Posts by Dr Dan Holdsworth

Re: Minimal Viable Product

The product is a gambling product. It therefore has to behave in a prescribed fashion:

Firstly, on average the House must always win.

Secondly, the game must provide the player with small rewards from time to time, minimising the monetary impact of these rewards. This is to keep the victim hooked.

Thirdly, it must be possible to win the jackpot, just really, really unlikely.

This game erred in that the player was permitted to accumulate money, and given an unlikely set of circumstances could therefore earn a big pay-out. It therefore was infringing the first principle. It also had tediously huge legal disclaimers, which the judge essentially threw out for not being clear enough.

Re: So...

We are still in the "Decide where to go" process where I work.

We are a large education place, and have a lot of dual-boot systems sitting around for students to use as they see fit. We use Scientific Linux for this, and were going to use CentOS right up until RedHat decided to drop that particular bombshell. Now we have to decide which way to go, and Ubuntu LTS is looking bloody good as an option right now.

After all, past behaviour is known to be a good predictor of future behaviour, and RedHat have just gone back on their word big-time. They've done it once, they'll do it again in future. How many times do we want to have the "Which way now" discussion?

Re: Breaking encryption not needed

I know that it can be very tempting to think of the ISPs and the State being some sort of shadowy organisation that is in cahoots to spy on and do down the little man, but quite honestly this is not the case. ISPs are businesses, and as such they have to make a profit. Storing customers' data indefinitely does not give them any profit, so pretty much all ISPs will comply with the very letter of the law and that is all.

They will also have done a quiet cost/benefit/punishment assessment over what the fine might be for not keeping the required records, or having done so on a disk which subsequently turned out to be broken, and so on. Be assured that only precisely one year of data will be retained, and that will be retained on the cheapest, crappiest NAS box money can buy.

I would suppose that the US government takes the same view of the profits from illegal enterprises that our very own cuddly HMRC does, namely that any business, regardless of legality, absolutely MUST pay tax on all profits. Many's the pimp, madame or supplier of illegal pharmaceuticals who has fallen afoul of the government assessing them for unpaid taxes and then claiming these taxes out of their assets.

Re: Never mind all the studies.. here are some to research..

A standard surgical mask is not very effective at filtering out any corona virus (influenza is a member of the corona virus family) normally, but when soaked in a solution of common salt plus a mild detergent like polysorbate 20 and dried again, then something magical happens.

The salt forms a layer on the polyester fibres of the mask. When a micro-aerosol happens to hit such a salt-coated fibre, it sticks and dehydrates rapidly. This deactivates the viruses therein permanently. Thus it is actually possible to make surgical masks into effective anti-virus filters.

That the government hasn't insisted on this is simple: it isn't actually necessary. The point of masks and face coverings are to limit the spread of aerosols; this cuts down the transmission rate of the virus. The infection severity for covid and other similar viruses is dose-dependent; a low amount of virus will cause no symptoms in the majority of cases and give some immunity to future infections.

Most of the deaths from covid have been where the patient has had repeated exposure to lots of virus. This causes more severe infection and much worse outcomes for the patient. This is why the advice is a lockdown, social distancing, and wearing masks to limit the amount of virus floating about in the environment.

As to the future, I do not think that this virus is going to mutate all that quickly. It is an animal virus that jumped species from bats to humans, presumably with one or more intermediates. There isn't the huge biological library of new genes for it to draw on like there is with influenza, which is both a bird disease and a mammal disease, and circulates freely between wild birds, domestic fowl, pigs and humans (all this in China, usually). No, we'll just have the few variants of covid that are about now and nothing much will change, until we sort out a vaccine.

Re: @jake - How was this missed? Daft question.

Actually the lock-making company Masterlock has for a very long time worked on the principle that 99% of the time the people they are aiming to defeat are in fact quite stunningly stupid, and unable to watch YouTube videos on how to pick locks (or, in the case of one especially crap series of Masterlock padlocks, unable to buy a specially designed defeat device).

Padlocks which are nigh-on unpickable do exist; disc detainer locks such as those made by Abloy are well known for being extremely difficult to break, cut, destroy or pick and they are not much more expensive than truly bad designs of lock. It is just that most of the time, a crap padlock will defeat a twit of a thief.

Re: International Recognition

Decades ago at an open day at Aberystwyth University I encountered groups of the local schoolkids (I was a PhD student there at the time). What they spoke was very interesting; their teachers always addressed them in Welsh and they understood this perfectly. In between themselves, they always spoke grammatically correct English.

That is the crux of the matter: languages are for talking to people with, not for distinguishing you from other people with. If a language does not allow communication, then it isn't actually doing what language is supposed to be doing. Thus all this government-sponsored life support for languages is quite likely a waste of time.

Re: Integrate cloud services?

If you think that PhDs are just a way to get more researchers, then there is a huge over-production of PhDs in progress, and always has been. In truth not every PhD graduate will make a good researcher, and fewer still can stand the poor wages and itinerant lifestyle of a pos-doc researcher. The majority of PhDs do that degree, take a look at the job market and head off somewhere else.

It is also a mistake to think of PhDs as super-intelligent rare individuals. Gaining a PhD takes some brains, but most of the skillset is thinking on your feet and sheer, bloody-minded persistence in the face of repeated set-backs. These make for fairly decent IT techies.

This is the classic trick for landing someone you don't like in the smelly. Take a list of, say, people banking with a tax haven that you have managed to lift from somewhere and add a few extra names and details to it. Hey presto, guilt by association, and the reason that American courts use a principle that evidence obtained illegally is inadmissible in court.

Re: Did they actually

The app is reputedly complete crap, with an incomplete and frankly risable codebase. That rather precludes it coming from Sourceforge, since people tend to at least make a minimal effort there to make the thing work.

Then we have the fact that both Apple and Google know that there are a lot of truly crap coders out there, and neither wants their product to be seen as less impressive than the other lot's product. So, both Android and iOS on mobiles have very aggressive cpu and power saving systems in place, to the extent that on Apple devices an app practically has to be in the foreground with the screen active to be guaranteed activity.

Applications made by Google and Apple can run in the background since any product from the OS makers will be very thoroughly tested. So, the Apple/Google covid-19 tracer will work, work well and operate within strict privacy rules since neither really wants to be seen to be touting a privacy-invading infovore product (that's what Google search is for).

Precisely why the UK government is so dense as not to realise this is anybody's guess, but it will cost them and the rest of us dear until the powers that be finally wise up (which, given who we're talking about, may take quite a while).

Re: One would have throught...

One would have thought that after so many repetitions, the UK government would have learned not to try to impose spyware onto people. Especially not battery-draining spyware which has a possible future downside to installing it.

Oh well, seems they just have to learn the same lessons over and over again.

Re: Is this just just another example of the UK wanting to steer it's own course?

No, the situation is not different at all. In both countries you have an infectious virus that spreads through close contact with infected individuals, and the infected individuals can spread virus before clinical symptoms of disease.

The circumstances of transmission are identical.

Therefore, the contact-tracing system needs to be very similar as well.

Re: Factually incorrect

The virus enters cells using the ACE2 receptor, of which men have more than women. Levels of ACE2 receptors vary genetically, and it seems that persons of Asian or African descent have more ACE2 than do the Western Europeans; probably just founder effect more than anything else.

Once in cells, the virus as a side effect of its reproduction causes blood problems. These are exacerbated by conditions like diabetes, high blood pressure and so on (which these BAME minorities suffer from more than do Western Europeans).

Finally, there is a weird oddity whereby nicotine seems to decrease the numbers of ACE2 receptors. Smoking, the primary nicotine administration route, causes circulatory issues so ex-smokers may be less prone to complications from the virus, and active smokers more prone.

Re: Good for data-less phone plans

If you can make a watch or other timepiece, with an e-ink display to reduce power consumption and a Bluetooth proximity detector as described, then this would likely be the most acceptable form of location tag.

It would first of all be useful, so people would have more reason to carry it. It should not have wifi, but should have induction charging. Limit the storage capacity to, say, 30 days max but set a software limit to 14 days initially, and give no way to access the data other than Bluetooth via an authorised (by cryptographic key) Bluetooth station or electrical contacts actually on the device its self.

In other words, you want a tag that is useful and does only the minimum that you want it to do and no more. Possibly a time-signal receiver as well, but definitely no WiFi system.

Finally, make the devices freely available and explicitly permit people to dismantle them, complete with schematics and tamper-evident seals, to see what is inside.

Re: I can relate to this

I've leapfrogged the nicotine addiction and gone straight to an SSRI, by way of propranolol (which didn't work). I dare say I ought to also explore the misty recesses of vapour-delivered cannabindiol as well as nicotine, just to be on the safe side.

Re: Takes me back

Far, far back in the mists of time I was a humble PhD student in a certain exceedingly old research station in Hertfordshire and, one night having signed into the buildings I was going to be working in, went perambulating from Entomology/Nematology over the road to Insecticides/Fungicides.

I let myself in via the outside door, locked but the general key did the trick, and stepped forwards into the dark corridor. I took perhaps three steps, then the next one simply wasn't there.

It was an open manhole, and I was lucky to have been striding forwards, since I fell over the thing and could scramble out again. This I did, and forgot all about whatever research I was doing and merely reported back to Security, reported the accident and handed in my key.

Next morning, instant bollocking from Head of Department. It seemed that Security had quietly doctored the sign-in records so I didn't look to have signed into the second building, thus in their tiny minds making it my fault that I fell down a hole, not theirs for not having barriers up and the door deadlocked.

Re: When I was young...

It's this internet thing, it is simply deadly to everything!

https://folk.uio.no/joakimt/tull/cake.html

Re: Funny...

Birds like wild geese are typically very frightened of weird, fast-moving unidentified things, and a spot of laser light from a nice bright green laser looks to birds like an extremely dodgy thing, especially when the laser is waved around in a threatening way.

Effectively all you need is a fairly persistent and childish individual with a laser to frighten geese all day long, until they get fed up of being tormented and depart for somewhere else.

I rather think that a large amount of hand-waving and systematic bullshit will be used to try to baffle the jury into accepting the prosecution view of things.

Were I in charge of setting up a system to hold secrets, I would make very sure that the security of the system was based around centralised tokens and preferably several separated central token-issuing servers to get into any particular secure vault. I would also try my best to ensure that as little as possible was kept on the client machines as possible, using encrypted network filesystems and encrypted local disks. Thus when I lock out a client, I simply void all their central tokens and force them to re-authenticate to get back in, and with a lower security clearance they aren't going to get at very much. With next to nothing stored on the client machine stealing data is going to be challenging.

The CIA are trying to imply that far from being a masterful agency of computer security experts, they are actually really quite stunningly stupid, and rely on client-side authentication to control access. Furthermore, their client-side tokens don't seem to be time-stamped thus when the accused rolled back his workstation to an earlier version, the changed timestamp on the authentication tokens wasn't noticed! The CIA argument may well be on the lines of "Yes, our security sucks and we trusted a man we shouldn't have trusted, and we may have accused the wrong man, but we're the good guys so trust everything we say whilst we frame this possibly-innocent but very unlovable man".

It will therefore be rather interesting to see how this one pans out; I doubt that the CIA will come out of this one smelling entirely of roses.

Re: Jeez

Really, it should be renamed "Sacculina" in recognition of what it is doing.

https://en.wikipedia.org/wiki/Sacculina

You could always get Richard Stallman to do some backing vocals, I hear he quite likes singing...

Re: The user signals Ballie and it rolls towards him

OK, so the Ballie is a ball-shaped robot with a camera at floor level, looking up. Now, imagine the view it will get if it encounters, say, a Scotsman wearing a kilt in traditional fashion?

No, that isn't an image I'd want broadcasting to the world either.

Basically this thing is a sexual harassment offense waiting to happen. What on earth were Samsung thinking of?

Re: HR is the problem

They get the donkey work of filtering the hundred-odd CVs that most tech jobs attract to weed out the absolute no-hoper candidates. The problem is that HR, whilst trying their best, aren't much good at this and don't quite know how to tell the difference between a crap CV from a superstar and that of an idiot.

The result is that to get to the hiring stage, you have to pass the not-very-good filter system.

Re: When your stomach sinks to your shoes

There are worse things than noisy AC and silent racks. One of these is silent AC and noisy racks, because the blissful silence of the lack of AC is very soon punctuated by screams of panic and the sound of big unix kit being emergency shut down.

Yes, this happened at a site I know of. It is quite an old centre for computing excellence, which once produced a book on why outsourcing was a bad idea right at the same time as an outsourcing attempt was going wrong...

Re: They once claimed...

They have been complicit with the Government in producing the largest tax code in the developed world. The end effect here is that neither HMRC nor the contractors nor anyone else actually understands all of the tax code.

I do believe our very own BOFH had something to say on a topic very like this one:

https://www.theregister.co.uk/2004/03/09/bofh_protecting_bodily_waste/

Re: solution

Statistical testing of people claiming to be electrosensitive demonstrated conclusively that whilst they were not able to tell if a completely blank wifi access point was powered up or not, they did start getting strange headaches whenever the blinkenlights were on...

Re: That's all very well....

If you're cycling, then a few factors do tremendously improve your chances of not getting hurt. Wearing bright and reflective clothing, preferably clothing made to the relevant UK/EU visibility standards (as opposed to what some cycle clothing designer thinks looks good) means that motorists can see you from a long way back. A daylight-rated rear light also helps immensely; these are bright and have an irregular flash pattern to catch motorists' attention.

Not riding like an idiot, not riding up the inside of traffic queues, and not undertaking traffic when it is waiting at lights is also most effective; you're aiming to be seen and not to be annoying. Do that and motorists will be a lot more polite, and politeness all round helps immensely. Where big vehicles are concerned, stay away from them.

The investigation is now dead, and should be stopped immediately. Airport CCTV didn't spot any drones. Airport plane spotters didn't spot any drones. Myriads of tourists with smartphone cameras didn't spot any drones, nor even any flies photographed very close up. Hundreds of highly motivated amateurs and paparazzi with state of the art cameras and very high motivation to photograph drones didn't see any. We haven't even had any enterprising teenager with a mini-drone flying it with the airport in the background trying to claim footage.

Lots and lots of very good witnesses equipped with amazingly good kit and with very strong motivation to get a shot of a drone, and nobody spots a bloody thing.

There weren't any drones.

It was all mass hysteria, on the lines of African "penis theft" panics and the like.

Re: 1 year warranty? I don't think so...

If you're going to buy kit for work use, then there are two routes you can go. Firstly, you buy really good stuff that can be expected to last for ages, like Apple kit used to do (but doesn't any more), or you buy the cheapest stuff you can find that will still do the job intended, in the expectation of a horrendously high failure rate.

Chrome books fall into the latter category, with the added benefit that they have very little user-side storage on board, thus the users have little scope for filling them full of valuable data which they can then lose (forcing the secure encryption of mobile devices is an on-going but necessary headache for us techies).

What you don't want is expensive kit that falls into semi-disposable chrome book territory. The Sale of Goods Act and similar consumer protection laws were designed to cover this sort of thing, so the retailers can expect to be on the receiving end of legal action from customers if this sort of thing carries on (under UK and EU law, the company the customer bought the goods from is liable for sorting out the problems; doesn't matter if they consistently whinge that this is the manufacturer's fault, they have the legal responsibility for sorting out faulty goods sold to customers).

The Home Office has the reputation of being something analogous to the tar-pit of the Civil Service, where the terminally thick are sent to languish until retirement if they cannot be sacked. Thus we have this repeated series of attempts to make the laws of humans triumph over the laws of physics and mathematics.

Once more the same points will have to be made: strong encryption methods exist already in the wild and people know what they are and how to use time. Unbreakable encryption such as one-time pads also exist, and people know that these are unbreakable if used correctly (and thanks to innumerable Cold War spy dramas, everybody knows how to use one-time pads; the clue is in the name).

So, if you try to insert holes into encryption products, people will simply layer more encryption over the top of the leaky product and defeat you.

Re: 'Unlightly' to happen.

Actually, we're steadily heading in this direction already. 2.4 GHz wifi penetrates walls quite well, 5 GHz has better bandwidth but much less range, and 5G mobile telephone signals are even higher frequency and penetrate solid objects even less well.

Skipping a section of the EM spectrum and moving on to near infrared or visible spectrum is just a logical next step, which would once again increase the possible bandwidth and would allow/force more transceivers to be put in close proximity.

Re: RTFA

The original author is clearly a coward, a complete wuss and lacking in the knowledge of the more adventurous chemist. To get rid of things, fluoro-oxy-oxy-fluorine is clearly the best agent going, although a Heath-Robinson contrivance to mix hydrazine and hydrogen peroxide is probably the next best thing.

Re: State sponsored ?

The line is actually "Baht aaht", and given the physiology of the average computer geek, this is actually more frightening still.

Re: Its not the algorithm....

If you are a terrorist and wish to further your cause, then you need to recruit followers. Recruiting followers by definition means talking to people whom you do not know, in an open and entirely clear-text sort of way. You have to have publicity, and it is this need for publicity that enables law enforcement to make a list of potential suspects.

Once you have identified a recruiter and started to analyse the terrorist network, you once again do not need to break their codes. It is nice if you can, but most of the time knowing who is talking to whom is much more use; this again does not need encryption compromise.

Finally, when you have a terrorist network identified, then you will have a network of cells who mostly don't know each other. The thing here is that you don't need to know what this lot are saying to further compromise them; repeatedly getting local law enforcement to pick up key figures and then let them go without charge very quickly is one good way of convincing the rest of the paranoids that their network is compromised and that these key figures are police stooges.

Mostly, you do not need to be able to break terrorist comms to disrupt their networks.