* Posts by Mark Randall

43 posts • joined 20 Mar 2007

hiQ prevails / LinkedIn must allow scraping / Of your page info

Mark Randall

Re: It's public

You, apparently, have difficulty understanding the rights of a private company to set limitations on what its server resources are spent on.

Mark Randall

Okay... this is just plain stupid...

Are the courts claiming that a private company has the legal right to access the server resources and database of a third party in a way that the third party clearly states is against their ToU?

And they're getting away with it because that company built a business on breaking that ToU?


Re-identifying folks from anonymised data will be a crime in the UK

Mark Randall

IP Addresses

The IP address stipulation is moronic.... exactly like you'd expect from this government.

If someone accesses my servers for whatever reason, a legitimate right exists to retain the source used to connection from, and share and process it as necessary.

SHIFT + F10, Linux gets you Windows 10's cleartext BitLocker key

Mark Randall

Re: This, because we can't overwrite files that are in use.

If the laptop was cold when this happened, it would still be secure, as you could not boot into the operating system to allow it to start the update process. The master key is usually only exposed when the system is fully booted.

If the system is turned on at the time, it's different.

Mark Randall

Re: This, because we can't overwrite files that are in use.

Your disk is not actually encrypted using your password... Your disk is encrypted with a symmetric encryption key, that key is then encrypted again, and then your password encrypts THAT key.

When bitlocker is disabled, the symmetric key used to unlock the disk key is stored in plain text in a special partition on the boot. This allows it to unlock the drive without your password, until that key is then deleted.

It's a fairly terrible oversight... Here's MS's own technet article:

"Exposing the drive master key even for a brief period is a security risk, because it is possible that an attacker might have accessed the drive master key and full drive encryption key when these keys were exposed by the unencrypted key."

Three certainties in life: Death, taxes and the speed of light – wait no, maybe not that last one

Mark Randall

So we either have inflation... which would allow communication between primordial space and allow the flattening out of the background radiation...

Or we have the speed of light changing, which would have to have completely reduced itself to zero since, or low enough to be completely unmeasurable despite v = c / lamba being able to cause massive interference patterns at the slightest change

ARM: Hold my beer, we'll install patches for your crappy IoT gear for you

Mark Randall

Re: Hey, really neat!

You must be wholly unaware of this "code signing" thing.

You could completely own the update servers and as long as the device has a proper public key and strong hashing algorithm embedded (2048 + SHA2) in it you can easily verify origin and therefore reject unsigned or badly signed updates.

Breaking into a website is one thing... but somehow getting a properly secured offline HSM (Hardware Security Module) to either cough up its keys or sign your malware is another thing entirely... if you can do the latter, the NSA probably has a job offer for you.

Sky fibre down at breakfast-time across the nation

Mark Randall

It's not just their fibre, their entire network seemed to go down around 4am. Packets would reach the first Sky hop and then die a death.

Fortunately I was able to use my phone to tether to O2 and keep working.

ROBO-TENTACLE with mind of its own wields deadly electrical power – turns on Tesla car

Mark Randall

Was thinking about this the other week

Was thinking about this the other week while inflating my car tyres at the local Tesco and I was wondering to myself how long it would be until we had cars and services where you could simply pull up beside a pump, and not only would it locate your fuel filler port and fill up the tank by itself, but it would also locate your tyres and inflate them to the relevant pressured based on some kind of QR code, and maybe there would even be a small secondary port next to the petrol inlet, which could be used to automatically top up your wiper fluid and antifreeze at the same time.

WHY can't Silicon Valley create breakable non-breakable encryption, cry US politicians

Mark Randall

Re: But what about...

Sorry for double post, that should be:

ByteCount(RSA(SessionKey, NSA-Public)) + RSA(SessionKey,NSA-Public) + AES(PlainText,SessionKey)

Basically whatever you need to know how much of the payload is the RSA key.

Mark Randall

Re: But what about...

The same way he would now.

You encrypt the stream using a session key, but you'd also have to send the session key in the clear (of the encrypted stream), but encrypted using the NSA public key.

ByteCount(AES(SessionKey, NSA-Public)) + RSA(SessionKey,NSA-Public) + AES(PlainText,SessionKey)

That way you can capture the packets, decrypt the session key with the NSA private key, and read the contents of the original message, the two endpoints having already established their shared secret state box and thus being able to decrypt it themselves.

Kinda the same way as multiple recipients works; you encrypt the sole session key with the recipients public keys, one message, multiple people able to unlock it.

Mark Randall

But what about...

I'm going to go out on a limb here and point out that it's quite easily possible to create this sort of encryption.

It would involve sending the decryption key along with the data, but encrypting it with the NSA's public key.

Of course, it's still a stupid idea. If Iran / N. Korea / China is willing to spend billions on building nuclear plants then they're going to be willing to spend even more on a supercomputer plant the likes of which the world has never seen, with just the hope of factoring the global "master key".

Twitter fears big EU tech payout to pacify lawmakers over data-slurping concerns

Mark Randall

Re: This tells you why you should not have a Twitter account.

Well of course, that's the business they're in. The creating a social network is simply a means to an end.

David Cameron wants mobe network roaming INSIDE the UK

Mark Randall

Not so silly....

I'm not seeing the problem here.

The telcos are awash with cash, and your implication is that if this scheme were to be introduced, that they would suddenly all cut their already non-existent plans to carpet bomb the countryside with masts.

I suspect the entire reason they have not built them there in the first place is that it is not profitable to do so.

Let people piggyback on each other, and put in the financial incentives to force investment in their own networks. That way the consumer is not being kicked in the nuts because they don't have £75 a month to spend on buying 3 SIM cards.

Google swaps out MySQL, moves to MariaDB

Mark Randall

MariaDB works well for me

I've been using MariaDB over MySQL for about 6 months now in a production environment and it has worked flawlessly. Couldn't be happier with it, and it has a nice multi-master clustering option called Galera that we might be putting in place soon too.

Unreleased Lady Gaga songs nabbed in audacious hack

Mark Randall
Thumb Down


I am profoundly disappointed this article doesn't carry a NSFW tag and copies of the aforementioned pictures of Ke$ha =(

Has CERN made the VATICAN ANTIMATTER BOMB for real?*

Mark Randall

Good Video

I'd like to throw up the following video from UC Berkeley and their fantastic video repository for anyone else interested in this topic. The video, Angels & Demons The Science Revealed is really quite informative - especially about the energy needed.


Prepare for antimatter bananas.

Microsoft to embrace and extend HTML 5?

Mark Randall


Interesting thought - but you managed to completely miss the obvious.

OS share has *very little* to do with it... or do you think if Windows ceased to exist that Flash would disappear overnight? Of course it wouldn't.

There is so much in-fighting over standards groups that I like the idea of, as well as a set of firm standards for HTML5, that there is also a more frequently updated option... provisions for cryptography, cross-domain ajax calls, dynamic security policies etc.

Mark Randall


Thinking about it as a programmer is a no-brainer for me.

Getting most the world to upgrade to IE9 vs a few seconds to install Silverlight is an easy choice, it's going to be 10 years before most people are using IE9 and silverlight adds much that HTML5 as standard doesn't.

Microsoft bod scoots over to BBC iPlayer job

Mark Randall

New iPlayer

I imagine I will get used to it, but I much preferred the former iPlayer front page layout, I think it provided a lot more choice in programming in a quicker to digest way than the new page.

Short passwords 'hopelessly inadequate', say boffins

Mark Randall

Online Attack

Having things such as increasingly powerful graphics processors you can run CUDA crunching on is all very well and good, but kind of irrelevant in the context of web based attacks.

Consider a password which may be between 1 and 6 characters long, alphanumerics, giving a total of around 2 billion options, lets take another mathematical shortcut and ignore the missing digits from the smaller numbers and lets say that each option tried is 6 digits... so for each check you've got 6 digits, lets add 250 bytes for a decent sized HTTP POST header and presume that you're also going to need to send a 10 character login name and, while were at it, the fields will need to be identified so 'user=' and 'password=' add another 14.

That brings it to about 270,000,000,000 bytes to transfer or about 250 GB of upload to the server.

Lets presume that in order to know if you've succeeded in logging in or not you're going to need to receive the response, and for the sake of argument lets say your average webpage being about 15k totalling an additional 28 TB of bandwidth.

So all told you're talking about 28 TB of bandwidth to check all of the 6 character passwords for one user.

Now the question is, if you maxed out the bandwidth of a moderately sized server of the kind you may wish to attack without alarm bells going off all over the place due to the expensive DDoS and IDS protection you find on larger sites.. so let's say that's 10 mbyte/sec... about 3 million seconds to test them all or 30 days.

Using the assumption that somebody wouldn't noticing you sucking up 100% of their bandwidth for an entire month you then have to consider the poor server trying to check all of these details - running a password attack on an offline is all very well and good... but what is a server going to think when it's having its CPU burnt up by handling billions of extra page generations in ASP or PHP or whatever it may be.

Anyway, in summary, it is true that longer passwords are needed... but when you're dealing with websites, how many you can shove down the pipe to be processed by the server is much more important than how you generate the passwords in the first place.

Government opens public spending database

Mark Randall

Converted "CSV"

Ran the 09-10 file through PHP, converted to ASCII, ripped out any NULL fields (which accounted for most of the file) and put in CSV with double quoting.

Reduced to 23MB (1.8GB Uncompressed) which is small enough to be opened in excel = http://host.awportals.com/coins/facts_09-19.rar

Gotta do some other work but I'll see about rationalizing it and entering it into a MySQL DB.

Mark Randall
Thumb Down


Nice of them to put it in UTF16, making it much more difficult to parse in PHP and enter into a database.

Would UTF8 or ASCII reallllly have been that difficult?

Microsoft to extend Silverlight for Mac?

Mark Randall

COM Bomb

As a programmer, I hate COM in ways that are not suitable for publishing. But it is perfectly sensible to include it in SIlverlight, just as they included it in PHP.

You wouldn't stop people from using sounds in Silverlight just because some people don't have speakers, if people want to make offline silverlight apps capable of leveraging pretty much the whole OS then why not let them. If Mac was to develop a single unified model for all of their OS features I'm sure MS would include that to - as it's in their best interests.

So yeah, let them use it... why complain about a helpful feature. Are the Mac people really going to complain that they can't use a SL component built on COM to control their IIS server, even though they don't have the COM components to control and IIS server? Etc.

Times websites want £1 a day from June

Mark Randall
Big Brother

End of the Times

Well, I have to say that I often enjoy reading the odd article on The Times website, but charging £1 a day for it - for casual readers that's £1 per article... is absolute insanity. I agree with the above statements that £104/year for the news most of which can be read on the BBC for the cost of the license fee shows just how out of touch news corp has become.

'The LHC will implode the Moon or PUT OUT THE SUN'

Mark Randall


All perfectly valid points - but I was actually considering the matter from a theoretical standpoint of a black hole at rest. There are a few things you may wish to consider though:

1) 15 TeV is the energy of individual proton collisions - not the entire beam. There is the possibility that the whole beam would be deposited through the singularity in less than 100 microseconds.

2) You presume that nothing but the singularity is stationary - this is not the case. Consider the enormous heat underground - Once you get to the mantle you're talking between 500 and 1000 Celsius. That is a *lot* of kinetic energy moving a lot of very dense matter about - significantly increasing interceptions with the event horizon.

3) Even beyond the event horizon there are forces which would accelerate additional matter towards the singularity.

So yes, while your points are well taken, and while I do not think that the LHC is going to implode us, the sun, or anywhere else for that matter... I do think there is a lot more theoretical discussion to be had on the matter.

Mark Randall
Dead Vulture

Black Hole Implosion

Eating the Earth in a few years? I think not.

A black hole located at the centre of the Earth would swallow the entire meaningful planet in less than an few hours if it didn't evaporate... So long as it has an event horizon matter would fall into it under the force of the planets own gravity... that collapse would happen now if it wasnt for the pressure of the inner atoms repelling the ones higher up against the force of gravity...

If there was an event horizon there would be no atoms able to affect an opposing pressure, the whole planet would fall towards the centre and pass through the event horizon unopposed... Even if the mass of a black hole did not increase as more matter fell into it, the whole earth would soon be going bye bye as the effect of its own gravity being centred at the core would accelerated the contents of the planet towards the black hole.

By the way El Reg, if you wanna advance the cause of science, start linking to Richard Muller's PFFP.

E-book readers attract unwanted VAT

Mark Randall

Geek Joke

The EU is more than capable of determining the square root of minus 1.

After all - their accounts are full of imaginary numbers.

Is data overload killing off human initiative?

Mark Randall

Metal Gear

Correct me if I am wrong, but didn't Raiden and Solid Snake already stop this mass deletion by destroying Arsenal Gear in Metal Gear Solid 2?

HTC Touch Diamond 2

Mark Randall
Thumb Up


I've now got this phone on O2 and I have to say after jumping into the windows settings and tweeking a few things it is a delight to behold and use.

The multiple input options offered by Windows Mobile are good, and the screen is big enough to use the transcriber input well. Failing that you can always use the old 3 by 4 on-screen input method.


Performance is good, can be improved slightly by disabling Touch-Flo but the TF3D interface is pretty snazzy.


Camera time of 7 seconds is only first load, you can just keep it running as a background task, it is true it does take a few seconds to take a picture when you have automatic focus on but it does give you good quality snapshots.

Lack of flash is a bit of a downside though.

Has good software features and configuration options such as the touch focus and optional back light and shutter sounds. Not too good on the effects aspect with only Grayscale, Sepia and Negative available.


Has lots of decent applications installed by default including the mentioned Google Apps, and the GPS is quick to pick up.

Choice of Opera or IE is good, although installing Flash add-ins for Opera is going to cause you a few headaches.

Having Mobile Office is also a handy thing to have about when you receive documents as email attachments on the go and would previously have found yourself without a way to view them.

The phone dialling interface does its job although you can occasionally go clicking on peoples names or such expecting a menu and instead finding yourself calling them immediately leading you to tap like a madman at the end call button - a confirmation here would have been useful.


If you're wanting to get one of these phones you'll also want to invest in a MicroSD card, I just paid £17 for an 8GB class 4 card off eBuyer and the phone is much better for it.

The TF3D media player is not much to look at but that is no problem as you can turn it off and use the Windows Media Player with ActiveSync to play your music with a lot more freedom.

The included YouTube app is strange, as it finds videos in a different way to what you would get if you did a search on the website, often missing the ones you're after.


* No flash

* No vibrate on key click when connected via USB

Facebook downplays eternal user data grab

Mark Randall

Backed Down

" A couple of weeks ago, we posted an update to our Terms of Use that we hoped would clarify some parts of it for our users. Over the past couple of days, we have received a lot of questions and comments about these updated terms and what they mean for people and their information. Because of the feedback we received, we have decided to return to our previous Terms of Use while we resolve the issues that people have raised. For more information, visit the Facebook Blog."

US House OKs Obama's IT stimulus

Mark Randall
Thumb Down

Ahhh Republicans

They will never learn.

EU says Microsoft violated law with IE on Windows

Mark Randall
Gates Horns

So there is still that one question to answer...

If they don't have a browser installed as standard ...

... how exactly are they going to download a new browser to use?

Showdown over encryption password in child porn case

Mark Randall


I wonder how long before the CIA starts water-boarding him to get him to give up the information.

If he is guilty then he should be locked up for a long time, but it seems at this point they have no evidence.

Academics slam Java

Mark Randall


I kid you not we have just had a 12 week course on... Haskell.

Talk about a massive waste of tuition fees.

Facebook faces UK data probe

Mark Randall

Doing Business

However, if they do any business in the UK / hold assets then the data protection laws may very well apply.

Reg Standards Soviet defines temperature, force and weight

Mark Randall
Gates Halo

Unit for Large Weights

Have you considered formalising the " Merican " unit for large weights? Equivilent to 150 kg, 300 paris hiltons etc.

Sun grabs patent for magneto-hydrodynamic heatsink

Mark Randall
Thumb Up

The Hunt...

And if you datacenter goes under, you can always salvage the components to create an undetectable nuclear submarine.

BOFH: You think you know a guy...

Mark Randall


Another shocking cliffhanger to the BOfH...

In the next episode:

Will the PFY find himself strapped to a chair?

Will the boss ever finish his powerpoint presentation on time?

Will Simon remember to recharge the cattle prod?

None of these questions, and more, answered on the next episode of...


:O :O :O :O :O :O

Open sourcers rattle EU sabre at BBC on demand player

Mark Randall

WMP vs RP.

Here we go again.

To be quite honest I would use WMP absolutely EVERY time when given the choice between it and the memory hogging, resource eating, so-slow-its-practically-unusable Real Player.

Oh noesss some open-platform fundamentalists want us to have a choice. I couldn’t care less about a choice in this regard, WMP works well, RP doesn’t.

US nuke boffins rubbish polygraph testing

Mark Randall

Good morning Mr. Rist.


"Good morning Mr. Rist, can I get your first name please?"


"Yes, my name is Tiror."


"welcome to the DoE offices, this is just a short meeting to check your suitability, now please... don't mind the men attaching electrodes do your head, or the heavily armed men ready to take you to Guantanamo bay if you should fail this test.."

<short pause>


"Are you ready?"




"I understand you have a PhD in nuclear engineering, which University was that from please?"


"My degree from The Qaeda Valley university, very good, we do many practical experiments. Excellent mail order degree. Register today get free caesium."


"Excellent, and how long did you study there?"


"4 year, many field trips to Pakistan. Much fun."


"Good Good. Now, sorry I have to ask you these but its just because of the job you understand... Have you ever wished to harm Americans?"


<pause and frown> No.


<looks at polygraph> "Mr Rist?"


"Well, yes. But who hasn’t? Ha Ha! Some people so rude I want to just cut off their heads, you know? Traffic awful, guy crashed into my car on the interstate, I punched him right in the face, just like that. Ha Ha!"


"Yes well, truthfully we all want to do that every now and then. Now, could you tell me if you have any links with terrorism"


"Oh yes. Many. My landlord, big terrorist, always shouting to scare young children. He should be locked up"


"So you are not tied to Bin Laden in any way?"


"Tied? No no. I tied to your machine, you see? But Bin Laden, no, he very far away".


"Finally, Id just like to ask you about your religious background. Could you tell me a little about it please?"


"Oh yas. I love peace. Peace is very good, we should thank God for it. God is great. God is great."


"Excuse me?"


"Oh sorry, Ha Ha! I am Christian, but I sing no good so no gospel for me. But I say God is Great!"


"Okay thats excellent then, well, this polygraph has shown no problems so here is your Level 5 access codes to the reactor core, and your keys to the waste storage room"


"Thankyou. Thankyou so much. I look most forward to working here. Ha Ha!"


"Always good to have another peace loving American".




"Thanks for coming. Now if the guards will kindly take Mr. Tiror Rist down the hall to fill out the paperwork we shall look forward to seeing you at work first thing Monday"


"God is Great!"

Utah backs calls to boot porn from Port 80

Mark Randall


.. The US Government plans 'operation ICANN(OT)' requiring ICANN to terminate all non-US hosted hosting providers TLDs if they are suspected of carrying anything more sexually appealing than a picture of Prince Charles.

... So that’s practically everything then.

'Bloody foreigners' is racist taunt, say Lords

Mark Randall

Coming up in the Queens speech..

"My government will take steps to detain and imprison for 90 days without trial all those either suspected or confirmed to believe or express that either the French are surrender monkeys, that the Spanish should stop being lazy, that the Germans really do love fighting wars, or that the Italians were better in roman times.

My government will take steps to ensure that these foul people are imprisoned for the rest of their natural life never again to speak a bad word about those countries which this great nation spend the last thousand years waging war with."

-- HRH The Queen


Biting the hand that feeds IT © 1998–2020