* Posts by John Robson

1617 posts • joined 19 May 2008

North Wales Police outsourcing deal results in massive overspend

John Robson
Silver badge

Re: Motorists stay clear of North Wales

Alternatively motorists in North Wales could simply obey the law, then there is no risk of being fined...

8
8

Canadian live route map highlights vulnerabilities to NSA spying efforts

John Robson
Silver badge

The Canadians have it right then...

Rather than legislate against packets moving across some artificial border you make it easier for them to not bother crossing that border.

Wow - Can we (the rest of the world) elect them as the US president, and into congress?

3
0

Let's shut down the internet: Republicans vacate their mind bowels

John Robson
Silver badge

Can't we get an advisor to say...

"If only we could get Pi to be 4, then we could break this stuff"

And see them battle over that...

3
0

FAA introduces unworkable drone registration rules in time for Christmas

John Robson
Silver badge

Re: Lohan loophole

"It still has mass but I stick with the -ve weight"

It has positive weight, but the air it displaced has a greater positive weight. With most objects you don't need to consider the mass of the displaced fluid.

Take a supertanker - does it become weightless when placed on water?

No, it still weighs alot, but it is supported by the water around it.

LOHAN still weighs what it did before, but it's supported by the air around it.

1
0
John Robson
Silver badge

Re: Lohan loophole

It's weight is still positive, it's just lower than the weight of the air it has displaced... it has bouyancy, but it still has weight.

Sorry...

0
0

Tablet computer zoom error saw plane fly 13 hours with 46cm hole

John Robson
Silver badge

Re: Goooooooo Bill

"Er yes they would if you bothered to read what I wrote. If a car had a fault such that visibility was impeded or the brakes didn't apply quickly enough then the manufacturer shares some of the blame for any accident that those flaws contributed to."

Actually - you said design, not fault.

If the brakes failed at that instant then you get to share the blame with someone - but that's why there are two braking systems, so that you never have total failure at one instant.

If there was only one braking circuit, and the master cylinder exploded then I'd start to blame manufacture...

0
0
John Robson
Silver badge

Re: Goooooooo Bill

"That depends if the design of the vehicle / controls contributed to the accident doesn't it? If you couldn't see the dog because the driver's position had poor visibility, or because the brakes took too long to respond then yes Ford would have some blame to share for the accident"

No - they wouldn't

Both of those things should be in the experience of the driver - and they should be accomodating them.

10
1

Brit 'naut Tim Peake thunders aloft

John Robson
Silver badge

Good to watch...

Hadn't really appreciated that my mistakes in KSP (hot staging) were a real technique

3
0

Samba man 'Tridge' accidentally helps to sink request for Oz voteware source code

John Robson
Silver badge

Re: Complex? It's an STV election...

I was actually going for paper and pencil...

0
0
John Robson
Silver badge

Re: Complex? It's an STV election...

Hence the paper element of the ballot.

The paper ballots can be read rather quickly by the machine, and then passed on to the human team, who can confirm the ballot over the course of the next couple of days.

There are existing mechanisms to prevent ballot box stuffing, and the ability of the machines to highlight "unusual" ballot patterns could be of interest here...

In general we are very good at looking after liitle bits of paper - and understand the security of physical objects quite well, whereas in the digital domain it's very much less well understood (and therefore less well trusted) by the vast majority of people.

1
0
John Robson
Silver badge

Complex? It's an STV election...

Is it just me that doesn't think that this is a complex scenario?

I could design a ballot paper that would be human readable, and therefore easily verifiable, as well as machine readable, and therefore able to be loaded to the dB quickly.

It's not a complex problem to solve - although I'm not quite sure I understand the concept of using a lower choice vote for people who have voted for an already "Quota'd" candidate... Whose votes do you use - or do you use them all pro rated to the "excess votes" of the primary candidate.

So if I vote for someone popular I get 1 and a bit votes?

0
0

VDI comes to the Raspberry Pi

John Robson
Silver badge

Re: if SD card is a "risk"

"The PiZero doesn't have an Ethernet port. You'd have to adapt one or a wireless add-on connection via a USB port. For that cost, you've come up to the price of a Pi2 with way more power, so it hardly seems worth it for a PiZero."

I know it doesn't - and I know it only has one USB port - but with USB OTG hub+Ethernet adaptors available for < $4 I suspect we can still come in at ~$10 for the electronics.

And I'm aware that this will increase the power budget, but the power budget isn't really an issue in most cases - what will be powering the monitor for instance?

I'd really like to see a Pi based machine in a Psion5 case with a modern touch screen.

0
0
John Robson
Silver badge

Re: if SD card is a "risk"

"Congratulations. You've reinvented the 21st century Commodore 64..."

That was roughly the aim... (The exact aim was the BBC micro)

The form factor makes some significant amount of sense, given the power we can pack into tiny computers nowadays.

Heck, a couple of AA battery compartments on the back wouldn't go amiss either...

2
0
John Robson
Silver badge

Re: Woot

I currently use a citrix solution over a 54Mb/s wireless connection in the office. It's fine.

I also frequently use VNC (running in an XVFB) over IPSec to a data centre on the continent - and guess what, that's fine too.

Sure I wouldn't want to stream video on it, but then again the machine it's running on is somewhat underpowered for that anyway.

For most things I can't tell the difference between 10ms latency and 10 us latency - my ears probably could, 10ms is right in the Hass effect "limit" range, and is a useful rule of thumb when doing audio installation designs.

But on a computer - no chance

2
0
John Robson
Silver badge

if SD card is a "risk"

Then that's the first custom version - 5k of these with a small on board storage module - maybe accessed by some magic (jumper shorting) of the input power cable...

Given that this is clearly a bulk application - Monitors/keyboards with USB hubs used to be common place, I'm sure that 5k of them with a WiFi dongle, or preferably an ethernet port, wouldn't be prohibitively expensive - a Pi Zero (2) (yes I know) would be a great little central piece...

Keyboard with a few ports on the back:

- USB power in

- HDMI out

- USB out marked "Mouse"

- Spare USB out

- Ethernet port

2
0

How to build a real lightsabre

John Robson
Silver badge

Re: Do not try this at home kids...

I've always assumed that blaster shots are much like the air packets from an airzooka...

First four seconds of this video: https://www.youtube.com/watch?v=qyMKhM1yxnE

The air is moving pretty fast, but mostly in a torus, so the actual smoke ring progresses slowly, but retains it's integrity...

0
0

Microsoft extends Internet Explorer 8 desktop lifeline to upgrade laggards

John Robson
Silver badge

Really...

"Microsoft negotiated a volume discount.."

There's the problem - the gubbinment should have been negotiating...

2
1

Microsoft beats Apple's tablet sales, apologises for Surface 4 flaws

John Robson
Silver badge

Re: More Microsoft marketing lies...so silly.

"Microsoft Surface beating Apple iPad ? More units sold? What?

It never happened. Just never."

Two reasons it could have happenned:

- They chose the release month of the shiny shiny from MS, which is a a mid-cycle month for Apple.

So there is an "early adopter" bump in the MS figures and a normal replacement month for Apple.

- The normal replacement cycle for Apple devices is somewhat longer than for MS (no evidence presented or needed for this theory).

3
0

All eyes on the jailbroken as iOS, Mac OS X threat level ratchets up

John Robson
Silver badge

Re: This oculd be due to the popularity of windows...

"Perhaps you meant "VMS and BSD", but that does undermine your argument a little. There hasn't been any DOS in Microsoft's OS products since Windows XP came out, whenever that was (I was still Mac-only in those days). The NT kernel was modelled on VMS.

I use both OSes daily. There really is no difference in privilege escalation between OSX and Windows. Processes simply cannot get above their station anymore on either OS, and must ask the user for the permissions they seek."

Yes - but I couldn't remember VMS offhand, and DOS was a more polarised difference...

Priviledge escalation is possible on any OS:

http://www.theregister.co.uk/2015/07/22/os_x_root_hole/

http://www.theregister.co.uk/2009/08/14/critical_linux_bug/

http://www.theregister.co.uk/2015/06/24/killer_character_hoses_smallalmostsmall_all_versions_of_reader_windows/

http://www.theregister.co.uk/2009/09/14/freebsd_security_bug/

Just the top links from a google search of priv esc against the register domain for the mostly discussed OSes (yes I know netBSD != FreeBSD, I only searched BSD)

Of course it is far easier to ask for the rights from the user - who usually doesn't understand what's hapening and has been trained to "click yes if you want the computer to work"

2
0
John Robson
Silver badge

This oculd be due to the popularity of windows...

Or it might be due to the fundamentally different starting points of DOS and BSD

6
2

Boffins teach cars to listen for the sound of a wet road

John Robson
Silver badge

Re: What the what?

"Question: How do you KNOW you're close to the physical capabilities of your car at that given moment?"

Because I've done various amounts of driver training, including skid pan sessions. I also have eyes and ears, and choose to drive *well within* the capability of the car and road in front of me, it's not a race.

"I'd rather arrive 5 minutes late in this world than 50 years early in the next..."

Most mechanical devices will give you feedback as you approach the limit - for instance tyres start squirming (and the traction available actually increases up to a certain slip angle).

1
0
John Robson
Silver badge

Re: What the what?

"Every car that passed it altered the conditions of the road by driving through it."

Yes - but not to the extent of making a dry road wet.

If you are driving *that* close to the edge of the physical capabilities of your car then get the hell off the road and onto a track where 'getting it wrong' doesn't have the potential to kill bystanders (yes marshals occasionally get killed, but they're made aware of that risk when they sign up)

1
0
John Robson
Silver badge

Re: What the what?

As opposed to being due to drivers not driving to the conditions in front of them...

Wet roads don't cause crashes - they are the same for everyone, and all the cars in front of you managed to get past it...

6
0

Spotify mulls Swift change of policy – we can stream Taylor, but we'll charge

John Robson
Silver badge

Re: Real sample of revenue for you

I can understand why they'd like the higher royalty rate.. but is that for a song, or for an entire catalogue of 40 years of music.

The point being that you can reasonably expect that to be a continuous stream of income, generally increasing as your catalogue grows? And there is no further cost - yes I do get the cost of getting to that stage needs to be recouped, but...

I'll also suggest that it isn't the artists sole revenue stream. It's not as if the CD sales are zero since spotify, or the concerts have noone at them...

0
0

Motorola splashes £817m buying out police comms biz Airwave

John Robson
Silver badge

@TeeCee

I doubt that the VoLTE requirement was put in for Airwave's benefit. The emergency services customers rely on various features of TETRA that are not available on LTE - that is a serious risk, not just a procedural change.

These are not mobile phones, they are not used for pure point to point conversations - and the timing requirements for TETRA are quite tight - you don't press a button and wait ten seconds before you can start a conversation.

That sort of thing can be really important if you are under attack, or in a burning building, so it isn't "most of the time", it's "all the time".

Similarly a call for help will be heard by many local officers as well as the control room - allowing someone who is just around the corner to respond without delay.

0
0
John Robson
Silver badge

Re: Manx Telecom

Because the 80% coverage that all the networks claim to have is the same 80% as each other - possibly there are few little areas of difference, but it won't get above 85%, even if you merge them all..

1
0

Is ATM security threatened by Windows XP support cutoff? Well, yes, but …

John Robson
Silver badge

Nearly - but if I had a zero day on XP embedded in my pocket now I woulnd't use it for a couple of weeks.

Then I know that if it still works it will always work. AND I can also check the patches issued for whatever followed WinXP Embedded to see if the flaws fixed also existed in the older OS - and again, I know they won't be patched.

The opportunities for exploit are much higher if I know that the systems will never be patched.

12
1

Free HTTPS certs for all – Let's Encrypt opens doors to world+dog

John Robson
Silver badge

Re: 90 Day Expiry

Bad form replying to myself - but I don't need to do anything wierd with DreamHost:

https://www.dreamhost.com/blog/2015/12/03/lets-encrypt-and-dreamhost/

It should be really easy!

1
0
John Robson
Silver badge

Re: 90 Day Expiry

So renew it every month by cron - how hard can it be? Looks like a simple command to retreive a new cert, and then have a simple root script copy that into place and kick apache?

I haven't played with this yet - but I will do once my current change freeze is over...

I wonder if I can do wierd things with DreamHost?

2
0

Google snoops on kids via Chromebooks, claims EFF in FTC filing

John Robson
Silver badge

Really?

"This allows Google to track, store on its servers, and data mine for non-advertising purposes, records of every internet site students visit, every search term they use, the results they click on, videos they look for and watch on YouTube, and their saved passwords."

Every search term, every result and every youtube video - all of those are under Google's control at the other end so of course they can monitor them...

Most sites nowadays are accessed through a search, so every site is only a small extension of that...

Saved passwords - shock horror, not quite sure that they have the time or inclination to find an individual 7 years old's password to an educational games site....

Yes - the settings should be off by default, or at least be presented on a first boot/account creation basis...

0
0

Competition watchdog dismisses plans by TfL to uber-regulate Uber

John Robson
Silver badge

And presumably it's not a UK only valuation...

But the tax system is, in general, a complete shambles

6
0

Court: Swedish ISPs can't be forced to block Sweden's Pirate Bay

John Robson
Silver badge

And any speeding tickets you get in Germany can be handed back to the government to pay...

Shame you can't pass them back to the car manufacturer, but the government will have to do...

0
0

Uber Australia is broke: 'We don't pay tax because we don't generate revenue'

John Robson
Silver badge

Re: It beggars belief...

"As I understand from the very broad definition, If you're getting paid, it's an enterprise. If you're not getting paid, it's a car share."

I don't think it unreasonable to expect some remuneration towards petrol & wear and tear (as defined by your government's own tax office).

Car sharing without is fine if you drive half the time, and I drive the other half, but if you always do the driving then I'm not contributing appropriately to the arrangement - paying 50% of the relevant milage rate seems fair to me - and probably good for you as well.

Carry two people to work (which I could easily have done at a previous job and you can either cut the costs in 3, or maybe everyone you carry is happy to put in 50% - in which case your own commute is free.

1
1
John Robson
Silver badge

Re: It beggars belief...

"If the goal is to help cover your commuting cost then my instinct would be that such an arrangement would not qualify, so long as the trip would have been made regardless of any paying passenger."

That was the case I was putting forward. But I can't quite work out how you would decide where that case stops...

Presumably where your petrol & wear costs are more than covered?

0
0
John Robson
Silver badge

Re: It beggars belief...

Interesting - but is a driver who, for instance, accepts a fare each way on their regular commute acting as an enterprise?

I'm not entirely convinced that they are - it's just a dynamic, and large, car pooling service.

Obviously if you are just driving around all day grabbing fares then you are operating as an enterprise...

How far out of your way do you have to go to become a taxi rather than a car share?

1
6

Tech firms fight anti-encryption demands after Paris murders

John Robson
Silver badge

Re: WRONG

Maybe because they shouldn't have been reading it without a warrant.

And those warrants are so hard to get, you need to convince a judge and everything...

The VCR legality case, where significant non infringing rights were established, seem s applicable here. There are significant non infringing uses for cryptographics. Therefore they should remain legal, despite the potential for 'missing' a terrorist you knew about anyway...

3
0
John Robson
Silver badge

Re: Join up your thinking

"American senator Dianne Feinstein, who chairs the US Senate Intelligence Committee, told MSNBC: "If you create a product that allows evil monsters to communicate in this way, to behead children, to strike innocents – whether it's at a game in a stadium, in a small restaurant in Paris, take down an airline – that is a big problem.”"

How did they get to those places - by road. What did the Romans ever do for us?

26
0

Car radars gain sharper vision after ITU assigns special spectrum slice

John Robson
Silver badge

Re: I always wonder...

It's been done with a video camera and a 150? "pixel" square on the tongue...

Allowed someone to go rock climbing IIRC...

Edit: Added:

BBC news link (2011)

Discover Magazine link (2008)

611 electrodes in an array on his tongue.

3
0
John Robson
Silver badge

Re: Interesting link

Can your eyeballs penetrate fog? Not really.

Why assume that this is the only system available - advantage of sensor arrays is that you can easily design a few of them - 79GHz, and optical, and IR, and???

Some might not work very well in fog, but between them they will easily exceed the capacity of the plasmic scanner available to the current control system...

2
0

BitLocker popper uses Windows authentication to attack itself

John Robson
Silver badge

Re: Sadistic?

- Is that, typically once a quarter, really so insufferable?

Once a quarter? Try every 30 days (i.e. not quite aligned to months)

Particularly when you normally work remotely (at a client site) and therefore don't get any warnings of password expiry...

2
0

Child abuse image hash list shared with major web firms

John Robson
Silver badge

MD5 Bad....

PhotoDNA - I hope it's somewhat better...

2
0

California cops pull over Google car for driving too SLOWLY

John Robson
Silver badge

"Without valid reason..."

So you are suggesting that conforming to the Californian regulations for their vehicle (which was in California at the time) wouldn't be a valid defense if for some odd reason they chose to prosecute a purely Californian case in Germany???

0
0

CloudFlare drinks the DNSSEC kool-aid, offers it on universal basis

John Robson
Silver badge

Re: Trust is supposed to be a two way street

That's why there is LAV (Look Aside Validation) - so you can have alternative checks of the key's validity.

It's a bit like saying that IPv6 hasn't been fully deployed so we shouldn't bother

1
0
John Robson
Silver badge

Re: All I want to know

No - and it doesn't make you coffee either...

It alows you to verify that the record you just got back from your query to theregister.co.uk was indeed signed by The Register, as authenticated by ".co" as authenticated by ".uk" as authenticated by the root.

Given that you visit frequently you can also use a preload or triangulationto further verify that the cert chain hasn't been tampered with.

You could of course add DNSCurve to secure the request/response to/from the DNS server you spoke to, but they probably keep logs anyway.

There is no reason DNSSEC cannot be used with DNSCurve - and you can add preloads and triangulation, amongst other things to provide further verification [more importantly to increase the cost of an attack, since that is all we can ever really do]

When diud you last clear out the 600+ certificate authorities in your browser?

3
0
John Robson
Silver badge

DNSSEC does provide a decent chain of trust though - you can see who you are trusting in the URL, no need to check that the cert isn't issued by a dodgy elbonian authority.

It could also allow a sideband transfer of HTTPS certs, allowing those certificate chains to be combined into one, easily visible chain of trust.

3
0

Thin Client Devices Revisited

John Robson
Silver badge

I use a thin client...

an iPad - add mouse support and they are great little devices.

I access a full fat Linux desktop running in a virtual frame buffer usinf X11VNC over a VPN tunnel.

The fact that it happens to be on a VPS in some far off datacentre doesn't ever seem to cause an issue. Of course I'm not doing anything too challenging on it...

When I contracted for the NHS they had CAROL (Computer Access Regardless Of Location) and it was nice to disconnect in one office, drive home, then 6 hours in the other direction and sit down at a random desk to the same desktop, with the applications still running....

I did manage to kill it once (I went to IT and suggested that I might, and could I have a test server - It'll be fine they said. When 20% of the office got simultaneously disconnected they gave me a test server)

3
0

Your taxes at work: Three hours driving to turn on politician's PC

John Robson
Silver badge

Really - there wasn't a cleaner or anyone else in the building...

...that she could have asked what colour the light was?

I'd have suggested she grab someone off the street to check the colour. I am presuming that this is before the days of camera phones, where a simple picture message of the light would have done the job...

8
1

US military readies drone submarine hunter

John Robson
Silver badge

Re: WTF, ok i may be a little late to the party but !!!

Alot of salaries on a destroyer..

Random destropyer picked on wikipedia - 35 officers, 218 men.

And that ignores any consumables...

3
0

Virgin Media whines about Sky's customer service claims, ad watchdog agrees

John Robson
Silver badge

Re: Why only private companies

Apparently three people disagree and think that collisions are better at higher speeds. I just hope they don't get trusted with a couple of tons of metal with a significant power plant in it on a regular basis.

1
3
John Robson
Silver badge

Re: Why only private companies

Speed is however a massive factor.

It increases the energy involved in any collision. Since the energy is proportional to the square of the speed even relatively small speed increase makes a significant increase in the energy brought to the scene.

It decreases the time available to react to any situation - whether that be a mechanical failure or a human failure on your own or someone else's part. It also increases the distance required for that reaction to occur - compounding the difficulty.

Obvioulsy travelling at 30mph (relative to what?) doesn't kill, but the energy which does kill people is readily available at speed, and judging by the number of road deaths each year is beyond the capacity of many people to reliably control...

1
4

Forums