* Posts by Adam 1

809 posts • joined 7 May 2012

Page:

Default admin password, weak Wi-Fi, open USB ports ... no wonder these electronic voting boxes are now BANNED

Adam 1
Silver badge

Re: That design is a travesty

Identification and voting should not go through the same system. Also, you ideally need to share between identification systems whether a given voter has already cast a vote to prevent someone voting multiple times.

Also, ss numbers alone are probably insufficient for authentication because they are guessable.

0
0

Want to go green like Apple, but don't have billions in the bank?

Adam 1
Silver badge

Re: Go one better

Some back of the envelope calculations...

148 x 100W fluorescent lights would draw 14800.

Switching to LED would realistically drop them to 85W but let's pretend that the laboratory achieved lumens per watt could get us to 70W.

This would save 4440W.

If we assume an average draw of 850W per server, that is about the same power reduction as switching off 5.5 servers. In the scheme of things, that won't be a measurable blip on the building power usage.

The only way I can see the savings becoming significant is that LEDs are dimmer friendly, so you could far more easily control the lighting to follow you as you walk around the building and be at very minimal levels elsewhere.

0
1

It's 2015 and a RICH TEXT FILE or a HTTP request can own your Windows machine

Adam 1
Silver badge

Re: Flash Player - or a Prayer?

Also, you may want to rethink your choice of PDF viewer now they bundle open candy malware.

2
0

Bloke hits armadillo AND mother-in-law with single 9mm round

Adam 1
Silver badge

This kids is why we need the interwebs. How else would I learn important tidbits like that?

9
0

Rand Paul puts Hillary Clinton's hard drive on sale

Adam 1
Silver badge

Re: Is this SATAire?

I'm afRAID that I just can't compete with those.

8
0

Google sticks anti-SQL injection vaccine into MySQL MariaDB fork

Adam 1
Silver badge
Adam 1
Silver badge

Doesn't set need to go before where?

0
0
Adam 1
Silver badge

So back to 80's coder's question. How have they mitigated SQL injection attacks? SQL injection works because the SQL language by nature interleaves instructions (select/delete/insert/where/etc) and data. Most DBMS have parameterized queries, where you specify the SQL query with placeholders and then pass the data as part of the parameter structure. The DBMS can then correctly escape strings that it is passed to avoid this problem (and reuse query plans which differ only by parameter value)

Without parameters, the developer has to remember to escape (and probably bound check) all the user enterable data before inclusion in the string. Humans forget things, or fail to understand that just because your JavaScript only accepts an integer, the data may be sent across a http post which a malicious user can easily modify.

So how have they stopped developer stupid?

1
0

Aluminum bendy battery is boffins' answer to EXPLODING Li-ion menace

Adam 1
Silver badge

Re: Bored of Battery "Breakthroughs"

No. Fusion is 10 years away.

6
0

Crack security team finishes TrueCrypt audit – and the results are in

Adam 1
Silver badge

uti nsa im cu si

0
1

Wind turbine blown away by control system vulnerability

Adam 1
Silver badge
Coat

This is what happens when you expose your wind turbines to the clouds.

18
0

Dear departed Internet Explorer, how I will miss you ... NOT

Adam 1
Silver badge

Re: Ahh CL

A (former) colleague was debugging some code and was caught out by a compiler bug which caused the debug symbols to not load unless you changed the source file. This meant that every time he tried to replicate the problem, the IDE would just jump straight through his breakpoint.

After much fist shaking, he figured out what was wrong and added a "suitably expressive pop-up window". The compiler then happily stopped on the breakpoint and the bug was quickly found and fixed. Just as quickly, the pop-up was forgotten and somehow was missed by testing. The MD found it with suitable displeasure announced to my then colleague.

2
0
Adam 1
Silver badge

>basing one of your strategic projects on open source code

I see. You mean something more like basing your own TCP IP stack on BSD.

0
0
Adam 1
Silver badge

Re: In a wonderful piece of irony...

Maybe this could be fixed with a site redesign?

:p

3
0
Adam 1
Silver badge

> I really doubt Microsoft would put their crown jewels in an open source project like that.

You're probably right. It's not like they've open sourced the .net runtime and hosted it in github.

1
0
Adam 1
Silver badge

Re: Bing thing?

127.0.0.1 bing.com

(Put it in your hosts)

6
0
Adam 1
Silver badge

Not quite my memory. Hard to believe but there was a time in the early days when ie was a more competent browser than Netscape. They then turned to dodgy tactics and then sat on their laurels until they were well and truly surpassed.

Tbh, I hope Spartan works out for them. I would rather we had another choice of browser out there rather than yet another rebadged WebKit.

14
0

Apple: Those security holes we fixed last week? You're going to need to repatch

Adam 1
Silver badge

Re: Damned if you do

I'd crack some joke about Apple taking some lessons from Microsoft updates of recent, but security is a hard problem. The defender needs to succeed in every occasion. The attacker needs only to succeed once.

12
1

Noobs can pwn world's most popular BIOSes in two minutes

Adam 1
Silver badge

Re: require only access to a PC

Let's play through that encrypted drive scenario and assume the server has no cold storage of the encryption key (a surprisingly hard problem). That means on boot that someone or something must provide the said key at startup, or the key must be derivable from data held locally. The problem with the latter is pretty self explanatory; if the server can calculate that, so can anyone with access to that data. If the former, and that server must request from another (presumably uncompromised) - did we just solve or move the problem? Next, the credentials for that other server must be available to the cold one. If on the other hand, someone has to physically type something at the console, then it is trivial to add a hardware key logger and capture it when it is typed.

There are things you can do to minimise risk, but armed guards at data centres are not just to prevent people flogging kit.

0
0

OpenSSL preps fix for mystery high severity hole

Adam 1
Silver badge

Re: The real question...

Waiting for the logo from the marketing team?

8
0

Boffins brew up FIRST CUPPA in SPAAACE using wireless energy (well, sort of)

Adam 1
Silver badge

Bah! Next you will be claiming that blue whales come in different sizes.

2
0
Adam 1
Silver badge

Re: What about misdirected microwave beams?

It's amazing how short our collective memory can be. I mean that documentary came out nearly 20 years ago.

1
0
Adam 1
Silver badge

The Olympic swimming pool IS a perfectly valid scientific unit of measure. Unfortunately for the author, it is a measure of volume or displacement, not distance. Come on el Reg. We expect a technology news site to understand the difference.

1
0

Musk: 'Tesla's electric Model S cars will be less crap soon. I PROMISE'

Adam 1
Silver badge

>Interestingly, electric cars become more efficient the slower you drive.

According to physics, that rather applies to anything moving through anything:

Fd=ρν^2ACd/2

The velocity above is squared, so you double your speed relative to the air, it quadruples the energy required to overcome air resistance.

Where your point makes (more) sense is that there is a minimum amount of fuel needed to keep the motor turning over at low speed or idle, and this fuel is not achieving useful distance as it would at cruising speed. Of course it requires you to ignore things like headlights, air conditioners, CD players, brake lights and all the other goodies whose fuel requirements are not necessarily a function of the speed you are travelling.

On the original point, a detour will require more energy than you planned. Range anxiety is not so much caused by the km per charge, but the time to recharge. If my petrol light comes on 50km from home, I will fill up even though I know I would probably make it. That is because we are talking about a 5 minute inconvenience. If it meant waiting another 30 minutes, I am far more likely to risk it.

3
0

Microsoft RE-BORKS Windows 7 patch after reboot loop horror

Adam 1
Silver badge

Re: Wailing and gnashing of some teeth

>It hasn't caused me any problem.

Oh thank God. El Reg had me worried sick.

5
0

Apple slips out security patches while world goes gaga over watches

Adam 1
Silver badge

Sadly even Google haven't patched chrome on lollipop (nexus 5) according to freakattack. At least you can run Firefox as a work around I suppose.

1
0

Filthy – but sadly frothy – five door fun: Ford Focus 1.5 Zetec

Adam 1
Silver badge

>"but it’s the kind of car you’d be perfectly happy with as a company car"

One of the best backhanded compliments that I have read in a while.

1
0

Complicit Kiwis sniffed Pacific comms says Snowden

Adam 1
Silver badge

Re: Are we surprised by this...

I, for one, an surprised by this. I mean why would they be worried about losing SIG INT when they plug the other end into Hawaii?

0
0

Australia threatens to pull buckets of astronomy funding

Adam 1
Silver badge

This is such a beat up. We know that Prime Minister Turnbull will sort this before June 30.

0
0
Adam 1
Silver badge

Re: Chris Pyne

To be fair, you friend was never a kid himself and so would never have personally benefited from it.

0
0

FREAK show: Apple and Android SSL WIDE OPEN to snoopers

Adam 1
Silver badge

Re: WTF?

I think the thing you miss is that for chrome and safari at least, they accept the fallback even if it wasn't initially offered. That is the client side issue.

1
1
Adam 1
Silver badge

Re: JUST FIX THE SERVERS!

Accept!

0
0
Adam 1
Silver badge

Re: Stuck on old Android

I'm completely sure Google will have patched this 90 days after it was reported.

9
2
Adam 1
Silver badge

>FREAK (Factoring RSA Export Keys)

I'm just glad that we have a proper acronym for this vulnerability.

12
0

£280k Kickstarter camera trigger campaign crashes and burns

Adam 1
Silver badge

Re: Risk?

I would have thought so. Unless there is some suggestion of misrepresentation of the state of affairs when funding was sought or the funding was used improperly, that's just a risk of business.

Perhaps the bit about going back to the drawing board was improper or perhaps this isn't the whole story.

All that said, the investors retain the right to be pissed about the situation.

5
0

Reckon YOU can write better headlines than us? Great – apply within

Adam 1
Silver badge

Re: Don't! Forget!

There's a few more you have to know.

Apple was contacted but had not responded at time of publication should be added as a boot note to all fruity news.

All references to Google need to be translated as the chocolate factory.

1
0

FORK ME! Uber hauls GitHub into court to find who hacked database of 50,000 drivers

Adam 1
Silver badge

Re: A step too far?

It's not uncommon for an employer to hold next of kin contact details.

2
2

Australia to get spooks charter at cost of at least AU$188m

Adam 1
Silver badge

Absolutely shocking legislation, with exclusions big enough to drive a bus through and absolutely laughable 'protections'.

The GDR would be proud.

2
0

SSL-busting adware: US cyber-plod open fire on Comodo's PrivDog

Adam 1
Silver badge

There are lots of banks. There are even more providers for whom you are arguing should be blacklisted.

So who maintains the list? That list will get big for an enterprise running in 50 countries.

Much easier to just tell people it is not permitted and may be monitored. If you know the risk and do it anyway, that is your fault.

0
0
Adam 1
Silver badge

Their tools their rules.

If I want to create my own fake root cert and install it on my own box and inform anyone who uses my box that i can record any traffic going to the web, that is my prerogative.

I don't see any difference between me doing it for personal reasons and a company doing it for security reasons.

If you want to use a personal service, use hardware you own, not mine.

0
0

Not even GCHQ and NSA can crack our SIM key database, claims Gemalto

Adam 1
Silver badge

Re: No air-gap?

Homework essay:

Discuss the success of air gap defences in mitigating attacks on the centrifuge facilities in Iran.

2
0

Why does the NSA's boss care so much about backdoors when he can just steal all our encryption keys?

Adam 1
Silver badge

Re: Why is this guy allowed into a cyberSECURITY conference at all??

Meh. It all tastes like chicken to me.

5
0

Google offers 'INFINITY MILLION DOLLARS' for bugs in Chrome

Adam 1
Silver badge

If you find one, and it's not fixed in 90 days, can you also sell it to someone else?

8
0

Samb-AAAHH! Scary remote execution vuln spotted in Windows-Linux interop code

Adam 1
Silver badge

Why does samba need root?

1
4

Norton Internet Security antivirus update 'borked Internet Explorer'

Adam 1
Silver badge

Re: I don't understand

It failed to check that an alternate browser was available.

4
0
Adam 1
Silver badge

Re: "...then reinstalled NIS..."

Don't be so harsh. People reset their computers back to factory image* from time to time.

* that is the only way these things get installed right @

1
0

Evil CSS injection bug warning: Don't let hackers cross paths with your website

Adam 1
Silver badge

Re: Going to ignore this until it has a catchy name.

Something like DEATHNEEDLE and I would be all on it. PRSSI just sounds like one of the cards on your motherboard.

0
0

Euro broadcast industry still in a fug over that 4K-ing UHD telly

Adam 1
Silver badge

Re: “the most significant advance since colour”

Also, it is just a stupid statement full stop. As we become capable of squeezing more pixels into an LED display, matching those additional pixels with more from the source rather than an upscale is at best an evolution rather than a revolution.

I mean if you want tangible improvements, look at increasing the effective frame rates of the broadcast.

2
0

TrueCrypt + Norton AV = BSOD, wail disgruntled users

Adam 1
Silver badge

Re: OEM encryption

My customers trust me with their data. In turn I do my bit to keep their data private in the event of a theft.

The data itself is worth orders of magnitude more than the hardware it sits upon BTW.

1
0

This one weird script continually crashes Android email

Adam 1
Silver badge

I hope he gave them 90 days....

7
0

Page:

Forums