Posts by Ken Hagan

Re: Only way to fix Flash...

Well you could just disable it in the browser. Apart from tin-foil tittle-tattle, do we have evidence that this is not sufficient? Is there some way for a web-site to turn it back on again? Does Windows Update sometimes turn it back on again? I would imagine not, but if anyone has evidence to the contrary then that would indeed be interesting.

Re: Menu changes?

Ugh! We'd probably pick the fresh install, since that will be the growing population whereas the OTA updates are the shrinking on. But if we're going to be damned either way then ... ugh!

Re: Menu changes?

"What to do when an update applies a change which you really, really don't want? When it's a big release update then I think you have no other choice but to accept, if you don't then you can kiss any future (security) updates goodbye as well."

Welcome to my world. I'm a developer and my *test* machines have run vanilla Windows since forever. If I get a bug report and it turns out that it only happens when someone tweaks something but vanilla Windows is OK, that's sad but forgivable and I can just get on with fixing the bug now that I've got a repro case. If I get a bug that happens in vanilla Windows and I missed it because "I never use that", that's sad and makes me look arrogant and lame. So my rule is "No tweaking to make it bearable is allowed" because there are an infinite number of tweaked configurations and only one vanilla one and I'd like a finite test matrix please.

That means I've had to put up with the out-of-the-box defaults for every version of Windows ever.

Except Win8, of course. That was simply unbearable so I installed Classic Shell, like everyone else.

Re: IPv6 is fundamentally broken

"2001:db8:42:1::2

But what the fuck does that mean?"

You seriously expect an IP address to mean something? Odd. But let's have a go anyway...

The 2001:db8 means this is a unicast address with global scope. The equivalent in IPv4-speak is "not in the 224.x.x.x/4 block, and not in 10.x.x.x/8, 172.20.x.x/12, 192.168.x.x/16 or 169.254.x.x/16 either".

The 42:1 is your network. Short, isn't it? Lucky you. Mine is a few characters longer, but to be honest I can't remember it because there is this thing called DNS so I don't have to. For a SOHO user, the 42.1 is the moral equivalent of the external IP address of your NAT. It is the bit that someone might use to track "you" rather than a particular network adapter that you own.

The ::2 is your address within that network. It's also short and I assume that someone has deliberately engineered that address because they occasionally need to type it directly rather than relying on DNS. For a SOHO user, the ::2 is the moral equivalent of the internal IP address of your NAT.

I occasionally hear objections to IPv6 on the grounds that you can't remember the addresses, but the only bit that needs remembering on a machine-by-machine basis is this ::2 bit and the only machines you need to remember are your routers and DNS servers. If you can manage this feat in IPv4 then IPv6 is not going to trouble you. Also, if this had been a multicast prefix, the ::2 suffix would have meant "all routers in this scope", because IPv6 addresses, if anything, are more expressive than the IPv4 ones they replace, so the number of machine addresses you need to remember might actually be fewer in IPv6 than in IPv4.

Re: "Let's use a firewall"

"The issue with a firewall is it requires network skills to be properly configured. NAT implies a simple "all inbound connections denied" default rule, and can't be turned off fully. I'm quite sure what most lusers would do with their firewall when encountering a connection issue - i.e. some game doesn't work - would be an "allow everything" rule. There are already many stupid "how to" around that shows how to solve such issues crippling security completely."

You appear to be arguing with yourself here. If NAT provides a simple "all inbound connections denied" rule that can't be turned off fully, then you'll be delighted to know that this is equally easily arranged in an IPv6 firewall as well. In fact, if it isn't the default then you need to publish the name of the router vendor so that we can all condemn them for reckless cluelessness and tell all our friends and relatives that they should not touch said vendor with a 20-foot pole.

If, on the other hand, you enjoy the fact that you can punch a hole in your IPv4 NAT whenever a game asks you to then you'l be delighted to know that this is also possible and no more reckless on IPv6 than it would be on IPv4.

Re: IPv6 usage soaring?

"Nonsense, it's been in there for decades they've just been going out of their way to turn it off."

By "going out of their way" I assume you are referring to the common practice of rolling their own build of Linux rather than simply ensuring that suitable drivers are pushed upstream each time they use a new piece of hardware. If they did that, they could all be running one of the maintained and fully-featured distros listed here: https://en.wikipedia.org/wiki/List_of_router_and_firewall_distributions.

But no. Apparently it is "better" to roll your own, so that the crap support can be used to "tempt" users into buying another router each time they want a software change. Imagine if Patch Tuesday didn't exist and everyone was supposed to fix zero-day holes in Windows by buying a new machine.

Actually, no. Don't give them ideas.

"Also I think people are over reacting, IPv4/v6 Internet access only really becomes an issue when websites turn off IPv4 access ..."

For existing web-sites, that may be true. Do you have some reason for believing that we've hit "peak website" and that new sites are going to be a rarity from now on? To me, it seems more likely that at some point in the fairly near future the "next great thing" will just happen to be IPv6 only because that's all the founders could get hold of when they were a start-up.

"...and/or ISPs also stop supporting IPv4..."

New ISPs will face the same problem. (At least, I hope they do. God help us if we have actually hit "peak ISP" and are stuck with the current lot.)

Re: On the subject of the hardware specs.

"The hardware requirements and processes for Chromebooks are quite different from running Windows or Linux"

Well, yes, because most of the software is running in the Dalvik or JavaScript engines, so the hardware needs to be rather better than a Linux machine running natively compiled apps.

"but they also got rid of the cursor keys and home/end"

Odd. *My* Chromebook has the arrow keys but doesn't have Insert or Delete. There are really quite a few programs where the latter omission means I have to pick up the mouse and navigate through a menu or two, just to perform an action that for the past few decades has been a simple keypress.

Is there some sort of standard for ChromeOS keyboards or is it just "you can provide whatever subset of a full keyboard that you like, as long as it is a subset"?

Re: Also

My experience is that ChromeOS (and Crouton, if you put that on top) *is* still crippled. Yes, it is a Linux kernel underneath, but it is the kernel that the OEM chose to put there, with whatever options they chose when building it and whatever modules they chose to ship it with. A couple of years down the line, you'd still be running kernel version "old.past-it" and relying on Samsung or Google for security updates. (I don't know which, but if it is like phones then it will be Samsung and you are shit out of luck.)

At least this model isn't ARM-based and so it will probably conform to all those nice de-facto platform standards imposed by Microsoft for everything around the CPU. That means you have a reasonable chance of putting a recent Linux build on and keeping it "recent" for the lifetime of the hardware, which (contrary to the hardware vendor's fondest wishes) is *not* "six months and then you toss it away and buy the latest model".

Re: Still climbing

"That number taking to the streets is an even more impressive display of opposition. Tony Blair and Parliament didn't take any notice of them either."

Not immediately, no. I suspect that he regretted that once all the chickens had come home to roost. Sure, he never said "I was wrong and should have listened to all the scruffy oiks on the streets." but he has lived the rest of his life under the shadow of that decision, he was politely rottweilered in the ensuing inquiry and his historical legacy is almost certainly "mixed".

"Why can't we have a prime minister, just as we have now, without the Royal barnacles clinging to the hull weighing us down?"

I suppose we could, but without the Royal barnacles our head of state would either be that prime minister or a barnacle chosen from the same pond or a barnacle chosen by popular vote on a Saturday evening TV show.

Re: CA Security Council...

It was the "Therefore, " that puzzled me. The kind of company that unknowingly allows its keys to be compromised is the kind of company that will just stick this dongle in their signing server and give all their devs login rights.

Re: What's up, El Reg?

Compared with twenty years ago, issues around lousy IT security are far more mainstream and probably far more important. Over the long term, I'd expect El Reg to be covering more political stories. At the same time, US politics seems to be going through a terribly divisive period, so what stories do occur are likely to annoy one side or the other. Possibly something for the editors to keep an eye on.

Re: It's quiet... too quiet!

"nothing different... Private email, insecure phone"

Actually, since "private" and "insecure" have no particular relationship to one another, I'd say there was quite a big difference. The common factor is that the NSA are unhappy in both cases. Since one of their core functions is knowing about that kind of shit and another is being on the same side as the US government, I'd have thought that such advice was worth taking. But hey, I'm just some doofus who posts to the internet. I'm not as smart as the leaders of the world.

Re: Yes we do, but it'll never happen

@bazza: spot on...

" I think before we can talk about a free mobile OS we need a popular free and nearly universal hardware standard for mobiles."

This is the sticking point. Yes we have things like Ubuntu One and even Cyanogen Mod but it's not that easy to get it running on your phone and not everything will quite work once you do. Worse, in six months the handset guys will have a new offering and it will be another six months after *that* before this new shiny is supported by your favoured free OS.

Apparently this suits the hardware vendors just fine, so I don't expect the situation to improve just because the FSF wants it too. RMS simply has no leverage with the people causing the problem. Even Canonical, who actually have the cash to bribe a handset maker into offering their OS, haven't made much impression and (at time of writing) have no phone offering.

Look at the list of supported handsets for Cyanogen Mod. It's massive, all with varying degrees of "working" and (by implication) varying degrees of "supported by a competent developer if you, dear user, run into trouble.

Look at the list of ARM-based PCs that you can hack Linux onto. There aren't so many, but they are all still differemt so you find that only some distros are supported and they are usually running an older kernel.

Now look at the x86-based PC, where Linux really works. There's one hardware standard. The very latest software is available for download. Installation is trivial (even in a UEFI world) and you have thousands of support options.

Re: How long...

"Pretty soon SOMEONE will propose the redo the Internet from the beginning: this time with full attestation at all points; no more anonymity."

I could live with that. The bad governments can already tell (if they want to) if you are connecting to an end-point that lies outside their control, so today's VPN fans are already subject to the sort of traffic analysis that such a proposal would allow. On the other hand, a reliable (or even semi-reliable) method of determining where content had come from would make your average spam filter about a billion times more accurate.

Anonymity on the internet is like guns in real life. If you have it, you are either already known to the government and doing it within local law, or you are outside the law and they'll come down on you like a ton of shit if they ever find out.

The solution is to fix your government so that they aren't a bunch of control freaks. Merely using technological band-aids to make it hard for them will just make them angry control freaks.