* Posts by Duncan Macdonald

588 posts • joined 20 Mar 2009

Page:

Geiger counters are so last summer. Lasers can detect radioactive material too, y'know

Duncan Macdonald Silver badge

False Alarms

Overly sensitive radioactivity detectors make nuisance false alarms easy. Uranium is not difficult to obtain in small quantities (over 2000 uranium glass objects are on sale on eBay for example). A few milligrams of a uranium compound on the outside of a container will give as much of a signal as a large quantity of radioactive material shielded inside the container.

Falling NAND prices to drive NVMe SSD uptake, say industry watchers

Duncan Macdonald Silver badge

SATA SSDs

SATA SSDs will continue to exist as easy to add storage upgrades. Adding a NVMe drive is difficult for most systems that only have motherboard provision for a single NVMe drive. (Replacing the OS NVMe drive with a larger one is decidedly non-simple for a non-technical person - especially with only one NVMe slot available.) Adding a SATA SSD is however very simple.

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Duncan Macdonald Silver badge

Re: Industrial Network Security...or lack of....

They MUST be air-gapped - however the execs often demand network connection as when things are going well they can make a bit more profit by having faster response to changes - then they lose all that profit (and more) when things like this happen.

Having the control networks connected to the internet is like making more profit on ships by not having enough lifeboats (as on the Titanic).

Samsung slings the skinny on its 12GB GötterDRAMmerung for next-gen smartmobes

Duncan Macdonald Silver badge

Desktops ?

If Samsung can squeeze the memory into such a small space - how long before low end motherboards again have soldered memory rather than sockets. (One or two 8GB packages with the interface changed to DDR4 instead of LPDDR4X would suffice for the majority of PC systems.)

If you're worried that quantum computers will crack your crypto, don't be – at least, not for a decade or so. Here's why

Duncan Macdonald Silver badge

Re: If you need it kept secret

I suspect the "proof" to be flawed. Imagine a simple stack of 2 encryption methods - ROT13 and AES 256 - the encryption strength given by the AES 256 would not be adversely affected by the trivial ROT13.

Assuming different encryption methods with different keys then at a minimum the strength of stacked encryptions should be the strength of the strongest encryption. If all the encryption methods are good then the effective key length should be equal to the sum of the individual key lengths.

Duncan Macdonald Silver badge

If you need it kept secret

Use a one time pad. This is the only encryption that is known to be unbreakable (provided that the one time pad is kept secure).

An alternative approach that will drastically increase decryption cost for attackers :-

Use a three stage encryption - pad the message to a multiple of 16 bytes and insert 16 random bytes at the start of the message - first stage normal (eg AES 256) encryption and append 16 random bytes to the end of the message - second stage reverse encryption (starting at the last byte proceeding to the first byte) using a different encryption (eg Blowfish) and insert 16 random bytes at the start of the message - third stage normal forward encryption using another encryption method (eg Serpent).

As the input to the last 2 stages looks like random noise, conventional decryption attacks (even chosen known plaintext) are highly unlikely to be able to succeed.

(The reason for the reversed encryption in stage 2 is to make all the bytes in the encrypted message depend on all the bytes in the original message as well as on the 48 random bytes.)

Take Note: Schneider's teeny-tiny Galaxy VS li-ion UPS set to explode onto data centre scene

Duncan Macdonald Silver badge

Re: Inflamable means flammable?

Big UPS systems (upwards of 50kWh) use vented lead acid batteries - not sealed units. The lifetime of properly maintained vented lead acid batteries is far longer than for sealed lead acid batteries.

In submarines the problem was that sulfuric acid and seawater react to produce chlorine gas.

SLA batteries are used in smaller installations where there is unlikely to be competent battery maintenance.

Duncan Macdonald Silver badge

Re: Fire Risk ?

It is true that Lithium iron phosphate batteries are less of a fire risk - however they have a lower energy density than Lithium cobalt oxide batteries. This lower energy density is enough to make even companies that should know better decide not to use them. (Boeing on its 787 Dreamliner for example.)

Duncan Macdonald Silver badge

Fire Risk ?

Lead acid batteries have a VERY big advantage over Lithium ion for UPS use - they do NOT catch fire. A Lithium ion battery large enough to power a 100kW UPS is a big firework waiting to ignite. Like a firework - once ignited the external atmosphere is unimportant - it will continue burning in CO2.

If such a Lithium ion battery is to be used then it needs to be in a separate fireproofed room away from the rest of the IT equipment. The battery should not be in the same room as the UPS so that a battery fire does not drag down the mains supply to the IT equipment.

(Large lead acid batteries are normally in a separate room to stop acid fumes from damaging equipment.)

You've been dying to know. Here's the answer: The Milky Way tips the cosmic scales at '1.5tr' times mass of the Sun

Duncan Macdonald Silver badge

MOND ?

The assumed mass for the Milky Way depends on dark matter. If the MOND theory is correct then instead of dark matter there is a departure from 1/R^2 gravitational field at low field strengths. This would leave the Milky Way with a much smaller mass (around 200 billion solar masses).

As dark matter has yet to be proven, the paper should start with the big warning that it depends on the dark matter theory being correct.

(MOND theory - see https://en.wikipedia.org/wiki/Modified_Newtonian_dynamics)

SPOILER alert, literally: Intel CPUs afflicted with simple data-spewing spec-exec vulnerability

Duncan Macdonald Silver badge

Re: A simple mitigation

When untrustworthy JavaScript has to be executed - do it in a VM running a Linux Live CD (no persistent storage) - kill the VM after using the site. This will protect against the majority of JavaScript nasties (but not Spectre/Spoiler/Meltdown unfortunately).

If you need maximum possible security - use a separate PC with no hard disk running from a Linux Live CD and shut it down after visiting the suspect site. (Inconvenient as hell but immune to all known software nasties.)

Adi Shamir visa snub: US govt slammed after the S in RSA blocked from his own RSA conf

Duncan Macdonald Silver badge

OpenPGP

As OpenPGP has been available for years and has strong (not backdoored) encryption, any attempt to block terrorists from using strong encryption is completely futile.

(The even older completely unbreakable encryption technique - a one time pad - is also possible - and you can store a huge one time pad on a MicroSD card.)

Cheap as chips: There's no such thing as a free lunch any Moore

Duncan Macdonald Silver badge

Re: HDD vs decent SSD

SSD advance failure warning - normally NONE.

If you do see any failure on an SSD - expect it to brick very soon.

Keep backups!! If a disk (HDD or SSD) fails (or a data corrupting bit of malware strikes) then the only thing that will save your work is a recent external backup.

Official science: Massive asteroids are so difficult to destroy, Bruce Willis wouldn't stand a chance

Duncan Macdonald Silver badge

Escape velocity

The escape velocity for a 25 km diameter asteroid (assuming it is spherical and the same density as the moon) is just slightly over 17 meters/sec (38mph). A lot of the blown off bits will have a velocity relative to the asteroid greater than this so will not be recaptured.

(The impact energy is equivalent to over 9000 megatons of TNT (!!!) so the broken off bits will not be moving at slow speeds.)

Qbot malware's back, and latest strain relies on Visual Basic script to slip into target machines

Duncan Macdonald Silver badge

Re: VB Script

I used it for a basic automation job at work before PowerShell was created (a few trigger buttons on an Excel spreadsheet). Like PowerShell it is however grossly overpowered for normal use.

Both PowerShell and VBScript should be optional components that are only installed if the user accepts a warning message.

Chrome ad, content blockers beg Google: Don't execute our code! Wait, no, do execute our code – just don't kill us!

Duncan Macdonald Silver badge
Flame

The real reason

For Google wanting to make the changes is that ad-blockers are winning the war with the advertisers and it is the advertisers who give Google its large profits.

After the "discussion" the result will still be that Chrome will not do as good a job in blocking rubbish as it does at present when ad-blockers are used.

OK, Google? Probably not! EU settles on wording for copyright reform legislation

Duncan Macdonald Silver badge

Hard Brexit please

Then this bit of crap should not adversely affect the use of Google and YouTube in this country.

For the news in the rest of the EU, I would suggest that Google just buys a right to publish the Reuters news feed - leave out all links to the EU news sites and watch them drown in debt.

How do you like them Apples? Tim Cook's iPhones sitting in the tree, feeling unloved by the Chinese

Duncan Macdonald Silver badge

Overpriced

You can buy the Xiaomi Pocophone F1 with 6GB RAM and 128GB ROM for £330 (including 20% tax) from Amazon UK. This model has a Snapdragon 845 SOC making it one of the fastest Android phones. Comparing this to the latest Apple Iphones

Camera - Iphone is somewhat better in low light

Display - Iphone OLED display is a bit better than the F1 IPS display

Wireless charging and NFC - only on the Iphone

Headset socket - only on the F1

Back - Glass on Iphone Plastic on F1

Games performance - the latest Apple SOC is somewhat faster than the Snapdragon 845

SD card - only on the F1

PRICE - the F1 costs £330 the Iphone X with 256GB costs £949

So for less than $100 dollars difference in manufacturing cost, Apple wants a markup of over $790.

I think that customers are waking up to the fact that Apple's phones are way overpriced and this is the main reason behind the fall in sales.

Oh Snapd! Gimme-root-now security bug lets miscreants sock it to your Ubuntu boxes

Duncan Macdonald Silver badge
FAIL

Re: Who the hell uses Linux

Linux is the worlds most used operating system - it way outnumbers all versions of windows and IOS put together. All Android phones have Linux as the underlying OS. Many small gadgets (media players etc) use Linux. Add in the server and desktop use of Linux and you have quite a large user base.

Oracle accuses US of underhand tactics because discrimination case 'doomed to fail'

Duncan Macdonald Silver badge

Oracle - innocent ???

When the facts are against you - argue the law

When the law is against you - argue the facts

When both the facts and the law are against you - pound on the table and make speeches

Oracle seems to be at the pound on the table and make speeches stage.

Viasat: Huzzah, we're going to the EU courts over airline broadband

Duncan Macdonald Silver badge

Re: EU fail.

Satellite bandwidth is highly unlikely to become dirt cheap. There is only a limited range of frequencies available for satellite to ground communications. Add to that the size limitations of satellites restricting the number and directionality of the onboard antennas and similar limitations on the aircraft and the available bandwidth per plane will probably be well under 1Gb/sec no matter what technology is used. Ground stations do not have the same limitations so it makes sense to use them where possible.

El Reg eyes up Article 13 draft leak: Will new Euro law give Silicon Valley more power? Some lawyers think so

Duncan Macdonald Silver badge

Re: Why bother

Yes - it has produced very worthwhile maps and street view and also google earth. It is by far the best search site for most searches. YouTube is also very useful as a background music application as well as a source number of original videos (eg the videos on lock picking by bosnianbill).

I agree that it enables a lot of advertising (NoScript and AdBlockPlus tames this fairly well) but it does at least give some value for its advertising.

Duncan Macdonald Silver badge

Why bother

If the directive goes ahead, the net effect will be to transfer money from Google etc to UMG etc. Do not expect the money to reach the performers - it will just go from one set of shareholders to another set of shareholders.

Andrew is of course in favor of the directive being as harsh as possible as he seems to hate Google. (What was the last time that he praised anything that Google did?)

Fake fuse: Bloke admits selling counterfeit chips for use in B-1 bomber, other US military gear

Duncan Macdonald Silver badge

IC marking

With most ICs having just a basic printed label on them, replacing high grade military spec components (certified to work from -50C to +100C or better) with commercial ones (rated for -20C to +70C) is easy. The only way to avoid this is to NOT buy from middlemen that are not certified by the manufacturer of the products. (Recycled ICs should be detectable by close inspection as the soldering and desoldering operations will leave traces on the IC contacts.)

As with aircraft parts, military parts that need the ability to work in extreme environments should be tracked from the manufacturer through to the final assembly. This of course had the unfortunate effect of raising the price horribly (10x versus commercial equivalents is not uncommon).

Our vulture listened to four hours of obtuse net neutrality legal blah-blah so you don't have to: Here's what's happening

Duncan Macdonald Silver badge

Re: Ultimately Congress is going to need to act

The big companies LIKE the rules being fuzzy. It means that they rarely get called out for their actions and if they are then the penalties are usually trivial.

Ad-tech industry: GDPR complaint is like holding road builders to account for traffic violations

Duncan Macdonald Silver badge

Re: Advertisers and Salespeople - YES

Politicians and Lawyers make Advertisers and Salespeople seem innocent.

Iceland starts planning for new undersea internet cable to Europe

Duncan Macdonald Silver badge

Not surprising

That the Cantat-3 link is not shown - a 5Gb/sec link is totally insignificant compared to the 5.2Tb/sec Danice link.

My chemical romance drowns tomorrow's money, warns TSMC: Chip maker's yields rocked by bad batch

Duncan Macdonald Silver badge

Chemical purity

Many of the chemicals used (even the water!!) are supposed to have impurity levels in the low parts per billion range. If, due to a supplier fault, one of the chemicals only has a purity of 99.9999% (1 part per million impurity) this could mess up a large batch of wafers before the problem was detected. The fab would then need to clean out all the affected equipment from the storage tanks on before refilling with fresh (tested!!!) chemicals The fab would then need to run some test wafers to check that the problem has been cleared before resuming production

FTC gets back to work: Now, where were we? Break up Facebook and fine it $2bn, you say?

Duncan Macdonald Silver badge

Re: FTC hadn't imposed a single fine ....

Can YOU outbid them ??

If Big Business owns 80% of Congress then very little legislation will pass that would hurt them significantly. Only when one part of Big Business is in opposition to another part does "social justice" legislation have a chance.

A picture tells a 1,000 words. Pixels pwn up to 5 million nerds: Crims use steganography to stash bad code in ads

Duncan Macdonald Silver badge

Adblock Plus and Noscript

Or equivalents are a necessity for sane use of the internet these days.

If a site wants Javascript before it works then (with a very few exceptions) I will not use the site.

(If for some reason I have to then I fire up a Linux VM from a virtual CD - access the site then close the VM. Any malware downloaded to the VM is wiped with the VM shutdown (no persistent storage)).

Out of all the sites on the internet I have only whitelisted 53 domains in NoScript.

In my opinion - and site that serves malware (directly or indirectly by using an ad network that has malware on it) should be strictly liable for all damage caused.

Spektr-R goes quiet, Dragon splashes down and SpaceX lays off

Duncan Macdonald Silver badge

UK method is nicer

The UK method does give you time to look for another job while the pay is still coming in. It also allows time to arrange and hold a farewell party if desired.

The bosses do not like it because they are paying money for not much productive work but the (ex)employees have a slightly easier time financially - knowing that the pay will stop in 30 days is easier to deal with than if it stops immediately.

Duncan Macdonald Silver badge

Translations please

When you include a quote in a foreign language - PLEASE include a translation into English (or at least American !!) below the quote.

She will lock you out, livin' la Vidar loca: Enterprising crims breed ransomware, file thief into hybrid nasty

Duncan Macdonald Silver badge

Re: Information

Knowing the motherboard and BIOS version and Ethernet MAC address may give them the information needed for an future attack (some motherboard BIOS versions are vulnerable to crafted Ethernet packets - if the system has Intel "Trusted Computing" - aka NSA backdoor - with default password then you can own the system). Knowing how up to date the PC is with regards to patches gives an indication of how long a new zero-day exploit is likely to be of use against the system. Knowing which type of antivirus package is used makes it easier to design a new attack to slip by the package. The Office version helps in designing attack packages. Etc etc.

Duncan Macdonald Silver badge

Yet another reason to block ads

NoScript and AdBlockPlus (or equivalents) are required for sane use of the internet.

(BTW does the Register check all its ads to ensure that no nasties can creep in ?)

FCC tosses aside rules, treats Google to a happy ending following request for handy tech

Duncan Macdonald Silver badge

So what ?

The power level is tiny - +10dBm peak transmitter power is 0.01watt (10 milliwatts) - 2.4GHz WiFi allows 10 times the power 0.1 watts (100 milliwatts), 5GHz WiFi allows up 4 watts (4000 milliwatts) and 802.11ad (depending on use) allows 10 watts or more (at the same frequencies as the Soli equipment).

This seems to be a reasonable technical increase - the frequency band is so high (around 60GHz) that equipment not designed to operate at those frequencies is unlikely to be affected - this is unlike WiFi where much electronic equipment has components that can operate at the 2.4GHz frequency.

Dell EMC better watch out, HPE better not frown, Chinese server sales are talk of the town

Duncan Macdonald Silver badge

Another nice thought for Intel

The Chinese internal server market might well use the licensed copy of the AMD EPYC from Hygon if ARM is not suitable. Either way Intel loses.

Ho ho ho! Washington DC sends Zuckerberg a sueball-shaped present

Duncan Macdonald Silver badge

Now EU use GDPR

A fine 10% of FB global revenue (note revenue NOT profits) would be a good extra to add to FB woes.

They say software will eat the world. Here are some software bugs that took a stab at it

Duncan Macdonald Silver badge

Mismanagement

Mismanagement is the number one cause of software problems. There is an old rule for all types of engineering (including software) - Fast, Cheap, Good - pick any two.

If you want Fast and Good then you need to pay for a top flight programming team.

If you want Cheap and Good then you need to allow a lot of time to testing and bug fixing before release.

If you want Fast and Cheap then you must accept that the quality will not be Good.

With most systems the (mis)management choose Fast and Cheap - and then express surprise that the result is not Good.

A side note -

Any program that accepts user input must assume that the input is malicious until proven otherwise - input data must be checked for correctness before being acted on. This old principle of defensive programming seems to have been almost completely disregarded in modern software.

Amazon robot fingered for bear spray leak that hospitalised 24 staffers

Duncan Macdonald Silver badge
FAIL

Re: Risk assessment

WRONG - there should be as little as possible human contact with dangerous substances. Humans routinely fumble and drop items. For human safety keep them as far away as practical from dangerous chemicals.

Also it is worth noting that bear spray is not a very toxic material - it is very irritating but does not normally cause long term damage.

Falcon 9 gets its feet wet as SpaceX notch up two more launch successes

Duncan Macdonald Silver badge

Re: How do you launch 64 satellites from a single rocket?

Spring loaded - the satellites are loaded into spring loaded boxes and the door on the end is opened.

The standard CubeSat deployment box can handle satellites that are 1U (10x10x10cm) 2U(20x10x10cm) or 3U (30x10x10cm). One deployment box can handle 3U in total (one 3U or 1 1U and 1 2U or 3 1U). Multiple deployment boxes can be carried to allow for deployment of multiple satellites. Unlike the deployment mechanisms for bigger (and much more expensive) satellites, these simple deployment boxes usually leave the CubeSats tumbling after release.

(CubeSats are limited to 1.33kg/2.66kg/4kg for 1U/2U/3U sizes)

Apple heading for Supreme Court showdown over iOS App Store 'monopoly' gripe

Duncan Macdonald Silver badge

Re: BTW: What is Google's cut of app sales at the Play Store?

However Android app developers can sell apps outside the Google store and some do. It is also possible to install an old version of an Android app from an apk file if you do not like something about the current version. (In my case I prefer the UI of an old version of Aldiko (a bookreader app) so I have the old version installed and do not update it.)

Duncan Macdonald Silver badge

Alternative App Store

If Apple allowed ordinary users to install apps from other stores then there would be no case against Apple. It would be perfectly possible for Apple to allow third party stores with a warning (just like Android gives a warning when installing an apk from a third party). However Apple makes a lot of its money from its app store so it will not give users the choice until it is forced to. (After all if it lost then it might find its share price dropping !!!)

It would not surprise me to find Apple trying to find out how much it takes to bribe a group of judges.

Comparison sites cry foul over Google Shopping service

Duncan Macdonald Silver badge

FairSearch !!

Counsel for FairSearch, which represents the sites Naspers and Oracle.

The sole legal control and the majority of the funding for FairSearch comes from Oracle and Naspers.

(See https://www.politico.eu/article/oracle-naspers-fairsearch-google-lobbying-europe-antitrust-android-competition-margrethe-vestager/ for details.)

Net neutrality is heading to the courts (again): So will the current rules stand or be overturned (again)?

Duncan Macdonald Silver badge

Hoping for sanity from the US Government

Is like hoping to win the top prize on EuroMillions (except that the chance is much higher with EuroMillions (1 in 140 million not 1 in a googolplex)).

OnePlus 6T: Tasteful, powerful – and much cheaper than a flagship

Duncan Macdonald Silver badge

No headphone socket - no sale

The Pocophone F1 is much cheaper - basically the same innards and does have a headphone socket.

Between you, me and that dodgy-looking USB: A little bit of paranoia never hurt anyone

Duncan Macdonald Silver badge

Re: USB bricker?

That is why I was saying zener diodes - a typical USB bricker sends a high voltage negative pulse down the data lines. Because of the small space in a typical USB key the actual energy is unlikely to exceed one joule per pulse. For a negative pulse a protective zener diode will be forward biased and will easily clamp the voltage to under one volt without being strained. (A discrete zener diode is a lot less fragile than a sub 1 micrometer transistor in an integrated circuit.)

(For a positive pulse a 5.5v zener will clamp the spike voltage to under 6v which is still low enough to protect the ICs.)

Duncan Macdonald Silver badge

A paranoid mount option ?

What is needed is a paranoid mount option for USB devices - the OS would report to the user what the device says it is but would not execute any code on the device. If the device presents as having storage then a full virus scan would be executed on the storage and the results displayed. The files (if any) on the device would not be accessible until after the virus scan and the user acceptance of the scan result.

To allow for the possibility of a USB bricker device, all data and power lines should be protected by zener diodes (clamp data to +5.5v/-0.6v and power to +(maximum charging voltage +1 volt)/-0.6v)

YouTube supremo says vid-streaming-slash-piracy giant can't afford EU's copyright overhaul

Duncan Macdonald Silver badge

Re: So what?

I watch a lot of YouTube videos - and as far as I am aware none of them are pirated. A badly thought out copyright rule may remove one of my best forms of entertainment (certainly better than the rubbish on TV). There are also a lot of instructional videos on YouTube - if they are removed because of the EU copyright rubbish then that will harm a number of people who use them.

A number of media firms use extracts or single songs on YouTube to advertise their products (Sony and UMG are among the companies doing this).

YouTube is also the shop window for a number of media companies who use videos on YouTube to show their capabilities to potential new clients.

There is also a lot of performances of out of copyright songs uploaded by the performing artist.

There is an old rule in law which should be applied - it is better that 10 guilty men go free than one innocent man be jailed.

(Most of the current commercial films and music is so bad that there is no point in pirating it - even party political broadcasts are better!!!)

Intel peddles latest Xeon CPUs – E-series and 48-core Cascade Lake AP – to soothe epyc mygrayne

Duncan Macdonald Silver badge

Re: 6 cores vs 32 ??

Only the E 2100 series is available at the moment - the CLAP series are not due before 2019.

I was therefore comparing what is available (as something other than a PowerPoint presentation!!).

(The correct comparison with the top of the E 2100 series is a Ryzen 2700X not EPYC.)

Duncan Macdonald Silver badge
FAIL

6 cores vs 32 ??

The EPYC has up to 32 cores, up to 2TB max memory and 128 PCIe lanes vs up to 6 cores and 64GB (128 GB later) and 16 PCIe lanes for the E 2100 series.

(Even the Threadripper 2950X has 16 cores, up to 1TB memory and 60 available PCIe lanes.)

The only advantage of the E2100 series is a higher clock frequency - for most server workloads this will fail to meet the performance advantage of the extra cores of the Threadripper let alone the EPYC.

The E 2100 series is NOT a competitor to the EPYC - it is not even much of a competitor to the Threadripper 2950X.

Page:

Biting the hand that feeds IT © 1998–2019