hckrnws
I really miss the feature of CSR devices that allowed keyboard and mouse use before OS boot, and wish any modern Bluetooth receiver was capable of it. Is it a patent issue?
Probably just a "it's hard for little pay-off" issue.
To use a bluetooth keyboard from the stage of "Press F10 to Enter Setup" we need the firmware (whether BT host, mainboard, or something else) to have a full bluetooth stack, some way to manage pairing/unpairing devices, and a bunch of other stuff.
If we do this outside the BT host, we probably need changes to the operating systems at least to handle how we're going to hand-off the state of the bluetooth stack when the OS takes control. Unless we want to _separately_ manage pairing/unpairing in the firmware, we would probably want some way to expose that to the operating system to be able to push its paired devices down.
And then it's probably still not super useful unless we substantially lengthen the prompt time because the time for you to turn the keyboard on, coax it into connecting, and hit the button is gonna probably have the OS booted already.
If you want this today just don't use bluetooth. Get one of the devices that uses "2.4GHz" or uses "Bluetooth + 2.4GHz" and shove a dongle in there. The keyboard/mouse will appear as a normal USB-connected device and you can use them how you want.
I don't think the other comments in this thread are at all correct. This is not a hard problem to solve and these comments vastly overcomplicate it.
You need two things: 1) a processor which can present HID devices OR a Bluetooth adapter depending on the presence of 2) a driver which can inform the adapter when it should be in BT mode instead of the default HID and which can configure the firmware to auto-connect to which devices in HID mode.
The first is easy and effecively free. The USB stack is (usually) implemented in firmware which makes it trivial to present as different device classes.
My guess is the problem comes down to drivers. It is difficult and quite expensive to have a custom driver upstreamed to Windows Update. You can't do this without a custom driver or userland software. On the other hand, if you simply present as a generic BT adapter, windows has a generic driver that will (usually) always work and is always installed.
The benefit of this feature is miniscule and there probably is not enough demand to make it worthwhile for CSR to sell their soul to Microsoft to have their driver blessed.
In this day and age, almost nobody ships a custom driver for anything. You just use the generic drivers Windows already has for all standard device types.
In fact, quite recently there was a Show HN showing a "appears-as-USB-HID" Bluetooth adapter: https://news.ycombinator.com/item?id=42125863 . The only thing missing was the hid2hci part.
While I was posting in that thread I also noticed there are a gazillion attempts in github to do something like this, so complicated it is not.
These do essentially exist in dongle form, though you'd need some kind of driver support to get rid of the physical pairing button: https://handheldsci.com/kb/
Mostly it's a cost/ease thing. For the device to work correctly with no OS, the hardware inside has to be powerful enough to run all of the logic itself and it has to be coded up to do that.
If you wait until the OS is up, the device itself can offload a good amount of logic and processing to the device driver.
My bet would be that the main reason is that it's easier to find programmers who can write complex device drivers than it is to find ones who can write complex embedded firmware, and it's quicker/easier in general to write device drivers than firmware.
That and just 99% of people will never notice that it doesn't work outside of the OS, and of the rest, 99% will only be vaguely annoyed but not change brands over that.
FWIW EFI bioses absolutely can support Bluetooth which is unsurprising since EFI is a full fledged OS in its own right.
You still need to check if your motherboard supports Bluetooth at boot but many do.
Why is there an 'Â' after every sentence?
The UTF8 encoding of a non-breaking space (U+00A0) is 0xC2 0xA0. If you decode as ISO-8859-1 or CP-1252, that is 0xC2 (Â) and then NBSP (0xA0).
So the content is supposed to have an NBSP between the sentences, was encoded as UTF8, but declared as ISO-8859-1 or similar at some stage in its history. The page seems now to declare UTF8, so it's presumably had the wrong decoding reencoded as UTF8.
Because someone's messed up their encodings.Â
I had the MX900. I used it with my 15" Powerbook G4. It was wonderful. Over time however the connection got worse and worse to the point it was basically non-functional. I assume it was the proliferation of 2.4ghz wifi and the early bluetooth being unable to cope.
Another possibility: USB-3 proliferation and inadequate shielding. Many 3 devices spew so much 2.4ghz noise that it interferes with wifi, much less lower power protocols.
Unless you mean it degraded on the same device.
> WIDCOMM bluetooth stack
Oh that brings memories.
Fun fact, Bluetooth is still shit in Windows 10. A ham friend bought a TP-Link UB500 bluetooth stick to connect to some bluetooth-to-serial adapter for one of his radio... Windows recognized it, but refused to connect to the serial adapter. Only after installing dedicated drivers for the BT stick [1], it worked.
It's mind-boggling that Windows still doesn't ship with a fully functioning native Bluetooth stack. Everything Bluetooth should be standardized for decades now.
From what I've experienced, any Intel WiFi/BT adapter/BT stack just works out of the box on Windows. Any random USB adapter has a massive amount of variability. There's just so many different chipsets out there with tons of odd quirks.
If all you're doing is pairing headphones, sure. Developing anything at all against the windows Bluetooth stack is abject misery. It's fundamentally broken. Many API calls are not implemented or just don't work. Several just return wrong data. Core features of Bluetooth like custom advertising data are simply not exposed in any way.
My favorite: if your program is listening for devices in the background, the windows Bluetooth pairing menu breaks. Specifically the devices you're listening for will never show up about 50% of the time. If they do, it's likely that pairing will fail with no indication or reason.
Additionally, windows 10 does not support simultaneous audio sink and source. You absolutely cannot ever have your phone stream audio to your computer and then the computer pipe it back out to your BT headphones. I'm not sure if windows actually supports audio sink at all apart from HFP (phone call audio). Windows 7 supported this. All linuxes also have had this for over a decade.
At work, Microsoft forcibly updated one of our testing machines to W11, and there was nothing at all I could do to make it see our BT device. They are completely bog standard SPP serial devices using BT classic/EDR. Both of which have been a standard part of the BT spec since before W10 was even considered.
Windows' Bluetooth stack is an atrocity and an embarrassment. It's outrageously broken and incomplete. It is hands down, no contest the single worst Bluetooth implementation of any OS since windows 7. When linux has better Bluetooth than you, you've really fucked up.
No offense, but an SSL certificate these days is a must, and not having one on your site is a big no-no. Sorry.
For new pages, sure, but this is a post from 2006.
The author is likely not updating it anymore, so you are effectively complaining to a group of people here that can do absolutely nothing about it.
I'm sick of mandatory TLS. All we did is make it harder for regular people to host their own pages, pushing them right into the hands of the big silos.
Which risk would TLS mitigate in this specific use case?
As with any http website, a malicious actor (e.g. someone in a coffee shop or an airport) could set up a plausible looking wifi service and then MITM the website and insert adverts or malware into the page.
However, that has been discussed on many other topics that are directly to do with TLS/certificates etc. so I don't think it's worth bringing up (aimed at the OP) every time there's an HTTP linked.
With HTTPS, the site author could still do all of that, no? So I’m not convinced this is really that big of a concern on an unknown website that I’m not entering any credentials or personal information on.
That's more of an issue with trusting any website, whereas TLS mitigates the risk of trusting a wifi provider or ISP. I also don't think it's much of a concern for old, infrequently used sites, but I wouldn't trust the competence of a modern website that didn't have a current SSL cert.
the SITE can do that when HTTPS is used, yes, but an unauthorized third party can inject stuff much more easily when it's plain HTTP. A little ARP poisoning and some mitmproxy and before you know it you're injecting malware or whatever
Whether or not that matters when viewing this particular site is up for debate
Yes – into the sandbox of this particular site (and limited to non-HTTPS-mandatory browser APIs at that).
If that's a big threat vector, I feel like the much bigger risk would be visiting malicious sites, not a local or ISP located attacker injecting stuff into benevolent-but-HTTP-only ones.
> limited to non-HTTPS-mandatory browser APIs at that
Another trick that could easily be pulled by a malicious ISP/wifi provider is to insert a redirect into the HTTP page to go to an HTTPS site controlled by the attacker (presumably with some semi-related name so as to not seem suspicious to the user) and to then bypass non-HTTPS restrictions in the browser.
> I don't think it's worth bringing up (aimed at the OP) every time there's an HTTP linked.
Maybe rewritten it could be viewed as a warning for those who care instead of a criticism.
I'd rather just have the browser warn me
It would be amazing if that site were served only over http
It's a blog from 2006-2010, I'm happy it's up at all.
Is Ken Johnson still alive? I’m curious about how the blog is still up and why a programming type wouldn’t fix the encoding errors.
I don't know if it's the same Ken Johnson, but I found a video about AppSec with a Ken Johnson that had his twitter profile in the description https://x.com/cktricky. Then I found this Ken Johnson LinkedIn page, and there's no mention of working at Microsoft, so it's probably not the same guy, and this other Ken Johnson looks much younger than I was expecting.
I guess nobody cares this days about being safe and secure. :(
Crafted by Rajat
Source Code