198 posts • joined Wednesday 19th September 2007 15:34 GMT
Solar panels on the moon? They seem to have overlooked the fact that it rotates once a month, therefore a 14x greater night backup problem than here on Earth. I don't say that solar panels are economic anywhere, but in space at a distance where sunlight isn't obscured would be the sensible option.
Teach a man to fish..
Learning basic HTML skills ain't that hard, and once you understand the way it works it's much easier to handcode and get a predictable result, than to try to get past all the weird formatting quirks in online editors.
Or, you could use a 'Web builder' which supposedly makes this process simple, but actually takes longer to learn your way around than HTML, and is far more restrictive.
Or you could take the CMS approach of uploading 100MB of vulnerability-riddled php and SQL code, just to display a one kilobyte page.
Then, have to update to an new CMS version because of critical vulns in the old one, and (big surprise) find that the updated CMS is incompatible with content from the previous one, so it's start again from scratch time. Six months later, repeat process. Ad nauseam.
Wrong angle on security, anyway.
Any system coded in a language which allows buffer over-runs, is vulnerable to any trivial oversight by the coder. But, tell any coder to stop using C or its derivatives, and you might as well tell them to give up coffee.
Any Web backend whose database allows injection of commands into data, is insecure by design and should be ditched. Any chance of a replacement for SQL, minus this vuln, anytime soon? Nope. Thought not.
Any OS or browser which continually hits the user with update-reminder popups is wide open to update spoofing by malicious sites. Better no updates than continual popups, some of which may lead to a malware download.
Any software which encourages users to post email addresses on webpages is a crass piece of idiocy. The result will be harvesting, and spammed links to sites hosting malware. Yet, the majority of website software authors stick their heads in a bucket of sand and pretend that address harvesting isn't real.
These are the real security issues in IT. Funny, but the industry, instead of fixing the actual causes, makes a lucrative trade out of selling symptom-treatment products. I guess there is money in this, but no money in fixing the root of the problems.
Meanwhile, TPM will address precisely... zero of these issues.
Mainframe yes.. Website no.
SQL may have been a brilliant innovation for mainframes crunching large amounts of data in a secure room, but it is a diabolically bad choice for Internet use, since it allows malicious commands to be injected into the data stream, which is especially dangerous in data entered from online forms. From what I've briefly read about it, it's not too clear if NoSQL is any more secure in that respect.
Scraping websites for malware: Ethics of misreporting?
Recently my hosting company was sent a takedown notice from a German firm named csyscon SIRT. Seems they reckoned they'd found malware on one of the sites we maintain. As a result all of our sites on that host were offline for several hours.
Turned out the file they had targeted was a zip download containing an executable compressed with UPX. Now, any coder familiar with UPX will know that it is somewhat prone to false malware alerts. Which in fact is why we don't use it anymore. The download was an old version, retained only in case anyone still needed it. The online file checked-out as byte identical to our archived version. Unsurprisingly, the alert was a complete false alarm.
Since the file was an archived version linked only from an obscure page, I think we can assume that it was found by way of a deep scrape of the site.
I pointed out that all of the files checked out as clean, but a Google rep inisisted that they have 'a specialist internal system' which is so good that it can find malware where no other detection system can. Hmmph.
Judging by other reports, this kind of uninvited scraping of websites for malware seems to be spreading. Companies have sprung up which specialise in it. I think it may be assumed that the scanning is done by bots, and that few if any human checks are performed to catch false positives.
We've had heated discussions on ElReg before about whether it is ethically OK to scrape third-party websites looking for security flaws such as harvesting risks. However, in that case the objective was purely to inform the site's owner of the vuln, a comparatively harmless response. Even so, some commenters did not think it was acceptable to scrape sites for any reason.
Here, the objective is entirely more controversial; scraping sites with the aim of sending a takedown notice to the hosting company, or to searchengines to have the site blocked or de-ranked. I would have thought that such activity would be considered malpractice even were the scraping and detection system one hundred percent reliable. What we have seen, though, is that quality control is nonexistent, that false positives abound, and those blunders lead to loss of revenue and costs for the victims of the misreporting.
Perhaps this could be a subject for a Reg article.
Russians, be aware, Phobos probes YOU!
The opposite often applies...
Small businesses use fax because it's dependable. This should be a lesson to IT developers that the need is for products which work reliably, NOT products with a million stupid gimmicks that break down every five minutes and take a team of rocket-scientists to maintain.
Main issue you meet is that IT installers simply aren't geared-up to meet the needs of the small business, and IT guys have mostly been trained on corporate systems.
So, you end-up with a tiny office having two computers joined to an Active Directory Controller, with an Exchange server, complex passwords that expire, inhouse DNS that is a potential failure-point for Internet access, backup systems that probably don't work, multifunction inkjet printers that cost thousands a year in consumables, and so on. To cap it all, of the two computers one probably runs Windows XP and the other Windows 7 so they can't interoperate properly on a domain anyway.
All of this ends-up costing a mint in support. Which, is probably the objective. It's a milking exercise, more often than not.
Linux, because it would actually be better for many small business servers.
If it ain't broken..
.. but it is (IPv6 not IPv4) and that's why it's been around all those years with zero uptake.
-Every computer IP-trackable by doubleclick, google, etc? BAD. Effectively, an indelible supercookie.
-Internal IP addresses tied to your ISP, your LAN infrastructure therefore tied to your ISP. Bad idea.
-Nightmarish scheme for writing IP addresses... imagine giving phone support to a home user.
-How the hell do you tell if your firewall is secure, with so complex a scheme? Dunno. Beyond me, and I'm just the IT guy.
Why no ergonomics for longhorn?
Interesting that Allchin says they spent a lot of effort on the ergonomics of WinXP. It shows, and it's the reason it's still the preferrred desktop OS today. Meanwhile the Longhorn team must've been left out of those discusssiions, I guess, because Vista was totally devoid of ergonomics, and Win7 ain't that much better. By the looks of things, Win8 won't change anything in that respect, either.
As for the iPod, styling and fashion-accessory status was its main selling-point. Why should I pay a premium price for an Mp3 player which doesn't work on any computer OTHER than one with iTunes installed? That isn't an advantage, it's a serious handicap. My first Mp3 player cost half the iPod price, and did work on any XP or Linux computer. It also doubled as USB memory.
Like most people I use my phone for mobile music these days, and I was careful to choose one which doesn't require invasive software on the computer. Plug it in, copy files.
Illegal to install downloaded apps?
But that is also true of Windows with bundled NIS. In fact it's worse, the download gets automatically deleted without the user's consent if it's not recognised as one approved by Norton.
Overcomplexity is often at the root of IT security issues. As systems become more complex, a point is reached where it would be very hard to determine IF a security hole exists, or not.
This issue affects the small business sector more than others, where maximally-complex installations are often deployed to meet very simple requirements, and yet the IT resources to manage the security of such installations simply do not exist, or are too costly.
Always using the latest version of an app will mean numerous crashes and bugs. And, even if it does work reliably, no-one will be able to use it without retraining because it will have some new, wacko interface that makes no sense at all.
After a brief encounter with KDE4 I definitely needed a new keyboard. Worse, I found that I couldn't go back to KDE3.5, the only option being to roll-back the entire distro. So much for Microsoft imposing unresonable restrictions, or forcing the use of stuff which is broke.
Danger of relying on proprietary services.
If a standard email service fails then it's a relatively simple matter to set-up a temporary one elsewhere, and change your domain settings to suit. With a proprietary service using its own protocols you have no such option.
I reckon the lesson here is that it is most unwise to place reliance on closed, proprietary systems for mission-critical business IT. Adherence to open standards is the way to provide resilience.
The truth of the matter...
...is that BOTH the spamming AND the spamfiltering industries rely for their profits on websites continuing to be vulnerable to address-harvesting, this being the principal source of spam mailing-lists.
This in turn arises through lazy or dumbass webdesigners failing to implement even simple security measures, to prevent spammers from using 'bots to collect email addresses.
But, check the advice on the Spamhaus site, and you won't find any info on this. Maybe that's not so surprising when you consider that Spamhaus' profits depend on the spam continuing to flow.
I've had dealings with Steve Linford and could make a comment or two... but then my lawyer isn't as expensive as his, so I won't.
Not scared of change...
Just sick and tired of change being forced on us by coders with new 'wonder ideas' who mostly don't even know what the word 'ergonomics' means.
Y'know those supermarkets which move all the shelves around about once a week? So every time you go in you have to search the entire store for one or two items. Theory seems to be that if people have to search instead of going straight to the product, they buy other things they don't actually need while they're searching. Practice is that after one or two lengthy, aggravating searches, customers vote with their feet and find another store which doesn't do that.
With IT, you have the added issue that each paradigm change brings with it a fresh crop of bugs. Thus the more frequent the changes, the less likely it is that we'll ever see a reliable IT platform. The NT/2000/XP product line got where it did because it was a logical progression of development instead of a series of paradigm shifts, and remained in the market long enough for it to become a mature product.
Unfortunately, in some respects Linux seems to be following suit these days. KDE4 has been compared with Vista for its bugginess, and the extent of pointless change from a system which previously worked OK.
HTML5 is another product in this category, where new technologies could be an advantage but are offset by the problems caused by needless, pointless changes to code that has worked perfectly well for decades.
Personally if I'm going to upgrade, I want the upgrade to give me something which improves on what I had before, not just YET another willy-nilly paradigm change and fresh crop of bugs.
Largely irrelevant result anyway.
Problem here is computers which constantly hammer the user with upgrade requests, and browsers which allow system dialogs to be simulated, even to the extent of simulating 'screen dimming' UAE prompts.
Your method is the problem.
If you use an nLite disc to install XP then you're talking maybe only one minute of actual keyboard-bashing for a system that's configured the way you want from the outset. I don't know of any way to custom-install 7 that works as well or as simply.
As for more licenses sold, I wonder if that includes licences foisted onto new computers whether the buyer wants them or not? If so it may show a very skewed result.
Farnsworth fusors are used in industry as low-intensity neutron sources, and have been for decades. There is no doubt whatsoever that this kind of fusor works. What's more, it typically uses inexpensive deuterium gas, not costly tritium. Present designs are limited to low intensity applications, and thus are not fusion-power candidates. But, variants on the design might be viable power reactors. Surprisingly, very little reasearch has been done in that area.
Confucius say, He who fail to check facts, make big fool of himself using word troll.
@HW de Haan
Ehhh... ?!? What coolant do you reckon it used, then?
All info I can find suggests that Chernobyl #4 was a BWR, with light water acting as the coolant and graphite blocks as the moderator, the primary circuit steam driving the turbine directly.
At this point I have to wonder, seriously, whether you are just trolling. Either you are taking the Michael or you know zilch about the subject. Which?
This one did work, though..
..and probably a good deal less dangerous, although you don't want to go exposing yourself to fast neutrons, whatever the source.
The guy experimenting on the cooker simply beggars belief. Clearly he hadn't read-up on lab procedures, one of the key concerns being that ingestion of low-level sources is far more dangerous to health than merely handling them.
IMHO it is you who is trolling.
Nuclear accidents to-date may mostly be the result of human error but that does not alter the fact that when mistakes have been made, the safety systems have not performed to expectations. It is also reasonable to assume that a degree of luck has been involved, and that the worst that can happen has not yet happened.
I would agree that nuclear could be a safe option if alternative designs were looked-at. Existing designs are basically the by-product of a few frantic years of war effort put into the A-bomb project, more than half a century ago. Power generation was never the intended purpose of such reactors,it was a side benefit to plutonium production, their real purpose. While the engineering might have advanced since then, the underlying physics has not.
As for electricity being a middle-class luxury, the question is not whether we can do without electricity, but whether the risks involved in the nuclear route are greater or less than those posed by the alleged climate-change effects of conventional fuels. I for one am in no doubt whatsoever as to the answer to that one.
Meltdown not the worst-case accident...
Water-based cooling system fails.
Uranium metal starts burning in steam
Hydrogen is released, as uranium robs steam of oxygen.
Hydrogen mixes with air to form explosive mixture.
Pressure builds up inside containment vessel.
Red-hot metal ignites mixture.
Lid blown clean off reactor.
Graphite blocks hurled hundreds of feet into air.
-Basically what happened at Chernobyl.
If the reactor is a fast breeder with significant amounts of plutonium, then the above scenario could in principle create a small nuclear explosion by explosively compressing the plutonium. In that case the entire reactor would be shredded into radioactive dust, creating many tons of fallout.
-Explosion, because that outcome is what the safety experts SAID was impossible. Until Chernobyl.
if you're not careful the believers kill you, and then go right on believing.
Simple but effective ideas...
Talking of simple flight-stabilisation ideas, the early Sidewinder used rollerons - A notched wheel was spun to high RPM by the the airflow, and if the rocket rotated the wheel's precession force turned a tailfin the right way to cancel the rotation. Worked a treat and (in pre-IC days) saved a bulky lump of electronics.
SInce the rolleron relied on airflow it wouldn't work in vacuo as designed, but a similar idea with a wheel spun-up by the rocket exhaust and turning a steering vane or gimbal might work.
Though, I'm inclined to think that either spinning the vehicle up before launch, or else a non-spinning vehicle with 3-axis solid-state gyros and thrust vectoring are the approaches most likely to work. Gyros are more complex and need a lot more setting-up but they do allow you to determine, within a reasonable degree of precision, where the thing goes. They also allow for self-correction, up to a point, of a bad launch attitude.
In principle a horizontal launch could be used if the vehicle is gyro-controlled, it being commanded to go into a climb after a few tens of feet of travel. This overcomes the issues of clearing the balloon. Though, the toroidal balloon idea is interesting, and could be a simpler solution than developing the necessary trajectory-control software for a horizontal launch.
There are basically only two ways to stabilize a rocket's flight path, and those are to spin it, or to have some kind of autopilot.
The rocket can be spun-up by an electric or gas motor prior to launch, or by gas or rocket jets on launch. Disadvantage of spin is that it's difficult to impose any steering on a spinning vehicle, you basically have to point it and hope. Photography ain't gonna work well from a spinning platform, unless a non-spinning camera mount is devised. Wings would need to be such as to not interfere with spinning until glide mode is commanded, at which point they cancel the spin.
At low altitiudes spin can be achieved by way of canted fins or winglets (which is the usual approach on non/RC model rockets) but it's uncertain whether this would work at balloon altitiudes of ~100,000ft, the air possibly being too thin.
The other option is a gyro platform and thrust vectoring. Gyros are relatively cheap these days, but the difficult bits would be devising a thrust-vectoring nozzle, and determining the right control-loop gains to give damped control. Plus, vectoring will only work until cutoff, after which (in near-vacuum) the rocket is likely to suffer attitude drift unless it has verniers to keep it pointing the right way. Although, this might not matter too much as the wings will reorient it once it re-enters the atmosphere.
With vectored thrust, a somewhat nose-heavy vehicle is easier to control than a tail-heavy one. Again this is counterintuitive but it's the way things work.
BTW, hydrogen gives substantially more lift than helium being much less dense, and for a project like this would seem the obvious choice, in spite of fire risk.
Need to rethink on security
If anything this fiasco demonstrates that there's a need for a paradigm-change in computer security. We need to ditch the obsession with userization and passwords, and address the ways in which the system itself is fundamentally insecure.
In this instance, a peripheral should be controlled BY the host computer. It should never be able to take control OF the host computer. The fact that it can is a massive design blunder.
Whatever happened to the principle that once a scientist had been caught-out massaging figures, no-one ever listened to them again?
While that might sound harsh, the principle is/was that since it is often difficult to detect falsification by specialists working in fields which only they fully understand, the punishment for dishonesty had to be severe enough to ensure that no respectable scientist engaged in it. Otherwise, no data could ever be trusted and the whole of scientific research would fall into disrepute.
The UEA had clearly been 'adjusting' data to make their argument look more convincing.
Is he joking, or what?
bbc.co.uk must be the second most Warmist-oriented site on the planet, after Al Gore's personal site. Even articles on totally unrelated subjects manage to sneakily infer a relevance to alleged climate change models.
It's almost like one of those bible-belt schoolbooks in which physics, French or chemistry are laced-through with religious quotes, and which carefully avoid any daring statements such as 'The earth is actually quite a few billion years old, not five thousand' -which might result in the author being taken, somewhat forcibly, to the nearest firewood-equipped stake.
Surprising no-one's commented that this is the other face of the piracy issue, that recorded music licensing deals are putting live performers out of business.
Seems to me like the recorded-music barons are the pirates here.
Leading-edge designs = High operating costs
I think part of the cost problem with the Shuttle is down to using very complex components which were designed to achieve the highest possible efficiency, but which proved to be very costly to maintain. This probably made more difference than any comparison between re-useable and throwaway vehicles.
The main engines are a case in point. Compare the plumbing on a SSME with that on a Russian RD-180, and you see what I mean. The RD-180 is a clever design with a number of innovations, but it's also an exercise in efficient use of materials and labour. For example, while the three SSME nozzles require no less than twelve pumps between them, the RD-180 has a single turboshaft doing the pumping for two nozzles. Plus, the SSME has all the additional safety issues created by using hydrogen fuel. Which, is partly responsible for high expendable tankage costs owing to its low density and consequent very large tank size, plus the need for fuel tank insulation. The RD-180 sticks to traditional kerosene, somewhat less efficient but simpler to handle and safer.
SpaceX have evidently looked-at this cost/complexity aspect too, as their designs use extremely conservative technology. Yet so far have been very successful.
The question is, could a reuseable craft operate economically if its systems were designed around less-costly, less leading-edge principles?
Extortionate spares at root of sky-high premiums.
Part of the problem with astronomic premiums is extortion in the vehicle spares trade. Insurance repairs are typically done by main dealers, and main dealers may charge anything up to 400% over the actual value of parts supplied to them by spares distributors. Which are themselves already many times the actual manufacturing cost of the part. Even a damaged plastic bumper may cost several hundred as a dealer-fitted replacement, whereas the part itself probably costs a few pounds to manufacture.
Now, motor factors do have to account for holding large quantities of stock, some of which may never be sold, plus the warehousing space for this stock. But, the situation with dealers' spares prices has gotten totally out of hand.
-Black helicopter, because with aviation spares it's even worse.
RDX in model rocket motors?
Seems unlikely that model motors would intentionally contain RDX, but it occurs to me that Estes probably get their propellants from a pyrotechnics manufacturer, and there might be minute amounts of cross-contamination for other production lines in the same factory.
I wonder if Plod followed-up that possibility. OK, silly question really. Detector reads positive. We have an arrest.
Server 2008 is certainly better than Vista, but still has a lot of its core problems. Notably, a lot of established server tools and utilities don't work on it or are only partly functional, and you spend (correction, waste) a lot of time finding workarounds for things which are quick to implement on S2003.
If it has one saving grace it's Hyper-V, which is much faster than the earlier MS virtualization offerings.
New software the issue, not old.
Microsoft doesn't seem to appreciate that the reason uptake of new software is so low is that the new software has serious design shortcomings.
'Pushing' the new products harder won't make the shortcomings go away, either. It isn't a question of adaptation or familiarization, it's a more fundamental issue that they simply don't work as well as the older products.
I find that customers are all fired-up to try Windows 7 when they buy new computers, but almost invariably, a month or two down the line, the request comes-in to replace it wth XP.
One of the major complaints relates to the cyclic juctions in Windows 7 profiles. I'd originally thought these were mainly a headache for tech guys migrating data, but it turns out they confuse just about everyone.
No. If MIcrosoft wants to sell more new software, first they need to fix it so it works. Properly.
Big step backwards for mankind..
..but maybe the right way forward. Eventually.
Appreciate the issues with the Shuttle, namely high operating costs and limited orbit altitude. Nevertheless it's the closest thing we as humanity have to a real spacecraft.
Other systems might also get the people and supplies there, but are more akin to throwing a tin can up in the air. They are not spacecraft by any stretch of the imagination.
Go, Atlantis. Make this a perfect final mission.
Engineered to fail?
DRM is one thing, it's quite another when data you've paid for is deleted remotely. That is dangerously close to selling engineered-to-fail products.
Besides, I reckon the media companies have finally started to wise-up to the fact that DRM is what's inhibiting online sales, not piracy.
DRM is a solution sold by programmers to the media companies, a solution to a problem which doesn't actually exist, and a solution which actually causes the problem it claims to prevent. Sony corp got their fingers badly burned with that one, when DRM coders surreptitiously sold them a rootkit.
"Evil has raised a great many unbelievers in a far off place. They must be shown the Path." (9.03 "Origin Part 3")
"Great holy armies shall be gathered and trained to fight all who embrace evil. In the name of the Gods, ships shall be built to carry our warriors out amongst the stars and we will spread Origin to all the unbelievers. The power of the Ori will be felt far and wide and the wicked shall be vanquished." (The Doci, "Origin Part 3")
"What is a god, but a being that is worshipped by those beneath?"
"Life and death, light and darkness, hope and despair. The rift was created, and on that day, the Ori were born. But the hatred of those who strayed from the true path festered and bloomed in the dark corners of the Avernakis to which they have been cast! And consumed by this hatred, they poisoned all they touched, bringing death, darkness and despair. And the souls of their victims knew no peace, until the Ori came and whispered to them: ‘Sleep, for the end draws near!’ And on that day all will rejoice, when the Ori come and lay them low."
-Need any more? <g>
You obviously haven't heard of the cookie ruling, the latest piece of eureaucrackpotcy.
There are now some very solid arguments for registering and hosting outside of the EU, and possibly outside ot the USA too, where damages claims for lack of 'accessibility' are a serious risk.
I don't have any issue with women being given lower premiums, they are statistically safer drivers.
The issue I do take is with women being given special rights as 'vulnerable individuals' to make accusations against men, especially where there is no valid evidence of any crime having occurred.
Statisticians reckon that that between fifty and eighty percent of assault claims made by women are deliberately falsified. Therefore if the 'insurance logic' were to apply here, the reverse should apply, and alleged victims of male violence should be required to provide a higher, not lower, standard of proof than for other crimes.
Won't get fooled again...? (cue power-chord)
We've been down this road already, what with Microsoft hiding the extension part of filenames from users, such that the user cannot tell what the function of the file is.
Compromised PC sends attachment 'youvewon.txt.exe' user sees 'youvewon.txt' assumes it to be safe and double-clicks it. Bingo, computer owned.
Agree. BAD idea.
Also interesting to note that the bulk of DNS errors are due to Microsoft's Active Directory. Though, not surprising really.
Nyelvmark, you are required to present yourself (or your legal representative) for cross-eaxamination at the Central Court on the Twenty Third Day of September, Two Thousand and Eleven, where you shall explain your actions in photographing a cinema screen with your eyes, and subsequently on the following night during sleep, of making a permanent copy of the recoreded images in your cerebral cortex, thereby commiting a copyright infringement.
As an alternative you have the option of making a $500 on-the-spot payment, which will clear you of any further charges in relation to this matter.
Eye not a camera? Brain not a recording device?
Some researchers reckon they're close to understanding how the brain stores data. If they are at some point able to extract image data from a typical lump of convoluted grey stuff, then from that point on will everyone who looks at the screen in a cinema have to be arrested for piracy?
Attacking problem from wrong end...
SPF is easy to implement but fails badly with redirected or forwarded messages. DKIM is too complex for small sites to implement. But, IP-based filtering is attacking the problem from the wrong end, anyway. It's giving symptom-treatment priority over finding a cure for the disease.
As Barry says, Email protocols were indeed created in the days of implicit trust, where spam wasn't a problem. The mailto: protocol is desperately out of date, and urgently needs to be deprecated in favour of a protocol which doesn't expose the email address to any passing robot. This indeed the very root of the problem, and in principle it's far simpler to take measures to stop spammers harvesting email addresses than it is to block botnets from spamming you.
Pity they didn't take mailto: out of HTML5, at least that would steer webdesigners in the direction of using safer alternatives.
If (say) 80% of webmasters implemented anti-harvesting measures, then the paucity of addresses to spam might well make the masmarketers decide that spamming is no longer profitable, in which case spam would virtually cease.
The other approach which warrants some thought is that of hosting companies implementing a webserver module which blocks the publication of any page containing vulnerable mailtos, or alternatively which automatically munges any mailtos found in a page. Since such an add-on would drastically reduce the spam that the host receives via its own servers, I could forsee a rapid uptake by hosting companies once the idea has been proven.
-Any Apache/IIS coders interested in taking the idea further?
It is possible to do an MBR repair if you have a proper Windows disc. But, most computers come minus that one vital item. That is the problem, and it's basically down to penny-pinching rather than any technical reason.
- Facebook offshores HUGE WAD OF CASH to Caymans - via Ireland
- Mexican Cobalt-60 robbers are DEAD MEN, say authorities
- Apple's spamtastic iBeacon retail alerts launch with Frisco FAIL
- Submerged Navy submarine successfully launches drone from missile tubes
- Pix Astroboffins spot HOT, YOUNG GIANT where she doesn't belong