# Posts by Cuddles

480 posts • joined 3 Nov 2011

### Earth days are getting longer – by 1.8 milliseconds per century

#### Re: margin of error

"How do you know that eclipse measurements from 2000 years ago were accurate to the second?"

They weren't. No-one has tried to look at historical data down to the second, they looked at the accumulated difference, which is much larger. Each day since 720BC has been on average 24ms longer than it would have been without any slowing, so we're now nearly 7 hours offset from where we would have been. It's exactly the same as having a clock that runs very slightly slow; you won't be able to see any difference if you put it next to an accurate clock and look at the second hands, but put the same two clocks next to each other a few months later and the slow one will show a completely different time. And yes, astronomers 2000 years ago were easily able to calculate eclipses with better accuracy than several hours, which is how they can tell how much the Earth has slowed down since then.

Note that this is also the case for leap seconds; they might sound big next to deviations of milliseconds, but again they correct the cumulative drift. There's a nice graph on Wiki that shows this - https://upload.wikimedia.org/wikipedia/commons/5/5b/Deviation_of_day_length_from_SI_day.svg ; just a millisecond or two difference in the length of a day results in 27 seconds difference in what a clock says the time actually is after a few decades of that small difference constantly adding up.

As for the result only being an average, that's true, but not especially relevant. The Earth is really, really big. Anything capable of making a significant step change in its rotation would be utterly catastrophic, and certainly no such thing has happened in the last couple of millennia. While the change has not been exactly a constant 1.8ms every century, it has certainly been a steady, somewhat meandering drift and not a sudden change at some point during the period studied. As that graph shows, there's a 1ms or so seasonal variation, a somewhat larger short term drift, and then the longer term drift which was the subject of this paper; even the largest earthquake on record couldn't cause a sudden 48ms step change.

### HBO slaps takedown demand on 13-year-old girl's painting because it used 'Winter is coming'

#### Re: overhaul?

"This has nothing to do with DMCA, it is plain old good trademark law and the idiotic "use it or lose" clause in it. That clause is long overdue for clarification and relaxation.

Aso, how could one have trademark or copyright on "Winter is Coming" beggars belief."

As the article notes:

"HBO's trademark covers clothing, mugs, drinking glasses, hats, bags, mouse pads and similar tat."

That means that not only is random non-commercial artwork not covered at all, but neither are many commercial products. Someone could advertise a car using the phrase, and there would be absolutely nothing HBO could do about it.

Basically, the problem here is no the DMCA, it's not trademark law, it's not any specific clause within trademark law, and it's nothing to do with the generally problematic state of intellectual property law. The problem is entirely that HBO are being arseholes.

### Body cams too fragile for Canadian Mounties – so they won't be used

#### Re: Well....

"They've obviously not been trialing the right model of cam. There are plenty of ruggedised, hard wearing, decent battery life cameras out there."

Where, exactly? There are plenty of cameras around that might just barely manage an 8 hour day with fully charged, brand new batteries, and there are plenty that can stand up to a bit of knocking about on the odd weekend. But needing to work all day, every day for years under all conditions including extremes of weather, physical altercations, being shot at and attacked by bears, is an entirely different proposition.

### Stealing, scamming, bluffing: El Reg rides along with pen-testing 'red team hackers'

#### Re: It's a bit disappointing

"Very interesting read, but it is slightly disappointing to learn that actually getting into "secure" areas involves things as simple as not having a responsible answer his phone."

Really? I'm surprised any actually found anything to learn in the article at all. Don't get me wrong, it was a good read, but as the article itself notes there's nothing new here at all; humans are the weak link and these are the same techniques con artists have been using for millennia. The fact that theft targets now include things like login details and not just valuable items hasn't changed anything about how to actually access them. Today a security guard let someone into a server room without checking properly with their superior about the surprise computer audit, 6,000 years ago an ancient Egyptian guard let someone into the vault without properly checking with their superior about the surprise gold audit.

### 90 per cent of the UK's NHS is STILL relying on Windows XP

#### Now I feel old

I was going to make a comment about how impressed I was that they've upgraded that much of their systems to XP, since when I worked in a hospital not much less than 15 years ago there were still plenty of 386s running Win 3.1 around. But looking at the dates, that's actually basically the same - 15 years and 3 Windows versions out of date. So rather than joking about how I thought it would be worse, apparently it's exactly as bad as I expected.

That said, I wouldn't be at all surprised if part of the records system in that hospital still runs on a BBC-B. Although at least that has the advantage of not being at much risk of hacking.

### Huawei Nova: A pleasant surprise in a 5in phone

#### Is this a joke?

Huawei Nova - 141.2 x 69.1 x 7.1mm

Galaxy S7 - 142.4 x 69.6 x 7.9 mm

iPhone 7 - 138.3 x 67.1 x 7.1 mm

It's basically the same size as Galaxy S7 (and most 5" phones are similar) and nowhere near an iPhone 7, so why the endlessly repeated nonsense about it being the same size as an iPhone? It may well be an impressive technical achievement to manage to cut 0.5mm off your phone's width, but no-one who uses it is even going to notice that, let alone care, and they certainly won't think it's the same size as a much smaller phone if they ever see the two next to each other.

### US Supreme Court slashes Samsung's patent payout to Apple

#### Creativity?

"a victory for... all those who promote creativity, innovation"

Seriously? They're both just rectangles. Regardless of the nonsensical state of the patent industry and who the letter of the law says is at fault here, there was precisely zero creativity on display from any party here.

### Apple Watch sales go over a cliff: Down 2.8 meellion per quarter in a year

#### Re: Smart Watch needs a reboot.

"That isn't what he saying. He wants a watch to function as a house key, a car key fob, or a bank card - if the security can be nailed down (a question of implementation, not concept)."

That was exactly my point - phones already do all of those things. Have you seriously not heard of things like Apple and Google payments, "smart" locks and the numerous cars that can be managed by phone apps? This is not asking for some killer app that only watches could do, it's just a list of things that already exist.

"That is a second or two, repeated many times a day."

Oh no! That might add up to maybe 10 or even 20 whole seconds! What a horrible inconvenience that absolutely requires spending hundreds of pounds to solve. Or, as the title of the article points out, no it doesn't. To start with, it's not repeated many times a day at all. Exactly how many times do you unlock your doors and drive your car to the shops every day? Exactly how difficult is it to put a bag down for a couple of seconds to use a door (which you'll need your hands to open anyway)? Nobody gives a fuck about smartwatches because they don't actually add any significant convenience. The fact that the best anyone can say about them is that you can occasionally save a couple of seconds here and there while carrying out functions that could easily be done without a smartwatch is the exact reason hardly anyone has bothered buying them.

#### Re: Smart Watch needs a reboot.

"If my watch which I do always have on my person; carried some form of ID, (verified by my biometric pulse perhaps.) My front door would recognise, My car would recognise me, My bank cards could be rolled into my watch for small transactions etc. Pressing the crown on the watch would alert my Home assistant without having to say Hello Google or whatever.etc,"

Aside from the security issues involved, the trouble is that all you're really saying is that a smartwatch would be useful if it was a smartphone. And that's exactly why they haven't been successful; all they're doing is duplicating the functionality of a device most people already have, but in a format which is inherently limited in screen size, battery life and processing power so that it can never actually work as a complete replacement.

That's the thing about watches needing a killer app - it has to be something that only a watch can do, or at the very least something that a watch makes significantly more convenient to do. Taking a phone out of a pocket is not difficult and takes only a second or two, so simply doing the same as a phone but on your wrist is not enough. Nothing you've listed comes close to being a killer app for a watch, it's just a list of things that phones can mostly already do. Of course, that's hardly your fault; the entire problem is that no-one has managed to come up with anything for watches to do, which is why they're not doing very well.

### Hackers waste Xbox One, PS4, MacBook, Pixel, with USB zapper

#### Re: No shit, sherlock

"So many people here seem to be missing the point. It's not about the result of shoving high voltages where they shouldn't be. It's abou the ease and speed with which this can be carried out, and how many devices are potentially at risk.

Imagine, you can walk into Currys, whack this into a port, and leave likely unnoticed having just destroyed equipment of high value."

And how exactly is this any different from doing exactly the same with a headphone jack, HDMI plug, or other common interface? The only difference with USB sticks is that idiots are more likely to plug them in themselves if they find one lying around; if all you want to do is damage equipment in a shop, a power source connected to the plug of your choice will do exactly the same job, and would have done so just as well 30 years before USB was even imagined.

#### Re: No shit, sherlock

"Any interface can, if you connect to it inappropriately, potentially cause damage."

Indeed, I'm struggling to see how this counts as news. Plugging a 220V power source into something not designed to have a 220V power source plugged into it will screw things up. Try doing the same to a 3.5mm audio socket or your printer's data port and see how well things go. Other than the usual "Don't plug random electronic devices you found lying around on the floor into your computers" advice, there's really nothing of interest to see here.

### UK.gov was warned of smart meter debacle by Cabinet Office in 2012

#### Re: Pull the plug then

"The only benefit is that meter readings happen remotely"

My readings already happen remotely - they send me an email asking for a reading, I read the metre and send them the answer. If power companies still needed to employ an army of people to constantly wander the country reading metres, maybe connected metres could be seen as a benefit. But currently it takes me maybe 5 minutes per year, and the company precisely zero time or effort, to read the metre, so there's really no benefit to changing things at all.

### Chernobyl cover-up: Giant shield rolled over nuclear reactor remains

"Did everybody on that path die? Not even close."

Never forget that 100% of people exposed to radiation die! More seriously though:

"Radiation is scary not because it's instant death (yes, it can be, if you're quite literally in front of the reactor) but because of the cumulative effect. So long as you don't let it build too high in your body, too often, it's fine."

That's not really accurate. Radiation doesn't build up in your body in the way that things like heavy metals tend to. In fact, there's decent evidence that constant low exposure to radiation is actually beneficial, since it stimulates the protective and repair systems that fix damage to cells and DNA. The real problem with radiation is that the effects are simply too variable. A low dose might be beneficial, but what exactly counts as low? Is continuous exposure at some level more or less damaging than a single higher exposure? How exactly do short and long-term effects vary with different doses and exposure patterns? And of course, this is all before you start looking at different types and energies of the radiation involved - equivalent doses of alpha, beta and gamma radiation won't all have the same effect.

Of course people have tried to study all this, but given all the variables involved you'd need to deliberately expose tens of millions of people to all kinds of radiation and then follow them around for the next 70 years or so. Even if there weren't any ethical problems with doing that, the logistics make any comprehensive study impossible. We occasionally get lucky (maybe not the best word) and find a useful group to study, such as the well known watch painters, and there's the occasional unethical study, such as the military exposing people to nuclear tests, but this only covers a tiny portion of the question in a completely uncontrolled way. And no matter how well me manage to study the actual effects, that still does nothing for people who aren't radiation workers and so have no idea what dose they might have received anyway.

Radiation is scary to people mainly because it's unknown. You usually can't tell if you've been exposed, even if you somehow know that you usually don't know how much you've been exposed to, and even if you somehow know that it's almost impossible to know what the effects might be. It's not a particularly rational fear given how low the risk of any significant exposure actually is, but fear of the unknown is not exactly uncommon.

### Netflix and spill: Web vid giant kills password masking in tests

#### Re: As bad as Amazon video on my TV

"Trying to do a secure password implementation on a system which has no keyboard and a display which (by design) is visible across the room is a nightmare. I can't think of a secure way of doing it."

Perhaps some kind of device with a numerical keypad could be used to control the TV remotely? I wonder what it might be called...

### Super Cali goes ballistic, considers taxing Netflix

#### VAT

"One, the US does NOT have a VAT. They use income-based taxes because they're harder to dodge than consumption taxes which can be easily hidden under the table."

Except that's not actually true. The US does have VAT, they just call it "sales tax" instead, and it's done at a state or lower level (in this case, individual cities) rather than at a federal level. There are absolutely no principles or nonsense about making tax dodging more difficult, it's just the usual cries about state rights resulting in an incoherent mess that makes things more difficult for both the taxers and the taxees.

As for the complaints that it would be too difficult to bill something like this, I don't see how there's any issue at all. When you sign up for a service, you're generally required to give your address so that service can actually be provided. No amount of jumping around proxies, VPNs and the like can avoid the fact that Netflix know where you live and are able to bill you every month. The only difference VAT would make to the consumer would be that your bill would be slightly higher.

### How-to terror manuals still being sold by Apple, Amazon, Waterstones

#### Whining arseholes ignored by most, everyone remains safe and happy

"WH Smith was quick to remove DIY terror manuals from the digital shelves of its online stores after El Reg highlighted their sale"

I believe this should correctly read:

"WH Smith was quick to remove old textbooks after being harassed by whining busybodies who have for some reason decided it's their solemn duty to police perfectly legal goods being sold in shops rather than doing their actual jobs."

### Samsung fires \$70m at quantum televisions

#### Quantum TV

If you know where your TV is, you can't know how long you've been watching it.

### New state of matter discovered by superconductivity gurus

#### Re: using liquid helium or liquid nitrogen, which is expensive.

"Liquid nitrogen is not terribly expensive. It used to cost about the same as beer."

Expensive relative to what though? A single beer might not be particularly expensive in absolute terms, but buying several of them every day for many years is much more expensive than not buying them. When you consider that savings from resistive losses in most applications are likely to be pennies per day at the absolute most, that's an awful lot of beer-equivalents that have been wasted on something other than beer.

To put things in perspective, I work at a particle accelerator that uses several MW of electricity to power hundreds of magnets that run anywhere between a couple of hundred to a few thousand amps, as well as a variety of other high power components. We get through tons (literally) of liquid nitrogen for things like cooling detectors and samples, but we use precisely zero superconductors to run the actual accelerator; even in such a highly specialised setting that already has the supply infrastructure set up, it's simply not worth the cost to use superconductors to reduce your energy bills.

#### Re: Advanced science or gibberish?

"But secondly "cooled before the material reached its critical temperature"? I need an explanation"

As far as I can this is simply the author of the article attempting to say that the pseudogap phase is observed at a slightly higher temperature than the critical temperature (ie. the temperature at which it becomes superconducting). It seems to be incredibly awkward phrasing bordering on gibberish from the author of the article, and not from the actual paper. Probably caused by the fact the author clearly has no clue whatsoever what the research is actually about. Nothing new has been discovered at all. The pseudogap region is well known and has been studied extensively before, with this paper providing a raft of references to previous papers looking at it in a variety of different ways. As is all too common with the media these days, what is heralded as an amazing new discovery is actually just the normal progression of science investigating a known phenomenon in more detail.

@Uffish

"Sir, one of your journalists has left the phrase "the new phase enters a completely different structure that breaks time-reversal" in an article with no other comment or explanation.

Will you please see to it that some explanation in the most prosaic and banal terms is introduced as soon as possible since I am very much afraid that otherwise my brain will explode."

Time-reversal symmetry (https://en.wikipedia.org/wiki/T-symmetry) is basically the statement that everything is basically the same if you reverse time; the laws of physics don't change and everything carries on as before, just backwards. However, there are a variety of ways this can be broken. Magnetic fields and angular momentum, for example, are axial vectors that add an additional change of sign when things are reversed or reflected (see the diagrams on this page - https://en.wikipedia.org/wiki/Pseudovector). This means that they can break T-symmetry because if you look at the dynamics of a microscopic system with magnetic fields in it, things won't actually be the same if you reverse time (see https://en.wikipedia.org/wiki/Microscopic_reversibility). When it comes to this paper in particular, they're looking at the effect of the material (specifically the electrons inside it) on reflected laser light, and how that depends on the orientation of the sample (a single crystal). What they show is that at higher temperatures, T-symmetry is not broken, but it becomes broken at a temperature higher than the critical temperature showing that there is a different phase present between the normal and superconducting phases (or more specifically, showing what the properties of that phase are, since the phase itself was already known).

I make no promises for how exploded heads may be after reading this, let alone if you actually try reading the links or doing any of the maths.

### HTC and OnePlus spruce up flagships for Santa's sack

#### Re: OnePlus pricing

"The 3T does look nice, but 400 squids?"

Indeed. I wish people would stop pretending phones at this sort of price are mid-range bargains, that's the same price as my Galaxy S6 was just a month or so after release. When you're no cheaper than the flagship Samsung and Apple phones, you lose any right to pretend to be a bargain.

As for the rest of the article, it seems somewhat incoherent. A mid-year refresh is happening at the end of the year, except in HTC's case we don't even know if it will happen this year and it isn't a refresh anyway just a re-release of an existing phone. Also their website clearly says it has a 5.5" screen, not 5.7" as claimed by the article. Throw in the usual typos, grammar mistakes and clear lack of editing and I really don't understand how someone can actually get paid to write this crap.

### Google declares victory for its Wifi router before it's even shipped

#### Speed is relative

"Wifi reached speeds of 228 Mbps, compared to 205 for Luma and 186 Mbps for Eero"

Meanwhile, the UK government has the target of getting everyone to have 24 Mbps at some point in the future. Those of us with pretty decent, for this country, broadband can generally expect speeds somewhere between 60-130 Mbps. For the average person, who is not running a LAN with lots of local devices and storage and is simply looking at Facebook and Netflix over the internet, there is exactly zero benefit in the increased speed. It reminds of when all the browsers liked to boast about how few milliseconds they could take to render a page, apparently forgetting that time differences far smaller than any possibility of human perception were not actually the main selling points of their products.

### Virgin Galactic and Boom unveil Concorde 2.0 tester to restart supersonic travel

"60 years after the dawn of the jet age, we're still flying at 1960s speeds

Is that not because of the price of fuel after the oil price shocks in the 70's?"

It's more simply down to diminishing returns than anything else. The advent of air travel brought international travel times down from weeks to hours. Supersonic air travel reduces that from hours to a couple less hours. For the vast majority of trips it's simply not worth the extra cost. It's the same reason car travel is still limited to 70ish mph and trains haven't all been replaced by high speed maglev. It's not the technology that's holding it back, it's the generally small gains compared to the ever greater cost of actually getting those gains.

### Analysts apply Occam's razor to Tesco Bank breach

#### Re: Not sure how the trojan theory would work out...

"Ordinary card cloning (from manipulated ATMs or POS terminals) is unlikely as well - that wouldn't explain the large number of cases on this one bank."

This was my thought as well. Given that the attack appears to have targeted only Tesco, any customer-based attack such as cloning cards or phone and/or PC malware seems pretty unlikely, since these would almost always catch customers of multiple banks. It almost has to have been either an inside job or some vulnerability specific to Tesco's systems (I guess the former is technically a subset of the latter).

### Adult FriendFinder users get their privates exposed... again – reports

"Time was, people had to live with what they published. Now it seems everyone wants the right to have their own past words forgotten, even though they blazoned them forth to the world at the time."

Firstly, as already noted, there's a big difference between having your publicly published words remembered and having your private details leaked through no fault on your part. Secondly, and more to the point, time was people were happy to live with what they published because there was no chance the vast majority of people would ever see it, let alone remember it. The problem isn't that people's behaviour has changed or that their sense of responsibility or entitlement has changed, the problem is that people have stayed exactly the same but technology has completely changed the consequences of their actions. Back in the day, you could say something as a drunk teenager, the only people who would ever know would be the people in your village, and no-one would remember or care by the next week anyway. Now, you can do exactly the same, and 10 years later it suddenly goes viral on Twitface and ruins your life.

It may be fair to say that this is the world we now live in and people just need to learn how to behave in it. But it's entirely understandable that people have not, in fact, learned how to do so just yet considering that most of the technology in question has only been around for a decade or two at most. It's not particularly unreasonable that some people might want to makes changes to the technology involved to allow social animals to continue behaving the way they have for millions of years, rather than immediately accepting that things have changed and that a world with the internet won't allow the same behaviour as a world populated by small communities of apes.

### Origin of the beasties: Mirai botnet missing link revealed as DVR player

#### Does it matter?

The issue here is that millions of devices are being connected to the internet, often completely unnecessarily, with default (or even hardcoded) usernames and passwords and effectively no security. Exactly which devices are targeted in a given attack doesn't appear to be relevant at all, the attack and the results are exactly the same.

### Samsung sets fire to \$9m by throwing it at Tizen devs

#### What phones?

"Samsung will throw US\$9m at developers willing to have a go at making apps for smartphones running Tizen."

But... there aren't any phones running Tizen. At least, not any available for the vast majority of people to buy (there are a couple of extremely low-end models in India). It doesn't matter how much money you try to bribe developers with, no-one's going to bother if you don't actually provide a platform for them to develop for.

### A cardboard desk? I won’t stand for it (actually I will)

#### Why cardboard?

I assumed there was going to be some trick that made it easy to switch between sitting and standing*, due to the lighter materials or something. But this isn't a desk that changes height, it's just a taller than normal desk that happens to be made of cardboard. But you can get a desk made out of materials that aren't utter shit for less than that, so what exactly is the point?

* Incidentally, there's absolutely no point in getting a desk that only allows you to stand, studies have shown that's just as bad as spending all your time sitting. It seems to be changing your stance and posture from time to time that actually gives benefits, so unless you get a fancy desk that goes up and down you might as well get a normal one that allows you to slouch properly.

### Recruitment giant PageGroup hacked, Capgemini dev server blamed for info leak

#### Who else?

"A spokesperson for PageGroup told us the unnamed hacker has since promised they have destroyed the data and the company is "confident that they have done so." To us it sounds like someone discovered a vulnerable server, found out they could exploit it to extract people's information, and then reported it to PageGroup."

Sure, this sounds like nice person discovered a vulnerability and told them about it. The question is not whether that specific person plans on doing anything naughty with the data, but how many other people might have also had the same access. The important thing to take from this is not "White hat reports vulnerability", but rather "Vulnerability may have existed for years and has only just been reported".

### Panicked WH Smith kills website to stop sales of how-to terrorism manuals

#### The Register are Nazis?

Slightly provocative, but sadly it seems the logical conclusion. As far as I can tell, Smiths were not actually doing anything illegal or even wrong; the books in question are technical textbooks legally available for sale, and shops are not required to do any kind of background checks on customers. But for some reason El Reg suggest that not only should knowledge be banned if someone feels it's possible to abuse it, and not only that regular businesses should be required to spy on their customers and look up all their details in national databases before approving sales, but also that it's the duty of citizens to go poking their noses into their neighbours business in the hopes of catching them in the act of doing anything that seems even slightly dodgy.

Brexit and Trump may not seem great, but we haven't descended into a fascist dystopia just yet. Maybe you should spend a bit more time on actual journalism, and a bit less advocating for background checks to buy books and citizens spying on each other to catch anyone who doesn't do such checks to your liking.

### GoPro drone moan brings more bad Karma

#### Mature market

As with PCs, phones and the like, the problem with action cameras is that there isn't really an upgrade cycle any more. If you're a professional, the latest and greatest camera may well have features that make it worth upgrading. But if you're just a hobbyist, there's very little point in buying every shiny new camera that comes out. I have a GoPro; the original HD one from back before they needed numbers and colours and a spreadsheet to figure out which one you had. It does 1080p, or 720p at higher framerate, timelapse photos, it has good picture quality, enough battery to last several hours, and takes SD cards big enough to last a week or more when on holiday. And it's still better than many of the cheap cameras being released now. GoPro aren't having issues because there's anything wrong with their products or because of all the competition, it's simply that for the vast majority of people, once they have a camera they don't need another one.

### Fatigue fears over bug bounty programs

#### No, really?

It's almost as though QA and security are things that should be paid jobs within a company rather than simply outsourced to hobbyists. Sure, you can get some benefit from asking nicely for people to tell you about issues they've found and showing appreciation when they do so, but it should be obvious that that can only ever be in addition to trying to do it properly yourself as well.

### What went wrong at Tesco Bank?

#### Re: Santander must also not be hashing passwords

"I use Santander online and mobile app. Both request 8 digit customer ID (which you can persist for convenience) and full PIN, not selected characters from it. "

No they don't. I don't know about the mobile app, but to log in to Santander from a real computer requires the customer ID, 3 characters from your password (which actually allows strong passwords without stupid restrictive rules), and 3 digits from your 5 digit numeric PIN.

As for the main topic, this is actually an interesting problem that doesn't really have an easy solution. Only asking for a few random characters from a password is done for a very good reason - keyloggers can't steal your password if you never actually type the whole thing. But, as this incident apparently shows, this makes accounts more vulnerable to other types of attack. So the question is not so much whether it's a bad idea to do it like this, but whether it's worse than the alternatives.

### IoT worm can hack Philips Hue lightbulbs, spread across cities

#### Eh

"The chain reaction will die in city areas where less than 15,000 of the globes are used"

So, not really an issue then. I doubt there's actually a single city that has that many IoT lightbulbs, let alone that many of a specific brand. Hacks that rely on there being a significant number of vulnerable devices in close proximity are best aimed at devices that actually sell in significant numbers.

That's not to say work like this isn't worth doing; the more people point out how stupid it is to have hilariously insecure internet connections controlling basic needs like lighting and heating, the better. It's just that this particular attack is less "everyone's lights are about to go crazy" and more "fortunately most people aren't stupid enough to buy this shit yet".

### Add it to the tab: ICO fines another spammer as unpaid bills mount

There seem to be two separate issues here - the companies that do the spamming, and the companies that hire them. Reading the ICO's statements, it appears that the problem with non-payment of fines is mainly confined to the spammers themselves - they have no brand or real business to speak of, so they can just pop up, spam, and shut down before getting caught. Those hiring them, on the other hand, can't do that because the whole point is to bring in customers and you can't do that if you liquidate your company.

So the solution seems fairly obvious - simply fine the people hiring the spammers. Cut off their source of income and the spammers will disappear (or at least have to come up with a new scam). Fortunately, it seems this may be what the ICO is now trying to do - the company in question here wasn't the spammer but rather the hirer, and all the talk of spammers liquidating and not paying fines isn't actually relevant to them. Hopefully this isn't a one-off and they'll carry on fining the people they can actually catch. Fine enough of them and the spammers will die out because it simply won't be profitable for anyone to hire them.

### European F-35 avionics to be overhauled at Sealand, says UK.gov

#### Good timing

"DECA won the £2bn "global repair hub" contract, which will last until 2040."

By which point the F-35 may just about be capable of taking off without needing 6 reboots and then catching fire.

@ Andy The Hat

"A 'private' company with revenues of £25m per annum gets a contract worth £2bn?"

Worth £2 billion over nearly 25 years, which is only £80 million per year. A bit more than they're making now, but same order of magnitude and doesn't really seem unreasonable.

### El Paso city bungs \$3.2m to email crooks pretending to be bosses

#### Paper-only invoicing

Because everyone knows any invoice written on paper must be 100% trustworthy.

### Google makes it to third base with Home digital assistant

#### Re: These devices are game changers

"it's like having the Star Trek computer in your house"

Indeed. Now just think about what the Star Trek computer actually did - basically nothing. All the actual work was done by a large crew going around pressing buttons and poking machinery, the computer was barely more than a voice-activated encyclopedia that could sometimes execute a few pre-programmed commands when given specific code-words. Hell, even getting food from a replicator required memorising specific commands rather than simply being able to ask for a cup of tea. The idea of the Star Trek computer sounds all cool and futuristic, but the reality of what was actually shown really isn't all that impressive. Note that despite poking fun at every other aspect of Trek, the computer was already so lame that Galaxy Quest didn't even bother to parody it (although if any of these silly voice command things came with Sigourney Weaver to repeat my commands I'd by it in a heartbeat).

Of course, the same applies in exactly the same way to things like jetpacks and flying cars. We already have jetpacks, it just turns out they're shit. Hoverboards are even worse - they're literally shown as just a skateboard without wheels, and you can see how much use that would be by looking at the number of people who actually use skateboards to start with. We even already have mountainboards that can cross rough terrain and a variety of boards that can be used on water. Saying something is just as seen on Star Trek or in some other sci-fi is often great right up until you look at what was actually shown rather than a fantasy of what you wish had been shown.

Trek aside, it's also worth commenting on the silly "game changer" comments that inevitably come from those trying to sell these things. Exactly what game is being changed here? I used to be able to listen to music on demand over the internet or look up questions on Wikipedia, now I can do exactly the same. Even if it all works perfectly it's not doing anything new, it's just a minor change to the interface. Streaming music itself certainly was a game changer, shouting at a box instead of clicking a mouse to activate it absolute it not. This is the problem all this home automation crap faces - people keep overselling it to a ridiculous level as amazing new things never seen before, when all it is is a way to connect to things all houses have had for decades.

### British defence minister refuses to rule out F-35A purchase

#### Re: A is actually not a bad piece of kit

"This makes block A is the only Gen-5 fighter..."

You could have just stopped there. Other than the F-22 (obviously also American), there are no other Gen-5 fighters. The PAK FA and J-20 are far from operational and have capabilities even more questionable than the F-35, and other than a couple of countries that claim to be developing them (India and Turkey specifically, while Japan has an experimental platform for testing) those are the only candidates that exist. The F-35 deserves plenty of criticism on its own merits, but its pointless to try to compare its features and capabilities to other Gen-5 fighters when no other country actually has one.

### A British phone you're not embarrassed to carry? You heard that right

#### Bet it isn't.

"WileyFox sold a respectable amount – half a million devices – without becoming a household name. But that was a tweaked reference design. With its first in-house design, launched today, that's sure to change."

Yeah, still don't see it becoming a household name. Sure, it looks like a decent enough phone. But there are now an awful lot of decent enough phones at the £150-200 price point, as well as a huge variety that are a bit less or a bit more depending on exactly what you're looking for. Being a decent but extremely generic phone that looks and costs the same as all the others is not something that will catapult you into the public awareness.

### Survey finds 75% of security execs believe they are INVINCIBLE

#### But how do they know?

"a third of those successful breaches are never discovered at all."

Seriously, if they never discover them, how do they know they happened at all?

### Whoosh! China shows off J-20 'stealth' fighters and jet drones

#### Re: Stealth..

"Is this still valid?"

Probably, but it would seem to have somewhat limited application. It basically falls under the point I noted above about using wavelengths that the aircraft isn't designed to be stealthy in, combined with having lots of low-power emitters blanketing an area rather than a single central emitter/receiver. But the problems come with the "low power" and "blanketing an area" parts.You might be able to use this to follow a stealth aircraft flying low over an urban area, since there will be plenty of mobile phone masts around, but it's completely useless if you want to detect incoming aircraft outside your borders, or in areas with worse mobile coverage, or simply flying high enough that the signal is too weak. Basically, you can't see anyone coming, but you might be able to track them once they've already bombed you.

#### Re: Stealth..

"Not so much, as anybody who knows *anything* about radar will tell you - one look down the barrel of those engines and they'll light up like christmas trees on radar, ignoring the rest of the airframe that doesn't even look slightly stealthy."

It depends how you look at it. According to analysis from those who seem to know about this sort of thing, it is probably quite stealthy when viewed head-on. This has led to a lot of speculation that the design has been changed from what originally appeared to be a general multirole fighter or ground attack aircraft, to an air superiority fighter or interceptor. Basically, it's difficult to see coming, and by the time you're looking at the decidedly un-stealthy side or rear it doesn't matter any more. Practically everything gets called stealthy in press releases these days, but there's a difference between being generally stealthy and being stealthy in certain specific ways in order to do a specific job.

"Plus haven't the western military powers and Russia all figured out ways to eye stealth aircraft these days anyway? Thought that was common knowledge."

It's certainly commonly claimed on the internet that they must have, but there's really no such thing. All radar does it bounce a signal off objects and look for reflections. Stealth works by not reflecting the signal back to the source. No amount of cleverness on the part of a detector can magically increase those reflections, so there's simply no way to ever to simply see through stealth. What can be done is try to work around it. The main two ways are either using different wavelengths of radar that aircraft may not have been designed to be stealthy in, or using clever computery stuff to try to identify likely hostiles more from their behaviour than the raw radar returns - you might be able to reduce the radar return of your plane to no more than that of a bird, but if someone can pick out a bird coming in on a likely attack route at mach 2 they might get suspicious.

### The Internet of Things is 'dangerous' but UK.gov won't ride to the rescue

#### Taking responsibility

I'm perfectly happy to take responsibility for my own actions. The problem is that my security is also affected by the actions of others that I have no control over. It doesn't matter how good I am at driving if some drunken idiot drives into me. Likewise, it doesn't matter how secure I make all my networked devices if a million incompetents have theirs compromised and DDOS me. We have laws about the former for exactly that reason, so why wouldn't we also need laws about the latter? Lots of people love to complain about government interference, but regulating actions which can harm others is one of the main reasons governments exist at all.

### No, Russia is not tapping into Syria's undersea internet cables

#### Re: landing site

"If they have a base next to the landing site it would be far easier to simply install their equipment there than mess around in the water."

Forget the base even. Syria is at the very least and extremely close ally of Russia, and depending on how you look at it may even be little more than a puppet state by this point. Russia don't need to do any tapping on or off the land, they can just ask for/demand access to anything they want and Syria will happily give it to them. There's no need to install any equipment anywhere when your techs can get access to all the existing infrastructure by simply asking nicely.

### Meanwhile, in America: Half of adults' faces are in police databases

#### Re: Only half?

"Not sure how the Yanks stand with photographic ID systems, but over on this side of the pond pretty much anyone with a passport and/or driving license has their mugshot on record."

The important word is "police". Yes, pretty much everyone in the UK has at least one photo of them on record somewhere, but that's not at all the same thing as having their photo in a specific police database. The vast number of CCTV systems in Blighty guarantees that such images are not stored in any central database, because that's the very definition of "closed circuit". Pictures on driving licenses are stored by the DVLA which has no connection to the police, and the same is true for almost all other things that require a photo. The police may be able to get access to such photos, but only as part of an actual investigation not to simply trawl through as a matter of routine*.

We certaainly seem to be heading in that direction, but so far we don't have anything like a legal, official police database of faces that can be searched for matches on a routine basis. Citing a variety of disparate, unconnected worries about CCTV and driving licenses certainly doesn't support the existence of such a database. And of course, it's worth bearing in mind that the police and intelligence services have been quoted several times saying they don't actually want all these giant centralised databases - the people who actually do the work know that when you're looking for a needle in a haystack, collecting 100 times more hay really doesn't help matters. It's mostly just a few people at the top who are obsessed with bulk data regardless of what both those doing the surveillance and those being surveilled actually think.

*What intelligence services get up to is, of course, a rather different matter.

### IoT insecurity: US govt summons tech bosses, bashes heads together

#### the ability to upgrade and patch internet-connected devices

For some reason I can't help reading that as "the ability for random people to remotely access your devices and install whatever they like without you knowing about it".

### Kids today are so stupid they fall for security scams more often than greybeards

It's important to note that the figures given don't actually say anything about which age group is more likely to fall for scams. What it says is that of the people who fell for a scam 50% were 18-34, 34% were 36-54 and 17% were over 55. And yes, those are the age ranges given which probably says something about the quality of the study (for those not paying attention, people aged 35 or 55 are apparently excluded). That doesn't say that 18-34 year olds are more likely to fall for a scam; without knowing the size of each group no such conclusion is possible. If more young people are using computers, they could actually be less likely to fall for scams while still making up the largest proportion of those who do get scammed.

For example, take a group consisting of 98 young people and 2 old people. All are exposed to a scam, 10 young people fall for it and 1 old person falls for it. That would mean young people have a 10% chance of falling for a scam while old people have a 50% chance of falling for it. But presenting it in the same way as this article would mean saying that young people make up 91% of people who fall for scams. That makes young people sound much worse, even though they were actually much less likely to fall for the scam.

So no, kids today are not so stupid they fall for scams more than greybeards. Kids today use computers much more than greybeards and so inevitably represent a larger proportion of those who fall for scams. Whether they are actually more likely to do so is simply not possible to tell from the research shown.

### Court finds GCHQ and MI5 engaged in illegal bulk data collection

#### Who oversees the overseers?

"The mysterious Investigatory Powers Tribunal, which oversees Blighty's snoops"

"the Tribunal ruled it was “not satisfied that ... there can be said to have been an adequate oversight"

So the oversight body has ruled that oversight has been inadequate for 18 years. Just imagine how bad things would be without the IPT; the IPT would never have been able to rule that the IPT wasn't doing its job.

### Samsung to fab 10nm FinFET SoCs for next year's exploding phones

"Agreed, that joke was stale the day after it was used especially since no one came out with actual percentages of faulty units. Was it 0.01% or 0.0001% or even less that were faulty?"

You seem to be confusing the percentage of devices that are, or could be, faulty with the percentage that have already failed catastrophically. The actual percentage of faulty units is unknown and probably unknowable, but could be anything up to 100%. More importantly, it's not just the failure rate that is important, the consequences are as well. The Xbox could get away with an insanely high failure rate because the worst that happened was it stopped working. Explosive failures that put people in hospital or potentially cause plane crashes tend to be taken a little more seriously, so even a failure rate as low as 0.1% can be a pretty big deal. In addition, the time frame is important. The Xbox failure rate is estimated to have been somewhere around 25% (some estimates go as high as 50% or more), but that's for failure within the guarantee period of a year or two. Samsung had enough reports to know that there was a serious problem only 12 days after the product was released. Sure, only 0.1% might have exploded so far, but that's for a device that didn't even manage to last 2 months on the market. How many might have exploded given another couple of years? Impossible to say, but it would certainly have been more than have so far.

### Netflix reminds password re-users to run a reset

"Certainly if sites could settle on a universal set of rules for passwords that would be very nice."

It doesn't even need to be a very long set of rules. Here's my idea for such a ruleset:

1) Do whatever the fuck you want.

Seriously, that's all that's needed. If someone is capable of typing it in on a regular keyboard, there's no reason not to allow it as a password. You should always be parsing input properly so no-one can try the old Bobby Tables kind of trick, so there's no reason to exclude any standard characters, and there's never any reason to enforce a set number of various types of character or to have the ridiculously small maximum limits. The only restriction that has any reason to exist is a sensible maximum length.

Any more rules than that are just doomed attempts at trying to save people from themselves. Sites are constantly trying to force minimum lengths, mixes of character types, and so on, but everyone still manages to use "password1" or some variant with minor substitutions. You just can't force people to use a good password if they don't want to, so don't bother trying. Allow those who do understand security to use strong passwords instead of hobbling them with pointless restrictions, and allow everyone else to use password1 if that's what they're desperate to use.

Alternatively, there is one way to force people to use better passwords - when they enter a new password you try to break it and reject any that are broken inside a given time. You don't want to spend too much time and resources on it, so obviously you're not going to be able to enforce passwords that will definitely stand up to a dedicated hacking effort, but at the very least you can get rid of all the password1s and 12345s. Any set of rules for passwords is an attempt to only allow passwords that are difficult to break, and they're generally not very good at managing that. The best way to actually get passwords that are difficult to break is to try to break them and only allow the ones that are difficult.