ttj - Tom Jones

When bitcoin experts talk about a 51% attack, by which they mean control of majority of hash power by one entity, they always talk about double-spending attacks, as tho that's the thing to worry about. Controlling majority hashpower means the controlling entity can include or exclude whatever blocks, as well as transactions, they want.  Someone else solved a block?  That's nice, until that's not the main chain anymore, because controlling entity replaced it with a longer [0] one, which by definition they can do sooner or later. The bluntest strategy by controlling entity would be to exclude all blocks solved by others.  Tho sustainable in a system where nothing else changes, such a strategy would bring about dramatic second-order effects, from directed investment in balancing hash power, to the total failure of bitcoin, or perhaps changing the proof of work element. A more subtle strategy would maintain an edge by reducing the probability, say by 10 percentage points, that

Sure and JT are the incumbent telecoms companies around here.  Sure is the local one and runs the physical infrastructure.  JT is from Jersey, has a bit of their own fibre in business areas, but generally run their services over Sure's infrastructure.  (There's also vodafone, who quoted me 50 GBP(2023) / month extra for a static ip address, and misled me with a leaflet about mobile topup bundles, but I'm not sure they count.  For those reading from the future, 50 GBP / month is more like the total charge for a half-decent internet connection, and the going rate for a static ip address surcharge might be more like 5 GBP / month). A neighbour alerted me to a surprise toilet appearing on my property, pictured above. I don't know if this is just from living in Switzerland, but to me the notion of putting up a portaloo on someone's private property without permission is nuts.  It's also surprising because my rate for this is 10,000 GBP(2023) per day or part day (plus

  * posted by special delivery something to Postfinance about change of tax residency. Naturally, their letter to me contained a threat, in this case to make some kind of "report" about me. Oh, wah wah, somebody call a wahmbulance, Postfinance is going to "report" me  * took a call from Barclays customer service about my complaint arising from the (presumably ongoing, but who ever knows) bad compliance request they made (basically, they suddenly "urgently" have to get to "know [their] customer" after 26 years of determinedly not getting to know them, more so than any other bank I've encountered, and of course this letter, out of the blue, contains threats to close accounts

I once heard Huberman state, in a podcast, something like: the human visual system "loves" movement and flashing, or changes in the field of vision, or something like that [0].  This seems similar to the statement that Harold Shipman is Britain's "best" serial killer, in that it contains a presumptive and incorrect value judgement.  More neutrally, one might say that the human visual system "pays attention to" movement, flashing, changes in the field of vision.  One doesn't have to be an expert in evolutionary biology to hypothesise that this may be related to threat assessment, and is thus not just distracting, but stressful, under many circumstances. [0] youtube videos are not all that searchable by text, at least within a video, but possibly somewhere in  https://www.youtube.com/watch?v=ObtW353d5i0  (warning: contains touting) Why, then, is it permitted to pollute public spaces with all sorts of flashing lights trying to grab people's attent

 [82523:82523:0528/154623.871428:ERROR:chrome_browser_cloud_management_controller.cc(162)] Cloud management controller initialization aborted as CBCM is not enabled. *** stack smashing detected ***: terminated *** stack smashing detected ***: terminated *** stack smashing detected ***: terminated *** stack smashing detected ***: terminated *** stack smashing detected ***: terminated *** stack smashing detected ***: terminated Is this something to worry about?  Please can we have applications that don't spew debugging messages to standard error, and reserve standard error for important stuff directed at the user?

Why does an unchanging monitor receive 6GB of data every second?  The exact resolution and refresh rate and color depth do not matter (the above is for 8k@60Hz with 24 bit color): the point is, if the picture isn't changing, wouldn't a better rate be approximately zero, rather than being a very high amount? The full frame data is sent with every frame.  It's mad. With some remanence in the monitor, just updates could be sent.  Nothing complicated.  Initially it could just be "picture changed here's full frame".  Then, in cases where picture no change, not much data need be sent.  Can improve on this, but keeping in mind keep it simple, and keep it suitable for hardware. The hdmi (or whatever) PHY at the computer end, plus the cable, and receiving terminal at the monitor, can all be seen as part of the system driving a volatile hardware panel, but a system notionally internal to the monitor.  So you want a box that can do this and attach to the back of the moni

To run an X session started from a display manager under a login shell for the user, one can create the following in /etc/X11/Xsession.d/99x10-start-under-login-shell : # We get sourced by Xsession, which is interpreted by sh. echo about to attempt to exec $SHELL -l -c \"$STARTUP\" >&2 exec $SHELL -l -c "$STARTUP" which is pretty hacky but "works". Twenty years ago, when I was in a team managing workstations running SunOS, Solaris, Irix, and Red Hat, the dotfiles worked the same on all, without having to change anything.  The users' c shell or bourne (posix) shell init was run, as a login shell (which one depended on their configured shell per getent passwd), with the whole session then being a subtree in the process tree of this login shell. I'm not exactly sure which "modern" linuxes fail to do this properly, but it doesn't take a genius in design to see that if (i) ssh-ing gives a login shell, and (ii) logging in on the cons

I'm making a small service, and the service includes a git repository accessible over ssh, and I don't really want the service interface / address of the repository to include a path.  serviceuser@servicednsname: would be fine. I tried creating a bare git repository in the user's home directory (I assume, but have not tested, that the results are the same whether it's a bare repository or a .git repository).  The result is the following error: $ git push $servicednsname: fatal: '' does not appear to be a git repository fatal: Could not read from remote repository. Please make sure you have the correct access rights and the repository exists. So it (is it called git-receive-packs or something? I can't remember) doesn't like an empty path.  But if I put a dot, to signify the current working directory, then it works: $ git push $servicednsname:. Enumerating objects: 3, done. Counting objects: 100% (3/3), done. Delta compression using up to 8 threads Compres

I've just spent a whole day trying to generate a certificate with openssl that firefox / chromium will accept. The issue is something like: the convention changed from sticking a domain name in the CN (common name) field, to using subjectAltName.  Browsers stopped accepting the old one.  But the openssl tooling was not updated with a usable tool, instead requiring arcane, undocumented, opaque, grim, and nasty options / config files.  It's no wonder everyone just uses the cloud.  The poor folk trying to get a working certificate compare notes on places like stackexchange (see for example " Provide subjectAltName to openssl directly on the command line " [0], which contained the final solution for me.  Please note: the "final solution" is not a phenocide of anyone involved in OpenSSL "development"). [0] < https://security.stackexchange.com/questions/74345/provide-subjectaltname-to-openssl-directly-on-the-command-line > The one that worked was t

What you are about to read is what is called a blog post. What the quality of OpenSSL in general is, is what the quality of the above English is.

Has a windowing system existed that has done its own scrollbars, rather than leaving it to the application (including GUI toolkits)? Imagine if the application drew to virtual framebuffer (one of several possible names) of one size, and the user had their window sized to a smaller size, and the window manager (or windowing system) gave the user the way to move around the viewport thus existing, whether by scrollbars, some kind of dragging, scaling, or how ever it does it.  There's an obvious usability issue in porting existing applications, already doing their own scroll bars, to such an environment, because who wants two sets of scroll bars for the same thing.  So we have to also imagine that applications running in this environment are designed for this environment, not shoe-horned in, tho some shoe-horning would be inevitable should a transition occur, at a later stage. Processes exist in an environment operated by the OS.  The whole promise of OS was: to each process, it looks

It's a little sad when "interesting" ideas in practical networking research amount to ways of working around ISP annoyances, but can you get a direct TCP connection between two NATed  devices, with a little help from an internet-addressable server during connection? We assume there is no "port forwarding" or other inbound signalling available. Ideally this would work through a NAT router (customer has, or can take, various levels of control), and through so-called CGNAT (customer does not control, and perhaps there are two levels of NAT).  Ideally, after connection establishment, it looks like a normal TCP connection to both end points. But if not, then okay, as long as packets are routed directly, which is the main requirement. Question: for an existing connection, is there still a "server" and "client" end (other than port number conventions), or does this distinction only apply during the three or so packets in the initial handshake?  Show

note: superceded by https://wibblement.blogspot.com/2023/07/autofs-mounting-local-filesystems-by.html Install package autofs (debian).  Sadly, installing it also presumes to enable and start the service. In /etc/ auto.master : /- auto.direct rationale: The dash signifies a "direct" mount, meaning the one like you want, which transparently (if things are working) makes things appear at paths, rather than the other type, which visibly involves symlinks. And then in /etc/auto.direct: /wibble nfs-server.example.org:/srv/wibble and so on.

I somehow came across an article from CERN bleating about " 30 years of a free and open Web" [0]. The web is a failure, and everyone involved should be ashamed.  There is nothing to boast about. [0]  https://home.cern/news/news/computing/30-years-free-and-open-web Note: the article remaining at the above URL is entirely at the whim of the particular domain name owner and web site operator, because, in the "architecture" of the web, "Cool URIs don't change" [1] (FFS), meaning: there is no persistence in this document "architecture", but please continue to happen to make the document available indefinitely, which won't happen, but please anyway.  Imagine if the continued presence of a book in a library depended on the publisher's active cooperation every time the book was looked at, and the book magically vanished without trace should the publisher stop doing so.  Welcome to the "architecture" of the proprietary, broken, and c

Can I set up a decent-quality subsistence lifestyle and live, more or less, as a peasant (note: peasants own their land.  In that sense, they are not poor)?  This is the type of question that arises from almost every attempt to engage in commerce in the real world, with points of failure often coming down to payment failures and disastrously bad bank IT quagmires. The initial idea was to purchase 4 new Eizo EV3285 white monitors.  This is my standard monitor, so it seemed like a reasonable idea to buy some more.  Although, on second thoughts, perhaps all they would do is enable yet more futile admin of the kind described here, let's accept for the sake of this article that our objective is to purchase them. I haven't found a Guernsey supplier of the EV3285, or a UK supplier who will ship to Guernsey, so my approach will be to buy and take delivery of them to friends / family in the UK, and then collect them when I am visiting.  As well as adding them to my list of products to s

What is a good timeout for authenticated sessions including for online banking?  Around a working day.  Not 10 minutes.  Oh, never mind, I've written about this in " your session has expired: the sorry state of web session timeouts ", and don't really have anything to add. [0] < https://wibblement.blogspot.com/2021/12/your-session-has-expired-sorry-state-of.html >

I noticed my PC's fans whirring loudly. Running top(1), I saw that firefox was pegging the CPU.  In most cases, this is caused by a web page pegging firefox, and, more decisively, by firefox allowing itself to be pegged.   It was not possible to select different tabs in firefox windows to get an idea what was going on (per-app MDI like tabs is in any case reflection of failure to handle groups of windows at the OS / window-manager level.  Multiple app instances / documents / tabs in one big process ala firefox is itself terrible design.  Web pages / documents should not live in the same memory space and process together just because they being handled by the same app, let each tab (window / doc / web page / app instance) be its own process) Firefox was completely unresponsive.  Moving the mouse started to get glitchy.  I had to move the mouse, and then wait a few seconds.  I tried killing the window with my window manager commands "Close", "Delete" and "Des

The online banking for HSBC's private banking is a read-only view -- fine. It depends on one-time-codes over SMS, and there is no alternative mechanism for people who don't want everything to depend on their mobile phone -- bad. The process so far was something like this:  * get an html email with a link to HSBC's web-based messaging  * follow link and try to log in to HSBC's web-based messaging  * login button is replaced by swirly thing which swirls, but doesn't log me in  * email point of contact at HSBC about swirly thing that never progresses  * received reply from point of contact at HSBC about swirly thing  * around 15 minutes later, notice that HSBC's messaging site has now deigned to log me in  * follow link in message to online banking site ready to try and proceed with registration  * enter one-time identifier supplied to me in message (fine), set usual "security question" type stuff, fight with a very badly-done and incorrect pasword-settin

As part of my account setup, HSBC gave me a physical two-factor device for the retail-banking online banking.  They said it was set up for me. When I went to register for the online banking, I had to go through the usual process of setting questions about the name of my second gerbil, and so on, this being the state of the art in "security" and "best practice". It was now apparently ready to log in, but trying to log in brought me to "Secure Key activation" / "Activate your Physical Secure Key".  For this, an activation code was required.  A box popped up saying "Generate activation code" saying "Please tell us how you would prefer to receive your activation code".  I would have preferred to have received it in person at one of the many person-to-person meetings so far.  But the issue with the box that had popped up was: there was no way to select a mechanism, and clicking on "Continue" brought me back to exactly the