* Posts by Andrew Yeomans

40 posts • joined 6 Jun 2007

Gov.UK to make its lovely HTML exportable as parlous PDFs

Andrew Yeomans

Multi-page documents

The other advantage of a *good* HTML to PDF system is the ability to select multiple web pages, and combine them into a single PDF document, with sections in the correct order.

For example, try to print the NCSC CLoud Security Principles starting from https://www.ncsc.gov.uk/index/topic/151. Similarly try printing appropriate employment and tax pages. The next trick is to make it print double-sided.

I have - once- come across a system which would let you select the desired sections of a larger set of documents, then it would generate a single PDF of them all, in a suitable format for printing.

Quantum cryptography demo shows no need for ritzy new infrastructure

Andrew Yeomans


> isn't this still susceptible to man in the middle attacks?

Not on the quantum channel. Check out "BB84". The key is transmitted with random encoding (i.e. with a second random key), the receiver makes a guess on each bit of the encoding. Some time later, that actual second random encoding is sent via a normal non-quantum channel which does not have to be secret. If the guess was wrong, throw away that bit.

A MITM has no way of knowing that second encoding until it's too late, and so any interception can be detected.

That's assuming the MITM can't spoof the authentication on that second channel.

LESTER gets ready to trundle: The Register's beer-bot has a name

Andrew Yeomans

User Friendly's version


(and a few earlier ones too such as http://ars.userfriendly.org/cartoons/?id=20180403)

I couldn't give a Greek clock about your IoT fertility tracker

Andrew Yeomans

Swagging breaks

And I thought "Networking coffee breaks" were to see how much swag you could extract from vendors who you would never buy from.

'Quantum supremacy will soon be ours!', says Google as it reveals 72-qubit quantum chip

Andrew Yeomans

Re: What's the application?

>> elliptic-curve cryptography is not affected

Don't tell NIST [https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8105.pdf] as they say ECDSA and ECDH (Elliptic Curve Cryptography) are both "No longer secure".

And don't tell the NSA [https://www.schneier.com/blog/archives/2015/08/nsa_plans_for_a.html] who are recommending against migrating to Elliptic Curve cryptography.

Guess what bitcoin uses to control access to your funds? ECDSA of course. So you can fund that quantum computer from the bitcoins released once you crack everyone's public keys on it.

ISPs: UK.gov should pay full costs of Snooper's Charter hardware

Andrew Yeomans

Electronic protection?

Just use optical storage to circumvent the rules.

So just what is the third Great Invention of all time?

Andrew Yeomans

Surely money itself is the great invention?

As it makes trade possible without the need for direct bartering of goods or services. Thereby allowing specialisation to develop economies of scale, leading to cities and nations.

WIN a 6TB Western Digital Black hard drive with El Reg

Andrew Yeomans

He kept badgering me, but there's not mush room here!

Europe approves common charger standard for mobe-makers

Andrew Yeomans

What happened to wireless charging?

Much better if the EU provided some arm-twisting (or even ARM-twisting!) to get all manufacturers to support a common wireless charging standard. Plugs and sockets are SOOO 19th Century.

MIT boffins show off spooky human action at a distance

Andrew Yeomans

The Riven map table had much better resolution!

See here http://www.mystjourney.com/img/screenshots/riven-38.jpg

Crypto protocols mostly crocked says euro infosec think-tank ENISA

Andrew Yeomans

Re: Cross platform password standards

Those password rules are just copying what people have done before (with a few variations to annoy the victims).

For online systems such rules are a defence against the poor implementation of an authentication server, which allows hackers to steal the entire database. Which just should not be allowed, we've had much stronger technology for years.

What should be required is

a) strong hardware-based protection of the database - think HSMs or single-function appliances in a monitored datacentre that provides no admin or physical access to the database.

b) lockout against brute-force attacks, either 5-stikes and out or exponential backoff.

With those provisions, 4 or 5 digit pins should be adequate for most online functions. Just as is done for credit cards.

Printing the Future: See a few of UK’s 6.2 million 3D-printed ‘things’

Andrew Yeomans

Re: Yes, but is it art? Photo

They are actually models of a building and 30cm high!

Down with Unicode! Why 16 bits per character is a right pain in the ASCII

Andrew Yeomans

The historical accident of little-endian

On a purely technical basis, little endian representations of numbers are much easier to parse and handle. I'm meaning proper numbers, not the arbitrary computer representations. Take the number 12345675679274658. Quck now, is that one quadrillion, twelve quadrillion, 123 trillion, or what? You are going to have to do a right-to-left scan of the number to find out.

The Arabs had it all sorted out, with little-ended numbers (written right-to-left of course). But when the West appropriated the idea a few centuries ago, they omitted to reflect them to convert between Arabic right-to-left and Western left-to-right writing direction. So we've ended with the current confusion.

Oh well, it could have been worse. We might have been using Roman numerals still, with no zero, if it hadn't been for the Arabs.

Your encrypted files are 'exponentially easier' to crack, warn MIT boffins

Andrew Yeomans
Black Helicopters

Re: Compression

But how do you know that the NSA or GCHQ dosn't monitor all the results random.org generates?

BOFH: Dawn raid on Fort BOFH

Andrew Yeomans

Retirement plan

Hey, have you seen the prices of PC133 RAM - that's not made any more? Worth a BOFH's ransom to those companies still running critical business processes on a massive 128MB RAM server.

Andrew Yeomans

Windows recovery

Reminds me of the Tomsrtbt floppy I used to have lying around. Labelled "Windows Recovery Disk" of course.

Christmas headaches? We prescribe a year long course of BOFH

Andrew Yeomans

Expensive pints?

You can also get the previous 6 years for £3.58.


Keep it simple with one-size-fits-all networking

Andrew Yeomans

But it's still so passive!

Current cabling still costs a small fortune in copper, much of which is unused. Standard 10/100 Ethernet only uses half the conductors in the cable. Desks are over-provisioned with cable just in case future needs increase.

But the cost of making a passive termination socket is not actually much different from adding a few chips and making an active socket instead. That active electronics might be used to report on cable condition and faults (heck, even BT has slightly active master phone sockets with a resistor and capacitor so you can remotely check there's a continuous path to the socket). Or could be used as a mini-router, allowing a few workstations to be connected down a single shared cable.

Jack PCs (http://en.wikipedia.org/wiki/Jack_PC) have been able to add significant intelligence to the socket, so certainly the concept is valid.

So why doesn't someone run with this opportunity?

Google and co join gov's identity marketplace

Andrew Yeomans

Not gone...

"The midata vision of consumer empowerment" http://www.bis.gov.uk/news/topstories/2011/Nov/midata

"Midata - access and control your personal data" http://www.bis.gov.uk/policies/consumer-issues/personal-data

Strategy document: http://www.bis.gov.uk/policies/consumer-issues/consumer-empowerment

Here lies /^v.+b$/i

Andrew Yeomans

Non computo, ergo non sum

I do not compute, therefore I am not.

Andrew Yeomans

JCL - still understood next century?


Peugeot compo cam aids amateur espionage

Andrew Yeomans

Also try looking on this one


The Reg guide to Linux, part 2: Preparing to dual-boot

Andrew Yeomans
Thumb Up

Ccleaner is your friend

Ccleaner from http://www.piriform.com/ccleaner makes the housekeeping cleanup much easier and safer. Free download, then run it under each user account.

'Switch to Century Gothic to save the planet'

Andrew Yeomans

They are advising Century Gothic 11pt

See http://www.uwgb.edu/compserv/ehelp/office2007/fontchanges.htm for the suggestion to change the font size in Word and Excel. That's close to Arial 12 pt.

Taking an identical sample of text at *screen resolution*, the average colour of Arial 12 was 23.6/255 black, Century Gothic 11 was 22/255 black. So CG11 was 93.2% as dark as Arial12. Readability seemed comparable. If anyone wants to repeat as higher magnification they might get a closer approximation to the print ink savings.

ISPs slam Digital Economy Bill's multi-million pound price tag

Andrew Yeomans

Madness or bad statistics?

So the plan is to charge the British consumer £5 billion over ten years in order to pay the entertainment industry £1.7 billion?

Either madness or bad statistics. Or maybe both.

(Note the comparison of a yearly figure of costs against a ten-year figure of industry "rewards" to hide the huge discrepancy. And the claimed £500 million sounds about right - the Office for National Statistics lists 18.3 million households, times £25 per year = £475 million. Allow for new subscribers and you get the £500 *per year*.)

Google open sources flash-happy Chrome OS

Andrew Yeomans

The follow-up device

Must be a gears-enabled caching proxy, so you *can* work on a plane.

Early adopters bloodied by Ubuntu's Karmic Koala

Andrew Yeomans
Gates Halo

Windows the success it is among regular PC users?

Google currently has 21,200 references to the search "windows 7" "installation problems", but only 802 references to "ubuntu 9.10" "installation problems". [And altering the quotes or giving alternative strings also has Win7 outnumbering Ubuntu every time.]

Does this prove Windows 7 is harder to install than Ubuntu 9.10? Probably not, you really need to know the number of people trying to install either system.

But it does strongly suggest that the article is poorly researched and biased.

Will Google regret the mega data center?

Andrew Yeomans

Don't forget Moore's law

Cloud providers also need to watch Moore's law. You've just invested megabucks in your new cloud-centre, but 18 months later someone can do it for half the price. "First mover" might easily become "first loser".

Microsoft grabs Office.com domain in Google Apps assault

Andrew Yeomans
Gates Halo

Who is going to grab documents.com?

.. from Palo Alto research centre, who are not using it right now.

Which would be a much more meaningful name. Or don't people believe in "name follows function" any more?

Government rubbishes ID card hack report

Andrew Yeomans

"the data on the chip cannot be changed or modified"

Quite so. But that's not what Adam did, he made a *copy* and changed the data in the *copy*.

As John Lettice points out at the end of http://www.theregister.co.uk/2009/07/09/id_cards_nir_tory_lib_plans/, the chip is intended to help detect tampering with the information printed on the card.

If you can make good forgeries of the card, then Adam's cloning lets you make the chip data match. But the reported Home Office statement is still factually correct, just not what it appears at first reading.

Amazon Kindle doomed to repeat Big Brother moment

Andrew Yeomans

Stealing content

Anton Chuvakin makes a good point in http://chuvakin.blogspot.com/2009/07/more-on-kindlegate.html :-

"As a result, I suspect that the more stuff like "KindleGate" happens, the more the following perception (whether true or not!) will grow, strengthen and develop:

When you "BUY" digital content, you don't really BUY it - it is not really a PURCHASE.


When you STEAL digital content, you don't really STEAL it - it is not really a CRIME.

NHS Direct gets to be number one, one, one

Andrew Yeomans

Phantom calls

Back in 1992, trials of the "112" number led to many false alarms, see http://www.newscientist.com/article/mg13518280.400-cut-lines-led-to-phantom-calls.html.

"111" would be even more susceptible to line faults pulse-dialling the number.

(Badgers, as their setts could break the cables.)

Google uncloaks Chrome OS hardware pals

Andrew Yeomans

Surely ChromeOS is a competitor to Splashtop?

From current information, doesn't ChromeOS look more like a competitor to instant-on Splashtop http://www.splashtop.com/ rather than Windows or Ubuntu NBR?

Copyfraud: Poisoning the public domain

Andrew Yeomans

Modified versions of copyfraud

There's a variant when an older work is "updated" - maybe to "correct" old spellings or political incorrectness, and then re-published as a "new" work. Certainly happens with old hymns - just compare the words you used to remember with the latest text.

Now would that apply if the republished work had deliberate misprints to try to create a new copyright version?

Software body slams uk.gov's 'special treatment' of music biz

Andrew Yeomans

Include *all* the copyrighted content, if there's a tax

If there really is a tax or other protection on copyrighted work, it would seem reasonable to apply this to all copyrighted works. Working out how to divvy up the spoils could be "interesting". Surely that 700 MB download of Ubuntu must be worth at least 175 times that 4 MB MP3?

Apple MacBook Air

Andrew Yeomans
Jobs Horns

What's it like for RSI?

Has anyone tested extended use of a flatter keyboard for Repetitive Strain Injury? Still, I suppose the future court claim is one way to get your money back!

OOXML marks the spot, says research firm

Andrew Yeomans
Black Helicopters

ODF three times more popular than OOXML

Try googling for "filetype:docx" (15,400 pages) and "filetype:odt" (45,000 pages).

Similarly "filetype:xlsx" gives 3340 pages and "filetype:ods" gives 9670 pages.

So ODF has about three times as many documents and spreadsheets as OOXML at present. Both are dwarfed by .doc (21,900,000 pages) and .xls (4,420,000 pages). As for the macro-enabled OOXML .docm and .xlsm there are less than 600 together.

Network Solutions games net domain biz

Andrew Yeomans

*Doesn't* protect the customer

Network Solutions *doesn't* protect the customer that was interested in the name. Anyone else can buy the domain name, but only from Network Solutions. So the only beneficiary is themselves.

They also put an "under construction" site on the domain. Great if you want to start a rumour - see http://microsoft-ubuntu.com for example. (And if you want to buy that, be Network Solution's guest.)

Fight malware by upgrading to Vista, urges MS

Andrew Yeomans

Fathi's vulnerability slide at RSA

...came from the Jeff Jones report comparing the number of vulnerabilities found during the first 6 months of each product's life. See page 10 of http://www.csoonline.com/pdf/6_Month_Vista_Vuln_Report.pdf as mentioned on http://blogs.technet.com/security/archive/2007/06/30/windows-vista-6-month-vulnerability-study.aspx

Jeff doesn't actually say that Vista is more secure, but does say "Windows Vista has an improved security vulnerability profile over its predecessor and a significantly better profile relative to comparable modern competitive operating systems."

Any flames have probably been said already in the Slashdot articles linked by Jeff.

Google's Street View could be unlawful in Europe

Andrew Yeomans

Paris Pages jaune has had this for ages

See http://www.pagesjaunes.fr for photo guide. Example near Notre Dame: http://www.pagesjaunes.fr/ciweb2g-pagesjaunes/RecherchePhoto.do?crypt=Q/l4NQ9CzB3/YJABTAU7sGlQRfWfHAmbcGiGNyQUVYdGML6XRhgMa1d/7U4icTk73VdC4wrXLTOiUcsvL0Oe26josJG/1N6Rge6UTaKU2J93S1EaIWM0fVEEr1i4RPFSQ+qPFoVM1xIZbn+/EJ1kDWXP1q/oh7CS

London had quite good coverage a few years back, but I think the company went out of business.

Biting the hand that feeds IT © 1998–2019