* Posts by -tim

448 posts • joined 10 Jul 2009

Page:

Touchy iPhone 6, 6S chips prone to breaking down and giving up

-tim

15 years ago the local Nokia branded repair shop had a soldering oven. With some times of failures, they would drop the circuit board in it for a while and then reload the firmware. It took them about a day and the phone was as good as new with new firmware and never had the issue again. I wonder how often that oven was used to fix water damage that now makes phones disposable.

0
0

Australia Post says use blockchain for voting. Expert: you're kidding

-tim

It has to be good, its trending up

The federal government downunder seems to have a thing for block chains which they don't properly understand. It is almost like they see it as the next "cloud" and want to be in front of the game. Their also might be a bit of "invented here" syndrome even if they want to throw the supposed inventor under the bus for tax evasion.

0
0

NIST spins atomic gyroscope to allow navigation without GPS

-tim

I knew a guy who had a laser gyro in his somewhat self driving Mazda Miata 2 decades ago. There were some made for remote control model helicopters which weren't cheap but did work long and well enough until the things ran out of fuel.

0
0

Systemd adds filesystem mount tool

-tim

The auto mount/ idle soft unmount solution issue is a good way to deal with removable media and has been for decades in other operating systems. I expect OS X 10.10 is doing the same thing. It appears that there is some sort of loop back file system pointing to the real device. The problems in Mac land is that $ cd /Volumes/UNTITLED; ls -l will often return ". not found" at random times. Oddly enough I've never seen things disappear from the gui systems.

3
0

NASA wants to sell International Space Station to private enterprise

-tim
Alert

Trying to avoid de-orbit costs?

The thing is going to be a mess to de-orbit. It is way too large, in a bad orbit and low enough to make planning very difficult.

When it does come down, I wonder if it will hit Skylab pieces.

1
0

US Air Force declares F-35 'combat-ready'

-tim
Black Helicopters

How long it it last in combat?

I've thought that Australia should loan one of their 3 to ISIS and see if it last more than a week. If it doesn't, ask for a refund and cancel the rest of the order.

0
0

F-35 targeting system laser will be 'almost impossible' to use in UK

-tim

Is using the laser against the law?

21 CFR 1040 is the chunk of legislation that covers laser use in the USA and it applies to the Department of Defense. Somehow I don't think they are using weak class IIIa laser for their targeting system. Optical devices might be bureaucratic speak for telescopes or binoculars.

0
0

The Australian Bureau of Statistics has made a hash of the census

-tim
Boffin

Re: Not reversible but derivable...

This is why we don't let Reg Hacks write crypto :-) That mentioned SHA-256 hash is subject to simple brute force attacks. There are only so many names and most can be found in databases that aren't very expensive. There are about 10,000,000 address in Australia and you can buy the same database as the census used. There are less than 45,000 birthdays for people under 122 years old. To to reverse the c2483d63179b71b37334f730385272c81b5d6bd3ae6edffb49234cfeb7f7d9a6 hash, and I had your name, I could try 450,000,000,000 other hash values to brute force the hash. My 18 mo old, $60 Antminer U3 does 63 billion hashes a second meaning the proper software would take nearly 7 seconds to reverse that hash. Without a name, it would require a dictionary of names and there are about 60,000 given names and about 150,000 unique surnames in the US. Slight optimization of the search space would still result large bitcoin operators being able to reverse most of the data in a short amount of time with equipment they have today.

3
0

Death of 747 now 'reasonably possible' says Boeing

-tim

Their design has a very long history

I had a conversation with a mechanic who mentioned they had a 747 engine repair job where someone screwed up a bit of metal near the engine and Boeing couldn't get a replacement assembly to them in a reasonable time so they sent the plans on how to make the replacement part. It was effectively a metal sandwich with some kevlar sheeting in between and parts of it were labeled "flack shield".

I've heard that some of the original B52 tooling recently showed up near Wichita. It would be very interesting if that would lead to remaking some major sections of the BUFFs.

0
0

How to make the move from ISDN to SIP

-tim

Re: Expense of gateways

How did you manage to run phones for a small office over a BRI?

It was BRI direct into the PBX. i.e. two phones could be used for each BRI channel.

0
0
-tim
Coat

Expense of gateways

One issue I've seen is that moving a small office from BRI (ISDN-2) to SIP is that the existing PBX power costs are going to go way up. We threw together a gateway out of an old cisco 3600 router and what used to be very expensive line cards. Its power use for the year would have exceeded the ISDN line cost. A new all VOIP phone system would also use a massive amount of power compared to some older phone systems. Our large office still hasn't used any of the cool VoIP features of its over priced phone system even though there are claims the old system just couldn't do it.

The power per phones is can grow quite a bit. At 2.5W max for the old 6 line analog phones with the big displays, they use 1/4 of the power of some of the fancy VoIP phones we looked at. Since these are on 24x7, their power costs should be considered since it may include new costs costs such as PoE switch, switch power, increased PBX power and increased phone power consumption, UPS and cooling for the switch/PBX.

I would like to get one of those patton gateways (mentioned above) but simple google foo doesn't even come up with vague lists and have the "call us to talk" mentality so they will fall off the potential supplier list fairly quickly.

Another issue is that SIP systems are often excluded by national telephone provider rules so the end customer is required to pay for all fraud even if the SIP provider doesn't even do simple protect against things like credentials from the wrong IP address or "Fake False Answer Supervision."

1
2

Startup AirTrunk plans big new data centres in Melbourne, Sydney, Asia

-tim

Need for space? yes Need for space at the rate they will charge? no

The whole $1000/ rack/month including IP is standard list price is decreasing as these become yet another commodity. Some people would move at half that rate but many would need a better offer. I figure this market will turn into $500/year for a rack, one time fee for the rack (or rent it but you can't bring your own), pay for power and A/C at 20% above their costs and then data via cross connects at $100/mo. I don't need the "mall look" that many of the modern data centers have. My computers don't care if they are in a boring box of a building.

0
0

Australian maps and GPS will align by 2020

-tim
Boffin

Re: Why does this matter for a map?

Different parts of Australia are moving at different rates. Tasmania is running away and the distance between Melbourne and Adelaide is changing. New Zealand is moving even faster. There was a region in the south part of the North Island that moved about 2 feet in the span of a few months (while not setting off any of the normal seismology detectors). As far as I know New Zealand is the only country in the world that has scientifically correct and properly written laws regarding expansion, contraction and shifts of land. Their laws are what most people would assume in that if your existing fence lines squeeze your land, you're out of luck.

2
0

Tupperware vehemently denies any link to storage containerisation

-tim
Coat

Perhaps more of a story?

The Reg has done a number of stories on how different companies used technology. I was very impressed when I toured their Orlando factory in the early 1970s but I was just a small boy. As they now have factories around the world, maybe one of the writers could drop buy for a tour...

Mines the one with the pop a lot in the pocket. Or should that have a TM in it too?

0
0

Apache needs HTTP/2 patch

-tim
Facepalm

So yet another bug due to ancient compatibility

HTTP/2.0 doesn't need backwards compatibility as it is "All New!"™ It is amazing how many cert issues are related to 3 decade old standards that suggested a poor best practice and then left a huge hole because some large player with the ITU or CCITT wouldn't fix their broken implementation. A similar reason is behind parsing bugs in SNMP, SSL, Unicode, fonts and I18N code. Perhaps the IETF should update their RFC 2119 inspired "must, should and may" to include something involving "transition" which would imply it has been a "may" in the past but new software must turn the option into a "must not".

0
1

Crims set up fake companies to hoard and sell IPv4 addresses

-tim

Re: Irony

I've given a few talks to local IT groups about IPv6. The way I deal with the /64 /56 /48 stuff is by using the same wrong info that is in every networking book since 1993. A IPv6 class C is a /64. You have 64 bits of a network address and 64 bits for your host and this is the smallest you allocate to your local LAN (so yes you can have 18 quintillion hosts on your local lan). Auto configuration will use the hosts mac address to fill up that 64 bits (with 16 bits of padding in the middle) or you can assign hosts statically so their address end in nice readable stuff like ::1. The /56 is like the old class B where you have a (smallish) network of networks and a /48 is like the old class A when a large network of smaller networks of smaller networks is need. It is also helpful to look at the :: in the address as a division between the network side of things and the host side of things even though it technically just means "put as many zeros as can fit here"

1
0

Even in remotest Africa, Windows 10 nagware ruins your day: Update burns satellite link cash

-tim
Go

Re: Bill them?

I have billed Microsoft and while I didn't get paid, my bandwidth bill just went away.

I was running a usenet server and some windows malware liked to try to connect and scan for email addresses so I was getting millions of hits per day. After hand delivering a bill to their local office, I had their tech support people call me to tell me how to install anti-virus on my server... after a bit of explaining and getting pushed around jr tech support agents, someone with a clue figured out what the deal was. Microsoft was a major partner with my hosting provider and some how the problem just disappeared. I ended up changing the hostname of the usenet server and I still get about 1000 DNS queries a day for the old name from decade old malware.

7
0

IBM invents printer that checks for copyrights

-tim
Holmes

I have a brick that already does this

Everything I print is copyright by someone. So a printer that won't print any copyright material won't print anything. I'm guessing someone has tried the "minutes of silence" equivalent of the print domain so even a blank page is verboten.

0
0

The fork? Node.js: Code showdown re-opens Open Source wounds

-tim
Boffin

Re: Without open-source, there'd be no BSD, and without BSD

The BSD TCP stack wasn't open source, it was the licensing was too hard so control of it was ignored. DARPA paid for the BSD stack and a fair amount of the BSD project and since the US gov doesn't have the concept of a Crown Copyright, the software was free to use by others. You still needed a AT&T Unix (TM) license to use it but those were free for Universities but a small company would need to fork out over $80,000 for a source license to use the BSD TCP stack on their Vax. There were other TCP network stacks and some of them fixed some of the issues that are still causing problems with BSD influenced stacks today. STREAMS and Plan9 are just a few years younger that the BSD stack while Solaris still uses STREAMS today.

OpenSSL started out as SSLeay and the early versions of that could be used as a drop in for a very expensive RSA library which is kind of odd since the later RSA SSL-C was based on and written by the guys who started SSLeay.

I remember going through the licensing paperwork when we were running the CERN http and NCSA web server but we had DARPA taking care of most of that and covering the bills.

There were others like the ISODE ISO stack, email and general X400/X500 mess that sometimes were public domain and sometimes very expensive to maintain at the same time. I seem to remember that our support for CDC's version of ISODE was only about $50k a year in 1992.

1
0

Walmart sues Visa for being too lax with protecting chip cards

-tim
Coat

Perceived fraud is the reason for so much silliness.

I heard that Aussie fraud just hit $300 million for the year.

The zip code is used on US petrol pumps because they had too much of a problem with people putting card skimmers on them and getting the real PIN.

The Tap and Pay less than $100 is also because of people installing PIN scanning devices. It is simply a bank risk thing and the dollar amount for the transaction can be adjusted by the banks, if they choose to.

As far as zip codes need for US systems, 99999 often works. Leading zeros sometimes work (Oz postcode 1234 would be 01234, SW1A0AA would be 00010). I expect most of the time when some trend works, it is because the foreign bank didn't bother to verify the data sent to it.

The PIN infrastructure needs to be redone. There needs to be a PIN for small amounts, large amounts and a "Don't give me any money PIN" for holdup uses.

0
0

Opera claims 50 per cent power savings with browser update

-tim
Thumb Up

Its a start

How about a few more options such as no javascript in non-active windows or tabs or no animation in gifs at all? I don't need the browser burning up cycles with tracking software as the mouse quickly goes over an background window.

4
0

ALP promises 'fibre' NBN as 'NBN defenders' return with new petition

-tim
Facepalm

1st Rate?

xPON technologies aren't “a first-rate fibre" even if they are much faster than DSL, they still have serious upload issues that neither major party has even discussed.

0
1

Yay! It's International Patch Your Scary OpenSSL Bugs Day!

-tim
Facepalm

Re: Kill it with fire!!!

The heart of problem is that all the SSL/TLS standards have a "compatibility mode" which is where most of the errors come from. What needs to happen is browsers need to start a connection to a server with only TLS 1.5 (assume a time traveler with from 2020), then when that fails, drop back to 1.4 and so on until it can talk rather than the current trend which was derived from starting the communications at SSL 1.0 and then having both sides agree to improve security after the connection.

5
0

ICANN in a strop that Intel, Netflix, Lego, Nike and others aren't using their dot-brand domains

-tim
Facepalm

Extortion and crime in the DNS game?

Every fortune 500 trademark lawyer in the would have advised their client that not getting their .TLD could be seen as not protecting their trademark which could result in loss of a very valuable asset.

The instant registration of domain names doesn't help reduce their use for crime and encourages rapid and free registration which means every well meaning domain owner is subsiding the criminals who register a domain, use it long enough to spam or phish and then return it without paying. It is time for that to end but there an incentive to do that either.

I run my own DNS with its own global zone (".") and then I delegate .com, .net, country codes and the few .info sites that are criminal so all these other domains effectively don't exist.

2
0

The web is DOOM'd: Average page now as big as id's DOS classic

-tim
Facepalm

Bloat is a security risk too

There is so much loaded on most modern pages that the server will happily provide the browser enough to hang its self via cross site exploits. I have clients that want me host harmless fonts yet fonts also get run as programs and often at some funny security layer to keep the GPU happy. For PCI-DSS you must audit every line of html, javascript, CCS and ensure your images and fonts are clean. All of that costs an enormous amount of money.

0
0

BOFH: If you liked it then you should've put the internet in it

-tim

Tracking the stapler?

I only need to track one red stapler.

Thank you very much.

1
0

Oz hackers safe to drop 0day at hacker cons, Wassenaar wonk says

-tim
FAIL

And this is new how?

There are exploits exposed at Breakpoint and Ruxcon years ago that still aren't fixed.

What is the problem with a few more next time?

0
0

BlackBerry boss mulls mid-range Androids

-tim
FAIL

Idiots everywhere?

Can someone dump Chen ASAP?

The Apple market is confused by the FBI thing, Android is about to have major security issues involving their walled garden.

Doesn't idiot Chen know about playing the long game? Security matters for about 2% of the market. 2% is a nice earner.

0
0

We're not in Kansas City anymore, Toto ... Google axes free fiber internet

-tim

5mb?

A friend was on the free plan in KC and she would routinely get gigabit speeds. I wonder if it was ever properly capped at 5 mb.

0
0

Redflow's home batteries to start shipping in June

-tim
Happy

How does work disose of 48v gear?

At my place of work there is a list of people wanting the old batteries and inverters. If we get 3 of these, half of our tech department would be off the grid. Won't Simon think of the poor power companies?

0
0

Confused by crypto? Here's what that password hashing stuff means in English

-tim

I found the simplest way to discuss hashes as used in passwords is by oversimplifying them. One of the simplest hashes is "count the letters in the password". So "1234" would have a hash of "4" and "letmein" would have a hash of "7". It is trivial to see how collisions would be an issue for using that hash algorithm as any 4 character password would work for any other 4 character password. Another weak yet slightly stronger hash would be convert A -> 1, B -> 2 and then sum the digits but "AD" then collides with "DA", "BC", "CB", "AAAAA", "ABB" and others. A typical mistake in cryptography is to try to combine excessively weak components to make them stronger such as start a hash out with the count and then the 2nd character would be the sum of all digits (without carry), and then the 3rd character would be the sum of all the digits but the 1st. While it complicates things, a bit of reverse engineering shows it is not very good and yet a brute force attack would show far too many collisions. Similar techniques were used in old programs to generate encryption keys which were quickly broken.

0
0

Google's call for cloudier, taller disks is a tall order says analyst

-tim
Boffin

Back further in history?

They say "The current 3.5” HDD geometry was adopted for historic reasons – its size inherited from the PC floppy disk." The 3.5" drive form factor allows 8 of them to fit inside an 8" floppy drive bay. I have no idea why the 8" floppy drive size was chosen but I suspect it could be something as odd as the dimensions of rack mount gear is related to bee keeping frames.

0
0

Facebook, WhatsApp farewell BlackBerry

-tim
FAIL

Blackberry needs to find out who its customers are

Blackberry started out when the phone companies were their only customers. That is no longer true yet the Canadians have ignored that part of reality and watched their market share drop and drop. If Blackberry started selling their phones direct at a reasonable price (which is their only hope now) and started letting developers know they are more likely to get paid writing a Blackberry app than a iOS or Android app, things might change but the leadership at Blackberry seem to be clueless.

I like my blackberry Q10. Other than some odd quirks, its a decent platform. I like that it runs Android apps. I like that it lies to Android apps about their access to the system. I like the sandbox they run on is so isolated that even providing a root shell won't allow access to my other stuff. Most of all I like the real keyboard.

8
0

Swedish publishers plan summer ‘Block Party’ to thwart ad blockers

-tim

They will get less than they bargained for.

They may end up like the TV sitcoms when the writers go on strike. People learn to live without them and find another source of entertainment and many of them never go back.

0
0

Telco veteran unloads on Oz data retention laws

-tim
Black Helicopters

At least it isn't as simple as other geo location...

I asked a friend to send me a list of wifi SSID and MAC addresses that he could see from his wifi scanning tool. I put 3 of them in access points half way around the world and then turned on an android phone. It geo located me to my friends house. I wonder if there is an app for that yet.

1
0

IBM plugs SanDisk's flashy JBOF rig into its spectrum

-tim

What an odd profile?

When is someone going to build a 1RU rack mount box that uses flash devices that are about one inch tall and 500 mm deep. That way up to about 64 hot swappable flash devices could be slid in to a 1 RU rack mount device. If the bus connector was PCIe and SATA then a universal standard host could support a massive about of JBOF at speeds ranging from cheap to blindingly fast.

Of course there needs to be much better support for 4,608 byte sectors so ECC can flow from all the way from storage to the CPU registers.

0
0

SCO's last arguments in 'Who owns Linux?' case vs. IBM knocked out

-tim

When will it end?

It turns out that a number of developers are in a legal limbo because they singed the Sys V source code NDA and as a result they can't provide patches into Linux or many of the BSD systems.

It would be nice for this to end so that can be clarified. I'm starting to wonder if California employment law regarding non-competition couldn't be used to end it for all time.

0
1

Submarine cable cut lops Terabits off Australia's data bridge

-tim

Re: Microwave?

Years ago I was looking at some calculations of the line of sight "hill" due to earth curvature between Victoria and Tasmania and it it was something on the order of 400 meters tall. With microwave, you also have to keep things out of the Fresnel zone as well. Undersea cable is about $10 per meter and you can put down cable cheaper than you can build tall towers in prime real estate which is considered environmentally sensitive. An old aviation chart shows that there is a 4,000 ft obstacle near Flinders island so I expect Telstra already has a microwave link going that way. I know when a betting shop opened up there about a decade ago, they had asked for 2 gigabit links and that was the entire capacity at the time.

1
0

Who would code a self-destruct feature into their own web browser? Oh, hello, Apple

-tim

Re: Like a moth to a light

The HTML5 history.pushState() and history.replaceState() are just pure evil waiting to abuse millions of users.

I would love to have all browsers support a permissions text file (so sysadmins can properly maintain it) with entries like:

history.replaceState() disable

history.pushState() disable

4
0
-tim
Unhappy

So many problems...

Safari becomes very unstable when the hard drive starts to fail. Oddly enough I was getting bad blocks on my iMac but the S.M.A.R.T stuff was saying the disk is fine.

When Apple brought out OS X for the Power PC processor they still were compiling for Intel in house and that found quite a few bugs that way. Once they dropped all support for Power PC, their bug ratios started to climb. I wonder how quickly the 1st bug would be found if they tried to build it on the PPC platform today. I'm also a fan of making sure developers have access to a very old supported platform and making sure they use it from time to time so they get a better feel for real world issues seeing that their top of the line box with fast cpus, massive displays, surplus ram and fast disks isn't what the end users are using.

At work most things are Intel based Linux but we have some Sparc as well. I asked a coder to compile his buggy code for the Sparc platform and he said it was a waste of time since it didn't compile correctly and it crashed but according to him that was a result of the platform not his bugs. Some of the least buggy open source code will happily build on some very old and bizarre platforms yet the buggiest code seems to require very specific platforms.

7
0

BlackBerry axes 200 jobs – including a third of its HQ staff

-tim
FAIL

They don't know who their potential customers are

Blackberry, Mototola and Nokia all stuck to the concept that the mobile phone operators were their customer, not the end user until there weren't any more sales. Apple on the other hand treated the end user as their customer and took all the business away. Samsung is trying similar tactics. Blackberry made a good product and nearly everyone I know who takes security seriously has one but if they don't change their sales model soon, they won't be around next year. I expect a postmortem on the company will show their last mistake was to abandon their core OS and swap it Android. If these things are obvious to outsiders, why can't their board see it?

20
0

Home Office lost its workers' completed security vetting forms

-tim
Facepalm

Missing a few?

How about "Copy machine returned to the leasing company with internal hard drive in place"? That would have happened a few times, if not by the department its self, the other departments that sent them the paperwork in the 1st place.

They seem to have plenty of faith on the drive encryption. The best dictaphone encryption seems to be based on strong encryption based on what I'm suspecting are very weak passwords.

It is becoming clear that one of the best places to plant a long term spy is in the group that vets the security for a country as it seems that long term employees seem to have excessive access to data. Perhaps far more than they should.

2
0

AI pioneer Marvin Minsky dies at 88

-tim

Society of Mind?

What is death?

I think his book "Society of Mind" will be one of the best AI books ever written... Once AI works.

3
0

Scandal-smashed OPM will no longer do govt's background checks – for obvious reasons

-tim
Black Helicopters

Yet another security agency

Will they get snazzy new uniforms? Maybe something designed by Hugo Boss?

Will they have their own black helicopters? After all they have sensitive documents to move around.

0
0

iiNet struggles through five-day outage to get thousands back online

-tim

How low can it go?

I have email from Simon and Mike going back far more than a decade. I've been a player in the early days of uunet, savvis and others. If this ever happens to Internode, I'm going to find my "Internet startup" hat and put it on and do my best to put TPG out of business.

This is their 1st and final warning.

2
0

Australian government urges holidaymakers to kill two-factor auth

-tim
Big Brother

If you think their 2FA policy is bad, look at the health records

Take a look at the eHealth record system which is part of the MyGov system. Someone should mention to that predictable Cookie hijacking of login details is so 1990s so why don't they fix that but using someone else's 2FA sure is convenient.

The terms of service describe a " System Operator" which seems to be doublespeak for "a big brother contractor" . The system is no longer opt-in and the "System Operator" keeps all the info they have collected even after you opt-out so it might be best to sign up and then opt-out before they siphon any personal data.

0
0

Launch embiggens Galileo satnav fleet

-tim

Who is in charge?

If the Chinese can hack Cisco routers before they get delivered, Did the Russians hack the Galileo before it went into to orbit?

0
0

Samba man 'Tridge' accidentally helps to sink request for Oz voteware source code

-tim
FAIL

Re: @-tim The law is the law and ignoring that doesn't help.

Thanks, A.C.

I may be wrong, but I don't see a better option. I know there are people who think patent reform is a better option but I have a book that I rent out to break patents on stupidly obvious things. I know more patent lawyers than I know people with patents and I know more developers that have been talken to court than I know software patent owners. Something is broken and putting your head in the sand isn't a solution.

0
0
-tim

The law is the law and ignoring that doesn't help.

While I respect Tridge for his work on software, my discussions with him about intellectual property seem to indicate that he is as extreme as the Free Software Foundation but with a huge amount of head in the sand attitude about ignoring trends in current and future copyright and patent law. Because of the lack of patent pending on rsync, there are now a large number of patents of related technology that will have long term negative effect with rsync getting better. Samba is making use of a number of Microsoft patents but so far Microsoft has decided that Samba is useful so they haven't stopped it. Much of this would be fixed if the open source groups would file patent applications (with maybe thousands of claims) once a year and then not follow through with the full patent protection to reduce costs. That would provide the patent offices with a full proof of prior art in a way that they can deny other patents and the open source people won't get nailed for using their own intellectual property. People need to understand that patent offices can't use tools like google to find existing prior art, they can only use public resources they have access to that won't revel new technology to possible competitors. That effectively means they use their own patent pending databases.

1
3

Oracle, looks like your revenues were down. 'Cloud! Cloud! Look at the cloud!'

-tim
Facepalm

They forgot how Sun got big.

Get a under $5k T7 server that is useful (4+ disks, 10G ethernet) and they can move hardware. They should have a low end $999 appliance to get their new tech in the hands of lots of people or else Solaris 11.3 will be meaningless to the masses and meaningless to business. The $999 box should have 2 hard drive slots and 2x 1G ports and a few cores and all the cool memory cache/compression/crypto stuff. If they don't do it now, they will never reverse their current direction.

3
0

Page:

Forums