* Posts by Frumious Bandersnatch

1947 posts • joined 8 Nov 2007

London-based Yahoo! hacker gets 11 years for SQLi mischief

Frumious Bandersnatch
Silver badge
Joke

"reputational damage"

First off, I hate this "reputational damage" malarkey. What's wrong with the good old-fashioned "damage to their reputation"?

Secondly, without saying "they deserved it" for having such a basic (sqli is basic) vulnerability, the fact that this vuln was so obviously latent, just waiting for someone to come up and turn the key, as it were, should the full cost/blame fall only on the first guy to "immanentise the escutcheon"?

1
1

Do AI chat bots need a personality bypass – or will we only trust gabber 'droids with character?

Frumious Bandersnatch
Silver badge

by answering more questions

> And IBM has Watson, a machine that famously beat human competitors by answering more

> questions correctly on the American game show Jeopardy.

Hmm, should that be "questioning more answers"? It is "Jeopardy", after all. I guess I'll have to leave it to the AI to decide which is more correct...

2
0

Cosmology is safe and the Universe is one giant version of the Barbican

Frumious Bandersnatch
Silver badge

Re: non-istotropic

... as do graphics-card manufacturers ("anisotropic filtering").

0
0

Pretending to be a badger wins Oxford Don 10 TRILLION DOLLARS

Frumious Bandersnatch
Silver badge

From Junior to Senior Pinocchio

I'm always touched by that moment in the story myself, where he realises he's not a real boy. The part where his hand catches fire.

2
0

Lethal 4-hour-erection-causing spiders spill out of bunch of ASDA bananas

Frumious Bandersnatch
Silver badge

Re: Spiders are not insects.

Bill Bailey (not that one) quote ftw. Can't help being reminded of the bit in In Bruges, speaking of picking sides:

https://www.youtube.com/watch?v=4REO0pucYY8

"It's gonna be a war man, I can see it ..."

0
0
Frumious Bandersnatch
Silver badge

Re: Your arse

But how about watermelon, or durian?

Huh? You mean you get durian shipped into the UK? Colour me surprised.

0
0
Frumious Bandersnatch
Silver badge

Re: What A Way To Go....

> "I know what it means, i didn't even have to look it up......."

I was rather surprised that the author didn't try to work it in somewhere (oops, no pun intended).

Kind of hard (oops) to make a pun out of "priapism", but maybe describe the spiders as "peripatetic priapistic poisoners"?

0
0

TRUMP: ICANN'T EVEN! America won't hand over internet control to Russia on my watch

Frumious Bandersnatch
Silver badge

Trump deserves a Nobel Prize for this

Being living proof that the magnetic monopole exists? People have won one for less.

0
0

Legend of Zelda cracked with 6502 assembly language glitch

Frumious Bandersnatch
Silver badge

Re: Things have moved on.

> ARM was inspired by 6502.

Yes and no.

http://www.theregister.co.uk/2009/06/11/pcw?page=2:

Sophie Wilson, the best 6502 programmer ever, became disappointed with what she could do with the BBC Micro, and went off on her own to design a RISC processor that would do all the good things she liked about the 6502, and all the other things which she wished the 6502 could do.

So apparently the nice thing about 6502 was the simplicity of it, but they were determined to build something completely different (a RISC processor with no real architectural heritage from the 6502 itself):

https://people.cs.clemson.edu/~mark/admired_designs.html#wilson

I can still write in hex for [the 6502] - things like A9 (LDA #) are tattoed on the inside of my skull. The assembly language syntax (but obviously not the mnemonics or the way you write code) and general feel of things are inspirations for ARM's assembly language and also for FirePath's. I'd hesitate to say that the actual design of the 6502 inspired anything in particular - both ARM and FirePath come from that mysterious ideas pool which we can't really define (its hard to believe that ARM was designed just from using the 6502, 16032 and reading the original Berkeley RISC I paper - ARM seems to have not much in common with any of them!)

5
0
Frumious Bandersnatch
Silver badge

BASIC. (#) ... correctly. (##) But

1. You're using stringification (#) outside a #define

2. (##) evaluates to (), which isn't allowed outside function declarations

3
0

FBI overpaid $999,900 to crack San Bernardino iPhone 5c password

Frumious Bandersnatch
Silver badge

Re: Fragile evidence...

... but I play one on the Internet

trivial change to "but I play one on TV"

2
0

EU ends anonymity and rules open Wi-Fi hotspots need passwords

Frumious Bandersnatch
Silver badge

Re: Meh

specialises in running public hotpots

Did someone say pubic hotspots?

0
0

Pass the 'Milk' to make code run four times faster, say MIT boffins

Frumious Bandersnatch
Silver badge

OpenMP ... does not have a compiler

er, mpicc?

I wish that I could say that IKWYM, but then again, the same comment can be levelled at the author of the article. I didn't know that the Goss brothers got back together. (Oh wait... that was "Bros", not "dross". Carry on).

0
0

Still got a floppy drive? Here's a solution for when 1.44MB isn't enough

Frumious Bandersnatch
Silver badge

What I'd like to see

A USB dongle that I can plug into a PVR (or other box) that will appear to the box to be a standard USB drive, but in reality connects wirelessly to wherever your actual storage resides. It might not be the most effective use of your wireless bandwidth, though: a USB2 connection would saturate an 802.11n link, but you might get 2 or three such devices working on on .ac link. Still, the convenience and cool factor seems like it could be a useful gadget to have.

I suppose a more useful version of this would come with wires. Do any NAS boxes exist that let you emulate a different disk drive (each with its own storage space/quota) over different USB OTG links?

2
0

EU verdict: Apple received €13bn in illegal tax benefits from Ireland

Frumious Bandersnatch
Silver badge

Euro paean to Irish tax arrangements

Just looking at the image at the top of the article. Irony much?

0
0

North Korea unveils its home-grown Netflix rival – Manbang

Frumious Bandersnatch
Silver badge

Re: Typical monolinguistic anglophone

Yeah, "meh" on the "manbang" being funny. I actually liked Samurai Champloo (from Manglobe studios) and didn't feel overly inclined to fall into paroxysms of laughter at the mention of either "loo" or "globe". But that's just me ...

Anyway, on a slightly different, but slightly related note, check out Chuck Norris vs. Communism. Best Romanian film I've ever seen. Hmmm... not meant to damn with faint praise ...

2
0

Linux malware? That'll never happen. Ok, just this once then

Frumious Bandersnatch
Silver badge

Re: How is this a Linux issue?

You fail English.

0
1

Microbes that laugh at antibiotics: UK sinks £4.5m into China-Brit kill team

Frumious Bandersnatch
Silver badge

Re: "Super gonorrhea"????

Reminds me of the old joke "What do you give the man who has everything? Penicillin."

Kills 99.9% of bacteria. But they're not the ones I'm worried about ...

0
0

Linux security backfires: Flaw lets hackers inject malware into downloads, disrupt Tor users, etc

Frumious Bandersnatch
Silver badge

Re: Won't you think of the children?

Numbers are all one syllable in most asian languages - easier to process

Well the exception proves the rule, I guess: 「一」の読みは「いち」です。

0
0

Prominent Brit law firm instructed to block Brexit Article 50 trigger

Frumious Bandersnatch
Silver badge

Re: What a horrible waste of time and money

Alternately this is the only way

Surely you mean "alternatively", Shirley? (and yes, I did call you Shirley)

0
0

Bill Gates cooks up poultry recipe for Africans' paltry existence

Frumious Bandersnatch
Silver badge

Re: And they would have to sell the chickens to buy the food to feed them.

This also reminds me of one of the contributory factors in the great potato famines in Ireland. Smallholders lived off a subsistence diet of spuds while cash crops like grain were by and large exported.

Granted, in this case, the cash crop (chickens) are owned by the small farmers themselves rather than the landlords, but if your subsistence farming isn't going so well, those chickens are going to start looking mighty tasty. I won't be so churlish to point out the supply/demand side of things if suddenly everyone is selling chickens... (ok, I mentioned it)

It's a noble gesture at least, but I think you need to need to tackle both aspects (getting better/more reliable yields from subsistence farming and cash crops) at once.

Plus, how much research has gone into the particular breed of chicken being given out? I would hope that there's a pretty diverse selection (good, wide genetic pool) with particularly hardy breeds suited to the local conditions.

2
0

In-flight movies via BYOD? Just what I always wan... argh no we’re all going to die!

Frumious Bandersnatch
Silver badge

Re: "never fails to amaze and appall"

This is a murcanism that I was not aware of. My apollogies.

(Incidentally, it has helped me fulfill my downvote quota for the month. Many thanks)

0
0
Frumious Bandersnatch
Silver badge

"never fails to amaze and appall"

"The very fact that so much stuff in the digital age is bashed out poorly and left uncorrected indefinitely never fails to amaze and appall"

I guess that qualifies as a variation on McKean's law: when pointing out errors in other people's writing, you'll invariably make mistakes yourself.

To be fair, though, when I hit the "corrections" button on The Reg, the article usually does get updated.

0
1

Unicode serves up bacon emoji

Frumious Bandersnatch
Silver badge

@ John Tserkezis

Your objection has been unduly noted.

0
0
Frumious Bandersnatch
Silver badge

Surely the existing ≈ is close enough?

Nope. You want to be able to print these on bacon dispensers hand-driers, so the bacon warm air symbol needs to be pointing down.

(Egad! I guess if you look for long enough, everything ≈ ≈)

0
0
Frumious Bandersnatch
Silver badge

Re: They forgot one

> "REEEEETARDED"

Calm down, AC. I'm sure you'll get in next time.

1
0
Frumious Bandersnatch
Silver badge

Re: Well done

Don't you mean "Salami Rushdie"?

/a-salami-ah-like-um

0
1

As US court bans smart meter blueprints from public, sysadmin tells of fight for security info

Frumious Bandersnatch
Silver badge

Bleh

Once you send a letter to someone, it's their property. Strike one against "Streisand"

Once the information in the letter has been released, you can assume the terrorists have it (skipping a few steps here) so suing because they might get it undermines your whole case. Strike two.

There's no legal framework that prevents you from proving yourself to be a blithering idiot, so I'm going to call this one "strike three, and you're out".

4
0

Database admin banned from Oxford Street for upskirt filming

Frumious Bandersnatch
Silver badge

"man in the crowd"

"with the multicoloured mirrors on his hob-nail boots..."

I was trying to remember the name of the Japanese film with a similar theme, then managed to find it with Google: https://en.wikipedia.org/wiki/Love_Exposure

Very funny film, in spite of (because of?) the perversion angle.

1
0

Flying filers and Game of Thrones: Jon Snow? No, latency is dead

Frumious Bandersnatch
Silver badge

Re: A Monster Calls

Is that the kids' book about the lens-grinder from Omsk?

0
0

French authorities raid Google's Paris HQ over tax allegations

Frumious Bandersnatch
Silver badge

財閥? (zaibatsu)

Isn't that like a Chaebol in Korea---a family run business? I think the right word is 'keiretsu' (系列).

3
0

Google-backed solar electricity facility sets itself on fire

Frumious Bandersnatch
Silver badge

"Plus one has to calculate the current angle of the sun [etc.]"

Why? Every schoolboy can figure out how to steer the sun's reflection in a wristwatch so as to dazzle somebody. No calculations required.

All Archimedes' rig would need (I'm speculating) would be a smaller targeting mirror with a shorter focal length attached to the main mirror, along with a separate targeting reticule (I think it's called). Then targeting would just involve moving the rig until you have a line of sight from behind the targeting mirror, through the reticule (which would be lit up) to the ship beyond.

The real problem, as you mention, is the quality of the mirrors and their fixed focal length. You would need a fairly large number of these to set fire to a sail.

1
0

The Sons of Kahn and the Witch of Wookey

Frumious Bandersnatch
Silver badge

"Maketh My Teeth Hurt Just Reading This"

Baklava!

2
0

Mads Torgersen and Dustin Campbell on the future of C#

Frumious Bandersnatch
Silver badge

Re: Functions returning multiple values.

Perl subs (and some builtins) have this too, via the ability to return a list. You can aid readability firstly by properly documenting the calling convention, but also by using constants to simulate enums. For example:

use strict;

use warnings;

use constant {

Dev => 0, Ino => 1, Mode => 2, Nlink =>3, Uid => 4, Gid => 5, Rdev => 6,

Size =>7, Atime => 8, Mtime => 9, Ctime => 10, Blksize => 11, Blocks => 7

};

print "This dir's mode is ", (stat ".")[Mode], "\n";

Of course, Perl is a pretty pathological language. You can even modify the type of thing returned (via something like wantarray) depending on the calling context. Loads of scope to shoot yourself in the foot.

0
0

Chaps make working 6502 CPU by hand. Because why not?

Frumious Bandersnatch
Silver badge

Re: Hat off. Beer raised.

It turns out I can still remember 6502 assembly op-codes...

I think I can only remember A9 (LDA, immediate mode?) and EA (NOP).

For shits and giggles, I tried to write a Hello World program without looking stuff up. Can't remember exact instructions and addressing modes, but I think it might go something like ...

SCREENBASE EQU XXX

TEXT DB "Qbrf vg jbex?"

DB 0

CLX ; (clear X?)

loop: LDA (TEXT,X) ; (do loads set flags? does this need Y-index addressing?)

JZ done

TAY ; (Y <- A?)

AND 0x20

PUSHA ; (remember case)

TYA

OR 0x20 ; (make lower-case)

CMPA 'a'

JLT fix_case ; (A < 'a'?)

CMPA 'z'

JLE rot

fix_case: POPY ; get back case bit

ORY ; (A <- A or Y?)

STA (SCREENBASE,X)

INX

JMP loop

rot: ADDA 13 ; (or just ADD 13?)

CMP A, 'z'

JLE fix_case

SUBA 26

JMP fix_case

1
0

Destroying ransomware business models is not your job, so just pay up

Frumious Bandersnatch
Silver badge

Re: in a way, but

Ransomware can also permeate into backup media

True, but keeping an eye on the backup process can help detect large deltas.

The way I do backups has been the same for many years:

  • Use Linux and ext* file system
  • increments start by making a hard-linked (cp -l) copy of previous snapshot
  • Use rsync or similar tool that only overwrites/transfers changed files
  • Similar arrangement for 2nd, 3rd generation backups

If something were to start encrypting files en masse, I would see it pretty soon, either in the rsync summary (being longer/larger than usual) or in the size of the increment as stored on the disk---after the backup, I calculate the delta size by counting files that only have a single hard link; these must be the changed files. Because hard-linking takes up relatively little space, I maintain these "snapshots" going back for quite a long time and only delete them manually, so that gives me a second chance to notice any damage and to roll back when it does happen.

I also use a hand-rolled file integrity system based on the same idea as the "shatag" tool. I will periodically update SHA256 hashes for all files and store them in the file system as extended attributes. I also collate these hashes across all machines and use the metadata to enforce a replication policy across multiple machines (or at least to verify that it's working). I've also got a separate scheme (using erasure codes to give a high level of redundancy with modest overheads) for cold/archival data.

One other thing I've toyed with is using the LVM snapshot facility. It could replace the hard-linking scheme I use to some degree. In this case, larger-than-expected deltas would overflow the copy-on-write buffer, alerting me to something strange/unusual via a message about a failed backup. I prefer the hard-linking scheme, though, since it's more permanent and gives better historical integrity. LVM's snapshot facility is perfect for backing up volumes with databases on them, though, since you get an atomic backup without needing to lock the database first.

3
0

Raspberry Pi Zero gains a camera connector

Frumious Bandersnatch
Silver badge

renaming?

It's not very "zero" if they're adding features. I propose renaming it Pi Epsilon.

3
0

Art heist 'pranksters' sent down for six months

Frumious Bandersnatch
Silver badge

smuggling paintings *into* gallery a better prank

https://en.wikipedia.org/wiki/Brian_Cowen_nude_portraits_controversy

(Brian Cowen was the Irish Taoiseach/Prime Minister at the time)

3
0

ZFS comes to Debian, thanks to licensing workaround

Frumious Bandersnatch
Silver badge

did this solution

"emerge" in Gentoo first? The pun aside, I'm guessing that source-centric distros (Gentoo) probably don't have the particular licensing issue so long as you don't distribute the resultant binaries?

1
0

Ooh missus, get a grip on my notifications

Frumious Bandersnatch
Silver badge

Re: "photos of my nob"

noun (cribbage) ...

But that would be "one for his (ie, the Jack's) nob(s)" (and two for his heels)

0
0
Frumious Bandersnatch
Silver badge

"this is a horrible situation"

*chuckles*

0
0

Super-slow RAID rebuilds: Gone in a flash?

Frumious Bandersnatch
Silver badge

Re: RAID5 no longer has a role with hard drives

Therefore you should be using big RAID sets, like 14+2.

But if you're going to be using such a large number of disks, it makes more sense to use an erasure code. I assume that 14 + 2 means that you have 16 disks and you can tolerate 2 failures.You might think that three near-simultaneous failures is going to happen infrequently enough that you can ignore it. I guess you've heard people talking about waiting ages for a bus and then two come at once. It's all based on the Poisson distribution: (independent) rare events can and do happen in clusters. You might say there's more chance of winning the lottery and being struck by lightning but things like that do happen

I found a calculator tool and it told me that in a 16-disk setup (16 x 5Tb), with 10Mb/s available for rebuilding, MTTF of 3 years and resupply time of 7 days (no hot spares), the chance of a data loss is 1/37.6 per year for a RAID 6 array.

A once-in-40-years chance might not sound too bad although that is only for one array. If you're in a data centre with 40 arrays, you can expect around one such failure per year.

Anyway, to actually get to the point, you use the Poisson distribution to calculate the likelihood that a certain number of independent disk failures won't happen in the window when you're rebuilding the system. The more disks you add, the higher the probability that these rare coincidences will happen. The best mitigation for this is to increase the redundancy level, so that if instead of a 14 +2 scheme, you used a 12 + 4 one (ie, an erasure code) you're (roughly) exponentially less likely to suffer from catastrophic failures.

Add in the fact that Poisson arrival rates are only an assumption, and that clusters of disk drive failures can happen more frequently than the model suggests (eg, bad batches from a single manufacturer), it makes even more sense to use an erasure code for arrays with many more disks than the standard raid setups (more than 4-8 disks).

3
0
Frumious Bandersnatch
Silver badge

Re: Rate this article: not the finest

whilst saying nothing about wtf erasure codes are

Also, the article mentions "RAID-vs-erasure code rebuild times" but doesn't examine them. Perhaps in a follow-up article? Erasure codes (like Cauchy-Reed-Solomon) are mathematically optimal (both in terms of bandwidth and storage space), so they will always be at least as good as the equivalent RAID scheme (with the same number of erasures).

I have another gripe about the maths in the article. When measuring overhead, surely it is the difference between raw capacity and usable capacity expressed as a fraction of usable capacity? Or, in other words, how much extra storage would I need to add to "raidify" my setup? That surely is the only sensible definition of "overhead".

Your first example (6 drives in RAID 5) has the correct overhead figure: for a usable capacity of 5 drives, add one more to make it RAID-5, which is an overhead of 1 drive in 5 or 20%.

You start going wrong from there. With 10 drives in RAID 5, the usable capacity is 9 drives, so the overhead is 1/9 or 11.111...

In the RAID 6 example, you say that a 4-disk system has overhead 50% when it's actually 100% overhead. RAID 6 tolerates 2 failures, so that's your original 2 disks + 2 for redundancy, with 2/2 = 1. Likewise for 10 drives in RAID 6. You have add 2 drives to raidify an 8-disk array, so the overhead is 2/8 = 12.5 (not 20%)

2
0

We're calling it: World hits peak Namey McNameface

Frumious Bandersnatch
Silver badge

Re: Pah!

MMmmm. I like Ruth Negga.

The Undertones: https://www.youtube.com/watch?v=tSdsTkqerOw

Happens all the time /

Its going to happen - happen - till your change your mind

1
0
Frumious Bandersnatch
Silver badge

Re: Pah!

HuBBuNZ uHLLuH TuhM was an Undertones song, no?

0
0

Opera claims 50 per cent power savings with browser update

Frumious Bandersnatch
Silver badge

"Firstly, cognitively you can't keep 200 items in the stack"

(TL;DR at the end)

I'm guilty of keeping hundreds of pages open at a time. Right now I have 4 windows with 214, 180, 158 and 102 tabs. In my defence, I'll say first that it's not a stack. It's more like a serialised/flattened tree (or actually, a forest). When I middle-click a link, the new tab opens next to the referring page so the flattened tree structure is maintained no matter how many pages I open.

Most of the pages that I have open relate to some particular search topic that I've been interested in following up on. The easiest way to do that is to speculatively click on a bunch of promising-looking results from a search engine, scan some pages and then either refine the search or drill deeper within existing search results or the sites that I've already opened.

I don't think that using bookmarks is a very good way for dealing with this kind of ephemeral collection of pages, although if the browser had a feature to bookmark (or pop out into a separate windows) a range of tabs, I would definitely use that. Instead, If I want to jump back into a particular search tree, I just go to the address bar and type some relevant keyword and use the "switch to tab" feature to find where I was when I went off to do something else. This is much easier and less work than using bookmarks or trawling through the history (which is basically unusable in Firefox) to try to recover the state of my search trees.

Every so often I do a sweep of open pages, starting from the most recent (rightmost) tabs. It's usually easy to spot a range of tabs and delete them all (individually; again, a "delete range" function would be brilliant) without needing to scan the contents. If I remember that there was something in that tree that I might want to come back to again, I'll find the best links and note them in some way (in a bookmark folder or in a wiki that I use for note-taking) and then close all the tabs. If I know that I haven't finished some search, I'll skip that range and deal with it in a second sweep.

So anyway, the TL;DR: if you have enough RAM to be able to keep loads of tabs open, it makes for a very easy and lazy way of keeping on top of tons of disparate islands or pockets of information that you're interested in. You probably want to scale back on doing this sort of thing on a work machine (find some other way of reminding yourself of things to check out later) but it's nice in the comfort of your own home.

4
0

TalkTalk customers decide to StayStay after £3m in free upgrades

Frumious Bandersnatch
Silver badge

Re: If Only...

And what the heck does "our learnings" mean, anyway?

It is an Internet Servings Providings company, after all.

(and no, just because gerunding (oo-er, missis) verbs can be done, it doesn't mean you should)

1
0

Forums