* Posts by Norman Nescio

378 posts • joined 7 May 2008


UK government shakes magic money tree, finds $500m to buy a stake in struggling satellite firm OneWeb

Norman Nescio


The Japanese have an alternative to GPS, named Quasi-Zenith Satellite System (QZSS) or 'Michibiki' (みちびき), which currently provides an augmentation to the USA's GPS locally for Japan, but with the addition of a small number of additional satellites can operate independently of GPS.

The satellites have an interesting inclined geosynchronous orbit that means that the ground track is an analemma shape ('figure of eight') over Japan and Australia.

They are interesting in that they do not require on-board atomic clocks. As stated in the Wikipedia article:

QZSS timekeeping and remote synchronization

Although the first generation QZSS timekeeping system (TKS) will be based on the Rb clock, the first QZSS satellites will carry a basic prototype of an experimental crystal clock synchronization system. During the first half of the two year in-orbit test phase, preliminary tests will investigate the feasibility of the atomic clock-less technology which might be employed in the second generation QZSS.

The mentioned QZSS TKS technology is a novel satellite timekeeping system which does not require on-board atomic clocks as used by existing navigation satellite systems such as BeiDou, Galileo, GPS, GLONASS or NavIC system. This concept is differentiated by the employment of a synchronization framework combined with lightweight steerable on-board clocks which act as transponders re-broadcasting the precise time remotely provided by the time synchronization network located on the ground. This allows the system to operate optimally when satellites are in direct contact with the ground station, making it suitable for a system like the Japanese QZSS. Low satellite mass and low satellite manufacturing and launch cost are significant advantages of this system. An outline of this concept as well as two possible implementations of the time synchronization network for QZSS were studied and published in Remote Synchronization Method for the Quasi-Zenith Satellite System[15] and Remote Synchronization Method for the Quasi-Zenith Satellite System: study of a novel satellite timekeeping system which does not require on-board atomic clocks.[16][non-primary source needed]

The article links to a PhD thesis on the topic which has also been published as a book:

Amazon: Remote Synchronization Method for the Quasi-Zenith Satellite System: study of a novel satellite timekeeping system which does not require on-board atomic clocks.

Media articles:

SpaceNews: Japan mulls seven-satellite QZSS system as a GPS backup

Spacewatch Asia-Pacific: Japan Prepares for GPS Failure with Quasi-Zenith Satellites

So it seems there are possibilities of viable satellite navigation system approaches other than GPS, which could potentially be bought off-the-shelf from the Japanese.

ZFS co-creator boots 'slave' out of OpenZFS codebase, says 'casual use' of term is 'unnecessary reference to a painful experience'

Norman Nescio

Language changes, so we may as well get used to it.

If looking for an alternative form of wording where compulsion of action is indicated, how about officer/private; or if a learned gloss is needed for the naming, Dux / Mīles or λοχᾱγός / ὁπλίτης e.g. "The dux issues commands to the mīles, which it performs".

Someone got so fed up with GE fridge DRM – yes, fridge DRM – they made a whole website on how to bypass it

Norman Nescio

Re: Next great idea

They do that for linux drivers too...

Since M$ and hp are all good Foss friends now and offering support for open projects... Weirdly a cups update sent hundreds of older machines to the obsolete pile. Love to know what criteria they use to decide which printers get the chop as there are some drivers that are as old and older that did not get tossed on the pile, considering that there's very little difference between the drivers for similar models... Try installing a driver with the printer off and use a similar model driver...

10 year old desk jet works fine but according to hp it's obsolete

Perhaps some public-spirited programmer will take it into their heads to ensure that drivers remain available and modifiable. I can see such a thing being a shared aim.

Total Eclipse to depart: Open-source software foundation is hopping the pond to Europe

Norman Nescio

Re: A long time coming

However, where there IS extra letter(s) in a word, people that are used to simplified spelling seem to lose the ability to pronounce the word. Listen to the hash you get when some people try to say "bouy". It seems to have become "boo ee" now. I always want to ask them if their "boo ee ancy" tanks are ok, or if their economy is "boo ee ant". Don't get me started on Loughborough...

Oh buoy, oh buoy, oh buoy.

I thought for a minute you were complaining about the French telecoms provider Bouygues Telecom. If you know how to pronounce it, it can be fun asking people to try and work it out themselves.

Vodafone chief speaks out after 5G conspiracy nuts torch phone mast serving Nightingale Hospital in Brum

Norman Nescio

Re: Possibly OTT on my part but..

A bit more topical is the NHS insisting that, based on a WHO study, surgical masks are of no use to the general public and the wearing of masks is not to be promoted.

the fact is that masks, no matter how bad, will help to slow the spread of the disease by slowing or stopping the ejection of potentially virus particles by the asymptomatic. they won't stop you catching CV19, they help to slow the spread of it.

Medical opinion is divided on the utility of the general public wearing (disposable) surgical masks and/or (reusable) cloth masks. In principle they would, as you say slow or stop the ejection of infective droplets. However, poorly fitting masks can (and do) aerosolize particles and eject them out of the gaps where the mask is not well sealed against the skin. In addition, a damp mask (e.g. from the humidity of your breath) acts as a great place to concentrate viable infective particles and make it more likely to succumb to whatever is floating around in the air generally, as the masks we are talking about are not 'N95' masks. Furthermore, unless you follow recommended practice by not touching the mask when in use, and removing and disposing of it in the correct manner so you don't contaminate your fingers, you are at increased risk of infection.

Taking into account factors like the above, what at first sight seems like a common sense option is not necessarily the right one. Medical opinion is that proper, and frequent hand-washing, and not touching your eyes, nose, and mouth are far more significant in reducing transmission.

The fact is that medical professionals, whose job it is to evaluate evidence in far more detail than I can as a lay-person, have divided opinions. While there is an apparent correlation between mask-using in SE-Asia and fewer infections, amongst other things, we don't know how reliable the statistics are from some countries. Even in the UK it is clear our statistics are subject to significant revision - and of course, if you don't, or can't, test for Coronavirus SARS-CoV-2, you won't find any.

There are some very worried and over-worked public health experts and officials trying to make the best decisions with the best available evidence, and ignoring the advice of professionals paid to evaluate just this sort of thing is usually inadvisable.

As an individual in a relatively free society (emergency regulations aside), you can make your own decisions on this. But please don't try and generalise from your free choice to imposing your views on others - it tends to breed resentment in people who exercise their free choice to follow official advice. I would advise following the evidence, where good quality evidence is available.

Norman Nescio

Chernobyl fallout

This is not as silly as you might think.

In Norway, reindeer and sheep are still monitored for radioactivity* and prevented from going for human consumption** if the levels are too high as a result of the Chernobyl fallout. They only stopped doing that for sheep in Wales a few years ago - just looked it up: 2012

BBC 22 March 2012: Chernobyl sheep controls lifted in Wales and Cumbria

And while the level of contamination in Wales has dropped sufficiently for it to be deemed low enough not to cause an appreciable risk, milk in areas of Ukraine is still well over the safe level applied by the local authorities:

The Independent: 8 June 2018: Ukrainian cow milk has ‘five times safe level of radioactivity’, study finds

So while the person in question might be regarded as over-cautious, it certainly isn't idiotic behaviour.

Torching 5G phone-masts because they are related to Coronavirus by reason of "Chewbacca!" is irrational. The perpetrators need catching and either remedial education or being put where they can't do any more harm for a while.

But in a democracy, such people have a vote, which is frightening.


*(1) From 2016: https://www.dsa.no/publikasjon/straaleverninfo-4-2016-30-aar-sidan-tsjernobyl-kor-mange-fleire-aar-med-tiltak-i-reindrifta.pdf

(2) From 2017: https://www.mattilsynet.no/mat_og_vann/uonskede_stofferimaten/radioaktivitet/rapport_radioaktivitet_i_norsk_mat_2016.26934/binary/Rapport:%20Radioaktivitet%20i%20norsk%20mat%202016

(3) From 2019: https://www.nrk.no/nordland/33-ar-etter-tsjernobyl-ma-fortsatt-37-norske-kommuner-male-radioaktivitet-i-husdyr-1.14575384 - contains a list of 37 Norwegian counties where animals need to be tested to show they are below acceptable Norwegian limits before slaughter.

**It's mostly relevant if you eat a lot of reindeer, but the reindeer herders do. They also monitor wild fungi and berries. The problem being that some plants and fungi concentrate the Caesium-137.

French monopoly watchdog orders Google to talk payment terms with French publishers

Norman Nescio


Given that the Google-bot respects robots.txt, why can't the French publishers simply block Google from crawling their websites?

Perhaps they see a potential source of easy revenue?

As it is, I have a lot of sympathy with Long John Silver's view.

Your data was 'taken without permission', customers told, after personal info accessed in O2 UK partner's database

Norman Nescio

Re: with assistance from experts

Call me cynical but if they employed experts in the first place while setting these up these databases up in the first place they wouldn't have these problems. It could also solve replications and duplication issues.

Cynical, the Muphry is strong here.

Brexit Britain changes its mind, says non, nein, no to Europe's unified patent court – potentially sealing its fate

Norman Nescio

For a contrasting view...

Roy Schestowitz's website, Techrights has been saying the UPC has been dead for years, and has been charting the behaviour of UPC supporters for a long period. It would be safe to say his opinion of the UPC (and the European Patent Office) is not uniformly positive.

I don't know enough to say whether his criticisms are well-founded (they appear to be to my inexpert eye), but he does give a different view on things. An El Reg journalist might like to use it as a contrast to some of the press releases issued by other interested parties.




The Wristwatch of the Long Now: When your MTBF is two centuries

Norman Nescio

You missed out the oak gall ink on vellum (not vegan friendly) - still in use in UK

Thanks for the suggestion: in fact I made a deliberate choice not to include oak-gall ink because it is often acid, as it is prepared from tannic (and gallic) acids and iron sulphate (aka copperas), so the resultant ink can be acidic - so much so that in time it eats through the vellum/parchment and you are left not with a manuscript, but a doily. It is a problem with old manuscripts.

An example is at the the bottom of this interesting page:

Patricia Lovett:How Mediæval Manuscripts were Made

...you will be able to see the effects of the ink on the vellum. Note to the right in the middle line where the ink, which contains acid, has eaten through the skin to create holes. This is a problem with this manuscript as in some places the letters, or the spaces between letters have fallen out of the manuscript. This is not an isolated instance with oak gall ink.

But thank you again for the suggestion. Oak-gall ink on vellum is not a bad choice, and there are very many well-preserved manuscripts made in this manner, but it is not, perhaps, the best possible choice nowadays. On reflection, I should have made the reasoning behind my choices clearer, so thank-you for the opportunity to clear this point up.


Norman Nescio

There is no technology around today that’ll keep data for decades, guaranteed.

Neutral-pH ink on archival quality cotton-rag paper stored in a cool dark place with humidity neither too high nor too low.

Polyester microfilm/microfiche

(Rosetta Project) Nickel deposited on etched silicon disks

What all three have in common is optical retrieval.

Norman Nescio

Re: Beware survival bias

Phone - Jolla 1 phone released 27 Nov 2013 still gets updates. Most recent is Sailfish OS 3.2.1 Nuuksio released for general use in December 2019. Mine still has original removable battery, but screen failed an inadvertent drop test onto a tiled floor, and the handsfree speaker has an intermittent connection.

Stuff built to (gratis) open standards is likely to be able to be made to work ( be maintainable ) for a long time, and software can be run on a VM. Even proprietary standards will likely come out of copyright and patents will expire, so stuff that is popular enough could well be maintainable in the long term.

The cloud on the horizon is stuff that is 'protected' by well implemented strong encryption/DRM. It is no good if something comes out of copyright if no-one has the keys to decrypt it any more.

Remember when Europe’s entire Galileo satellite system fell over last summer? No you don’t. The official stats reveal it never happened

Norman Nescio

Re: Isn't it amazing

You are quite right. I'm not sure who the actual customer (organisation paying for) Galileo is*, but whichever organisation it is, I'm sure it would benefit from better definitions of the SLA/KPIs so that the end users are not mislead into expecting better performance than is actually available.

It may well be that at its current stage of roll-out/development**, the KPIs for the Galileo system are appropriate: but Joe Public (including me) tends to think that if it is 'available', then it should be available all of the time, and not just for a carefully described average amount of time.

The project may well be a technological tour-de-force, but a long and public outage doesn't look good, especially with what looks bureaucratic obfuscation surrounding it.

I have no doubt the service will improve, but the public perceptions need to be managed far, far better.


*Ultimately, it is the European taxpayer, but there is some sort of commissioning organisation.

**When will Galileo reach the Final Operational Capability (FOC)?

Galileo performance will gradually be improved and new services will be introduced as further spacecraft are launched.

The full constellation is expected to be available by 2020. When the full constellation is in orbit and usable, the Full Operational Capability stage will be declared.

Norman Nescio


This is why reading and understanding the Service Level Agreement (SLA) for any service you intend to rely upon is a Very Good Idea. As Galileo is still in the "Initial Open Service", it is not intended for 'primetime' use. Despite that, lots of people are using it anyway, assuming that availability now means it will continue to be available in the future. It's very kind of them to act as testing guinea-pigs.

Lots of companies sign up for SLAs with telecomms service providers, cloud services, IT service providers and the like without fully understanding the SLAs buried deep within the contracts.

I have met some 'interesting' SLAs in my time. How about 'guaranteed service restoration within 48 hours of an outage'? So when things failed at 16:00 on Friday, you'd expect service back by 16:00 on Sunday? Well, it turned out that the outage clock only ticked during 'normal working hours', deemed to be 09:00-17:00 Mon-Fr, so 48 hours after 16:00 on Friday was...16:00 on the Monday after the next weekend - a whole working week and a day after the outage actually occurred. Of course, those signing the contract thought they would get service back at latest 48 real-time hours later.

Another fun SLA was an availability SLA which defined how availability would be measured. The contract stated that a particular procedure would be used, which happened to be the same as the procedure used to demonstrate a service was working before acceptance. Which sounds good. There were two problems with this: firstly, the test procedure could only be carried out while the service was not in production use; and secondly the SLA specified an annual availability, which could only be measured (according to the contract) by having the service run the acceptance procedure for a year.

The conclusion is that contractual SLAs should be read very, very carefully, and you should make sure that you and the supplier have a common understanding of the SLA. Which is horribly boring, and means that you should probably give up on assuming 'good faith', because high performance levels usually require lots of money and resources, which suppliers are loath to give away cheaply.

The current (issued in May 2019) Service Description for Galileo is here: EUROPEAN GNSS (GALILEO) : OPEN SERVICE DEFINITION DOCUMENT. Section 3 goes into detail on the Minimum Performance Levels (MPLs) of the service, with section 3.4.4 specifically describing the availability of the Galileo positioning service*: which, summarised, is greater than or equal to 70% calculated over a period of 30 days at the worst user location.

With my jaded experienced eye, I can see that averaging availability over 30 days is the usual trick for making a service provider's life easier. As a service user, you want the averaging period for a service's availability to be as short as possible - so if you are billed monthly, you, as a user, want the availability to exceed the agreed level averaged over (say) a rolling 24 hour period, and if it drops below the target in any 24 hour period during the billing cycle, the target for the cycle is not met. Or if 24 hours is too long, a rolling hourly period. Suppliers really don't like that.

So, yes, the Galileo SLA has been carefully written to mean that Galileo has a very good chance of meeting its targets. Depending on your point of view, this either means that the SLA writers in Galileo were on the ball, or that they are deliberately massaging the figures (in advance, remember, this was published in May 2019) to make themselves look good. Read the next version of the Galileo Open Service Definition document carefully.

*Note, the MPL for the Galileo UTC Time Dissemination service is better than or equal to 87%, calculated over a period of 30 days. It failed to meet its target in July (see pages 12 and 13 of the report), reaching only 81.7%

The MPL of 87%9specified by [OS-SDD] for the long term is therefore not achieved in July, while it is in August and September. This is again a side effect of the occurred incident (ref.:Annex A).

[OSS-SDD] European GNSS (Galileo) Open Service Definition Document (OS-SDD), Issue 1.1, European Union, May 2019.

Issue 1.1 of the [OS-SDD] is in force since May 2019. This version is accessible for download from the European GNSS Service Centre (GSC) website.

Tabletop battle-toys purveyor Games Workshop again warns of risks in Microsoft Dynamics 365 ERP project

Norman Nescio

Re: ERP?

And I though Enterprise Resource Planning was counting how many security* Redshirts you had left...

* https://intl.startrek.com/article/did-redshirts-really-die-more-often-on-tos

ELO ELO ELO, what's going on 'ere then?

We won't CU later: New Ofcom broadband proposals mull killing off old copper network

Norman Nescio

Re: one major problem that Ofcom is deliberately ignoring

The laws of physics prevent power from being sent through fiber optic cables.


There other considerations which might prevent the general use of power transmission through optical fibre, but the laws of physics are perfectly happy with the idea.

If you turn up the wick too much, it gets a bit dicey:

The Fibre Fuse (The accompanying music is not to everybody's taste)

Fiber fuse ignition and propagation

This isn't Boeing very well... Faulty timer knackers Starliner cargo capsule on its way to International Space Station

Norman Nescio

Re: In this particular case those venn diagrams you mention do not overlap

Oh dear!

As any fule no, irony, it's like "goldy" and "bronzy" only it's made out of iron.

RISC-V Xmas gifts: SiFive emits vector-enabled cores, Western Digital teases new SweRVs, VxWorks hugs ISA, Samsung rolls it into 5G...

Norman Nescio

WD State-machine replacement?

Much as I like the ideas behind RISC-V, I'm not sure Western Digital's statement:

<quote>"...designed to replace sequential logic and state machines in controller system-on-chips."</quote>

fills me with enthusiasm. Replacing a state machine with a general purpose (Turing complete) cpu can have some nasty consequences. State machines can relatively easily be formally proven to behave correctly, whereas it is more difficult with general purpose cpus. Of course, using a firmware/general-purpose cpu combo means you can fix bugs, and provide new!, improved!, functionality, by loading an updated firmware*, whereas a state machine embodied in silico doesn't have that option. The general purpose cpu provides more flexibility for the manufacturer, which can be a good thing. Of course, in principle, if you as the purchaser of the storage device, are allowed access to modify the firmware yourself, that could be beneficial, but I suspect my sideline as an ice-skate vendor in Hell will become profitable way before then.

*The new!, improved! functionality can include behaviour not anticipated by the 'owner' of the storage device in question, such as ransomware, and information exfiltration.

China fires up 'Great Cannon' denial-of-service blaster, points it toward Hong Kong

Norman Nescio

HKG telecomms cable links

How many comms links from Hong Kong go through Mainland China?

Fewer than you might think. A legacy of the UK ownership of Hong Kong and the lease of the New Territories, a large number of submarine cable systems connect to Hong Kong. Take a look at Greg's Cable Map and centre it on Hong Kong.

Electrician cuts wrong wire and downs 25,000 square foot data centre

Norman Nescio

Re: opps

Given enough attempts, the probability of one of them going wrong is near enough 100% - so the manager should not be asking what the likelihood of it going wrong is, but working out the most efficient and effective way of mitigating the expected failure. If you are not planning for a disaster, you are planning for a disaster (as my BCP* colleague once said).

If you reckon that out of 100 attempts at doing something, one of them will fail, then you really need to have a plan in place for coping with the failure. Would you play Russian roulette with a (really big) revolver that had room for 100 cartridges where a single cartridge had been loaded and the cylinder spun? Not having a plan for dealing with the live cartridge being selected will have messy consequences.

*You can probably work out when this was said by the use of BCP (Business Continuity Planning). It is odd how there are fads in nomenclature - Staff Management - Personnel - Human Resources; or in this case, Disaster Recovery - Business Continuity Planning - Incident Response

Getronics confirms – finally – that CEO has quit following HMRC VAT payment debacle

Norman Nescio

Re: "The investment from our existing stakeholders signals" . .

I hope the investors are not following the Escalation of commitment behavioural pattern, otherwise known as the Sunk Cost Fallacy.

It can be very hard to avoid rationalising a relatively small extra expenditure in order to prevent losing, the so far undelivered, but expected benefits of large previous expenditures.

150 infosec bods now know who they're up against thanks to BT Security cc/bcc snafu

Norman Nescio


Given the unlikelihood of mail clients being modified to make this sort of thing less likely to happen by accident or ignorance, perhaps there is mileage in writing an updated Message Transfer Agent RFC that requires that the agent can count the number of names in a 'cc' field and refuse to transfer the mail if it is above a certain number?

If you really want to cc a lot of people, request permission from the MTA first; or maybe the MTA puts the message in quarantine and requests the sender to confirm they want the mail to be forwarded.

Vodafone takes €1.9bn punch to wallet thanks to India's decision on airwave licence fees

Norman Nescio


Vodafone is not a telecommunications company - it is a financial engineering company which happens to sell telecommunications services on the side.

The problem is that in order to survive in the current business climate, large publicly-listed companies need to exhibit this pathological behaviour, or be absorbed, asset-stripped, and cast aside by someone without scruples. If your company's return on capital employed is worse than the money-men can get from investing elsewhere, you are toast.

Running on Intel? If you want security, disable hyper-threading, says Linux kernel maintainer

Norman Nescio

Updating Firmware isn't easy

If you're running on Intel, but want to be secure: best practice is to disable hyper-threading and keep your BIOS and kernel up to date.

Updated Linux kernels are easily and freely available.

BIOS - not so much. Many OEMs provide firmware (which could be BIOS, or a whole host of other things) updates as Windows-only executables. FreeDOS and the Linux Vendor Firmware Service don't cover all the hardware out there, which means that there are an awful lot of systems with out-of-date firmware out there. This is not good, but I can't see a realistic and easy answer.

TalkTalk says WalkWalk if you've got a mouldy Tiscali email address, or pay £50 a year to keep it

Norman Nescio

Another ex-Nildrammer here

My Nildram e-mail account, which soldiered on after Pipex, Opal, and Tiscali into TalkTalk never worked properly with the TalkTalk 'customer service' web portal. I had several sites connected up using Nildram, and TalkTalk completely mucked up the account, and I never did get the billing sorted out*. I finally left with TalkTalk owing me money, which I did not chase, regarding myself as lucky to get away without further trouble.

*I had less patience than this fellow:

Adam Arnold:Pipex – Opal – Talk Talk Business (SIGH)

The mod firing squad: Stack Exchange embroiled in 'he said, she said, they said' row

Norman Nescio

Re: Is this just an English thing ?

As someone else has pointed out, it can be helpful to use "sex" for biology and "gender" for grammar, but I did point out that the two should not to be considered the same, though they are generally correlated for animals in many languages.

Could well be correlated, but there are some startling exceptions, the canonical example of which is the grammatical gender of the German word Mädchen, meaning 'young girl'. It's neuter.

The lack of connexion between grammatical gender and sex is also illustrated by Swedish and Danish, where nouns have one of two grammatical genders, which are not, as you might expect, male and female, but common gender and neutral gender.

Gender is one example of Noun Classifiers which are all basically ways of making other languages difficult for monoglot English speakers to learn.

Stallman's final interview as FSF president: Last week we quizzed him over Microsoft visit. Now he quits top roles amid rape remarks outcry

Norman Nescio

Re: Tracking

OTOH calling back from a land line, which is how I read it? The phone company knows exactly where that is.

As someone who has worked for 'a phone company', I can only laugh hollowly at that one.

Yes, in principle, all fixed lines are associated with an address*...but the information found in the address fields of the relevant database need not bear any relation to reality. Whole departments are dedicated to backfilling and amending such data** and it can still be utterly wrong. Chances are that the address for any particular land line is correct, but given the huge number of records in the database, it would be a brave person to assert they were all correct all the time. I would guess that mobile phone GPS-derived locations give fewer location errors. Certainly, there are fixed asset registers that exist that require technicians to provide the GPS-derived location of equipment as well as the address, in the hope of reducing gross errors.


* Actually, at least two addresses - the 'A' end and the 'B' end, one of which is very likely to be the switch (or in Britspeak, 'the telephone exchange'). Of course, it depends on what logical level of granularity you are looking at - every bit of line equipment the circuit passes through will be associated with a location, so a particular circuit could well have many associated locations that it passes through. Recording all this accurately and keeping it up to date is a non-trivial exercise.

**This is not done just for fun. In the UK at least, there is a strong incentive to keep the address information as near to correct as possible, as it is used by the emergency services to locate callers. It is not good publicity if an ambulance goes to Ashford (Middlesex) instead of Ashford (Kent), or Gillingham (Dorset) instead of Gillingham (Kent) to give a couple of made up examples. It also helps to send technicians to the correct place when things need modifying and/or fixing.

Justice served: There is no escape from the long server log of the law

Norman Nescio

Re: From the Seen That Department of Obvious Idiocy ...

Was that one's or two's complement?

No doubt, had someone courteously praised and thanked you in such a way, your day would have been complete.

I have no mouth and I must scream: You can add audio to wobbles in latest Windows 10 patch

Norman Nescio

Oooh - thank you very much.

Not so easy to make a quick getaway when it takes 3 hours to juice up your motor, eh Brits?

Norman Nescio

Re: For the millionth time...

Can Reg writers *please* stop writing the word "leccy" with an apostrophe? It's simply a slang word, like "arse". It is *not* a contraction like 'ello

Or maybe they should write it as 'lec'c'y, as the apostrophe indicates the position of one or several missing letters in a contraction, such as the ones missing from the word ElecTRIcITy. But that'd be silly, as you've pointed out. 'appen, there aren't many times when initial letters are missing. There are precedents, such as fo'c's'le, for words with more than one apostrophe.

I quite like El Reg's style, and I suspect they do some things on purpose to throw a bone for aspiring pedants like me to chew on. After all, it's never better than to be technically right.

KNOB turns up the heat on Bluetooth encryption, hotels leak guest info, city hands $1m to crook, and much, much more

Norman Nescio

Re: Watch your spelling!!

Please search the dictionary for the difference between "pouring" and "poring"

I suspect your comment needs to be directed towards whoever transcribed the words of Saskatoon city manager Jeff Jorgenson in the original press release, rather than the fine upstanding staff of The Register.

If you want to be picky about El Reg, you could ask that they put a [sic] after 'pouring'.

All roads in US cable biz GTT's Brit network seem to lead to Menwith Hill

Norman Nescio

Re: As I only live a few miles from The Hill...

The larger security issue is the availability of sensitive stuff like KMZ files plotting fibre routes accurately, which customers would insist on, even though it made their services less secure/reliable.

And knowing the exact route doesn't help the customer much, as the first time there is an outage or re-grooming, the path between major nodes changes. There is some benefit to knowing the routes of the 'last-mile' fibres, but unless you have explicitly decided to forego the benefits of automatic re-routing in case of failure, having a KMZ file of the path your data happens to be going down now is of little to no use, unless it is printed out on soft, absorbent paper.

Switching of paths on an optical network is routine, and done before protocols like BGP have put their shoes on. It is also often more hassle than it is worth to switch paths back after a fault has been cleared, unless you have mucked up your capacity planning and need to move stuff around to ensure you have the headroom to cope with the next unplanned outage. Some customers notice switching events by noticing the packet loss events and are somewhat insistent on getting as close as possible to zero packet loss, so elective switching is frowned upon.

Anyone who believes the fairy story that buying capacity from two different providers ensures your traffic goes down different paths is living in la-la-land. It is not unusual for both providers to buy capacity form the same third party, and so on (it is turtles all the way down). Buy from a single supplier, and press them hard to assure that their service is sufficiently resilient; or buy dark fibre on a known path, without switching, and light it up yourself. You are then responsible for your own resilience. Good luck.


Pi in the sky as ESA starts testing encrypted comms on International Space Station

Norman Nescio

Data at rest vs. data in use

There are many ways to make data at rest single- or multiple- bit flip resistant, but the usual assumption in processors is that data travelling along buses and placed in registers is correct. This assumption breaks down in aerospace applications. Assuring that data that should remain unchanged while being processed actually does remain unchanged, and changes are the ones actually wanted is a bit more difficult. In aviation, using an odd number of processors to execute the same calculations and assuming the majority decision is correct is a common approach, but if you are in an environment where 3, or 5, or 7 different processors can give multiple different results such that there is no reliable majority decision then different approaches are necessary. The probability of unresolvable conflicts increases as the duration of processing increases. Sending a message such that it can be guaranteed to be uncorrupted is called the Byzantine Generals Problem, probably best known from Bitcoin - but the linked paper is from 1982.

To do things properly, all data buses within the processor and communicating with devices external to the processor need to have sufficient ECC to assure data integrity to the desired level (which can be arbitrarily high). Data being processed needs to be represented in forms that are robust to disruption e.g. instead of using single bits to represent binary states, use an odd number of bits and define the state as 1 if a majority of the bits are 1, and zero if the majority are zero. Other, better, encoding schemes are available. Such approaches have the disadvantage of increasing the amount of die space needed to store and process information - imagine using three bits per binary digit: this requires registers that are three times as wide as 'normal', Of course, you can spread the information in time instead of space, so instead of widening a register, you use it three times and emulate physical separation by temporal separation; this means your calculations get slower. Repeating calculations in time has a problem in that bits can get latched, either temporarily or permanently, so getting the same result three times in a row doesn't mean it is correct if a bit in the output register has been latched into an incorrect state.

So, spread your calculations across many physical instances of processors - sufficient to solve the Byzantine Generals Problem given a target corrupted message rate between processors to overcome. Use ECC everywhere. Use repetition of calculations judiciously, bearing in mind that cosmic ray events, while of short duration in themselves can and do have long-term consequences. Now do this on commodity hardware that hasn't been designed with the above in mind. Remember, what you write to a register does not necessarily remain unchanged until you read it - so a jump instruction can go to the wrong destination, a cached processor opcode can be changed to an entirely different instruction, a memory location sent to the MMU can be changed, the contents of a memory location can vary from one read to the next, any bit can get latched at any time for a variable duration; and you might need to provide results in real time...

I take my hat off to those who do this stuff for a living. Mother Nature patiently waits for you to make a false assumption and...

(In telecomms, it is possible to test network hardware and protocols with neat equipment where you can dial up a particular error rate on a circuit. I don't know if an equivalent is possible for processors - sticking them near to a potent alpha-, gamma, and/or neutron source might be an approach; or maybe you have to emulate the silicon and run it (slowly) in software to allow random faults to be fired into the system. Building fault tolerant processors can't be easy, or cheap)

Has NASA's Mars Insight lander hit rock bottom? Heat probe struggles to penetrate Red Planet

Norman Nescio

There's a Martian telecomms engineer...

...cursing that his fail-safe method of recovering from getting lost has resulted in finding an alien backhoe.

Obviously, the mole has hit some Martian optical fibre.

Greatest threat facing IT? Not the latest tech giant cockwomblery – it's just tired engineers

Norman Nescio

Re: Estimating Software Projects

When calculating an estimate, I was advised by my first manager I ever had to think how long it would probably take, then double the number and increase the time unit by one (e.g. 2 days becomes 4 weeks)

At the time, I thought he was joking...

Perhaps we had the same manager? It was certainly a realistic measure for the projects I witnessed - the only problem being that that particular estimation method was known, and manglement did their level best to cut estimates back to the number first thought of, which almost invariably ended in tears.

I also had the misfortune to work for a manager notorious for his "5-minute" jobs, which generally took 5 days. He felt that his work was done conceiving of an idea and implementation was not his problem, and so 'trivial'. To be fair, as a mere underling, I had to do things like submit requests into the change management process, which required niceties like documentation, test results, and review by the change management team, whereas, as a manager he simply bypassed administrivia decades before 'agile' was a concept.

But yes, double the time required, and go up to the next 'order of magnitude' : minutes to hours, hours to days, days to weeks, weeks to months and months to years seemed to work very well.

Google may have taken this whole 'serverless' thing too far: Outage caused by bandwidth-killing config blunder

Norman Nescio

Re: Management Network

I too am Spartacus.

In my sector, the network control plane is kept rigorously separate from customer data, and also monitoring data (poorly implemented polling can overwhelm networks too). This isn't just separate VLANs, but entirely separate physical infrastructure which connects to the management ports of critical equipment. The control network is built to be very redundant, with liberal use of out-of-band (dial-in) equipment. Keeping things secure is non-trivial when you need to connect to equipment that possibly can't connect to its authentication server...managing pre-shared keys across a large estate of equipment and people with good reasons to need access is gnarly.

Alphabet/Google choose not to do this, probably for reasons that make sense in Google's business context. In other businesses, the level of network performance plumbed by Google would lead to pointed questions being asked and high-value long-term contracts being put at risk. There is more to networking than the Internet.

UK's planned Espionage Act will crack down on Snowden-style Brit whistleblowers, suspected backdoored gear (cough, Huawei)

Norman Nescio

Re: An interesting test...

It was, in fact, 51.89%1 of the eligible electorate2 who expressed a preference; or a full 37.44%3 of those eligible to vote. Not 52% of the country. In pure population terms, it was about 26.54%4, but some people were too young to vote in the referendum as they were under 18, and others ineligible because they were foreigners such as those with permanent leave to remain or EU nationals taking advantage of freedom of movement rules within the EU; and still more ineligible by virtue of the fact they were British, but had been absent (non-resident) from the UK for more than 15 years - possibly taking advantage of freedom of movement rules letting them live in another EU country5. The eligibility rules were complicated e.g. Irish citizens resident in the UK could vote, as could citizens of Malta and Cyprus, as those two countries are members of the Commonwealth, but other EU nationals could not.

(1) 17,410,742 - according to Wikipedia

(2) 46,500,001 - according to Wikipedia

(3) 17,410,742 x 100 / 46,500,001 = 37.44%

(4) The mid-year UK Population in 2016 according to the ONS was roughly 65.6 million (Time-series tabular form available here). 17,410,742 x 100 / 65,600,000 = 26.54%

(5)Wikipedia: Eligibility to Vote and Fullfact.org: Who can vote in the EU referendum?

Norman Nescio

Parliamentary vote-tracing in the UK

More details in this The Guardian "Notes and Queries" item here:

The Guardian - Notes and Queries: What happens to the voting slips used in British elections after they have been counted?

Votes can be traced by matching the numbered ballot paper to its similarly numbered counterfoil; the numbered counterfoil also bears the voter's registration number from the electoral register which is hand-written by the Polling Clerk when the ballot paper is issued. As all the ballot papers for each candidate - including fringe candidates such as Sinn Fein, communists, fascists, nationalists, etc. - are bundled together, anyone having access to those documents can speedily trace the name and address of every voter for such candidates if they wish.

The issue is not whether or not the stories are false, but the system of numbering ballot papers in parliamentary elections allows people to give credence to such stories whether they are true or not. It is important that elections are seen to be anonymous, and anything that disrupts that appearance is unfortunate.

Pushed around and kicked around, always a lonely boy: Run Huawei, Google Play, turns away, from Huawei... turns away

Norman Nescio

Other options

Sailfish has already been mentioned, which I've duly upvoted. I use Sailfish OS on a Sony XA2 as my daily driver. It is not problem-free, but good enough for my purposes, and your use-case may differ. For example, I have not enabled the Android compatibility. Obviously, for most people, the ability to use either Google/Android or Apple/iOS apps is a necessary requirement, and I have no quibble with that.

There are some other (smart)phone operating systems floating around, including plain old GNU/Linux, but they will take a bit of time to polish up and also, dare I say it, have a monetized walled garden/prison of an app store created. Observers of Google's strategy on Android will have seen that the ecosystem is dependent on the non-free Google Play Services, as this episode shows - and that Google will be able to dispense with the Linux kernel once they can slide Fuchsia into the bottom of the software stack in place of the Android Linux kernel, enabled by Project Treble's hardware abstraction. Linux proponents like me may hate it, but I can easily see Google moving from being one of the biggest enablers of Linux on the planet to being the biggest threat as all Google-phones run Fuchsia in future, and apps (such as banking) expect the Google Play Services to run on top of (locked-down) Fuchsia only. As someone who supports software freedom, to me the future doesn't look great. I would dearly love to be wrong.

Any replacement for Google Play Services that Huawei come up with is certain to be Chinese government approved, so is unlikely to respect your freedoms, so even if Huawei do continue to use a Linux kernel in their products, I do not expect the ecosystem to be FLOSS and privacy-respecting. The security and intelligence services of most countries are not in favour of the general population having access to secure, private communications methods, for a variety of reasons. I do not expect the situation to get better quickly, if at all.

'Software delivered to Boeing' now blamed for 737 Max warning fiasco

Norman Nescio

Re: Proper Certification

The Stock price would have suffered accordingly and the PHB's in Seattle would not want that to happen now would they.

The PHBs are in Chicago, not Seattle these days.

Harvard Business Review article on the move, which took place in 2001.

Canadian woman fined for not holding escalator handrail finally reaches the top after 10 years

Norman Nescio

Must use the handrail...

A certain imperial chemical industrial company I used to work for tried to impose similar must-use-the-handrail rules for employees going up and down stairs. Not holding onto the rail was a "yellow card" offence. (Seriously- all employees were expected to carry a yellow card around with them and shame their colleagues, referee-style, if they spotted them breaking such rules).

Hmm. When I was younger and fitter, I discovered the fastest way down a particular set of stairs was to leap from landing to half-landing, using the handrail as a fulcrum and fixed point to regulate my speed, then half-landing to the next floor and so on. (This was before parkour became well known). I certainly used the handrail, but none of the individual steps, and would, presumably, have complied with the letter of corporate diktats to 'use the handrail'.

Problems ensued if I unexpectedly met people coming up the stairs. Good 'situational awareness' was required.

I would do myself a permanent mischief if I tried to do it now.

Apple disables iPad for 48 years after toddler runs amok

Norman Nescio

Re: Three year olds can't read

However I think her misspelling of sulphur on a poster presentation was more due to her post-doc supervisor than dyslexia.

I'm afraid to say the spelling mandated by IUPAC is sulfur. This article elucidates: Nature Chemistry:So long Sulphur

The recommended spellings of the names of the elements in English are contained in the 'Red Book' published by IUPAC, in Table 1 beginning on page 248 IUPAC:Red Book. Note the recommended spellings of aluminium and caesium, with aluminum and cesium as allowable variants. Sulphur is not an allowed variant.

BT Tower broadcasts error message to the nation as Windows displays admin's shame

Norman Nescio


The one that always signals that my day just got much worse is:


grub rescue>

Is even worse.

From the grub prompt, from memory, I can find where the PC thinks its disks are, set the video mode, load the necessary modules (encrytion, lvm, various filesystems). set up the correct initrd and compressed kernel and light the blue touchpaper. You even get tab completion.

From 'grub rescue>'...[crickets]

...Well, not exactly, but no tab completion; and an even more stripped down experience. But it is still luxurious compared to an EFI shell. The days when I could type in the hex address of the base of boot ROM and hit Go are long gone.

RoCE or roll in the general, er, Vcinity: Thousand mile-plus RDMA makes remote editing seem local

Norman Nescio


the ... solution allows video producers to edit remote content across any distance as if it were local to their desktop.

"Editors are no longer required to replicate content at multiple locations, avoiding redundant copies of the content, leading to dramatic storage efficiencies as well as improved control and security."

Rant mode on...

Sigh. Let's put the remote content on Mars shall we. Or even 'just' the Moon. Round-trip delay kills anything interactive. I think the cut off is around 100 ms, but this stackoverlow question and responses goes into detail: stackoverflow:What is the shortest perceivable application response delay?

What this means is that if the RTD needs to be about 100 ms, then speed of signal propagation (usually light in optical fibre) limits the maximum distance from client to server. If you ignore any processing delays, then the signal in an optical fibre travels at approximately two-thirds the speed of light in a vacuum (it is dependent on wavelength and type of glass, by 2/3 is close enough for a rule of thumb*.), so the maximum distance between the client and server can be before the lag is noticeable is the distance travelled by the signal in 50 ms. Light travels at near enough 3x108 metres per second, so 2/3 of that is 2x108 metres per second, or 2x105 metres per millisecond, which means we are looking at 50x2x105 metres, or 1x107metres, which is 104 kilometres. 10,000 kilometres seems a lot, and is fine for editing within (say) the continental USA, but if your data-centre is in say, Houston, and your video editor is in (say) Soho, the great-circle distance between those two is roughly 7800 km - and optical fibres don't follow great circle routes, and we have not accounted for application processing delays.

If the editor is in Seoul and the data centre is in Houston - great circle is just over 11,000 km, so your latency budget is already overspent. The application will be noticeably laggy.

So yeah. Impressive throughput. Full marks for that. Overblown marketing - 'any' distance. Only sad geeks like me take notice, and are generally not listened to when the big boss decides they want to spend big money on this wunnerful noo system. Video editors get dumped on, having to use a crap new application. My understanding is that bad things happen when you bugger up a creative's workflow.

And breathe.

*Financial market traders are willing to pay a lot of money to have their data routed by microwave instead of by optical fibre, as the signal propagation of microwaves through air is slightly faster than light through optical fibre, giving them a few milliseconds advantage on long connections.

As Red Hat prepares to become part of Big Blue, its financials look as solid as Linux kernel 2.4

Norman Nescio

Culture assimilation

It will be interesting to see how things go regarding the assimilation of Lennart Poettering into IBM. Few companies make good on the promise of the continuing independence of recently acquired divisions, so unless Mr Poettering's behaviours are compatible with IBM's culture, I would expect a parting of the ways at some point, especially as I regard it as unlikely that he would be willing to make significant changes in his personal deportment to suit IBM. Similar considerations apply to other well-known personalities in Red Hat, such as Kay Sievers.

We live in interesting times for the future of the Linux software ecosystem.

Click here to see the New Zealand livestream mass-murder vid! This is the internet Facebook, YouTube, Twitter built!

Norman Nescio

Re: "How many people when they drive past a road accident can't resist rubber necking"

It's true that people like watching bad stuff happen to other people. Getting a good look at something awful. Russian car crash dash cams are all the rage on YouTube. I dunno if that's possible to stop, or even a good thing to tackle.

I went through a (short lived) phase of looking at dashcam videos of car accidents because I was trying to improve my driving skills, and thought that looking to see if I could anticipate the accidents might help me in general driving.

I learned a couple of things: firstly, that some accidents 'came from nowhere', and were unanticipatable; secondly, that a small proportion of the videos showed accidents where people would have at least had life-changing injuries, and quite possible killed. I found the latter quite disturbing, although I realise some people are disengaged enough for it to be entertainment.

So I think there is a place for curated/moderated/censored dashcam videos for driver training purposes. My personal view is that seeing videos of real people being injured or killed and treating them as purely entertainment is flawed. Hollywood movies and video games, however gory, are for entertainment, and we know, at some level, that they are not real. Seeing real people's lives destroyed as merely entertainment strikes me as wrong. Perhaps other people can make a reasoned argument why unfettered access to such things is good, but I will admit, my gut reactions would make it difficult for me to agree. Perhaps I am flawed, but I hope that most people would agree with me.

Of course, the devil is in the details: who controls access and decides what is forbidden or not? I have no simple answer, but fuelling idiocy and hotheadedness strikes me as unwise. I hope cleverer people than me come up with a solution.


Sure, we've got a problem but we don't really want to spend any money on the tech guy you're sending to fix it

Norman Nescio

Re: Moving countries but no-one knew

caught a taxi back to KL (fell asleep again), showered at the hotel again, went to the pub, met a lovely young lady i spent the next 3 months romancing, and promptly went to bed.

Hmm, my dealings in KL were educational, with the local expats taking me on a tour of the more 'interesting' nightspots, and providing tips on how to spot the ladyboys. I was half-expecting your tale to have a surprising conclusion.

One of my (long) trips to KL was pretty much a wash out as the IT manager for Asia region did not understand the concept of network latency and why character-oriented applications developed on VAXes that assumed/relied upon remote-echo didn't work very well on long (international) network connections*. Unfortunately the fix was not simply turning on local-echo on the terminals. He simply could not or, perhaps, did not want to understand why the IBM 3270 block-oriented terminal based applications worked fine when the character-based terminals (with remote echo) didn't.

*It did not help that the aforesaid connections were 'capacity challenged'.

How to make people sit up and use 2-factor auth: Show 'em a vid reusing a toothbrush to scrub a toilet – then compare it to password reuse

Norman Nescio


2FA is great in principle.

In practice it is not the use of 2FA that is the problem, it is the ancillary activities, for example:

1) How do you ensure you have a trustworthy 2FA device? What process should you follow in obtaining one to ensure it isn't bogus, loaded with hacked firmware, has a borked RNG etc?

2) Once you have a 2FA device, what do you do if it breaks, gets lost, or malfunctions. How do you know it is malfunctioning?

People pretty much know what to do with passwords, but the understanding around the use of 2FA devices is far less prevalent. It's just another electronic doodad that can break, or get lost. Should you let someone else have possession of it temporarily? Can you safely send it in the post to someone? Can two people share one? None of these are questions that security professionals have a problem with, but your average end user generally has a far better understanding of the issues surrounding passwords than they do of the (potential) issues surrounding multi-factor authentication.

The fun starts when your vague and slightly forgetful relative puts their security token through the washing machine for the third time in six months and can't pay their bills until the bank supplies a new one. Or, perhaps they've encrypted some important documents and the decryption key was stored with no backup on a device that has just failed (because it went through the W/M, again). At least passwords are easy to copy and the copy can put put in an envelope and stored in your lawyer's safe, or a bank safety deposit box. I have enough trouble with someone who has no familiarity with technology, and for the life of them cannot remember the difference between the Windows logon password, the WiFi password for their home network, and their GMail password. I will need an entire pantheon of divine helpers if they are ever forced to use multi-factor authentication. It is absolutely no surprise that the take-up of multi-factor authentication is so low.

Demand for HP printer supplies in free-fall – and Intel CPU shortages aren't helping either

Norman Nescio

Most expensive thing on earth, by weight?

*For those that don't know I believe botulism toxin to be the most expensive thing on Earth by weight, after HP ink.

Botox is supplied in 100 unit vials, but the unit is defined by biological activity, so somebody had to go off an measure by other means just how much of the botulinum toxin there is in a vial of Botox.

The answer is here: Content of Botulinum Neurotoxin in Botox®/Vistabel®, Dysport®/Azzalure®, and Xeomin®/Bocouture® - Drugs R D. 2010 Jul; 10(2): 67–73.

Results: Overall, the mean concentration of BoNT/A neurotoxin in Botox® was 0.73 ng per 100 unit vial (coefficient of variation [CV] = 3.5%)

Cost price of Botox is about 550 USD per 100 units, so if there is 0.73 nanograms per 100 units, that's about 550 USD per 0.73 nanograms, or roughly 750,000 million USD per gram.

Fairly high up on the scoreboard for the most expensive stuff by weight would be the Technetium isotope Technetium-99m used in medical imaging, which has a very short half-life of about 6 hours. As a result, it is produced on site from generators from a slightly more stable radioactive element, Molybdenum-99 (half-life of about 66 hours). These generators are sometimes called 'moly-cows' because they are 'milked' for Technetium-99m.

The molybdenum-99 used in the generators is priced at (only) about $46 million per gram - or roughly 4.6 US cents per nanogram.

National Research Council (US) Committee on Medical Isotope Production Without Highly Enriched Uranium. Washington (DC): National Academies Press (US); 2009. Chapter 6 - Molybdenum-99/Technetium-99m Production Costs

At the National Nuclear Security Administration (NNSA) and Australian Nuclear Science and Technology Organisation (ANSTO) conference in Sydney in December 2007, a representative of ANSTO informed the participants that a gram of Mo-99 was “worth” (i.e., could be sold for) about $46 million. Assuming a specific activity for Mo-99 of 4.8 × 105 Ci/g, a curie of Mo-99 is worth about $96 and a 6-day curie is worth about $470. This selling price is just over twice the average cost of production that was estimated by the committee.

One click and you're out: UK makes it an offence to view terrorist propaganda even once

Norman Nescio

Obligatory Ayn Rand quotation

“Did you really think we want those laws observed?" said Dr. Ferris. "We want them to be broken. You'd better get it straight that it's not a bunch of boy scouts you're up against... We're after power and we mean it... There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens? What's there in that for anyone? But just pass the kind of laws that can neither be observed nor enforced or objectively interpreted – and you create a nation of law-breakers – and then you cash in on guilt. Now that's the system, Mr. Reardon, that's the game, and once you understand it, you'll be much easier to deal with.”

Atlas Shrugged

Perhaps someone responsible for directing the production of text by the law drafting bits of the civil service has been reading too much Ayn Rand.



Biting the hand that feeds IT © 1998–2020