* Posts by Adam 1

1821 posts • joined 7 May 2012

Blunder Down Under: Self-driving Oz cars still thwarted by kangaroos

Adam 1
Silver badge

Re: What about wombats

> Not to mention the drop bears

Well short of fitting a couple of nukes to the roof*, I'm not sure there is a solution to the drop bear attack.

*Even that is probably just going to piss them off. Best just to succumb to your fate and pray it happens quickly.

0
0

Australian govt promises to push Five Eyes nations to break encryption

Adam 1
Silver badge

Re: Imminent danger.

I disagree. I have complete confidence that George Brandis is exactly the guy you need when trying to balance personal freedoms against safety.

1
0

US engineer in the clink for wrecking ex-bosses' smart meter radio masts with Pink Floyd lyrics

Adam 1
Silver badge

Re: Well, at least he has good taste in music

If he wanted a lighter sentence, he could have just come up with a scheme to bundle junk loans into credit default swaps.

9
0

Queensland Police want access to locked devices

Adam 1
Silver badge

sounds reasonable

After all, Qld police have never in the past misused their powers.

3
0

Smart burglars will ride the surf of inter-connected hackability

Adam 1
Silver badge

Re: Link mayhem

ICBMaaS?

0
0

AES-256 keys sniffed in seconds using €200 of kit a few inches away

Adam 1
Silver badge

Re: AES was not cracked, cut the click bait

And I should acknowledge the title has been corrected (thanks) from "AES-256 crypto cracked in 50 secs using €200 of kit one metre away" to "AES-256 keys sniffed in seconds using €200 of kit a few inches away". If you didn't see the original headline then my comment definitely seems unreasonable. Wayback machine caught the original.

3
0
Adam 1
Silver badge

Re: AES was not cracked, cut the click bait

> So it's not clickbait, it's a real issue.

I think you have missed the point on why I have called it out as click bait.

Just because something is a real issue doesn't mean it isn't misdescribed or exaggerated in order to get you to read something. That an implementation of AES can be oracle"d this way is very serious.

AES is a description of what should be done to a byte stream to encrypt a secret with a key and how to get that byte stream back knowing the key. For a crypto algorithm to be broken means that I am able to decode the byte stream cheaper than attempting every possible key in the keyspace.

As far as I am aware*, AES is still not broken, and this technique, whilst novel and even significant, shows a faulty implementation of AES, not a fault in AES generally.

*if some TLA does crack it then don't expect them to scream it from the roof top.

7
0
Adam 1
Silver badge

AES was not cracked, cut the click bait

A poor* implementation of AES permitted a side channel oracle attack on the key.

*That's not a criticism of the implementation. A non-poor implementation is really hard to achieve. A good implementation will not have a different profile between a correct and incorrect guess at part of the key.

19
0
Adam 1
Silver badge

obviously...

The government needs to ban software defined radios.

6
4

Apple, LG, Huawei, ZTE, HTC accused of pilfering 'find my phone' tech

Adam 1
Silver badge

Re: I'm baffled

You must have missed this bit then:

"filed suit in the East Texas District Court"

5
0

PC rebooted every time user flushed the toilet

Adam 1
Silver badge

Re: A big job.

But was it severity 1 or 2?

14
0

Cisco's 'encrypted traffic fingerprinting' turned into a product

Adam 1
Silver badge

Re: It's an old idea

All tor packets are the same size. Any malware with a c&c server that is remotely a threat is using the dark web to make it hard for law enforcement to locate.

Also, with any modern crypto you can't differentiate the byte stream from random. If you can via DPI then we all have much much bigger problems.

Maybe some sort of crypto downgrade attack might be possible during the negotiation phase to something practical to brute force (and the Muppets in charge still like the idea of backdoored encryption, will they ever learn from past mistakes).

0
0

Tesla death smash probe: Neither driver nor autopilot saw the truck

Adam 1
Silver badge

Re: Bleh

Firstly with g/G, I read g as a unit of mass but whatever floats your boat. I was originally going to convert to N but that makes the sheer forces more difficult for someone who hasn't studied physics to comprehend. I don't think that central to my point. There are some pretty unrealistic assumptions in my 25x acceleration due to earth's gravity at some specific location and altitude.

Firstly, I was very generous with the amount of distance the car has to crumple. Having no engine up front certainly improves that, but you don't get 25G resistance equally across the whole collision. So if the first part of the crumple is say 4 or 5G, the remaining parts must increase well above my quoted figure.

Secondly, there is a velocity squared relationship here, so 33ms-1 is 4 times the energy to dissipate as 16.5ms-1 all else equal (not double as many people assume).

Thirdly, I'm not aware of any crumple zones that are able to be dynamically strengthen or weaken their rigidity based on collision speed. I am only guessing here that they pick a set of materials that get progressively more rigid the closer to the T cell you get. I guess it may be possible to use explosive charges to selectively weaken panels during an accident but I'm not aware of any production car that attempts anything like that.

0
0
Adam 1
Silver badge

Re: Bleh

Some quick back of the envelope calculations show that had such bars been present and the car collided at the same speed then this would be circa 25G of deceleration.

Airbags are a great safety feature of modern cars, but you ain't surviving 25G. Your soft brain will collide with your not soft skull that'll see to that. The only help such bars may have been in this accident is that it might have showed up on the radar/camera/lidar/whatever and the autopilot may have stopped. (The bars would improve survivability of much slower speed collisions though.

11
0

Honda plant in Japan briefly stops making cars after fresh WannaCrypt outbreak

Adam 1
Silver badge

Re: The price you pay for using generic OS for industrial control

> I suspect it is more down to shitty vendor's software that breaks easily with MS patches

Reminds me of the time about a year back when this obscure little product named Outlook 2013 was broken* by a Windows 7 patch Tuesday "fix" that took them 2 or 3 goes to get right.

* As in, crash on every launch and not fixed by a reinstall of Outlook.

5
0

'OK, everyone. Stop typing, this software is DONE,' said no one ever

Adam 1
Silver badge

a couple of orders of magnitude off

I have seen viewmodels with over 10,000 lines of code*. Apparently Single Responsibility Principle is the Single Responsibility Suggestion in some parts of the world. Windows as an example is circa 50,000,000.

* Yes, I wish I was joking too. And it very much was not defect free.

3
0
Adam 1
Silver badge

Re: Hammers

Shirley that's "Stop, Hammer time!"

26
0

WhatsApp app in flap over chap's snap of URL mishap

Adam 1
Silver badge

Re: unclear

Well that's a big fat fail then. That means any http link is completely transparent to your ISP/BOFH/any other MitM you care to name. Even https could expose some parts via DNS. What's the point of this feature? So you don't ever see a 404?

1
0
Adam 1
Silver badge

unclear

The log is from server side. The question that I would have is whether that http client is on the local device or from WhatsApps servers. If it is from the servers then it doesn't reveal the user's IP. I would like to see a fiddler log proxying the mobile device itself.

2
0

When corporate signage goes BAD

Adam 1
Silver badge

Re: And now for our mobile readers...

> And now can you outline the sexual innuendo because I'm just not seeing it.

Gaw'n, give him one.

1
0

As you head off to space with Li-ion batts, don't forget to inject that liquefied gas into them

Adam 1
Silver badge

Re: Use a liquid instead of a liquid?

I think they should use condensed evaporated melted frozen liquids instead.

15
0

Software dev bombshell: Programmers who use spaces earn MORE than those who use tabs

Adam 1
Silver badge

Re: tabs take fewer keystrokes

Who said anything is wrong with vi? It's a text editor and a perfectly good one if you can get past its steep learning curve. I simply made the point that with modern IDEs, you don't type in spaces or tabs.

0
1
Adam 1
Silver badge

Re: tabs take fewer keystrokes

Unless your still programming in vi, I don't think you are actually typing these spaces. Of the 2 modern(ish) IDEs I've used this week, pressing enter will indent automatically to the same point on the next line. Opening a brace and pressing enter will indent you one more. Closing will unindent.

Heck, resharper will with a keyboard shortcut automatically apply the standard company wide formatting rules across a whole file/project/solution.

9
2

Fighter pilot shot down laptops with a flick of his copper-plated wrist

Adam 1
Silver badge

not necessarily

The placebo effect is indeed clinically real. The real wtf thing is that there is still clinically measurable effect when the patient is told it is a placebo.

51
0
Adam 1
Silver badge

Re: Ashes to Ashes

Not surprised, given the number of times I have commented that this hp will be the end of me.

31
0

Sorry to burst your bubble, but Microsoft's 'Ms Pac-Man beating AI' is more Automatic Idiot

Adam 1
Silver badge

give it a real difficult problem...

... like trying to create a user account in Windows 10 without syncing with the mothership

15
1

Crouching cyber, Hidden Cobra: Crack North Korean hack team ready to strike, says US-CERT

Adam 1
Silver badge

and here I was ....

... thinking that Wannacry was simply an NSA exploit that escaped and got taped onto some ransomware delivery platform by some crooks.

Whilst I'm happy to take on their word that such crooks operate out of the hermit kingdom, perhaps a different take out lesson is to not hoard security vulnerabilities.

3
1

Australian oppn. leader wants to do something about Bitcoin, because terrorism and crypto

Adam 1
Silver badge

completely agree with Bill (on this)

Convicted terrorists should not have access to Bitcoin.

/That is what he meant right?

0
0

Telegram chat app founder claims Feds offered backdoor bribe

Adam 1
Silver badge

Re: Trucrypt

Nah. We have https comments now, so it's all good. It is TLS all the way .... to the cloudflare CDN.

2
0

Voyager 1 passes another milestone: It's now 138AU from home

Adam 1
Silver badge

+1

That is some proper boffinery.

13
0
Adam 1
Silver badge

Re: Well light is rather slow

Light speed, too slow?!

Yes, we're gonna have to go right to…ludicrous speed!

14
0

Firefox 54 delivers sandboxes Mozilla's wanted since 2009

Adam 1
Silver badge

> Mozilla argues that Chrome's habit of spawning a discrete browser engine for each tab consumes wasteful quantities of memory and slows computers.

Ah, Mr Pot. I see you have met Mr Kettle.

11
0

Fuji Xerox's chairman resigns over 'improper accounting'

Adam 1
Silver badge

Nothing to see here. Most likely just a small group of rogue engineersaccountants.

1
0

Five Eyes nations stare menacingly at tech biz and its encryption

Adam 1
Silver badge

Don't worry. We've got Senator "metadata" Brandis to ensure that the public are protected from extra-territorial abuse of such a process.

CONTENT CAUTION: The linked transcript has been known to induce the following symptoms: crying, hysterical laughing, nausea, confusion, despair, anxiety, bewilderment, and total agreement with Walkley Award judgement criteria. Reader discretion is advised.

2
0

Specsavers embraces Azure and AWS, recoils at Oracle's 'wow' factor

Adam 1
Silver badge

Re: Subheading

Eye see what you did there.

0
0

Lockheed, USAF hold breath as F-35 pilots report hypoxia

Adam 1
Silver badge

Re: Is this part of...

And why not. I imagine the main limitations on performance are the meat bags inside who you need to keep alive. There is only so many G's of force that a pilot can survive, let alone function within. Plus they need air, water, waste disposal, ejection seats, parachutes etc.

I would have thought it more effective to have a swarm of hundreds or even thousands of drones if you are spending north of a hundred mill a pop.

12
1

Donald Trumped: Comey says Prez is a liar – and admits he's a leaker

Adam 1
Silver badge

> "Although Mr Comey testified he only leaked the memos in response to a tweet, the public record reveals that the New York Times was quoting from these memos the day before the referenced tweet"

Setting aside the interesting interpretation of today's events by one lawyer for a moment, is there any truth in that statement?

6
0

Infosec guru Schneier: Govts WILL intervene to regulate Internet of Sh!t

Adam 1
Silver badge

simple (in theory)

Specify that remotely exploitable vulnerabilities that could lead to data being exposed, devices being bricked, local networks being accessed, the device being reprogrammed, etc as being a "major fault", triggering consumer protection laws.

So when [iot vendor] sells [new and shiny] and then 6 months later fails to provide a security patch, products can be returned for a refund/repair/substitution. Actually this for mobile phones too please.

2
0

Senator blows a fuse as US spies continue lying over spying program

Adam 1
Silver badge

But terrorists! And the other monsters under your bed. We need more funding pronto.

3
2

Russian hackers and Britney Spears in one story. Are you OK, Reg?

Adam 1
Silver badge

Re: Hit me baby one more time?

> Turla espionage tool has repeatedly re-emerged since its discovery in 2014.

So if I'm understanding this correctly, they did it again?

13
0

Break crypto to monitor jihadis in real time? Don't be ridiculous, say experts

Adam 1
Silver badge

> So if the various Governments get together and come up with some scheme that makes it financially disadvantageous to offer these services then I'm sure all these "high minded" companies will abandon their principles and follow the money.

Here. Take a look of Product v2.0. Just like Product v1.8 but without all that privacy. Would Sir like to upgrade?

Maybe you are right that the 'WhatsApps' of this works saw the opportunity to be painted as the good guys in the fight against out of control mass surveillance. It doesn't matter. It is cheaper to provide end to end these days. We have seen this movie before. What happened when ABP introduced a new feature to let through some ads from marketers who agreed to their protection racket fees? Things like uBlock came along to do the exact same thing the old one did.

The signal protocol is public. The minute WhatsApp start using something inferior, they will stay to lose market share. First will be those techies who really care about privacy. Then the next time they get asked to install the new shiny ithing on behalf of a family member they will say "that used to be good but the new version is breaks your privacy, use this instead".

What is that bloody clunking noise. Sorry, gotta go. Someone left the stable door open again.

1
0

Hotel guest goes broke after booking software gremlin makes her pay for strangers' rooms

Adam 1
Silver badge

Re: ma1010 "Sounds like a lawsuit"

Geez a bunch of victim blaming going on here. Maybe their credit rating wasn't sufficient for a credit card. Maybe they don't want to pay fees. Who cares. They were still wronged and deserve reasonable compensation.

I had my visa debit card fraudulently used probably a decade ago. I was on a different continent and hemisphere to the shop claiming my purchase which made protesting the transaction much simpler, but I was still down a few hundred bucks for a week or so before the refund came through. The process is the same whether it's debit or credit. The difference with debit is that you are literally out of pocket until they sort it out. It is definitely a gotcha of debit cards.

14
0

Do cops need a warrant to stalk you using your cellphone records? US Supremes to mull it over

Adam 1
Silver badge

>> "My medical history is private."

> ...in an ideal world. This is not one of those.

I get where you're coming from, but privacy is an attribute of the information that is not lost but rather violated. The infamous icloud "hack"/"our passwords are crap" saw many private photos exposed to people that the subjects of those photos did not approve. They don't become non private just because someone dumps them on pastebin. The owner may no longer have a practical way of a asserting their right to privacy but that doesn't mean they don't have that right.

0
0
Adam 1
Silver badge

Re: Location services isn't binary

> At least on iOS, you can turn it on or off individually for different apps.

You can do that on android marshmallow or newer. You can also install (on any android version) a fake GPS app and convince the app you are elsewhere. Quite handy for testing your geofencing software feature works whilst simultaneously showing the pointlessness of geofencing on a device you don't control.

0
0
Adam 1
Silver badge

I think you might be somewhat confused over the meaning of private. My medical history is private. That means that I have the right of control over how that information is used and to whom it can be shared. I might choose to share it with my doctor because I trust them* and I am comfortable that it is beneficial to me. I might permit my doctor to share that information with a specialist. I might permit the specialist to share a very small portion of that information with my employer to assert fitness to work. Add my health insurer or hospital or ..... As you can see, it is no longer a secret, but it is still private. There may even me some reason to share this information with apps on your smartphone. Healthcare claim apps, flappy birds, it doesn't make a difference whether you think the app has a reason to know. The question is about informed consent and control. No more no less. So if someone chooses to let Google track every time they are at home or work or school or the shops or a place for their bowel movements, as long as they are providing informed consent, who are you or I to tell them they can't. Sharing with that company may be unwise, but that doesn't mean they don't have the right to choose who to share their private information with.

*that is independent of whether that party is deserving of that trust.

5
0
Adam 1
Silver badge

> The police went to mobile phone operators and retrieved four months' worth of location data that showed Carpenter was near each of the locations when they were robbed (or, more accurately, his phone was).

And what about all the other customers whose location data was uncovered during this fishing exercise? Why do they not deserve protection against unreasonable searches? I like the guilty being caught and charged as much as the next guy, but there is good reason why we don't give law enforcement a free for all, why we establish limitations on their powers to search or compel data. Balancing the right to not be interfered with in your day to day life against the necessity of catching the bad guys is the very reason that we have things like warrants.

1
1

Class clowns literally classless: Harvard axes meme-flinging morons

Adam 1
Silver badge

I, for one, welcome our new Harvard University overlords.

0
0

The nuclear launch button won't be pressed by a finger but by a bot

Adam 1
Silver badge

Re: We've already had a nuclear war.

Nah, the trick is to be far enough away from ground zero that you don't get smote but near enough that you still get superpowers*

* I would offer credit except I can't remember who originally made that joke.

0
0

Tech industry thumps Trump's rump over decision to leave Paris climate agreement

Adam 1
Silver badge

Re: cripple your own economy

> So where, and at what cost, is the backup generation/storage for when the sun don't shine?

An absolutely legitimate question. I am not a fan of picking winners. Let the market offer solutions. Most likely some mix of household battery, grid battery, pumped storage, demand shifting, home energy efficiency improvements and gas peaking plants.

Let me ask you a simple question. Do you think that in the next decade, electric cars with the range of one of today's car will be available at similar prices to today's cars? I don't think that's a big stretch. I also don't think it is a stretch to imagine a 100KW/hr battery sitting the cars in every other garage. That battery would run my house for 3 days.

As for the developing world, they are largely not going to be rolling out the distribution networks required by coal. In the same way their telecommunications networks are much more mobile centric than the West, their power producers are also going to be distributed small micro generators rather than GW scale plants. It is just a more economical way to do it.

15
2
Adam 1
Silver badge

Re: cripple your own economy

Cancelling the subsidies. I'd go for that. Can we cancel the diesel fuel rebates for the mining sector while we are doing this "let's not cross subsidise industries"?

There is a tipping point where solar becomes cheaper than coal. That happens this year for many places, even if you make others subsidise the cost of your carbon through higher healthcare costs and general insurance risks.

18
7

Forums

Biting the hand that feeds IT © 1998–2017