* Posts by TonyHoyle

363 publicly visible posts • joined 22 Mar 2010

Page:

HP's CEO spells it out: You're a 'bad investment' if you don't buy HP supplies

TonyHoyle

Re: HP Toner

It's not really true any more.. LED printers aren't significantly more expenisve than inkjets, and have the advantage that they don't brick if you don't use them for a while (inkjets dry up, which means head replacement, and many models, including HP, that means a new printer.. it was precisely that happening that had me swear off HP, and inkjets, for good).

I've got a Colour Brother that although it wasn't the cheapest around, was a good investment and works first time every time I print to it, even if it's been months.

TonyHoyle

Re: Security

It's bullshit.. a cartridge has about 32 bytes of EPROM containing a serial number and some identifying stuff. It doesn't have a y kind of processor..

The number of design flaws you'd need in HP printers to make that a security risk is insane and would make HP printers a complete do not buy.

HP ate just trying to.undrrminr 3rd party cartridges for profit

Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections

TonyHoyle

Re: Sacre bleue

If it's not in the approved list of verification it would be unlwaful for them to do that.

They're specifically not allowed to warn the user when the government CA is in use.

TonyHoyle

Re: How is this to be managed?

It will be illegal for the browser to offer the ability to disable the government cert. Mozilla aren't going to risk billions in fines.

GhostBSD makes FreeBSD a little less frightening for the Linux loyal

TonyHoyle

Linux is fragmenting too much now - before you could hop between distros and there were really only a couple of variations even in system config, now you've even got distros ignoring FHS and calling that a feature..you can have 3 different ways of configuring the network even within the same distro (one of them might even work correctly) and god help you if you do a major update as you'll find a bunch of stuff that worked perfectly well has been 'deprecated'. Even debian is starting to be affected by the rot..

I previously looked at bsd but couldn't get my head around the ports system (using CVS to update the list of packages, then hunting around the directory tree until you found something that did what you wanted just seemed so primitive). Might have a look at this though.. I just want shit to work these days, don't GAF if it's new or shiny.

Millions of smart meters will brick it when 2G and 3G turns off

TonyHoyle

Re: Only as "smart" as the dumbest link

Go back to the ombudsman.

They can only back bill you for 12 months, not 8 years.. Those are the Ofcom rules. Anything they failed to bill you from before then is their problem.

TonyHoyle

Re: No corruption here.

> Before a smart meter was installed here, the meter reader came by twice a year and it was mandatory that he physically laid eyes on the meter at least once a year (or you'd have to reschedule a visit at a > time that suits you at your own expense).

It's still a requirement that a meter reader physically sees the meter once a year, even if you have a smart meter.

TonyHoyle

Re: Imagine the meetings

They are separate comms units but SOP for any meter issue is to replace the entire thing.

One of the fitters told me that if they lose access to the comms network for over 24 hours they brick and have to be replaced. That may or may not be true but I went through 6 of them before they fitted one that worked..

The other issues is the comms units are specific to the brand of meter, and there are, well, I know there are at least 6.. how many more I couldn't tell.

Luckily here in the north it's not a mobile phone network but a dedicated one operated by arquiva, so there's no issue with 2G.

Take Windows 11... please. Leaks confirm low numbers for Microsoft's latest OS

TonyHoyle

Re: Maybe it's the installer

The double step right click is a PITA.. it annoys me more than a feature so minor really should - probably because I do a lot of right clicking. I lasted less than a day on win11 before rolling back due to that. It's just so pointless.. it worked before, why change it?

Other things like the ads in the start menu I'm sure you can switch off, but staying on 10 means you don't have to.

Three signs that Wayland is becoming the favored way to get a GUI on Linux

TonyHoyle

Windows isn't a good example as it's implementation is stupid.. there are about 3 of them that yield different results, and they have to be be implemented by the apps.. a proper dpi scaler would be done at the OS layer not forcing apps to implement it.

The result is that some apps do it right, some half do it, and some not at all. If you're developing and you pull in a library it may or may not be hidpi compatible and even if it is it might use a different method so not be in sync with your app, leading to bug reports and annoyances for users.

A better example is mobile where the UI system was written to scale from the ground up and you largely don't have to think about it.

Core-JS chief complains open source is broken, no one will pay for it

TonyHoyle

Re: Read this yesterday

To a manager free = worthless. I had to learn that the hard way when I was younger. Used to do free work for charities.. Literally had one suddenly blank me and say they were going to 'hire a professional'. Like lady, this is my day job, you should have been paying about £1k a day for that work.

These days I've no problem submitting bug fixes for OSS projects but beyond that, cash or GTFO.

I really do sympathise with the guy, but he needs to walk away and start making some real money.. he doesn't owe those companies anything. So it'll break? That's on them.

Smart ovens do really dumb stuff to check for Wi-Fi

TonyHoyle

Re: "Smart TVs" just as bad

I installed an IOT alarm add-on board.. basically just an.overpriced esp32 board with some voltage conversion.. I'd naively thought it would be more than that.

When I looked at DNS logging some time later it was responsible for over 70% of the DNS queries for the entire house. There were bursts of it asking for the same website address multiple times per second.

Of course the onboard software was completely proprietary and couldn't easily be updated, so that ended up.in waste.

TonyHoyle

If it's like our air fryer it's to remind you to unplug it. It does the same thing.. beeps about once every 5 minutes until switched off, whether there's food in it or not.

Crazy decision by the manufacturer as it has a perfectly serviceable off button and has WiFi connectivity that is supposed to let you switch it on remotely - which is obviously impossible as it's kept unplugged..

A brand new Linux DRM display driver – for a 1992 computer

TonyHoyle

Re: Good.

These days there are ROM and SD card loaders for almost everything, or you can drop a gotek in for floppy emulation. The files were so small by comparison to today's storage you can easily have an SD with everything ever released.

TonyHoyle

Re: Good.

The ST was made to a budget and it's sound and graphics were on a par with previous 8 bit machines (the ST had a high resolution monochrome option but that locked out all the other modes and the monitor was expensive).

What it had going for it was the 68000 and GEM (which for the time was pretty cutting edge). And it was cheap - hence it was an ST not an Amiga under the tree that year

The STE and later Falcon fixed a lot of the issues by adding more colours, a blitter and better sound.. but it was too late, because by the time they appeared they were competing directly with the now lower priced Amiga.

Good news: Japanese boffins 3D print what looks like marbled Wagyu beef. Bad news: It's tiny and inedible

TonyHoyle

Re: Science Ahoy

Indeed there doesn't seem to be much progress except in price.. when I first heard of it it was $1m an ounce.. now it's somewhat cheaper.. but they still haven't made anything close to a single edible joint of meat.

We're a million miles away from a commercial process that can produce thousands of tonnes of the stuff for very little money with a low carbon footprint (which is surely the point).

ZX Spectrum reboot promising – steady now – 28MHz of sizzling Speccy speed now boasts improved Wi-Fi

TonyHoyle

Re: i've chipped in

It's not emulation.. it's a real spectrum designed by Rick Dickinson, the designer of the original Spectrum.

You can plug spectrum hardware in there, like an interface 1, and it'll work.

If an FPGA is defined as emulation, then the original spectrum was one too as it had a ULA at its heart (and the +2, +3 various different gate arrays). The only difference is the modern chips are programmable.

UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal

TonyHoyle

Re: And what about the people ...

The government is setting up a separate system for those without smartphones - NHS 119 - although how calling a number is going to manage contact tracing I've no idea.. but I guess calling it if you have symptoms allows them to track the spread.

5G signals won't make men infertile, sighs UK ad watchdog as it bans bonkers scary poster

TonyHoyle

I used to volunteer for a festival. The noise complaints would start coming in during the build week, before there was anything on site capable of making said noise.

The D in Systemd is for Directories: Poettering says his creation will phone /home in future

TonyHoyle

Re: I must be an edge case

An amusing thought is if they require login to decrypt the user directory then systemd user services are fubar.. and they're even semi useful for some things. So lennart is breaking his own stuff.

TonyHoyle

Re: SSH NOT a problem

Stick it in LDAP and have SSSD pick it up. It's as secure as your LDAP/Kerberos installation.

As long as there's fibre somewhere along the line, High Court judge reckons it's fine to flog it as 'fibre' broadband

TonyHoyle

56k Dialup can now be sold as fibre broadband, So can my mobile phone contract.

It's hard to get any kind of connectivity without fibre being involved somewhere.

Prince Harry takes a stand against poverty, injustice, inequality? Er, no, Fortnite

TonyHoyle

Re: Thanks Harry

Funny thing about that is scaled up it's basically how the EU presidency works..

We were in line to be the 'executive officer of the week' but decided to brexit instead :p

Why millions of Brits' mobile phones were knackered on Thursday: An expired Ericsson software certificate

TonyHoyle

Re: Oops

I tend to find companies with that mindset are complete shitshows.. they waste more money trying to be cheap than they ever save.

Then they go bust when all their cheap stuff breaks, and they're surprised.

Total Inability To Support User Phones: O2 fries, burning data for 32 million Brits

TonyHoyle

So either:

The third party suppliers, large enough to supply a company the size of O2 with significant infrastructure, doesn't roll out new updates to a test network first and doesn't have a rollback procedure in the case of emergency, in which case O2 picked an incompetent supplier.

Or O2 doesn't have the above (and they should, even if the supplier already does it.. you never trust new builds until you've validated them internally), and they're incompetent.

Well, this makes scents: Kotlin code quality smells better than Java

TonyHoyle

It's a better programming language overall. Developed by Jetbrains who know what programmers want out of a language (they also developed the IDE for it). It supports multiple programming styles & the community has built up around it like that.. for example if you're into functional programming, go for it, if you prefer OO, that's fine too.

OTOH it provides you with more than enough tools to shoot yourself in the foot with both barrels, reload then fire again. Which I predict plenty of people will do once it gets more popular.

ICANN't get no respect: Europe throws Whois privacy plan in the trash

TonyHoyle

Re: Local Expertise

Nominet simply don't list the address any more, just a statement that the address that they have on file is accurate.

This is all that's needed. GDPR allows sharing data for legal purposes so there's no loss to law enforcement, just spammers/domain harvesters.

Interestingly the RIPE database still contains this information, the argument I think being that the contacts for network blocks tend to be engineers in charge of them not individuals (plus they've implemented a right to have the data removed).

Time to ditch the front door key? Nest's new wireless smart lock is surprisingly convenient

TonyHoyle

It's clear from the information shown so far that these IOT locks aren't compatible at all with multipoint lock systems. Which means to install one you'd basically have to replace the door - to get worse security.

TonyHoyle

Re: Lock makers that you can trust?

This lock isn't compatible with modern doors like that - only old style wooden doors.

Not that this is likely to be a problem because google don't sell it in the UK or even appear to have any plans to (something that the register completely forgot to mention for some reason).

23,000 HTTPS certs will be axed in next 24 hours after private keys leak

TonyHoyle

https://twitter.com/Manawyrm/status/969230542578348033

Trustico execute commands typed into a URL as root.

The incompetence knows no bounds.

With any luck their currently down site will stay down permanently.

Nest's slick IoT burglar alarm catches crooks... while it eyes your wallet

TonyHoyle

Re: Nest's smartphone app really is the best

You'd be surprised - the alarm I ripped out when it broke is still a current model, was 3 years old when I disposed of it.

Not an IC on it.. all transistor based, so it was about 5 times the size it should be about 12" by 8".. I doubt the design has changed since the 1980s.

Replaced with an ESP8266 that does the same job in a 1.5 inch square piece of silicon (and gives me wireless status as well plus remote arming if I'm in wifi range).

TonyHoyle

Wait.. no connection to a siren? WTF is the point in an alarm you can only hear from *inside* the house?

I presume it has battery backup just not mentioned. It's trivial to add and would be bloody stupid without it..

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years

TonyHoyle

Re: here's a vendor which is not vulnerable to either attack

It does that by not supporting speculative branching at all.

So it's merely too crap to run spectre..

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

TonyHoyle

Re: List of CPUs affected?

Presently it's assumed to be all intel CPUs, with newer ones (<2 years) having extra instructions that drop the hit on benchmarks to 'only' 30%.

Windows 7 is on extended support, so should get a patch, but that's up to microsoft.

Next-gen telco protocol Diameter has last-gen security – researchers

TonyHoyle

Re: Diameter

Technically it wasn't designed 'these days'. Diameter (RFC3588) dates from 2003. Which probably makes it dangerously modern by telco standards..

The UK's super duper 1,000mph car is being tested in Cornwall

TonyHoyle

Strap a couple of SRBs to the corolla and point it directly upwards. It'll easily get to 1000mph then shortly do the same journey in reverse.

Knock, knock? Oh, no one there? No problem, Amazon will let itself in via your IoT smart lock

TonyHoyle

Re: What could possibly go wrong?

The much simpler solution of a box with a lock for which the amazon bloke has the key (or combination) doesn't seem to have been considered.

But that wouldn't net amazon 250 quid plus 20 quid a month subscription fees.

WPA2 KRACK attack smacks Wi-Fi security: Fundamental crypto crapto

TonyHoyle

Yes you can theoretically mitigate it on the AP - it effectively turns into a DoS on the client, which is in many cases preferable to leaking information.

Aruba are the first I've heard to actually implement this if so (Unifi only fixed client mode).

TonyHoyle

Unless your ubiquiti hardware is a client you did nothing.

This is a client side vulnerability not AP side, and there's little that can be done on the AP to detect it (and unifi have said they currently aren't tackling that.

Too many people are installing AP updates and thing they've fixed it. Nope. You need to update every wireless client.

Equifax mega-leak: Security wonks smack firm over breach notification plan

TonyHoyle

Well considering one was the CFO and one was the 'president of U.S. information solutions' the idea that neither of them knew of a significant data breach days after it happened is farcical.

Stand up who HASN'T been hit in the Equifax mega-hack – whoa, whoa, sit down everyone

TonyHoyle

Re: Can't even be arsed to use an Equifax cert?

Also they failed to defensively register

equifaxsecurity.com

equifax2017.com

equifaxsecurity2107.com

equifaxsecurity2018.com

etc.

As a result they've all been registered by a mixture of people having fun and miscreants stealing data.

Firmware update blunder bricks hundreds of home 'smart' locks

TonyHoyle

They're probably hardened against that, being $800 locks.

It's like being able to open padlocks with bits of beercan or pick locks in about 10 seconds flat (I've seen an electric lockpick in action.. 10 seconds is an outlier - it's probably quicker than using the key..). A *lot* of locks are just security theatre, but most burglars don't know that, and of those that do, they'll go after the easy ones rather than the hard ones, so all you have to do is make sure you don't get your lock from the bargain bin like your neighbour did and you're probably safe

TonyHoyle

I lost count of the number of companies that would publish an email support address that would just autorespond with a phone number. I don't get the mentality.. To badly misquote yoda.. have an email or don't, there is no middle ground.

TonyHoyle

Given the price I'm at a loss why it didn't have backup firmware and switch to that when the update failed. The kind of thing that has been standard in consumer upgradable devices for years.

But that would have cost them 10p, and required them to give a shit.

Blighty bloke: PC World lost my Mac Mini – and trolled my blog!

TonyHoyle

I'm not sure their reservation system actually does anything.

For various reasons I needed an extra hard drive caddy.. could have got it next day from amazon but this couldn't wait, so I did a 'reserve' on the PC World website and set off up there... so arrived maybe half an hour later. It's a £10 fairly common item.. should be easy, right?

They had the reservation on their system, sure, but it took the staff completely by surprise that anyone would actually want to pick one up - it took multiple staff hunting around the back of the store.. I was stood at the till for another half an hour before they turned up with the caddy. I would have walked out, but needed the damned thing.

In my head a reservation would mean that a little thing would pop up and a minion would go to the right place in the stock room (catalogued.. if your'e searching for stock you're doing it wrong) and put it behind the till.. 2-3 minutes tops. That's clearly not what happens..

US ATM fraud surges despite EMV

TonyHoyle

Re: Speed

It also says a lot about how much verification was going on with the magstripes ie. none.

The longest I've had to wait was 30 seconds which is generally small shops with handheld cheap readers. In larger stores it's so fast I've got the notification the money has gone from my account before the receipt printer has finished printing.. it's sub-second.

TonyHoyle

Heck, modern cards here don't even *have* a functional magstripe any more. Clone the magstripe on my card and you got some random data, congratulations.

The US is oddly behind on something so simple.

Global IPv4 address drought: Seriously, we're done now. We're done

TonyHoyle

Re: IPv6 is fundamentally broken

That would be ipv6 then.

Although cripping the network using NAT would be just cutting your hand off to spite your face, given that address randomisation means you're not trackable anyway.

TonyHoyle

Re: IPv6 usage soaring?

1 in 6 is a bit low considering how many users are on large ISPs which have enabled ipv6 like Sky and BT.

A home user that does nothing special will be running it without knowing or caring.

Smart Meter rollout delayed again. Cost us £11bn, eh?

TonyHoyle

Re: Free?

The electricity companies are refusing to install smart meters in houses with solar PV stating that smart meters can't work with them, so whatever the standards might say the companies that have to actually implement this stuff say they don't work.

Page: