* Posts by John H Woods

2247 posts • joined 14 Nov 2007

TalkTalk attack: 'No legal obligation to encrypt customer bank details', says chief

John H Woods
Silver badge

Does there need to be an obligation to "encrypt" ?

"Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."

--- UK Data Protection Act

In what way is that not an obligation to encrypt?

48
0

TalkTalk attackers stole 'incomplete' customer bank data, ISP confirms

John H Woods
Silver badge

Re: It is time for a PSA

"In which case dial 1471 or a friend's no. first to make sure the line has disconnected." -- Captain Badmouth

Not sure it's beyond the ability of a clever crim to fake the voice-synthesized response to 1471 -- I'd stick to calling a person whose voice (or whose response, e.g. "4As Taxis") you will recognise. Better still, use a mobile which cannot still be connected to the previous call.

I'm not sure why the calling party must hang up to disconnect the call on a landline, can this be fixed?

Can we start a campaign to make it illegal for outbound calling agents to ask security questions, and restrict them to giving names and/or reference numbers and a request to call back?

0
0
John H Woods
Silver badge

It is time for a PSA

(Public Service Announcement)

It won't be popular with some companies with bad practices but tough.

"Never, ever, give an agent any details on the phone when they have called you. You don't know who they are unless you are the one making the call to a number whose provenance you trust"

* it might be best to call that number from another phone - you cannot be sure the dial tone you hear is not being played to you by an attacker who has not actually hung up

7
0

So what's the internet community doing about the NSA cracking VPN, HTTPS encryption?

John H Woods
Silver badge
Pint

Re: Questions

"Pedant alert - having done all the nice mathsie bits, you kinda spoiled it by putting an exclamation mark on the end. (n! Factorial)" -- Velv

Ouch, yes. d'oh ... Have 568ml of beer on me ...

6
0
John H Woods
Silver badge

Re: Questions

"There are a finite number of prime numbers that use 2048 or less bit" -- Wade Burchette

Finite yes, but also ENORMOUS.

The number of primes less than x, pi(x), is approximated by x / (log x-1) or more roughly, but more conveniently, x / (log x). For 1024 bits, x = 2^1024 which is about 10^308.

pi( 2^1024) ~= 10^308 / 1024 ~= 10^305. As there are probably only about 10^80 atoms in the universe, give or take a power of 10, no such list can exist, even for primes of 1024 bits. For 2048 bits you'd be looking at > 10^600!

So although you have to use primes (otherwise the encryption wouldn't work), "the finiteness" of the number of primes is not a problem. But I thought it was a reasonable question, so if you do get any downvotes, they weren't from me :-)

52
0

Caption this: WIN a 6TB Western Digital Black hard drive with El Reg

John H Woods
Silver badge

You talkin' to me? You talkin' to me? You talkin' to me?

0
0

Drunk driver live-streams her slow journey home

John H Woods
Silver badge

"Tonight I'm the designated decoy"

LOL, but; in the UK at least I think you could be prosecuted for drunk driving on the basis of that statement. IANALBIPOOTI and I think that Accessories and Abettors Act (1861) still has a relevant provision in force (much of the Act has been superseded by the Criminal Law Act 1967) that states:

"Whosoever shall aid, abet, counsel, or procure the commission of any indictable offence, whether the same be an offence at common law or by virtue of any Act passed or to be passed, shall be liable to be tried, indicted, and punished as a principal offender."

0
0

Connected kettles boil over, spill Wi-Fi passwords over London

John H Woods
Silver badge

If you want to save time

one of these would probably be more convenient as well as £30 cheaper. Also the iKettle appears to be only 2.4kW --- have they deliberately reduced its power to extend the boiling time to make the remote switch-on functionality look a little bit more useful?

1
0

Sprint sprints away from no-throttle policy – punishes 'unlimited' network hoggers

John H Woods
Silver badge

@Ceiling Cat

Hi, thanks for the clarification - brain not working well at the moment. I guess I'd accept 23GB/mo as a mobile limit for everything except 'landline replacement' use where wired broadband is not available. I'm a pretty heavy mobile data user, but I've not been over about 12GB/mo since a fiber deployment took our local speed from under 2Mb/s to about 30. Nevertheless, I agree it should not be called 'unlimited'

1
0
John H Woods
Silver badge

"23Gb/month is very far from unlimited" -- moiety

Indeed. For some internet purposes it's quite restrictive - less than a dozen films ... some single Steam games are bigger than this - I think some may be approaching twice the size.

3
1

Weight, what? The perfect kilogram is nearly in Planck's grasp

John H Woods
Silver badge

Another problrem with the standard ...

... is that, being from 19th C. technology, who knows what's in it? I heard it had shrunk by about 50µg since its manufacture (my guess would be loss of about 1ml of H2 but it could be loss of surface greases)

1
0

Mold whine: Soylent superfood shipments stopped by spore scare

John H Woods
Silver badge

Not all molds are created equal...

... for instance, even in just Aspergillus species there's a big health & safety difference between those varieties which are aflatoxic and those which are not.

0
0

WIN a 6TB Western Digital Black hard drive with El Reg

John H Woods
Silver badge

Hey!

Where did the living room go?

0
0

Boffins: We know what KILLED the DINOS – and it wasn't just an asteroid

John H Woods
Silver badge

Re: the thing about space

"I remain to be convinced that an impact this small could have triggered the Traps" -- Alan Brown

Whilst I agree the impact was 'small' compared to other events (e.g. the P-T) it was still in the top five known Earth impacts; around 100 million megatons TNT.

For context, that's about about 20x the boom of that big chunk of SL-9 hitting Jupiter. It's about equivalent to 4,000 tonnes of matter->energy conversion or, if you want something more concrete, over ten thousand times the current global nuclear arsenal, which is over twenty million times the total explosive use of World War II (Hiroshima and Nagasaki were only 1% of the WWII explosive load).

2
0
John H Woods
Silver badge

Terminology:

(Correction suggestion sent).

"Tertiary" no longer has an official stratigraphic rank according to this pdf and the period immediately following the Cretaceous is the Paleogene, making the boundary in question the K-Pg. Doesn't sound as nice as KT but no point fighting it, unless you like Pluto-really-is-a-planet fights.

4
0

Lies from VW: 'Our staff acted criminally but board didn't know'

John H Woods
Silver badge

Re: We only found out about the problems in the last board meeting

"Any other talent is an o̶p̶t̶i̶o̶n̶a̶l̶ ̶e̶x̶t̶r̶a̶ actual disadvantage" FTFY

0
0

Boffins make brain-to-brain direct communication breakthrough

John H Woods
Silver badge

Re: Do we all experience this regularly?

"On this one occasion, I read a message from a friend, that related to a very important family incident that I was not aware of (and needed to be aware of).

The header was not unusual at all.

Why did I choose to do that with this one message out of thousands?"

Here's a possible rational explanation: in scanning the junk (a lot) more processing is happening than you think --- you are just not conscious of it. Something in the content jarred and the unconscious scan poked your consciousness and said, hey, read this one.

No telepathy involved; and none in the reported experiment either --- one makes ones brain do something distinct by deliberately focusing on a different stimulus, the signal is transmitted, and a stimulus is presented to the recipient, where the two stimuli that are possible are easily distinguished.

0
0

Robber loses heist case after 'evil twin' defence, gets 60 years

John H Woods
Silver badge

Re: It happens

"I was afraid the cops would get him confused with me and put me in jail for his crimes" -- ma1010

You're lucky. I look like bloody Anders Breivik.

0
0
John H Woods
Silver badge

Re: Not technically identical...

"[a] Even identical twins don't have identical DNA ... [b] there is a lot of random rearrangement ... [c] this isn't something that could be used in a legal case as it's a very specialised difference." -- Adam Trickett

[a] Yes, but for most practical (i.e. forensic) purposes it is, if not actually impossible, difficult to distinguish using the standard routine procedures -- unlike the fingerprints;

[b] I would dispute your use of 'a lot' --- you could detect copy number variants; possibly some epigenetic changes; possibly some age-related changes (more success likely with older twins) but it's likely you'd need more detailed tests than a standard 'genetic fingerprint';

[c] if it were important enough to genetically distinguish between 'identical' twins it would be possible; but if there was decent fingerprint evidence you wouldn't have to bother ... which was kind of my point.

3
0
John H Woods
Silver badge

"I thought the evil twin defence is a defence used by actual twins, where it is not possible to prove which twin committed the crime" -- SuccessCase

For identical twins, even though the DNA is the same, some other factors (e.g. fingerprints) are different.

2
2

Indianapolis man paints his ball every day – for FORTY YEARS

John H Woods
Silver badge

Re: Darwin Awards Equivalant

"No. It increases quadratic[al]ly, not exponentially." -- Phil Endecott

Apart from the spelling, this has got to be pedantic correction of the week.

4
0
John H Woods
Silver badge

Re: wha?

"Physio the rapist" -- Rich 11

Positively benign compared to "Psycho the rapist"

8
0

CHEAT! Volkswagen chief 'deeply sorry' over diesel emission test dodge

John H Woods
Silver badge

Re: Hmm...

Thanks big_D, understood.

1
0
John H Woods
Silver badge

Hmm...

I've got a 2.0 TDI A3 cabriolet, and have noticed a sort of bimodal behaviour. If I drive making 'effective progress' I get a pretty reasonable (for the performance) high 40s / low 50s mpg. However, if I really back off on the throttle (keeping the same sort of top speeds, but really accelerating slowly and coasting to decelerate) it jumps straight to low or even mid 60s. Am I turning on testing mode? And if so, am I about to run out of something (urea?) as a result?

2
1

You want the poor to have more money? Well, doh! Splash the cash

John H Woods
Silver badge

I came to the same conclusion ...

... from the opposite direction: realising that some people could not afford to do a couple of hours work a week if they could get it, without incurring huge financial penalties. How can that make sense? Every hour that one is prepared to work should make one marginally better off, unless it is an explicit (whether stated or not) aim of the government to keep some people out of jobs.

We could also save a huge amount of money by dismantling the enormous, massively intrusive system of benefits and replacing it with non-means tested alternatives. A system which couldn't be gamed, i.e. housing costs + a minimum income with additional benefits reserved only for special needs would seem to be much more useful.

9
0

We are the Knights who code Ni!

John H Woods
Silver badge

Re: I don't quite understand ...

@gokr, thank you very much for your detailed response -- I will look for you on IRC

0
0
John H Woods
Silver badge

Re: I don't quite understand ...

Yes, I read the blog post. I'm certainly not a Smalltalk expert either (I was, once upon a time); my view is that:

As for improved syntax, I'm sorry but I don't see persuasive examples here. Smalltalk doesn't have any syntax apart from three reserved words, some delimiters and a particular form of message passing. There is certainly no syntax for handling dictionaries or other collections, you just send them messages. If you don't like the standard messages, you can use different ones. Is it that you don't like the way messages are passed?

I'm not sure what the advantage with not declaring a functions parameters is. If you want a function with variable arity, aren't you just passing it a collection of parameters? (Or, even better, invoking a function implemented by a particular class of collection?)

Every variety of Smalltalk I have used integrates easily with C.

Smalltalk supports parallel code but support for native threads is interesting - however, the lack of this in most Smalltalks is an issue of the Virtual Machine, rather than the language.

I'm not dismissing potential improvements here - I'm extremely interested. In particular I may have misunderstood the issue concerning functions. I would concur that many Smalltalks have ended up 95% like ST-80 but I think there is a good reason for that; it is, in my opinion, nearly perfect. I also think though, that in agreeing that all Smalltalks are very nearly ST-80, you have somewhat undermined your argument that it is difficult to compare its advantages to Smalltalk in general, rather than a specific implementation. If that is true, it suggests to me that your real advances are primarily in the interpretation of bytecodes (i.e. VM work) rather than in language design.

0
0
John H Woods
Silver badge

I don't quite understand ...

... what advantages it has to Smalltalk. Anyone care to explain?

0
0

RFID wants to TRACK my TODGER, so I am going to CUT it OFF

John H Woods
Silver badge

"I thought we all used the microwave for drying clothes...." -- Boris the Cockroach

Yeah, but it's only you that can survive doing it whilst wearing them!

11
0

WIN a 6TB Western Digital Black hard drive with El Reg

John H Woods
Silver badge

Funding Committee (via Skype): "There's been a misunderstanding, Doctor, we were sure your application stated research into composite bosons"

2
0
John H Woods
Silver badge

The only trouble is that it goes titsup if you lie back

3
0
John H Woods
Silver badge

This could be dangerous in the wrong hands, let's keep it away from the Norks.

3
0

Apple VICTORY: Old Samsung phones not sold any more can't be sold any more

John H Woods
Silver badge

Re: I missed that one!

"was it obvious in 1996?"

I don't know how old you are but I suspect many of us could have written the regexp for detecting telephone numbers in 1986 let alone 1996, it would only be something like [^0-9+-() ]\+?[0-9-() ]+[^0-9+-()] I'm sure that can be revised but as I just typed it without stopping (I'm walking the dog at the moment) and I'd hardly call myself a coding genius, that should give you an idea how easy it is.

10
0

Man given positive pregnancy test in an Apple Watch box

John H Woods
Silver badge

XKCD

946

Disclaimer: I'm still glad to be in the car on the left, when all's said and done.

5
0

Microsoft throws crypto foes an untouchable elliptic curveball

John H Woods
Silver badge

Re: Yeah but...

You should acquaint yourself with Kerckhoffs' Principle

4
0

Jeremy Corbyn wins Labour leadership election

John H Woods
Silver badge

Re: Congratulations!

"The NHS [...] consumes (tax payers) money like a Hoover"

According to The King's Fund UK spending is about the OECD average, lower than Germany, France, the Netherlands and Canada and significantly lower than the USA.

21
1
John H Woods
Silver badge

Re: i for one, welcome... (actually I don't but that's by the by)

"But what's his stance on tech? "

Let's just remember, we aren't voting for a dictator, or even a president. It's quite possible that he will form a (shadow) cabinet which will temper his most left-wing views: we won't know until we see a manifesto.

The problem with British democracy remains a dire combination of First Past the Post, the whip system, and the left-right partisanship. We've decided that swinging from boom to bust is bad, why is the only way we can moderate our government by swinging from right to left? Can't we have: a parliament roughly reflecting the views of the electorate; MPs voting according to their conscience and their constituencies even if this is sometimes against the views of their leadership; and sensible constructive discussion leading to consensus government?

I live in safe seat - my national vote will make no difference at all. It's a bit of a relief really: as a pro-military liberal; a pro-nuclear green; an anti-pansurveillance patriot and a fervent believer in both market capitalism and a state health service, I have no idea who I could vote for anyway.

70
0

Reddit's ousted Ellen Pao abandons Silicon Valley sexism sueball

John H Woods
Silver badge

Re: last para..

"depends what you consider to be a "widely accepted fact"." --- raving angry loony

Indeed -- the only way to tell whether it something is widely accepted is to take a sample of the population at random and ask them. That is the point of doing jury duty selection at random. Jurors should be trusted to exercise proper judgement in the specific case under consideration; where you can't rely on this a process without a jury would be more appropriate.

Also the precise nature of the question matters. Do you think that sexism is so endemic in the IT that women can never be treated fairly? No. Do you think there is sometimes sexism in the IT that affects the careers of women? Possibly, I don't know. Do you agree there is no place for sexism in IT? Yes. Do agree there is no sexism in the IT industry? No.

4
0
John H Woods
Silver badge

Re: Interesting last paragraph

"Would you want a bunch of Apple fanbois on the jury, deciding if Android infringes Apple's rounded images patent?" -- AC

No, I'd want a representative sample of the population. That could easily include one or more 'fanbois' and/or one or more Apple sceptics. If you are going to outright chose your jury you'd be better off with a non-jury trial informed by bunch of hand-picked experts; if you are doing a jury trial you need to make sure that your jury represents the population at large. The more 'selection' that is allowed, the more chance the randomly chosen sample will deviate significantly from the make-up of the population. In fact, that is why preemptory challenge was abolished in the UK by the 1988 Criminal Justice Act.

7
4
John H Woods
Silver badge

Re: Interesting last paragraph

That shocked me too. What's the next step in juror selection, asking people if they might possibly find for the plaintiff, and rejecting anyone who says yes?

4
10

Cracktivists pop 11 MEELLION Ashley Madison passwords

John H Woods
Silver badge

Re: Poor article

Sorry that's a bit garbled, I'm not well at the moment. Say you have a dictionary including common passwords. You then get access to the a set of bcrypt12 hashes and the salt . You can now begin to check for passwords - you add the salt to each password in your dictionary and run it through bcrypt12. Problem - that is a slow algorithm (on purpose). However, AM had also stored the MD5s of some tokens they had foolishly made (I may be simplifying a bit) by concatenating together lowercase usernames, passwords and a salt. "johnhwoods::password123::salt". Now, MD5 is fast, and you know the usernames and the salt, so you can very quickly look for collisions. If you find that password123 gives you a collision, you know that some case variant of it is the answer. So now, you only need to check 256 case variants: you'd probably start "as is" then the 8 combinations with one capital, then the 28 with two etc. Suddenly instead of needing to run your whole dictionary through bcrypt you just have a few variations.

2
0
John H Woods
Silver badge

Re: Poor article

My understanding is this:

They effectively stored what amounted to the MD5 hashes of the passwords AS WELL as the bcrypt ones.

Brcypt$12$, applies 2^12 (4096) rounds of hashing. This should make the leaked bcrypt passwords very expensive to crack, and that's why AM said the passwords were safe. HOWEVER, there were also "tokens" of some sort, represented by the MD5 hashes of (prior to about June 2014) a concatenation of the lowercased username, lowercased password and the salt string. The salt and usernames being known, very many guesses could be made at the password: you just run through a list of lowercase passwords, inserting them into the input and, because MD5 is so fast (unlike bcrypt) very many guesses of these can be made in a short space of time. When you get a collision, you know what the lowercase of the password is. So then you just have to try all that password in every possible case combination and (especially as many of the passwords had low numbers of capitals -- many had none -- this is not that hard) run those through bcrypt$12$ to find out what the password was.

8
0

WIN a 6TB Western Digital Black hard drive with El Reg

John H Woods
Silver badge

Did I miss it, or has no one mentioned...

"Snake, SNAKE, SNAAAKE!?"

0
0

GCHQ wants to set your passwords. In a good way

John H Woods
Silver badge

"I don't understand why password meters should not be used, except to facilitate the cracking by intelligence agencies." --- SII

I think it's just because they are crap -- see examples above. The only realistic way to check user-generated password complexity is to ensure that it's not on a list of known passwords. It might be possible to make a reasonable stab at guessing whether a given password is from a password manager though, by applying various tests of randomness.

0
0

Apple's iPad Pro: We're making a Surface Pro WITH A STYLUS over Steve Jobs' DEAD BODY

John H Woods
Silver badge

Re: #notallbusinesscards

I googled that and only got your comment! I have received a fair few business cards over the years and, although there have been some odd shapes, I don't think I've ever had an A shape one: I think A9 would be a bit too small anyway, it's more like a coupon. Maybe A8 might do the trick.

0
0
John H Woods
Silver badge

A9 business cards ...

... would be an unusual shape. AN is 2^-N square metres with sides in the ratio of 1:sqrt(2); A9 is 37.2mm x 52.6mm. Most business cards are 85mm x 55mm aren't they? Probably US ones are in inches but i think they are a bit too oblong to be A-shape.

0
0

Cuffed Texan woman holsters loaded gun IN VAGINA

John H Woods
Silver badge

Re: Hang on

1) revolver different story

2) actually some (rare) revolvers do rotate the cylinder on firing, these are called "automatic" (although, strictly speaking they are of course semi-automatic). Manual (most) revolvers rotate the cylinder and cock the hammer when you pull the trigger (rather than when you fire the round).

0
0

Toyota chucks 50 MEELLION BUCKS at AI car tech

John H Woods
Silver badge
Joke

Re: All they need...

You don't need Strong AI to drive a car, otherwise most of the people on the road would be incapable of driving.

1
0

Forums