* Posts by bonkers

163 posts • joined 13 Dec 2011


Anatomy of OpenSSL's Heartbleed: Just four bytes trigger horror bug


I don't get it..

I'm wondering again how code gets written without bounds-checking, on "message length" parameters. It's not the first time is it?

Is the leaked data simply the junk that was in de-assigned memory? It looks kind of important stuff you might not want to write over - let alone send over the internet.

perhaps as a general rule, apart from the obvious bounds checking, one should clear all memory as it becomes (re-)assigned? - or better on de-assignment.

Perhaps generally these under-run or their over-run brethren should be detected and escalated as a general principle.

just suggesting, perhaps we could be a bit less crap at everything?

Cisco kicks off $300k Internet of Things security competition


Re: Give us your ideas, too

correction, a maximum of six winners shall be awarded a peanut, the rest of yours idea are all belong to us.

SkyMapper turns up oldest star ever found


Re: Timescale

Yes its a weird one this, I had to go and check the numbers - I was going to suggest that "time-of-flight" was where the other billions of years had gone, that's the normal answer to the very-old-stars-observed question.

Not in this case however, this star is only a few thousand light-years away, right next door on these billion light-year scales.

I wonder if it must be from an unusually sparse region of the universe that has not seen much if any star formation. Perhaps only relatively recently (in the last billion years) did this one have the mass to collapse into a star, accretion can be very slow if the primordial gas is thin enough. Is it a dinosaur born late?

The paper covers some more interesting theories, suggesting that all its neighbours must have self-immolated into black holes carrying all their iron etc with them - though normally even in the "full collapse" scenario a load of metals get spewed into space. The "gentle supernova" they propose sounds unlikely, even if it does then solve the Lithium problem.

UK spooks STILL won't release Bletchley Park secrets 70 years on


Re: That book is excellent...

thanks, I just ordered it on your recommendation.

Dusty old supernova could reveal answer to life, the universe and EVERYTHING


Re: A question for the astronomers

That's exactly what does happen, the "metallicity" of first-generation stars is zero - there are no elements heavier than Helium (astronomers consider oxygen and carbon to be metals).

The cinders from the first stars and a fresh supply of interstellar hydrogen make the second generation - and make more of them (there needs to be gain..) - and so on...

If you go several generations down this path then you get enough "metal"-rich junk to form planets etc.

I can see why the fundamentalists prefer their version of things... :-)

Post-BT crypto guru Schneier gets new gig at startup

Thumb Up

I'll second that.

Sounds a good idea to move on from BT, their adverts suck...

Thanks again for all your clarity and good lick with the new venture.

sorry, luck...

Ten top tech toys to interface with a techie’s Christmas stocking


Re: re: that's when Betty is on most channels...

You're quite right, sorry.

Keith and Brenda it is.

FWIW, Charles and Diana were Brian and Cheryl.

Its funny how the nicknames fit them all much better...


Re: re: that's when Betty is on most channels...


what's wrong with "Brenda" ?

Phil and Brenda are well known to readers of Private Eye?

Cambs prof scoops $3m Fundamental Physics prize


error - don't publish

I'v e hit the send corrections button a few times but the comment box still looks like it will be a comment not a correction...

the failed physicist, Yuri Milner, is the one who set up the prize, not either of this years winners...


Super-stealth FLYING CAR prototype seen outside GOOGLE HQ



That's a plus point, the multiple motors can suffer failure much like a RAID drive. Obviously you would need to double-up (or more) the battery and control systems, but that doesn't add much cost, the batteries are still the same volume/power, just split across 3 or 4 supplies. Making it safe with 75% or even 66% of lift is reasonable. I'll bet they're Switched Reluctance motors, huge power and speed and only one moving part, a funny-shaped lump of iron. Absolute bastards to control though, as I'm finding out...

RETRO-GASM: The Fuze electronics kit for the Raspberry Pi


Re: Are you sure?

I don't know what aspect of H+S your audiologist was referring to, here are a couple of facts:

H+S understands all about safe voltages, the SELV (safety extra low voltage) specification allows voltages up to 70V absolute max to be put onto touchable connectors, this is known to be safe.

Supplying mains power adapters to members of the public requires that they are EC marked, which in turn requires they are tested against a proof voltage of several kV, they conform to EMC requirements, they don't overheat and (i think) they are fused or in some way protected against overdissipation.

PAT testing is used in addition to this if the parts are to be used at a given premises - a school or factory or office - and checks that each of the relevant type-approved items is not faulty.

I suspect it is this requirement that stops them offering you your power supply. If I were them I would ensure it uses a standard micro-USB then it can be your responsibility to source and use the adapter.

Digital radio may replace FM altogether - even though nobody wants it


Re: I'm Curious

I don't get it, the FM band is a worldwide simple standard. They can't easily sell it off because it would still want to be used for sporting events etc. In any case the bandwidth is small, only 20MHz all-told, and the useability is not good, you are reckoned to be able to use 1/15th for big transmitters (i.e. national networks), the figure for little low-power users cannot easily get below 1/4 due to the 4-colour theorem.

So, in all, maybe 5MHz of bandwidth in any given place. Get Tim Worstall onto it, he will agree that there is no exploitable resource here.

The DAB bandwidth, on the other hand is 174MHz-239MHz, or 65MHz, over three times as much. We currently use just seven of the available 40 bands, in London, broadcasting about 80 stations. I can't see us ever needing much more than this, if you really can't get enough christian thrash metal genre, then get a computer, or a life.

So, they could sell the DAB band, or half of it, for more money, it doesn't need such a long antenna, half what the FM band needs, but I can't think of a use for the bandwidth, given that there is "white space" radio spectrum coming along that allows all users to use what they like within reason and license-free. There will be no market at all for odd bits and pieces of RF-bandwidth when this comes in.

Don't bash DAB, it is a really good system, its hugely efficient in BW terms, allowing a national network using only one frequency and greatly reduced megawatts, it just needs more time. Also, sure, really don't abolish FM, there is no need to and no benefit forthcoming from it.

Atomic clocks come to your wrist


Re: 'Cersium' eh?

Cersium? Cesium?

What's wrong with Caesium? - from the Latin word "caesius" meaning "sky blue"

Come on Reg, your a British site, and proud of it, adjacent vowels are not errors.

WET SPOT found on MARS: NASA rover says 'high percentage'



Me too,

mass-spectrometers no longer have a huge magnet and a curved vacuum path, look up "quadrupole mass spectrometer" - no that's not four of them, its a clever oscillating field where only the particles that are neither too heavy nor too light (for their charge) are the only ones that stay on the beam line. They're about the size of a KT66 thermionic valve (tube).

UK investor throws £14.8m at firm that makes UNFORGEABLE 2-cent labels


Re: Impossible to forge?

Thanks for the offer, I will say what I like about the "smartness" of bankers, didn't they just knock on the door asking for 1.4 Trillion?

We all know how easy it is for investors to buy into a bubble, it can even be good policy if you're out early.

However, the list of failed products with "amateur crypto" technology is most alarming, look at http://en.wikipedia.org/wiki/Pirate_decryption for starters. Then have a look at MiFare, Megamos, all of the audio and video copyright protection schemes, the entire antivirus/PC security nightmare - then tell me that we're probably wrong to dismiss this latest breakthrough in analogue security.



Re: Impossible to forge?

Totally agree Phil, no need even to buy a worker, the authorisation can be simply monitored, decoded and replicated. Without Crypto i don't think there is any chance - even with, it is vulnerable because there is "one big secret" that is buried in every tag and every reader.

Good luck to 'em, if they're putting their money into technology that mere commentards know will be broken, I hope there's more to it than this.

BTW, have you all seen how clever holograms are these days - with a "reader film" that you view the hologram through, and see some secret text/image. Keeping this updated with new datestamped reader films is a simpler system.

Dopey dope-growing dope smoked out by own dope dope-growing vid


Re: Please stop with the "Growing plants" thing

Opium isn't a plant.

Opium is an opiate derived from a plant.

Opium is the natural dried resin collected much like natural rubber from slicing the seed-heads of papaver somiferens.

The principal opiate in it is morphine. Opium is not an opiate, it contains opiates.

Ha ha, Osborne, these Gov 2.0 web wranglers have wiped out UK debt



I'm no expert I have to say, but I'm pretty sure we read the intended font most of the time. There seem to be many ways to achieve this - with of course a fall-back to a substitute font if needed. there is much more detail here: http://blog.themeforest.net/tutorials/how-to-achieve-cross-browser-font-face-support/

The browser chooses the intended font, unless it can't. - Not really "it's" choice then, is it?

Hooker in Dudley man's car 'just helping to buy tomatoes'

Thumb Up

consenting adults in private

Absolutely, why should the state be concerned unless there are overriding public risk issues.


Boffins: Dolphins call each other NAMES. Not RUDE ones!


to see if the named fish responded?

The dolphin is not a fish.

It's an insect.

Mobe SIM crypto hijack threatens millions: Here's HOW IT WORKS


don't feed the bumpkins

Numpty - you're reading the article aloud to Mr A.C. Moron, nowhere did it mention access to hardware, nor any discussion of the benefits in living in shacks or cities.

On topic, the malformed SMS forces the SIM into a clever known-plaintext attack which only needs one rainbow table.- length equal to the DES56 signature, I think its a lot less than 2^^56 which would be beyond rainbow tables at 10^^17 entries. Does anyone know the signature length?

The facts on Trident 'cuts': What the Lib Dems want is disarmament


CND twitbook liberals masquerading as loyal commentards

Much as I appreciate Lewis's regular articles on hopeless decisions and moronic waste within the MOD, it's a bit naughty to get the retaliation in first regarding commentard backlash. I thought we didn't go in for 'ad hominem' arguments, web2.0 indeed...?

Much of what is discussed here is not really vote-winner politics, the Murdochs and Daily Mails seem to be able to define what that is, I prefer informed rational argument.

On that note, what would we actually do if someone lets off a nuke? Do we respond with Trident? Ever? Really? - I suspect the paperwork alone would kill us.

I say lets put the cold war behind us, big nukes got us through it but it was at a level of risk we should now be able to avoid. The thought of spending 25 billion on Trident scares me, we'd have nothing left to give the bankers, a much closer and more malevolent threat than rogue states.

What's an enterprise SSD sale?


They have expertise and market share, to ignore them as a player would distort the picture.

Modern-day Frankenstein invents CURE for BEHEADING


Blackadder had a word on this...

Queenie: Oh come now Lady Farrow, crying isn't going to help your husband now.

Nursie: No! Ointment! That's what you need when your head's been cut off! That's what I gave your sister Mary when they done her. "There, there" I said, "you'll soon grow a new one.

Queenie: Shut up Nursie

'The Apprentice' is a load of old codswallop, says biz prof


Re: How would the professor know though?

well put. Its an outrage that Sugar puts himself forward as some sort of computer guru, his philosophy always was simply beating the shit out of suppliers - for most of them it was their last deal. His affordable PC breakthrough was a fire sale of ill-conceived non-compatible PC things.

That said, I do find his judgement good, he sees through most or all of the cuntestants pretty easily.

As others bemoan, something with the germ of an original idea and some real progression would be so much better than all the vapid marketing bollocks.

Apple threatens ANOTHER Samsung patent lawsuit

Thumb Up

Re: Another one?

"legal beagles" - what a fantastic strapline.

For those that don't have a tradition of fox hunting - the unspeakable in pursuit of the uneatable according to Oscar Wilde, beagles are the repulsive pack dogs that live in compounds eating the discarded carcasses of stillborn farm animals.

Once in a while, when their masters decide, they get to tear a real live functioning animal to shreds.

Not much like patent lawyers then...

The future of cinema and TV: It’s game over for the hi-res hype


Re: interlacing

Downvoted twice - any reason?

I can't see why, its a balanced presentation of the case for and against interlacing. Interlacing is an easy existing method of increasing framerate at the expense of "specmanship" resolution, but there are issues with exactly what information it holds that make it difficult to know how best to upscale or interpolate the video.

Thumb Up


The article makes a good case for higher framerates and I agree totally. However we already have a solution that will halve the pixel count and double the framerate - its our old friend interlacing - a 1080i (note i not p) screen is what we need, within the existing frameworks, then move to higher non-interlaced framerates.

Interlacing is a really good method, only if the frames are shot at 48/50/60fps, like with a video camera - its rubbish if the source is 24fps film since the second field is simply delivered late. Interlacing with say 2 x 540 line (1080i) conveniently bridges the dilemna of motion and detail since on static shots its indistinguishable from 1080p.

It is justifiably unpopular in the codec world because you don't know if the two fields are part of a single exposed image or if they are two exposures, there is no easy way to benefit from the second field - shot at a different time - when trying to convert from i to p. . Also converting 1080p to 1080i looks blurry and is a waste of time since the temporal information is missing.

Charlie Miller to tell Vegas punters how to hack your car


read on

The OBD~II connector is a good starting point to probe the in-car system, that bit of it that you are attacking, directly. There are several papers that document how to move such an attack onto a corrupted music file, and then on to a fully wireless exploit through inevitable flaws in Bluetooth stacks. The killer is that once you can send CAN packets around you can entirely reprogram most things in the car - assuming you can get through the "hobbyist" grade security.

Try googling and reading the document titled: cars-usenixsec2011.pdf

"We modified a WMA audio file such that, when burned onto a CD, plays perfectly on a PC but sends arbitrary CAN packets of our choosing when played by our car’s media player".

They went on from there to a number of wireless attacks, the time-to-break depends on a number of factors, mentioned in the paper and hey, not a single hammer was used in the whole exercise.

BT boss QUITS telecoms giant for front-bench gov job

Thumb Down

Re: Unelected

Absolutely, loathsome scum the lot of them.

Are we going to get carpet-bombed with shite advertising concepts for trade and investment now?

Going under the knife? Avoid Fridays. Trust us, we asked a doctor


black wednesday

Fridays are bad but death rates rise 6% in one day on Black Wednesday - in June, when the new crop of junior doctors are unleashed. Still, you can't moan too much, it is free after all.

COLD FUSION is BACK with 'anomalous heat' claim

Thumb Up

Re: Reputations...

Why did you get downvoted for well-researched unbiased input?

Its easy to say that these people are idiots, they clearly aren't - though it is possible they have been duped.

I'm rather hoping they haven't.

Thumb Up

Re: Sure..

Thanks for that - glad to hear its in use now, took a while though didn't it?

Where's all the cheap Titanium then? Surely anything is better than the existing Ti process. I shall look it up,

thanks again.


Re: Has anyone actually read the paper?

> Nonsense. There's nothing like enough energy there to rule out chemical processes.

have a look at my earlier comment and calculations. The energy density in the reaction vessel is beyond Hydrogen.

It cannot be chemical but it might be electrical with a sneak wire.


Re: "It's presumably converting its mass into energy."

small addendum, sorry... the chamber volume was 20mm bore, so my worst case figure is now 263 MJ/L

Still 1.8 times better than the best though.


Re: "It's presumably converting its mass into energy."

sorry - it cannot be down to stored CHEMICAL energy in the device. The whole point is that it is stored NUCULAR energy.


Re: "It's presumably converting its mass into energy."

My calculations suggest it is really converting mass to energy:

The average energy output was 816 Watts - this was calculated using questionable methods but importantly the control (dummy cylinder) when fed with 810W produced a very similar temperature.

The average power input was 235W, the test duration 116 hours.

Therefore the device showed a nett energy output of 67kWh or 243MJ. simples.

The reaction chamber volume was quite small - a 5mm bore 33cm long.

The secret powder that was in there was measured as 0.3g only - barely a coating. The researchers rounded this up to a figure of 1 gram. I will evaluate also a worst case figure of 57 grams - if the bore was packed with solid Nickel.

The energy densities are quite astonishing, considering petrol is the most energy-dense common substance at 50MJ/kg, with hydrogen (in any phase) on its own at 145MJ/kg.

I calculate 800 Giga-Joules/kg if the 0.3g figure is to be believed.

My minimum (using 57g) is still 4200MJ/kg - about 29x solid hydrogen.

the researchers claim 183600 MJ/kg - with a few other worst cases in there, I make it 242GJ/kg.

It could be all down to "fiddling the electric" - but it cannot be down to stored energy in the device.


Re: Sure..

I'm not sure you're right on that. If you patent, for starters it lasts only 20 years, secondly you have to reveal the details - then others can extend the work possibly putting you out of business with their improvements.

Take Rolls-Royce, they only patent what others can deduce from reverse engineering, if the secret is hidden in the manufacturing process they keep it trade secret.

Look also at "the Cambridge Process" for producing cheap Titanium - patented, sold to Carlyle group by Blair and shelved indefinitely to protect vested interests.


Re: Please pass the Fluke TrueRMS DVOM

Good point, you read it so I don't have to (I'm at work)

Assuming no fraud with the meter, like changing the sense resistor, then a simple long duration test will soon exceed the kWh/kg of known battery technology. The DC-in DC-out test is fundamentally even harder to defraud.

Why are so many commentards getting violent over the matter?

Be cool, do the tests, play no part in the screeching self-censorship that paid science has to abide by.

If you've bought DRM'd film files from Acetrax, here's the bad news


we told you so...

how about, expiring DRM formats give you a voucher to redeem against a good old DVD? - you still have to cover the mechanical and distribution cost of the DVD, but then you get a hard copy.

Alternatively, a token that allows you to download an "illegal" DRM-free copy of the film without risk of prosecution, since you've paid the royalty?

Securo-boffins uncover new GLOBAL cyber-espionage operation


Re: cache poisoning

sorry, that was bollocks.

I just read the paper properly, the researchers call it "the Safe campaign" and do not mention safenet except as a directory name. The disclaimer is simply to apologise for having to use the word, the report has to mention where the thing installs itself.


cache poisoning

Well, whist the malware does sometimes install itself into a directory called "safenet" (see copied text below), I think its a bit naughty to seize upon this for a name, it's a form of cache poisoning, despite the grovelling disclaimer. An internal name whilst it was being researched, fine, but someone should have pulled it out of the publication and kept the normal academic respect. Can you imagine if they had reason to call it MSword, or iTune?

The malware creators used the term "safenet" as a decoy and this should not be perpetuated.

here is what it does:

If User Account Control (UAC) is active, SafeExt.dll will be injected into

explorer.exe. Otherwise, the file is copied to %Program Files%\Internet

Explorer\SafeNet\ and registered as a Browser Helper Object (BHO).

Yet another Cabinet-level ID card farce


Paper driving licenses - I've had the same one for 24 years even though I've moved 3 times since then , and filled in the new address and sent it to DVLC to have points put on it :-( . It still comes back with a few more handwritten endorsements. I hate things that put you the wrong side of the law after some stupid time-out expires - i.e. for no valid reason.

I love the use of the cooling tower from Brazil - still the best film of all time.

UK faces hacking doom, but think of the money, security startups!

Thumb Up


OED definition:Cyber- relating to or characteristic of the culture of computers, information technology, and virtual reality.

Cyber attack and cyber security are reasonable terms for a minister to use, they're good at baby-kissing and, one hopes, policy. not IT.

Ok cyber-terms not as definitive as infosec - but even that's geekily overabbreviated, a bit too "street" for a politician.

We should welcome this initiative as an unusually well thought-out plan marrying the traditional UK strengths in this, to a bold position predicting that IT security will be a key technology in the near future, more so even than now and that government needs to get involved to put the UK in a position where we have a safer cyberspace for rent.

Spooky action at a distance is faster than light


Re: Speed of light fallacy

To me its one of the enduring mysteries, why is it that "information" has physical properties?

In this case the signals will travel faster than light, as the remote particle "uncloaks" in order to complement the near one. BUT, no information is transmitted, you just get complementary truly random streams of bits.

~What is the difference therefore between an information-carrying signal and a signal?

The only two other peeks we get into this world are Boltzmann and Shannon, particularly Shannon who combines information-carrying capacity and signal power -well signal-to-noise actually, but it does invoke real physical quantities and line them up against dimensionless quantities.

Furious Stephen Fry blasts 'evil' Reg and 'TW*T' Orlowski

Thumb Up


BTW, on GPS, "nor does the process involve any relaying of signals from satellite to satellite." - sure it does, absolutely, they constantly renegotiate their local time and local position between each other, and with respect to the ground stations. Oh and it is this process that relies on the atomic clocks mistakenly attributed to the internet.

As I said in the previous comments, the latest outrage regarding Turing's machine was not very far at all off the mark, and love or hate his voice-over earnings, he does have the humility to mention he knows nothing of Riemann's conjecture, or the Zeta function. ~The fact that he is interested enough in these things to introduce them to a mainstream unfed consciousness is a big plus point, even is it goes a little wonky in the translation.

Stephen Fry explains… Alan Turing's amazing computer


Re: Am I missing something?

I also can't find much wrong in what Fry says in this instance - OK he's conflated two similar things:

The idea of a universal computing engine - the mathematical concept - which executes a defined algorithm on a (read/write) paper tape, with a few simple instructions including HALT. This is a "Turing Machine" and is enough to cast various mathematical problems in a concrete and untinkerable manner, for instance the successive approximation to a square root requires decisions and recursive calculation that cannot be easily presented as an equation. One of the great problems of the day was whether certain algorithms would complete, ever, or not - the halting problem.

The first computers were indeed hard-wired in their "instruction code", to perform key-searches for instance, they just replicated an enigma machine in its logic (using specialised "instructions" for instance to rotate the code wheel number 3) and accelerated the output. - a bit like microcode within today's CPU's.

The idea of a reprogrammable computer is really a return to the purity of the universal Turing machine, where arbitrary problems including the enigma replication can be performed, but with a less optimised and more general instruction set. That luxury could not be afforded at station X - they needed all the efficiency they could get.

It's kind of hard to get all that detail into the short conversational statement from Mr Fry - but his value is in introducing the interesting concepts, even being interested in the first place. I will applaud that.

Nature pulls ‘North Korean radioactivity’ story


Streisand effect?

What has this story got to do with staring at the back of a spoon and noticing that you look like Barbara Streisand?

Helium: Can it prevent the onset of Shingles?

Thumb Up

Re: More explanation please

I don't think that's the answer, the drag heating will be the same, fuelled as it is by viscosity - and note that it heats the gas not the platter or head.

The thermal conductivity of Helium is indeed 5x better but this is a forced-air cooling as the gas will be whipped around - the heat will be conducted away by bulk mass flow not by diffusion. OK there is diffusion across the boundary layer to the casework, but this should be a small term.

So, thanks for the suggestion, but the question remains open as far as I can see it.


Re: More explanation please

I don't get it either - just looked-up the viscosity of Helium gas, which I had expected to be smaller due to its lesser degrees of freedom, but its the same more or less as Nitrogen. So I can't see how the platter friction will have been reduced.

My aerodynamics is limited, there are more factors in there than pure viscosity, but to me it looks mostly like a pure shear load of head plane against disk plane - which is viscosity by definition.

I'm sure they won't have spent years developing stuff that doesn't even work on paper, so what is the magic factor they are able to manipulate in this technology then?



Biting the hand that feeds IT © 1998–2020