I really miss the feature of CSR devices that allowed keyboard and mouse use before OS boot, and wish any modern Bluetooth receiver was capable of it. Is it a patent issue?
Probably just a "it's hard for little pay-off" issue.
To use a bluetooth keyboard from the stage of "Press F10 to Enter Setup" we need the firmware (whether BT host, mainboard, or something else) to have a full bluetooth stack, some way to manage pairing/unpairing devices, and a bunch of other stuff.
If we do this outside the BT host, we probably need changes to the operating systems at least to handle how we're going to hand-off the state of the bluetooth stack when the OS takes control. Unless we want to _separately_ manage pairing/unpairing in the firmware, we would probably want some way to expose that to the operating system to be able to push its paired devices down.
And then it's probably still not super useful unless we substantially lengthen the prompt time because the time for you to turn the keyboard on, coax it into connecting, and hit the button is gonna probably have the OS booted already.
If you want this today just don't use bluetooth. Get one of the devices that uses "2.4GHz" or uses "Bluetooth + 2.4GHz" and shove a dongle in there. The keyboard/mouse will appear as a normal USB-connected device and you can use them how you want.
Mostly it's a cost/ease thing. For the device to work correctly with no OS, the hardware inside has to be powerful enough to run all of the logic itself and it has to be coded up to do that.
If you wait until the OS is up, the device itself can offload a good amount of logic and processing to the device driver.
My bet would be that the main reason is that it's easier to find programmers who can write complex device drivers than it is to find ones who can write complex embedded firmware, and it's quicker/easier in general to write device drivers than firmware.
That and just 99% of people will never notice that it doesn't work outside of the OS, and of the rest, 99% will only be vaguely annoyed but not change brands over that.
I had the MX900. I used it with my 15" Powerbook G4. It was wonderful. Over time however the connection got worse and worse to the point it was basically non-functional. I assume it was the proliferation of 2.4ghz wifi and the early bluetooth being unable to cope.
The UTF8 encoding of a non-breaking space (U+00A0) is 0xC2 0xA0. If you decode as ISO-8859-1 or CP-1252, that is 0xC2 (Â) and then NBSP (0xA0).
So the content is supposed to have an NBSP between the sentences, was encoded as UTF8, but declared as ISO-8859-1 or similar at some stage in its history. The page seems now to declare UTF8, so it's presumably had the wrong decoding reencoded as UTF8.
Fun fact, Bluetooth is still shit in Windows 10. A ham friend bought a TP-Link UB500 bluetooth stick to connect to some bluetooth-to-serial adapter for one of his radio... Windows recognized it, but refused to connect to the serial adapter. Only after installing dedicated drivers for the BT stick [1], it worked.
It's mind-boggling that Windows still doesn't ship with a fully functioning native Bluetooth stack. Everything Bluetooth should be standardized for decades now.
As with any http website, a malicious actor (e.g. someone in a coffee shop or an airport) could set up a plausible looking wifi service and then MITM the website and insert adverts or malware into the page.
However, that has been discussed on many other topics that are directly to do with TLS/certificates etc. so I don't think it's worth bringing up (aimed at the OP) every time there's an HTTP linked.
With HTTPS, the site author could still do all of that, no? So I’m not convinced this is really that big of a concern on an unknown website that I’m not entering any credentials or personal information on.
That's more of an issue with trusting any website, whereas TLS mitigates the risk of trusting a wifi provider or ISP. I also don't think it's much of a concern for old, infrequently used sites, but I wouldn't trust the competence of a modern website that didn't have a current SSL cert.
the SITE can do that when HTTPS is used, yes, but an unauthorized third party can inject stuff much more easily when it's plain HTTP. A little ARP poisoning and some mitmproxy and before you know it you're injecting malware or whatever
Whether or not that matters when viewing this particular site is up for debate
Yes – into the sandbox of this particular site (and limited to non-HTTPS-mandatory browser APIs at that).
If that's a big threat vector, I feel like the much bigger risk would be visiting malicious sites, not a local or ISP located attacker injecting stuff into benevolent-but-HTTP-only ones.
I really miss the feature of CSR devices that allowed keyboard and mouse use before OS boot, and wish any modern Bluetooth receiver was capable of it. Is it a patent issue?
FWIW EFI bioses absolutely can support Bluetooth which is unsurprising since EFI is a full fledged OS in its own right.
You still need to check if your motherboard supports Bluetooth at boot but many do.
Probably just a "it's hard for little pay-off" issue.
To use a bluetooth keyboard from the stage of "Press F10 to Enter Setup" we need the firmware (whether BT host, mainboard, or something else) to have a full bluetooth stack, some way to manage pairing/unpairing devices, and a bunch of other stuff.
If we do this outside the BT host, we probably need changes to the operating systems at least to handle how we're going to hand-off the state of the bluetooth stack when the OS takes control. Unless we want to _separately_ manage pairing/unpairing in the firmware, we would probably want some way to expose that to the operating system to be able to push its paired devices down.
And then it's probably still not super useful unless we substantially lengthen the prompt time because the time for you to turn the keyboard on, coax it into connecting, and hit the button is gonna probably have the OS booted already.
If you want this today just don't use bluetooth. Get one of the devices that uses "2.4GHz" or uses "Bluetooth + 2.4GHz" and shove a dongle in there. The keyboard/mouse will appear as a normal USB-connected device and you can use them how you want.
Mostly it's a cost/ease thing. For the device to work correctly with no OS, the hardware inside has to be powerful enough to run all of the logic itself and it has to be coded up to do that.
If you wait until the OS is up, the device itself can offload a good amount of logic and processing to the device driver.
My bet would be that the main reason is that it's easier to find programmers who can write complex device drivers than it is to find ones who can write complex embedded firmware, and it's quicker/easier in general to write device drivers than firmware.
That and just 99% of people will never notice that it doesn't work outside of the OS, and of the rest, 99% will only be vaguely annoyed but not change brands over that.
I had the MX900. I used it with my 15" Powerbook G4. It was wonderful. Over time however the connection got worse and worse to the point it was basically non-functional. I assume it was the proliferation of 2.4ghz wifi and the early bluetooth being unable to cope.
Why is there an 'Â' after every sentence?
The UTF8 encoding of a non-breaking space (U+00A0) is 0xC2 0xA0. If you decode as ISO-8859-1 or CP-1252, that is 0xC2 (Â) and then NBSP (0xA0).
So the content is supposed to have an NBSP between the sentences, was encoded as UTF8, but declared as ISO-8859-1 or similar at some stage in its history. The page seems now to declare UTF8, so it's presumably had the wrong decoding reencoded as UTF8.
Because someone's messed up their encodings.Â
> WIDCOMM bluetooth stack
Oh that brings memories.
Fun fact, Bluetooth is still shit in Windows 10. A ham friend bought a TP-Link UB500 bluetooth stick to connect to some bluetooth-to-serial adapter for one of his radio... Windows recognized it, but refused to connect to the serial adapter. Only after installing dedicated drivers for the BT stick [1], it worked.
It's mind-boggling that Windows still doesn't ship with a fully functioning native Bluetooth stack. Everything Bluetooth should be standardized for decades now.
[1] https://www.tp-link.com/de/support/download/ub500/v1/
No offense, but an SSL certificate these days is a must, and not having one on your site is a big no-no. Sorry.
For new pages, sure, but this is a post from 2006.
The author is likely not updating it anymore, so you are effectively complaining to a group of people here that can do absolutely nothing about it.
Which risk would TLS mitigate in this specific use case?
https://doesmysiteneedhttps.com/
As with any http website, a malicious actor (e.g. someone in a coffee shop or an airport) could set up a plausible looking wifi service and then MITM the website and insert adverts or malware into the page.
However, that has been discussed on many other topics that are directly to do with TLS/certificates etc. so I don't think it's worth bringing up (aimed at the OP) every time there's an HTTP linked.
With HTTPS, the site author could still do all of that, no? So I’m not convinced this is really that big of a concern on an unknown website that I’m not entering any credentials or personal information on.
That's more of an issue with trusting any website, whereas TLS mitigates the risk of trusting a wifi provider or ISP. I also don't think it's much of a concern for old, infrequently used sites, but I wouldn't trust the competence of a modern website that didn't have a current SSL cert.
the SITE can do that when HTTPS is used, yes, but an unauthorized third party can inject stuff much more easily when it's plain HTTP. A little ARP poisoning and some mitmproxy and before you know it you're injecting malware or whatever
Whether or not that matters when viewing this particular site is up for debate
Yes – into the sandbox of this particular site (and limited to non-HTTPS-mandatory browser APIs at that).
If that's a big threat vector, I feel like the much bigger risk would be visiting malicious sites, not a local or ISP located attacker injecting stuff into benevolent-but-HTTP-only ones.
> I don't think it's worth bringing up (aimed at the OP) every time there's an HTTP linked.
Maybe rewritten it could be viewed as a warning for those who care instead of a criticism.
I'd rather just have the browser warn me
I guess nobody cares this days about being safe and secure. :(