July fireworks when there's a new Windows 10 build?


Mmmmm, PostreSQL: a new dessert* based DB that tastes way better than PostgreSQL!

* Postre means dessert in Spanish.

July is here – and so are the latest Android security fixes. Plenty of critical updates for all


Re: If only

I have the Nokia 7+, last security update 1 April. It is an AndroidOne phone.

DeepNude's makers tried to deep-six their pervy AI app. Web creeps have other ideas: Cracked copies shared online as code decompiled


Training data for clothed/unclothed men

> Alas, there is no readily available training set of "middle aged men in suits, clothed/unclothed, same pose"

Create a friendly female bot that asks for such photos on any social network, and I'm sure you would get plenty of training data!

Oh snap! The road's closed. Never mind, Google Maps has a plan...


Gringos locos

> best selling Ford F150, and Dodge sell a great many Ram's

TIL: this is probably due to the 25% Chicken Tax which mostly affects light pick-up trucks.

IT pro screwed out of unused vacation pay, bonus by HPE after judge rules: The law is a mess but it's still the law


But the documents are confidential

And you have signed a non-disclosure agreement with teeth...

I'll just clear down the database before break. What's the worst that could happen? It's a trial


Or go with Suicide Linux

"Any time - any time - you type any remotely incorrect command, the interpreter creatively resolves it into rm -rf / and wipes your hard drive.": https://qntm.org/suicide

Let's check in with our friends in England and, oh good, bloke fined after hiding face from police mug-recog cam


Re: What the heck

I am left wondering if you are trying to demonstrate Poe's law...

Microsoft waves the wizard wand, emits the Web Template Studio


VS Code != Emacs

Emacs has one absolutely killer feature: it is simple to customise to your own needs by adding to or editing the elisp source code.

I am using VSCodium at present, and although it has extensions/plugins (like most dev environments), unless there is an existing preference or plugin for what I need to fix in the editor, I can't easily fix VS Code to work how I want. For example, I wanted to improve how search worked for my needs, but I would have to do a full build of VS Code, and maintain that build. No thanks.

Note: I haven't used Emacs for over a decade, but I still remember how easy it was too customise to my own needs.

Talk about a ticket to ride... London rail passengers hear pr0n grunts over PA system


How to avoid shaking hands

Psych nurses are taught to fist-bump to avoid shaking hands with some of the more virile patients.

Here's what Autonomy told its salesmen they were allowed to do


Follow the money

What matters is the commissions that were given...

No good salesperson gives a damn about written rules.

Hate e-scooters? Join the club of the pals of 190 riders in Austin TX who ended up in hospital


Re: Make helmets mandatory - oh wait, we can't

"Andrei Mikhailovich Kivilev (Russian: Андрей Михайлович Кивилёв, 20 September 1973 – 12 March 2003) ... he crashed during the Paris–Nice race and subsequently died of his injuries. His death was the trigger for the UCI to implement the compulsory wearing of helmets"

If the thing you were doing earlier is 'drop table' commands, ctrl-c, ctrl-v is not your friend


> Today is Sunday and I'm pissed

What is it called when a sentence makes sense in two different languages, but the meaning is very different in the two languages?

Cocaine, psychedelics, DMT? They sure knew how to party 1,000 years ago: Archaeologists make startling discovery


Item second from left at top

would make an awesome phone case.

I wonder when the (missing) credit cards expiry date would become valid again (Dec. 21, 2012, on the Mayan calendar marks the end of the 13th b'ak'tun of the Mayan Long Count Calendar).

Slack files for IPO, warns of bumpy valuation as it swerves big bank underwriters


Matt Levine from Bloomberg wrote

"Oh and elsewhere in information security, Dan Primack makes a really good point about WeWork Co.’s confidential initial public offering filing: It happened in December, and no one reported it until now. “That's an awfully long time for WeWork to successfully keep its secret,” writes Primack, considering that most similar deals leak and WeWork had to involve all the usual lawyers and accountants and other professionals that you need to make a filing like this. Or, almost all of the usual professionals: But word is that WeWork didn't list any bankers on the paperwork submitted to the SEC, because the co-working giant hasn't picked them yet. That process begins now. No bankers, no leaks. It could be a coincidence but it's probably not."

A bit financial, but interesting!

There's NordVPN odd about this, right? Infosec types concerned over strange app traffic


Re: Well if the US ships want the Chinese to keep out of the way

> And you can't prove there isn't a teapot in orbit around the sun

Hate to break the bad news, but all the teapots on earth *are* in orbit around the sun.

Ex-Mozilla CTO: US border cops demanded I unlock my phone, laptop at SF airport – and I'm an American citizen


Re: They're not all bad...

Turkey is not a place I trust

I stopped on motorbike to take photo on cellphone of huge earthworks near Istanbul.

Some site manager fit drives up and tells me in broken English to delete said photos or else.

I didn't doubt the "or else". On finding out that earthworks were part of sone airport work, and some stories about the rediculous "security theatre" around it, I was glad it wasn't anything further...

Silence of the WANs: FBI DDoS-for-hire greaseball takedowns slash web flood attacks 'by 11%'


SSDP also facilitates IPv6 address scanning


Scroll down a bit. Also has other links about why uPNP is evil...

That's Huawei I like it: Chinese giant's cloudy arm dumps 19-inch rack for newer model


Re: Stupid U

21" and 48mm is bigger than 19" and 44.5mm. I presume depth is similar.

If you need to fit your 19" into a 21", you use a rack adapter.

Amazon may finally get its hands on .amazon after world's DNS overseer loses patience


A quick check of Google translate showed that amazon is an English word. So Brazil can get the Portuguese language TLD, and Ecuador can get the Spanish language TLD. Everybody should be happy!

Sure, we've got a problem but we don't really want to spend any money on the tech guy you're sending to fix it


Re: Nokia

Re: long valley caldera - Wikipedia: "The declining volcanic activity and increasingly crystalline lava extruded over the last 650,000 years, as well as other trends, suggest that the magma reservoir under the caldera has now largely crystallized and is unlikely to produce large-scale eruptions in the future."

I won't bother hunting and reporting more Sony zero-days, because all I'd get is a lousy t-shirt


I found a vulnerability this week

I found a corruption similar to CloudBleed while tracking down a race condition with our SPA communications. The problem was most likely caused by an obsolete Cisco web appliance, but some chance it was IE11, and a small chance that it was CloudFlare.

CloudFlare use HackerOne but don't seem to offer a bounty from what I could tell.

Why would I waste time tracking down the root cause without getting paid? I get paid in my job to find bugs, and fix them. I don't do it for free, and I certainly don't need kudos or T-shirts.

So the vulnerability is not notified - everyone loses.

Who cracked El Chapo's encrypted chats and brought down the Mexican drug kingpin? Er, his IT manager


Re: The FBI paid him back in return for his services

He could get paid to do the hit on himself and give the money to his family.

Although presumably they often kill the family anyway as a warning to other narcs.



Biting the hand that feeds IT © 1998–2020