* Posts by Adam 1

1614 posts • joined 7 May 2012

Square Kilometre Array precursor shrinks 5TB of data to 22MB – every second!

Adam 1
Silver badge

Re: Firehose of data ...

I'm sure HPE are on top of it.

0
0

Meet 'Moz://a', AKA Mozilla after it picked a new logo

Adam 1
Silver badge

Re: The next Big Thing

> CHRØME

Pretty sure that's a bookshelf in IKEA.

10
0

Li-ion tamers: Boffins build battery with built-in fire extinguisher

Adam 1
Silver badge

Re: Cars

> Wouldn't want to be around when a petrol tank went up either

I agree. The fire would be very hot. (Or were you like most people expecting some form of explosion?)

1
0

Stanford boffins find 'correlation between caffeine consumption and longevity'

Adam 1
Silver badge

Re: And what about your heart?

What does in large amounts mean? And over what timeframe?

Tbh, having large amounts of coffee, it's going to be the cholesterol (from milk) and the sugars that get you rather than the caffeine.

0
0
Adam 1
Silver badge

With having to type in that handle at sign in, I'm surprised that you ever have enough time to bother with a comment.

0
0

Google reveals its servers all contain custom security silicon

Adam 1
Silver badge

> These requirements limit the ability of an insider or adversary to make malicious modifications to source code and also provide a forensic trail from a service back to its source.

So they trust the compiler then?

0
0

McDonald's forget hash, browns off security experts

Adam 1
Silver badge

> McDonald's main website that could be fodder for phishing attacks

But those URLs are coming from the wrong McAddress.

/Sorry. I'll grab my McCoat now.

15
0

Mr Angry pays taxman with five wheelbarrows worth of loose change

Adam 1
Silver badge

Bull!

4
0
Adam 1
Silver badge

Re: one wheelbarrow shall be known as 1Whb

Sorry Phil, a common mistake, like people confusing light-years with speed rather than distance.

Whbs aren't a measure of wealth but rather a measure of frustration or angst.

Usages:

* He was so rude to me, I hope the next guy pays with 2 Whbs!

* These #£&+ mosquitos are everywhere. Every time I get one another starts buzzing. It's like 7 Whbs.

* Is it so hard to put your phone on silent at the theatre. May the parking ticket machine return her 400 mWhbs in change.

3
0

Wi-Fi for audiophiles: Alliance preps TimeSync certification program

Adam 1
Silver badge

> “The protocol also determines which determines which device is going to be the master clock – there's a mechanism for devices to evaluate which is the 'best' clock,

I'm Spartaclock!

No I'm Spartaclock!

No I'm Spartaclock!

8
0

Oz government on its Centrelink debacle: 'This is fine'

Adam 1
Silver badge

Re: Communication

> They are as factual as the accuracy of the information provided to the ATO and centerlink

No. You are either ignorant of the issue or trolling. They are not using the information provided to the ATO. The ATO doesn't hold income per fortnight. Centrelink have inferred that fortnightly ATO figure through a patently flawed algorithm.

It is outrageous to falsely accuse a person of fraud, send in the debt collectors (oh hi there credit ratings) and not have sufficient resources to deal with challenges from people who have evidence to show they were indeed entitled to those benefits.

It's not just 'dole bludgers' who should be worried by this crazy math shoot first ask questions later behaviour. Should we apply this logic to pension asset tests or family tax benefit?

A few years ago I lost elegibility to part b after a pay rise in one of those perverse getting a rise leaves you worse off cases that makes living wage an interesting idea. The same 'logic' applied here would have seen me being asked to repay a debt I didn't owe.

If they are moving into speculative invoicing, then here's a thought. Anyone found to have been incorrectly accused should be paid at minimum wage for their reasonable time in producing the evidence and their refunded amount should be returned at government bond interest rates.

5
0

Feds cuff VW exec over diesel emissions scam

Adam 1
Silver badge

Re: Nothing new here

Opel have been caught with something slightly more subtle. It only operates it's emission controls in a very narrow temperature range which luckily coincide with lab conditions. It doesn't operate whilst revving beyond 2400 rpm which again luckily isn't needed in the lab. That it hops out the way when you give it the beans isn't surprising (safety first), but the fact it remains off even when the engine is just ticking over once the need for hard acceleration is done means that in real world city stop start driving you will likely disable the emission controls on pretty much every trip. That doesn't excuse VAG. There is enough criticism to go around.

1
0

Top cop: Strap Wi-Fi jammers to teen web crims as punishment

Adam 1
Silver badge

Re: Why would this happen-

> Far better than giving kids a new tool to go and harrass others with.

Look it has a few minor challenges but at least the device can't be disabled with a few layers of aluminium foil....

0
0

Verizon is gonna axe its 'unlimited' data hogs

Adam 1
Silver badge

Re: Off Topic: Whoopee! El Reg has HTTPS! Almost

It's a cloudflare certificate, so at least the initial hop is encrypted. Doesn't mean traffic between cloudflare and El Reg is encrypted. It might be but you can't tell. Anyway kudos for removing prying eyes from at least the most vulnerable link.

2
0
Adam 1
Silver badge

Re: Maths!

> Were you involved with the Australian Census?

No you have me confused with someone else. I've been working on an innovative welfare compliance system where we crosshatch tax records, divide a magic number by 26 and assume every fortnight is paid equally then send out the debt collectors.

4
0
Adam 1
Silver badge

Re: Maths!

@Oengus

Makes sense though. Fibre only has a very small diameter so you can't fit much light through it. But look at all the light you can fit in the outdoors. Clearly that gives much more bandwidth.

8
0
Adam 1
Silver badge

Re: To all the wireless carriers...

> "Unlimited" doesn't mean "infinite",

Absolutely correct.

> it just means there are no pre-set limits.

No, you should have stopped at infinite.

It means that they don't have a limit that you can violate. If you wanted to put a number on it, an ADSL2 line can in theory download 25Mbps. There are 2678400 seconds in a month. There are 8 bits in a byte, so

2678400 * 25 / 8 = 8370 GB per month.

Don't call something with limits unlimited. At its kindest, that is a bait and switch scheme.

16
0

Australia telcos warn: Opening metadata access will create a 'honeypot' for lawyers

Adam 1
Silver badge

> The take-out-the-trash timing of the review, announced in the afternoon of Friday December 23, meant Vulture South missed it at the time.

Not quite. I emailed Simon with the ag.gov.au link on 23 Dec and he replied with a link to this saying we're on it.

Glad it's being picked up in its own right though. It seems to my reading to be just waiting to be abused. It doesn't take too much imagination for some jilted partner who knows the WiFi password to ensure some less tasteful/borderlining illegal websites make an appearance in the ISP logs and then use that in some custody hearings to argue why the other should not be allowed near kids. It is also not beyond imagination that a business partner wanting to escape some contract responsibility could generate the appearance of SMTP traffic to a recipient which wound strongly indicate that confidentiality clauses had been breached.

My 2c. The retention policy is an expensive way of generating large haystacks and it should be scrapped. My visits to el Reg or any other site are not in my ISP logs. Only connections to my VPNs endpoints, and they don't log. Legislators should try harder to understand the systems they are trying to regulate and stop with the do something brigade logic. Otherwise we end up with π == 3 laws.

0
0

Amazon files patent for 'Death Star' flying warehouse

Adam 1
Silver badge

Re: Reloading

African or European? Or does it depend on the weight of your order?

6
0
Adam 1
Silver badge

Re: Nothing new here...

> You're overlooking the obvious flaw: the descent would need to be controlled and hence would require power

At 45000 feet this object will contain a lot of potential energy and very little kinetic energy. As it drops, most of that potential energy gets converted into kinetic. Even commercial jets use a ram air turbine for emergency instrumentation power in the event of fuel exhaustion or other engine failures. Flight calculations are relatively modest unless you start trying to get into weather modeling or something. We are talking iPhone battery levels of power.

Actually, come to think of it, maybe if they use a note 7 battery, they weeks then have a good rocket to launch the drone back to the mothership.

0
0

Virgin America mid-flight panic after moron sets phone Wi-Fi hotspot to 'Samsung Galaxy Note 7'

Adam 1
Silver badge

Re: This leaves open all sorts of pranks!

It's already done. Google WiFi pineapple.

2
0
Adam 1
Silver badge

Re: Two things

I am totally against people bringing lions onto aircraft; especially in hand luggage.

30
1

NIST requests ideas for crypto that can survive quantum computers

Adam 1
Silver badge

No sympathy from me. Clearly using encryption makes you a pedoterrorist.

Now that's off my chest, I can continue with the broadcast of my simulation of a very long running game of heads or tails.

1
0
Adam 1
Silver badge

Re: NIST requests ideas for crypto that can survive quantum computers

It's even easier though* given quantum computing. Bob can tell if the qubit from Alice has been observed by the waveform collapsing. Makes a very nice key exchange channel.

* It's getting the quantum qubits to survive without near absolute zero and for more than a handful of milliseconds that's the hard bit.

0
0

Support chap's Sonic Screwdriver fixes PC as user fumes in disbelief

Adam 1
Silver badge

Why so much trouble. They always put extra screws in as evidenced by the leftovers once everything is reassembled.

42
0

Australian Internet policy remains years behind reality

Adam 1
Silver badge

You mention a consultation period. I need to clarify for context, are we referring to a Brandistanian consultation, or something more Gleesonesq?

1
0

Ham-fisted: Chap's radio app killed remotely after posting bad review

Adam 1
Silver badge

> I think most companies are smart enough to realise the negative PR would cost them far more.

So you're suggesting that Oracle will probably try it?

52
0

NASA – get this – just launched 8 satellites from a rocket dropped from a plane at 40,000ft

Adam 1
Silver badge

Re: How do you get that through baggage handling?

I don't see a big problem getting it through. It may be a solid rocket booster and oxidiser so there is a small risk, but it's not like they're launching something really risky like a Note 7.

1
0

Sysadmin 'fixed' PC by hiding it on a bookshelf for a few weeks

Adam 1
Silver badge

Re: deja vu

Well no doubt German has a word for such types of work being performed by a Danube steamboat captain.

2
0

Security! experts! slam! Yahoo! management! for! using! old! crypto!

Adam 1
Silver badge

You are right in pointing out that the brokenness of md5 isn't the key issue here. I mean, broken when talking about cryptographic hashes is a technical term which basically means that there is a more efficient algorithm to discovering the input than to brute force it.

It's big flaw here is that we have much better hardware now and can do most of the computations on GPUs at rates best measured in "billions per second". That makes brute force attacks for passwords under 7 characters practical and dictionary attacks highly likely to spill the beans in a substantial percentage of records.

Collisions just get you another password that the system would accept. In other contexts they are more worrying. The following link gives 2 example executables that do different things but have the same md5 hash.

http://www.mscs.dal.ca/~selinger/md5collision/

But at the end of the day, it's much less effort to try hundreds of billions of combinations of words, common letter substitutions, common prefix and suffixes and passwords found inside plaintext password dumps. The attackers here won't be worried if they can't unlock all accounts. Even if it's "only" tens of thousands, they can still use it as a steppingstone to attacking other services a user might have, doing a ransomware on flickr photos or whatever or resetting passwords for other non yahoo services they find emails for.

1
0
Adam 1
Silver badge

The big benefit with salting is that you can't leverage knowledge about one user's password to determine someone else's. Md5 was considered a bad choice 10 years ago. Why were yahoo still using it is a big mystery. It is literally broken to the point where you can google the hash to reverse it.

If you aren't using salt, you find someone with the password hint "password is Bernie2016" and now you know what all those F1697D2047065D93EECFEC16D670CD61 hashes mean. At least with salt you have to brute force each user independently.

And now you have that detail, you can use enumeration attacks on other sites to see what other accounts are valid and then try your luck with the same password.

Lesson 1

Use a different password on each website, so your yahoo breach doesn't give away your other more important passwords.

Lesson 2

Use long passwords. 4 random English words (like random, not quotes, verses or xkcd comics). This will guarantee that it is easy to memorise and type yet is too much entropy to exist in a rainbow table.

Use a password manager if you find that easier.

7
1

HPE 3PAR storage SNAFU takes Australian Tax Office offline

Adam 1
Silver badge

Trick question

There's no such thing as an untested backup.

0
0

Nice NBN rival you built there. What a shame if someone taxed it

Adam 1
Silver badge

Re: Whaaa...?

> wouldn't it be simpler to make it a "Internet not delivered by NBN tax" tax.

Simpler maybe but politically unpalatable. It makes it impossible to not look like your trying to ruin a business model. To be honest, I'd rather they funded it from general revenue. It is useful infrastructure with a long shelf life* and will add to GDP and hence future revenues, plus borrowing is still at an excellent rate.

*FTTP, not the crappy FTTN half arsed obsolete before it's finished crap.

> would assume this pretty much impacts every mobile phone (cell phone for our American readers) bill too.

No. It won't impact mobile. From the linked proposal:

"... which will require all eligible fixed-line superfast broadband networks to make a proportionate contribution to the long-term cost of these services"

4G isn't fixed line.

0
0
Adam 1
Silver badge

Re: Whaaa...?

It's just a money go round. The "tax"is really the built in cross subsidy amount and gets around the problem of tpg et al cherry picking the profitable high density rollout sites and leaving NBN to do the less profitable and loss making sites.

In principle it makes sense but I'm not convinced they have thought it through (law of unintended consequences). Will tpg just spit out a new 24.999Mbps fibre plan to sit just below the cut off point? Will Telstra or Vodafone provide faster services than the cut off point but be exempt because they're not fibre? Of course they will.

3
0

Icelandic Pirate Party sails away from attempt to form government

Adam 1
Silver badge

Re: Nice

I can't comment on Iceland specifically, but generally speaking minor parties would be weighing up the short term influence they would hold in a coalition against the base who get angry when their hobby horse issues are horse traded. Many minor parties who find themselves in a coalition or even guaranteeing support in a hung parliament find their own base abandons them at the next election. Add to that that many minor parties don't have an obvious viewpoint on issues not in their field of concern means they can find their candidates splitting on those issues (particularly in a hung parliament where every vote counts). The leader might agree to some trade deal only for someone else in the party to vote against it.

5
0

Beancounter nicks $5m from bosses, blows $1m on fantasy babe Kate Upton's mobe game

Adam 1
Silver badge

Re: I wonder how anyone can be that stupid

As opposed to pokies?

2
0

Samsung, the Angel of Death: Exploding Note 7 phones will be bricked

Adam 1
Silver badge

Re: Maybe they should...

> I'm unconditional about it.

Er, uncomfortable. Bloody autocarrot.

6
0
Adam 1
Silver badge

Re: Maybe they should...

I'm unconditional about it. Without question there is a design flaw that poses a very real safety concern in a very small but significant percentage of these devices. Yes the recall should be mandatory, but this solution fails to take into account that risks are always relative to other risks. Perhaps there is a risk that someone in possession of such a device can't make an emergency call in a timely manner? A better approach would be to include a nag screen that pops up every minute and forces you to watch some recall notice in 5 different languages, and otherwise limits the apps it will load. There are plenty of measures to make the experience so bad that laggers without a really good excuse will make the effort without adding any risks to safety.

1
0

'I found a bug that let anyone read anyone's Yahoo! Mail and all I got was this $10k check'

Adam 1
Silver badge

Re: Misread as $10

You are right. It was a terrible misunderstanding. The cheque was actually for $10!!!

0
0

Android, Qualcomm move on insecure GPS almanac downloads

Adam 1
Silver badge

Re: This will be fertile ground for attackers to check

Not sure how that would work. Definitely worth a look, but as I understand it this is just a "try these areas first" collection of data points. That is to say, it can't interfere with the positioning values themselves (via http MitM).

My old tom tom would take several minutes to find itself; you basically have to drop to that sort of brute force scan.

It is possible to believe that a malformed file could be misprocessed causing a buffer overflow or equivalent. Seriously though, if you want an easy way to pwn most android handsets, write a simple app with two threads, activate copy on write, load an executable owned by root and .... you know what, I'm not doing your homework, this isn't stack overflow here...

0
0

Robotics is coming on leaps and bounds – literally: Bushbaby bot most vertically agile yet

Adam 1
Silver badge

two things

> US Army backs droid for search and rescue missions

Yeah. That's definitely the use case they have in mind. The other one plays jingle bells.

> Roboticists

That has got to be the most awesome job title for your business card.

-- Adam 1 - Roboticist

1
0

Don't have a Dirty COW, man: Android gets full kernel hijack patch

Adam 1
Silver badge

I assumed this would have been fixed long ago

At least there is no way for an evil app could get itself root access. Oh wait....

Come on Chocolate Factory. You get all 90 days on other vendors.

0
1

Sony kills off secret backdoor in 80 internet-connected CCTV models

Adam 1
Silver badge

> you can login as root and get command-line-level access to the operating system if you can crack these password hashes:

$1$$mhF8LHkOmSgbD88/WrM790 (gen-5 models)

iMaxAEXStYyd6 (gen-6 models)

---

In that case I'll be extra careful to not Google those hashes in a day or two.

0
0

Local TV presenter shouted 'f*cking hell' to open news bulletin

Adam 1
Silver badge

Re: Who cares?

I know it's only Tuesday, but @gazthejourno for FotW.

4
0

Apple blames air for iPhone 6S's narcolepsy

Adam 1
Silver badge

Tbh, it's not the premature shutdown on a galaxy note that would worry me about their batteries.

0
0

'Toyota dealer stole my wife's saucy snaps from phone, emailed them to a swingers website'

Adam 1
Silver badge

Going for a walk alone in the wrong part of town is going to result in a mugging or worse. Leaving your iPad on the back seat of your car in some poorly lit car park is going to result in a smashed window and no more iPad.

None of this excuses or reinforces the behaviour of the perpetrators. It's simply a recognition that there are injustices in this world. We can chew gum and walk here.

8
1

UCam247 tells El Reg most of its cams aren't vulnerable to GET vuln

Adam 1
Silver badge

clearly fake

> IoT security camera vendor ...

and

> A new firmware is due to be released within the next couple of weeks

Clearly a real IoT product would never release updated firmware to fix things

2
0

Google's Project Zero tweaking Microsoft, because it did fix a bug

Adam 1
Silver badge

Re: accidental fix

Well that pretty much describes windows update. Here's a font vulnerability fix that breaks outlook.

Seriously though, it is the responsibility of the original developer to create sufficient test case coverage that my fix gets rejected by the build server. Apart from the most egregious introduced bugs, if someone breaks functionality that I wrote, I ask myself:

* Did I adequately name the variable/parameter/method/field/const/enum/class/whatever?

* Did I include a comment where what is being done is obvious but why it's done less so?

* Did it structure my code with single responsibility principles?

If the answer to those is no then I tend to blame myself.

0
0
Adam 1
Silver badge

accidental fix

It happens with software all the time, where by the time a specific bug bubbles up through onto a sprint, it has been coincidentally neutered by another fix or improvement. It can also happen when a developer working on an unrelated ticket stumbles upon the initial problem and fixes it at the same time, legitimately believing that it had never been reported. Obviously not saying that this is definitely what happened here, but let's not feign surprise about something that would happen in a product as big as windows at least daily has indeed happened.

5
0

Adblock again beats publishers' Adblock-blocking attempts

Adam 1
Silver badge

Re: Why is this even a discussion?

> But the publisher can tell if ads are being loaded or not

To do this they need to wait for the ad content to download and render before delivering the content. With video or animations that is impossible. Even for simple images or text you would be adding substantial lag to your page display time for the 80%ish users who aren't using them.

Current detection approaches involve making using JavaScript to fetch a beacon from the ad network and then detect whether that download is blocked. The simple counter measure allows such beacons to download but it does prevent simple hosts file blocking of the whole network.

There are other possible measures. Many moons ago I had to deliver a "way too complex for html of the day" report over the web which ended up being a dynamic png rendered on the server side. These days you could do it with html5 and angular. It was an absolute usability nightmare. You could get dynamic screen sizes to be taken into account and image map out hyperlinks but it was non trivial. It also made it inaccessible to screen readers.

I'd like to think that websites would not screw up everyone's experience to spite the relatively small proportion of users who bypass their ads. Then again, we are already stuck with animations that interfere with content, fake download buttons, etc all apparently in the name of supporting websites so yeah.

3
0

Forums