* Posts by Adam 1

1314 posts • joined 7 May 2012

Page:

Revive revived: Oculus DRM push shattered as DIY devs strike back

Adam 1
Silver badge

Given half those quotes come from a month old reddit thread, I suspect that you're right.

12
0

Dr Craig Wright lodges 51 blockchain patents with Blighty IP office

Adam 1
Silver badge

Re: Unmask?

But it is him. He just can't bring himself to prove it.

2
0
Adam 1
Silver badge

Re: I laugh yellowly!

Since when does prior art stop anyone getting a patent approved?

/Mutters to himself as he walks towards his shed, sliding the bolt to unlock the door.

6
0

Pressure mounts against Rule 41 – the FBI's power to hack Tor, VPN users on sight

Adam 1
Silver badge

Netflix picks fight with internet exchange industry

Adam 1
Silver badge

You are confusing VPN with region shifting. Netflix know who I am. They require me to authenticate. They have my credit card number and would be able to determine its country of issue. They have my mobile phone number and could validate with 2FA. I am not asking them to let me watch the US library.

1
0
Adam 1
Silver badge

So do you think that Temkin is being altruistic here? Or is he complaining about how some not for profit is costing him another 5c per subscriber that he would prefer on his bottom line...

Can these organisations be more efficiently run? Probably, I'm yet to see any organisation without some form of waste, but your wallet doesn't care whether the money in it came from an extra sale or a reduced overhead. Their VPN block is both an overhead to maintain and a real customer pain point as paying customers hey caught up in the collateral. If you want a bigger bottom line, stop making your customers choose between privacy and your product.

1
0
Adam 1
Silver badge

Pot meet kettle

How much are Netflix wasting in VPN blocking? I'm not even referring to region shifting here. They can at least blame rights holders on that one. Why can't I, an Aussie, with a service paid for on an Australian credit card stream the Australian Netflix library whilst connected to an Australian VPN gateway.

I get the choice of my browsing being slurped by every man and his local library debt recovery department secured by a bunch of muppets who couldn't organise a pissup in a brewery, or watching Netflix, or saying stuff this, it is to hard to buy content safely and otherwise acquire it.

3
5

How's your driving, Elon? Musk tweets that Tesla Model S 'floats'

Adam 1
Silver badge

agreed, Musk definitely one of the Bond

... villains.

2
0

Tor torpedoed! Tesco Bank app won't run with privacy tool installed

Adam 1
Silver badge

Re: Missing the point...?

> aimed at trying to stop criminals from anonymously accessing their services

If that is the yardstick that we should measure this by then it is a terrible idea on 2 accounts.

1. It is ineffective. It doesn't stop access from desktop environments, and let's be honest, cyber crooks are hardly going to bother fiddling around on phone swipes unless it makes their job easier. It also cannot detect whether the traffic has been transparently routed through tor between the phone and the net, so fails it's goal even if that was a good approach in the first place. Even VPNs would easily defeat the ability to track the true location of the client.

2. There does exist a simple to implement and much more effective approach in the server detecting and refusing to deal with communications arriving from tor exit nodes. This could then display a simple message in the app to say. Sorry, you can't use this service via tor. Please disable it and try again. Oh, and that works on desktops and transparent tor routing too. It also works with public VPNs (hey, we are concerned with being able to identify the actual client ip right?)

1
0

London Mayor election day bug forced staff to query vote DB by hand

Adam 1
Silver badge

Just tried kmacs suggestion but got

Winner

------

False

True

Screw this. Going to stackoverflow to get a proper answer.

0
0
Adam 1
Silver badge

That query isn't very helpful

Winner

------

False

False

False

True

False

False

False

False

0
0

Lester Haines: RIP

Adam 1
Silver badge

Re: Shame, he was still young

Or automatically applied to any post with exactly 55 votes.

5
0

Buggy vote-counting software borks Australian election

Adam 1
Silver badge
Pint

Re: WTF?

@John Savard,

The algorithm you describe is for the house of representatives vote, but the Senate works differently because there are multiple "winners".

The way it works is that a quota is established by determining the number of voters divided by the number of positions+1. In say NSW, there are just shy of 5 million voters and there are 12 senators in this election. Therefore the quota in NSW is going to be (5M/13) + 1 ~384616

In the first pass, everyone's first preference is counted.

For those people/parties that exceed that magic number, they get a seat (or 2 or 3 or whatever until the remaining are below that magic number). Say a party got 500,000 votes. They would pick up a seat, and 115,384 votes would be transferred at a weighting of 115,384/500000 = ~23% to the second pick of all of those 500,000 people.

That action itself may even allow another person/party to reach quota and give them a seat. Once all the "transfers" are done, the candidate with the lowest count is eliminated ("excluded"), and their votes are transferred to the next preference of the voter.

If this causes someone else to reach quota, the transfer happens again (recursively if that causes another to reach quota too).

If no-one else can reach quota, the next lowest is eliminated and their votes head down to the next preference.

And round the circle we go again.

At the end of this process, all positions will be filled.

The process is complicated, but does hopefully provide a representative result. The big complaint (apart from a sore head trying to take all that in) is that those preference flows for the majority of people who vote "above the line" are opaque as a result of the horse trading that goes on between the parties.

The basic reason for this process though is that similar leaning parties would otherwise end up splitting the vote.

6
0
Adam 1
Silver badge

open source now

There's is no excuse for proprietary closed source vote counting systems.

In 2013, about 1000 votes in Western Australia were lost. Due to the preference flows, it got a choke point about a zillion candidates down where a handful of preferences of voters of certain micro parties multiplied out to a radically different results. After computer modeling of likely patterns, they determined that those lost votes really could have changed the senate make up. So millions were wasted again asking that state to vote again.

The AEC really needs to step in here and support efforts to build a citizen reviewable, auditible, block chained vote counting system. Transparency is the key to free and fair elections.

Oh, and Antony Green is a bloody genius.

6
0

Liberal MPs paid AU$2,500 a YEAR to donor for electoral software licences

Adam 1
Silver badge

Re: Who's behind it?

Reported elsewhere and a bit of googling later, ALP use this mob Seems to be some union involvement but at least on the surface seems like it's arms length.

In terms of parakeelia though

"Its directors include federal Liberal director Tony Nutt and the party's federal president, Richard Alston."

and

"Last financial year, Parakeelia transferred $500,000 to the federal Liberal division, making it the party's second-biggest single source of funds"

So it's quacking and walking like a duck, but by all means draw your own conclusions.

5
0

Microsoft's paid $60 per LinkedIn user – and it's a bargain, because we're mugs

Adam 1
Silver badge

Re: Just sit still, this won't hurt a bit.

Ah. I see. Visiting LinkedIn is the new way that you can opt in* to GWX. Got it.

* Come on, it's no worse than their current definition of opting in.

3
0

RIP ROP: Intel's cunning plot to kill stack-hopping exploits at CPU level

Adam 1
Silver badge

Re: Silver Bullet

My password used to be password, but I changed it to dadada.

5
0

Bill Gates cooks up poultry recipe for Africans' paltry existence

Adam 1
Silver badge

Re: Automatic Updates.

Wait shouldn't there be a duck between the turkey and the chicken?

3
0

Microsoft has created its own FreeBSD image. Repeat. Microsoft has created its own FreeBSD image

Adam 1
Silver badge

Re: Hmm...

Oh don't mind that. It's just a temp folder for gwx

8
0

Fiber optic cables prove eyes of glass squids are like invisibility cloaks

Adam 1
Silver badge

if they really want fibre to become invisible...

Perhaps they could have a quick chat to the good folk at nbn. They seem to have found a way to make lots of promised fibre disappear.

3
0

'MongoDB ate my containers!'

Adam 1
Silver badge

For those who missed the joke

https://youtu.be/b2F-DItXtZs

(Language warning)

1
0
Adam 1
Silver badge

mongo didn't eat anything

Now I'm not a fan of the NoSQL fad, but Mongo worked exactly how all NoSQL databases work by design. They trade off transaction isolation for performance. Or put another way, why do you think that these things can be faster than a traditional rdbms? It's defined by the very overheads it can disregard. It is a terrific compromise for certain types of problem but people really need to stop using it for problems requiring ACID.

As for "write your software with the above race condition in mind", that's kind of backwards advice. If you write your own locking or serialisation, I will promise you here and now that it won't be as efficient as the rdbms that you are trying to avoid in the first place.

22
0

Behold the zettabyte internet

Adam 1
Silver badge

> Total traffic on the internet this year is going to surpass the one zettabyte mark

And that's just GWX doing its thing on all those folk who thought that they had hidden the update.

1
0

Why does an Android keyboard need to see your camera and log files – and why does it phone home to China?

Adam 1
Silver badge

Re: Almost every app I consider for installation

Android 6 permissions model works differently. You don't grant any permissions* until the app tries to use that feature (basically the same as iOS). You can also retrospectively revoke permissions even on legacy apps (which may cause them to crash, but my personal experience is that most of my apps survived the denial of things that are not functionally related to the app's purpose)

* admittedly that's Google's version of any, meaning it can still do network etc.

7
0

Mark Zuckerberg's Twitter and Pinterest password was 'dadada'

Adam 1
Silver badge

Re: Re-Secured?

> Bet you a pint they just added another da?

Nope, changed all the a's to @.

0
0
Adam 1
Silver badge

Re: Making a hash of things

> If anyone manages to break into or steal the database, all they have is hashes, from which it will be very hard to reverse engineer the password itself.

Before throwing stones here, a consumer grade GPU can compute 18 billion (yes with a B) sha1 hashes per second. Most English dictionaries have between 80 and 500 thousand words for some perspective. Or the hash of every possible 5 character password within a second. Very hard should always be understood in context of available number crunching capabilities.

But yes, there is a good chance that the passwords were not hashed enough times with sufficient salt.

It is also a really dumb password and was reused at multiple sites.

0
0

Computerised stock management? Nah, let’s use walkie-talkies

Adam 1
Silver badge

Re: Do you have any tea?

> Just because all beer is made from hops, water, yeast and barley does not mean all beers are the same!!!

Certain American versions seem to contain exceptional quantities of the second. Other Aussie brands mix them so terribly that they have to export them cause they're is no way WE'D actually drink that crap.

1
0
Adam 1
Silver badge

Re: 9 1/2 shoes

> I guess centimetres and the like vary from country to country??

Would that be African or European centimetres?

2
0

Why Oracle will win its Java copyright case – and why you'll be glad when it does

Adam 1
Silver badge

Re: Oracle asking for "non proportionate share of revenue"

The fact that it "used something that is basically Java" needs to be broken down a bit because that indeed contributed to the success. The important part of the "basically Java" from a skill transfer perspective is that the API is the same. For example, if you are looking at the String class, a newcomer won't care whether the substring method is the same or different internally, just that the method name, overloads, parameter names and types are the same. It's this API that would have fair use defence, so by that argument, the popularity is based on something that'd qualify for fair use.

Google play is a red herring. You don't have to pay Google anything to sell an android app unless you want them to host it in play. You can alternatively side load it or push it via other android stores by the likes of Amazon, Samsung. It is a hosting, supposed vetting, indexing and processing fee, not a licence fee.

0
0
Adam 1
Silver badge

I see this as a bit of a pox on both their houses. Oracle has every right to assert ownership of the *implementation* of the methods that they write and choose to licence it however they wish. I agree with the author on that point; that it equally protects copyleft code. But they cannot copyright the API itself, that is, Google can use the interfaces, structures, data classes, method signatures necessary to deliver the functionality specified by the API but must write their own implementation of those or licence it appropriately.

Oracle are being a bit tricky by omission. If they were being honest about it they would asset Google's right to the interface "code" and reiterate that their complaint is about the implementation code only. But I suspect that would drop the lines of code violation quite handsomely if they don't count those. If I was in oracle's line of business with some other global 3 letter megacorp that could claim ownership on a rather significant API and would therefore be making that distinction at every opportunity.

Google are being tricky here by pretending that some of the items weren't copied. Notwithstanding that for trivial methods, the same code can quite easily be independently written and that with the advent of refactoring tools that just renaming variables to make it look different might only take a few seconds, it certainly looks suspicious to me.

Oracle are also asking for what seems to me to be a non proportionate share of revenue here. I work with two pieces of business software weighing in at give or take 3 million+ and 500 thousand+ LOC, and that is nowhere near the complexity of a modern operating system. It's got me thinking about the status of snippets provided on stack overflow too. I can well imagine a number of methods that are heavily inspired by answers in similar forums. 11 thousand, whilst significant, is likely to include many fair use elements and even o methods that Oracle may find that someone else invented.

3
1

Oz PM's department red-faced after database leaks in the cc: field

Adam 1
Silver badge

Certainly not the quantity of emails that could be called a database. Do their systems not have safeguards to bounce if too many addresses are in the To or Cc fields?

0
0

8K video gives virtual reality the full picture for mainstream use

Adam 1
Silver badge

questions before I buy one

For how long will Samsung provide security patches for it?

How long will Samsung guarantee to keep any services alive that are required for it to function?

7
0

'Windows 10 nagware: You can't click X. Make a date OR ELSE'

Adam 1
Silver badge

The next version of gwx will be renamed to taskkill.exe. It will have some optional switches though, like /F(orce) and /IM(mediately).

7
0

Samsung: Don't install Windows 10. REALLY

Adam 1
Silver badge

Re: @Michael Habel - What an absolute

> Except maybe systemd

I see your systemd and raise you a svchost!

4
0

Bitcoin to be hammered – in an auction, that is

Adam 1
Silver badge

Re: What's the point?

> At a discount I would have thought

Good idea. It might be hard to work out just how big a discount is needed though. Too little and they won't sell. Too much and they won't make as much as they could have. I have an idea. Perhaps they could just offer to sell it to whomever offers the highest amount?

2
0

Victims stranded as ID thieves raid Aussie driver licences

Adam 1
Silver badge

Yes. By all means require/hold that number. Just stop tricking yourself into believing that knowledge of it somehow authenticates the holder of that information.

It's kind of like your date of birth. It's a data point about someone but it is unchangeable and hardly secret.

Additionally, licence numbers are almost certainly vulnerable to enumeration attacks. Something amiss with a licence number should be a red flag to investigate a bit deeper. No more. No less.

3
0
Adam 1
Silver badge

It feels really weird to be standing up for the RTA or whatever they call themselves these days, but it seems to me that fingers are pointed towards the wrong people.

There are two numbers, a licence number and a card number. The card number changes each time that a new card is issued, so can be in effect "cancelled". Why are credit agencies etc using the licence number if they are a target for identity thrives? There are many reasons why someone needs to share that ID. Just try signing up for any service, setting up any account, superannuation fund, insurance, loan, school enrolment for your kids or whatever without having to provide it to be photocopied.

6
0

UK eyes frikkin' Laser Directed Energy Weapon

Adam 1
Silver badge

Poncey McPonceFace*

* Yes I'm aware how Ponce is pronounced

1
1

Microsoft won't back down from Windows 10 nagware 'trick'

Adam 1
Silver badge

the craziest thing about it is

If not for the rampant, er telemetry, and gwx, it's actually quite nice. I would even be recommending it save for the frankly frightening way they are behaving here.

It reminds me of a dog chasing a car. What does it actually think it will achieve by upgrading my media centre PC to a version that doesn't support media centre?

If the upgrade had three buttons

Yes, upgrade

Not sure, ask me later; and

No, don't ask again

We would be praising them.

10
3

Judge torpedoes 'Tor pedo' torpedo evidence

Adam 1
Silver badge

> Unknown to Michaud, at the time he's accused of viewing the material, the server was already under the control of the Feds.

Shirley that sentence is getting pretty close to libel. I'm making no assumptions about whether he is guilty or innocent here, but one would expect the whole point of the defence argument was that he never accessed that site. If that is true (presumption of innocence and all that) then it would make no more sense than pointing out that Chirgwin did not know at the time that Michaud is accused of viewing...

The point here is that "we have secret evidence that proves his guilt, trust us" doesn't cut it. Perhaps with the opportunity to review and contest the evidence, an innocent man could be spared from unjust punishment, or perhaps it proves guilt beyond reasonable doubt.

7
4

Goats boost solar power

Adam 1
Silver badge

Re: GPS

Actually, I think they are using Grass, Leaves, Or Nutrition for Donkeys; or GLONASS for short.

1
0
Adam 1
Silver badge

Re: The trouble with goats....

There you go folks. Straight from the horse's donkey's mouth

2
0

Google-backed solar electricity facility sets itself on fire

Adam 1
Silver badge

Re: Predicting Problems

> If it needs to work in case of power loss it should be driven by a bunch of cylinders with compressed air

Yeah, it's not a PV array. The tower already contains thousands of L of superheated stream because, you know, it's kinda how the whole contraption actually works. Pretty sure they can figure out a way of converting some of that energy.

A spring loaded (or even gravity dropped) shutter could cut the power entirely within seconds for relatively little cost. Both could be passively activated.

0
0
Adam 1
Silver badge

Re: Predicting Problems

Surely a far simpler solution would be to lower the shutters over the mirrors. I should patent the idea. Except it is probably what they actually did. I know, on a mobile device ....

1
0

Hypersonic flight test hits Mach 7.5

Adam 1
Silver badge

Re: Wow!

> I'd almost forgotten just how amazingly fast a rocket can actually go

Particularly those that have just seen an Australian spider.

7
0

Bold stance: Microsoft says terrorism is bad

Adam 1
Silver badge

Hang on

If they can already figure out the part of the problem that I thought was intractable (freedom fighter or terrorist), surely they can do better than to just shut down access? Why not just replace all the download links with GWX.exe? That'll stop people searching for it.

0
0

Hacked in a public space? Thanks, HTTPS

Adam 1
Silver badge

a couple of misleading statements in the article

Firstly, a MitM scenario is what we call "the norm". It is highly unlikely that you have a direct connection from your computer to the server. There are most likely a dozen networks that get traversed. It is not some afterthought that the guys behind HTTPS didn't consider

Being a MitM allows you to 1. Observe and 2. Manipulate any bytes traversing that link. For HTTP, that means that pages can be manipulated and any credentials can be easily obtained. Some popular IT news websites even fail to use HTTPS in their comments if you can imagine that. Equally, mixed HTTPS via a HTTP page is not safe.(eg).

But HTTPS is different. The design of HTTPS is that your browser demands the site prove that it owns a certificate by signing a random challenge issued by the client. The server gives it's public key which can be used to decrypt the response and reveal the original challenge, the certificate is signed by a trusted authority, which hopefully means some diligence was done that the issuer. Without getting a hold of the private key of a CA, or otherwise convincing them that your certificate should be signed, you will either have an invalid signature or a CA that your browser has never heard of. In both cases, your browser will make it known to you that it isn't satisfied.

The theory works, setting aside whether the CAs are trustworthy. The problems are in the implementations. The Apple GOTO fail bug was basically a failure to validate the signature on the certificate. POODLE works by interfering with the negotiations about what algorithms the client and server have in common, and basically tricking them into communicating using a very weak key. That is easily mitigated by either the client or server having a somewhat recent security patch applied.

Sslstrip works by tricking the client into using plain old HTTP while it works as a proxy, talking using HTTPS to the website (HTTPS validates the website identity, not the client identity, and you just gave your credentials to a proxy which is now emulating you.) It's not magical. It is also not going to get past hsts so I seriously doubt a modern browser is going to leak Gmail over HTTP.

4
0

Mads Torgersen and Dustin Campbell on the future of C#

Adam 1
Silver badge

Re: Functions returning multiple values.

It's not a mountain different to current techniques like int.TryParse() returning both the success and the value if it was successful or dictionary.TryGetValue returning both whether the object exists in the dictionary and the object itself when it does.

On more than one occasion I have created a class that inherits tuple and named item 1 and 2 via getter methods and named constructor parameters. It works nicely but can be very verbose.

0
0
Adam 1
Silver badge

Re: Programming Peter Principle

> Obviously, YMMV but LINQ, the TPL, async/await, yield return (etc.) all make the older alternatives look awkward.)

Perhaps, but it can also hide a bunch of inefficient loops (thinking linq).

I saw the following line a month back

Var myshashset = new hashset<int>();

// Put some numbers in it

if (myhashset.Any(a => a == 5))

DoSomething;

Put a million numbers into your hashset if you want to know why that is such a bad idea.

Another one I saw was two consecutive aggregate functions, which I had to point out to the author that they were iterating their whole dataset twice.

The others though are brilliant.

0
0

Reavers! Google patent would affix pedestrians to car hoods

Adam 1
Silver badge

choose your poison

Secondary impacts do cause a lot of injury but the rolling up and over motion also means that the pedestrian isn't absorbing as much of the momentum, lessening the injury. Affixing them will result in much more momentum.

5
0

Page:

Forums