* Posts by Duncan Macdonald

269 posts • joined 20 Mar 2009

Page:

Don't touch that PDF or webpage until your Windows PC is patched

Duncan Macdonald

Flash Player

The correct update is complete removal.

34
1

Scary RAM-gobbling bug in SQL Server 2014 exposed by Visual Studio online outage

Duncan Macdonald

Simple temporay fix

Just limit the maximum size returned by the predictor to be 100MB (or a per database defined limit) - this will slow down some true large queries but will stop the system from crashing. For a more permanent fix add an option HUGE_QUERY that overrides the limit for the few queries that require a massive amount of RAM.

These fixes would only require a tiny amount of additional code and no changes to the body of the predictor which would reduce the chance of new bugs being introduced as a result of the fix.

0
0

LIGO boffins set to reveal grav-wave corker

Duncan Macdonald

How many events ?

If there has been a number of non-gravitational wave events that triggered one detector but not the other, how certain are they that the event that triggered both detectors was not the random coincidence of two non-gravitational wave events ?

Before claiming proof of gravitational waves either multiple events need to be detected or considerably more than 2 detectors used - 1 event on 2 detectors is suggestive but not proof.

0
0

That's cute, Germany – China shows the world how fusion is done

Duncan Macdonald

The fusion rate in the sun is VERY SLOW - in the core the energy production is well under 1kW per cubic metre. To get the fusion rate up to something the is useful for a human power plant, two things are needed

(1) Deuterium instead of ordinary hydrogen and (2) much higher temperatures than in the core of the sun.

(Low temperature fusion is possible but all efforts to date consume far more energy than they produce - see the fusor and muon catalysed fusion for examples.)

7
0
Duncan Macdonald

Re: I Wonder....

Insufficient materiel - the amount of hot deuterium in any of the proposed designs is too small to have any very large scale impact even if it suddenly all fused at once. (Even a production sized multi GW reactor would only have a few ounces at most of hot plasma as you get 93.6 GWh of energy from the fusion of 1kg of deuterium.)

If you want something that could produce an earth shattering KABOOM - an antimatter reactor (if mankind learns how to convert matter to antimatter) might be a better candidate.

8
1

Asigra becomes an Oracle reseller

Duncan Macdonald
Thumb Down

Oracle - Run Away

Even if (unusually) an Oracle product seems good value initially, the forced (and ever increasing) maintenance charges soon make it a very bad bargain.

0
0

For sale: One 236-bed nuclear bunker

Duncan Macdonald

Not very well protected

The structure is only covered by 1 metre of earth so it is only usable if there is no nearby attack.

(If you want a REAL nuclear bomb shelter - look at Dinorwig power station - given its location in the heart of a mountain it could probably withstand a direct hit by a megaton nuke.)

4
0

Little warning: Deleting the wrong files may brick your Linux PC

Duncan Macdonald
Black Helicopters

Re: Not on the HDD - NSA

But that would make it difficult for the NSA to insert its nonremovable spyware over the net!!

As with the Intel Management Engine, I am fairly certain that the UEFI also had input from the NSA.

4
0

VirusTotal bashes bad BIOSes with forensic firmware fossicker

Duncan Macdonald

Intel Management Engine ?

Can it analyse the firmware for the Intel Management Engine in modern Intel chips?

Any nasties placed there (possibly signed by Intel at the request of NSA) are almost immune to detection on a running system.

15
0

Stop the music! Booby-trapped song carjacked vehicles – security prof

Duncan Macdonald

Diagnostics and audio

The OBD port has to get diagnostic info from the engine and braking system but also gets information from other parts (air con, air bags, instrument panel, power steering, sat nav, lights, audio etc) (see the picture in the article).

The audio system in many cars gets information about the speed to adjust the volume - this implies a link between the control systems and the entertainment system. In some cars the sat nay display is turned into a rear parking assist when in reverse gear - this also implies a link.

A decent firewall that only allowed predefined messages to pass to the control systems would be fairly cheap to implement on a per vehicle basis - but by the time that you are building 9.8 million vehicles in a year (GM) even $5 each is a lot of money.

1
0

Why does herbal cough syrup work so well? It may be full of morphine

Duncan Macdonald
Pint

Kaolin and Morphine anyone ?

Still available as a treatment for upset stomach

see http://www.chemistdirect.co.uk/kaolin-morphine-mixture/prd-o2d

(no prescription needed)

Low levels of morphine are present in a number of treatments and a few milligrams is highly unlikely to have any adverse effects.

5
0

Inside Intel's CPU-level multi-factor auth (and why we've got deja vu)

Duncan Macdonald
Black Helicopters

Re: Deep joy!

Back door? I am certain that the NSA is one of the prime drivers behind the Intel Management Engine and that they have the required passwords for remote access to any networked system with the Intel ME in it.

Short of using a good EXTERNAL firewall, any modern PC is completely vulnerable to the NSA irrespective of any security in the operating system. (And the firewall had better not be one that uses an Intel CPU or one that the NSA has a back door to.)

9
1

KeysForge will give you printable key blueprints using a photo of a lock

Duncan Macdonald

Re: Key blank != Key (MD5)

Even now MD5 is sufficient for its original purpose - detecting accidental corruption. What MD5 is not sufficient for is avoiding deliberate corruption by skilled attackers (which was not the main reason for the creation of MD5).

3
0

Test burn on recycled SpaceX rocket shows almost all systems are go

Duncan Macdonald

Launch Window

How much bigger would the launch window be if the first stage did not have to carry the landing gear or reserve fuel for for the landing ? (Without the penalty weight, there would be more delta-v available to correct for a mistimed launch.)

0
0

Huffing and puffing Intel needs new diet of chips if it's to stay in shape

Duncan Macdonald

Re: Different economics

Intel cannot get the profit margin it expects (of over 50%) in any area where it has real competition. Fabbing chips for other companies will be unlikely to produce returns over 10%. IOT chips are unlikely to give returns of over 20% due to the competition from ARM based chips.

Current Intel desktop chips have hardly increased in performance over the last few years (the 6700k is about equal to the 4790k and only a few percent faster than the 4770k which was released 2 years earlier) and as a result there is very little incentive for users to upgrade systems. (ARM based chips however are increasing performance at a much higher rate.)

4
0

Boffins switch on pinchfist incandescent bulb

Duncan Macdonald

IR reflector on inside of bulb ?

As the structure of a filament is complex (coiled coils), it might be better to put the IR reflector on the inside of the glass bulb where it would be easier to get a uniform coating.

1
0

Boozing is unsafe at ‘any level’, thunders chief UK.gov quack

Duncan Macdonald

Palace of Westminster ?

If the government believes this - is it going to ban alcohol from the Palace of Westminster ?

1
0

VW floats catalytic converter as fix for fibbing diesels

Duncan Macdonald

Re: Ludicrous lawsuit. No tangible injury.

Other manufacturers were able to produce conforming vehicles - VW could have but instead decided to break the law to improve their profits. (From the tone of your comment, I think that either you are a VW employee or a VW shareholder.)

Anyone who believes theconsternation.net is in serious need of a brain transplant. (Leaving the US would not shield the parent company from the lawsuits as it is apparent that the illegal test "fix" was implemented by the VW group - not the US subsidary. )

As far as injury goes - lookup the adverse effects of nitrogen oxides and particulate smog on the human lung.

24
4

UK energy minister rejects 'waste of money' smart meters claim

Duncan Macdonald

Backhanders

The main reason for "smart meters" is almost certain to be backhanders to some senior politicians. (If MPs tax records were public, most of them would be headed for either the Old Bailey or a lynching.)

Unfortunately for this country, the Conservative Party has an effective dictatorship for the next several years - between the loss of Labour seats in Scotland to the SNP and the joke of the current Labour leader, the chance of the Conservatives losing power in the next ten years is near zero. Ar the Conservative MPs know this, they are not now even bothering to pay lip service to what the public wants.

9
4

Upset Microsoft stashes hard drive encryption keys in OneDrive cloud?

Duncan Macdonald
Thumb Down

Making data recovery difficult

If Windows 10 automatically encrypts the internal storage then data recovery tools such as PhotoRec are likely to be useless. Windows 10 SHOULD ask if encryption is wanted and show the pro's and con's before enabling encryption. (Encryption will also slow down lower performance systems and ones with SandForce based SSDs.)

Also if someone manages to hack into your Microsoft account and change the password then you could be locked out of your files.

Not a good idea.

18
3

Adobe: We locked our customers in the cloud and out poured money

Duncan Macdonald

Re: Where are the GIMP fan boys?

GIMP is usable for simple edits but it needs a number of upgrades before it is even the equivalent of PaintShopPro. (The biggest need is for a good user manual - the existing help files are nothing like enough.)

3
0

Is ATM security threatened by Windows XP support cutoff? Well, yes, but …

Duncan Macdonald

Re: Why is this a problem?

One rogue staff member with access to one ATM - then let the internal "secure" network carry the malware to every other ATM - can you say "PAYDAY".

For ATMs (and other sensitive systems), the program loader should be modified so that only digitally signed executables (including DLLs) can be loaded - this would reduce the possibility of malware execution.

3
0

VTech's Android tablet for kids 'hopelessly insecure'

Duncan Macdonald

Why bother with security

This is a tablet designed for under 7 year old kids - what confidential information is likely to be on such a tablet ? (If it was a higher end tablet designed for adults this might be a problem but not for this device.)

3
10

LHC records biggest bang ever with 1 Peta-electron-volt jolt

Duncan Macdonald
Mushroom

Cosmic Rays

Ultra high energy cosmic rays can exceed this energy level. The "Oh-My-God particle" had an energy of approximately 3x10^20 electron volts. However the energy released in a single collision of such a particle with a stationary proton or neutron is much lower at about 7.5x10^14 electron volts. An (exceedingly unlikely) head on collision of 2 such such particles would release more energy than could be produced in any man made accelerator (even one as big as the planet!!).

(For more information on the Oh-My-God particle see https://en.wikipedia.org/wiki/Oh-My-God_particle)

2
0

Meet ARM1, grandfather of today's mobe, tablet CPUs – watch it crunch code live in a browser

Duncan Macdonald

Re: Variable record format

However - as VMS had the record management - almost any program could read almost any file - the record attributes were stored in the file header and an open() call without optional parameters used the attributes in the file header to read the file correctly. (None of the mess that is in Windows where some text files open correctly in Notepad - others need Wordpad.) From (very old) memory - ordinary variable length record text files needed no optional parameters - fixed length record files needed 2 parameters (type = fixed length and the length of each record) - it could however get messy if you were creating indexed files (but a sequential read of an indexed file could be performed by almost any program).

The really bad case was reading a foreign (not created by VMS) binary file where everything had to be specified as the OS did not have valid data in the file header.

6
2

Drop the obsession with Big Data, zero days and just... help the business

Duncan Macdonald

Re: how's that?

Putting the fanciest, most expensive locks on the front door will not help if the back door is wide open.

Too many security professionals are paying too much attention to the complex threats while ignoring the simple ones (Users opening dodgy web sites and emails - out of date software with known security problems - internet facing systems with hard coded passwords (and/or passwords that have not been changed for years) - admin level passwords known to too many people - managers demanding admin level access etc.)

This article is a reminder to the security professionals - making sure that the foundations are OK is as least as important as making sure that the superstructure looks good.

7
0

Drones are dropping drugs into prisons and the US govt just doesn't know what to do

Duncan Macdonald

Dungeon ?

If all the cells (and other prisoner accessible areas) are underground then drones are no longer a problem.

(Some civil liberty types might object however!!!)

3
1

TPP: 'Scary' US-Pacific trade deal published – you're going to freak out when you read it

Duncan Macdonald
Mushroom

Even Fox News is better than this drivel

It is about time that Kieren McCarthy went back to one of the very right wing US "think tanks" (or kindergarten!!)

Given that this is a 2000 page document - the only analysis that could have been done at this point is one done by the drafters who - to put it mildly - have a vested interest. This Reg article is obviously a rework of a bit of PR spin from the drafters. I would not expect to see a serious analysis in less than a week.

As has been pointed out by another commentator, this treaty would make it illegal for a country to demand (for example) access to Microsoft source code (for the purpose of finding NSA backdoors) before allowing it to be sold. It would also make many medicines much more expensive than they should be once they come out of patent protection.

14
0

US Senate approves CISA cyber-spy-law, axes privacy safeguards

Duncan Macdonald
Mushroom

Goodbye Cloud

When this bill is signed into law, it will be impossible for any company (or government) in the EU to legally allow ANY processing of personal data to be done in the US or on a computer system owned by a US company. (If "Safe Harbor" was still in effect then this would be enough to kill it !!!)

23
0

Cybercrime bazaars: What's for sale in the online underworld?

Duncan Macdonald

Re: Buying bank accounts

Raiding the bank accounts might get the plod after them - selling the details to others transfers the risk to them (the chance of the seller of the info being caught and prosecuted approaches zero).

Also it is a wholesale vs retail setup - the person (or group) that obtains and sells the data is probably selling the data for thousands of accounts - each buyer of part of the data is probably only going to raid tens or hundreds of accounts (even if the chance of being caught was as low as 0.1% on any individual raid then by the time that 1000 accounts have been raided, the chance of being caught exceeds 60%).

1
0

Apple may face $900m bill after A7 CPU in iPhones, iPads ripped off university's patent

Duncan Macdonald
Mushroom

Apple thieves - what a surprise

How many times have they ripped others work off and tried to pass it as their own ?

43
9

Roku 4 specs leak: Yes, it's got 4K streaming and a games controller

Duncan Macdonald

Seems underpowered

The processor spec (quad core ARM and 1.5GB RAM) is what would be expected from a cheap no name smartphone or tablet.

2
3

Official: North America COMPLETELY OUT of new IPv4 addresses

Duncan Macdonald

Re: Despite this, IPv6 adoption probably won't increase.

Unfortunately the people who ended up designing IPv6 came from the same stupid group who produced OSI. If it had just been designed by engineers then the simple design of adding two extra bytes would have been up and running long ago. (The original reason for the name of IPv6 was that the initial design (done by engineers) did just add two extra addressing bytes - then the design was screwed up by committees of idiots.)

10
4

Vanished global warming may not return – UK Met Office

Duncan Macdonald

Re: Spin your first sentence, as usual

If you are careful to select your measuring points then you can "prove" anything. The satellite observations give average temperatures for large regions. The ground based sensors are affected by local conditions (such as the sensor being in open countryside in the 1930's and now surrounded by a built up area). Note that many of the climate scientists say that the temperatures measured by sea buoys should be regarded as unreliable - is this because they do not show much warming (as they are not near built up areas)?

If you want accurate results from ground based sensors then you need to choose only the sensors that were and still are in open countryside far from any large cities (and at least 50 yards from any large road). The raw data from each such sensor should be used - not "adjusted" as if the data is adjusted then all that is being computed is the adjustment not the environment.

17
5

Wileyfox Swift: Brit startup budget 'droid is the mutt's nuts

Duncan Macdonald

Too low a resolution

I like a full HD resolution - so I will be interested in seeing what the Storm is like - however my current THL W8S has still got a lot of life left in it so I am not in the market at the moment.

0
0

Back to school: Six of the smartest cheap 'n' cheerful laptops

Duncan Macdonald
Thumb Down

T430 from eBay

T430 with 1600x900 display, 8GB RAM, 240GB SSD, i5-3320M (2.6GHz), Win7 Pro, 1 year warranty is £299 from eBay (grade B - possibly slight cosmetic flaws - otherwise perfect - seller tier1-online).

With the SSD and 8GB of RAM this is a better performer and cheaper.

4
0

All aboard the Skylake: How Intel stopped worrying and learned to love overclocking

Duncan Macdonald

Bandwidth starved

The DMI 3.0 interface between the CPU and the Z170 chipset has a bandwidth about the same as a PCIe 3.0 x4 link (just under 4GB/sec). If the high speed ports from the chipset are heavily used then they will be starved for bandwidth. This CPU and chipset combination is not suitable for more than a 2 way SLI or Crossfire configuration.

3
1

ZTE Nubia Z9 Mini: The able Android smartie the company won't sell you

Duncan Macdonald

Menu button

Some apps still work better with a menu button as their alternative methods are clumsy.

1
0

Intel left a fascinating security flaw in its chips for 16 years – here's how to exploit it

Duncan Macdonald

DMA device ? BIOS ?

Many devices have DMA access to memory - does the MCH block access to the SMM RAM area from DMA devices (eg a graphics card or a disk drive)? If it does not then there is a much bigger hole.

As the SMM code is loaded from the BIOS - any technique that allows the BIOS to be reflashed also allows the SMM to be reprogrammed.

7
0

Radian ready to replace the flash translation layer

Duncan Macdonald

Reliability ?

With only a 3% overprovisioning, the life expectancy of this drive will be terrible. Once a few flash cells die (which they always do) the drive will end up underprovisioned. There is also a question (important for data centre use) about whether the drive can flush all out all outstanding writes (including metadata) in the event of a power failure.

0
0

Secretive trade pact the TTIP: Death of the web – or a brave new horizon?

Duncan Macdonald

Re: Fundamental - Politicians

Politicians are like diapers.

Both should be changed often and for the same reasons.

5
0

Google, Adobe barricade Flash against hacker hordes – we peek inside

Duncan Macdonald

Too complex

The biggest problem with Flash is its complexity - which makes bugs inevitable. A cut down version of Flash Player that could only play videos with no scripting ability would meet over 90% of user requirements and be far less likely to contain as many bugs.

7
0

PLUTO FLYBY: Here's your IT angle, all you stargazing pedants

Duncan Macdonald

Re: "...approximately 2,000 bits per second..."

A laser link would not be effective - there is too much background radiation at optical wavelengths and the maximum size for an optical telescope is far smaller than the maximum size for a radio telescope so less energy would be collected by the receiver on Earth. Unfortunately the only way at present to improve the data rate is to increase the power received on Earth which means more electrical power for the transmitter and/or a larger transmitting antenna and/or larger receiving antennas.

Unfortunately the power is constrained for a number of reasons (not least the desire to limit the radiation release if the launch vehicle explodes!!).

The transmitting antenna size is constrained by the dimensions of the launch vehicle.

If enough money was available then it would be possible to construct additional receiving antennas - replacing each individual receiving antenna with 4 identical antennas linked together would allow for a doubling of the transmission rate

3
0

Thinking of adding an SSD for SUPREME speed? Read this

Duncan Macdonald

Re: Don't bother

Agreed - a one tenth of a second difference in the time to load a game is not worth hundreds of pounds.

The only point where the price premium may be worthwhile is on a database server as local storage.

(For storage accessed over a network, 6Gbps SATA is more than fast enough as a pair of such drives can saturate a 10Gbps network link.)

1
0

PeopleSoft p0wnage possible with a day of GPU brute-forcing

Duncan Macdonald

Insecure Oracle software

In other news - the ocean is wet.

2
0

China's best phone yet: Huawei P8 5.2-inch money-saving Android smartie

Duncan Macdonald
Thumb Down

Overpriced

For comparison the THL 2015 4G phone is available for £160 (octa core 2GB/16GB + up to 32GB microSD) and the TECA N52W is at £166 (octa core 4GB/16GB +up to 64GB microSD).

(Both from commercial UK sellers on eBay).

1
2

GM's cheaper-than-Tesla 'leccy car tested at batt-powered data centre

Duncan Macdonald

What a horrible paint job

It looks designed to ensure that there are no customers

2
6

California über alles? Is MEP Reda flushing Euro copyright tradition down the pan?

Duncan Macdonald

Re: Limit the Term.

In any other field than IP - one job of work (Raising a crop, curing a sick child, piloting an aircraft etc) gets one payment - why should IP get payments for life (and beyond) ?

A 20 year term is plenty to reward the creators of a work.

12
4
Duncan Macdonald

Re: Limit the term

Copyright - unlike patents - does not stop an idea being reused. (If it did then there would be very little fiction - all those reused plots.)

Patents - which do inhibit the reuse of an idea - already have a limited term (usually no more than 20 years).

2
0
Duncan Macdonald

Limit the term

All copyrights should expire after 20 years from first sale or license. The current position where the copyright protection term gets extended anytime that Mickey Mouse is starting to run out of copyright is a gross abuse.

22
4

Page:

Forums