Re: "third of a milligram"
Comparison... nRF24 radio chip loved by some Arduino users (without PCB, antenna, etc) is apparently 4mmx4mmx0.95mm... assuming the density is identical to Si and I can do the maths, then it weighs 35mg.
Posts by nagyeger
237 publicly visible posts • joined 2 Feb 2008
I've seen things you people wouldn't believe. Light-powered nanocardboard robots dancing in the Martian sky searching for alien life
Google pre-pandemic: User-Agent strings are so 1990s. Time for a total makeover. Google mid-pandemic: Ah, we'll reschedule to 2021
Tuesday 21st April 2020 14:44 GMT
Re: programmatic ad systems rely on browser fingerprinting to fight ad fraud
I don't know how much it actually protects anyone, but you can pretend to be a good citizen and report the address at https://www.abuseipdb.com [other blacklists exist]
If they're script kiddies from China, there may be a chance they'll actually loose some social credibility or whatever the term is for pretending to be imperialistic money grabbers.
Tuesday 21st April 2020 13:00 GMT
Re: Feature detection is already possible
Alternate suggestion:
some reputable site(TM) like canIuse, or even W3C defines a (yikes, horror!) BITMAP of features for each relevant feature of the different standards.
Then the your new broswer CrystalBall sends "HTML3.14 CSS2 CSS4=#ffff7ffffffffffffff0" meaning that it can do everything in HTML3.14 all of CSS2 and most of CSS4 including the new 'rotate the user in hyperspace' functions, but that echo location and all mouse actions except squeek have been disabled (the cat is currently pinning it down).
Browser makers can then say 'supports CSS4 to all 256bits!'
It's 2020 and hackers are still hijacking Windows PCs by exploiting font parser security holes. No patch, either
Wednesday 25th March 2020 12:29 GMT
Re: Aaaaaah, yes. Another security hole in Windows.
The electron, having been looked at, is no susceptible to further interrogation because someone went and observed the thing rather than locking it down and putting it in quarantine, and now there's a lot of uncertainty about were it is or how fast it's going.
NASA to launch 247 petabytes of data into AWS – but forgot about eye-watering cloudy egress costs before lift-off
More than a billion hopelessly vulnerable Android gizmos in the wild that no longer receive security updates – research
Android users, if you could pause your COVID-19 panic buying for one minute to install these critical security fixes, that would be great
Microsoft uses its expertise in malware to help with fileless attack detection on Linux
Get in the C: Raspberry Pi 4 can handle a wider range of USB adapters thanks to revised design's silent arrival
Yo, Imma let you finish, but for the 6,000 people still using that app on a daily basis ... we have a question: why?
You spoke, we didn't listen: Ubiquiti says UniFi routers will beam performance data back to mothership automatically
Thursday 30th January 2020 12:42 GMT
IP addr, location, timestamp, hosts visited
provided they really don't collect personally identifiable data
They claim to record location data, IP address, and websites visited.
Article 4 (1): 'personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
It might depend on the time-windows for their anonymisation data. If it's once / year, they're probably OK, but the data is useless. If it's once / minute, then even in a corporate settings, if I'm in the only one on the wifi network, late at night, say, they are collecting personal data about me in near real-time.
Take DOS, stir in some Netware, add a bit of Windows and... it's ALIIIIVE!
Tuesday 28th January 2020 08:04 GMT
Re: NDOS?
And for real responsiveness, did you also make a 16kb ramdisk in upper memory and put copies of all your favourite .bat files into it? I know I did. People were shocked when I could just type one command and 'immediately' I'd be in the right working directory and the program would be starting up.
LastPass stores passwords so securely, not even its users can access them
Wednesday 22nd January 2020 09:30 GMT
Re: KeePass
keepassxc (not sure about other keepassen) can merge database files if you e.g. sync them between devices with git and there's an edit conflict.
It's got a command-line version of the merge tool too, if that fits your use-case.
Caveat: It's only a 2 way merge; I think it relies on timestamps in the records to pick the latest version.
H0LiCOW: Cosmoboffins still have no idea why universe seems to be expanding more rapidly than expected
Hash snag: Security shamans shame SHA-1 standard, confirm crucial collisions citing circa $45k chip cost
Thursday 9th January 2020 20:40 GMT
File length and Multiple hashes??
Back when MD5 was first getting broken, it was reported that MD5 + file-length was much more secure (for a given value of 'much more'). But most implementations of hashes are still not bothering to record file size. It seems like a no-brainer to spend a few extra bytes to include the file size in any checksum output. I mean, in terms of data integrity, if the checksum file / metadata says it ought to be 32GB and it's actually 10kB, then I don't care what the SHA1 of the thing is, it's not the original file, stop wasting my CPU cycles.
I'd also think, not being a crypto-maths geek, that unless there are some underlying mathematical similarities I'm not aware of, identical file size plus SHA1 plus MD5 is going to make deliberate collisions much much harder.
What if everyone just said 'Nah' to tracking?
Vivaldi opens up an exciting new front in the browser wars, seeks to get around blocking with cunning code
Open-source Windows Terminal does the splits: There ain't no party like a multi-pane party
Thursday 28th November 2019 14:01 GMT
Re: Hello Microsoft!
15? Make that 25+! I had virtual workspaces with fvwm in the mid-nineties. (when RAM was about 100quid per megabyte).
Pet peeve: Why do all X11 window managers default with click to focus these days? Don't they
know the one-true system is focus follows mouse? (Focus follows eyes being a pain when you're looking out of the physical window).
Beardy biologist's withering takedown of creationism fetches $564,500 at auction
Friday 8th November 2019 19:33 GMT
Re: Darwin is still a very naughty boy ...
I once read/heard somewhere [citation needed], that fundamentalism is a social phenomenon that only crops up when the consensus shifts and the more traditionalist part of any population finds itself under attack for still holding their cherished, 'obvious' and previously-considered-moderate views. They react with dismay, and seeing the 'obvious errors' in the reformer's views and the unfairness of the accusations against them, they publicly adopt a more extreme / shouty position to try to get their voice heard. I.e. it's a defence mechanism, and shouting at them / belittling them just convinces them that they're a threatened minority and guardians of the truth.
By failing to listen to their just grievances with the status quo, you feed conspiracy theories and convince them that the other side are distorting the truth.
Scientists (justly!) get all upset when famous people (often actors or worse, philosophers..) speak rubbish about the deep quantum physics behind crystals/homeopathy/ley-lines/torturing cats or when someone with a total misunderstanding of say, speciation talks about how it can't work.
But for some reason some famous scientists think it's perfectly acceptable to go on prime-time TV/Radio slots to pontificate out of their rectal regions on theological issues with all the understanding of an attention-deficit 4 year old. And because they're famous scientists and the presenters are true-believers in the cult of the scientist, they're not challenged, and the conspiracy theorists jump up and down and say "See, see! All scientists are out to destroy truth, you can't trust them."
Which makes it really hard to sit down and have a rational discussion with people about how that particular scientist can be dumb and stupid when it comes to talking pseudo-theology, but actually does have some God-given evidence to back up his ideas about how God made this universe he put us in; or about how their preacher might be excellent when it comes to applying Scripture to modern life, but he's falling into the trap of deism when he starts promoting the pseudo-science known as intelligent design, that the awesome transcendent God is bigger than that, and anyway screaming "blasphemer!" might feel good in the pride department but, it is not obeying the command to put to death pride, malice, etc. and nor is it being all things to all people to save some.
'Peregrine falcon'-style drone swarms could help defend UK against Gatwick copycat attacks
Reaction Engines' precooler tech demo chills 1,000°C air in less than 1/20th of a second
Sod 3G, that can go, but don't rush to turn off 2G, UK still needs it – report
Friday 18th October 2019 14:45 GMT 
3g phones still available
There are still a lot of smartphones on sale around here that are 3G only, 2year warantee. I'd missed the end of 3G was getting near, but I expect there's going to be a whole heap of angry customers if they really pull the plug on 3G next year.
And then there are the phones that advertise 4G, but when you look at the specs are only FDD or only TDD, and the networks don't say what they actually offer....
Three UK goes TITSUP*: Down and out for 10 hours and counting
Father of Unix Ken Thompson checkmated: Old eight-char password is finally cracked
Thursday 10th October 2019 18:25 GMT
Re: DES
and easily swapped out with a stronger algorithm.
Pardon? Easily? I remember it as a major headache back when I was doing it in the early 90s.
But maybe you're thinking of when people started trusting this modern shared library malarkey and blithely accepting the risk of taking out every method of logging into the machine just because of a transient data error on your SCSI bus, rather than doing it the traditional way of using static linking for anything that was recovery-critical.
Boris Brexit bluff binds .eu domains to time-bending itinerary
The mod firing squad: Stack Exchange embroiled in 'he said, she said, they said' row
Tuesday 1st October 2019 14:34 GMT
Re: Is this just an English thing ?
Thee/thou/thy were always the formal version of you/your.. and were dropped when such formality went out of style
I've always heard it completely the opposite. The use of the plural 'you' for singular was the formal, like in French tu/vous; thee, thou were the intimate form, for use in the home. Use of the intimate form inappropriately could cause grave offence, denying them their power-trip, so you became the normal form. The biblical usage of thee/thou for God made people who were missing the theological point - yes, God knows your innermost thoughts, don't think he's distant - think it must be formal. The quakers insisted on thee/thou much longer than most people because they were insisting on the equality of humanity and suchlike issues.
The D in Systemd is for Directories: Poettering says his creation will phone /home in future
Wednesday 25th September 2019 15:06 GMT
I must be an edge case
I guess I'm an edge case:
1) I want my laptop to actually boot up with working wifi (thanks so much NotworkManager, for breaking this yet again), so I can ssh into it.
2) I want my laptop to boot up with properly mounted user directories so that that cron processes can run.
3) I want my laptop to display all those debug messages while it's booting, so I can SEE why it's taking longer than normal.
4) I don't expect init to ever cause a SEGV and kernel panic (every other time I log out of X, some days)
5) I want to be able to run stuff on another computer and have the results on my display, like, urm, X11
6) 'logfile corrupted, deleting' messages fill me with an inner state of horror, not the rosy glow of 'at least it saved me (maybe) 500ms at boot time'
David (the luddite)
P.S Poettering, have you heard of pam-mount? I know you didn't write it, but it lets you mount user partitions as people log in, using their password as a LUKS key. It's been around for at least a decade and a half.
Belgian F-16 pilot rescued from power line after emergency ejection
Whoa, bot wars: As cybercrooks add more AI to their arsenal, the goodies will have to too
GDP-arrrrrrgggghhh! A no-deal Brexit: So what are you going to do with all that lovely data?
Friday 6th September 2019 18:49 GMT
Re: Why should I suffer?
I recently heard some UK politician on TV saying something like 'In the UK we elect a party'
No!, in the UK, we elect individuals and trust them to vote according to their consciences and the principles they hold dear. They might happen to be part of a party, and campaign with (local and national) party support, and we can normally expect them to let their party leaders do some leading, but ultimately, they are elected as individuals. (Otherwise we might have corruption-inducing party lists like in various chunks of Europe where you literally owe your job to the party bosses who decided to put you down as number 3 for that region unlike your friend who was in number 4 and so didn't get in.)
If only the parties and certain newspapers could remember this basic fact about our democracy, they'd stop making three line whips out of things they know >50% of the electorate think is a stupid idea.
Brave accuses Google of trampling Europe's GDPR with stealthy netizen-stalking adverts
Thursday 5th September 2019 16:36 GMT
Latency: the minimum time to reply to a signal
So the signal is: google collecting loads of data and (allegedly) breaking GDPR left right and centre.
Initial reply time is quite slow, due to the transcription into legalese. error checking and passing from desk to desk, but never mind, the reply will come. (see icon) -->
AMD agrees to cough up $35-a-chip payout over eight-core Bulldozer advertising fiasco
Fantastic Mr Fox? Not when he sh*ts on your lawn, kids' trampoline and your soul
Friday 26th July 2019 09:08 GMT
motion detector / waterspray?
Craig Turner has a solution, maybe?
https://www.youtube.com/watch?v=ElcviGYMb3U Water jets with motion detector, especially if you know where they're getting in. Electricity and water present other options of course, too.
Or just put a shark in the paddling pool, you know, one with that laser.
Bad news: Earth is not going to be walloped by asteroid 2006 QV89. Good news: Boffins have lost sight of it, so all hope is not yet lost
Amazon's bugging of homes has German boffins worried that Alexa may be an outlaw
RIP Dyn Dynamic DNS :'( Oracle to end Dyn-asty by axing freshly gobbled services, shoving customers into its cloud
Wednesday 26th June 2019 08:23 GMT
Re: Easily replaced
afraid are scary if you want to publicise your site. IIRC, they allow / encourage unrelated sub-domains,
I.e. john Smith signs up for johnsmith.linuxgeek.afraid.org and then Bill likes that and signs up for bill.johnsmith.linuxgeek.afraid.org and then someone else signs up for everyone.bill.johnsmith.linuxgeek.afraid.org and points it at their stash of pirated videos... John Smith then might have to answer lots of lawyer-questions about a site he has no control of.
Open-heart nerdery: Boffins suggest identifying and logging in people using ECGs
Tuesday 25th June 2019 16:08 GMT
Heart attack
As far as I ignorantly guess, a heart attack changes your ECG. It might even be permanent? You have a 'funny turn' while out in some isolated spot / server-room late at night. Suddenly your phone won't let you log in to make a call, your car won't let you drive. Don't panic... don't panic... what was that about aspirin?
News aggregator app Flipboard hacked: All passwords reset after hackers pinch user data
AI can now animate the Mona Lisa's face or any other portrait you give it. We're not sure we're happy with this reality
Friday 24th May 2019 06:44 GMT
Re: They're already doing this
Maybe have video recording devices use a private key to encode their identity into the recording, so if you could present the phone that made the recording into evidence it could be proven that the video shown is as was originally recorded by the device and not modified?
That'll work until someone manages to set / recover the secret key, or finds out the algorithm* that sets them.
I estimate about 3 days after it gets to market, after a 6 month pre-launch advertising / promotional drive saying how such a thing it can't be done.
* "But we seeded rand using time() and the serial number and then encrypted it with base32 AND uuencode, and then rot13'd the result nine hundred thousand times, just like it says in the stack overflow comments! No one can break that!"
Giga-hurts radio: Terrorists build Wi-Fi bombs to dodge cops' cellphone jammers
Essex named sexiest British accent followed closely by, um, Glaswegian
Security storm brewing for Oracle Java-powered smart cards: More than a dirty dozen flaws found, fixes... er, any fixes?
Brit Parliament online orifice overwhelmed by Brexit bashers
Never thought we'd ever utter these words, but... can anyone recommend a spin doctor for NASA?
Radio gaga: Techies fear EU directive to stop RF device tinkering will do more harm than good
Tuesday 12th March 2019 09:05 GMT
Re: Radio Amateurs locked out of experimentation
If I remember correctly, the preamble to the Radio Amateur licence states its purpose is to encourage (suitably aware of the law - hence the exam) people to EXPERIMENT with wireless telecommunication.
What ought to happen is proper enforcement against the idiots who think it's a good idea to operate out of band or outside ERP limits (and botch together a class C amplifier to do so...) This law seems to be 'lets make it a paper exercise, because that way we don't need to employ anyone who doesn't mind the rain to do enforcement'.
How to make people sit up and use 2-factor auth: Show 'em a vid reusing a toothbrush to scrub a toilet – then compare it to password reuse
Thursday 7th March 2019 09:48 GMT
urm, correction.
I've got fetchmail running via cron quite happily on 2fa'd gmail accounts.
You just need to give your email a slightly bigger attack surface - and yes, I mean that.
If you go to the right bit of their website and click in the right places, they issue you with an 'application password' - a medium-sized random string - for you to cut and paste into your fetchmail/grabmail/etc config file.
It probably won't work to login via webmail, but it works for IMAP clients.
Biting the hand that feeds IT
