* Posts by richardcox13

101 posts • joined 19 May 2012

Page:

Analogue modems allow UNSTOPPABLE Android attack ... at 13bps

richardcox13

Re: Ive got a side channel attack.

> Can I be famous now please?

If you were original then maybe. But you are not: https://xkcd.com/538/ hence no.

0
0

Fed-up Colorado man takes 9mm PISTOL to vexing Dell PC

richardcox13

Re: taking ordnance to pc parts...

> mythbusters [...] fast machine gun to cut something solid in half

Cut down a tree is the usual aim.

Been done in other programmes as well.

Not cost efficient or time efficient. But does show why one does not want to be in front of such weapons.

0
0

Google makes life easier for mixed-content sysadmins

richardcox13

> why are these sites not using[…]

Content separated from structure (eg. CMS) could well mean no one person controls all the markup.

(And there is always content relative links, eg. //code.jquery.com/jquery-1.11.2.min.js, for content from other domains.)

1
0

Boost your attachment size with this one weird trick

richardcox13

Re: No, never increase attachment size limits

> Business knowledge is lost in email. It must be properly filed on a network location, and email only serving links to the latest version.

And now your sales team wants to send a quotation to that potentially very lucrative customer.

Not everyone is connected to the local network ...

0
2

Finally, Mozilla looks at moving away from 'insecure' HTTP. Maybe

richardcox13

Re: Bad idea

And note even IE6 (XP SP3/2003 SP2 and above) supports SNI. (Not in the original versions of those OSs, but it was added later.)

If you have clients from before those relics then it is quite possible even assuming HTTP 1.1 will be a problem, so you have to have a unique address even when unsecure.

0
0
richardcox13

Certificate providers are appearing with ever cheaper (some promising free) certificates.

(This is covered in the linked discussion thread.)

While they won't be EV certificates, as the underlying drafts do consider levels of security, that aspect is covered.

So your "About Me" site gets a free certificate, but as you are not selling anything you are only looking at providing end to end integrity rather than significant identify validation.

At the other end of the scale a medical site or retailer does need to spend some money on their identity. But if they are not willing, how secure is anything they do?

1
0

NASA to put the stars in your hands with coming-soon-now API portal

richardcox13
Go

Compared to an anoying Canadian

> It's also about a thousand times smarter and more interesting.

Talk about damning with faint praise…

1
0

National Grid's new designer pylon is 'too white and boring' – Pylon Appreciation Society

richardcox13

Re: Low IQ Alternative

There is already a standard for it: RFC 3251 "Electricity over IP", but your a couple of weeks out for that.

0
0

ICANN urges US, Canada: Help us stop the 'predatory' monster we created ... dot-sucks!

richardcox13

Or perhaps, hoist by their own petard.

1
0

Extensive 3D NAND drives very expensive to make

richardcox13
Unhappy

Cost of manufacture isn't just CapEx

> Each year flash costs between 162X and 53X more to make per TB than disk

The graph clearly says cap-ex. But the cost of manufacture is op-ex (eg. staffing), materials and a /proportion/ of cap-ex.

It will be more expensive, but nothing close to the cap-ex multiplier because the other costs will not be anything like as proportionately as big (otherwise flash would already be far more expensive than it is reative to spinning rust).

0
0

What type of storage does your application really need?

richardcox13

> High-end storage: […] Frankly, unless you already have a pile of Fibre Channel disk shelves then go for SATA.

I think someone meant "SAS" there, otherwise the next sentence – backward compatible with SATA – does not make sense (and who does high end storage on SATA?).

0
0

Google wants Marvin the Paranoid Android's personality in the cloud

richardcox13

Re: I'm sure that...

And hope the sign does not sink...

Go stick your head in a pig.

3
0

Popular crypto app uses single-byte XOR and nowt else, hacker says

richardcox13

Re: funny

> First off, several encryption methods been written and tested so there is no longer any reason to invent a new method.

Wrong. New attack techniques are developed, faster computers can brute force longer keys and thus new, more resistant, algorithms are needed and longer key lengths are needed.

For instance DES has never been broken (albeit it was weakened my new attacks), but it can be brute-forced in hours today. Equally SHA1 has been weakened by new attack techniques.

Thus neither DES or SHA1 are suitable for their original purposes despite huge evaluation and analysis through their standardisation processes.

11
3

Power, internet access knackered in London after exploding kit burps fire into capital's streets

richardcox13
Headmaster

Re: We are on high holborn :- currently looking like we will be down another day

>f ISO 25999?

What's that?

Or are you mixing (now withdrawn) BS 25999 and (its replacement) ISO 22313?

1
0

Dino-boffins discover ancient, TOOTHY-CLAWED, four-eyed MONSTER LOBSTER

richardcox13
Coat

Re: Weird thought

> They probably tasted like chicken.

Can't have done. Chicken (or any birds for that matter) had yet to evolve.

0
0

Marathon race ace FOUND ON MARS – NASA boffins overjoyed

richardcox13

Re: Obligatory xkcd

http://xkcd.com/1504/

This time it is Opportunity.

0
0

SNIA examines standardised access to object-based disk drives

richardcox13

Re: A solution in search of a problem?

> looks to me like they are trying to turn every hard disc into a NAS box

[without all the benefits]

Indeed. Instead of open set of code managing redundancy (with a support contract), you end up with every application doing it. Mostly poorly (inevitably).

0
0

National Lottery sleeps through Sunday

richardcox13

Re: "timestamps don't translate well"

Twitter displays the date/time of other's tweet's in your locale. Unless they are recent, then it displays something like "+20 min".

Thus Vulture South would need to translate the offset into a local time, and then perform the timezone conversion, Neither difficult, but it was a Sunday :-).

0
0

Never mind those touch apps, full Office 2016 is coming this year

richardcox13

Re: All I want to know is...

> Seriously, Alt+F to open the menu, [...]

Press ALT: see ribbons overlaid with the available short cuts. As you enter them more specific ones appear.

Once you know where the command is on the ribbon (they are easier to find as the organisation is far more consistent, but you're used to the inconsistency of the menus).

So to sort a table: Alt-JO and the Table Tools Layout tab is opened, SO and the sort dialog is open.

And this works even if the ribbon is collapsed (Control-F1 to toggle).

The ribbon is different, but it is not hard.

4
4

NASA preps lobotomy for Opportunity rover to cure amnesia

richardcox13

Necessary XKCD Reference

http://xkcd.com/695/

(Wrong rover, but applies even more so.)

3
0

Crack open more champagne, Satya, XP's snowballing to HELL

richardcox13
Stop

Re: Meaningless statement by useless stats mangler - film at 11

You'll continue getting support.

Because it does not end in January, only "mainstream support" (ie. new features being added) ends in January, Bug fixing and security patching go on until "extended support" ends in 2020.

But then I expect you know that. Troll.

8
2

Fasthosts goes titsup, blames DNS blunder

richardcox13

Re: "issues with our 2003 servers"

While Fasthosts may have no such legacy applications, their customers may well have legacy applications.

(And I agree, I read it initially as "that's a very specific number of servers" :-))

0
0

Why solid-state disks are winning the argument

richardcox13

Re: Reasons for traditional HD

> Give us a small and cheap but very fast PCI card to boot and run our O/Ses from!

Have you looked at M.2 flash cards (on motherboards with the appropriate support)?

Of course they have capacities that mean you can skip a SATA flash disk and just back it up with the large spinning rust for bulk storage if required.

1
0

ICO warns UK broadcasters over filming using drones

richardcox13

> Why is this different from using a telephoto lens on a camera?

Well the camera is remote, potentially significantly remote, from the operator (photographer).

And unlike, conventional, helicopter based news filming, a UAV is far less noticeable while being able to get much closer.

Then you get into the difference between private only use and commercial use (eg. requirements for release forms).

So it is somewhat different. But I suspect it'll take a court case or few to really determine the rules.

2
0

Torvalds CONFESSES: 'I'm pretty good at alienating devs'

richardcox13

… and in other news

Arboreal areas contain ursine turds.

0
0

Let XKCD's Randall Munroe satisfy your curiosity in this excerpt from his book, What If

richardcox13
Thumb Up

Re: It's excellent

Just received a nice dead tree edition... and wondering what's happened to the time :-)

There have been some updates compared to the online versions (plus some extras), so worth it even if you do read http://what-if.xkcd.com/

4
0

Microsoft unloads monster-sized can of bug spray on Internet Explorer, again

richardcox13

Re: I don't understand...

> ... Why is MS still releasing patches for IE6?

Server 2003 is still in support (until April 2014 IIRC), and shipped with IE6. Hence it gets patching because Microsoft's policy is currently to support all IE versions that work on a supported OS version.

However, as of Jan 2016, that will change (as announced recently), with only the latest compatible IE supported on each OS.

0
0

Boiling point: Tech and the perfect cuppa

richardcox13

Re: Disappointing

Good point. After all they only need to return status 418 (even if not short and stout).

This article is about Tea; HTCPCP is about coffee.

0
0

LOHAN acquires aircraft arboreal avoidance algorithm acronyms

richardcox13
Thumb Up

> VinceH I think we got hit by the same inspiration particle!

Clearly some form of particle cloning going on, because it seems to be bouncing around here as well!

However, in proper abbreviation creation mode I reverse the last two words:

Arboreal Recognition System for Evasion.

1
0

Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade

richardcox13

The difference between "update to [get to] V31" and "update [applied] to V31": the ambiguities are strong in this one.

5
0

50,000 sites backdoored through shoddy WordPress plugin

richardcox13

Re: Where is line 91?

I would assume the malware (incorrectly) injects quite a few lines of its own code knowing it is a file that is executed for each request.

0
0

Ever wanted to be a Playmonaut? El Reg's Vulture 2 spaceplane sim reveals what it's like

richardcox13

More content needed in simulator...

Maybe something like this: http://tmagazine.blogs.nytimes.com/2014/07/18/flowers-in-space-azuma-makoto-exobiotanica/

Gives the heroic pilot something to look at while hurtling along.

Is there anything people won't put below a weather balloon?

0
0

CERN data explains how Higgs heavies other matter

richardcox13

Re: femtobarns

Well according to another place (http://en.wikipedia.org/wiki/Barn_%28unit%29):

> Other related units are […] the shed (10^(−24) b (1 yb), or 10^(−52) m^2) […]

which makes a nanoshed really rather small indeed.

0
0

Can it be true? That I hold here, in my mortal hand, a nugget of PUREST ... BLACK?

richardcox13
Mushroom

Re: Black space craft? Whatever could go wrong

> The space craft that belonged to Hotblack Desiato I believe,

Correct. While he took a year dead (for tax reasons).

You might need to consider doing the same should you book Disaster Area for the local church fête: governments are likely to be unhappy with the wholesale breach of strategic arms limitation treats.

2
0

NASA aborts third attempt at finally settling man-made CO2 debate

richardcox13
Go

For Updates...

follow https://twitter.com/NASA_LSP for launch updates (including relevant links to NASA TV) to see if NASA can get it up (next time).

2
0

Wake up, grandad: All the techies use social media

richardcox13

Re: Since I started using the internet in 1998,

> I guess that makes me a dinosaur!

I started about it 1988, so what does that make me… or rather does that make you just a newbie?

That new fangled web thingy, it might just catch on...

> Can I yell 'Get off my lawn!' now?

Wait in line youngster! If you've not had to work out UUCP bang paths for email addresses you've had it too easy. (El Reg's Approach! To Yahoo! Related! Headlines! Brings! Back! Bad! Memories!)

8
0

Redmond promises IE8 patch is in the pipeline

richardcox13

Re: What is the risk of this bug really?

> XP is end of lifed

So what? IE8 is the default browser on a new install of Windows 7; thus its support ends with Win7.

4
0

Time-rich Brit boffin demos DIY crazytech WOLVERINE talons

richardcox13

Re: We need more...

Check out of the rest of YouTube channel.

Making a pulse-jet a bog-brush stand to power a BBQ is memorable.

3
0

Super-heavy element 117 DOES exist – albeit briefly. Got any berkelium handy?

richardcox13

Re: How about...

> Unobtainium

It has been obtained, so that does not seem appropriate.

How about "hardtogetium"?

6
0

Stone the crows, Bouncer! BT defends TV recorder upgrade DELETION snafu

richardcox13

Re: Which box?

> to occasionally record Channel 5 shows

I suspect the C5 EPG data is at fault. I see most series jumping to C5+1 from time to time.

This seems to have always been the case with C5 on every FreeView PVR I've used. Other channels do not have the same problem.

Therefore I think this might, for once, not be BT but the data source: Channel 5.

0
0

Target finally implements chip and PIN card protections

richardcox13

Re: two factor?

With chip & pin the two factor is (1) something you have (the card) and (2) something you know (the PIN).

With online it is something like (1) something you know (password) and (2) something you have (mobile to receive the second code).

Three factor systems add something you are (a biometric).

1
0

Anatomy of OpenSSL's Heartbleed: Just four bytes trigger horror bug

richardcox13

Re: I don't get it..

> why expect a length parameter at all ? That is metadata that can be calculated quite trivially.

How? A socket connection is just a stream of octets, there are no record delimiters (except as provided by your own protocol).

And then you need to detect with partial data (eg. interruption on the network).

5
0

QUIDOCALYPSE: Blighty braces for £100 MILLION cost of new £1 coin

richardcox13

Re: Deal With It!

> A triangular rubber coin 6,800 miles along each side?

Fiddling small change then, and thus not accepted by glacta-banks.

1
0

BT caught in data gaffe drama: Whistleblower squeals over alleged email fail

richardcox13

Re: HTTPS compulsory?

> Someone better tell El Reg then.

Indeed.

More than a little of the pot calling the kettle black here.

0
0

Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge

richardcox13

They certainly do use images.

But the images are always the complete install (a "diff" image would work, but only for the same base).

However there are a lot if images to manage and maintain: different OS editions/versions, different Office editions/versions, ...

This soon becomes a rather large number each patch Tuesday.

1
0

Q&A: Schneier on trust, NSA spying and the end of US internet hegemony

richardcox13

The Halting Problem Applies to Verification of Computer Systems

From the first page of the article:

> So what's your solution?

>You can imagine some future technology where you can prove assurance, where you

> can prove that a piece of software or hardware does what you believe it does and

> nothing more. That's not beyond the realm of possibility.

Wrong. It is beyond the realm of possibility. I would have expected Bruce Schneier to be aware of the halting problem. Turing proved that there is no possibility to provide a procedure that will determine if a given program will halt (terminate). As any specific action can be mapped to termination (when X happens halt) you cannot prove it does or does not do something.

2
0

Github brews text editor for developers

richardcox13

Re: Umm, what?

If notepad is sufficient for your – clearly limited by definition – text file editing needs, then stick with notepad.

For those of us who work with non-trivial text files, there are lots of options: this has a lot to live up to.

And yes, it does sound rather like that everything is programmable/customisable approach of Emacs and other editors that have survived for more than a few update cycles. This is no bad thing: just because it is an old (relatively) idea does not mean it is a bad idea (equally a new idea is not automatically a bad idea).

2
0

Microsoft tries to re-invent GPS with cloudy offloads

richardcox13

Re: Does it really take that much power?

> Maybe GPS used a lot of power a while ago but I assume all that calculation is now handled by dedicated logic

True for some dedicated devices certainly.

But it seems smart-phones (and, based on experience of battery life when not plugged in, car sat-nav units) don't have such specialist hardware, rather using their CPUs to perform the calculations.

Just calculating the position wouldn't be too bad, but then that calculation is done repeatedly to track position and velocity changes, then transforming and laying out the map display in real time to match…

0
0

Collective SSL FAIL a symptom of software's cultural malaise

richardcox13

Re: So what's the solution?

Your third paragraph is why. Mono-culture is bad, however much better that one is currently.

(This is why I am glad IE and Firefox do not use Webkit: everyone using one browser engine would just lead to a repeat of the first browser wars with Webkits' defects being the new standard.)

2
0
richardcox13

Re: Goto

Using goto when goto is the best approach (such as a series of tests with shared non-trivial clean-up) is reasonable. It would be possible to fake the gotos with breaks in a do...while (false) one-shot loop but that is a significant abuse of a loop (and the one-shot nature is hidden at the bottom).

In this case a boolean tracking hasFailed and checking in each test would be reasonable, but if the existing tests are more complex the addition of checking that boolean adds to the complexity.

In the end the pattern of a series of tests with a fall-out to common clean up is seen often enough the pattern is recognised and thus the code easier to understand.

Remember Dijkstra's paper (it is worth the effort to read) is about the overuse of goto when there are better alternatives. Too many people see the title without reading the content and thus "ban goto".

All that said; in more than two decades of professional programming I've use goto twice (C++'s ability to do cleanup in a destructor of local objects really helps).

9
0

Page:

Forums