* Posts by Frumious Bandersnatch

2662 publicly visible posts • joined 8 Nov 2007

Hold on a sec. When did HDDs get SSD-style workload rate limits?

Frumious Bandersnatch

could be just

some sort of "retconning" (retroactive continuity) or whatever that word is* for when some new tech becomes the new normal and we begin to look at the old tech through the lens of the new. Unlike something like "horse-power", where we do the opposite.

I always thought that the number of power cycles was the main reason spinning disks failed, though. Can rust wear out? Or does it, as Neil Young would have it, never sleep?

* the word I was looking for was probably "back-formation", it seems

Rampant robot tries to rip my clothes off

Frumious Bandersnatch

Re: Main Image

I did the same thing. Guessed it was Weird Science but didn't scan down far enough to see it mentioned. Googling what I assumed was "Shermer High School" written on her top, I found something (mildly) interesting: Shermer, Illinois is a fictional town that turns up in ten or eleven films, mostly by John Hughes.

If you work on Seagate's performance drives, time to find another job

Frumious Bandersnatch

Re: A death and decline so easily forseen...

There is no death of Hard Disk Drives and SSD

Sure, hard drives aren't going away for a while, but there's this thing called "opportunity cost". Seagate seems to have chosen to stick with spinning disks over SSD. In so doing, it's devoting its limited resources to chasing a shrinking market at the expense of building expertise, capacity and market share in the newer SSD market.

I can only guess that Seagate execs imagine SSDs to be not quite there yet and consider a shift in focus to them being a more risky proposition than riding out the cash cow for a while longer. Maybe they're right, maybe not. Time (and timing) will tell.

Google AI gains access to 1.2m confidential NHS patient records

Frumious Bandersnatch
Trollface

Welcome to the BRave new EXIT (of your personal information)

One supposes that this is just the sort of deal (with default "opt-in" clauses) that British regulators would love to sign up to. They'd totally get away with it, too, if it weren't for that pesky EU.

Closest icon I can find for a Scooby Snack (gurning counts, doesn't it?)--->

The EU wants you to log into YouTube using your state-issued ID card

Frumious Bandersnatch

Credential Systems

What's really needed is a credential system that doesn't open the user up to being tracked across all their activities. An anonymous or pseudonymous identity system is the ideal. There are a bunch of different crypto techniques and technologies that might point a way to how such a system might work, such as:

  • zero-knowledge cryptosystems, based on being able to prove knowledge of some secret without revealing anything about it
  • Bitcoin-like blockchain and proof-of-work (and probably also the monetary aspect, where participants accrue credits for proving transactions' bona fides),
  • Kerberos-like ticket granting, with ability to delegate and create signed permissions that prove the ticket is valid without unmasking the holder's identity

Unfortunately, neither governments, intelligence agencies nor big business (advertisers and the advertising companies) have any interest in providing (or even allowing) this concept of identity to flourish. On the other hand, though, if Bitcoin showed us anything, it's that you can start off with the logic of everyone only being in it for themselves and actually create something that is useful for everyone. Of course, it's not free, given that it only works because proof-of-work (and the speculative/adversarial nature of the game) has costs in hardware and electricity, but since it's kind of like free-market economics in microcosm, perhaps such an identity system could work in a parasitic/symbiotic relationship with various systems that need strong identity proofs, but are agnostic about who you are?

Ex-Apple gurus' elusive Android phone coming to UK next month

Frumious Bandersnatch

Re: Shame it isn't awful...

So... your partner comes from a long line of Rasta vampire hunters? [Youtube]

It's World IP Day! Celebrate by making money from a dead teenager

Frumious Bandersnatch

In a weirdly synchronous way

I'm marking this (at least the sub-head) and the article about Chernobyl by listening to Neutral Milk Hotel's "Two-headed Boy".

IBM says no, non, nein to Brexit

Frumious Bandersnatch

Re: Being in the EU...

Just as easy ...

I was just thinking that myself. More than half of the shell companies revealed by the Panama Papers were incorporated in the British Virgin Islands. Maybe not directly relevant to the "Brexit" debate, but then probably neither is the OP's post.

'Impossible' EmDrive flying saucer thruster may herald new theory of inertia

Frumious Bandersnatch

Re: Swingers

A quick guess would be that the entire system is effectively two coupled pendulums. When you hold onto the rope and swing your body around the point you're holding, you're doing work (expending energy to move against whatever inertia you already have). That's where the energy comes from, and because it's a coupled system, that energy gets transferred into making the swing as a whole go higher or damping its movement.

You should be able to get a similar effect by suspending a piston (say a solenoid) vertically from a spring and setting the piston to oscillate at different frequencies. My intuition tells me that you should be able to get behaviours ranging from having a point that's fixed at a given height despite the paired oscillation to tracing out a smooth sine wave, with various chaotic patterns in between.

Clucking hell! Farcical free-range egg standard pecked apart by app

Frumious Bandersnatch

Or maybe the teens just like Angry Birds?

Intel literally decimates workforce: 12,000 will be axed, CFO shifts to sales

Frumious Bandersnatch

Re: "literally" "decimates"

From Wikipedia (not a sterling source, natch): "The word decimation is derived from Latin meaning "removal of a tenth"." So I think "literally" is OK, it being literally one tenth (give or take) who will get the (OK, figurative) axe.

Canny Canadian PM schools snarky hack on quantum computing

Frumious Bandersnatch

Re: Check this out for a cool explanation

I had it exactly right because I prefaced the phrase

OK, I misinterpreted, but the emphasis you used (on "information" rather than "doesn't") suggested to me that somehow "information" (as opposed to something tangible like a photon or whatever) was something that could be transmitted without breaking the speed limit. Your use of the word "seems" ("I know not 'seems' ...") further muddied the waters for me.

So anyway, not "it seems that instantaneous information transfer doesn't violate relativity", but "relativity doesn't allow for instantaneous information transfer". All cleared up.

Still, one other niggle: "it gives a method for instantaneous cooperation at a distance" is similarly open to misinterpretation. The "spooky action at a distance" is uncorrelated until after both parties have compared notes. This "cooperation" you're talking about takes time and is definitely not instantaneous.

(with the obvious caveat that "If you think you understand quantum mechanics, you don't understand quantum mechanics" surely applies equally to both of us)

Frumious Bandersnatch

Re: Check this out for a cool explanation

allowing -information- to be transferred between the points instantaneously

Pedant alert: quantum communications doesn't allow instantaneous information transfer. You almost had it right because you go on to say that the parties have to compare notes afterwards. There's no information transfer until they compare notes and the information contained in them is still subject to classical limits on how fast it can be transmitted (no FTL, no violating relativity).

Admin fishes dirty office chat from mistyped-email bin and then ...?

Frumious Bandersnatch

Re: first rule of email admin

Probably the second rule is something like "even though I have no interest in reading your mail, each and every host it goes through does have the capability of reading it: assume that I'm the exception among these admins and if you want privacy, encrypt the mail or don't use email at all".

Not using email at all would have been the smart thing to do in this case, since the recipient metadata is still in the clear. But then, the sender probably wasn't the sharpest tool in the box and no amount of explaining would have led him to do the sensible thing.

Best course for this admin would have been to refuse to scan the emails in the first place. Or only set up filtering with the policy that all misaddressed mail will go directly to a public (office-wide) noticeboard. Either that, or refuse to look at the content and base redirections solely on the To: field. I prefer the more dramatic option, though.

South Korea to upgrade national stereo defence system for US$16m

Frumious Bandersnatch
Holmes

missing a trick

I assume that propaganda on both sides is a bit repetitive in the literal sense of being on a continuous loop. If you get a good clean recording, invert the phase and then pump that out on your own system, you can get some degree of noise cancellation in selected spots. Of course, when broadcast out over a wide area, some spots will get destructive interference (cancelling out what you don't want heard) while others will have constructive interference (making it louder).

The other interesting thing about this is that one appropriate response to the use of this tech (assuming both sides rush to use it) would be simply to turn off your own speakers. Then you save electricity and the other guy ends up broadcasting both signals with perfect fidelity.

Might not be a perfect idea, but at least some "deaf spots" could help shield your guys against the opposing propaganda.

Linux command line mistake 'nukes web boss'S biz'

Frumious Bandersnatch

bang or

Can't recall accidentally typing something like this, but I've certainly borked things up a bit by using the shell history feature "!something" to re-run a previous command only to either have a typo that called up another command instead, or brought back a nasty command that I'd forgotten was in the history. Tab completion is also another great labour-saving device that brings its own problems.

The times I've accidentally done 'tar cf *" to make a tar file, accidentally clobbering the first file? More than once. Plus dd mishaps, obviously, especially on machines where enumeration of devices (sd?, mmcblk?) is essentially random after a reboot.

/measure twice, cut once

FOUR Avatar sequels

Frumious Bandersnatch

Re: insert title here.

Avatar = Pocahontas

I always thought it was "Smurfahontas"

Russian boffins want to nuke asteroids

Frumious Bandersnatch

all well and good

ach cad faoi na smidiríní?

Dropping 1,000 cats from 32km: How practical is that?

Frumious Bandersnatch

Curiously enough,

the only thing that went through the mind of the bowl of petunias as it fell was "Oh no, not again."

'Just give me any old date and I'll make it work' ... said the VB script to the coder

Frumious Bandersnatch

Re: Effing 'Merikans

Japanese also do mm/dd/yyyy.

[Citation needed]

Western Digital spins up a USB disk just for the Raspberry Pi

Frumious Bandersnatch

Re: designed to slurp less power..

What do you mean, a new angle? atan(1) * 4 has been around since at least Pythagoras.

When asked 'What's a .CNT file?' there's a polite way to answer

Frumious Bandersnatch

Re: Her Majesties Armed Forces

@AC - "the finest and noblest of Her Majesties Armed Forces"

That would be the Royal Navy, mate.

Surely that should be she majesties armed forces? I guess that "the queens' English" is foreign to you.

Frumious Bandersnatch

To quote a famous meme

I don't know how famous this is, or how meme-ey, but I always liked the idea of pitting the Microsoft support line against Psychic Friends Network. Spoiler: it's a wash on results, but PFN gives better customer service.

Firemen free chap's todger from four-ring chokehold

Frumious Bandersnatch

Re: Oh, why not?

bar stools on one of his yachts clothed in sperm whale foreskin.

The penis bone of some aquatic mammals (yes, they have "bones", literally) have all sorts of uses. Seems they make good knife handles since they won't get too slippery if you're using it to butcher an animal.

Frumious Bandersnatch

Re: Oh dear sir,

Idiots who self inflict

So if someone is distracted while crossing the road and gets run over, it's their own fault and so shouldn't get treatment? Maybe we should resinstitute the Spanish Inquisition to take over triage duties then, eh?

It's 2016 and a font file can own your computer

Frumious Bandersnatch

Re: Septic Fónt$

VGA fonts were set by a call to the BIOS (*). I have a collection of them somewhere. I'm pretty sure that some games used custom fonts to display graphics even though they were still in text mode. Can't think of one for sure, but I think that the Kroz series of games might have used this trick.

* http://www.ctyme.com/intr/rb-0143.htm

Frumious Bandersnatch

Re: How did this ever become a problem in the first place?

But fonts? A bunch of vectors? I just don't get why they have to be so dangerous 30 years later! XML, for instance, can describe similar data without needing admin privs

But XML everywhere makes things slow, especially if you insist on it being well-formed, which the specs say it should be. Thus we have binary file formats with "nasty" things like fields indicating how many bytes are in some section of the file or data fields compressed with zlib or similar. Most of the kinds of errors arising from using these are down to insufficient checks on such fields to make sure that they make sense.

Besides the performance problem, XML isn't a panacea. It can work well for some structured data, but it essentially follows a strictly hierarchical model. There isn't any standard way to model interdependencies between one section of the XML file and another, so it's still possible to get errors where something is essentially declared in one part of the file, but never properly instantiated in another, leading to NULL dereference problems (similar to one mentioned in the article, leading to a crash) if the proper checks aren't included. XML schemas also aren't immune to designers embedding "field length" fields, either (in one way or another; compressed strings often implicitly use this feature).

Finally, I don't think your point about privileges is appropriate here, since neither the article or the vulnerability report mention it. The gist here is that if you can install a bad font file on a server then it can pass that to clients that connect. The bugs have nothing to do with admin rights as such.

Head transplant candidate sells souvenirs to fund operation

Frumious Bandersnatch

"I will fear no evil" 1970

Also:

  • The Brain that Wouldn't Die (1962)
  • The Man with Two Brains (1983)
  • Futurama (heads in jars)
  • Frankenhooker (1990)
  • Any Frankenstein film

Probably more. They're the ones I remember.

Forget Tiger Woods – here's Cyber Woods: Robot golfer hits hole-in-one during tournament

Frumious Bandersnatch

Eldrick?

Never knew that was Tiger's real name. Leaves me wondering if his parents were fans of H. P. Lovecraft (fond of words like "Eldritch") or maybe Sapphire and Steel (characters called Eldred and Rothwyn in one "assignment", though Steel points out that they're hopelessly anachronistic cover names). Tiger's too old for the S&S idea to work, though.

That's cute, Germany – China shows the world how fusion is done

Frumious Bandersnatch
Coat

Re: @paul I Wonder....

Hate to nitpick (actually when I'm right love to nitpick) but iron will fuse quite happily with enough energy and pressure

Oh, the cobalty.

Winning Underhand C Contest code silently tricks nuke inspectors

Frumious Bandersnatch

"most innocent looking snippet of code that in fact plants a virus"

Well, it's not a virus, but a fork bomb is generally very short. You could obfuscate it by writing the loop condition so that it looks like it's supposed to just run once if there's no error, but is actually designed to always loop infinitely (like the third example in the recent article here).

It's hard to disguise all bits of a virus since you need to include file I/O and that's going to look suspicious in many bits of code. Still, there are some things you could try...

1. companion viruses

It seems that these are still possible. Make a hidden .COM file corresponding to an existing .EXE or whatever. The .COM is executed when both extensions are present. Alternatively, get the user to set %PATHEXT (tell them it's needed for your program to work due to filename conflicts)

2. Unicode

If the compiler accepts Unicode characters, use the fact that some characters look the same even though they're different code points. Put an innocuous version of a routine in an obvious place at the top of a file and hide the malicious version (that's actually called) somewhere more out of the way.

3. Deliberately smash the stack

If the program looks like it should legitimately be using XOR on strings (like in a random number generator, encryption routine or similar) then introduce a bug that overwrites the call stack and executes a bit of machine code that's already embedded in the code (in obfuscated form, requiring the xor to decrypt it).

4. Other

It's a lot easier to introduce deliberate bugs that can be exploited later (by specially-crafted input) than it is to hide a complex program inside another.

Google to pump free gigabit Fiber into homes of hard-up families

Frumious Bandersnatch

Re: Time to Move?

**ALWAYS fair better**

That would be "fare".

(sorry... must be something to do with all the other spelling corrections above)

When customers try to be programmers: 'I want this CHANGED TO A ZERO ASAP'

Frumious Bandersnatch

1st story makes no sense

Did the guy requesting the change have multiple personality disorder or something? Personality #1 deduces that personality #2 will take over at some point and writes the comment to achieve some sort of victory over him? Did the guy wanting the change realise his mistake later and then travelled back in time to insert the comment when he was working for the original company?

Also, since each customer has his own version of the code, how does changing it for that customer affect the company writing the code? Surely even if they use the program themselves, they don't run a customer-customised version of it in house?

Frumious Bandersnatch

Re: C considered harmful

Are you complaining that someone forgot to put in 'case' or that enums start from zero?

In the first case, there are only around 30 or so reserved keywords in C. There are only two types of conditional statement (unless you count for/while). My point is that C is a pretty tiny language and if you use it for any amount of time you just know that switch and case go together. Why does it have to be 'case X:' and not just 'X:"? Because the latter is reserved as the syntax for defining a label so that you can jump ('goto') to a point later (and, yes, you can mix cases and regular labels--look up Zed's Device as a variant of Duff's Device). C is so small that you're expected to be able to make these kinds of distinction and always have them in your head.

In the second case, you can assign a constant value to one of the enumerated names and get var1=1, var2=2 and so on. But I don't really think you're complaining about that.

NOTHING trumps extra pizza on IT projects. Not even more people

Frumious Bandersnatch

Re: DevOps

re: gibbons

Maybe the guy who illustrated 'Watchmen'?

Little warning: Deleting the wrong files may brick your Linux PC

Frumious Bandersnatch

Re: Sounds Really Clever?

"Write" always implies "delete"

Actually, not quite. Being able to write to (an existing) file just depends on the file permissions. Being able to delete depends on both the file permissions (*) and the permissions in the containing directory. If I 'chmod -w' the directory but the file has regular rw permissions then I can write to the file, but I can't delete it.

(*) actually, it's only the rm command that will prevent me from deleting a file with no write permissions, but this is only a convention used by that particular tool. If I were to use unlink instead (either the system call or the command-line tool) setting the file to read-only would not stop the file from being deleted.

Random ideas sought to improve cryptography

Frumious Bandersnatch

Re: Way back when

use a random number generator to choose which part of PI to use

But then it fails another test of an RNG that's suitable for crypto uses: it'll be susceptible to timing attacks, assuming that you have to calculate the chosen bits on demand.

Of course, if you have enough disk space (we're talking Terabytes), you can pre-calculate the digits (and somehow make sure that seek times don't allow for a more subtle timing attack), but then it fails the practicality test.

Frumious Bandersnatch

re: That tells you that they are distributed rather than random though.

Yup. A "heat map" like this can only show you very pathological cases where the RNG is really skewed. Even then, the mind is great at picking up patterns that may or may not be there, so you could be looking at a map and thinking that it looks "unrandom" but really is still within the statistical bounds for what is random.

You're better off doing a chi-squared test if you just want to check that the generated numbers are well distributed. As Adam 1 said, though, this won't help if the number stream has some sort of discernible correlation between terms. Chi-squared is pretty crude, but it's a good sanity check.

Reg readers battle to claim 'my silicon's older than yours' crown

Frumious Bandersnatch

Agree with Model M keyboards.

I've been running my Model M system for a comparable length of time. I've changed a few components here and there (like CPU, RAM, disks and external case and screen) but otherwise it's still the same system.

(and of course, I'm using it to write this)

Facebook tells Belgian government its use of English invalidates privacy case

Frumious Bandersnatch

Mr. Cochran has the floor

...ladies and gentlemen of this supposed jury, I have one final thing I want you to consider. Ladies and gentlemen, this is Chewbacca. Chewbacca is a Wookiee from the planet Kashyyyk. But Chewbacca lives on the planet Endor. Now think about it; that does not make sense!

Why would a Wookiee, an 8-foot-tall Wookiee, want to live on Endor, with a bunch of 2-foot-tall Ewoks? That does not make sense! But more important, you have to ask yourself: What does this have to do with this case? Nothing. Ladies and gentlemen, it has nothing to do with this case! It does not make sense! Look at me. I'm a lawyer defending a major record Social Media company, and I'm talkin' about Chewbacca! Does that make sense? Ladies and gentlemen, I am not making any sense! None of this makes sense! And so you have to remember, when you're in that jury room deliberatin' and conjugatin' the Emancipation Proclamation, does it make sense? No! Ladies and gentlemen of this supposed jury, it does not make sense! If Chewbacca lives on Endor, you must acquit! The defense rests.

I love you. I will kill you! I want to make love to you: The evolution of AI in pop culture

Frumious Bandersnatch

"The author who coined the terms robotics and positronics"

Check the etymology of "robot". It was Karel Čapek's brother, not Asimov who coined it.

You've seen things people wouldn't believe – so tell us your programming horrors

Frumious Bandersnatch

re: Using = instead of ==

I usually reverse the order of conditional tests as a matter of defensive style. Instead of:

if (variable == const_value)

I usually write

if (const_value == variable)

If const_value is actually a constant (like 1 or "some string") then mistyping == as = should throw a compiler error ("attempt to modify something that isn't an l-value" or similar).

Frumious Bandersnatch

SWAP

Obviously better written something like:

int times = (loop +7) >> 3; // number of loops, rounded up

unsigned offset = loop & 7; // remainder div 8

switch(offset) {

case 0: do { SWAP;

case 7: SWAP;

case 6: SWAP;

case 5: SWAP;

case 4: SWAP;

case 3: SWAP;

case 2: SWAP;

case 1: SWAP;

} while (--times > 0);

}

Much clearer, surely :)

Back to the Future's DeLorean is coming back to the future

Frumious Bandersnatch

Re: New company finance

Well, the Guardian's obit for the man doesn't paint too nice a picture, calling him a "world-class conman", among other details. Once someone dies, libel or defamation laws don't generally apply, it seems (though some places might have time-limited exceptions for an obituary, and don't try saying nasty things about Ataturk), so you can say whatever you like about them. Still, on the balance of probabilities, I doubt that the Graun made up this stuff out of whole cloth.

US rapper slams Earth is Round conspiracy in Twitter marathon

Frumious Bandersnatch

+1 for the Thomas Dolby reference. By coincidence, I'd just queued the album up a few moments before I got to the page with your comment on it.

Virginia man charged in intriguing 'suspicious bacon' case

Frumious Bandersnatch

Mmmmm

Unexplained Bacon.

Bad luck, Ireland: DDoS attack disrupts isle's National Lottery

Frumious Bandersnatch

obvious comment is obvious

Attacks on people who are bad at maths.

Europe's satellite laser comms system set to shine

Frumious Bandersnatch

naming

Since they seem to have reinvented Fidonet, I propose they call it "Laikanet" in honour of, you know ...

IBM introduces fleecing-you-as-a-service for retailers

Frumious Bandersnatch

Re: Watch out for bugs

two sites were selling a rare book

There's a similar story (in reverse) told about two groceries that were in competition with each other.

They got into a price war with one another. Shop A started selling bread for 1 credit. Shop B responds by selling at 0.95 credits. Goes on for a few rounds, and each time shop B is sure that shop A can't beat his price any more, the price goes down again.

Eventually one of them decides they're losing too much money on the war (selling too far below cost) and calls a truce. He asks the other guy: "how did you manage it? I couldn't buy bread for below X credits. How did you manage it?" The reply: "I was buying it at your shop"

Apple's anti-malware Gatekeeper still useless: Security bloke reveals lingering holes

Frumious Bandersnatch

gnasher, you didn't understand the vuln. Gatekeeper only verifies one blob (the vendor-provided bit) but if that blob depends on external libs, you can bundle up a valid, signed blob along with a malicious version of the external libs. Gatekeeper only validates the blob and when the application is run it calls the malicious libs and the machine is hacked.

You say it's not a problem, but it is. All I have to do is put a blog post saying that company XYZ has released a new version of the app and provide a link to a tainted bundle. Gatekeeper will tell you that the protected blob part is valid and you'll be none the wiser that something bad happened.

I'm not 100% sure about how the "bundling" happens, but in terms of an analogy, it seems to be like providing a signed RPM or DEB package on Linux, but only signing the files to be installed while allowing arbitrary, unsigned install scripts to be included, leading to ownage.