* Posts by DaLo

590 posts • joined 30 Aug 2012

Page:

Man facing $17.5m HPE fraud case has contempt sentence cut by Court of Appeal

DaLo
Silver badge

Re: Automatic halving of sentence

It's because there is no facility to extend a sentence unless another crime has been committed or new evidence received and it is returned to court.

Therefore you can't hand down a 9 month sentence but if they a very badly behaving prisoner extend it to 18 months. SO the court first doubles it to 18 months and then you can halve it for good behaviour or other circumstances. There are a few sentences which automatically qualify for a half life and a few that qualify for full term.

However it is in the prison service's (government's) interest to have well behaving prisoners who are let out of their very expensive prison cells and back into the wider world with as little hassle as possible. The prison system is much cheaper to run that way.

2
0

European MPs push for right to repair rules

DaLo
Silver badge

"and LEDs that likewise can't be replaced"

Can't remember the last time I had an LED die in a product where I would have wished to replace it. In fact I can't see how they could accomplish this as they will always be soldered in in nearly every product.

...hmm unless the author meant phone screens, LCD/OLED etc?

14
0

Say hello to Dvmap: The first Android malware with code injection

DaLo
Silver badge

Game: colourblock

Developer: Retgumhoap Kanumep

Source - the linked article with the full details of the whole infection process.

8
0

US laptops-on-planes ban may extend to flights from ALL nations

DaLo
Silver badge
Facepalm

"...however copying the same amount of files from my phone over that pretence at a usable data-transfer protocol called MTP would take at least 24 hours - despite the SD card being able to sustain 100+ MB/second for reads..."

If your data is on an SD card why would they try to get the data off over MTP?

5
0

Self-driving car devs face 6-month backlog on vital $85,000 LIDAR kit

DaLo
Silver badge

I was going to enter the self driving car business...

... but now I've read this line "... if you want to enter this space, and take on the likes of Waymo and BMW and Ford, you'll need deep pockets – tens of thousands of dollars per test vehicle" I'm not going to bother.

If I'd known it was going to cost me tens of thousands of dollars for a test vehicle I wouldn't have even considered this idea. I just don't have pockets that deep.

8
0

UK hospital meltdown after ransomware worm uses NSA vuln to raid IT

DaLo
Silver badge

I presume the running of exe from temp is for users only (non-PC admin). MSI and windows update require admin privileges.

However, the initial file is a PDF/Word doc that can create a non-PE file that could still encrypt files, or scan for an executable-allowed directory. Or they use a vulnerability in existing software that then uses privilege escalation - like the recent windows SMB bug.

1
0

New MH370 analysis again says we looked in the wrong places

DaLo
Silver badge

Re: Still no changes

Yes, exactly. You don't need the cable as it would probably snag and pull the buoy under. If it can signal immediately then you know where it crashed. If it needs to be detected by a local observer then you can calculate drift fairly reliably over a short period of time.

Either way it would be found within hours, not after some flotsam arrives on an island and you have to work out approximate drift patterns over the last x months.

4
0
DaLo
Silver badge

Still no changes

Even though there were a few planes in sea incidents and the highest likelihood that an international flight that crashes mid flight will land in the sea, why not create a simple search solution.

A mechanically operated pressure release switch* which will release a floating marker/battery operated distress buoy when it detects it is more than 10m underwater.

Having the marker signal stay hundreds of metres underwater with the plane and a 30 day countdown just make the chances of finding it sooo much harder.

*one that can't be disabled from the cockpit and doesn't rely on electric to operate.

8
1

Drunk user blow-dried laptop after dog lifted its leg over the keyboard

DaLo
Silver badge

Re: Ah, but progress...

Many laptops have fairly water resistant keyboards. If you spill something on them, rapidly unplug all connections and immediately turn them on their side (sometimes upside down depending on manufacturer).

Once you've done that pull the battery and proceed to remove the hard drive (yeah you won't get a clean shutdown but you're probably not running the companies ERP server from your laptop).

If it was something sticky and you aren't totally short of cash to buy a new one if it fails then spray water up at the keyboard to wash it out. If you are short of cash, with the laptop upside down, disassemble it and remove the keyboard (normally only a few screws and a couple of catches). Then wash the keyboard in warm soapy water, rinse and dry thoroughly. Dab the empty keyboard recess of the laptop with damp then dry paper towel.

Even though there is still a battery for the BIOS, quick action will usually save a modern laptop almost everytime.

No too dissimilar for a mobile phone - pull the battery (err, if you can else turn off) immediately then shake out excess water and chuck it in a bowl of rice, completely covered and put in a very warm area/on top of radiator for 24-48 hours.

6
0

Profit with just one infection! Crook sells ransomware for $175

DaLo
Silver badge

"...we just sort of look bemusedly at people who have these problems"

Others realise that they need greater RPO/RTO than tapes can deliver, need more flexibility, capacity, less manual intervention for a lower cost and want to be able to mount backups as VMs anywhere near instantly and get better than a simple verify check to ensure that their backups are consistent and databases mountable.

It is those people who look bemusedly at people who use tapes as a daily backup and not as an archiving tool and use a well configured, redundant and secure disk based backup system.

0
0

Android O my god! It's finally here (for devs)

DaLo
Silver badge

Probably not but it is an api for apps, so it is up to WhatsApp how they implement it.

0
0

Nokia blasts 250 Gbps across Atlantic in optical test for Facebook

DaLo
Silver badge

If you abbreviate a sentence so that it becomes nonsense then I would suggest the abbreviated form is not a good one.

How about "... in a field trial that showed off 200 Gbps and 250 Gbps using different wavelengths on a 5,500 km link"?

0
0
DaLo
Silver badge
FAIL

"...200 Gbps and 250 Gbps wavelengths..."

Interesting measure of wavelengths.

3
0

SpaceX yoinks $96m GPS launch deal from under ULA's nose

DaLo
Silver badge

Re: Strangley specific cost

In the 1850s Everest was measured to be exactly 29,000 ft. However it was changed to 29,002 ft so it didn't look like the recorded height was a vague/approximate measurement.

P.S. The actual height using modern instruments is 29,029 ft, so the original measurement, using theodolites and very difficult conditions, was remarkably close.

4
0
DaLo
Silver badge

Re: Supposed to launch in 2024?

And of course, having a helicopter hovering over a 'chute will not upset it at all. It will continue to glide down nicely as you snag it?

Anyone who has stood under a large Sikorsky will attest to the rather unsettling airflow that engages you.

0
0
DaLo
Silver badge

Re: SpaceX Development

"Hopefully in the next few months we'll get to see an actual launch on a recovered booster."

Next couple of weeks!

2
0

1.37bn records from somewhere to leak on Monday

DaLo
Silver badge

Re: So what's next?

" Has law enforcement been involved, can the police actually do something, will they actually do something, what?"

From the article:

Law enforcement was informed about the breach and the questionable activities it exposed. However, we cannot discuss those elements, because the agencies involved cannot comment on pending or ongoing investigations.

0
0
DaLo
Silver badge

Re: why would you believe a government "statement"

SteveD3 has confirmed it is not the Indian DB.

https://twitter.com/SteveD3/status/838321094146797569

2
0

UK's Virgin Media subscribers suffer fresh email blocking misery

DaLo
Silver badge

It may work for individual organisations, but when large ISPs start to use it (and especially when they publish that this is what they are using), how long will it still work?

3
0
DaLo
Silver badge

"This is to help sort out the mail servers from the spam bots out there. Spam bots typically won't retry; mail servers always retry unless they get a definite 5xx error."

Ahh, genius. There is absolutely no way that the spammers will be able to work around that amazingly inventive piece of mastery. I'm surprise it hasn't solved the spam problem for everyone for good.

12
1

Did your in-flight entertainment widget suck? It's Panasonic's fault, claims software biz

DaLo
Silver badge

"...FOSS based with undocumented changes and no access to it's source code."

Oxymoron?

0
0

'First ever' SHA-1 hash collision calculated. All it took were five clever brains... and 6,610 years of processor time

DaLo
Silver badge

Not just computationally impossible to find them, which may be a big ask as you could always brute force with enough computing power.

It is key that you cannot premeditatedly change a document and manipulate it to produce the same hash which is why this shows SHA1 as broken.

You may just find, unlikely but possible, that your picture of your cat creates the same hash as your contract for your house. However no one would expect that your solicitor got you to buy a house based on a cat picture.

If however you can work out that by changing a little bit of text you can then add extra text/bytes/graphics and work out what they should be to force a collision then it is broken.

If the only other hashes that exist for a document are all random garbage or completely unconnected to the original document as well as being impossible with current resources to premeditatedly work out then it isn't broken.

0
0

One IP address, multiple SSL sites? Beating the great IPv4 squeeze

DaLo
Silver badge

Re: Doesn't a proxy defeat the purpose?

"The encryption/decryption load, though, can be very significant once you swap to HTTPS"

[Citation needed]

I'll give you a head start https://www.maxcdn.com/blog/ssl-performance-myth/

6
1

Sports Direct hacked last year, and still hasn't told its staff of data breach

DaLo
Silver badge

"We cannot comment on operational matters in relation to cyber-security for obvious reasons"

Errr, why not? It's not like anyone needs to know that they are still running an insecure portal and it is still vulnerable to attack but they can easily comment on the incident and the lack of staff communication, for obvious reasons.

9
0

UK uni KCL spunks IT budget on 'reputation management' after IT disaster headlines

DaLo
Silver badge
Headmaster

Re: really?

But how many arrays were they running? If they were using a Redundant Array of Independent Disk Arrays the question has to be asked whether the individual Array were also redundant, i.e. was it a Redundant Array of Independent Disk RAIDs or a Redundant Array of Independent Disk non-Redundant Arrays?

Or is it just a bad case of RAS Syndrome?

4
0

Chrome 56 quietly added Bluetooth snitch API

DaLo
Silver badge

Re: re: the API lets websites ask your browser “what Bluetooth devices can you see,”

You don't need to pair with a device you see it but you may need to pair with the device to read any information or communicate directly with it (depends on the security settings of the device).

This is most likely to be used for Bluetooth LE devices which often don't require traditional pairing or authentication.

1
0

This many standards is dumb: Decoding 25Gb Ethernet and beyond

DaLo
Silver badge

Re: cat-8?

"WTF happened to cat-7?"

It's was only ever made available for Window 9

8
0

GitLab.com luckily found lost data on a staging server

DaLo
Silver badge
Facepalm

Re: +-

I guessed what they were trying to imply but the ± doesn't mean that when placed before a number. It was more a precursor to set up the Space Odyssey/HAL reference rather than an actual question.

Sorry the Register font doesn't support the Rhetorical Question Mark.

3
0
DaLo
Silver badge

+-

"±4979 (so ±5000) comments lost"

What does that mean? Does it mean they may have either lost or gained 4979(/5000) comments. It would be interesting to see the comments that were gaines - something like "I'm sorry Dave, I can't recover any more data for you as you appear to have no viable backups", "Sorry Dave, I can't allow you to do that"

7
0

So, the new font, then

DaLo
Silver badge

Re: So, the new font, then

Arimo

Arimo was designed by Steve Matteson as an innovative, refreshing sans serif design that is metrically compatible with Arial™. Arimo offers improved on-screen readability characteristics and the pan-European WGL character set and solves the needs of developers looking for width-compatible fonts to address document portability across platforms.

1
0

Google's Chrome is about to get rather in-your-face about HTTPS

DaLo
Silver badge

Re: Cult of useless HTTPS

How would edge caching be equivalent to "... that of a stoppage on the trains driving millions of commuters into cars."

I have seen very few using a proxy with caching where they don't also use DPI and company trusted certs anyway.

0
0
DaLo
Silver badge

Re: Double agenda?

At the moment the current build (56) of Chrome will only mark your site as not secure if you go to a page which asks for a password (input type-password) or it detects a field asking for a credit card number and you don't have https on either the parent or any sub frames (including iframes). The article is a bit misleading.

It is slated that it may implement it at some time n the future (I heard October) for all sites on all pages if not secure.

To see and example of the browser bar warning if using chrome look here (http://http-password.badssl.com/)

3
0
DaLo
Silver badge

Re: Cult of useless HTTPS

"The cost of that, in terms of loss of cacheability, is akin to that of a stoppage on the trains driving millions of commuters into cars. Why is a site whose contents are public imposing that cost on the 'net?"

"I agree on the caching problem."

"Caching is a problem"

What caching problem? HTTPS pages and resources are cached like normal.

1
0
DaLo
Silver badge

Re: Double agenda?

Certificates are for encryption and authentication.

Self-sign certificates just provide a level of encryption. They are not secure on a public internet and provide no authentication.

Why would you need them anyway, wildcard certificates are cheap and free certificates are available.

The trusted root does have to be trusted for sure, but you can revoke trusted roots yourself, however if they screw up then they can lose their whole business if they are deselected by top browsers.

Saying a site is 'not secure' is just stating a fact. So if it asks you to send any data in a form field or it is hosting content that you may not wish to be associated with the it is a reminder. As more sites are going TLS then you start to accept it and gloss over unsecure sites.

Just remember that an unsecure site will also be receiving a lot of data about you that could be intercepted or could have any amount of malicious code injected into it.

1
0

Marketing company leaks 17,000 recorded phone calls, many with credit card numbers

DaLo
Silver badge

Re: My insurance broker

PCI compliance has made call recording of full card information verboten for a long time. There are plenty of guidelines and policies available to work around it and still have call recording but to suggest it wasn't thought about is completely wrong.

The standard case is that if you take card details over the phone then you must not call record without protection measures. These measures are usually based around stopping or masking the card information whenever the details are being input by the operator.

Some will ask a caller to enter their card details on a phone keypad and then intercept the DTMF signal, mask it but send the real card number directly to the application, others will pause call recording whenever the operator is on the payment screen or in the credit cards fields box, others will direct all card calls to another extension which is not recorded.

However PCI DSS does not allow call (even with encryption) call recording of full card details (number and CSV) at all. It is likely to be extended to back office functions in the next release as well.

1
0

Googlers reveal code they use for mass Windows deployments

DaLo
Silver badge

How would they develop and test all their Windows based products?

9
0

A deduping backup target startup going public – who'd a thought it?

DaLo
Silver badge

"...competing deduping backup array disk array targets"

Looks like some deduping needed in the article?

1
0

MIT brainiacs wrangle 2D graphene into super-strong 3D art homework

DaLo
Silver badge

Re: So... not actually a story about graphene, really?

Yes, the report states "In stress testing, graphene gyroids with thicker walls were able to withstand very heavy loads under the ram before explosively blowing apart"

This is not correct as the stress testing in the video was performed on plastic models (the lead picture also shows the plastic model).

2
0

Routes taken by UK prosecutors over supply of modified TV set-top boxes

DaLo
Silver badge

Re: Common sense.

"made of gold plated unobtainium"

Why would you gold plate unobtainium?

3
1

Travel booking systems ‘wide open’ to abuse – report

DaLo
Silver badge

Re: Scanning boarding cards

The reason is that they can claim certain taxes back if you are travelling internationally. It is just to allow them to make some extra money and no other reason, not required by law unless they are selling you duty free goods at a discounted price.

But, you are right the person on the till is usually just trained to require the boarding pass for every passenger - if more people refused then they would stop the policy.

5
0

Apple sued by parents of girl killed by driver 'distracted by FaceTime'

DaLo
Silver badge

Re: Stella Awards...

Wow, that's amazing, it'd be even more amazing if it was actually true.

Rule #1 Don't believe things you read on the internet

12
0

Programmer finds way to liberate ransomware'd Google Smart TVs

DaLo
Silver badge

Re: Best reason yet

Or best reason not to download an app called "free movies 4ever - legit !!!11"

32
1

Support chap's Sonic Screwdriver fixes PC as user fumes in disbelief

DaLo
Silver badge

Re: First Line

I presumed it was actually meant to read "the user had to sign off on every job" - as in the user had to agree the job was completed to their satisfaction. It was probably first line that they sent around to collect the signature.

10
0

MH370 hunters call for new search of extra 25,000km2

DaLo
Silver badge

Re: Scary - DaLo

'There is no "radio reflector," it's a radar reflector'

This device doesn't yet exist so it is not anything. i presume you weren't saying that a radio reflector can't exist? As they have been around for many years, my ski clothing has one called "Recco" which changes the harmonics of a radio signal so that it reflects back a specific signal at a certain wavelength.

Whether the battery goes out is not an issue, it just needs to transmit a long wave signal or satellite signal for a short period - even a few hours would do it, but thirty days would be even better (similar to current locators).

Even if you wanted to use a radar reflector - no need to, but you could just unfurl a large metallic net, that would provide enough of a reflection. It can also be something that can't be remotely turned off, it is only powered upon a crash into water and therefore does not have a powered state until that time.

There are many ways of doing it - I note a lot of "meh can't be done" but that seems very limited thinking. I'm sure a good university student could come up with an effective device, let alone a free-thinking aircraft or other engineer.

The issue is just that the locators at the moment are useless underwater, get a device to float on top of the water and you have a much better chance of finding the downed plane. In the past it was never felt to be necessary, due to the types of crashes, recent events over the last few years have shown that it would be very useful and might have saved a few hundred million in search costs.

1
0
DaLo
Silver badge

Re: Scary - DaLo

Nope, I mean a floating device that gets ejected only when the plane goes underwater. The problem with the standard beacon is, as in the case of the MH370, you have to have a good idea of a location to start with and trawl with a boat to find it.

A combination of a flashing strobe, passive radio reflector, trail of dye and an active transmitter would work fine.

1
0
DaLo
Silver badge

Re: Scary

As a few planes have crashed into the ocean and there is a lot of ocean in the world, how about a small robust locator which automatically ejects and floats on the surface via a mechanical pressure switch that activates after 10m of water pressure?

Simple tech, quite easy to retro fit, problem solved?

1
0

OpenStreetView? You are no longer hostage to Google's car-driven vision

DaLo
Silver badge

Re: As good as if not better than Google Maps?

Yes of course, but this would be a collection of data in an open-source manner which would could then be assigned a necessary CC or other licence. The facts themselves - in so far as "the post code for 33 Acacia Avenue is AA1 1AA" is not, I presume copyrightable and so could be crowd-sourced?

Either way, my main point was that postcode to WGS data is available, even for commercial use free of charge using code-point open from the Ordnance Survey so I'm not sure why I've been downvoted.

1
0

HPE storage meltdown at Australian Tax Office lost no taxpayer data

DaLo
Silver badge

Re: so many eggs and only one basket?

"3. "Unique set of circumstances never experienced before in the whole world" aka no-one else stupid enough to architect anything similar."

And yet Kings College London had a suspiciously similar issue very recently with HP kit (presumed 3par)

http://www.theregister.co.uk/2016/10/31/a_fortnight_of_woes_gone_and_a_fortnight_to_come_as_kcl_outage_continues/

2
0

Page:

Forums

Biting the hand that feeds IT © 1998–2017