* Posts by -tim

343 posts • joined 10 Jul 2009

Page:

Smart meters are a ‘costly mistake’ that'll add BILLIONS to bills

-tim
Flame

More Smart meter fail?

The 1st smart meters were the ones where they started transmitting so the guy at the meter spent about 10 seconds less at each meter and then someone spent a far longer time with batteries every few years.

The next take was the custom frequency/sms/whatever meters hacked into normal digital meters which is fine for areas with new rollout where there is decent network coverage but not so good in other places.

The local guys decided to roll out an IPv6 Wimax network for their meters which mostly weren't upgraded. Of course people figured out you could torrent over that network with a card removed from someone else's meter. With billions of IP address IPv6 didn't need security because the address space can't be scanned except that we know all 8 bytes of the /64 network number and 5 out of the low 8 bytes which means hacker search space is just a couple dozen million packets.

Then there is the radio in my brain crazy issues to deal with.

I figured a smart system would put the meters up on the poles were they can talk to each other without much in the way, hard to tamper with, fully under the utility control, cheaper because one meter could do many houses. It would reduce risk to burning down houses when the old meter boards had undetected flaws and there would be some redundancy when the new meter was reading far more power use than the old one because someone put in the wrong current transformers.

/two firey icons and no zappy ones?

2
0

Australian online voting system may have FREAK bug

-tim
Facepalm

Re: Ah, political speak...

It means your brown envelope campaign contributions are best delivered to hackers rather than the politicians.

6
0

GoDaddy float values puppy-bothering hosting company at £1.9bn

-tim
Devil

Deep pockets?

Public compaines tend to fold much faster than private ones when the lawsuits come in and they know the were wrong. How long before the 1st class action suit about "they stole our domains" happens?

0
0

A gold MacBook with just ONE USB port? Apple, you're DRUNK

-tim

No sockets or screws can be fine

I would be happy with no sockets assuming the thing is water proof enough to put in a dishwasher or the bottom of a swimming pool. Some how I don't think Apple will be doing that.

0
0

Juniper fights back against white-box world with high-performance silicon

-tim
Meh

A swing and a miss?

They failed to fix the largest weakness in the SRX line which was more low cost gige ports. You can have an EOLed SSG-140 with 26 gige ports and 8 10/100 ports all on their own zones. I like all my servers on their own zone since the ancient 3 zone Trust/DMZ/UnTrust model goes out the window when you can put 34 different zones in one small 1RU unit. If the 8 port cards weren't so expensive, I would be temped to use them for switches, particularly for the employees that loves to click on everything they find on the web and in their inboxes.

1
0

Telstra to let customers access their own metadata for AU$25

-tim
Devil

What call records?

Telstra doesn't store call records, they store billing records and now that some bright bean counter has finally figured out that it cost far more to process a billing record than it does to process a call, they are trying to change their traditional business plan of charging every call. That had the potential for making the ability to track calls go away so when they informed the police agencies that their metadata pool was about to be closed, the politicians stepped in and went down the legislation path.

0
0

Linux clockpocalypse in 2038 is looming and there's no 'serious plan'

-tim
Alert

Broken time?

I had a solaris server wake up in the mid 1800s and its loader wouldn't load shared libraries until the clock was set to something post disco time.

I haven't been able to replicate the problem since its very hard to tell a Unix system to set the hardware clock to that century and reboot.

0
1

Australian ISPs agree to three-strikes-plus-court-order anti-piracy plan

-tim
Facepalm

Who agreed?

Who are these jokers?

From their web site:

The Board consists of:

Not less than three (3) and not more than five (5) positions reserved for the High Revenue members as determined by the annual revenue of that Member during the most recent full financial year of the Company;

Their main guy seems to be a baby in the field except for the experience at People Telecom which was a $90m a year telco reseller.

Why is iiNet dealing with them? They used to keep better company.

0
0

David Cameron: I'm off to the US to get my bro Barack to ban crypto – report

-tim
Facepalm

Even the spooks don't want things that easy.

I propose we rename ROT13 the David Cameron Cypher.

0
0

FBI fingering Norks for Sony hack: The TRUTH – by the NSA's spyboss

-tim
Black Helicopters

So much for solid evidence

IP addresses? Aren't the NK IP ranges some of the most abused via BGP peering? A few tend to flop between SK and China. The last time I pinged one, they seemed to be about 10 ms from a server in Los Angeles.

If the spooks want people to believe them, may they should provide Dear Eater's porn or search history.

4
0

Broadband isn't broadband unless it's 25Mbps, mulls FCC boss

-tim

How about investment incentives too?

Take it one more step. Change the tax incentives so that the best incentives are only allowed for services that can carry 10g/10g today (going to 100g/100g in 4 years) even if it is too expensive every home user. With other steps at the points where the other newer forms of technology allow rollouts today. They should also take some ideas from the EPA Miles Per Gallon about how to measure speed of broadband.

0
0

Verizon wants to sell 'antiquated' copper assets, stick to wireless for voice

-tim

Not an aggressive rollout.

They used to have 63 million land lines. 200,000 a year isn't much even if they are up to 13 million already converted. At that rate, I can see why they would prefer to simply abandon the fixed line stuff.

0
0

TCL confirms plans to 'bring back' Palm – provided you tell it how

-tim
Pint

The palm was great for its day

One of its best feature was that it would work for months on a set of batteries. I even had a modem for mine and it would browse the web.

What I would love to see in a Palm or any other smart phone is a low power mode so it can run a long time where it can do basics like clock, calendar, todo list and wait for the phone to ring. Then if I need to run a smart phone app, it fires up a modern processor that does the fancy modern stuff and then when its done with that, reverts back to the slow but useful lower power mode. The same could be done by putting the "smart phone" in a virtual machine.

6
0

Brit iPad sellers feel the pain of VAT-free imports

-tim
Pint

A problem all over the world

Australia doesn't charge 10% GST on imported packages less than $1,000 because it cost more to do so than it collects but the local retailers are screaming about that. They scream so loud that number of people are boycotting them because of their spite so their sales just keep going down.

Many states in the US now ask how many dollars worth of things were bought online and then ask for sales tax on that but US sales tax only covers goods and not services and gets very tricky with things like software license.

Of course the worst tax of all is the tax on beer

1
0

Google unveils Windows 8.1 zero-day vuln – complete with exploit code

-tim
Thumb Down

More like a 90-day vuln

Is 90 days reasonable when part of that 90 includes many holidays? If code is deep enough, fixing bugs can often have nasty side effects resulting in dead-locking the kernel or worse. If the code was serverly broken, it might require a rewrite of major systems and the access control elements are spread far an wide in modern kernels.

I wish people would stop describing this type of thing as a zero day but I expect that ship has sailed. Microsoft has already had 90+ days to fix it. A zero day is a bug that is actively exploited before the coders know about it.

1
2

ISC.org website hacked: Scan your PC for malware if you stopped by

-tim
Facepalm

Staging servers?

What happened to the practice of doing your content on a staging server and then promoting it to a locked down web server that doesn't have any ability to do much of anything?

2
0

Australia's future tech news headlines ... for 2016!

-tim
Facepalm

Microsoft is still cashing in on the XP

I can see a story like this:

At $200 per machine for XP support, Microsoft is continuing to offer support for the next 5 years. Less popular products such as Win 3.1 and DOS 5 are also being supported for about double the price.

0
0

Ghosts of Christmas Past: The long-ago geek gifts that made us what we are

-tim
Happy

Happy Christmas memories

One of the best presents I ever received was a used 1950s Erector Set (like Mechano) when my father found his old sets in my Grandmother's attic. It had an A/C motor that plugged into the wall and was something like a 60W motor and enough torque to strip gears. It had so many more parts than the recent kit in a small plastic box. The old ones came in a huge steel cases.

In 1975 I ended up with a Tyco HO train set that let me extend the old loop I had had for years. That lead me to wondering how make proper signals lights on track segments and lead me in to the wonderful world of logic gates.

In the early 1980s I ended up with a Radio Shack CoCo and year later an Epson RX-80 printer. By the time the CoCo went into the dumpster, it was like Marvin the paranoid android, the only thing left was the diodes on the left side. The RX-80 still works.

3
0

UK flights CRIPPLED by system outage that shut ALL London airspace

-tim
Mushroom

Its progress! right?

I wonder how many ATC systems were written by people who learned Object-oriented programmingfrom Booch books where the common example was an ATC system that only a programmer would ever consider. ATC systems should never have to consider where the plane is and focus on where the plane might be. Otherwise things get odd when there are failures.

0
0

El Reg Redesign - leave your comment here.

-tim
FAIL

It is April fools day?

If you have to modify the java script to support browsers you are doing it wrong. If it doesn't work in IE 2.x, your designer should be sent off to work for the BOFH so we never need to see their bad work ever again.

1
0

Sony Pictures email hack: The bitter 'piracy war' between Google and Hollywood laid bare

-tim

Re: Are MPAA worse scum than RIAA?

The RIAA used to do good things. They used to help set and promote technical standards for recording and broadcast. Of course that was half a century ago.

7
0

QEMU, FFMPEG guru unleashes JPEG-slaying graphics compressor

-tim

Re: It's probably not what the web needs urgently...

When I had access to a full 24 bit frame buffer in the mid 1980s, I decided to see just how many of the 16 million colours were useful. It turns out that there are less then 200 oranges and even less if you ask "is this brown or orange?" About 8 million of the colours are greys or browns and only about 4 million of the colours result in people being able to name the colour such as "that is a blue".

Later I found out that if you use Gray Code for pictures, they existing gif and jpg libraries would make the images much smaller will less loss.

The oddest thing I found was when we scanned a poster of The Starry Night, our edge detection software found a different picture so either we detected the picture that went through the printting press before so someone should x-ray van Gogh's work.

4
1

Australia to block piracy sites if Big Content asks nicely in court

-tim

Re: "Fly on the wall"

8.8.8.8 goes to a server in Sydney for most Aussies.

1
0

Wanna buy a dot-word? If you want a .pizza the action, now's a chance

-tim
Megaphone

spam from .email?

So far every message from .email has been spam. I've added it to my root domain so it now gets auto rejected.

Other than a few .info sites, I don't think I've seen a legit web site with an alternate domain name.

I've been telling people that visiting the odd dot words are premium sites so they end up being like calling a 900 number and their ISP may charge them for it. The reality is they are more likely to pick up malware.

5
0

The Pirate Bay SUNK: It vanishes after Swedish data center raid

-tim
Black Helicopters

Pastebay??

Isn't Pastebay the new preferred anon pastebin?

I'm thinking this has more to do with the Sony leak than pirate operations.

But was the Sony leak was a result of them ramping up their anti-piracy activity.

We need a gate/horse icon.

2
0

Gigabit-over-copper VDSL successor G.fast signed off at last

-tim
Coat

Many small buildings are also way above the 100m* Ethernet distance when you consider the telco bits tend to be on a far corner and the risers are often in the middle of the building.

* 100 + patch on each end + other stuff.

/Mines the working 219 meter ethernet cable in the pocket

1
0

Drone in NEAR-MISS with passenger jet at Heathrow airport

-tim
Black Helicopters

Were are the Chicken guns?

I figure another major issue is that if one of these things hits a plane, there might be enough stray styrofoam to clog up a pitot tube. Modern jets use a complex system to detect which of the pitot tubes are iced up to select which other ones are more trusted. I wonder if that software will properly compensate for blockages of non-icy materials.

/black helicopters don't care about drones

0
0

Magnifico! Galileo satellite nudged back into correct orbit

-tim
Boffin

Re: Failure or test scenario?

Being able to test an unstable orbit is a very good thing. So far many of the NavStar sats have ended up in less than perfect orbits and they have to be shut down if they don't go over the right earth based tracking systems. The Galileo system doesn't have that limitation so constant re calibration can be done and their prediction models can be updated to compensate for it which would give it a slight advantage over existing NavStar sats. The only way these sats would save fuel in upcoming launches is if they didn't but a decent multi-scheme GPS receiver on board. These stats aren't being positioned within the specs of a space based system (i.e. put them within a meter of so of their orbit), they are being put in an orbit that can be described by a 3d mathematical model using something like a 12th order polar coordinate polynomial. The orbits are already perturbed by the moon, Mars, Jupiter, Saturn and a few other factors that were detected by Gravity Probe B. Newtonian orbit wonkyness is trivial compared to the rest.

0
0
-tim
FAIL

Failure or test scenario?

Why not just turn it on and see if the system works with sats that are in such wonky orbits? As long as the parameters for the orbit data can be sent in the constraints of the message format, the orbit won't matter much and they might learn something useful. I wonder why they were in a hurry to move the orbits since it takes far more fuel to move it quickly and it won't matter until more of the constellation is working.

1
6

Gangnam Style BREAKS YouTube

-tim
WTF?

Numeric limits in my databases? Never

Years ago one of the Berkshire Hathaway sub stocks hit 32,767 1/2 and wouldn't go any higher. I mentioned that to a friend who worked at a stock market data company and went into a database, fiddled with a flag and a few minutes the stock price went up.

0
0

Australia to social media: self-censor or face AU$17,000 FINES

-tim
Trollface

I'm glad no one has told the trolls

So what happens when someone creates "bullyanaussie.com/b/" registered in Nigeria? Where will the fine be sent? I've noticed that more people in Australia using the Russian VK site since they don't trust facebook and it is even worse at targetting ads to the locals.

0
0

Microsoft hikes support charges by NINETY TWO PER CENT

-tim

Antique support is getting expensive

I wonder if the rate increase is a result in all the new calls they are getting about XP since that is the only way to get patches or XP support.

1
0

Juniper whips out knife, slices off security products

-tim

Re: Products? What products?

Then maybe you can explain a better model.

0
0
-tim
FAIL

Products? What products?

We were called and told that our SSG-140s would no longer be supported so we looked into the SRX but the one we bought to evaluate won't even detect that it has lost the DSL link and reconnect without manual intervention.

We loaded up the SSG-140s with 8 port cards so we can run 34 zones on them so every server is in its own zone and we can throw out the obsolete "Untrust/Trust/DMZ" concept that is still listed as best practice by every firewall vendors.

Too bad every other vendor wants to charge a fortune per port. These things should look like switches.

0
0

systemd row ends with Debian getting forked

-tim
Boffin

Redoing the past the hard way?

The names and run level fields in the system V inittab are there for a reason. The idea was to allow dependency issues to be resolved. The S## were supposed to be sorted numerically and then each with the same number are supposed to be run in parallel but somehow that code was reduced since rc1 etc were shell scripts.

Some of these concepts were around on the SysV development platform, the AT&T 3B5 or its phone switch cousin in the early 1980s.

1
0

SCREW YOU, net neutrality hippies – AT&T halts gigabit fiber

-tim
Meh

If AT&T doesn't have any competition, why try?

The rumor mill out of Kanas City say there are problems. They had been running 4 different types of fiber to the home as experiments. The decision was made to roll out all the new stuff as some version of PON and that isn't working to specs. A friend pointed a 10 gig switch to the bit of glass and saw some properly formed packets so I'm guessing at least some of the stuff is running 10G to the CPE/ONT or whatever the "modem" is called.

1
0

Big Retail's Apple Pay killer CurrentC HACKED, tester info nicked

-tim
Thumb Down

QRCodes are magic to most people. Sort of like a magstripe was 3 decades ago. One cool thing about QRcodes is they can be read a huge distances with the right old school optics yet tap and go is evil because it can be read at a few meters at best.

2
0

Australia plans 'penalties' for social networks that don't think of the children

-tim
Unhappy

Can't win. Can't explain the real world.

My sister tried to take on one of the #chan "social media" sites because someone had found her photos of her kids dance recital and had packaged them up in a format more suitable for an adolescent boy's use. My sister was intending to log in and tell the guys that they violated her copyright on the photos and should stop making degrading comments about the girls. Lucky for her, she didn't know she could post anonymously and her attempts at getting a user id failed since they are only available by invite only. She contacted me looking on ways to get an invite when I explained that if she made those comments on that site, her daughters face may be a nude and then plastered on thousands of other sites around the world and will eventually end up in printed form at her school where if she just ignored it, some kids would have the archive with terabytes of others and it will silently disappear. She still wants more laws to shut down messages on boards.

0
0

Australia puts itself back into Beta

-tim
Alert

Any data leaks here yet?

Most of the time when I see a red bar on the top of a web site, it means some lazy developer has added javascript to send my data off to a server far away to harass me about updating my browser. An example of this is the Public Transport Victoria web site which currently sends all your travel plans to a nice web site in Germany which can pop up a red bar asking you to update newer browser.

0
0

Bad boy builds beastly Bash bug botnet, boxen battered

-tim
Devil

Re: Even perl has some resemblance of CGI security

Bash cgis tend to fall into the category of informational only. They don't take any inputs at all and just provide info. Those are now open to abuse since a simple wget with the right parameters can cause them to do all sorts of hackery things.

Oddly enough other shells that can share functions with subshells have similar problems. Some even allow overwriting things like cp, ls or cat and you can guess that most "write only" cgis written in a shell will use at least one of them.

2
0

Bloat-free, unlocked Moto X to be dubbed 'Pure Edition', says report

-tim

Re: I don't know why they even bother with crapware

Why would they test the applications they preload other than to make sure they don't crash at once? Being able to put the facebook logo on the box will bring in at least one extra sale but who cares if it works.

2
0

SHINY NEW GADGETS! No, we're not joking, here's a load of them

-tim

New?

The self stirring pot has been in chemistry labs for decades. A biochemist friend with a knack for electronics had on in his kitchen with an IR detector above that would control the pot so make sure its contents stayed at the proper temperature and stirred. He also hooked up a gas detector in his new born twins room and somehow managed to avoid changing dippers until his wife asked about the odd device.

I was looking at putting in an induction stove in a place that I intend to rent and I'm trying to make it mostly handicap friendly but I can't find an induction stove that can be easily used by someone who is blind.

0
0

5.5in iPhone 6, iWatch hypegasm: What will Apple reveal - BE the rumour

-tim
Windows

Re: The OS is dead! Long live the new OS.

The upgrade tax on a 5 year old machine is that I can FrankenMac most of the hardware to 10.9 but since it didn't ship with a 64 bit bios, Apple has declared the machines land fill. Obsolete power macs are faster than many of the machines we bought in the last month but it is landfill. I would take the $100 Microsoft upgrade tax over the Apple "buy a while new machine" tax anyday.

The imacs are worse. We have very good monitors that will go to the tip because Apple can't do what the hacker community can?

4
1
-tim
Gimp

The OS is dead! Long live the new OS.

I hope OS X Yosemite isn't out of beta since that means even more completely functional Macs are now relegated to the "your browser / flash is no longer supported" because idiot coders can't figure out how to build a fat binary using two different versions of Xcode. Seeing that OS X 10.10 has nearly no new features used by 99% of the coders out there, I wonder why the otherwise leading edge machines from just a few years ago are all of a sudden more crippled than an XP box. The obsolete 10.5 and 10.7 machines are happy doing the same work they have been doing for more than 7 years without the upgrade tax. Work has already decided that they won't be replacing them with Apple products with comments about once bitten, twice shy.

5
5

Google recommends pronounceable passwords

-tim
Black Helicopters

Are you sure it isn't in my dictionary?

His example of "This little piggy went to market" shows the problem. That is in my password dictionary. When the "make up a password from the 1st letter of words from a song" started to be popular, I ran a small poll asking people to write a line from 3 Beatles songs and 3 songs by a popular country artists. Several hundred people responded and there were less than 100 unique lines and 10 lines were common to something like 80 or 90% of the respondents. The result of separating the lists based on their likely musical taste resulted in some scary guesses on which lines they would pick. When the same thing was run latter without requesting the specific musicians, the results were tainted by the previous request.

/Black Helicopter since the some of the guinea pigs were supposed to keep them secure

1
0

Oz metadata proposal: no to IP addresses, yes to MAC address logging

-tim
Black Helicopters

Unique MACs?

I know someone involved with the free cheap laptops for students. They bought a bunch and oddly enough only one could hook to the LAN or wifi at a time. Not so good in a school. I was brought in to get a program to give them all unique addresses but since the hardware wouldn't let and address stick, the software picks a number, checks to see if its on the net and then uses it. The result is unique MAC addresses at nearly every connection. Sort of hard for the black helicopters to track down.

0
0

Boffins find hundreds of thousands of woefully insecure IoT devices

-tim

Internet of Things?

Maybe something more along the lines of Internet Devices ____ of Things would be more appropriate?

0
0

Detroit losing MILLIONS because it buys CHEAP BATTERIES – report

-tim
FAIL

Re: Only a complete idiot...

There is a chance that current Detroit meters were designed before AA batteries became very popular late in the Walkman era. Before that, 9V batteries were the most sold smaller cells and internal switching power supplies to up the voltage to the needed 5V were very inefficient.

1
3
-tim

Where they are made matters more than brand

I've found that the Chinese made Energizer batteries don't last as long as the USA made ones so I've stopped buying them and Duracells. Both those brands have idiots in marketing that decided a pack of 10 AA was a good idea rather than 12.

0
0

The internet just BROKE under its own weight – we explain how

-tim

Re: IPv6 like OSI is far more complex than necessary

The original point of the /bits notation was to steal bits from the source and destination port addresses when this problem 1st showed up in IPv4 space in 1991. So an address like 1.2.3.4/34 would use two bits from the source and destination port so from a core routing point of view, a web server might be on 1.2.3.4:80 and 1.2.3.4:32848 (0x8050=32k+80). The only software that needed changed would be the network addressing libraries (aka libresolve) and some edge routers (aka NAT). We had this working on an AGS+ in 1991 without any major changes to applications other than a bind library and a wrapper about a winsock function. The idea was to treat all routes as /24 starting then with long term migration to /32 so everyone could dual home with their own IP addresses. AT&T even built a router that could cope with 16 million routes in 1992.

1
0

Page:

Forums