* Posts by cosmogoblin

150 posts • joined 14 Jan 2010


Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs


Re: correcthorsebatterystaple

If you're worried about humans picking the words - I use watchout4snakes. Get about 10 random words, and pick 4 or 5 that make a vaguely intelligible phrase. I don't know the size of their dictionary but my random 10 just now included theorem and pedantry.

Where good password rules (i.e. none) are enforced, I use correcthorsebatterystaple. Where bad password rules are enforced, I use correcthorsebatterystaple1!. This means if I remember my password, but can't remember the ruleset, I have a 50/50 chance of getting it right first time.

One click and you're out: UK makes it an offence to view terrorist propaganda even once


What does this mean for BOFH?

UK.gov plans £2,500 fines for kids flying toy drones within 3 MILES of airports


Re: If that's what the law requires...

Hah, thanks - I guess I didn't get as far as page 66..!


Re: If that's what the law requires...

As far as I can tell (I read the government documents), flying drones inside is illegal as well.

On the downside, that's one of my lessons on resultant forces out the window.

On the upside, I can now threaten kids who throw paper planes with a 5-year prison sentence...

Are you sure your disc drive has stopped rotating, or are you just ignoring the messages?


Re: I can believe it!

Oh, I always own up to my mistakes.

Recently, I wanted a high-power fan to demonstrate wind turbines (I'm now a physics teacher). So I modified a hairdryer so that I could turn on the heat and fan independently. I cut the heating element out of the loop and wired it in parallel, instead of series.

Turns out (as I'd have known if I'd thought about it) that the resistance of the heating element was an crucial factor in the hairdryer's design ... I plugged it in, turned it on, and it exploded and gave me a 230V shock!

I'm thankful for the speed of RCCB, which protected me from serious injury. However I did have to, tail between my legs, to the building manager, having cut off the power to two entire floors of the school ...


Re: I can believe it!

As a desk jockey, I was once told off by my team leader for replacing the toner cartridge. Apparently my job needed more skills (true enough) so I shouldn't waste 30 seconds doing it myself.

Instead, I was supposed to go back to my desk, write a support ticket, then wait an hour or two until they got round to my job. In the meantime, do ... nothing.

From then on, I'd wait for her to get a cup of tea before replacing the toner.

It’s baaack – Microsoft starts pushing out the Windows 10 October 2018 Update


"... the best update experience ..."

The best update experience is no update experience. Except in the case of added features, the average user doesn't care and shouldn't need to know that anything has updated at all. The average Vulture reader shouldn't have much more to do than choose which updates to apply, and when.

I set up Linux Mint for family members with automatic updates for priority 3 and above. I manually install on my own machines, but that often takes longer to confirm my password than it does to complete the updates. Rebooting takes 30 seconds, every time there's a power cut.

Half my colleagues use Macs, which don't have a problem. The other half use school-supplied Windows laptops, and when it updates, their laptops are out of action for an hour - if they're lucky.

Just imagine walking into a class of 13-year-olds on Wednesday morning with your exciting lesson plan completely scrapped, and trying to engage Johnny Rotten with a hastily-photocopied worksheet from 1993 for an hour...

Still, props to MS for saying update rather than upgrade.

Oz opposition folds, agrees to give Australians coal in their stockings this Christmas


Re: You can read my SMSs but you can take my WhatsApps from my cold dead hands

"are we really saying how we send messages affects whether or not we’re ok with them being read by big G?"

Exactly the opposite. Whether I'm okay with messages being intercepted affects how I send them.

For messages needing security, I make sure to use a secure method. WhatsApp's introduction of end-to-end encryption simply adds another method to my list, and takes away one that I had to worry about.

Yet another mega-leak: 100 million Quora accounts compromised by system invaders


I'm banned from Quora. I signed up to post an answer to an astrophysics question that hadn't been answered; I spent about 2 hours fully researching and sourcing my answer, and got several words of thanks and a decent number of upvotes.

But because I didn't use my real name, I was blocked. As a teacher with a (un)healthy does of paranoia, I never use my real name on public forums, just in case; I believe (and Quora disagrees) that whether what I write is worth reading depends on what I write, rather than whether I used a real-sounding name. I switched to better places like physics.stackexchange instead.

I'm glad now - I feel quite vindicated!

Talk in Trump's tweets tells whether tale is true: Code can mostly spot Prez lies from wording


Re: Ignorance can be very powerful

Only 30% were factually incorrect ? Really ?

Since they only considered falsifiable statements (having removed opinions etc. from their data set), I had a similar reaction.

But I suppose some facts are so incontrovertible that even His Highness couldn't screw them up. "It's Thursday" is hard to get THAT badly wrong, yeah?

And Trump doesn't care about the truth, he's not actively trying to lie; so I suspect some of the "facts" he just makes up out of whole cloth turn out to be correct... Stop clocks, and all that.

Holy moley! The amp, kelvin and kilogram will never be the same again


Re: "...using methods that can be replicated anywhere in this Universe."

True enough, but there are other methods (currently, I think, even more ludicrously expensive).

A lot of news outlets have been reporting that the kilogram is now defined in terms of the Kibble balance, which is completely missing the point. The kilogram is defined independently of any measuring equipment; you just need appropriate measuring equipment to effectively use that definition, and the Kibble balance is our best current equipment.

The Kibble balance compares the weight of an object with the electrical power needed to lift that object, and therefore needs a known gravitational field strength. It would be possible to make a related device that instead of lifting an object, accelerated it in zero g; thus comparing the acceleration with electrical power, and determining its mass that way. Doing away with the need for gravity, I imagine this could be made more precise than the Kibble balance.


Re: "...using methods that can be replicated anywhere on the planet."

Not so. You simply define your local second, the second in your frame of reference, and adjust it appropriately for other frames of reference (inertial/gravitational).

As long as your cesium atom and your experimental equipment are in the same frame of reference, you'll get the same value for the second as anybody else in the known Universe.

There is a slight uncertainty due to the variation in gravitational field strength at different parts of the apparatus, but this in fact makes your measurement more precise and reliable if your experiment is in space, where the gravitational field gradient is minimal.

Nikola Tesla's greatest challenge: He could measure electricity but not stupidity


Re: country & western singers

My guess would be that an autonomous car gets out of control of it's AI by the latter overloaded with conflicting information and rules so that in order to ditch the lot it needs an emergency routine to follow.

Isn't that how humans work? If our cerebral cortex can't handle a tense situation, the decision-making responsibility is handed over to the amygdala, which has a small bank of emergency responses (fight-flight-freeze). The available responses aren't always appropriate, but they're usually better than mulling it over until it's too late.

If it's worked for animals over a billion years of evolution, it seems a good starting point for devices we design today.

Brexit campaigner AggregateIQ challenges UK's first GDPR notice


A bit one-sided then, seeing how many extradition requests the US make against British citizens operating in Britain breaking no British laws...

US Congress mulls expanding copyright yet again – to 144 years


Re: Copyright, Patents all screwed.

And if you believe that in the record industry, the author is usually the one to profit from their work, perhaps I can interest you in some prime lunar real estate.


Re: Copyright, Patents all screwed.

How about teachers? Should the person who taught you maths get a royalty every time you use Pythagoras' theorem? Should the person who taught you English get a royalty every time you write an email?

Or should your midwife get a royalty every time you... uh, breathe?

But of course that's not an honest comparison, since it's the labels who benefit, rarely the artists. So maybe the school you attended, the hospital you were born at, should get those royalties.

Some things can be debated and defended. A life+144 years copyright rule? Not so much.


Re: how long before...

Let the stuff go

Careful, you came very close to infringing the copyright of a certain froz cold Disn cartoon princess there...


Re: Copyright, Patents all screwed.

If I create and release a song, I* get money not just for the original performance, but every time it's used by anybody anywhere (outside of private homes and earbuds), for the rest of my life.

But I'm not a singer, I'm a physics teacher. If I come up with a great analogy that helps a student understand an equation, and they go on to use that understanding in their future job, do I get to claim 10p every time they use the equation?

Of course not - and neither should I. I get paid for teaching those students this year, and I get future money by teaching different students; musicians should get their future money by writing and singing new and different songs. The idea that you did something decades ago and therefore have the right to be paid for it today is not something that exists in most industries.

* Not actually I, of course, a bunch of copyright trolls instead, but ignore for the sake of analogy

TV Licensing admits: We directed 25,000 people to send their bank details in the clear


Re: Which bank details exactly?

That says more about the banks' lack of diligence than it does about the inherent vulnerability of an account by virtue of those details being known.

Nothing new there. A newly-married friend, maiden name (let's say) Jane Smith, put a wedding present - a cheque for a few thousand - into her account. Only later, she realised the cheque was made out to her husband, let's say Steve Brown.

Went through without a hitch. Nobody raised an eyebrow.

Generally Disclosing Pretty Rapidly: GDPR strapped a jet engine on hacked British Airways


Re: GDPR is ours anyway

Apparently we actually were its biggest enthusiasts. I can't see us rowing back on it now.

Why on earth not? That's precisely what Theresa May did at the Home Office with the Human Rights Act.

British Airways hack: Infosec experts finger third-party scripts on payment pages


Re: Possible mitigation?

<not a security guy>

Sounds like something a browser plugin could do - maybe just an additional feature to NoScript, to by default block communication by scripts to domains other than their origin?

Also, isn't this called XSS, and already dealt with by security protocols?


I've seen the future of consumer AI, and it doesn't have one


Re: A but not I

Intelligence is the thing that kicks in when instinct has reached its limits.

I see it as the other way round (with a fair bit of neuroscience backing me up). Intelligence, properly applied, is very powerful. Instinct is what kicks in when intelligence is stretched beyond capacity. A great example is the amygdala hijack, where the intelligent neocortex can't cope and the emotional/instinctive amygdala takes control.


Re: re. AI being squeezed into almost every conceivable bit of consumer electronics

This is why AI doesn't exist. Every time a computer gets intelligent enough to contemplate its own existence, it realises how shit it is and deletes itself.

SuperProf gets schooled after assigning weak passwords to tutors


Re: At Superprof we take security seriously and know how key it is to the running of our business

Yeah, there's all these stock phrases people love to wheel out, they didn't mean anything in the first place and they're even worse now that everybody's heard them a hundred times before.

"I apologise if any offence was caused"

(no admission that I was the one who caused it)

"We have implemented robust procedures to make sure that this specific case doesn't happen again"

(we lost the unencrypted CD on a train, next time it'll be a USB stick in a taxi)

"We have upgraded our systems, and the small minority who used X just need to migrate to Y"

(we have downgraded our systems, and the 40% of customers who only signed up to use X are now SOL)

... and so on. Give me a week's worth of news, and I could collect dozens...

GDPR forgive us, it's been one month since you were enforced…


Yup, I think the lawyer is incorrect as well.

Trouble is, until and unless something like this is tested in court, you just can't know for certain. Hence there is always legal risk, albeit low, even if your lawyers confirm you're doing everything right.


Re: Why are you complaining?

We ALWAYS have a right to complain.

National ID cards might not mean much when up against incompetence of the UK Home Office


The objections have all been to the sheer quantity of data that would be stored on said card

And the fact that the list of people who had access to said data included virtually every civil servant in the country. The proposed protection against abuse, as I recall, was "staff will be disciplined if they access information inappropriately". Hardly a strong deterrant!


So Labour welcome immigrants, and the Tories create a "hostile environment".

Wonder why they believe most immigrants would be Labour voters...


Well said. An ID card is a long way from an extensive database, and it's a shame that Labour tried to conflate the two - it always looked like the ID cards were a front, a smokescreen. First "it's just a bit of plastic", then "it won't be a central database of everything" (that's technically true if your database is distributed across multiple servers...). Now the ID card itself is tarnished with the autocratic "citizen database" concept in the public eye.

But an ID card - just an ID card - would have been very useful to me when attempting to prove my identity to corporations, from landlords to the local public library, who insist on seeing a paper landline bill with my current name and address on it. (I'm still not allowed to borrow books, because the broadband is in my landlord's name.)

That said, if my passport isn't considered sufficient proof of identity, I don't see that an ID card would be either.

Capita admits it won't make money on botched NHS England contract


Re: Their Business Model

"... ultimately go bankrupt owing millions billions."


Audi chief exec arrested over Dieselgate car emissions scandal


Quite frankly, this is a pathetic argument - that obeying the law would put jobs at risk, so we shouldn't have to. It's been used plenty by truly nasty companies like the tobacco industry, and it flies as well as a penguin with lead boots.

If you have to lay off employees to pay for the cleaning up of your criminal activities, the cost of their redundancy settlements is yours to bear. Perhaps whatever fines Germany and the EU level at Audi should go to compensate those harmed by their actions - for instance their employees, and anybody who bought an Audi, or breathed in the exhaust created by one.

Unbreakable smart lock devastated to discover screwdrivers exist


Re: Yeah - but if I am a "common criminal" I'll definitely find another non-indiegogo to pawn

When I first played Deus Ex, I found a helicopter that, when targeted, showed the help-text "Attack Helicopter".

I unloaded several clips into it before I realised it was a noun, not an instruction..

Woman sues NASA for ownership of vial of space dust


Re: A Thriving Market of Counterfeits

"could there be freight charges involved?"

Reminds me of the towing invoice for Apollo 13

Clock blocker: Woman sues bosses over fingerprint clock-in tech


Re: @AC

My name, job title and employer are not secret, but I still take off my ID badge before I go to the pub.

'Facebook takes data from my phone – but I don't have an account!'


Sysadmin hailed as hero for deleting data from the wrong disk drive


They do say that a person's ability with computers is in direct proportion to the scale of cockups they produce ...

Whois privacy shambles becomes last-minute mad data scramble


So people have known about a major change for ages, but not put into place systems to deal with it, or even agreed how those systems should work or what they should achieve?

At least this is a unique case, and nothing like this could possible happen again, ever. And definitely not on 29 March 2019.

Real fake scam offers crypto-coin to replace frequent flier points

Black Helicopters

Bitcoin seemed like such a good idea - with a few obvious problems, which may or may not have been solveable (eg preventing tax evasion). In the good ol' days, it was a replacement currency which could not be controlled by corrupt governments.

And then - like everything from fiat currencies to houses - it was corrupted by investors and venture capitalists. Starting with Etherium, what began as a form of fully-democratic money, almost a digital version of a pre-market barter economy, became instead yet another investment opportunity, creating bubbles and speculation which is ruining (has ruined?) it for the ordinary folks it was intended for.

In response to the frequent news headline "Should I invest in cryptocurrency", I offer the answer: NO. It is a currency, not an investment. Its purpose is for interpersonal trade, not speculative profit. "The Markets" have no business getting their corrupt, grubby paws on it.

But people have said that about houses for decades now - they should be homes, not investments - and nobody has taken any notice. I don't hold out much hope.

Privacy group asks UK politicos to pinky swear not to use personal data for electioneering


Re: It's your Count that Votes...

not.known, your post makes a lot of sense. Trouble is, this falls down in practice, on two points:

(1) Researchers discovered (years ago) that with just 150 "likes" on Facebook, they can predict your behaviour more accurately than your spouse. I suspect that just from the language, phrasing and grammar of your posts, they can get a pretty good idea of your voting preferences.

(2) Much more importantly, people like CA don't care about you. They only care about the majority. Not even that, in a parliamentary democracy - they just need to identify a sufficient number of potential swing voters. They might never have heard of you, or processed a single byte of information about you - but when they swing 5% of the electorate to favour the party you despise, you've still got to put up with the election results.

People like convenience more than privacy – so no, blockchain will not 'decentralise the web'


Re: Spot on

"The only thing people value is other people they want to talk to are on the same network"

I'm not convinced, nor am I convinced that people on Gmail prefer their friends to also use Gmail. People want to do social things - it's the things they do, and the people they do it with, that they care about. Services, not providers

I don't know, or care, what phone network my friends are on (or myself, without opening my phone and checking) - I can just call them, and interact the same whether they're on my network or not. If that was true for Facebook and Twitter (spoiler alert - it isn't) then people might talk about how their social or microblogging PROVIDER was better, but since they're talking to you on the same SERVICE, they (probably) won't be urging you to switch.

Incidentally, I much prefer Google+ to Facebook. It's so peaceful over here...

Password re-use is dangerous, right? So what about stopping it with password-sharing?


Re: Rather than big tech 'blabbing n slurping' even more

mmm, what does "loyal" mean, though? It can run the gamut from "slavering defense if Zuck commits murder" through to "forced to keep my login so I can check a work-related page once a month". Anybody who is loyal, in the traditional sense of the word, to a multinational corporation that couldn't care less about individual users, is stupider than the average bear.


Re: Holy crap

As the go-to techie for most family, friends and colleagues, it's certainly frustrating when you're asked what to do, spend your own time researching the best advice for that particular person's abilities and idiosynracies, and then be told that they don't want to do it that way. WHY DID YOU EVEN ASK ME??? I've found a method that's easier AND better for you, collected all the hardware and software, and written full instructions - if I knew you were going to ignore it, I could have spent the time rewatching my Monty Python DVDs...

DIY device tinkerer iFixit weighs in on 15-month jail term for PC recycler


Yes, installing an operating system at all exposes your PC to malware and other forms of cybercrime. Although of course, some operating systems are worse than others Microsoft naming no names.

Facebook furiously pumps brakes on Euro probe into transatlantic personal data slurping


Re: Quite the opposite

I think you meant highest common factor.

Can't log into your TSB account? Well, it's your own fault for trying


That's 2.8 minutes of my life I'll never get back

Chrome 66: Get into the bin, auto-playing vids and Symantec certs!


Re: Paranoid or secure?

Big Brother is watching you ... because he cares.

Oh bucket! Unpack the suitcases. TRAPPIST-1 planets too wet to support life


Buckminster Fuller likes geodesic domes? Who'd have thought?

Cambridge Analytica CEO suspended – and that's not even the worst news for them today

Big Brother

Re: Tried explaining to my SO what was going on this week

The thing that really worries me about FB is that deleting your account makes no difference. You don't need to have signed up for others to tag you, building up a profile of a person who has never been a user, but even that doesn't really matter. The truly terrifying thing is that FB have unprecedented analysis of all human behaviour. With just a few data points - which don't even need to be from FB - they and their partners can analyse your behaviour, compare it to their database of a third of humans, and predict and influence your opinions and actions. If you use a computer, FB own you.

See this news article from 3 years ago

User stepped on mouse, complained pedal wasn’t making PC go faster


Re: Reminds me of a story

Exactly. The cursor and mouse are separate, and a teacher shouldn't assume that they can use the shorthand of pretending they're the same with brand new students.

After reading this story, it took me only a few seconds to come up with a game I think would help - a variation on the "wire loop" game (where you hold a metal loop and move it along a winding wire, avoiding letting them touch). Use the mouse to move a sprite around a maze without it touching the sides, and click when you reach the end. 5 levels, increasing in difficulty, should give almost anybody the basics - and help to embed the concept of physical objects equating to virtual ones.

Trans-Pacific Partnership returns, without Trump but more 'comprehensive'


Re: Here we go again...

That's why we have political journalists - even El Reg - whose job is to read these things, explain them, and then summarise the pros and cons as that journalist/publication sees them.

Sure, it's biased, but there are lots of journalists with different biases, and a biased but informed opinion is better than no opinion at all. Anybody who disagrees is able to read the original source, or at least the parts that interest them.

And besides, "hardly anybody would read it" is not a reason to deliberately choose to conceal the information.


Biting the hand that feeds IT © 1998–2019