44 posts • joined Friday 5th December 2008 12:12 GMT
It's a gamble but...
Why not make this the payload on the falcon heavy test flights? In terms of personnel - why not sell time on it to universities around the world and use that to pay the tech staff?
Well, I could go on about the tech detail, but the exciting thing it is exactly like the 60s! Develop a new rocket design from scratch in 7 years, getting it man rated, talking about trips to Mars - the 60s rocked for space innovation and so does this!
Hang on - isn't this just FUD
With no specification to refer to this is a concern about what might happen - i.e. not news but a group that is using the news to get its oar into a discussion. Given that many of these organisations are still on IE6, have huge paper based systems and over run IT projects failing to replace them at vast expense I'm not sure that I'd want their input.
If you take a look at AQA's recently released specification for GCSE computer science it leaves the technologies up to the schools. (spec here: http://web.aqa.org.uk/qual/newgcses/ict/computer-science-overview.php)
This specification IMO is exciting, strikes a good balance between theory and practice, and will probably produce a generation of students who will think of a computer as able to do something more than making paper documents pretty.
What's with the tortured acronyms?
Once upon a time they named space missions to be mythic (Mercury the swift messenger, Gemini - the twins etc) then they transitioned with Apollo (both mythic and the acronym "America's Program for Orbital and Lunar Landing Operations") and gone further into contorted acronyms ever since.
Why not just name it something and have a separate description rather than a painfully contrived acronym that gives very little understanding...
Once is enough
Just overwrite the drive once with zeroes using dd and it'll be fine for anything below top secret or the recipe for coca cola.
To get round that would require such a ludicrous amount of effort as to never be worth it - or to put it another way, it'd be a lot simpler and more reliable to stage a break in and steal the disks before you wipe them...
The ribbon is mostly a good thing
Most people in business have not the slightest idea how to use 99% of the functions in MS Office. This wastes a hell of a lot of time and effort. With the ribbon I've noticed that my users are finding some of the more interesting functions.
If I had given them the option they would initially have stuck with the menus and continued to not use 99% of the functionality. Now they use about 5% - well, you can't have it all can you!
OK - this is how a one time pad works
The one time pad IS inherently and provably unbreakable (properly implemented of course). There is obviously some confusion about this:
A one time pad is pre-shared encryption key that is used for only one message and then discarded. The key is of at least equivalent length to the message. Each letter in the message is shifted by the amount suggested by the corresponding part of the key. The key must be properly randomly generated.
Frequency analysis will not work as every instance of each letter is shifted by a random amount. Because the key length >= the message length there is no repetition of the shifts to attack. In the same way the discarding of the key after one use prevents analysis over several messages.
You could try every key combination - but that would just yield every possible message of equivalent length with no way to distinguish the right message - i.e. for a 17 letter message you would have all of the following decrypts:
WE ATTACK AT DAWN
WE ATTACK AT DUSK
STEVE LOVES KATIE
DINNER IS IN OVEN
To put it in context:
A simple shift cipher (ROT 13) is attacked by trying all the values to shift by
A Caesar cipher can be defeated by frequency analysis
The Spartan cipher rod is a transposition cipher and can be broken by putting the code into various tables
Polyalphabetic ciphers (using a different cipher alphabet for every nth character) are vulnerable to frequency analysis - but each alphabet needs to be broken individually.
Machines like Enigma change the cipher alphabet for every character, but do so in a pre-determined way given a particular set of initial settings.
A one time pad uses a different cipher alphabet for every character but does so in a 100% random way.
I work for a charity. Everyone here works for substantially less than charity sector rates let alone market rates. They also work very hard with many doing a lot of unpaid overtime. I think you're probably slighting a lot of people who work in the charity sector and make a real difference.
People seem to have this silly idea that charities should all be run by OAP volunteers and spend nothing on administration. Why is it silly? because they also want the charity to be effective, efficient, and accountable. That means a heck of a lot of administrative work. Small administrative costs, effective, fully accountable - choose two!
An example - I get people telling me that we should use email rather than print media to communicate with them because it's cheap. I guess that's because they have an experience of sending *an* email. What they don't get is that you have to send someone out to do the interviews, send someone to get the photos. Because some people don't want email we need to get a designer to put the thing together. We then also need to pay the printer and the mailing house - which with bulk discounts cost virtually the same amount as before. I then have to adapt that content for email and send it via a bulk mailing service. You can't send it through outlook as bulk mail gets rejected as spam if you do.
I can give a hundred examples of such complexities and get fed up when people moan about this stuff with no idea of what it really involves or costs to get things done.
I agree with senior executive pay being an issue (it isn't and issue here mind) - but you have to pay people a living wage - they do skilled jobs.
The big install issue
If firefox could be bothered to build an MSI installer, and release an adm pack to be able to configure FF installations then I'd consider it as an option. Chrome is just as bad.
The main issue is keeping the damn things patched across the organisation.
If there was support for Chrome and Firefox I'd add it as an installable option via group policy.
And yes, I do know that there is 3rd party msi support, and that there are adm files out there - but really, it wouldn't be so hard to maintain the msi and adm as part of the regular build.
What you have there is a shambles, not an IT department.
If you want good IT then hire two people - one who is a technical whizz with a proven track record and one who gets on with the technical whizz but has business sense and can talk to management. Then give them what they need - mostly budget, staff, a strategic voice, and free pizza.
Actually to be totally secure it's neither
Technically the Quantum Key Distribution enables the distribution of a one time pad.
Symmetric keys* and asymmetric keys indicate encryption methods that are both vulnerable to cryptanalysis - i.e. you can crack the message without knowing the key, or you can guess the key from the message.
A one time pad uses a random key at least as long as the message. As long as the key is truly random this makes the message totally uncrackable without the key. You can try every possible key, but this will reveal every combination of characters of the same length as the message.
Of course due to the one-time nature of a one time pad key distribution becomes the biggest problem and weakness. QKD essentially strives to solve this problem, implementation issues aside.
Of course for plebs like us we just have to be happy with unencrypted records secured in a public train carriage without an attendant civil servant.
*yes a one time pad is a symmetric key in terms of the same key is used to encipher and decipher the message, but it is used for a single message and then thrown away.
Fixed Vs Variable costs perhaps?
Developing a new format is a fixed cost, whether you produce one thousand or twenty million devices the cost of developing it remains pretty much the same.
Licensing is a variable cost scaling with the number of consoles sold, and in all probability the number of game discs sold as well.
At small scales licensing makes sense. At large scales it only makes sense if the licenses are dead cheap or if you don't have the capital to develop your in-house system in the first place. This is pretty much the same argument as Google developing and producing its own network kit rather than using off the shelf stuff from Cisco or similar.
Incidentally I would say that this also applies to hosted services via the cloud. Setting up your own in house servers makes no sense as long as the fixed cost is high and the number of users low. Once you grow above a certain number the reverse is true.
It's the marking that's the problem
In order to enforce a curriculum and have measured 'standards' ICT (or cumputer studies as it was in my day) is getting killed.
The reason a class is asked to turn in near identical posters is because that's a lot easier to compare, mark, and show that we have reached a standard.
Children then become like dogs doing tricks - with little comprehension of why except they get a treat of approval at the end of it.
I wouldn't mind the MS Office stuff as people desperately need educating. The problem is that it is stuck in the 90's teaching bold, italic, underline, and font sizes rather than styles which amount to semantic markup. In excel people really need to understand how to construct a formula that matches a given equation. They need to understand how to aggregate data, use pivot tables etc. These are the things which will make you an invaluable employee.
The limit is in Bequrels per litre - not an absolute amount
Title says it all
Er - no
The judgement you have posted clearly refers to someone who is "Walking across a pedestrian crossing pushing a bicycle"
That does not broaden automatically to "anyone pushing a bicycle is a foot passenger". It's even qualified with "having started on the pavement on one side on her feet". How would that ever apply to someone who is starting on the road?
Surely it's about appropriate measures?
Your security is only as good as it's weakest link.
When I decommission HDDs I wipe the drive with random data, take it apart, score the platters, take them out, dispose of the electronics separately, and then if I don't need a new coaster I use a pair of pliers to bend the platters.
It's possible that someone could still get data from that drive - but really, how much effort would that be? How much would that cost - just following the tracks round a warped surface that you could never flatten would be bad enough.
It would, I suggest, be much cheaper and easier to break into my office and steal the HDDs from the running servers, or to hack in.
On the other hand if you carrying missile plans etc then your office is probably more secure than most. In that case, destroy it. utterly.
The thing is that most data loss (at least that which we hear about) is due to leaving unencrypted devices on trains or sending CD's through the post, or selling on old PCs without making sure that they are wiped first. Flash drives don't get decommissioned - they get lost.
All this making sure there are no large chip fragments is rubbish except for the highest grade - if you have broken the devices electronics then you've eliminated all except those that are prepared to solder. If you break each chip then my guess is that you'd need some pretty hefty hardware along with some dedicated boffins and a large payroll to get anything out of it.
Anyone got an idea of the technique, an approximate price list for the equipment?
The salt is combined with the password before hashing. You can store the salt in plain text in the table next to the password hash (one for each user).
When a user enters their password it gets combined with the salt and then hashed. If it matches the hash value then the user is let in, otherwise no. This defeats rainbow table attacks which look up the hashed password in a large database of password hashes.
The only advantage I can see of concealing or encrypting the salt is that someone can attempt to break each password one by one to get back to the original plain text - this however is infeasible and is the reason people started making rainbow tables in the first place.
If you put the salt if first the position is never given away as the entire hash changes with just one character different in the salt. Putting it in after is just obfuscating the hash and is easily crackable.
By the time someone is using rainbow tables you can pretty much presume that they have your entire password file/db, any web code, and anything else in your back end database - otherwise what is the point of using them? This means that they already know where you put your salt (it's in the code after all). They already know what your 'secret' salt is as well.
If you have put in the salt after the hash then you'll need to go back and look at that...
Hashing passwords is not security through obscurity - it's a peer reviewed open technique that is mathematically proven (given the absence of Quantum computing and that P=NP is not true)
This article opens with a comment about algorithms, but then goes on to discussing programming languages. Programming languages and the relative usefulness and popularity thereof are not what computer science is about (or at least wasn't when I got taught).
Programming languages are merely instances of programming paradigms (of which I learnt several). Algorithms span languages (and most of the time paradigms). Most real world problems can be reduced to one or more well understood algorithms. Each of these algorithms offer different overheads. All of this can be worked out without ever turning on a computer.
What the author seems to be complaining about though is not people merely missing this knowledge (and a lot are missing it). He seems to be complaining about the lack of ability to apply this theoretical knowledge, and the lack of experience of mucking about with computers just for kicks.
I don't blame the universities for that - I blame the sealed slick computer experience that is Macs, Windows, Facebook, Google etc. It is entirely analogous to the mechanical knowledge that is disappearing due to cars being only fixable by the garage, and consumer electronics so cheap that there is little point finding out how they work. If a 9 yr old knows how to program then good on em, but the days of the bedroom programmer are gone.
Spaceships, orbital and sub orbital
This is just a re-run of the old confusion about Alan Shepard being the first American in space (in a 15 min sub orbital hop very similar to Virgin's plans) and John Glenn being the first American in orbit (what people today think of as being in 'Space'). Sub-orbital was also all that was needed to secure the Ansari X-Prize
Its a smart plan - book up the sub-orbital schedule with early adopters and get your foot in the door, make a shed load of money and then use it presumably to develop orbital capability and charge all the early adopters again. Meanwhile the now well tested and streamlined sub orbital model can be punted to the well off rather than the super rich. Just like DVD and Blu-Ray!
Running speed of the colossus
"Design of Colossus started in March 1943 and the first unit was operational at Bletchley Park in January 1944. Colossus was immediately successful, and the Colossus – Tunny combination allowed ‘high grade’ German codes to be decoded in hours. This proved immensely useful during the D-Day landings. The parallel design of Colossus made it incredibly fast even by today’s standards, a modern Pentium PC programmed to do the same decoding task taking twice as long to break the code."
So that seems like it was from the late nineties. Processor speeds should be at least 64 times faster by now, along with significant speed increases in other areas.
Having said that, I don't know if the poor old pentium was given a crib, or if it just had to chew through the whole lot. That all said, I think it's feasible that the Cray-1 could still give a modern pc a run for it's money in certain operations.
I agree, and yet just because there are many valid ways to accomplish something that doesn't mean that there are none that are just plain wrong in any set up. The criterion for me comes down to does it work reliably and accomplish what it's meant to without exposing us to serious risks of data corruption or security breaches. If yes then we can have a polite discussion about whether it is the most elegant, efficient etc solution possible. If no then it's wrong and needs to change.
Patents just suck!
Petty minded suits stopping the adoption of the best technology for the situation. Sucks.
Watched an interesting documentary the other day on the humble shipping container (no, it was interesting). The inventor gave royalty free patents to the industry so that everyone could use the same containers with the same locking mechanisms etc. Imagine how world trade would suffer if each company ran their own dock with their own container mechanisms, with their own lorries. Or if each dock had to have a specific crane for each container type.
But no, the suits sit there with their DVD region codes, content scrambling systems, proprietary codecs, and frickin iTunes stores all trying to monetise their little slice of the net as if it were a fixed product. Instead they could be putting together infrastructure that would allow completely new levels and new types of industry to form.
Don't see a problem
I appreciate that there may be laws against this - but I still don't see an issue.
Using open WiFi is like sending a postcard - also a point to point system. I wouldn't write anything on a postcard that I didn't want a postman to read. For that matter, sending email is exactly the same - it'll probably go over several servers with data being logged. The difference is that Google was purposefully looking from the outside I guess. Still, http traffic is routinely stored and inspected by your ISP, the web host you are browsing to, and any number of analytics companies. People get outraged, but if they only knew the amount of data stored on them this'd pale into insignificance.
The practical upshot is clear - there are widely implemented, widely available, well documented ways to secure your communications. If you don't use them then you are liable to be listened in on.
Problem is people treating programming as a subject
This is an A-Level in computer science, not a vocational course in programming.
I learnt Pascal at A-Level - and it was great for learning about ALGORITHMS. Algorithms is what Computer Science is fundamentally about. Pascal is perfectly adequate for teaching this, whilst hiding some of the complexities of C (strings and pointers I'm looking at you).
At degree level I did more pascal - this time looking in more depth at algorithms with more complex data structures (trees etc). Only in my second year did I touch C, but armed with a trusty K & R it didn't take me long. I also did modules on Functional programming, predicate logic based languages, and object orientation. So that's four different paradigms, two of which are rarely used in industry. Practically all the rest of the course was algorithms and concepts. Why? BECAUSE IT'S COMPUTER SCIENCE!
If you can't pick up a manual and get up to speed quickly I would question whether you had learnt anything about computer science at all.
too many twits make a tw*t
I think David Cameron had it right.
I wish that this story was an April fool somehow held up in the El Reg approval queue. Anyone out there welcoming our new numpty overlords?
How about this as an idea
I want a phone with a fast processor - fast enough to be a netbook
I want it to be the size of a normal phone
I want to be able to plug it into a monitor, lcd tv, or even a pad like screen that I an carry with me if I need to do extensive work.
I want to be able to plug in usb devices
I do not want to carry around my computing world on two different devices, both of which I have to keep in sync with a device at work and a device at home.
Now as for toddlers being able to play with iPads, and other comments about things just working with apple - fine, go for it, revel in the sandbox of your closed system and throw your cash at people who get things to work for you in a way you can understand - this is your choice.
Don't however deride those who want more control, who are interested in what lies beneath. This is exactly the kind of person that is making your iPad work for you, or your networks, or your latest downloaded app.
Compelling != Good
I admit it, I have a 24 problem. I start watching a box set and it robs me of my sleep, makes me irritable, and here is the shocker - it isn't that good. I don't savour an episode, I wouldn't watch one twice, I just want more.
Most modern action movies / TV shows are like crack. You get gripped, you get your fix, you forget about it and go after the next one. It's an addiction pattern, not one of appreciation.
Er - no
75% of fixes being contributed being from paid coders does not automatically equal 75% of coders being paid unless all coders contribute an equal amount.
It seems to me far more likely that the paid coders can contribute all day every day and so contribute more code.
OK, so that's the component cost - now add assembly, testing, shipping, support, wastage
I used to work in the gift business and standard mark up was 6x the cost price of the item - that's how you make money.
To be honest I'm surprised it costs so much for the components (although bulk pricing will help a bundle)
Super Secrecy - not
Not one person has, as far as I am aware, ever been prosecuted using evidence from a detector van, nor has a search warrant been served on the basis of such evidence. If they had then the defence would be able to ask for details of how the technology works, and how that establishes proof. Just consider all the protests against wrongful conviction with speed cameras.
Of course the BBC refuses under the FOI act to give out details of the technology, the number of vans, the prosecution rate, or just about anything other than their own FUD.
I did however write to them telling them that I am withdrawing their implied right to access to my property (so they can't even come up the driveway) and to my surprise got a polite letter back from them for the first time ever.
Still, the sooner they remove the wretched licence and fund the beeb out of general taxation the better.
CRB isn't a bad idea - just poorly implemented.
Having worked with youth groups, where it saves you is when you have someone enquire, you tell them they need to do a CRB, and then they never get back to you.
systemic and repeated abuse does happen (although not as much as the daily mail would have you believe). It typically happens in high trust situations, and that's the issue. One of the reasons it occurs in faith groups is the high level of trust because of the unspoken assumption of morality.
It's very easy to speak of lives ruined by being wrongly identified on a CRB check. There is a solution to that - get better at running them. As for people trusting the clearance too much - well that is also an issue for doing things better in that organisation. Scrapping the whole thing stops the 10,998,500 checks that were done properly, let alone those who were deterred by the prospect of having to apply.
The scout association has been running checks for donkeys years with a central agency (before CRB they used their own system). They turned down Thomas Hamilton (who carried out the Dunblaine shootings) - not a bad spot that one!
You're probably right about document destruction - but in a way that's the point I was making - from being able to do a suborbital hop to walking on the moon took just over eight years - even with doing all the learning for the first time.
And all of it was done without CAD software, computer simulations, composite materials. It should be a hell of a lot easier now - so what gets in the way?
It does all cost a hell of a lot, but not that much in the scheme of things - as JFK said "A staggering sum of money, but somewhat less than we spend on cigarettes every year"
Still, there we go - perhaps the Chinese will put the American's backs up and get things moving again.
Surely it can't be that hard? (relatively speaking)
1961 - First American in space, less than a month after Gagarin
20 Days later JFK commits to the moon programme. At this stage the mercury capsule is little more than a pressurised bubble on top of a redstone rocket (Basically a Ballistic missile) on a *Sub Orbital* hop.
1969 - Armstrong on the moon - that's eight years and a couple of months (and a hell of a lot of dollars I'll admit).
So then NASA spends years on the space shuttle, space stations etc, and somehow it now takes till 2020. Sure the goal is more ambitious, but with all that learning under their belts what is holding NASA back?
Standing up for office
Never thought I'd be the one asking this- but why is everyone so down on office?
My experience of office is that it generally is a good product - the biggest issue always seems to be the person operating it. Why does it do this? they say - well it's because you've not defined this, understood that, and checked this I reply.
It's like complaining that your guitar doesn't work because you can't get the tunes to sound how you want. Well, either skill up or go buy Guitar Hero, or a CD. What is it with people wanting tools to be versatile, professional, etc AND so easy you can use them without learning how, or even thinking in some cases.
For doing lots of little bits of one off data manipulation Excel is totally weapon of choice. With VBA office lets you do practically anything. Most people complain because what they want is a tool somewhere just above wordpad and a calculator.
There is enough FUD spread about the tv licence by TV Licensing - here is the authoritative answer:
You only need a TV Licence to get programmes whilst they are being broadcast.
Also, check out this site: http://www.bbctvlicence.com/
Cans of beans with sausages
If a can of beans with sausages in it came with a bit of paper saying that you could return the sausages if you didn't like them then of course I would expect to be able to return them.
Microsoft has offered a right in it's contract, and so it should follow through. There are enough clauses in a proprietary EULA designed to shaft us - why not take advantage when we can?