* Posts by Adam 1

1471 posts • joined 7 May 2012

Really – 80% FTTP in UK by 2026? Woah, ambitious!

Adam 1
Silver badge

good thinking on a FTA with Oz

That way when you get your FTTP ramping up, we can trade you the ability to convert it to a FTTN cluster explicative which will cost just as much to build but run out of capacity at about the same time the build completes.

0
0

Come in HTTP, your time is up: Google Chrome to shame leaky non-HTTPS sites from January

Adam 1
Silver badge

Re: @Stuart Moore - So, does this mean

1. People are lazy and use the same handles and passwords elsewhere. Think of all the people who are not as security literate as yourself but come here often because they like DevOps.

2. Not only can people read HTTP in a MitM attack, but they can actively change the communications. They can replace the El Reg ads with something more sinister, inject JavaScript or even change your comment so that instead of fiercely agreeing with Stuart, you appear to disagree with him.

12
2
Adam 1
Silver badge

Re: Dumb idea IMO..

It's also just the last endpoint. It tells you nothing about what happens after that server receives your credentials.

Tip El Reg:

If you want to want to stop our narky comments about this forum's lack of HTTPS, just hide behind cloudflare or equivalent. They'll serve us HTTPS then talk to you over HTTP. Defeats part of the purpose of HTTPS but at least we get a padlock icon hey.

6
0
Adam 1
Silver badge

Re: Thin end of the whatsit.

I'm sure it's not to thwart network level (ISP level) ad blockers. Clearly that is an unintentional side effect.

20
0

Tesla driver dies after Model S hits tree

Adam 1
Silver badge

Re: @AndyS

> I think you have that the wrong way round.

Yes I do. Ended up with an extra not in that sentence which changes the meaning. Also, autocarrot changed one of my words to bakery which reads pretty random.

But I think you picked my basic point; that if your engine bay contains an engine block, you have to try to jettison it under the safety cell. But it is still going to crush your feet on the way through because you can't quickly change the direction of many hundreds of Kg. The more energy that can be absorbed in front of the safety cell, the slower the rate of deceleration experienced by the passengers.

0
0
Adam 1
Silver badge

Re: @AndyS

> However I do think people might want to re-consider driving electric cars considering the extra hazards it could cause.

People may well but people are not as rational as we like to believe. Are you considering the additional deaths from NOx emissions or do we feel like externalising those? Not to mention the bakery of bunnies, kittens and unicorns that are the oil producing regions that get subsidised.

I would have thought that not having a massive block of incompressible cast iron or aluminium in between you and the other object limits the amount of energy that can be absorbed by the crumple zones when compared to an empty void. That increases survivability in such other cases.

2
0

Pains us to run an Apple article without the words 'fined', 'guilty' or 'on fire' in it, but here we are

Adam 1
Silver badge

Re: environment nose

> You've got digital ears? Wow

Yes, 10 of them with self evidently 0 in between.

0
0

Inside our three-month effort to attend Apple's iPhone 7 launch party

Adam 1
Silver badge

Re: Perhaps one day....

Nah. You know if they somehow implode and lose all that hundred gazzillion dollars stashed in the bank and have to lay off their engineering and marketing talent then it will be Microsoft that buys them out for $100 billion. Then they will use that new found IP to change the way that you end a call (dragging the contact to the trash).

2
0
Adam 1
Silver badge

Re: Try the top man

Agreed. You should see if Barbra can get you a ticket.

8
0

Sneaky Gugi banking trojan sidesteps Android OS security barricades

Adam 1
Silver badge

> In other news, a murderer rang up his victim and told him to take a knife out of the top drawer and then stab himself repeatedly with it.

The bastard! I should've known it was a scam. After I stop this bleeding I'm going to

1
0

QANTAS' air safety spiel warns not to try finding lost phones

Adam 1
Silver badge

Re: No need to panic... But PANIC FEELS BETTER

> This country went from landing on the Moon to "This bag is not a toy!" in only 40 years

Maybe so, but this one time after shopping for what seemed like eternity for some new shoes, I got home and needed to have a bite. Thank God for that timely warning on those silica gel packs. Could've made me sick had I not noticed.

2
0
Adam 1
Silver badge

Re: No need to panic... But PANIC FEELS BETTER

> hides the real vampire-jumping-spider.

Being an Australian airline, you can never be too cautious when it comes to Arachnids.

1
0
Adam 1
Silver badge

Re: Well!

You're folding it wrong!

Ah, my coat, thanks for that.

3
0

98.1 million CLEARTEXT passwords pasted as Rambler.ru rumbled

Adam 1
Silver badge

to all those advocating backdoored encryption ...

Once those master keys get out, all your data becomes equally clear text as one of these dumps.

1
0
Adam 1
Silver badge

Re: Could still be encrypted on the database but still be plain-text

> .php

Ah yes, I think I can see the problem already

1
1
Adam 1
Silver badge

Re: I have to ask

I don't think our understanding about password storage has advanced hugely since 2012. Back then, anyone with an iota of common sense could imagine consequences of a database containing clear text passwords being stolen.

What has changed is our understanding of the threat model; that it includes the people we assumed were the good guys. Rather than working to protect our interests, they were busy tapping data centres, not reporting vulnerabilities in the firewalls and VPNs and operating systems and the like in the absurd hope that building bigger haystacks will lead to better needle discovery.

0
0
Adam 1
Silver badge

Re: Perhaps?

@lee

Not necessarily. The passwords may have been encrypted but their private key may have also been stolen. That's one of the many reasons that you want salted hashes, not encryption for password storage

0
0
Adam 1
Silver badge

It is their version of Yahoo! 171 users sounds about right then.

0
0

Sysadmins: Poor capacity planning is not our fault

Adam 1
Silver badge

Re: But....

> Oh and to Java devs everywhere, writing everything including the kitchen sink to Log4J output files in not the answer to reliable systems

Log4xyz is a good thing™. Certainly beats the hell out of something went wrong somewhere and we have no logs or some half arsed attempt to write to a text file using code lifted from stack overflow which isn't threadsafe, isn't buffered and works by loading the whole file into memory, appending a line then rewriting the file. Oh and by a file, I mean hundreds of files in various folders with no cleanup mechanism.

Other than sensible defaults, it's usually not a developer's role to configure log4xyz (internal or custom software where you have full understanding of the deployment environment may be the obvious exception). That is why you can change the verbosity of the messages in a config file. It is why you can choose your own appender. If you use a rolling file appender then you can specify things like maximum size, number of files to keep and so on. Then it is just a discussion with business about how much storage they want to pay for vs the point where files get deleted. That's their decision, not yours, not devs. Your job is to make sure you explain the consequences of whatever set of numbers get thrown at you.

The other side of the coin is ensuring that the I/O can handle the volume you throw at it. If you have your loglevel set to debug on a multi threaded stack, it may not be adequate to dump log files to some slow HDD.

Wait, you made me defend Java you sneaky bastard. Is that the new Rick roll?

0
0

Telstra wins AU$39 million for data retention costs as grants revealed

Adam 1
Silver badge

makes no sense

If the government really want ISPs to do this, they should do one of two things.

1. Cover the entire cost out of general revenue; or

2. Permit ISPs to charge a specific data retention fee to their customers every month.

The *last* thing you want is for ISPs to try to monetise that datastore in some way to recover costs.

0
0

Australia's mobile black spot program was a partisan money hole

Adam 1
Silver badge

the $220 million question

Why wasn't there suitable eligibility criteria for the program?

1
0

Good job, Oz feds: Conroy wants you investigated for privilege and contempt

Adam 1
Silver badge

"For most practical purposes, Parliament House is regarded as the only place of its kind and one in which the two Houses through their Presiding Officers have exclusive jurisdiction. Thus in Parliament House the police are subject to the authority of the Speaker and President and their powers are limited by the powers and privileges of the respective Houses. Such limitations are not based on any presumed sanctity attached to the building as such, but on the principle that the Parliament should be able to conduct its business without interference or pressure from any outside source"

- Advice of Attorney-General‘s Department, concerning powers of police within the precincts of Parliament House, 1967. And see Parliamentary Precincts Act 1988.

Whatever one thinks of the man with the red underpants on peoples' heads fettish, the AFP would be well advised to tread very carefully. These rules are deliberately designed to constrain the power of the police to interfere with the operation of the house.

5
0

FBI: Look out – hackers are breaking into US election board systems

Adam 1
Silver badge

Re: How silly

So they got the ability to run arbitrary SQL but decided to only run Select statements. Yeah, the other one plays jingle bells.

3
0
Adam 1
Silver badge

Re: XKCD from the past

So true. Norton antivirus would be so much worse.

0
0

Fifty bills for new Oz parliament, nothing much for tech

Adam 1
Silver badge

Re: The horses mouth?

Do you mean this Alastair MacGibbon?

Don't worry though. We can Shirley keep your census data safe.

0
0

Chinese CA hands guy base certificates for GitHub, Florida uni

Adam 1
Silver badge

Done. Thanks

1
0
Adam 1
Silver badge

Removal instructions for Wosign CA please. Android + Windows

Asserting ownership of a given CN is the one and only job of a CA. If they can't do that properly, their public keys are of no use to me.

3
1

'Fake CEO' Chinese chap cuffed in $54m fraud probe

Adam 1
Silver badge

>fter someone impersonating the CEO in an email had authorized the transfer of funds. The CEO and CFO have since been fired.

So they fired the fake CEO? Or was it the fake investigation team that reported back to the fake board that caused the fake HR to sign the no doubt golden parachute cheque*? OK Neo, the blue pill....

*Just because you can't spell authorised doesn't mean I have to misspell cheque.

0
0

Tech fails miserably in Forbes' most innovative companies

Adam 1
Silver badge

So why is Amazon on the list? Have they ever made a profit?

1
0

MIT brainiacs triple the speed, double the range of Wi-Fi

Adam 1
Silver badge

Re: "consumers won't have to buy new hardware"

Yes. As long as you can mount your laptop on the moggie, this should work fine. Unfortunately, you still need a Roomba on which you can mount the moggie, so it is really turtles all the way down.

5
1

Microsoft's HoloLens secret sauce: A 28nm customized 24-core DSP engine built by TSMC

Adam 1
Silver badge

Re: Microsoft as a hardware company

Mice...

And probably best not to be talking about webcams at the minute.

3
0

Honor 8: Huawei targets millennials with high-spec cheapie. 3 words – Food pic mode

Adam 1
Silver badge

Re: Wow

Looking at a Nexus 5 as I type this. 1080p isn't that terrible.

1
0

Chocolate Factory exudes Nougat as Android 7 begins rollout

Adam 1
Silver badge

> Sadly, the Nexus 5 and Nexus 7 fondleslabs won't be invited to the Nougat party.

Boo!

6
0

Australia Post says use blockchain for voting. Expert: you're kidding

Adam 1
Silver badge

Re: Australia Post's search for relevance ...

> (and what's wrong with the SMTP/POP/IMAP Internet mail service, I'd like to know)

Plenty, but nothing that I believe auspost has the answers to.

On a side note, lots of e-commerce relies on physical package handling to some degree. Why they can't leverage their natural monopoly to turn a pretty penny there shows a real lack of imagination.

1
0

Google killing app format used only by The 1%

Adam 1
Silver badge

Re: well that's annoying

Don't mind draw.io. it does have an XML format so it can be versioned but it's more definitions of points etc. This one had a simple syntax that worked nicely with diff tools and was much quicker to create a simple diagram in it than draw.io.

0
0
Adam 1
Silver badge

well that's annoying

Don't use them much but there is a handy little tool for drawing sequence diagrams and the like which relies on it that I'll miss.

1
0

Microsoft can't tell North from South on Bing Maps

Adam 1
Silver badge

Re: Victorian Numberplates

The other ones have the humourous tag line "the place to be". Clearly a sentiment that wasn't shared by the drivers of the said vehicles who were elsewhere.

1
0

Password strength meters promote piss-poor paswords

Adam 1
Silver badge

Re: saggfwuepp53hlq%4k12h

Well your auth cookie is sent in clear text every time you login here because apparently TLS is too much effort or something.

5
0
Adam 1
Silver badge

Re: Passwords need to be rethought

If you think password length is related to the required storage space, you're storing it wrong.

25
0

Scared of mobile banking

Adam 1
Silver badge

> Three out of four of these refuseniks (74 per cent) cited security as the major reason.

Well they are fundamentally correct on that. 2FA is useless if the SMS code for funds transfer is going to the same device.

1
0

Baltimore cops accused of violating FCC rules with Stingrays

Adam 1
Silver badge

naïve me

And here I was imagining these devices basically did a MitM attack, forwarding the traffic to a legitimate tower so as not to inconvenience anyone beyond the privacy implications.

1
0

VeraCrypt security audit: Four PGP-encoded emails VANISH

Adam 1
Silver badge

Re: One time pad

> it's illegal (in the UK) to send encrypted communications over the airwaves

Is it legal to broadcast the results of a long running game of heads or tails? Enquiring minds and all that.

3
0

Farewell Patch Tuesday fragmentation: from October, MS will roll just one monthly patch

Adam 1
Silver badge

It's lucky that Microsoft never release patches that you don't want installed I guess.

2
0

Bees bring down US stealth fighter

Adam 1
Silver badge

Re: "eight pounds, or in modern numbers, 3.6 kilos."

> what's that in proper units

About 20 KiloBees

0
0
Adam 1
Silver badge

Absolutely. Bee related puns are encouraged. You win one internet. Unfortunately, you immediately lost it after failing to use an apostrophe to indicate a contraction. Such behaviour must not go unpunished or society may tear itself apart at the seams.

1
0
Adam 1
Silver badge

> she landed on the F-22 to rest

She was hanging around for the F-35 JSF but exhaustion set in due to another overrun.

18
0

US extradition of Silk Road suspect OK'd by Irish judge

Adam 1
Silver badge

wouldn't it have been easier...

to get Microsoft Ireland to hire the guy? Then they could just get a warrant from a US court.

3
0

Meet DDoSCoin, the cryptocurrency that pays when you p0wn

Adam 1
Silver badge

Leaving aside the more, er, questionable elements of this proposal, wouldn't the effort to validate that block chain exceed the ddos itself?

1
0

IBM makes meek apology for Oz #CensusFail, offers no fail detail

Adam 1
Silver badge

Re: Warning: Aussie census goon squad coming soon!

"International visitors

If you are visiting Australia on Census night, you are required to participate. Your accommodation provider will give you a form or details of how to complete the Census online."

- http://www.abs.gov.au/websitedbs/censushome.nsf/home/getonlinefaqcensus?opendocument&navpos=110

1
1

#Censusfail Australia: Not an attack, data safe, no heads to roll

Adam 1
Silver badge

Re: International...

True but not his IP address. Heck, you could identify me by my postcode combined with my employer's name.

0
0

Forums