Posts by Adam 1

Re: Surely...

But his solution would just suck.

- ah yes, that's where I left my coat.

Re: Samsung is the worst of the big manus

It depends on the manufacturer and network. My Nexus 5 (2014) running 6.01 got its May security patches this morning. Buying a device with vanilla android was my priority.

Re: Seem to be missing some critical information

If your hypothesis is right* then someone at a vulture desk will owe MS an apology for the title of this article. It would in that case be Asus causes some of its motherboards to crash** after faulty UEFI implementation.

* I have nothing to add on that point.

** Brick is the wrong verb here.

Re: Survey?

I too, would send one of Winkypop's kidneys for fttp.

Re: Kill it with fire!!!

> What needs to happen is browsers need to start a connection to a server with only TLS 1.5 (assume a time traveler with from 2020), then when that fails, drop back to 1.4 and so on until it can talk

Sorry Tim. That can't work. Or more specifically, it can't prevent a downgrade attack.

Alice sends Bob a TLS 1.5 handshake.

Trudy intercepts that handshake and responds to Alice with a wtf response. Alice can't yet verify that this isn't actually from Bob.

Alice then tries with 1.4. Trudy responds the same way.

And so on....

Eventually Alice tries the only-just-better-than-ROT13 version thinking Bob can't do anything better. Trudy lets it through and can then observe or fiddle with the stream.

Re: Mathematics

It's doubling of powers though. Just going from 8 to 9 would increase it by 36 fold. Not sure what I'm missing here but there should be about 2.8 trillion combinations of 8 character lower alpha + digit

= (26 + 10) ^ 8

Just going to 9 characters gives you 101 quadrillion possibilities, which grabbing my not really Bill Gates hat ought to be enough for anyone.

I don't follow what they are running out of because these are already big numbers. [citation needed]. My suspicion is that they are concatenating more info into those identifiers (first x characters means y, etc) but that's just a guess.

Re: Sadly not beer

When you have kids, you learn to stop asking how object 1 with no worldly reason to be anywhere near object 2 finds itself inside the said object 2.

The instances of said interactions between unrelated entities tend to happen during the times when the said kids are being "a bit too quiet".

Re: Banks? Security?

You can install fiddler on your PC then proxy your phone via that PC and fiddler will intercept the traffic for you.

Then you can see if they are encrypting the traffic itself. It is quite an eye opening* thing to observe and works for all apps. You can even mitm** yourself if they aren't pinning the certificates and inspect what they are encrypting. That can also reveal privacy breaches.

* not in a good way

** android will warn you that others can observe if you install the fake root certificate to permit this.

Sure. It was self evidently a bit too subtle a joke for a few folk here who probably thought that I was advocating against ad blockers.

The point was that they could make the process of presenting the question to probe (all that they are required to do) just as annoying as the ads themselves. Point 2 was that such an experience wouldn't be noticeably worse than what one is subjected to without an ad block installed. Ergo, the only folk who would actually suffer would be those used to an ad free experience.

At least HDD usually get the click of death a few days before they totally go. SSDs just throw you a surprise party when they feel their duty cycle is up.

Re: Now all we need is a safe full of gold!!

> Mini Coopers are a mite small

But the new ones are bigger than a some of the 1980s Corolla models. Sad when you think about it.

Re: from three 'double u's to one single 'm'

Because Dublin is a city.

/I'll grab my coat.

> If Russia ever normalises its position in the world

I agree with the gist of your post, but the US and "The West" are not one and the same. Also, normalise? With Trump? I can't help thinking about pots and kettles..

You could nearly mount that argument if the failure was caused by a tsunami hitting their data centre. The script was run by them for them with no customer benefit. They did it in a prod environment without any fallback plan and without giving notice to their customers. Inadequate precautions were taken. Blame is the right response here.

Re: Goodbye Democracy

It was nicethe worst form of government, except for all the others while it lasted.

TFTFY

Re: Energy in = energy out

> You convert this to heat, and transfer it to motion

All of the useful work performed by an ICE occurs because of the expansion of the exhaust gases after combustion.

The fact that an engine feels hot while running [citation needed] proves that the energy in the fuel is being converted into heat. If all the energy was converted into motion, it would feel no warmer than a metal street lamp post. Furthermore, it would be silent because the sound waves from the combustion is wasted energy.

But the vast majority of the energy in your fuel tank leaves out the exhaust pipe at a few hundred degrees. If you want efficiency, it's going to have an electric motor, not an ICE.

Re: Stable Doors

There are some very clear principles at play here; some reading

https://en.m.wikipedia.org/wiki/Fruit_of_the_poisonous_tree

Re: Meh

> This is just one review, and not a very good one I might add.

Rubbish. Unlike many mobile phone reviews, this one actually bothered to:

* test signal strength (even if only anecdotally)

* confirm call quality was acceptable both on handset and speaker phone.

Kudos

Re: M-Web

I'm not sure that backups on their own would save the day here. It's one thing to have the said offline tapes. It's quite another thing to be able to restore many hundreds of TB in anything approaching "reasonable time".

Re: But...

Yes

and No

Re: dropped off a *long* time ago

> I kept going back for a time, but eventually they lacked anything that I found interesting

That is freaking ridiculous. Entirely true, but freaking ridiculous.

The opportunities for aspiring geeks today are massive. From Arduino to drones, mesh WiFi devices, NFC activated automation and other IoT Pfaff, even computer controlled Christmas lights would have been a natural fit for their former self.

There was never a need for them to sell TVs. Their stores could only physically fit 2 or 3 options for each size. Go in looking for say a 40" and you would get a choice between a who knows what home brand with crap refresh rate and colour reproduction for cheap or some 4K 3D smart panel with a curve for about 8x the price. With only so much room in most their stores it was always going to struggle against good guys, JB or Harvey on selection.

Re: Are we in the end times?

Burr and Feinstein are all over this. In fact they describe a scenario where your data is simultaneously secure and available to TLAs via backdoors on the encryption...

Re: "the cost of hardening a server to keep RAM electrified"

That 'D' in ACID compliant for a start. Right now you can't flag a transaction as committed until the writes have hit the spinning rust or SSD, or at least until sufficient data has been written to a log somewhere to allow the data to be reconstructed in the event of a power failure. This makes that latency several orders of magnitude faster, which in turn reduces the duration of locks and the throughput boost that would provide.

I'm looking forward to it.

Complain all you want about El Reg reporting on the issue but I read the BBC story and couldn't find any reference to DevOps. How can we take Aunty as a serious news source?

Re: don't get it

> It also means the whole world will be using the same, open source rendering engine, good for users, good for developers.

No. It creates a monoculture. I am not saying that there is anything horrendously wrong with chromium. There are certainly worse baselines that could have been chosen. I am saying that we already have a product with the specs they are proposing, that that product has around 50% market share depending on who's asking, that there is nothing so horrendous about it that will see a significant portion of that 50% jump ship so why bother. If the best defence is that monocultures rule, then mount an argument that there should only be one c compiler / one desktop environment / distro / in fact, one uber OS / and while we are at it, browser.

Re: Question

> why can't there just be a 2nd standard for double height drives?

If you are looking at changing the shape, double the width rather than the height and you would quadruple the capacity*

*roughly. The spindle still takes some space.

If we're honest, FTTP is passive between the home and the exchange. So upgrades don't involve sending trucks street by street so is much cheaper per premise. FTTN is basically a micro exchange every few hundred metres, so economies of scale are very hard to achieve.

Re: Russians are rumoured to be testing

Putin may be one volcano short of a Bond villain but even he knows the damage one of these filled with drop bears would do. M.A.D at work.

Re: Why not send it into space...

> Has Donald Trump got a login for El Reg?

No. It is missing the tell tale phrase at the end of the sentence "and make the aliens pay for it"

Re: Something similar

How does the file system help or hinder your ability to remotely connect?

I remember dialing into various Windows 95 boxes with pcanywhete and later on vnc.

Re: Who cares if it leaks?

I guess you are lucky enough to live in a free country. Yes a lot of those good points mitigate many threat models, but a big part of this is a march towards government intrusion (even in free countries) and intrusion above and beyond the level warranted by the alleged crimes of people.

It isn't going to leak so much to Eastern European mobs but firstly to other agencies. In the now famous iPhone debacle, there was a second request for the same assistance in NY for cracking some alleged drug lord's iPhone. Fair call, he sounds like a Bad Guy™. But sooner or later it becomes routine in all investigations. Next thing you know, a fishing expedition is launched whenever someone forgets to return a DVD.

Assuming that our friendly TLAs hadn't already cracked it and were just trying to set a legal precedent (that is a pretty big assumption there), if you can control the parts that retrieve and act upon the device key (ie not containing secure enclave) it is possible to pull the device key. Once you have that, brute force of any short password or PIN can be done for a few bucks of Amazon time.

Re: Copy requested...

Herby's?