* Posts by really_adf

118 posts • joined 21 Feb 2017

Page:

Techie in need of a doorstop picks up 'chunk of metal' – only to find out it's rather pricey

really_adf

Re: Have you ever heard a story about something you did told second-hand?

It's when you go searching on Google for a solution to a problem, and find the solution that you posted yourself six months earlier, that you know your brain is not what it once was...

In my case it was a few years rather than six months. Maybe more understandable, but I didn't even recognise my own writing and it was some time before I realised...

Oxford University reportedly turns off its Huawei money tap

really_adf

Re: FYI

"Pcaps or it didn't happen"

Excuse me, sir. You can't store your things there. Those 7 gigabytes are reserved for Windows 10

really_adf

Re: Progress?

I remember the Archimedes 420 with a whole 4MEG ram and 20MEG hard drive.

I may be misremembering but I think the A420 was 2MB RAM and the A440 had 4MB.

The OS was in ROM though; 512KB for RISC OS 2, including CLI, GUI, and even a BASIC interpreter and ARM assembler.

The ROM jumped to 2MB in RISC OS 3, but that included the above plus several applications. Among them were a text editor (Edit), and bitmap (Paint) and vector (Draw) graphics.

(All IIRC.)

You were told to clean up our systems, not delete 8,000 crucial files

really_adf

Re: "by your implication, unix doesn't need any /tmp directories..."

why does unix require temporary directories to hold temporary files?

Apart from supporting cases where persistence beyond that last reference closing is desirable, it lets root control where the data are able to be (temporarily) stored through mountpoints and directory permissions (you must be able to create a file).

2018 ain't done yet... Amazon sent Alexa recordings of man and girlfriend to stranger

really_adf

What possible kind of 'human error'?

I'm confused, what possible kind of 'human error' could see the audio recordings of one Alexa, which I assume was working perfectly for the gentleman who owned it and therefore must have been integrated with his own account, delivered to a completely different account owner?

Occam's razor suggests to me:

1. Find Alexa ID(s) for requester from "account information" tool.

2. (Mis)type ID into "get recordings" tool.

London's Gatwick airport suspends all flights after 'multiple' reports of drones

really_adf

Re: It's Probably Just As Well It Wasn't The Airport In Essex.

Surely just "Standstill at Stansted"

You better watch out, you better not cry. Better not pout, I'm telling you why: SQLite vuln fixes are coming to town

really_adf

A gold standard

"SQLite was considered a gold standard in terms of secure coding"

Well, given that "Microsoft patched 16 such remote code execution flaws in IE, Edge, and Office less than a week ago" I don't see much damage to that view.

Ticketmaster tells customer it's not at fault for site's Magecart malware pwnage

really_adf

Re: Offsite scripts GAH!

"Firefox can't establish a connection to the server at wss://127.0.0.1:5900/"

IIRC there was an article here a while back that may explain this: part of tests to see if your computer/whatever looks like it has been compromised (VNC in this case.)

Can't find it now but a web search on that URL looks like it might explain more...

Kubernetes caretaker auditions for Hoarders; takes in another open source project

really_adf

Re: Why would anyone want to use any of this?

Like anything "new" it's almost a given that these things are being used, and certainly pushed, where (traditional) alternatives would be better, but as a partial answer: microservices can be used to support scaling; implementing them using Docker containers means you can scale quickly, and if using containers at scale, you need something like Kubernetes to manage it.

I'm yet to be convinced problems in my domain would be useful to build as microservices. I find Docker is useful for some things though.

DeepMind quits playing games with AI, ups the protein stakes with machine-learning code

really_adf

Re: It's good somebody's doing this

Because it's not like it's ever been done before.

Err, Folding@home is mentioned (and linked) in the article.

But on that subject, I'd be very interested in some more detailed analysis of how the approaches compare, if the task is as comparable as it sounds. There are hints in this article that it's good (winning the competition) and also bad (accuracy).

Check your repos... Crypto-coin-stealing code sneaks into fairly popular NPM lib (2m downloads per week)

really_adf

Re: Javascript

... unspecified malware can be introduced through a repo the developer has no control over? Absolutely reasonable. It has happened multiple times so it must now be considered a known risk and you should have mitigations in place.

I think that's the point of version pinning mentioned in the article. This should force a change to a dependency to require manual intervention, thereby providing an opportunity for the change to be assessed to the desired level of detail.

But it's inherently manual so, in many cases, it won't be done at all, and in some, things will be missed.

LastPass? More like lost pass. Or where the fsck has it gone pass. Five-hour outage drives netizens bonkers

really_adf

Re: Another Day ...

I would be curious to see some actual numbers as to the the availability of typical in-house systems vs cloud based systems. In my, admittedly limited, experience with small businesses I am seeing less downtime with cloud based solutions than in-house ones.

I would also be curious. I also have limited experience but the main observation I would make is that when it's your own systems, you get to choose when you do the risky things that, sometimes, you will get wrong and cause issues for users. That choice can virtually eliminate, or at least mitigate, the impact when things don't go to plan.

Microsoft: You looking at me funny? Oh, you just want to sign in

really_adf

Re: I Don't Get It...

They need to access the "secure enclave" on your device to sign the nonce, and to unlock that enclave they will need your PIN or biometric etc.

Based on how similar things work, I think it is much better than that: the nonce is passed to the device to be signed, so the private key never goes anywhere outside the device.

So the PIN or whatever is used locally to authenticate requests to sign.

Hopefully the nonce issuer is also authenticated, eg by signing it and having this verified by a public key added to the device.

Oi, Elon: You Musk sort out your Autopilot! Tesla loyalists tell of code crashes, near-misses

really_adf

Re: Say what you like about Teslas

There are a significant number of twats driving cars that don't take reasonable care around cyclists, but equally, there are a significant number of twats on bikes who care nothing for either their own safety or that of others.

There are a significant number of twats driving cars that don't take reasonable care (no further qualification needed). Same riding (push) bikes.

I doubt the ratios differ much, but in reality the twats on bikes mostly endanger themselves, while those in cars mostly endanger others. Very different types of twat.

UK rail lines blocked by unexpected Windows dialog box

really_adf

Re: headcode

Headcodes are not unique across the network, and letters include B and O that could cause confusion, so probably not a good choice. They are however useful to signallers since they are short and encode the type and route for the train.

Upset fat iOS gobbles up so much storage? Too bad, so sad, says judge: Apple lawsuit axed

really_adf

Re: RAM manufacturers always used powers of two

Because each extra address line doubles the storage, thus inherently powers of 2. Tape, floppies and HDD have always used the approximate SI based amount based on powers of 10.

Sector sizes are naturally binary because of buffer memory. This, I guess, is why a "1.44MB" floppy holds 2880 sectors of 512 bytes; 1440KiB, which of course is neither 1.44MiB nor 1.44MB.

I think the same 1000KiB "MB" was also used for (some?) HDDs in the first half of the 90s.

What a mess.

(Dunno about tape.)

Milton Keynes: Come for roundabouts, stay for near-gigabit broadband

really_adf

At some future date they'll probably implement DOCSIS 3.1 Full Duplex which could offer gigabit speeds both ways ... it'll probably be about 2023-25

AIUI, the co-ax bits have filters for the return path, presumably built into the (forward path only) amplifiers along the way.

Assuming so, it looks like these will need to be replaced for DOCSIS 3.1, which I can't see being fast or cheap as there's probably (on average) only a handful of customers for each one.

Happy to be corrected...

Microsoft: You don't want to use Edge? Are you sure? Really sure?

really_adf

Re: Links to resolutions, will work with any browser

Perhaps not for long in Edge/IE: You already have Windows 10, the safer, faster OS for ouryour PC. Go to microsoft.com / Visit Linux distribution site anyway

Email security crisis... What email security crisis?

really_adf

My point is that a user such as Maintenace Care<random-user@hotmail.com> (other MS domains are availabe) can send a message with a title such as YOUR HOTMAIL WILL EXPIRE SOME DAYS TIME to a Hotmail (other MS domains are available) user and it's not picked up by their spam filters ...

In many cases, I suspect, this sort of thing is "genuine" email from a compromised account, and by definition it can only be identified as bulk after some number have been sent; you were probably (unfortunately) just near the top of the list...

Software dev-turned-councillor launches rubbish* chatbot

really_adf

Re: FFS

So many people think of just themselves rather than the greater good. Councils and politicians have nothing to do with that.

I disagree. Yes, of course, there are selfish people other than politicians, and not all politicians are selfish, but it seems to me that selfish politicians are especially unhelpful because they are in a position to benefit society but their selfishness often means they do not.

In short: the impact of politician's selfishness is disproportionate.

BlackBerry, Sony, Honor and LG flash their new phones for all to see

really_adf

"deep depth-of-field cameras"

So cameras that make it harder to pick out the action because the background is in focus?

And lower the effective resolution of the action because the encoder is spending too many bits encoding irrelevant detail?

These cameras are a good thing?

Maybe for 3D, I guess.

Microsoft Visual Studio C++ Runtime installers were built to fail

really_adf

Re: Why the need for complex installers in the first place.

2 words: STATIC LINK

Static linking certainly has its place but the more common the library, the more copies sitting occupying RAM, maybe pushing working sets over a physically-addressed cache's size and impairing system performance...

Also, the more burdensome to patch some vulnerability (admittedly avoids some patch breaking your application).

TL;DR: static and dynamic linking both have benefits and drawbacks; which one "wins" depends on circumstances.

EU wants one phone plug to rule them all. But we've got a better idea.

really_adf

Re: EU Standard plug

Whereas here in the UK a spur can have no more than one socket attached to it unless the spur is itself fused.

I think, unless the regulations have changed, not one socket but a single or double outlet. Which is (just) OK with the correct cable (2.5mm^2?) appropriately fitted and two 13A appliances.

(Happy to be corrected.)

really_adf

Re: EU Standard plug

almost all electrical outlet are now protects by RCD breakers so fuses are not vital any more.

Fuses and RCDs protect different things.

A fault connecting live to earth will trip an RCD long before a fuse blows, and speed is especially useful if that fault is through a human.

A fault connecting live to neutral (short circuit) or other "current too high" situation doesn't bother an RCD, but a fuse blows quickly enough to prevent the wiring/cable being damaged or getting hot enough to start a fire.

Miniature Circuit Breakers (MCBs), common on consumer units in the UK at least, are functionally similar to fuses although they trip and can be reset instead of replaced.

Bitcoin backer sues AT&T for $240m over stolen cryptocurrency

really_adf

Can anyone here raise their hand/pint having seen blowback on some corporation after proving they have ineffective/useless security?

Not sure it meets your criterion, but "TalkTalk lost 101,000 customers and suffered costs of £60m as a result of a cyber-attack".

However, I think it was a relatively short-term effect (the article suggests the effect was partly due to suspending online sales but I think short memory is probably also relevant).

The age of hard drives is over as Samsung cranks out consumer QLC SSDs

really_adf

Re: 32x1Tb?

I think the article meant 32 1Tb chips (of unspecified organisation).

really_adf

Re: QLC? It's not the one for me

Every level adds one bit of information per cell, thus doubling the capacity.

Adding a bit doubles the number of different values a cell can store. That's not the same as doubling capacity, which is simply the number of bits.

UK cyber security boffins dispense Ubuntu 18.04 wisdom

really_adf

Re: Good idea.

Do not trade security for convenience.

Err, security vs convenience is a fundamental trade-off. For example, no root password gives no security but maximum convenience.

How to (slowly) steal secrets over the network from chip security holes: NetSpectre summoned

really_adf

Re: I don't think that word means what you think it means

Does [a Spectre Gadget] amount to any code in any remote API that can be abused to exfiltrate data using this method?

Yes, that is my understanding.

If so, I would think that identifying them might be accomplished by defining normal, expected calls on each API and monitoring for any that fall outside that set, ...

Unfortunately, that monitoring may itself be a Spectre Gadget.

British Airways' latest Total Inability To Support Upwardness of Planes* caused by Amadeus system outage

really_adf

Re: Phew

I always found it strange at Paddington that the platform wasn't annouced until a couple of minutes before the train arrived "for security reasons".

I've never heard a delay in platform advertisement described as being for security reasons. Platforms are planned alongside the timetable (months in advance) but at a terminus like Paddington there are a couple of obvious operational reasons to advertise "late": the train is being prepared for its next journey (cleaning, seat reservations) so is not ready for boarding and, when things are not going to plan, it avoids last-minute changes causing confusion (maybe ticket barrier issues at Paddington specifically).

At non-terminus stations, the first reason isn't applicable, and scope for platform changes is often limited by the infrastructure so platforms are displayed as far ahead as the departure board goes.

See also eg http://www.realtimetrains.co.uk/search/basic/PAD.

'Fibre broadband' should mean glass wires poking into your router, reckons Brit survey

really_adf

I don't think it's as simple as marketing guys calling something fibre when it's not.

Nope, that's exactly what it is. VM made no changes to the cabling installed around the turn of the century but started marketing it as "fibre".

The marketing coincided with head-end changes that allowed them to offer significantly higher speeds, but with the same amount of fibre as before. Funnily enough this happened when BT were clearly gearing up for VDSL rollout...

Cancelled in Crawley? At least your train has free Wi-Fi now, right?

really_adf

Re: Only One Website

Also useful, depending on where you travel: http://www.opentraintimes.com/maps

Google Chrome update to label HTTP-only sites insecure within WEEKS

really_adf

Re: It's not "browsing" anymore..

"Certificates are for domain names, not IP addresses."

Nope, SteveK had it just right. IP addresses can be used in certificates but, as with domain names, commercial CAs (that browsers trust it off the box) must verify them, which isn't possible for RFC1918 addresses. This doesn't inhibit an internal CA.

Please tighten your passwords and assume the brace position, says plane-tracking site

really_adf

Re: Zoom out and see a lot of planes in the air.

There was a BBC TV programme a while back called "City in the Sky" because, at any given time, there are about a million people in the air (worldwide). So yeah, a lot of planes!

The glorious uncertainty: Backup world is having a GDPR moment

really_adf

Re: Not my field of expertise

Keep a log of those people who have successfull requested deletion.

If you restore a backup, re-run deletions from the time of the backup.

That log would be covered by legitimate interest.

Not sure your last point applies but I note only someone restoring data needs to be able to read the log and entries can be removed after the retention period for the data is reached.

Seems like a pragmatic solution to me.

BOFH: Their bright orange plumage warns other species, 'Back off! I'm dangerous!'

really_adf

The fire was in an office where there was one double socket that had, IIRC a PC,a printer, a kettle, a walkie talkie battery charger and a fan heater connected to it via multi plug adapters.

Unsurprisingly the wiring eventually gave up and burst into flames

As long as the kettle was in one socket and the rest connected to the other, that should be fine...

If all hanging off one socket, it might not be quite enough to blow a 13A fuse (20A?) but surely still shouldn't be a problem unless the wiring is faulty (poor contact, incorrect conductor size), the cable is damaged or similar.

I'd guess the most likely candidates are faults in the battery charger PSU or the heater, but the latter would probably be obvious.

Uber jams Arizona robo-car project into reverse gear after deadly smash

really_adf

Re: Autonomous vehicle safety ignored

You cannot equate that with a human who is fully engaged in driving the vehicle, the awareness and concentration required is completely different.

No, the awareness and concentration required is the same. That given was different, thus the collision.

Look how modern we are! UK network Three to kill off 3G-only phones

really_adf

Re: Allocated spectrum

It doesn't matter if it's a state owned monopoly (Network Rail) or a private monopoly (OpenReach). Monopolies are bad - end of.

Interesting point. Network Rail seems broadly analogous to OpenReach but the former was renationalised. While state-owned has issues, that doesn't necessarily make it worse. Though it doesn't mean it wouldn't be, either, but I think that example shows it's more nuanced than you imply.

NASA’s new exoplanet-spotter survives sling past the Moon

really_adf

Re: The dark side? Again?

If you are on earth, looking at a full moon - a fairly canonical mental image - then "dark side" is accurate.

But El Reg should know better.

Android devs prepare to hit pause on ads amid Google GDPR chaos

really_adf

Re: Consent

... running the risk of spending their advertising budget on ads that are shown to random individuals with no interest in the product or service? They might not want to pay for advertising in the latter case

As per a quote I heard: "Half the money spent on advertising is wasted; the problem is working out which half."

So when can you get in the first self-driving car? GM says 2019. Mobileye says 2021. Waymo says 2018 – yes, this year

really_adf

Re: I have a 2018 Nissan Leaf with ProPilot...

No, they just have to work significantly more safely than human driven vehicles, which is actually a pretty low target.

Agreed that AVs don't need to be 100% safe, and that being significantly more safe than humans is a low target. By this measure, AVs may look good even today.

But I wonder if a more important measure is injuries/deaths involving an AV that either would not have occurred were a competent human in control, or are avoided by a human (taking control or in/on another vehicle). I think that needs to be very low indeed, and I suspect is a far greater challenge.

Cambridge Analytica dismantled for good? Nope: It just changed its name to Emerdata

really_adf

Re: Claim They Did Nothing Wrong...

What is it with the culture nowadays, where so many people lie and have absolutely no conscience in doing so ?

I'm not sure whether people have changed, but I think our awareness of their behaviour has greatly increased. And that includes the awareness of other people inclined to behave that way, creating a snowball effect.

GitLab crawling back online after breaking its brain in two

really_adf

Re: GitHub > GitLab

Judge for yourself: just compare the GitHub help with the GitLab help.

Most of what you wrote is about git, not GitHub/GitLab, so is equally true of both. Both also have wikis, although I don't know how they compare.

It's not clear what your point is regarding the help. IMHO some parts of GitLab's help aren't great (to put it mildly), but I've suffered far worse.

really_adf

GitLab self-hosted slurp

Actually, there is some slurp by default, but quite high-level "How many using this feature" type stuff.

Oh dear... Netizens think 'private' browsing really means totally private

really_adf

Re: re Long version

"It's called Stupid User Glossover."

Only if you're a smug jerk. Don't blame the users! The blame lies with Misleading Marketing.

Much as I hate marketing, and am generally cynical, it seems a big assumption that the express intent is to deceive. Like "unlimited broadband" (that you mentioned), "private" browsing is an unavoidable simplification.

Users absolutely have to take some responsibility. The information is right there, they just have to read it. But many don't, and make assumptions.

As I recall, some years ago, Microsoft advertised (on TV) IE's "private" mode as a way to hide something like buying your spouse a present, which it works well for, IP-based advert targeting aside.

Facebook puts 1.5bn users on a boat from Ireland to California

really_adf

Re: privacy protections

Not just me who noticed that interpretation was perfectly valid, then.

Get the FTP outta here, says Firefox

really_adf

Reasons?

Refusing to load http subresources from an https page makes sense, and it is logical to apply that rule to ftp subresources from an https page. Apparently this is already the case.

But I don't see the reason or benefit to block ftp subresources in general. Following links from the article, removing FTP support is mentioned as a possible eventual goal, and I don't have a problem with that, but I don't see this change being a step in that direction.

Slap visibility beacons on bikes so they can chat to auto autos, says trade body

really_adf

Re: Really?

As a bicyclist myself, I can tell you that it's even worse if you're on a bicycle driving by an oncoming bicycle that has one of those things.

Hmm, now I think about it, since they are a near-point-source of light, they could probably be blocked by an extended middle finger...

really_adf

Re: Bricked

How the **** do I know when it's working and when it dies, or just needs jiggling to fix that dodgy connection?

You know it's stopped working when you were cycling somewhere and wake up in hospital...

Page:

Biting the hand that feeds IT © 1998–2019