Posts by Chris Miller

Re: 'The bigger problem is that there is a cold calling industry'

"You're travelling overseas" - and then, just to add injury to insult, you (or your company) gets billed for the non-UK segment of the call.

@David

99% of the time your description of VC is spot on. The other 1% you get Amazon/Google/Apple/Microsoft/...

Re: One question... Why?

Apparently, you can download torrents of every Star Trek episode ever made overnight. Of course, this may make a bit of a dent in your 'fair usage' allowance.

Re: Never mind going up

In the 80s, I was doing some work in the 30-storey Torre Europa* in Madrid. The fire escape method was a flexible tube that you used to drop to the floor below (where there was a similar tube and so on). I imagine (I only saw the pictogram instructions, I never had to use it, thankfully!) that friction slowed you down enough to prevent injury on a 3m drop.

* The office had a fine view of the neighbouring Bernabéu, which was entertaining when floodlit evening fixtures were being played.

Re: I've seen this sort of thing before...

THE PLAN.

In the beginning was the plan.

And then came the assumptions.

And the assumptions were without form.

And the plan was without substance.

And darkness was upon the face of the Workers.

And they spoke amongst themselves, saying, ‘It is a crock of dung and it stinketh.’

And the Workers went unto their Supervisors and said, ‘It is a pail of manure, and none may abide the odour thereof.’

And the Supervisors went unto their Managers, saying ‘It is a container of excrement, and it is very strong, such that none can abide by it.’

And the Managers went unto their Directors, saying ‘It is a vessel of fertilizer, and none may abide by its strength.’

And the Directors spoke amongst themselves, saying to one another, ‘It contains that which aids growth and it is very powerful.’

And thus the Directors went unto their Chief Executive, saying unto him, ‘This plan will actively promote the growth and vigour of the company with powerful effects.’

And the Chief Executive looked upon the plan, and thought that it was good.

And the plan became Policy.

Re: "Companies don't pay taxes, people do"

"Dividends on the other hand are typically taxed at around 15%". That's because dividends are paid out of company profits and have already been taxed once, at a rate not far from basic rate income tax. Hence dividends (in the UK) are only subject to higher rate income tax. By all means tax dividends at the same rate as other income, but you'd (logically, if logic has any place in taxation :) have to allow them as a corporate expense, just like salaries.

Re: he still needs to rehabilitate

Surely Benson, AZ?

True, but I've always told people not to put anything in an email that they wouldn't feel comfortable writing on a postcard.

I wonder how many terrorist plots have been genuinely uncovered in this way (as opposed to monitoring existing 'people of interest'). It would take a really dim terrorist (of which, admittedly, there appears to be no great shortage) to send "I've got all the Semtex we need for the bomb" in an email. Surely you'd arrange for an apparently innocuous code: "All the guests have been invited to the wedding", or some such.

Re: An Important Consideration

The first thing that newly TUPEd staff receive is a training course subtitled 'how to say NO to your former colleagues':

"Is it in the contract?"

"Do you have a costed change request for that?"

FWIW, I've had several Acer laptops and have had no problems with the build quality. The materials tend toward the plastic end of the spectrum, but they've survived pretty rough handling.

Re: Good for them

I wouldn't put it quite so strongly as 'nonsense', but I've carried out security risk assessments for clients with Huawei kit, and my conclusions were that there are real threats, such as:

(a) a magic 'off' button - Huawei could configure their systems to shut down on receipt of a specially formed packet (a 21st century 'ping of death') to facilitate DoS attacks;

(b) back doors that could allow an attacker to gain sysadmin access (which also exist, by accident if not design, in many other systems);

(c) analysis of traffic and reporting back to some central point (I think this sort of capability is rather beyond the fairly basic low-level kit that constitutes most of their current installed base, but that will no doubt change in the future as Huawei move up the food chain).

But none of these seem to be very plausible because:

(1) most Huawei kit is installed in China, so they would be just as vulnerable to these attacks;

(2) most such kit is not directly exposed to the Internet. There are firewalls and IDS/IPS systems in the way (hopefully not all Huawei ones!) that would make inbound and outbound access very difficult, if not impossible.

I don't claim to have conducted any exhaustive analysis of the hardware, and I'd welcome comments or corrections. But it doesn't seem to me that any threat is currently very great.

You spell it sulphur, I spell it ...

I expect it was to explain why Richard was using the deprecated spelling, which was changed to sulfur in the 90s with agreement from IUPAC and RSC (in return USizens have to spell aluminium correctly). I don't know what happened to it, though.

@ribosome

He was probably quoting my hero, Ernest Rutherford (see above), who also said:

If your experiment needs statistics, you ought to have done a better experiment.

Sorry, I picked the wrong number from the HS2 site, which includes both phase 1 and phase 2. The correct cost for phase 1 alone is 'only' $25 billion* - sounds like a bargain now, doesn't it? In reality, whether it's clinically insane by a factor of 10x or 20x doesn't actually matter - it's still utterly bonkers. To save us from further irrelevant quibbling, the HS2 site claims the length of phase 1 to be 140 miles, I guess they're including the spur to Lichfield.

* "We estimate the first phase of HS2 will cost around £16.3bn to construct (in 2011 prices)." At the current rate of £1 = $1.52, that's $24.8 billion. These are HS2's own numbers from their web site, linked above - but the Cabinet Office’s Major Projects Authority says they're crap and has categorised it amongst those government projects that are 'failing' (although for some completely inexplicable reason they're refusing to publish their report).

@Ben

You're right in principle, but in practice it means the difference between a hacker simply copying one or two passwd files (ideally that shouldn't be easy, but that seems to be what has happened here, and occurs all too often), and their having to gain complete ownership of your web server, identifying the code containing your 'personal' salt-generation software and then disassembling it (the source code is held on a USB stick in a safe). I wouldn't propose this mechanism for the protection of military grade secrets, but I think for a list of passwords to a standard web site it's more than good enough.

Of course, most people will just use standard off-the-shelf code for their password algorithm, in which case a smart attacker should be able to ascertain which one and then, as you rightly say, all bets are off unless you can train your users to adopt 'strong' passwords (good luck with that!)

Agreed

Anyway, why would I want to protect my Greek?

@ Terry Barnes et al

Batteries are not at all like calor gas. Gas is gas, petrol is petrol, but a new battery may perform very differently from an old one (even if they are nominally equivalent). Batteries deteriorate over time and with each cycle, in reality it's unlikely they will last usefully longer than 5 years, but I suppose the technology will improve. But you claim that people will be happy to exchange 'their' brand new one (irrespective of who may 'own' it), for one that may be on its last legs and won't hold enough charge to get you home? I think a reality check may be in order.

I'm sure if petrol were a new discovery, green zealots would be campaigning against the 'dangers' of filling stations in much the way they do with nuclear power. When was the last time you saw a filling station explode (Terminator doesn't count), or even a significant spillage? It's true that it's possible to get a few splashes of petrol if you're a bit careless while refilling, which might result in a dry-cleaning bill. But a 'splash' from a few hundred kW recharging device could ruin your whole day.

Gosh this 'green' technology is more complicated than it appears.

@keithpeter

The BBC has 23,000 staff (and no doubt many more contractors) so simply keeping the joint running in terms of desktops, laptops, fondleslabs and associated networking and server hardware and software probably takes up £200 million a year. Add to that a very substantial web presence (BBC comes just below Apple and above Adobe on website hit lists) and I seriously doubt that there's more than £50 million which could be called 'discretionary spending', probably a lot less. A huge chunk of that has just been pissed away.

130,000 is clearly a nonsense number, as a quick arithmetical check will show. Population of the UK: ~70,000,000; UK life expectancy: a bit over 80; so we would expect* no more than a million deaths a year from all causes in the UK. 130,000 implies that 1 in 8 deaths are caused by knives, which is clearly ridiculous. It sound like a huge overstatement even of the global deaths from knives, being about 0.1% of the gross global mortality.

* Assuming some reasonable age distribution. It's possible to construct extreme examples for which the approximation fails (such as a drastic war that has wiped out half the males between 20-40, or a massive baby boom), but they don't represent the modern UK.

Re: Working OK?

I imagine that by 'attacks' they mean probes to find out if some well-known TCP port has been left open by mistake, rather than APTs.

Re: @Chris Miller

Apologies HFG, I didn't intend to insult arXiv which is a fantastic resource, with many great papers. But the fact remains that you can get a paper on there with no peer review process, which is what has been done in this case. When it gets published in Nature or PTRS, I'll give it another look.

Re: eh?

Actually, the 'solution du jour' for consultants is now 'insourcing'. In many cases exactly the same firms that dropped in 5/10 years ago and told management to outsource everything, are now returning, sucking their teeth, saying 'who sold you this, then?' and charging millions (again) to bring it all back. It would be funny if it weren't so bloody serious.

Re: London - same old, same old: Paris the historic past preserved

And Guy de Maupassant supposedly ate lunch in the Eiffel tower's restaurant every day, because it was the only place in Paris from which the Eiffel tower wasn't visible.

Exactly

I'd love the ability to achieve a (say) 1Mb data rate the full length of the M11 or the rail links to London (or the west/east-coast mainlines, for that matter), rather than planning for pointlessly* high data rates that can both flatten a battery and exhaust your annual data allocation in a few minutes.

* For truly mobile applications - no doubt there are some areas where fixed lines aren't practical and a high-speed over-the-air link is truly useful.