* Posts by Simon Blakely

45 posts • joined 20 Jun 2008

How to (slowly) steal secrets over the network from chip security holes: NetSpectre summoned

Simon Blakely

Given that this is a sidechannel attack on network response via a SPECTRE gadget, the logical defense is to make all network application responses constant-time. So pick the longest possible response time, and force all the network responses to wait that long.

Or just add some random jitter (possibly about the average of half the difference between a speculative and non-speculative lookup) into the response time at the network packet driver- you will increase the average network response time by some small figure,but you destroy the network side-channel.

Any resolution to SPECTRE class sidechannels means impacting performance - the only question is the cost to do so, and whether that cost is acceptable.

Sysadmin figures out dating agency worker lied in his profile

Simon Blakely

Re: Password?

>>passwords must be at least 9 characters, contain upper and lower case characters, and at least one number and one non-alphanumeric character

> Yes, that's a good point. I personally cannot think, with the hindsight of experience, of a common scenario where those complexity rules would be helpful (save, perhaps, where it is known / required that the user have a password manager?)

The most common scenario is because some lowlife hacker has obtained a copy of your SAM/passwd/shadow files and is attempting to run a dictionary attack or rainbow table on it to steal authorised access. Those complexity rules increase the attack space significantly, and can easily be the difference between a hack in reasonable time, and a hack that fails because password expiry has made the attempt moot or the computational requirements are too great.

Adding capitals into a 1-9 character alpha-numeric password (no symbols) increases the search-space by an order of magnitude or two for NTLM hashes.

Longer passwords are actually much better at increasing complexity - thus a new trend of passwords being strings of unrelated words - "correcthorsebatterystaple" (https://xkcd.com/936/). Much harder for hackers to attack in reasonable time.

NASA tried turning lost spacecraft STEREO-B off and on again... but it didn't work. True story

Simon Blakely

Re: "... and the months and years tick by"

If it isn't orbiting, it is falling or leaving - no other choice.

At 940 million km out from the sun (earth orbital distance), you *have* to be moving at 108000 km/h (orbital velocity), or you will be changing distance to the sun (either closer or further away).

And Galileo demonstrated, the acceleration of a falling object is the same independent of the mass of that object.

And how do you plan to "stop" your station in place relative to the sun - after it is launched from earth it is travelling at 108000 km/h around the sun. That is a massive velocity to try to lose. The Juno probe went faster, but it used close-pass gravitational slingshots and time (tears) to trade that existing velocity into a greater velocity in another direction.

Also not a rocket scientist, but physics 201,202 and 203

Boffins unveil 500TB/in2 disk. Yeah, it's made of chlorine. -196˚C, why?

Simon Blakely

I know it is very cool (hah), but I'd really like to know the Data Write/Read rate ...

STMs are not known for their speed

BOFH: Thermo-electric funeral

Simon Blakely

Re: I prefer the EtherKiller.

That was the BOFH ...


"I blame the Ethernet Isolation specs. 3KV my backside!"

BOFH: Sure, I could make your cheapo printer perform miracles

Simon Blakely

Lexmark laser prints ca. 1991

Back in the early 90's, we purchased a number of Lexmark laser printers. They were pretty good, but one had continual issues with grabbing a massive wadge of paper from the tray and regularly munting the feed roller. We could not understand why this kept occurring, until we sat with the secretary who had done this several times and watched her reload the tray. As she reinserted the tray into the printer, we saw that she flicked it slightly sideways - checking the tray mechanism revealed that the paper was only held in place on one side, and a small lateral force was sufficient to dislodge a pile of paper, ready for the next pickup.

Suffice to say, we didn't stick with Lexmark as our printer supplier.

Did North Korea really just detonate a hydrogen bomb? Probably not

Simon Blakely

Re: unbombified?

> Wouldn't it be easier to rig up some cannons (or rail-guns, but ignore

> that) containing non-critical fissile material, point them all at a target

> (which may include a second-stage mechanism intended to achieve

> fusion) and then synchronise all the shells to fire at once. It should

> produce the same effects as an equivalent bomb (and will probably

> be easier to rig than precisely-shaped charges) but probably a lot

> easier to set up.

Not a hope. The timing required has far closer tolerance than such a rig could achieve. Any uneven density in the fissile mass will cause a "fizzle" (partial detonation). At any speed high enough to avoid premature fission, the shells would splatter each other into fragments and not achieve critical mass.

Doctor Who: Even the TARDIS key can't unpick the chronolock in Face the Raven

Simon Blakely

Re: I like ravens.

They're only in it for the eyeballs ;-)

Will IT support please come to the ward immediately. Weeeee have a tricky problem

Simon Blakely

Re: White Ants eating silicon

> The white ants there love eating silicon - don't know if that is true for all white

> ants. Scuba diving mask seals were their delicacy

Scuba diving mask seals are *Silicone* (a flexible polymer of Silicon and Oxygen atoms) - not the same thing as silicon at all.

> but if none were available they'd happily munch through silicon circuit boards.

Printed Circuit Boards are not made of silicon, either. Fibreglass reinforced Epoxy resin is the usual PCB substrate.

Any actual silicon (in a transistor or integrated circuit) would have been encased in some sort of metal, ceramic or plastic packaging.

Post-pub nosh neckfiller: Southern biscuits and gravy

Simon Blakely

First up, the above-mentioned Red-eye Gravy (https://en.wikipedia.org/wiki/Red-eye_gravy) may contain coffee, which is an abomination in any dish.

Second, in many parts of the world (UK, NZ) we expect our gravy to be somewhat stronger flavoured than the US seem to like it. I have had some pretty tasteless "gravy", so the addition of stronger flavour components (bacon grease, cheese, onion, garlic etc) would be welcome, to get that real strong taste.

In other words, I like the concept, but I'd rather execute it myself. With good fluffy biscuits/scones/dumplings or over fried potato/hash browns, it is pretty yummy after a hard night.

'The server broke and so did my back on the flight to fix it'

Simon Blakely

One of the worst backaches I ever had was due to taking a rack-mount Compaq UPS on site for installation, and finding that the local IT contact (on whom I had been relying on for additional muscle) wasn't there, and in fact, the only person on site was the wee lass in reception.

They did (fortunately) have a trolly, but manhandling 50+ kg of lead acid batteries from the car to the trolley and from the trolley into the bottom of the rack had me laid up for an entire weekend. I seem to recall the sodding thing slid off the supporting rails as I fitted it at one point, and I had to pull it back out of the rack and refit.

Version 0.1 super-stars built the universe – and they lived all the way over there, boffins point

Simon Blakely

Re: Question

When elements coalesced from the Big Bang, (https://en.wikipedia.org/wiki/Big_Bang_nucleosynthesis) the elements formed were Hydrogen (and isotopes), Helium (and isotopes), some Lithium-7 and some Beryllium-7. Not all these isotopes were stable, and so decayed back to Helium or Lithium.

So Population-III stars are most probably the earliest possible.

Audi TT: It's NOT a hairdresser-mobile, the dash is too flash

Simon Blakely

Re: Shall I just get my coat?

It is a nautical term ...


Rosetta probot drilling denied: Philae has its 'leg in the air'

Simon Blakely

Philae has not so much landed as matched orbit at zero altitude. The ice screws, harpoon and top thruster were all intended to assist in the process of sticking it to the surface in the absence of gravity and uncertainty about the surface conditions. Two of those systems did not work as planned, and without the top thruster, firing the harpoon again could send it skittering about and out of contact with the comet. They will take that risk when they believe it is worth it - until then, science.

Painfully trendy: Someone just spent $200k on ebola.com

Simon Blakely


Going viral in 3 ... 2 ... 1 ...

Leak: Intel readies next round of NUC

Simon Blakely

Noisy Audio

The noisy audio is probably a consequence of the switch mode power supply and an earth loop. The trick is to isolate earths - preferably with an audio ground isolation device (sometimes called a hum eliminator). This isolates the ground plane of the amplifier/TV from the computer ground plane.

This is fairly essential in computer audio applications - it would be nice if manufacturers designed computer kit with audio isolation (either balanced transformers or opto-isolation), but you can get a stereo device for about 20 pounds. Add some suitable cables and you are away. Not sure how you can do this with HDMI audio, though.

IoT cup claims 'instant' identification of what's in it

Simon Blakely

Tracking hydration levels ...

Seems they have missed a trick for tracking hydration levels - I have no doubt that the clever cup sensor can also track how much and how concentrated a users urine is to get really accurate information on their hydration ...

TrueCrypt hooked to life support in Switzerland: 'It must not die' say pair

Simon Blakely

I think, at this point CryptOrchid might be appropriate, because the point of hidden disk encryption is to show that there is nothing there.

Recommendations for NAS-based home media set-up

Simon Blakely

My rig starts with a Linux Server (AMD E-350 dual-core, 4Gb RAM, 1.5Tb disk mirrored). Fanless, silent and sub 40 watts power drain. Only the disk light lets me know it is running. I use SME server and have installed Serviio DLNA server, Sickbeard and SABnzbd among other things. Anything I have watched and wish to retain gets archived off onto an external disk - otherwise it gets deleted - I can re-download if I so wish.

For playback, I did use a Sony BDP-S390 Blueray with DLNA and Internet services (Youtube, iPlayer etc) that only cost GBP100 a few years back. Worked a treat. Now I have moved back to NZ, I'll need to remove the region lock as my DVD collection gets increasingly mixed. My new region-free Blueray player from NZ does not do DLNA and has pointless internet services, so I lost out there.

I also have a G-Box Midnight Android or XBMC capable device (using wireless N). This is currently running android, and runs DLNA content OK via 2player. The thing that does annoy me is that the AV socket with audio out is bloody noisy - I wanted to use it as an audio player directly to the stereo so my wife could send a playlist from her phone without having to have the TV on. Maybe when I get a Home Theater Receiver I'll be able to do that. I also have a Pi with XBMC, but I need to do a bit more work with that.

The whole system is tied together with a Logitech Harmony universal remote - slightly awkward to program, but allows multiple device control without switching, so is much easier to use for technically inept family members.

BOFH: He... made... you... HE made YOU a DOMAIN ADMIN?

Simon Blakely

Not just NT apps ...

Many years ago (15, I guess), I was involved in a Y2K project - I was PC app packaging, but one of the other running projects was an upgraded Hospital system running on VMS. After I packaged the Terminal Emulator, I tested it on the pre-prod system. Everything seemed to work, but I wanted to push a little deeper. So while playing I crashed the app (I don't remember how, it may have happened by accident, but I may have done it deliberately), and found myself at a VMS DCL prompt. Curious (and possessed of some VMS skills from a former life), I set out to find out what rights I had in the system - full admin access for the account the application was running as.

So I wrote a note to the System Manager pointing out how an error in their shiny (and very expensive) new platform had allowed a normal user full Admin access to the VMS system, and how easy it would be to trash the entire thing in a few lines of DCL. I don't know if they ever restricted the rights of the application user - it would have been a piece of cake in VMS, as it had superb rights management, but I steered clear of that particular team and app for a while.

Bletchley Park spat 'halts work on rare German cipher machine'

Simon Blakely

Bletchley Park/TNMOC

Before repatriating to NZ from the UK late last year, I made the trip to MK to visit both BP and TNMOC. I was well aware that they were separate organisations before I set out, so there were no surprises on that score.

For a geek like me, TNMOC was awesome. Hands on, all the classic computing hardware from my youth, and cool flashing lights (I loved the Decatron). I saw Colossus and Tunny. I had a happy morning wandering, playing and chatting to the volunteers (and even got to help boot a classic Unix CAD system). It was really cool, and worth the trip on it's own. However, for all the love and technical skill on display, it was obvious to me that TNMOC needs more investment and space.

Then I headed to Bletchley Park - more expensive, but more going on. I knew many of the details, so I decided to forgo a tour, and just wandered round by myself. There was lots to see, but the displays were a bit busy, and the information panels were small and a bit wordy. It was less interactive, and I ended up considering it pleasant for a visit but not enthralling. It also needs investment, but it also needs better management and organisation. Sadly, from the recent commentary, it may not get either.

However, I do suggest doing both. The Bletchley Park ticket did allow a return visit, and I am sure the guided tours add more value. And the grounds are nice if the weather is good, and a picnic/walk would be a great use of time. The current management may be prats, but there is a story being told at the park that should be experienced. But TNMOC is just great.

German frau reports for liver transplant clutching bottle of vodka

Simon Blakely

Re: compel the donation of organs without opt out

It isn't always that simple. I would like to be an organ donor, but due to a bit of bad luck as a child, find myself in the position that I cannot be a donor, but could (in the future) require an organ from one.

Would I be ineligible because I can't be a donor?

Actually, the miracles of modern pharmacology mean that if I stay on the antivirals (at some not inconsiderable cost to the health service of my home nation) this will never happen, but a few years ago, that was a distinct possibility.


Simon Blakely

Re: serious question - not to be confused with earlier comments/screeds

Space isn't empty - not even intergalactic voids. So if there are antimatter galaxies/galactic clusters, there has to be an interface between volumes that are primarily matter and primarily antimatter. And galaxies do collide, so some of those events should be matter/antimatter collisions. At these interfaces/collisions, matter and antimatter will annihilate, emitting gamma radiation at distinctive energy levels. People have been looking for this gamma radiation, but it has not been observed. So astronomers conclude that such annihilations do not occur, and that galactic masses of antimatter probably do not exist within our observable universe.

Xerox begins rolling out patches for jumbled-numbers copier glitch

Simon Blakely

It is JBIG2 (http://en.wikipedia.org/wiki/JBIG2) and was designed by a legitimate Standards group (http://en.wikipedia.org/wiki/Joint_Bi-level_Image_Experts_Group). Xerox may be responsible for the aggressive glyph-matching bug, though.

Many of these documents will be from paper to PDF scans, and there is no way back or any ability to determine if changes have occurred. The good news is that any in-machine OCR did not use the compressed images, so OCR data may be better than the image.

UK mulls ban on tiny mobiles to block prison smugglers

Simon Blakely

There is a project to implement technical cell phone control in prisons - but it is not simple or trivial.

The cost to faraday shield prisons would be huge and probably pointless - there are easy solutions to bypass physical shielding.

Electronic methods are just as hard. Imagine the media outcry if members of the public outside the prison boundaries discovered that their calls had been monitored by prison officers or simply jammed due to security concerns. It is very hard to manage controlled RF coverage within a specific area - if environmental conditions change, then the covered zone could grow or shrink by large amounts. The same applies to RF triangulation - there are too many reflective surfaces and distorting materials to accurately localise a transmitting device quickly, and a simple external aerial on a wire would provide a prisoner enough time to disappear a phone somewhere secretive.

However, there needs to be a legal framework for such communications control as well as the technical solution. Currently no jamming is legal - there needs to be some legal method for this to occur, even for the government.

So the fastest approach to reduce the supply of these small phones are via the routes suggested - electrical safety and trademark law. It is intended to slow the supply of these devices _until_ technical measures can be taken to prevent the use of these phones in prisons.

There is no requirement for staff or visitors in a prison to use mobile phones - goes with the territory.

Soylent days and soylent nights

Simon Blakely

My evening food intake usually consists of a smoothie

200 ml water (ice)

200ml whole milk

200gm fresh yoghurt

30gm scoop whey protein

1 banana (and/or other fruit, strawberries are in season at the moment)

1 breakfast wheat biscuit

Blend, thin with water. It makes about 1 litre, is tasty (strawberry flavour yoghurt and whey protein) and filling - I don't need anything else to eat. I do this most days after I go to the gym. I sometimes add a spoon of peanut butter and/or chocolate flavouring.

Of course, I consider a bacon roll an essential part of a healthy diet (two rashers, wholemeal roll, no spread, brown sauce). Also filling, which is half the battle.

British games company says it owns the idea of space marines

Simon Blakely

As noted above - GW have a trademark for "Space Marines" in the software and tabletop gaming areas.

Unfortunately, an e-book qualifies as software not as a book - this is why the paperback is still available and the e-book is not. And (as noted) GW had to take action to assert their claim in the appropriate area of business.

The real problem is that the legal profession does not know where to draw the line between software and books, particularly when those books are electronic.

Android gets tipsy on Wine, runs WINDOWS apps

Simon Blakely

The really clever part of this *could* be the GDI work - much of WINE is the translation of GDI graphics operations into X-Windows calls. Obviously to do this on Android means replacing all those X-Windows operations with the Android display driver primitives. Abstracting this out (with all the attendant hacking to make things match up) gives some hope that as display systems like Wayland start to deliver, WINE will be using native calls (as opposed to WINE calling the X-Windows translation layer on top of Wayland).

Of course, it may just be all done on top of FrameBuffer, or using HTML canvas. In which case it will always be slow.

Cameron defends U-turn on web filth ban, leaves filtering to parents

Simon Blakely
Big Brother

David Cameron has (in a tactical move) shafted Claire Perry. He has give her the job of managing a task that is technically impossible and the ISPs/OS manufacturers will not support. He looks like he is supporting family values, but she will fail and fall while Mr Cameron can (hand on heart) state that he supported the proposals but as Ms Perry has not been able to deliver, he is very sorry and discussions will continue, while the DM and others turn like starving wolves on the unfortunate Claire and rip her and her career to shreds.

DC comes up smelling of roses, again.

Revealed: The Brit-built GRAVITY-powered light that costs $5

Simon Blakely

The point of this design is that (unlike the solar/crank systems other posters are suggesting) there is no rechargeable battery - obviously a deliberate design decision chosen by the designers.

So why make this choice -

cost (good longlived rechargeable batteries add cost and complexity to the electronics)

longevity (rechargeable systems have a finite lifetime - I have solar garden lights that lasted less than a year)

maintenance (fewer moving parts and simpler electronics)

no delicate solar panels that have to be cleaned/aligned to the sun/cabled to equipment/stop working in the rainy season.

I think the design is simple, easy and safer than kerosene lamps, and a better solution than more complex designs.

Stob on Quatermass: Was this British TV's finest sci-fi hour?

Simon Blakely

@TMK > Shame the article doesn't mention the shockingly prescient 70s John Mills Quatermass serial made for ITV.<

Huffity puffity ringstone round

if you lose your hat it can never be found ...

Images from that show are stuck in my head even now, 30 years on. Prescient, indeed.

Humax YouView DTR-T1000 IPTV Freeview PVR review

Simon Blakely

Youview FAIL

I thought YouView was intended to be a consolidated IP service with defined standards for UK catchup TV - so manufacturers could support ALL UK broadcasters with a single application.

As it is now, SmartTV/IPTV device manufacturers have 4 majors players to support (iPlayer, ITVplayer, 4oD, Demand 5). You could get a YouView settop Box with whatever other features you wanted, but it was the integrated backend interface that was important.

The product that has been produced is nothing like that, and seems to be absolutely rubbish.

Boffins uncloak G-rated teledildonic breakthrough

Simon Blakely

So, how long before someone interfaces this with a Roomba...

Not so fast: Italian boffins say neutrinos not faster than light

Simon Blakely


There is NO TUNNEL. Neutrinos do not interact with matter, so the planet may as well not be in the way. They can barely detect the ones they do spot. With the revised experiment, they have been generating neutrino beams every 524 nanoseconds for 2 weeks (2 trillion events) and detected 20 neutrinos in Italy.

The real problem is that OPERA does not have a detector at the source as well as at the destination so that events could be correlated (you would have to have far more events to get a statistical match, though). Other experiments (including FermiLabs) will have dual Neutrino detectors (although if the neutrinos start out skipping through other dimensions you possibly could never detect the neutrinos at the generation point).

Voyager 2 finally agrees to a long hard thrust

Simon Blakely


<Trekkie Geek Mode>

V'ger was Voyager 6, lost into a Black hole

</Trekkie Geek Mode>

Kiwi gals swig shots of horse semen

Simon Blakely

Bit of a kiwi tradition, eh


Pint, because...

Six... budget Blu-ray Disc players

Simon Blakely

Serviio 0.5 for DLNA

@Tim Walker: ...a BIIIIIG caveat (which I've posted about here before): the S370 can't play MP4 (H.264) videos over DLNA.

I have used both Twonky and Serviio to deliver video over DLNA to my Sony S370.

Serviio 0.5 (just a week or so old) allows streaming of H.264 MKVs (by remuxing to m2ts) with no problems and minimal CPU load on the server.

Absolutely brilliant.

A Linux server OS that's had 11 years to improve

Simon Blakely

Another SME Fan

I am another longtime SME user, and I am really happy with it (and I push it a lot harder than most SME users). In spite of what Lee claims (without any actual experience of the product), SME is far more secure than an out-of-box distro server, because the defaults are secure and sensible - no external administration, no telnet, no SMTP relay, Spam and virus filtering, no CGI/PHP on the webserver unless you ask, ports blocked unless opened, no external FTP/SMB /webdav access unless enabled and secured. Anything you don't want can be disabled with a modicum of research if it is not immediately available from the admin interface. It might be a bit different to many distros, but it is not rocket science. You can upgrade packages directly from CentOS if you want, but it is a bit risky, as you may break a dependency. And SME8 may be a bit behind the curve (CentOS 5.5) but I suspect it will be upgraded fairly quickly once Centos 6 is out.

And manually modifying the system takes a bit of thought, but it can be done - I run a number of additional (non-contrib) services on mine that makes it ideal for home use - OpenXchange, DLNA, UPnP music, Media server, Newzbin downloader. It works reliably, has massive uptimes, and is secure. Believe me, I've checked from the inside and outside.


How an ancient printer can spill your most intimate secrets

Simon Blakely

add noise generator to printer

rather than an acoustic hood (expensive, big, traps heat, makes access awkward), just add a small speaker to the printer that generates acoustically similar random noise while printing - it will be no louder than the print noise itself, and will mask the acoustic signature of the print head.

NZ spider objects to Canadian's todger

Simon Blakely
Thumb Up

Pronunciation can be an issue

Yeah, but it makes living in a place like Whakatane more amusing.


Navy's £1bn+ destroyers set to remain unarmed for years

Simon Blakely
Black Helicopters

Why buy American

Maybe the MoD has got wary of purchasing cheap US kit, only to find that they have equipment that they cannot maintain or improve:

F35 - US not sharing avionics source code with partners

Chinooks Upgrade - unserviceable because source code not provided, so avionics downgraded.

So maybe purchasing an Aegis platform that gives the MoD no options but to accept what the US releases is not the best move. It may have also motivated the MoD to upgrade the aging Puma helicopters instead of getting locked into cheap Blackhawks.

2060: Humvee-sized, bulletproof meat-eating spiders attack

Simon Blakely

All you need is a hobbit

JRR Tolkien has much to say on the issue of dealing with Humvee sized spiders, and his solution only involves one small hobbit, a sharp knife (Sting), and either a ring of power (to make said hobbit invisible) or the Light of Eärendil (blinding the spiders).

So you had better hope that the anthropologists examining Homo floresiensis can extract enough DNA to start cloning the little buggers before the spiders get too big.

Swiss cops sniff out dope plantation on Google Earth

Simon Blakely
Black Helicopters

The Old Dope Patch in the Cornfields

That was the reason we never penetrated too deeply into the fields when picking corn as a youngster in NZ - you never knew which ones might have a pot patch in the middle. The cops would hire light planes during the summer.

And wandering through the pine forests of the Bay of Plenty could be downright dangerous.

Gov claims 'password protection' OK for sensitive docs

Simon Blakely

Ground-up security

Reports seem to indicate that the documents in question were emailed to the minister. If the email system was Outlook and using an OST, then the data is inaccessible without the correct user authentication details (as anyone who has tried to recover data from an OST knows). An Outlook PST is not secure - nor is any other email local store.

The real problem is that there is no complete bottom up approach to security. For a secure system, documents (of any type) must be stored in a management system that enforces classification, and any access must conform to that appropriate classification. Media transfers must also conform (to disk or printer), and so must any other process such as email.

Of course, there is actually no such system that integrates classification for applications, user devices and server solutions, and there will not be while the Govt insists on buying COTs solutions. And the only way such a solution could be integrated would be via the Open Source community, where the ability to see and modify everything at the source code level for a customised solution beats the non-free world where you would have to get several hundred vendors to co-operate.

And that does not stop someone walking out of Whitehall with a printed copy of a secret document and leaving it on the train - when will printer paper with embedded RFID tags be available so they can be stopped at the door?



Biting the hand that feeds IT © 1998–2020