120 posts • joined 2 Feb 2008
Re: Thumbs Up!
Now I've got that theme tune going round my skull.
Given the last paragraph, does this mean we can or can't install something like lineageOS on
a phone containing one of these chips?
Super Micro China super spy chip super scandal: US Homeland Security, UK spies back Amazon, Apple denials
works for me...
Link Works from Romania
Decoding the Chinese Super Micro super spy-chip super-scandal: What do we know – and who is telling the truth?
Re: Should we be worried ?
This sounds like a great ignoble prize research topic: (chipped) animal behaviour influenced by external RF sources, via the nice warm neck (or wherever the chip got put) syndrome. What you need to do is set up another (identical) router a few feet away and alternate which one has it's WiFI transmitter on. Correlate with cat's favourite resting place...
Is it deliberate? I assume not.
I'm getting blank white where there ought to be some adverts. I wondered if you'd switched add provider and now every script is running, but nope, still no adverts. Come on Reg, protect your revenue, we don't want you to go bust!
Re: Works on my switch
"When are you going to release the Power-over-Wifi version ?"
Didn't someone living near the BBC's longwave transmitters do some experimenting with this in his loft? I seem to remember they ended up convicting him for theft of electricity.
Re: "you cannot call emergency services if there is a power outage"
"Add a small UPS, and it will keep on working - the other endpoint should already have it. That should become part of the standard install, though."
It should but they don't, not even round here where power cuts are commonplace.
FYI, there are loads of CCTV type sealed lead-acid battery-backed up 12v power supplies out there, some of which are complete with a nice box and low voltage cut-out to stop you under-voltaging the cells. Cost is around 30quid. Add a low-drop 12v regulator (or a step-down DC-DC converter if you need 5v) just in case your ISP's box doesn't want 14v with ripple, and Bob is the brother of one of your parents, as they say.
I now get at least 8 hours's internet/phone compared to around 1 hour if the thing was going up to mains freq and back to 12v again.
It's probably just a little bit of consumer preference/user interface testing. Where are people most likely to click? The link at the bottom or the one in the middle of the screen the user accidentally triggers while trying to persuade their stupid phone to do respond to that really complex user interface interaction known as "scrolling back up to find the delete button".
Or is that just me?
Re: I'm not surprised.
Yes, this would be the point that makes me think of rolling out HSTS. But I'm also thinking of dumping TLSv1, and those two decisions put together means some of our readers (the ones with android 4 devices) get kicked off the site....
Maybe I need to convince relevant people we need a mobile version of the site which does older TLS versions, and conditional redirects / header setting.
Re: Be much more interested in...
In Europe, the half-hearted attempt at safety shutters on Schuko/french sockets relies upon the pins pushing sloping shutters out of the way, a motion which is only made possible by the presence of some kind of lubricant. When said lubricant has melted/vanished/gone sticky or when the track/pivot on which the shutters are laughingly described as moving is no longer in perfect condition, the only way to get the pins into the socket remaining is wiggle, twist and apply extreme force, e.g. with a large hammer. Said tool of course further damages the shutters and does bad things to the cable, and the whole process may lead to bruising of the head against nearby brick walls.
Add to this the disaster known as "switched socket, what's that?" and you have to unplug / plug in the stupid things far more than you would in the UK.
Re: Old Linux ?
32K? Thirty two? What luxury! You could play acorn invaders and rat race in 3K, as long as you could get the volume right on the tape player.
3K of RAM really taught you how to watch your code for bloat.
The first Linux distro I used fited on 2 floppies, if I remember right that was including including gcc.
I imagine in quite a few locations on this planet, a 2km square pinpoints your exact home. Should we understand there some kind of 'polygon sized to fit 10000 people' calculation?' Even then, searching on some terms, one in 10000 might be enough to identify someone uniquely.
Whats the baud rate for a tin cup and and a piece of string?
If you can get hold of some light, inextensible string, as beloved by high-school physics teachers, then your signals arrive instantaneously (0 propagation delay, since the string will not extend) and depending on the mass of your cup then your data rate could exceed that of all known network cables.
Unfortunately the last time I looked, they'd stopped making it. Something about the laws of physics.
Re: The Holy Trinity
You forgot extremists.
I notice that "extremists" now potentially includes your grandma and / or the local vicar, assuming they still hold views they've held for 40 years.
Re: Ah, but
C15? C15? Wow, you lucky guy!
Try finding your program when it's somewhere on a C90 and the tape counter's broken.
Not to mention the pain of discovering that even after upgrading to a whopping 3k of RAM you don't have the space to implement a high-score table well as use colour graphics.
Youngsters these days...
Re: Shared Hosting
One little-discussed 'gotcha' of SNI is that, unexpectedly to the user who's been told 'no one can see
what you're browsing with https' ... with SNI they can. Because SNI isn't sent encrypted.
This gets significant when you, say, live in Iran and want to visit 'www.how-to-become-a-christian.org', (or in USA and want to visit 'diy.nuke.designs.nk')
Re: Only one so far
Public Cc: list? Never mind the fraud, extorting money with menaces etc,... they've gone and broken GDPR too!
That'll get them in trouble.
(not a lawyer!)
Re: Given Spectre
Watch this space... how long until all the mitigations for meltdown/spectre/rowhammer etc. mean that there is such a cost-disadvantage / admin nightmare to 'cloud computing' that it ends up as out of date for 'real work' as dialing in to someone's mainframe?
Re: Oh Lord
My 2007 car has said hooks. The mfr-designed, bought-with-car-from-new floor mats, however had no provision for connecting to the the hooks and relied on sticky-backed velcro which came unstuck after a year or 3.
Re: Unplugged most of the time.
If you're in the UK, and they don't take it back, then talk to your local trading standards people.
"not fit for purpose" sounds like a good description.
If the FBI can tie the IP address to people...
I hope they're GDPR compliant.
Re: @Herring`- "is there a chance of any document data being sent to MS?"
Back in the days pre-Y2K, I was a postdoc researcher in space debris impact science, we had various bits of data about the properties of highly compressed metals we were using (for entirely peaceful purposes) that originally came from one of those ^^^ .
The nice guys who let us play with their data would have been rather unhappy at the thought of, say, a (very strictly internal!) report that included such gems being exported to wherever MSoft decided to send it.
I vaguely seem to remember that thermite was one of their recommended disk-disposal methods to ensure compliance with arms non-export / non-proliferation regulations, when more serious tools weren't available. Just imagine the help-desk call for that one.. Hello, I have reason to believe you've just slurped some nuclear secrets. Where do Uncle Sam's guys with the thermite need to go to ensure that it doesn't proliferate?
Shock/horror: unpatched software vulnerable to known vulns
Mikrotik patch was released > a year ago.
Excuse me for being stupid... if I was designing something to connect the engine management system to entertainment system - presumably for display purposes? - it would be strictly one way, probably with 1-way, physically separated opto-couplers, so that some kid pouring coke into the entertainment system had zero chance of inflicting, say, 50w of audio signal onto the can-bus.
Why would anyone want to let the stereo muck about with engine management?
Re: I'm still waiting for e-mails from Facebook(*) and Google
Isn't this wrong? There are multiple options for the legal basis, consent is only one of them. They might decide they ought to be able to claim that knowing my browsing habits is a legitimate business requirement.
The biggest "problem" is when they used to rely on 'we could do it, and we're too big to bother with fines, so we did it.' For some reason that isn't in the GDPR.
Not being part of the EU didn't noticably stop them before we joined, why should leaving make a difference?
Is it rocket science?
Having wielded the rocket equation a few times, I think it's the rocket engineering (and orbital mechanics and re-entry maths) that are the really hard bit(s).
Re: GDPR Deadline...
I thought it was 4% PLUS damages/time/etc?
After all, if they're failing to protect your rights, (72hour notification...) and on top of that they're causing significant stress, hair-loss, sleep-loss, humour-loss....
GDPR rights vs MS
I wonder what happens if/when someone (on May 26th) demands MS (a) hand over all the data they have on them (b) delete it, (c) never collects any more, (d) does not contact them for advertising purposes.
Does MS send them a complementary copy of Windows 95, freedos, or ubuntu?
Oh joy. Added complexity...
My wife half-expects that at some point the sum total of IT/networking/power distribution will become so complex and (for want of another term) balkanised into specialisms, that it essentially becomes impossible for humanity as a whole to maintain it, and then something will break and we'll be back to heating with wood and communicating with pen an ink (or maybe IT jobs will become more critical to society than doctors/nurses and we'll all die from treatable diseases??).
When you add in obsolescence, shortening product-lifecycles and lost/outdated skill-sets (is anyone anywhere employed as a thermionic valve designer any more? How many people can read amd64 assembler compared to the numbers who could write 6502 or Z80 30 years ago?) then I tend to agree with her.
acrn should be arm-centric!
Given the early days of ARM as of Acorn RISC Machines.
the oldest bad practice in the book.
I <it>have seen</it>, in a book my son was lent by his school teacher, about a year ago, exactly this sort of code. Take variable from $_GET, build string by concatenation, pass to SQL. No input checking at all.
Someone - big name publisher - made money selling that book. Someone wants to make money selling the revised version, which I'd hope talks in detail about sanity checking and prepared statements.
Someone ought to be offering a permanent recall on the early version of the book and free-replacement including shipping to anyone with a copy, because it was plainly never fit for sale. Instead, copies are still being lent to school kids by teachers because the school budget can't afford to restock the library.
Ob disclaimer: I have no connection with anyone in the above certificate fiasco. And I expect that no one bothered fixing it because that would take time. WHY do CAs who ask for your private keys still get any custom?
...to the darkness bind them
I thought the whole thing about the one pin, was that assuming you don't want to be subject to the evil overlord, you needed to throw it into Mount Doom? (see icon for effectiveness >>>>)
Now all we need to do is work out how you that to the customer services bod....
Re: "effort wouldn't be better expended on something of more value to society."
Well argued and informative. Have an up-vote.
Now, we need similarly sane and coherent* arguments against HTML in email. Any takers?
* Not to be confused with the light-sources on top of sharks.
Re: feature request
I remember, back in the 90s, we all said "ignore the scare-mail chain-letters, you can't get a virus just from opening email."
Because it's plain text.
mutt is (this) man's best friend
Re: 1,000 Satellites?!?
The probability that one 'rapid disassembly' will have a reasonable chance of causing another has been calculated numerous times. I seem to remember that if you pick the right orbit then a bit of precession, etc. will effectively obliterate anything in a similar orbit. But it's a long time since I was last at a space debris conference, so I don't remember the details.
Just wondering... which band are they planning to render unusable for radio communications purposes?
Has anyone raised this with ITU / CEPT / Ofcom / FCC about this?
Re: Alien UFO's are Real - True / False...
Not a solid scrap of evidence to say that no god exists either. Of course there's lots and lots of circumstantial, hear-say and personal non-revelations, not to mention fingers-in-ears 'I can't hear you' arguments that get repeated often enough that they're assumed to be incontrovertible fact.
Which God don't you believe in? There are an awful lot of awful ones, and a lot of awful people who use their awful misconception that 'My friend says we're doing it for God so God must approve' as an excuse to do awful things. Politics-dressed-as-religion and hatred-dressed-as-religion and ambition-dressed-as-religion, etc. just tell us that religion is a powerful social force.
My own opinion is they tell us quite a lot about human nature (<sarcasm>deep down there's good in everyone, yeah, it shows</sarcasm>) and basically nothing about why the one who keeps the electrons spinning would decide to get born in a stigmatised way into a despised minority group with a well-proven history of rejecting him. Oh yeah, it was so that he could spend about 3 years as preaching to people who mostly didn't listen and then get tortured to death, that explains it.
Have a very happy Christmas everyone. Don't get so merry you get stupid.
it tuns with elevated privileges...
So.. we can't trust programs that run with elevated privs to check files such as (shock) network access, (horror) upload data, and (gasp) receive OTA updates. Based on this reasoning, and the current rash of Govt.s worldwide giving themselves super-dooper-snooper data-demanding capabilities, do all nations now need their own brand of AV?
Or is it finally the year of the VT100 desktop(TM) ?
Re: 98.2 percent of all statistics
I thought it was 97.4850006487
I thought the whole point of the block chain was that everyone can (has to) verify that block X went to wallet Y, and therefore the transaction is verifiable.
Surely there ought to be a mechanism to undo that? At least partially, even if there's no roll-back due to other transactions, shouldn't the receiving wallet(s) be marked as criminal and so blocked, etc, by all miners everywhere?
Re: ferc is a nice one.
I sincerely hope that excludes power station designs, floor plans etc.
Especially anything that might do that if mistreated -->
Re: What worries me
What worries me even more is that I've seen a big-roadside-screen add showing people how to get to their wonderful site.... just enter our URL into google's search box.
Complete with the http:// bit.
Re: Flying is the easy bit...
I thought it was throwing yourself at the ground and missing.
please can I have a patch for my phone? Tnx.
Dear Reg readers... is there ANY brand of <200quid phones that actually provides long term (> 2year) patch support?
Or, put another way, what are the chances of me ending up with a non-bricked, fully-functional phone if I try installing lineageOS on it?
#10 - 15
10. Ignorant and wicked are the doings of those coders who, in the case of the desktop or the desktop application include a dependency upon systemd.
11. This perverse dependency upon systemd is quite evidently one of the tares that were sown while the greybeards slept.
12. In former times the init process was relevant not after, but before user interaction, as tests of true geekdom.
13. The geeks are freed by devuan from all penalties; they are already dead to systemd, and have a right to be released from them.
14. The imperfect knowledge of the command-line, that is to say, the imperfect globbing, of the GUI-user brings with it, of necessity, great fear; and the smaller the knowledge of globbing, the greater is the fear.
15. This fear and horror is sufficient of itself alone (to say nothing of other things) to constitute the penalty of EMACS, since it is very near to the horror of despair.
100 MW of batteries
100 MWh, or 100 MW in/out for (people in the know) knows how long?
embrace... extend... bloat?
So instead of an out of band unreliable message that works on every mobile phone, those with no smart-phone are left in the cold, those with an ageing phone barely enough spare storage (after all the decent bloating of apps /OS) to run what they want get to give up some more precious MB, and everyone gets pushed into installing another piece of google spy/bloat-ware which needs to regularly contact home and report on us just-in-case....
Is this supposed to be an extension to the otp authenticator app? Google's version is already bigger than the free versions.
:-( The weaknesses are in the Wi-Fi standard itself.
:-( make sure all your devices are updated, and you should also update the firmware of your router.
:-( Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients.
:-( Our attack is especially catastrophic against version 2.4 and above of wpa_supplicant, (linux, android >=6 )...
Equifax's malvertising scare, Chromebook TPM RSA key panic, Cuban embassy sonic weapon heard at last – and more
Re: cuba noise sounds like cicadas or other noisy insects
My guess is it was just someone trying to play the violin on the wrong side of the bridge. Or slightly more seriously, a few really badly configured baby monitors or network-over-mains in the embassy electrics doing bad things to the the tube lighting. Someone should stick an oscilloscope on the live wire and start turning things off one by one.