Posts by Ogi

Re: I must be luckly then...

> I've been using smart phones for over seven years now and have not broken (or even scratched) a single screen.

Indeed you must be lucky, living proof of balance in the universe perhaps, as you sound like my polar opposite! My phones (all Samsungs) survive on average 2 months from new before they get a scratch, or a broken screen. At one point I went through effectively 5 phones in a year (well, 2 actual phones, but I would repair one while using the other, and vice versa)

Once I broke down and bought the thickest, most armored case I could find for my Samsung S4 (armored front and back, with screen protector) and somehow even that didn't save the screen from cracking when it fell.

Needless to say I buy phones for ability to be repaired by me, otherwise things would get very expensive. I so miss my old Nokia 3210. Never broke a single thing on it, no matter how many times it fell. The n900 was a solid beast as well, as were the n810's (they tended to dent, being metal, but continued working fine)

Re: XKCD

> Anyone else tired of XKCD for everything? (Ok I realise I should not have asked that).

Heh, I remember when it was "obligatory userfriendly.org" link, but when that webcomic ended, people switched to xkcd.com, which is the current default "oblig" link.

Usually the reason is that techie comics tend to reflect current tech issues (such as the password one) in an easily understandable form, so that rather than have to re-explain each time, you just post a link to the relevant comic. If nothing else, it gets some chuckles out of people, and can kick start a conversation.

Traditions modify themselves with time, but they don't necessarily go away. If xkcd.com shuts down, or becomes less relevant to tech culture, something else will replace it.

You are of course welcome to post alternative comic links. I learned about UF.org years ago that way, then learned about xkcd, and maybe I will find new interesting webcomics that way too :)

Re: Unfortunately...

> Shirley, there's got to be a nerdette out there who digs this stuff?

There are, but they are a rare minority in my experience. The nerd/nerdette ratio is far skewed towards the male gender from my experience, unfortunately.

If the current push of getting more women interested in STEM results in more nerdettes in 15-20 years time, that would be great for the next generation of nerds, if a bit late for me though :-(

Re: "Real submarines are rare"

Private submarines have been possible for a while, but the only people with the cashflow and a real need are the mafia, who don't really advertise their capabilities. The only knowledge is from submarines scuttled or captured by authorities while in dock, like this one:

On 3 July 2010 the Ecuadorian authorities seized a fully functional, completely submersible diesel electric submarine in the jungles bordering Ecuador and Colombia.[3] It had a cylindrical fiberglass and Kevlar hull 31 m long, a 3 m conning tower with periscope, and air conditioning. The vessel had the capacity for about 10 tonnes of cargo, a crew of five or six people, the ability to fully submerge down to 20 m, and capable of long-range underwater operation.

Excerpt from https://en.wikipedia.org/wiki/Narco-submarine, which is a really interesting read in of itself. Seems drug runners have been at it for a long time, as reports and rumors abounded in the 1980s of scuttled submersibles being discovered.

Sure they don't dive as deep as this one, but it was captured in 2010, so 7 years have passed. It could be that the ones capable of submersing deeper just haven't been captured yet. Just like the government, you can never be sure what the current state of the art is with the mafia.

Re: This Article

Thank you for taking the time to write this.

Honestly, this article on the reg reads like a propaganda hit piece, going off into a list of people the author doesn't like.

Did the author actually read the memo, or just assumed based on what they heard from other reports the memo actually contained?

For example, here are some extracts from the memo, and I quote:

(page 3)

(page 8)

I sure didn't read that as:

But that also ignores the fundamental fact that Damore literally argued that women were biologically unsuitable to do certain types of jobs.

as the author contents. It sounds to me like a guy who wants to have a rational debate about the situation, he isn't name calling, he isn't saying "Women can't code and should have babies and sit in the kitchen all their life", or that everything is pure black and white (in fact he says the exact opposite in the memo). He made his position clear and backed it up with evidence.

You may not like what he says, you may not agree with what he says, but the answer is to challenge the message, and debate it. If your counter arguments/evidence are strong enough, you will be be victorious, that is how debates work. You do not insult and attack the messenger. So far all I have seen in response to this memo is horrid attacks on the person, not the message.

To me, a neutral third party, that makes me think that the other party in this debate does not have any decent counter arguments, so have resolved to use character assassination of the messenger, in the hope if they discredit the author enough, people won't read or pay attention to the memo.

The way I read it, his key point is mentioned in this quote:

That to me seems like a perfectly valid position to hold, I now await a reasoned counter argument against it. So far I have been let down.

Re: Strong push?

> Its a revenue stream - if you buy your own autonomous car then you only pay once.

I don't know, I suspect they are more likely to be rented out, a-la uber. They already said the cars will have internal cameras and microphones "for your safety", and I guess it is an opportunity to push adverts onto people. You are limited to how much you can advertise to someone who is driving without distracting them.

Plus the outside of the cars can be covered in adverts too, like mobile billboards. There is a big push to convince people that renting rather than owning is a good idea. I guess they try to generate "ongoing revenue", and make sure people can't improve their lot in life.

>There will come a tipping point when autonomous cars take over the roads - you will be able to take your porche on the road but you will be part of the smooth laminar flow generated by the autonomous cars and any attempt to disrupt that will get you nowhere.

Well, I am ok with sharing the roads with autonomous cars. Just how I like driving, there are those who despise it, and see it as a chore to get rid of asap (and these are the ones most likely not to give driving the attention and concentration it deserves, most accidents seem to be idiots reading/texting on their phone while driving). Each to their own, as they say. We will have to see how to make them co-exist.

To be fair though, few people enjoy motorway driving. Even today, people are more likely to take their Porsche on the winding country/coastal roads, away from traffic. While those in future autonomous cars will want to get from A-B as fast/efficiently as possible, so whey would pretty much always be on motorways (unless they explicitly want to be driven on the scenic route, which will probably be an occasional thing)

> Ocado can go and get fucked though - the only way this is going to work properly is with open designs and no patents on the bleeding obvious.

Hmm, would be nice if the hardware/software for autonomous cars would be open source, then at least we can look ourselves at the logic that will be in charge of human lives. Doesn't seem likely to occur though.

I doubt the app is actually related to the university, more likely someone had the idea to pull public data (all non military sats blasted into space are tagged and orbit publicly logged AFAIK) and package it into a scam app with one of those "affiliate" referral type deals.

Someone is just trading on the public interest to peddle their affiliate scam.

Re: "Me thinks the UK bod really was implying that you install spyware on one of the devices "

Maybe it did explode but nobody noticed.

Maybe nobody noticed because there wasn't anything in there to go "pop" in the first place?

Saying that, fat good it is having uber secure and encrypted app if you run it on a complete sieve of an OS like Android.

Fact is, Android was designed from the ground up for spying. That was its prime purpose. Sure, the spying was for Google so they could target ads and make money off you (hence the OS was free) rather than some dark government agency, but spying none the less.

Hence why permissions are such a tacked on joke, and you have to fight the OS to stop it sending data to third parties (and you can never be sure you got it all).

The problem is, even if Google do not co-operate and provide access to their spying system to governments (which I find unlikely they would deny, even if they publicly deny it) government black hats can reverse engineer the OS and find them themselves.

It is like when you insert a backdoor into a system, for whatever reason (even a complete pure and noble one), there is always the chance someone else will stumble upon it, and abuse it.

Same here, so when the GHCQ boss says they can access encrypted messages, I believe him, they don't have to break the encryption, or the app itself.

If the underlying OS is compromised, everything above it is blown wide open (to the point of them pulling the session keys out of memory if they wanted to). Keypresses, screen output, microphone, camera, the lot.

@JamesPond

Indeed, I had the same experience as you on public transport (and alas 13 years in, still am experiencing it), minus the cancelled trains. TFL tube has had cancellations, but not to the same level. On the flip side, standing is about 95% of the time on it.

I would add there is also the added worry of being mugged or killed. On the bus I take to my station, a guy was murdered by a recently released mental patient. Out of the blue, guy coming back from his commute, just like that. Guy sat behind the victim, and slit his throat because "the voices told him to". Didn't even say anything. I have to say I got quite nervous after that, especially when people sat behind me. Ignoring the bombings and other attacks that hit public transport links too, which didn't help matters.

Then you get all kinds of people, alcoholics, drug users, people who are rude, who spit at you, or just try to get into a fight. On the bus at least there is the driver, and a few times he has stopped the bus and thrown people out, but still a very unpleasant experience. A few times a fist fight would kick off as well, which is always fun, especially if you can't get out of the way in time.

The tube is worse because there is nobody there to deal with problems, and the other passengers will just ignore whatever is happening in the hope they are not next. Your best bet is to avoid anything kicking off before the next station, then get off and hope the other person doesn't follow you. If they do then just make a beeline to one of the security people in the station.

Quite frankly, if I could get a parking spot at work I would switch to a car in a heartbeat. Even sitting in rush hour traffic is better. At least there I am secure in my own little pod, I can turn on the air-con, sit in a comfy seat, put on some nice music on the radio, and chill. Sure it may take longer, but overall the experience is far more pleasant. I didn't originally get why people are willing to waste their time and money in such traffic, but a decade of commuting later (and a short consulting stint where I actually commuted by car) I now fully understand.

Re: 2 thumbs up for this line

"Best line I have read in a while... and sums the situation up perfectly."

I fully agree. Made me laugh at the end, and so very true.

It is proof that between the lawyers, copyright system and arguing over who gets bits of paper with numbers written on them from a reproduction of a bunch of light waves, the monkey is the wisest of the lot. Just eat, sleep, shag and repeat. Pretty much the good life.

Sometimes I feel humans just invent problems so they can have an argument over them. I guess not having to run away from hungry Jaguars has given us quite a lot of free time, and some people are having trouble filling the hours with something productive.

Re: Cmon El Reg

> It still makes me cry.

Once I felt the same way. When I originally got into bitcoin I ended up mining 300 coins, I sold them at £25 a pop after a while to help with my first flat deposit.

Fast forward to present day, a bitcoin is worth almost £2000. Had I known I could have bought two flats outright with extra spending money on top.

A friend of mine who works in trading however, gave me a piece of advice "Any profit you can walk away from is a good result. Bitcoin has hit highs now, but it could just as easily have become worthless. There was no way to be sure of either future outcome".

And he is right. BTC could have floundered just as easily as it rallied. Makes me feel a bit better when I think of it that way. If you bought at £10 and sold at £30, then you made a very good return. ETH could have just as easily collapsed and you could have lost it all.

Saying that, I did get out of the cryptocurrency mining. I just can't compete with people in Asia who have stupidly cheap electricity costs compared to the UK/EU, not to mention they tend to get the newest hardware first due to proximity of hardware manufacture to them.

Re: Not quite blurry enough...

I was going to say. They made it blurry enough for me to notice the number plate, but not blurry enough to be unable to read it.

Quite frankly had they left it alone I probably would have subconsciously filtered it out as I normally would.

Almost as if they wanted to let it be known :-P

"And will they make the shutter click sound that is legally required in places like France? I sense an incoming ECJ sueball..."

Hmm, that is required for photo cameras. However if you are recording video, what is the legal requirement? If any?

I know that phones in franch make the clicky sound when a photo is taken, but videos seem to be silent. My old Nokia had a nice feature that if you were recording a video, a red LED would light up above the camera, so people knew when you were recording.

No modern phones have that (afaik) and they haven't been sued to oblivion, so I suspect it will be ok if the specs record constant video (and allow you to share "freeze-frames" from the video as snapshots).

Re: Bah!

> So much for "science".

You could argue that it isn't Science at fault, but engineering :P

Specifically, Theorists have proposed multiple ways of getting to star systems, of varying "out-there-ness", from theoretical wormholes and warp drives, to more pedestrian systems.

I think the most practical one that could be designed and built with current tech is the Orion propulsion system, however politics and engineering challenges meant it never got anywhere.

The problem, as always, is power. Society thrives on energy, and up until the 60's, humans actively sought out more and more powerful energy sources to drive our societies. However with Nuclear we took steps back, as a race we decided against grasping this even more powerful energy source, and recoiled. Hence the somewhat stagnating quality of life, economy and energy tech advancement (apart from refinements into existing tech).

Eventually we will get kicked in the balls and will have to move forward, but till then we won't really move beyond the current space tech.

> Have you recently watched a VHS tape? You might find (like I did) that while "bad quality" is not part of what you remember, VHS is shockingly bad by any means.

Well yes, but it looked better on the old CRTs because they tended to blend the lines between scans, and because of the refresh rate sudden changes, and because the screens were smaller, quite frankly.

I played an old VHS tape on my flat screen TV, and it looked awful. However when I went to my grans place and played it back on the her 25+ year old CRT, it actually looked alright.

The technology worked well enough at the time, and they were matched. Not how I imagine one day, when people are used to 12-bit 4K video will look at 720p videos and wonder how they managed to watch such poor quality.

Re: IIRC these were the tests that showed what EMP could do to electronics

> Since valves the size of a MOSFET do not exist (and cannot exist at that scale),

Ahem...

https://www.theregister.co.uk/2012/05/24/nan_vacuum_tubes/

http://spectrum.ieee.org/semiconductors/devices/introducing-the-vacuum-transistor-a-device-made-of-nothing

Re: Radio?

> 1) FM radio quality was still FM quality (and AM was even worse). What's the quality of a internet radio?

It varies. On youtube the music videos range from acceptable quality to poorly transcoded clipped songs done by someone completely ignorant of how to make a recording. FM radio was pretty good quality in comparison, 32KHz rather than 44.1Khz of CD, but pretty good, and in general was mastered by professionals so everything was the same loudness (except the adverts, but that is another issue).

On actual streaming radio stations, it again varies. Quite a lot go as low a bitrate as possible (I have seen 48kbit/s AAC) because bandwidth is a cost, and the lower your bitrate, the more listeners you can cram in down a pipe. These usually sound worse than FM Radio.

Some radio stations (usually ones with actual adverts who make money) will be higher, between 128-320kbit/s mp3/aac. These do sound pretty good.

The streaming radio stations usually have decent mastering, I guess some sort of automatic system that matches line levels of the different songs and adverts, so still better than youtube.

Re: Cobol

> And the last time I had a bank that couldn't run as a bank, I withdrew all my money, and switched. People need to look at their bank's ratings, and move when need be.

Switched... to where exactly? So far every single major bank has had some sort of "technical problems", or a security leak, or some other godforsaken issue.

At this point, I would rather just put it all in cash under my mattress, but I can't convince my company to pay me in bags of used £20's, and more and more things are "online only" or "card only", so can't use cash.

So have to have at least one account. Can anyone recommend a decent bank that does not have such problems? Natwest has been the best so far, but they have been faltering lately.

Re: Code optimisation looks to be key here

> We generally don't, But often – especially given other demands for resources – it is the least cost inefficient.

Indeed, back in the early days of computers, computing power was more expensive than programmer time, so it made sense to get programmers to spend a lot of time to optimise their code to the limit to get the most power out of the machine. Hence you saw amazing stuff done with what we today consider an impossibly small amount of RAM and CPU power.

However now that has been inverted. Computing power is a lot cheaper than programming time, so sometimes "just throw more hardware at the problem" is the right answer. In fact it seems to be the more cost effective choice pretty much everywhere (Except embedded and aerospace industries, and to a lesser extent the HFT Finance area).

Re: There's only one way to fix this

"So bring in IDS. He'll fuck the whole Home Office IT so comprehensively that it can never be resurrected. So it will be abandoned and they'll stop chucking money at it."

If past history is any sign, nothing will ever get abandoned by the government. They will just throw more and more money at it, indefinitely. They may rename/rebrand things from time to time, or merge and split with other projects, so the public thinks something was shut down, but that is just pulling the wool over the public eyes.

After all, they are spending other peoples money on this, no skin off their back, and if they manoeuvre smartly (which they can, otherwise they would not have been successful in politics), they can stick their noses in the money stream as well. In the end they just raise taxes/cut expenditures in other areas, or go into debt (future tax income) for it.

Would it be applied equally?

I mean, the UK government has the power to shut down the internet too.

The Civil Contingencies Act and the 2003 Communications Act can both be used to suspend internet services, either by ordering internet service providers (ISPs) to shut down their operations or by closing internet exchanges. Under the protocol of the Communications Act, the switch-flicking would be done by the Culture Secretary.

(From: http://www.independent.co.uk/life-style/gadgets-and-tech/features/could-the-uk-government-shut-down-the-web-2235116.html ).

So the government haven't done it yet, but the law is on the books, and they can do it if they want. However if the UK government decides to do this, would they really blackhole the whole UK from the rest of the internet, like they say they would do to some African country? What about places like the USA, where you can't technically blackhole them (because so much backhaul goes through the country).

This seems like an ill thought out solution to the problem of governments denying access to global communication to their citizens.

Re: Seriously?

These things have cameras, so I suspect they'll post their theft to Youtube while they can (ergo, subverting these things is but a jammer away).

True, but seeing as quite a few youths actually film themselves doing crimes (and post it on fb/youtube) I doubt they would bother with the jammer. Half the kick they get seems to be from the fact they end up a minor online celebrity in a video for doing something. Like that "happy slapping" craze a few years ago, or even now where someone pinches something, then posts a selfie with the hot goods to fb.

People who do these kind of things don't usually plan ahead and think things through in the first place, let alone consider the wisdom of posting evidence online.

Those who are criminally minded and organised/smart, probably wouldn't bother with these things in the first place anyway, so they are not much of a concern.

> I do wonder if there is a non-draconian way to mitigate for that risk.

Code reviews.

Specifically doing code review before deployment to production. For such an attack to work, you would have to have the reviewer and the developer working together. It goes from a "lone wolf" type attack, to one where you need a conspiracy amongst multiple people in the chain for it to be possible. It increases the chances or slip ups/detection or someone pulling out and exposing the others involved.

Plus, in addition to spotting backdoors, code reviews can sometimes aid in detecting bugs the other dev didn't notice/see/test for, and can be a good idea to do anyway when doing dev work.

Re: I would take another route

Sounds like what you want is a big distributed VPN. Essentially what the internet is already, but fully encrypted.

the i2p project is what I looked into: https://geti2p.net/

Sounds very much like what would be the solution. The only problem is that unless you have a gateway to the wider internet, you are stuck to what services are run on the I2P network. However you (and your mates) can host whatever you want on it, including IM, web, etc... and you go from there.

I might have another look it, however the other problem is if all my traffic becomes encrypted, that will just single me out as someone that the powers should "pay close attention to".

Atm, not sure if wiser to secure yourself, or attempt to get lost in the noise. For now running a yacy search engine spider on my machines. That way the bot is constantly spidering the web so we get an open source P2P search engine that is usable with an up to date index, and my browsing hopefully gets lost in the noise.

> incidentally, how the actual fuck do we know matey boy used WhatsApp before the attack? a copper went nudge nudge wink wink to a tame journo? they've got his phone and WhatsApp installed?

A far more interesting question, that few have asked so far. I asked myself the same question. From what I have gathered, the arrests in Birmingham happened directly because the attacker sent two whats-app messages to contacts at those addresses before he did his deed.

This leads me to think that they probably had the "metadata" (i.e. they were doing real time scanning of the whatsapp network to see who is messaging who), but are unable to decipher the messages themselves.

So now they want to decrypt the messages to find out if the people they arrested were in on the attack, or just unfortunate people who he texted last (maybe to say good bye or something).

Unless they knew in advance an attack was going to happen, I can only assume they are constantly monitoring who is talking to who on whatsapp, and (for the moment at least) it seems they can't actually read the message contents. Facebook can provide them with access to the network, but the enctyption is still client side "end-to-end".

Perhaps a future version of whatsapp will be crippled by fb, not unlike how MS crippled Skype after they purchased it.

Re: Good advice but

> Some of the advice is borderline farcical, not because the advice is wrong but because the language allows those things to be written in the first place.

Any language flexible enough to give you full and total control over the machine is powerful enough to blow your foot off if used incorrectly.

The concept of C (and C++ presumably) is that the language is your servant. You tell it exactly what to do, and it does it (as long as it is a valid instruction). It doesn't advise you, it doesn't question you, and it doesn't deny you the ability to do something.

Of course, whether it does what you intended it to do, or goes off and kills a puppy, is an issue of programming ability and/or understanding the problem set you are trying to solve (and the constraints of the environment).

Like most tools, there is a time and place for it. I am not going to whip up a quick C program to parse a text file, but likewise I am not going to write a kernel (or embedded code) in Python or Bash.

I think it is a good thing that CERT has done this, like a "best practices" if you want to write more secure, less exploitable code. It is up to the end user whether to follow it, or whether they really need to access unallocated memory for some particular reason.

No comment on Rust, because I haven't had a look at it myself, but have heard good things from people.

Re: Valid excuse for the more elderly of us

Not just the elderly. My twenties and teenage years were littered with lots of encrypted files I cannot the remember the passwords to.

Some of them were just my attempts at hiding porn from my parents, others were attempts at encryption, some are my personal files backed up to be stored remotely , etc...

I still keep the files in the hope that one day I will just remember what the password was like a bolt from the blue (it has happened), but if you asked me to remember them right now I probably couldn't.

Hell, if you threatened me with prison time and demanded I unlock something right now in front of police officers, I probably would be so nervous/stressed that I could not actually remember the password, even if I typed it in earlier that day. Being under massive stress can make you forgetful, this is well known.

And I am not alone, just yesterday I had to bruteforce a friends password protected word document because back in 2012 she encrypted it (has all her bank account info in there) and has forgotten the password.

Forgetting passwords is so common that people invented password managers, so you only have to recall one single master password.

The court is essentially saying that forgetting is a crime here (whether the guy really forgot or is blocking is irrelevant, as we have no way of being sure which it is), which I find mind boggling, but then again, a lot that has been happening in the world is mind boggling to me, so a bit more should not surprise me anymore.

Re: Since the phone can be tracked anyway, why bother?

> Whoah, that's never been my experience, so I'm curious as to what accounts for that. Could it be a a matter of your environment i.e your phone has a clear view to the sky, so uses less juice to listen for the satellites?

Well, I am in London, so mostly buildings in the way, and generally poor GPS signal.

> I usually drive a small van with metal sides, so my phone can only see 180º of horizon through glass (whereas most cars would offer mostly glass through 360º.) I don't know if this could account for a high battery drain.

I don't see how tbh. The GPS does not transmit anything, so all it has to do is sit idly and wait for a satellite to come into view. This might use some CPU and memory, but not a noticeable amount. How much it uses shouldn't be affected by whether it has a lock or is still searching for satellites, because even when it has a lock, it is still constantly looking for more satellites, so that if one drops out of view, it can carry on seamlessly.

One thing might be is that I use Samsung phones, which can use both NAVSTAR and GLONASS systems, so generally I can always get enough satellites for a lock, even through cars (Although admittedly have not tried with a van). In comparison when I use my dedicated NAVSTAR bluetooth GPS device, I don't get as good a lock, if I get a lock at all.

Re: oooo

> i live in rural France my average speed is wait for it, wait fir it... 0.47mb

Depends on where. A friend in rural France (Near the Pyrenees) has 30mbit/s ADSL, and apparently the village is earmarked for a new fibre backbone connection (along with electricity upgrade to underground cables), so soon he will have a faster internet connection than I do in central London :-/ (apparently he will get 100mbit/s).