* Posts by Michael Heydon

22 publicly visible posts • joined 19 Oct 2007

Microsoft now licensing Windows by the user, across multiple devices

Michael Heydon

Re: does this fix anything?

>concurrent users or named users - the former would be equivalent to RDS (terminal services) licencing

Pretty sure that's not correct, RDS CALs are for a named user.

>BUT what's this diagonal screen size thing? A Tablet whatever the size of screen is either going to with Windows installed or it's not (and probably licenced)

It's Windows Enterprise, it's pretty much only available as an upgrade. They are assuming that under 10" screen either already comes with Windows installed or if not, it isn't worth worrying about. Over 10" and you are getting into something that might reasonably replace a desktop and may not have come with Windows pre-loaded, they want to pay for an eligible license to upgrade to Enterprise.

EBAY... You keep using that word 'ENCRYPTION' – it does not mean what you think it means

Michael Heydon

Re: Sigh ...

>Also some systems, banks for example, ask you to enter the 3rd and 7th characters of your password. Again this isn't possible with a one way hash

How does this system of making you enter the 3rd and 7th characters improve security or convenience over having you just enter your password? Most people know their banking password, but I suspect a great many would need to at least count on their fingers if not write it down in order to find the <x>th character. It doesn't seem like this sort of system offers enough benefits to warrant crippling your hash algorithm to make it work.

Spooks vs boffins: MIT bods say they've created PRISM-proof encryption

Michael Heydon

Re: Wouldn't work in the UK

That's not how hidden partitions work.

Both the decoy and hidden partitions use the full capacity of the hard disk. When accessing them normally you must provide both sets of credentials so truecrypt can ensure that the two partitions don't both attempt to use the same blocks on disk. If you get pinched, you give up the password for the decoy partition and forget about the hidden one. With only one set of credentials truecrypt assumes there is only one partition and allows it to use the full disk.

I think there are some smarts so that when accessing the hidden partition the decoy credentials are automatically available so you don't need to type them yourself, going the other way obviously you need to type both.

Rorschach test suggested as CAPTCHA replacement

Michael Heydon

"Of course, if a user failed the challenge, the system would merely generate a new password, as would be the case today."

That seems to imply that if you get it right then you can get into your account without a password reset, which suggests they will tell you your old password, which means the passwords are being stored in plaintext or using reversible encryption, in which case there are probably one or two other things they should be fixing before messing around with ink blots.

Startup claims 1W wireless charging at 10 metres

Michael Heydon

Re: More than 100W

Microwave ovens work by dielectric heating. Nothing to do with resonance.

The resonance frequency of water vapour (liquid and solid don't have one) is >10GHz.

Vulture 2 trigger triggers serious head-scratching

Michael Heydon

Re: arduino based?

The problem with this (as was pointed out in the article) is that the pressure sensors that work at that height are rather fragile at ground level. The one you linked only works to 9,000m, they are aiming for a touch over 30,000m.

Also, I think you mean uC rather than PIC.

Megaupload kingpin found in panic room when arrested, say cops

Michael Heydon

I got my NZ firearms license early last year and while they do ask about any previous convictions, I got the impression that it wasn't necessarily a deal breaker (I don't have a criminal record so I can't be sure). The interviewer mentioned at one point that you had to screw up fairly severely in several ways before he would automatically reject your application.

Oz rail company sold USB keys from lost property in auction

Michael Heydon

You're forgetting about wear leveling. In order to prevent one area of flash from being continually written to, causing it to die before the rest of the disk, the controller will move data around in the background. Without knowledge of the wear leveling algorithm or low level access to the flash chip you can't know that all blocks have been overwritten.

Also re: "data can be read from lower layers of the disk", military standards require overwriting magnetic disks multiple times, but so far no one has been able to demonstrate the ability to read data after a single pass of random data. It may be possible with a big enough budget, but it hasn't been done yet (at least, not by civilians).

Hackers pierce network with jerry-rigged mouse

Michael Heydon

Yes, it will

"...programmed to wait 60 seconds after being plugged in to a computer and then enter commands into its keyboard that executed malware stored on the custom-built flash drive snuck into the guts of the Logitech mouse."

That's not to say that a different attack might only send key strokes, but this one used an external drive that is easily blocked.

Silicon Valley hypegasm for miracle shoebox powerplants

Michael Heydon


Maybe Canada is different, but down here in Australia 3-4 breakers of 10-15A each is fairly common.

Fix finalized for SSL protocol hole

Michael Heydon


SSLstrip doesn't rely on any weakness in SSL. The attack operates on the non-SSL http session that occurs prior to the user clicking a link that will take them to an SSL protected session.

If I open a browser and type "https://gmail.com" SSLstrip won't be able do anything. If I go to "http://google.com" and click on the mail link then it might work, but it will do so by modifying the data I received in the initial, unencrypted connection.

Bloggers howl after conference snoops on 'secure' network

Michael Heydon


Maybe things have changed with WPA, but I was of the impression that anyone could capture the encrypted traffic even if they aren't associated with the AP and anyone with the PSK could then decrypt it.

Since anyone who asked could find out the key, the network could hardly be considered "secure" regardless of what the organizers did.

Big boost for Aussie firewall

Michael Heydon

Don't be too quick to pick on optus (or to change ISP)

Don't assume that because Optus is taking part in the trials that they support the project.

You can bet that there will be a few mum & pop ISPs in the country who would be quite happy for this to go through. It would have a minimal effect on them since they probably only have a few dozen customers and it will mean little Timmy will grow up in a world full of flowers and rainbows. Do you really want these people to be the only ones who get to comment on how well the filter works?

iiNet made it clear from the outset that they intended to participate in order to show how hopeless the filter would be. It is quite possible that Optus have similar plans.

For similar reasons, customers shouldn't change away from Optus because of the trial. There will almost certainly be a few people who are pro-filtering who are involved in the trial. They will come forward and say that they didn't notice a significant speed difference and that they felt much safer. We need to make sure that the other side is represented as well. We need people involved in the trial who are going to come out and show what is wrong with the proposal.

Speeding Oz teen may face 'gorillas in the mist'

Michael Heydon


>Last time I checked, unless a possession was ill-gotten, property is guaranteed by law.

>You break that and you took away one of fundamental rights and opened a Pandora's

>box full of abuse.

Not true, Australia has recently brought in "anti-hoon laws" which allow the police to confiscate and sell the cars of repeat offenders. I'm not quite sure this chap would qualify (there are rules about which offenses count), but he must be close.

Indian Moon mission is go for 22 October

Michael Heydon

Re: How come

"Space" in this context doesn't mean "no longer affected by gravity" it is simply a boundary where the atmosphere ends and space starts. The satellites that are currently orbiting earth would fall quite quickly if they were to slow down too much.

So while some planes might be able to come close to the point where they are considered to be outside the atmosphere, they still need *a lot* more kick to get them into orbit let alone break free of earth altogether.

Also, once you are outside the atmosphere jets stop working so rockets are your only option for high thrust propulsion. Even if you use a plane style launch to get to the upper reaches of the atmosphere, going any higher means rockets. And once you are running on your rockets, why bother keeping the jets around? Far more efficient to use a carrier plane ala spaceshipone.

Be the first millionaire on your block to go Tiltrotor

Michael Heydon

RE: What happens if........

I'm fairly sure you can power both props from one engine.

If one of the props failed, well you are still better off than if you were in a helicopter with a failed rotor and probably no worse than in a twin engine plane with a failed engine.

eBay forces Aussies to use Paypal

Michael Heydon

COD doesn't need to be in person

A minor detail, but COD doesn't necessarily mean you have you have to pay when you go to pick it up.

Australia post offers a COD service where you post something and the recipient has to go to the post office and pay to collect it. The sender then goes to the post office and collects the cash.

AI prof: The robot terrorists are coming! Aiee!

Michael Heydon


He was a kiwi actually.


Samsung laptop battery burns

Michael Heydon


"Try touching both terminals of a car battery. You will let go pretty damn quick!"

Um...I don't know about you, but I have done this numerous times with no ill effects.

Just last night I was messing with some central locking gear and was holding wires onto a spare car battery for testing, on the weekend I was fitting spot lights and was holding onto the body of the car while holding a wire onto the +ve terminal, couldn't feel a thing.

Drunken Indian elephants take on electricity pole

Michael Heydon


Actually Tesla was the primary advocate of AC power. He was partnered with Westinghouse who was the one Edison was competing with.

The inventions that were "lost" include fluorescent lighting and microwaves.

Watson suspended by research lab after race row

Michael Heydon

@Building the aqueducts?

Heard of "The Pyramids"? You know big things? I think there might be something to do with the 7 wonders of the world in there.

Erratic fleshies sabotage, wreck innocent flying robot

Michael Heydon

camera/fuel control

My interpretation of the article is that the second console was never intended to fly the drone except in emergencies. 99% of the time, the controls should be used for driving the camera/radar/etc. Having a separate control for fuel flow on the camera console would be a waste of space.

In an emergency, the camera console can take over the piloting role in which case all of the conveniently located camera controls take on a new meaning.

To all the people who are comparing this to brakes and windscreen wipers, I think its closer to having a video games console in the passenger seat, if the steering wheel were to fall off or the driver to pass out, the video game controls can take over the car and what was "jump" is now "brake".