* Posts by Adam 1

1314 posts • joined 7 May 2012

Australian Federal Police say government ignorant of NBN raids

Adam 1
Silver badge

Re: Raises more questions

Let's just hope that senator ICanMakeYouWearRedUnderpantsOnYourHead starts getting a hint about the potential mission creep behind metadata retention laws he previously supported.

2
0

Boffins achieve 'breakthrough' in random number generation

Adam 1
Silver badge

It works in a computer game dice roll scenario but not a security scenario. Your possible seed values is minutely small because I have a high probability of guessing your clock time to "within seconds". The default system timer on windows has a resolution approximating 10ms (actually closer to 16ms but 10 makes my math easier). That leaves only 100 possible seed values per second. That is easily brute forced.

2
0
Adam 1
Silver badge

Re: I'm no Mathemagician...

So Jeffy,

Explain how one decides the random order of those bits?

4
0
Adam 1
Silver badge

Re: Next big question

3. Just return 4

8
0

New solar cell breaks efficiency records, turns 34% of light into 'leccy

Adam 1
Silver badge

Re: In terms of watts per dollar...

> A new solar water heating installation costs about £3,000 to £5,000.

That number is either way out of date or exaggerated due to your local geographical, regulatory and supply considerations. Here in Australia you can get 300L systems from AU$3500 installed before rebates, so that drops to around 2.5K retail. Payback vs 27c/kWh is much quicker than in your scenario.

0
0

Destroying ransomware business models is not your job, so just pay up

Adam 1
Silver badge

Re: in a way, but

Your process is admirable, but not in the realm of technical capability of Aunt Kath. Remember the comment thread you are replying to basically says that about 3% of disks will fail without any malicious ransomware, so it is hard to have sympathy for those without backups. That's why I think of who the victims are. The average El Reg commentard is too super DevOps skilled to fall for the phishing schemes that deploy this ransomware. But our Aunt Kath will go right ahead. So the people most at risk of infection would have no clue what rsync or hard links mean and the concept of incremental backups isn't even on their radar.

1
0
Adam 1
Silver badge

in a way, but

... Ransomware can also permeate into backup media. Some of these things sit there for weeks or months silently encrypting and decrypting on the fly. This may be enough on some cases for all backups to be equally rooted.

9
0

Inside Electric Mountain: Britain's biggest rechargeable battery

Adam 1
Silver badge

Re: Now build a few dozen more...

> Renewable energy is pretty much dead in the water as any competent electrical engineer can calculate for you. It doesn't work now and it never will

A brave prediction sir.

Hydro has been with us for a long time. You can make many complaints about its environmental impact and the good sites are already taken, but there is no escaping that it works. It is usually a lot cheaper than coal or nuclear and can be classified as baseload. Also as mentioned in the article, it has by orders of magnitude the fastest cold boot times of any current baseload.

I can completely understand that solar has a somewhat limited benefit in the UK but in other parts of the world we even get sun from time to time.

The price of solar has dropped by orders of magnitude over the past decade. That trend is only going one way. The question longer term isn't whether some baseline can be replaced but rather how much is needed to maintain reliability. With pumped storage as illustrated here, that number can go much further north. Remember that solar doesn't require ongoing fuel costs so there will be a running cost advantage. Once those graphs cross over, it will be nigh impossible to get funding for new projects.

Another important point is that not all demand is inelastic. We just haven't had the levers to discourage behaviour in real time until recently. Whilst lighting, cooking, air con or heating and of course warm beverages are a given, much industrial uses like smelters can be paid to partially shutdown for peak periods.

Time of use "smart meters" are a longer term demand management opportunity. Each EV has a battery pack between about 10 and 60 kWh which again in a longer term can handle fluctuations.

Whilst it isn't all going to change tomorrow, the writing is on the wall.

4
0
Adam 1
Silver badge

Re: Great article

> I notice that the article doesn't say how long it can maintain that sort of output

Being in Wales, I suspect that there is a not insubstantial free top up of the top reservoir every other day.

3
0

A cracked window on the International Space Station? That's not good

Adam 1
Silver badge

Re: Surely...

But his solution would just suck.

- ah yes, that's where I left my coat.

1
0

FBI director claims that videoing police is causing crime uptick

Adam 1
Silver badge

unanswerable question

Did the crime rate increase or did the reported crime rate increase.

Because I am quite confident that knowing the whole thing is on camera, when an overreach inevitably occurs, the appropriate investigation occurs*. I wonder out loud whether in the old days the junior gets taken aside for a quiet word about not being allowed to tase someone just cause they made some snide comment under their breath now gets officially recognised as a crime.

*not counting the well publicised exceptions that led to various riots.

7
0

Android's security patch quagmire probed by US watchdogs

Adam 1
Silver badge

Re: Samsung is the worst of the big manus

It depends on the manufacturer and network. My Nexus 5 (2014) running 6.01 got its May security patches this morning. Buying a device with vanilla android was my priority.

0
0

Microsoft half-bricks Asus Windows 7 PCs with UEFI boot glitch

Adam 1
Silver badge

Re: Seem to be missing some critical information

If your hypothesis is right* then someone at a vulture desk will owe MS an apology for the title of this article. It would in that case be Asus causes some of its motherboards to crash** after faulty UEFI implementation.

* I have nothing to add on that point.

** Brick is the wrong verb here.

6
0

ALP promises 'fibre' NBN as 'NBN defenders' return with new petition

Adam 1
Silver badge

Re: Survey?

I too, would send one of Winkypop's kidneys for fttp.

0
0

Yay! It's International Patch Your Scary OpenSSL Bugs Day!

Adam 1
Silver badge

Re: Kill it with fire!!!

> What needs to happen is browsers need to start a connection to a server with only TLS 1.5 (assume a time traveler with from 2020), then when that fails, drop back to 1.4 and so on until it can talk

Sorry Tim. That can't work. Or more specifically, it can't prevent a downgrade attack.

Alice sends Bob a TLS 1.5 handshake.

Trudy intercepts that handshake and responds to Alice with a wtf response. Alice can't yet verify that this isn't actually from Bob.

Alice then tries with 1.4. Trudy responds the same way.

And so on....

Eventually Alice tries the only-just-better-than-ROT13 version thinking Bob can't do anything better. Trudy lets it through and can then observe or fiddle with the stream.

5
0

Perth SmartRider public transport cards popped by student researchers

Adam 1
Silver badge

breathtaking shortsightedness

So independent researchers discover and report to the government a vulnerability allowing it to be patched rather than exploited. Instead of a thank you, they get the book thrown at them.

Do pray tell, what exactly do you think that the next researcher will do if they discover a vulnerability? Certainly they wouldn't setup some hidden tor service where for some infinitesimal small portion of bitcoin you can load credit on the card, making a wad of cash whilst the authorities pay big bucks to try to reverse engineer the hack.

Security research can be a murky area. By not selling their exploits on the underground marketplaces, they are already giving up a lot of money. Sometimes they will overstep the mark even if their intentions are good. I make no judgement about whether they overstepped here, but the government needs to catch half a clue here, figure out what they are trying to achieve and determine whether their decision to prosecute advances that goal.

Upon sober reflection, they should realise they have scored a spectacular goal, just for the wrong team

3
0

Hold on a sec. When did HDDs get SSD-style workload rate limits?

Adam 1
Silver badge

> However, there’s no direct information in the spec sheets to say drives are warrantied for data written. In fact, terms such as “designed for” are used more often, so where do we stand with the warranty?

In Australia, it's actually pretty simple.

https://www.accc.gov.au/consumers/consumer-rights-guarantees/consumer-guarantees

Companies can include or exclude whatever they want; it doesn't reduce makes no your rights under consumer law. Unless that writes/year is clearly stipulated in the box, visible before you make the purchase, they can't enforce it (won't stop them trying of course). They don't even provide an easy way to measure how much has been written, so it would be difficult to say the least for them to enforce even if they suspected you were "naughty".

7
0

AWS outgrows its own resource numbering scheme

Adam 1
Silver badge

Re: Mathematics

It's doubling of powers though. Just going from 8 to 9 would increase it by 36 fold. Not sure what I'm missing here but there should be about 2.8 trillion combinations of 8 character lower alpha + digit

= (26 + 10) ^ 8

Just going to 9 characters gives you 101 quadrillion possibilities, which grabbing my not really Bill Gates hat ought to be enough for anyone.

I don't follow what they are running out of because these are already big numbers. [citation needed]. My suspicion is that they are concatenating more info into those identifiers (first x characters means y, etc) but that's just a guess.

1
0

Switch survives three hours of beer spray, fails after twelve

Adam 1
Silver badge

Re: Sadly not beer

When you have kids, you learn to stop asking how object 1 with no worldly reason to be anywhere near object 2 finds itself inside the said object 2.

The instances of said interactions between unrelated entities tend to happen during the times when the said kids are being "a bit too quiet".

0
0

What do you call an old, unpatched and easily hacked PC? An ATM

Adam 1
Silver badge

Re: Banks? Security?

You can install fiddler on your PC then proxy your phone via that PC and fiddler will intercept the traffic for you.

Then you can see if they are encrypting the traffic itself. It is quite an eye opening* thing to observe and works for all apps. You can even mitm** yourself if they aren't pinning the certificates and inspect what they are encrypting. That can also reveal privacy breaches.

* not in a good way

** android will warn you that others can observe if you install the fake root certificate to permit this.

2
0
Adam 1
Silver badge

Re: They will replace the old insecure ATMs

Correct, but this article doesn't even follow the threat model like a bank does.

1. The ATM and cash is insured, so any loss is not paid directly by the bank.

2. Insurance is a cost of business that is passed onto their customers as part of the fees.

3. Unless specific banks are more vulnerable than others, the insurance premiums will rise uniformly across all banks to cover it, that number gets crunched through Excel (or worse) and everyone's account fees or ATM fees or whatever raise by a few dollars over the year.

5
0

Ad-blocker blocking websites face legal peril at hands of privacy bods

Adam 1
Silver badge

Sure. It was self evidently a bit too subtle a joke for a few folk here who probably thought that I was advocating against ad blockers.

The point was that they could make the process of presenting the question to probe (all that they are required to do) just as annoying as the ads themselves. Point 2 was that such an experience wouldn't be noticeably worse than what one is subjected to without an ad block installed. Ergo, the only folk who would actually suffer would be those used to an ad free experience.

14
0
Adam 1
Silver badge

Maybe they can ask the user's permission on a panel that obscures the contents. It could ask as an automatically playing video that can't be skipped, tripling the page load time. This has two advantages.

1. It would suitably annoy those running ad blockers whilst complying with the law.

2. Those not running ad blockers would be able to tell the difference from their usual experience of websites.

7
47

What the world needs now is... not disk drives

Adam 1
Silver badge

At least HDD usually get the click of death a few days before they totally go. SSDs just throw you a surprise party when they feel their duty cycle is up.

2
1

Guess what's 'easily hacked'? Yes, that's right: Smart city transport infrastructure

Adam 1
Silver badge

Re: Now all we need is a safe full of gold!!

> Mini Coopers are a mite small

But the new ones are bigger than a some of the 1980s Corolla models. Sad when you think about it.

1
0

The web is DOOM'd: Average page now as big as id's DOS classic

Adam 1
Silver badge

Re: from three 'double u's to one single 'm'

Because Dublin is a city.

/I'll grab my coat.

32
0
Adam 1
Silver badge

Re: Vulture weight

Just imagine though how much DevOps you're missing though.

25
0

Edward Snowden sues Norway to prevent extradition

Adam 1
Silver badge

> If Russia ever normalises its position in the world

I agree with the gist of your post, but the US and "The West" are not one and the same. Also, normalise? With Trump? I can't help thinking about pots and kettles..

9
1

Embattled 123-reg flings six months' free hosting at angry customers

Adam 1
Silver badge

You could nearly mount that argument if the failure was caused by a tsunami hitting their data centre. The script was run by them for them with no customer benefit. They did it in a prod environment without any fallback plan and without giving notice to their customers. Inadequate precautions were taken. Blame is the right response here.

1
0

Dutch PGP-encrypted comms network ‘abused by crooks’ is busted

Adam 1
Silver badge

Re: Goodbye Democracy

It was nicethe worst form of government, except for all the others while it lasted.

TFTFY

4
0

Mitsubishi 'fesses up: We lied in fuel tests to make our cars look great

Adam 1
Silver badge

Re: Energy in = energy out

> You convert this to heat, and transfer it to motion

All of the useful work performed by an ICE occurs because of the expansion of the exhaust gases after combustion.

The fact that an engine feels hot while running [citation needed] proves that the energy in the fuel is being converted into heat. If all the energy was converted into motion, it would feel no warmer than a metal street lamp post. Furthermore, it would be silent because the sound waves from the combustion is wasted energy.

But the vast majority of the energy in your fuel tank leaves out the exhaust pipe at a few hundred degrees. If you want efficiency, it's going to have an electric motor, not an ICE.

2
0
Adam 1
Silver badge

punitive response from regulators

A bowed head isn't going to fix it. A fine isn't going to fix it either as fines are just considered a cost of business and will be passed onto consumers in one way or another. But what will change behaviour is penalising their future scores. Cheat by 10% and be penalised by 20%. Cheat with a million cars, have the 20% penalty against 2 million. 4 models caught, penalise 8. Done it for 2 years, penalise for 4.

At the end of the day, they are stealing customers off their competition, so this approach would give that competition a leg up and create a strong disincentive to cheat.

0
0

FBI's Tor pedo torpedoes torpedoed by United States judge

Adam 1
Silver badge

Re: Stable Doors

There are some very clear principles at play here; some reading

https://en.m.wikipedia.org/wiki/Fruit_of_the_poisonous_tree

5
0

HTC 10: Is this the Droid you're looking for?

Adam 1
Silver badge

Re: Meh

> This is just one review, and not a very good one I might add.

Rubbish. Unlike many mobile phone reviews, this one actually bothered to:

* test signal strength (even if only anecdotally)

* confirm call quality was acceptable both on handset and speaker phone.

Kudos

6
0

Ex-NSA security expert develops generic Mac ransomware blocker

Adam 1
Silver badge

the chicken or the egg

The next ransomware will simply suspend the ransomwhere process or use simple social engineering tricks to get the user to uninstall ransomwhere.

0
1

NYPD anti-crypto Twitter campaign goes about as well as you'd expect

Adam 1
Silver badge

> crime victims and surviving family members have rights, too – namely, the right to have cases solved with the strongest evidence available.

Surely the strongest available evidence for orders of magnitude more crimes is kept from victims by the right to remain silent. Admissible evidence laws for many more. Should those be repealed while you are at it?

4
0

Furious customers tear into 123-reg after firm's mass deletion woes

Adam 1
Silver badge

Re: M-Web

I'm not sure that backups on their own would save the day here. It's one thing to have the said offline tapes. It's quite another thing to be able to restore many hundreds of TB in anything approaching "reasonable time".

1
0

How much faster is a quantum computer than your laptop?

Adam 1
Silver badge

Re: But...

Yes

and No

2
1

Australia's Dick finally drops off

Adam 1
Silver badge

Re: dropped off a *long* time ago

> I kept going back for a time, but eventually they lacked anything that I found interesting

That is freaking ridiculous. Entirely true, but freaking ridiculous.

The opportunities for aspiring geeks today are massive. From Arduino to drones, mesh WiFi devices, NFC activated automation and other IoT Pfaff, even computer controlled Christmas lights would have been a natural fit for their former self.

There was never a need for them to sell TVs. Their stores could only physically fit 2 or 3 options for each size. Go in looking for say a 40" and you would get a choice between a who knows what home brand with crap refresh rate and colour reproduction for cheap or some 4K 3D smart panel with a curve for about 8x the price. With only so much room in most their stores it was always going to struggle against good guys, JB or Harvey on selection.

2
0
Adam 1
Silver badge

dropped off a *long* time ago

Dick Smith of 25+ years ago was a very different store to that which finally closed down.

There was a time before they became a JB HiFi hardly normal wannabe when their catalogue looked more like jaycar's. Their sales staff would ask about your project and be able to suggest the part combination to solve your problem. The latter day "tech-sperts" could tell you which lightening or micro USB cable plugs into your phone. It really was a shell of its former self.

29
0

Canny Canadian PM schools snarky hack on quantum computing

Adam 1
Silver badge

Re: Are we in the end times?

Burr and Feinstein are all over this. In fact they describe a scenario where your data is simultaneously secure and available to TLAs via backdoors on the encryption...

3
0

US anti-encryption law is so 'braindead' it will outlaw file compression

Adam 1
Silver badge

The way that I am reading this, it would also outlaw the only recommended way of storing password information; a 1 way password hash. These by definition (AND GOAL) cannot be reversed* to the original content even if you know the hash and the specific algorithm(s) applied.

* and before someone points out rainbow tables, these are simply cached brute force attacks.

31
0

Australia should be the 'Switzerland of data', Cisco head hacker says

Adam 1
Silver badge

Would you really trust your IP to Brandistan?

2
1

Storage-class memory just got big – 256Mbit big, at least

Adam 1
Silver badge

Re: "the cost of hardening a server to keep RAM electrified"

That 'D' in ACID compliant for a start. Right now you can't flag a transaction as committed until the writes have hit the spinning rust or SSD, or at least until sufficient data has been written to a log somewhere to allow the data to be reconstructed in the event of a power failure. This makes that latency several orders of magnitude faster, which in turn reduces the duration of locks and the throughput boost that would provide.

I'm looking forward to it.

2
0

Samsung's dimmer Galaxies can make calls when locked, cabled

Adam 1
Silver badge

Not only that but anywhere that allegedly provides a USB socket for "free charging" (cafe / airport lounge / hotel conference room / etc) could just start firing commands down the line whenever it sees a new device and pwn a not insignificant percentage of phones.

As a side note, it is interesting how perspective of threats have changed over the last decade or two. In the late 90s, the ability to make a call or send a text when the device was locked would have been the story, and access to the internal storage would have rated meh.

Another side note, it would be interesting to know whether the same tricks could be used to sideload some malicious apk. If so, this could get really nasty.

0
0

Lauri Love backdoor forced-decryption case goes to court in UK

Adam 1
Silver badge

Complain all you want about El Reg reporting on the issue but I read the BBC story and couldn't find any reference to DevOps. How can we take Aunty as a serious news source?

8
0

The future of Firefox is … Chrome

Adam 1
Silver badge

Re: don't get it

> It also means the whole world will be using the same, open source rendering engine, good for users, good for developers.

No. It creates a monoculture. I am not saying that there is anything horrendously wrong with chromium. There are certainly worse baselines that could have been chosen. I am saying that we already have a product with the specs they are proposing, that that product has around 50% market share depending on who's asking, that there is nothing so horrendous about it that will see a significant portion of that 50% jump ship so why bother. If the best defence is that monocultures rule, then mount an argument that there should only be one c compiler / one desktop environment / distro / in fact, one uber OS / and while we are at it, browser.

2
0
Adam 1
Silver badge

don't get it

So FF now looks like chrome and will soon be based on chromium. If that is what I wanted, I would have just installed chrome.

28
1

Russian boffins want to nuke asteroids

Adam 1
Silver badge

These things always start with "why don't we just nuke that little asteroid" and end up with "OK smart arse! How would you defend against a marauding horde of aliens"

2
0

Spinning rust fans reckon we'll have 18TB disk drives in two years

Adam 1
Silver badge

Re: Question

> why can't there just be a 2nd standard for double height drives?

If you are looking at changing the shape, double the width rather than the height and you would quadruple the capacity*

*roughly. The spindle still takes some space.

0
0

Forums