* Posts by Adam 1

1346 posts • joined 7 May 2012

Switch survives three hours of beer spray, fails after twelve

Adam 1
Silver badge

Re: Sadly not beer

When you have kids, you learn to stop asking how object 1 with no worldly reason to be anywhere near object 2 finds itself inside the said object 2.

The instances of said interactions between unrelated entities tend to happen during the times when the said kids are being "a bit too quiet".

0
0

What do you call an old, unpatched and easily hacked PC? An ATM

Adam 1
Silver badge

Re: Banks? Security?

You can install fiddler on your PC then proxy your phone via that PC and fiddler will intercept the traffic for you.

Then you can see if they are encrypting the traffic itself. It is quite an eye opening* thing to observe and works for all apps. You can even mitm** yourself if they aren't pinning the certificates and inspect what they are encrypting. That can also reveal privacy breaches.

* not in a good way

** android will warn you that others can observe if you install the fake root certificate to permit this.

2
0
Adam 1
Silver badge

Re: They will replace the old insecure ATMs

Correct, but this article doesn't even follow the threat model like a bank does.

1. The ATM and cash is insured, so any loss is not paid directly by the bank.

2. Insurance is a cost of business that is passed onto their customers as part of the fees.

3. Unless specific banks are more vulnerable than others, the insurance premiums will rise uniformly across all banks to cover it, that number gets crunched through Excel (or worse) and everyone's account fees or ATM fees or whatever raise by a few dollars over the year.

5
0

Ad-blocker blocking websites face legal peril at hands of privacy bods

Adam 1
Silver badge

Sure. It was self evidently a bit too subtle a joke for a few folk here who probably thought that I was advocating against ad blockers.

The point was that they could make the process of presenting the question to probe (all that they are required to do) just as annoying as the ads themselves. Point 2 was that such an experience wouldn't be noticeably worse than what one is subjected to without an ad block installed. Ergo, the only folk who would actually suffer would be those used to an ad free experience.

14
0
Adam 1
Silver badge

Maybe they can ask the user's permission on a panel that obscures the contents. It could ask as an automatically playing video that can't be skipped, tripling the page load time. This has two advantages.

1. It would suitably annoy those running ad blockers whilst complying with the law.

2. Those not running ad blockers would be able to tell the difference from their usual experience of websites.

7
47

What the world needs now is... not disk drives

Adam 1
Silver badge

At least HDD usually get the click of death a few days before they totally go. SSDs just throw you a surprise party when they feel their duty cycle is up.

2
1

Guess what's 'easily hacked'? Yes, that's right: Smart city transport infrastructure

Adam 1
Silver badge

Re: Now all we need is a safe full of gold!!

> Mini Coopers are a mite small

But the new ones are bigger than a some of the 1980s Corolla models. Sad when you think about it.

1
0

The web is DOOM'd: Average page now as big as id's DOS classic

Adam 1
Silver badge

Re: from three 'double u's to one single 'm'

Because Dublin is a city.

/I'll grab my coat.

32
0
Adam 1
Silver badge

Re: Vulture weight

Just imagine though how much DevOps you're missing though.

25
0

Edward Snowden sues Norway to prevent extradition

Adam 1
Silver badge

> If Russia ever normalises its position in the world

I agree with the gist of your post, but the US and "The West" are not one and the same. Also, normalise? With Trump? I can't help thinking about pots and kettles..

9
1

Embattled 123-reg flings six months' free hosting at angry customers

Adam 1
Silver badge

You could nearly mount that argument if the failure was caused by a tsunami hitting their data centre. The script was run by them for them with no customer benefit. They did it in a prod environment without any fallback plan and without giving notice to their customers. Inadequate precautions were taken. Blame is the right response here.

1
0

Dutch PGP-encrypted comms network ‘abused by crooks’ is busted

Adam 1
Silver badge

Re: Goodbye Democracy

It was nicethe worst form of government, except for all the others while it lasted.

TFTFY

4
0

Mitsubishi 'fesses up: We lied in fuel tests to make our cars look great

Adam 1
Silver badge

Re: Energy in = energy out

> You convert this to heat, and transfer it to motion

All of the useful work performed by an ICE occurs because of the expansion of the exhaust gases after combustion.

The fact that an engine feels hot while running [citation needed] proves that the energy in the fuel is being converted into heat. If all the energy was converted into motion, it would feel no warmer than a metal street lamp post. Furthermore, it would be silent because the sound waves from the combustion is wasted energy.

But the vast majority of the energy in your fuel tank leaves out the exhaust pipe at a few hundred degrees. If you want efficiency, it's going to have an electric motor, not an ICE.

2
0
Adam 1
Silver badge

punitive response from regulators

A bowed head isn't going to fix it. A fine isn't going to fix it either as fines are just considered a cost of business and will be passed onto consumers in one way or another. But what will change behaviour is penalising their future scores. Cheat by 10% and be penalised by 20%. Cheat with a million cars, have the 20% penalty against 2 million. 4 models caught, penalise 8. Done it for 2 years, penalise for 4.

At the end of the day, they are stealing customers off their competition, so this approach would give that competition a leg up and create a strong disincentive to cheat.

0
0

FBI's Tor pedo torpedoes torpedoed by United States judge

Adam 1
Silver badge

Re: Stable Doors

There are some very clear principles at play here; some reading

https://en.m.wikipedia.org/wiki/Fruit_of_the_poisonous_tree

5
0

HTC 10: Is this the Droid you're looking for?

Adam 1
Silver badge

Re: Meh

> This is just one review, and not a very good one I might add.

Rubbish. Unlike many mobile phone reviews, this one actually bothered to:

* test signal strength (even if only anecdotally)

* confirm call quality was acceptable both on handset and speaker phone.

Kudos

6
0

Ex-NSA security expert develops generic Mac ransomware blocker

Adam 1
Silver badge

the chicken or the egg

The next ransomware will simply suspend the ransomwhere process or use simple social engineering tricks to get the user to uninstall ransomwhere.

0
1

NYPD anti-crypto Twitter campaign goes about as well as you'd expect

Adam 1
Silver badge

> crime victims and surviving family members have rights, too – namely, the right to have cases solved with the strongest evidence available.

Surely the strongest available evidence for orders of magnitude more crimes is kept from victims by the right to remain silent. Admissible evidence laws for many more. Should those be repealed while you are at it?

4
0

Furious customers tear into 123-reg after firm's mass deletion woes

Adam 1
Silver badge

Re: M-Web

I'm not sure that backups on their own would save the day here. It's one thing to have the said offline tapes. It's quite another thing to be able to restore many hundreds of TB in anything approaching "reasonable time".

1
0

How much faster is a quantum computer than your laptop?

Adam 1
Silver badge

Re: But...

Yes

and No

2
1

Australia's Dick finally drops off

Adam 1
Silver badge

Re: dropped off a *long* time ago

> I kept going back for a time, but eventually they lacked anything that I found interesting

That is freaking ridiculous. Entirely true, but freaking ridiculous.

The opportunities for aspiring geeks today are massive. From Arduino to drones, mesh WiFi devices, NFC activated automation and other IoT Pfaff, even computer controlled Christmas lights would have been a natural fit for their former self.

There was never a need for them to sell TVs. Their stores could only physically fit 2 or 3 options for each size. Go in looking for say a 40" and you would get a choice between a who knows what home brand with crap refresh rate and colour reproduction for cheap or some 4K 3D smart panel with a curve for about 8x the price. With only so much room in most their stores it was always going to struggle against good guys, JB or Harvey on selection.

2
0
Adam 1
Silver badge

dropped off a *long* time ago

Dick Smith of 25+ years ago was a very different store to that which finally closed down.

There was a time before they became a JB HiFi hardly normal wannabe when their catalogue looked more like jaycar's. Their sales staff would ask about your project and be able to suggest the part combination to solve your problem. The latter day "tech-sperts" could tell you which lightening or micro USB cable plugs into your phone. It really was a shell of its former self.

29
0

Canny Canadian PM schools snarky hack on quantum computing

Adam 1
Silver badge

Re: Are we in the end times?

Burr and Feinstein are all over this. In fact they describe a scenario where your data is simultaneously secure and available to TLAs via backdoors on the encryption...

3
0

US anti-encryption law is so 'braindead' it will outlaw file compression

Adam 1
Silver badge

The way that I am reading this, it would also outlaw the only recommended way of storing password information; a 1 way password hash. These by definition (AND GOAL) cannot be reversed* to the original content even if you know the hash and the specific algorithm(s) applied.

* and before someone points out rainbow tables, these are simply cached brute force attacks.

31
0

Australia should be the 'Switzerland of data', Cisco head hacker says

Adam 1
Silver badge

Would you really trust your IP to Brandistan?

2
1

Storage-class memory just got big – 256Mbit big, at least

Adam 1
Silver badge

Re: "the cost of hardening a server to keep RAM electrified"

That 'D' in ACID compliant for a start. Right now you can't flag a transaction as committed until the writes have hit the spinning rust or SSD, or at least until sufficient data has been written to a log somewhere to allow the data to be reconstructed in the event of a power failure. This makes that latency several orders of magnitude faster, which in turn reduces the duration of locks and the throughput boost that would provide.

I'm looking forward to it.

2
0

Samsung's dimmer Galaxies can make calls when locked, cabled

Adam 1
Silver badge

Not only that but anywhere that allegedly provides a USB socket for "free charging" (cafe / airport lounge / hotel conference room / etc) could just start firing commands down the line whenever it sees a new device and pwn a not insignificant percentage of phones.

As a side note, it is interesting how perspective of threats have changed over the last decade or two. In the late 90s, the ability to make a call or send a text when the device was locked would have been the story, and access to the internal storage would have rated meh.

Another side note, it would be interesting to know whether the same tricks could be used to sideload some malicious apk. If so, this could get really nasty.

0
0

Lauri Love backdoor forced-decryption case goes to court in UK

Adam 1
Silver badge

Complain all you want about El Reg reporting on the issue but I read the BBC story and couldn't find any reference to DevOps. How can we take Aunty as a serious news source?

8
0

The future of Firefox is … Chrome

Adam 1
Silver badge

Re: don't get it

> It also means the whole world will be using the same, open source rendering engine, good for users, good for developers.

No. It creates a monoculture. I am not saying that there is anything horrendously wrong with chromium. There are certainly worse baselines that could have been chosen. I am saying that we already have a product with the specs they are proposing, that that product has around 50% market share depending on who's asking, that there is nothing so horrendous about it that will see a significant portion of that 50% jump ship so why bother. If the best defence is that monocultures rule, then mount an argument that there should only be one c compiler / one desktop environment / distro / in fact, one uber OS / and while we are at it, browser.

2
0
Adam 1
Silver badge

don't get it

So FF now looks like chrome and will soon be based on chromium. If that is what I wanted, I would have just installed chrome.

28
1

Russian boffins want to nuke asteroids

Adam 1
Silver badge

These things always start with "why don't we just nuke that little asteroid" and end up with "OK smart arse! How would you defend against a marauding horde of aliens"

2
0

Spinning rust fans reckon we'll have 18TB disk drives in two years

Adam 1
Silver badge

Re: Question

> why can't there just be a 2nd standard for double height drives?

If you are looking at changing the shape, double the width rather than the height and you would quadruple the capacity*

*roughly. The spindle still takes some space.

0
0

When to trust a startup: Does size count?

Adam 1
Silver badge

> I buy from startups all the time. Why? Am I being foolish in doing so?

No, as long as it's all DevOps you should be fine! ;p

3
0

Telstra being paid to fix Telstra's network for NBN – AGAIN

Adam 1
Silver badge

If we're honest, FTTP is passive between the home and the exchange. So upgrades don't involve sending trucks street by street so is much cheaper per premise. FTTN is basically a micro exchange every few hundred metres, so economies of scale are very hard to achieve.

1
0
Adam 1
Silver badge

FTTP doesn't need any HFC maintenance nor DOCSIS upgrades. Just saying ...

3
0

Dropping 1,000 cats from 32km: How practical is that?

Adam 1
Silver badge

Re: Russians are rumoured to be testing

Putin may be one volcano short of a Bond villain but even he knows the damage one of these filled with drop bears would do. M.A.D at work.

1
0

Britain is sending a huge nuclear waste shipment to America. Why?

Adam 1
Silver badge

Re: Why not send it into space...

> Has Donald Trump got a login for El Reg?

No. It is missing the tell tale phrase at the end of the sentence "and make the aliens pay for it"

1
0
Adam 1
Silver badge

Re: Odd Decision & Odd Timing

> Nuclear power is safe and if designed right, does have minimal waste, much less than coal or gas power

.... much less radioactive waste than coal power (on a per MW/hr basis).

TFTFY

Note: possibly also applies to gas but I don't know those numbers.

I guess coming out the top of a smokestack over time rather than leaving it in the bottom of a lap pool makes it OK?

3
0

That naked picture on my PC? Not mine. The IT guy put it there

Adam 1
Silver badge

Re: Something similar

How does the file system help or hinder your ability to remotely connect?

I remember dialing into various Windows 95 boxes with pcanywhete and later on vnc.

18
0

FBI Director defends iPhone 5C unlock tool that's obviously going to leak into wrong hands

Adam 1
Silver badge

Re: Who cares if it leaks?

I guess you are lucky enough to live in a free country. Yes a lot of those good points mitigate many threat models, but a big part of this is a march towards government intrusion (even in free countries) and intrusion above and beyond the level warranted by the alleged crimes of people.

It isn't going to leak so much to Eastern European mobs but firstly to other agencies. In the now famous iPhone debacle, there was a second request for the same assistance in NY for cracking some alleged drug lord's iPhone. Fair call, he sounds like a Bad Guy™. But sooner or later it becomes routine in all investigations. Next thing you know, a fishing expedition is launched whenever someone forgets to return a DVD.

Assuming that our friendly TLAs hadn't already cracked it and were just trying to set a legal precedent (that is a pretty big assumption there), if you can control the parts that retrieve and act upon the device key (ie not containing secure enclave) it is possible to pull the device key. Once you have that, brute force of any short password or PIN can be done for a few bucks of Amazon time.

7
1

US government updates secure email guide for first time in a decade

Adam 1
Silver badge

Re: Copy requested...

Herby's?

0
0

Elon Musk takes wraps off planet-saving Model 3 vapourmobile

Adam 1
Silver badge

Re: Tesla a greencar, really ?

> transport of somewhat heavy batteries

Diesel weighs somewhere between 850g and 1Kg per litre. They tend to be in the 5L/100km range. The average car is driven 15-20 thousand km/year. Picking the kindest of those numbers, that means you are burning north of 6 ton of diesel fuel per year if you are a typical driver in a typical car.

That's in the ballpark of 3x the weight of these entire cars (not just the battery pack) every year

1
1
Adam 1
Silver badge

Re: Tesla a greencar, really ?

Refining petroleum takes somewhere between 1.5 and 2.5 KWhr/L by the way. A 60L tank therefore has a 90+ KW/hr electricity penalty just from the refining step.

And those 60L didn't just pump themselves from the well to the refinery nor do they pump themselves into tankers to your local service station running on air.

8
2

William Hague: Brussels attacks mean we must destroy crypto ASAP

Adam 1
Silver badge

> whatever the problem is, the solution is more surveillance and no judicial over-site

Now there. He doesn't have any problem with judicial over-site. It's judicial oversight that he has the problem with.

0
0

Bash on Windows. Repeat, Microsoft demos Bash on Windows

Adam 1
Silver badge

other way round isn't it

Pretty sure systemd just outsources to svchost.exe these days.

7
4

X-ray scanners, CCTV cams, hefty machinery ... let's play: VNC Roulette!

Adam 1
Silver badge

Re: Or a simpler (than SSH) solution

@chemist

Wasn't quoting your post so not quite sure why you would take my comment to be about you and your process.

I was quoting AC whose argument seemed to be that because people (not you obviously) choose crap passwords then running on a non default port gave the same security. I worked out the equivalent entropy it gave to point out that you really need a bad password for that to be equivalent.

I thought my post was pretty clear that this does not preclude taking additional steps such as non default ports or port knocking or timed activation for ports. That will improve your security or at worse make no difference and doesn't really make your life harder so go ahead with my blessing. It is a great additional step, not a replacement.

0
0
Adam 1
Silver badge

Re: Or a simpler (than SSH) solution

> but there's only so many ports that can be used.

65536 to be precise.

So as a password it is comparable to a 3 to 4 digit numerical PIN; or comparable to a password made up of a single English word that is in common use. It just isn't enough as a substitute method.

0
0

Gumtree serves world's worst exploit kit to scores of Aussies

Adam 1
Silver badge

So ....

Any chance Gumtree or their ad slingers will cough up for the cost of scanning and cleaning those visitor's PCs, or for some sort of identity theft monitoring service for those users?

Thought not.

Ublock origin people.

6
0

US govt says it has cracked killer's iPhone, legs it from Apple fight

Adam 1
Silver badge

Re: And now this is the worst

> The basic premise is any secure system with enough time and effort will be broken

Realistically that is correct, but only because developers are humans with SNAFUs like in every other endeavour. Usually it is flawed implementations which are attacked.

For example, it is possible to choose a key size such that even allowing for Moore's law to continue and the entire GDP of the world dedicated to breaking it would still take longer than our sun has left in it. But all that is based on our assumptions about the trapdoor functions that we rely upon. We assume that factorising the multiplication of two huge primes is really hard. We assume that the discrete log problem is really hard. But find some new mathematical construct then maybe it can be done with less effort. In fact if you look at the logjam attack it takes advantage of being able to precompute millions of CPU hours worth of computations and reuse that to simplify the computations for subsequent keys.

But I digress. My point is that the goal is impossibility without the key. Good enough means uneconomical to crack (I think your point) but with the proviso that hardware reduced the cost per operation over time (in both time and power consumption), and sometimes your enemy is a miscreant who is paying for neither (malware / stolen Amazon keys / etc). If you accept the good enough argument, you need to make sure you adequately measure the economics rather than just trying to figure out what it would cost you to do.

2
0

Is iOS 9.3 Apple's worst ever update? First it bricks iThings, now Safari is busted

Adam 1
Silver badge

exaggeration much?

Don't get me wrong, bricking a device is bad but it could be worse.

2
10

Forums