Posts by Number6 2331 publicly visible posts • joined 10 Jun 2009
The Windows shop is going to keep hyping Windows 11 and trying to sell the public on its AI OS vision, whether customers like it or not.
A lot of customers don't have a choice. Some of the tools I need for work are only available on Windows, which is why my work PC is new enough to run Windows 11. However, it lives on my desk next to my Linux machine which does pretty much everything I need it to for my use.
In a similar vein, one of the largest potential vulnerabilities for all users are ad brokers. You're clicking on a web page, which includes a load of JavaScript from a third party. Neither you nor the owner of the website you're viewing has any idea what's in that code, and there have been a few instances where someone has successfully attacked the ad broker, so that JavaScript contains malware. The only way you're going to improve that is to put all of that server side, so that static images are what gets delivered to the end user. That would also potentially defeat most ad blockers, because if done correctly, it would be near-impossible to distinguish between an ad and a wanted image.
There's a lot of other JavaScript that gets loaded from third-party sites too, which means that even if everything was fine when the web page was written, if someone compromises that site the day after you've released your web page on the masses, it's going to affect a lot of people. Sadly, the only way to reduce this risk is to take your own copy of the common code and source it from your own servers, so that even if the central library gets compromised afterwards, you still have a pristine copy (assuming you're not blindly auto-updating). If your server gets compromised then it doesn't affect all the others with their own copies.
Security and convenience have a fraught relationship, and you rarely get both together.
I have a PC I put together in 2013. It has an i5 processor and 32GB RAM. I recently swapped out the graphics card because I was given an Nvidia P2000 which was better than what I had. It's running Linux perfectly happily. I have looked at replacing it a few times but I'm not convinced newer stuff at an affordable price is going to be significantly better. It's not capable of running Windows 11, but that's OK, I don't want to.
Interesting to read the line:
...designed it for machines that it had already sold. It did not want to let existing customers down.
While not quite the same situation, Microsoft, is effectively abandoning existing PC users who have machines that could probably run Windows 11 perfectly well, but are being prevented from doing so by MS design decisions. None of my machines is considered capable of running it, despite being decent spec machines, their only failings being that the CPUs are considered too old. Of course, they still have that big stick to beat people with, if they stop supporting Windows 10 and key applications are only available on Windows, industry has to give in and buy new machines, whereas home users will still hang on with their last version of Windows 10 while their PCs are still good enough, and security will start to fall apart because undoubtedly it still has some embarrassing vulnerabilities.
I do still run OS/2 in a VM on my Linux machine. It was a nice OS, shame it got screwed over.
I second the OpenWRT route too. TP-Link routers tend to be cheap and reliable, although I've never used their software for longer than it takes to reflash it. My router currently says it's been up for 236 days, which is probably about when we last had a power outage longer than the UPS could handle. It's handling VLANs to keep some devices partitioned off from the rest of the network on their own subnet, took a bit of effort but figured it out in the end.
If MS want to provide me, at their expense, with new PCs that meet their hardware requirements then I might consider swapping out the W10 machines here. Most of what I have runs Linux, some of it is 10 years old (I finally replaced a Core 2 Duo machine last month, ironically with someone else's cast-off as they upgraded to W11 hardware) and runs the latest distros just fine. So no, not going to switch to W11 any time soon.
I've seen something like that in use at Bryce Canyon in Utah, hauling people up out of the canyon. Eight local volunteers, from the fire department and other locals, come down with it, strap the casualty to it and then wheel them back up the narrow path. It's at 9000ft, so I suspect they get plenty of practice with all the visiting sea-level dwellers.
I know they've got more lawyers, but I'd start with the line that it was their error, so I shouldn't have to pay more than my existing fees until the time I would have had to upgrade anyway (if I've got proof of typical upgrade cycles for my company then I'd use that to nominate a date).
I see a need to change the law to provide a full and immediate refund if a smart device is returned because the buyer did not wish to provide the required permissions if they were not clearly disclosed in advance of the purchase. If you can't determine whether a device is acceptable before purchase and attempting to set it up then you don't know if it will be fit for purpose. Having a significant return rate might cause some of these companies to revise their policies a bit.
Last time I bought a large screen TV I managed to find a dumb one - I probably couldn't find one now. I attempt to confine various other IoT devices to my home network with a firewall entry in the router, and a few that do need external access are separated out onto their own VLAN so they can't see the rest of the network. I try not to buy stuff that requires giving away personal data.
There might be something in it. In the early days of stealth technology there were moves to create a stealth warship[*], but one of the limitations was that while you couldn't see a positive return from the ship, what you ended up with was a hole in the general noise caused by the returns from the sea. So if you were paying attention, you could deduce the rough location by where there wasn't such a noisy return. It's quite possible that the same trick could be applied to an F22 - if everything around it is providing a good return then it's sitting in the quiet hole in the middle. A lot harder to do, of course, because a warship tends to be a lot bigger than an F22.
[*] I know they have improved the warships to reduce the returns, if you compare a modern one with a WW2 destroyer and all those random reflecting surfaces, they're a lot harder to spot directly, and looking for the hole is going to be a lot harder.
Because if it turns out they missed one, or another one arrives between writing the press release and publishing it, they'll get roasted for being wrong. I almost never make a definite statement for the same reason, because people, especially the media, often forget the implied "to the best of my knowledge and belief". Saying "approximately" instead saves several seconds and avoids the need to type a few letters.
As far as I know the cameras just assume any speed sign that is facing you applies to you.
I foresee much fun with this one. If you live in a village and your house number is appropriately low, make yourself a sign with that number in a red circle and display it in your front garden to get all the cars to slow down.
If it's using GPS then there are several situations where it can get confused about the speed limit. I drive in the US using Google Maps for general navigation, and it shows me the speed I'm doing, and what it thinks is the current speed limit. Sometimes it doesn't show a limit when it has decided it doesn't know, which is fair enough. Sometimes I can see the limit change as I pass the relevant sign, but it does have a noticeable failure rate, especially when there's a freeway running parallel to a slower road, often separated only by a small distance. The other place it can get briefly confused is when two roads with different limits cross, because then it depends on how well it copes with any disturbance in the GPS signals due to reflections from overpasses. The other place it often gets it wrong is roadworks, where it will continue to display the normal speed limit, rather than the reduced roadwork limit.
So we'll be able to disable the Recall feature. I wonder how sure we can be that this will stick, and that it won't quietly and "accidentally" be re-enabled by a future update? Or by a convenient and exploitable security hole, where malware could enable it, let it run for a while and haul in the net to see if you've done anything interesting in the intervening period. I would much prefer it to e an installable feature that I could purge from the disk.
Not that it's directly my problem at the moment - another Linux user at home, and my PCs are all too old to run Windows 11 anyway, despite working perfectly well with the latest Linux. The work machine, I'm only concerned if something bad happened and it abused my home network while it was connected, I don't keep any of my personal data on there.
Safest place for the tower is on top of the school. Your average cell tower antenna is designed to radiate very little energy downwards, so the children would be in the zone of least field strength, unlike putting the tower down the road a bit. Also, good signal strength received by the tower (easily achieved by optimal receive antenna placement - doesn't have to be the same as the TX antenna) causes mobile phones to adjust their transmit power downwards, further reducing exposure by children using phones.
But as said elsewhere, you can't fight wilful ignorance with facts.
I don't know about the persuasion side (I thought it was a company initiative, not imposed from outside), but we get that too. I can't be arsed to flag them with the button installed on Outlook, I just add them to my blocked senders list locally in case they re-use a dodgy address. I get way more fake spam than I do real spam.
I think the way it works now is that the DHCP server will remember you for some period of time, which may be from zero to "we need an address for something not in our system, let's take this one" after your last lease elapses. I know that the few times I've had an ISP outage, short ones mean I get the same IP address, longer ones mean I have to go reconfigure a bunch of stuff that relies on knowing the address. I did set up a cron script on one of my machines that queries the IP4 and IP6 addresses regularly and will let me know if either changes.
The other change is that in the early days we were on dial-up modems, so leases probably had deliberately short timeouts, whereas now I suspect that you get at least 24hrs for a typical DSL or cable connection (mine currently has almost four days left), simply because they do tend to be up most of the time.
I had to jump through a few hoops to get Google to accept my home server, but it seems to be working smoothly now. Ironically the only problem I have at present is with Proofpoint. For some reason they decided to add my mail server IP to the Cloudmark CSI-Global list a couple of weeks ago, and they're either ignoring my request to sort it (I wish they'd explain why something landed on a blocklist, too - is it because someone else in the netblock is running a dodgy server?) or are merely taking forever to look at it. In the meantime, it won't even let my server connect to any of their stuff, which makes it harder to forward stuff from home to work, as well as talk to a few other people who use email providers who use their services.
I think I still have a DAT drive somewhere, and one of my older machine still has an Adaptec 2940 SCSI controller in it, even though there's nothing currently connected to it.
I would like to be able to justify an LTO drive of adequate capacity for home use - said DAT drive, in the days when capacity was larger than a hard disk, used to do weekly full backups, spit the tape out and prompt for a new one, then do incremental backups for the rest of the week, then spit the tape out and prompt for a new one, ready for the following full backup. All done with scripts, too. I even did a successful restore once, when the disk abruptly died on me. Every few months I'd take a tape to work and store it there, bringing home an older one.
I still have an OKI Microline dot matrix printer somewhere, wide version, too. However, I think it's only a parallel interface, so I'll need to get an expansion board if I ever resurrect it.
However, for proper thundering, I once had an ASR33 teletype in my bedroom. Everyone in the house knew when I was printing on that. None of this two pages a minute, it was probably closer to two lines per minute.
I think officially, to be a CP/M program, you were supposed to stick to the 8080 instruction set.
I used to know the Z80 assembly stuff off by heart - I could write the assembly language and then go down and write all the op codes, effectively hand assembling it. Forgotten most of it by now though, although somewhere I do still have my home-made Z80 computer with 7-segment LEDs and a hex keypad. I think it may even still work if the EPROMs haven't given up.
The UK considers it restraint of trade and the Unfair Contracts Act has put reasonable limits on it, with notice periods and compensation usually incorporated into employment contracts. The US largely doesn't have such contracts, many employers expect you to give two weeks' notice (although you're free to just walk out) but wouldn't dream of giving you two weeks' pay if they fire you on the spot.
Gardening leave is a reasonable compromise, you get paid a fair wage, your (soon to be former) employer gets a 3- or 6-month head start on anything you might subsequently do, and you get a nice holiday. Although I've heard tales of people required to turn up for their notice period, to be seated in a bare room with the minimum of furniture.
There are two sides to it - do you see the ads, and are you being tracked even if you're not?
One way to get around ad blockers is to collect the image but then render a blank space or otherwise not bother to display it, which hides the ad but doesn't stop them collecting their tracking data.
I use an ad blocker because I find the ads annoying and intrusive, and given that they're usually arriving courtesy of Javascript from an unknown third party broker, I don't want that script, which is potentially a malware vector, running on my system. I also run a script blocker, which is an eye-opener to see the huge variety of third-party scripts that some sites run. Again, a potential malware vector, so I try to only run the minimum necessary to load the page. If it's too difficult I give up and go elsewhere.
Anyone who can implement a decent server-side ad-dispenser will probably do well with it, because then the ads get served as part of the page load rather than a separate script and would be way harder to block. It also avoids the malware problem because static images are way less likely to be a source of something dodgy. However, all those third party data-collection companies would find their business models dented.
Texas has a power grid isolated from the rest of the country. Perhaps the EIA could draft a new regulation covering 49 states and excluding Texas. After all, if they overload their own grid and jack up energy prices for the locals then that's their own problem, and if the locals don't like it, they can vote in state officials who will address it.
My work phone sits on my desk and goes on Do Not Disturb at 5pm. Sometimes I don't notice I've missed a call for several days, I look at it that often.
However, sending work emails after hours is fine. I do it, because if I want to go do something else in the middle of the day I might be catching up on stuff in the evening to compensate. However, I don't expect a response until the following day, and that's where the line should be drawn. If I notice an email during the evening and it's a two-minute fix then I'll respond, otherwise it can wait until morning.
Obviously I have a more enlightened employer than some.
Choose a Chinese manufacturing plant and within six months, your cheap competitor will appear on the market.
Actual practical example of this observed, tore down one of their products because one of its features was basically the same as ours. Superficially the design was similar in the same way that a couple of cars might look similar due to form and function requirements,, but I don't see why they bothered to etch one of our part numbers on the copper on the PCB like we did if it wasn't a direct copy.
The thinking was that as technology develops, certain tasks become easier. Some of it is also potentially solving other problems too. The current Mars rovers are all very limited in their navigation capabilities, they rely heavily on commands from Earth to do anything, which is partly why it takes them so long to get anywhere. One of the challenges in the competition was that of navigation; how reliably can you navigate when you don't have a compass (no decent magnetic field on Mars) or GPS, and on uncertain terrain so wheel odometry can't give a reliable indicator of distance?
The starting premise was that the "lander" containing the recovery robot would be in a known position, accurate to a few metres, based on being observed by passing satellites. The locations of the sample containers is known to a similar accuracy. Thus, the task is to navigate autonomously from the base to an approximate area and search, allowing for the fact that there may not be a sample in the area to find, if it's been buried. This is where it gets more interesting, because some teams used an approach that moved from sample location to sample location, collecting them all, before returning to base and disgorging the lot. Other teams worked on the principle that if a sample was found, return it to base immediately, which also gave opportunity to reset the navigation to a known starting point. The first approach clearly reduces total travel time, but is literally carrying all the eggs in one basket if the rover failed, whereas the latter would mean that if it failed after one or more successful recoveries, there would still be something worth sending back.
Also in there was object recognition, which was a lot less mature ten years ago - it was necessary to recognise the sample container in order to pick it up.
As for recovery, the plan was that the base station would be a rocket capable of reaching orbit, where it would rendezvous with an orbiter that was designed to reach Earth orbit, after which they could drop the sample package for retrieval in a manner that has since been demonstrated.
Given that they've got mobile rovers, adding an extra gadget to obtain and package samples is a relatively low incremental cost and risk, which is what's happening now. They may yet decide to leave them there if other technologies overtake it, but remember that this was long-range planning from many years back, trying to predict what advances would be made over the next 30 years or so.
From memory, over the five years they ran the competition, I think only three teams managed to get samples back to the platform under field conditions, and an impressive demonstration of the eggs-in-basket scenario when one of the otherwise more-successful robots decided to head off through the boundary fence instead of returning to base, due to a programming error. Some teams were university teams, some were one or two people doing it for fun, others were slightly larger groups.
They had to do it this way because of the funding. To propose the whole thing in one go would have been highly risky and expensive given the technology of the day, and would never have been given the green light. Each mission did a bit more and advanced the technology - rovers have been proven, now they've got one that is packaging up samples and leaving them to be recovered. A few years back they did a public competition to evaluate navigation and searching for samples and delivering them back to a base (see links), which was eventually achieved after five years, which means they could decide how best to do the recovery phase. OSIRIS-REX demonstrated recovery of samples from space to ground, and so in theory they can do it now if they've got the money.
https://www.flickr.com/photos/nasahqphoto/with/28859200974/
https://www.nasa.gov/directorates/stmd/stmd-prizes-challenges-crowdsourcing-program/nasa-awards-750k-in-sample-return-robot-challenge-for-autonomous-technology/
<disclaimer - I was on one of the teams participating in the challenge>
My ISP gives me a /64 to play with. Everything just works, anything on my home network that supports IPv6 picks up an address and can be used. My router tells me that last month 49.49% of traffic was IPv6. If I want to run a server accessible from the outside, I do have to add a rule to the router, so at least it comes up in a relatively safe condition by default - if you scan the address range from outside then you will only see those few holes in it, regardless of what's happening on my side of the router.
Looking at my webserver logs (external hosted server), I see a decent amount of IPv6 traffic too, so there are plenty of others who are probably using IPv6 without knowing it, too. A lot of mobile devices will have IPv6 allocated, so if you're browsing using your phone, chances are you're using IPv6 by default. Unless you're reading El Reg, of course, which appears to still only be IPv4.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
