* Posts by Paul Powell

44 publicly visible posts • joined 5 Dec 2008

US military gives NASA two better-than-Hubble telescopes

Paul Powell

It's a gamble but...

Why not make this the payload on the falcon heavy test flights? In terms of personnel - why not sell time on it to universities around the world and use that to pay the tech staff?

SpaceX Dragon SPLASHDOWN in Pacific! Private space triumph

Paul Powell

Well, I could go on about the tech detail, but the exciting thing it is exactly like the 60s! Develop a new rocket design from scratch in 7 years, getting it man rated, talking about trips to Mars - the 60s rocked for space innovation and so does this!

Basic instinct: how we used to code

Paul Powell

Anyone else notice the racial slur?

The towers of Hanoi text declares the program to be "velly velly good" - days of innocence indeed

Employers' group: New comp sci GCSE driven by vendor agenda

Paul Powell

Hang on - isn't this just FUD

With no specification to refer to this is a concern about what might happen - i.e. not news but a group that is using the news to get its oar into a discussion. Given that many of these organisations are still on IE6, have huge paper based systems and over run IT projects failing to replace them at vast expense I'm not sure that I'd want their input.

If you take a look at AQA's recently released specification for GCSE computer science it leaves the technologies up to the schools. (spec here: http://web.aqa.org.uk/qual/newgcses/ict/computer-science-overview.php)

This specification IMO is exciting, strikes a good balance between theory and practice, and will probably produce a generation of students who will think of a computer as able to do something more than making paper documents pretty.

HTC One X Android smartphone

Paul Powell

Re: How come

not to mention Christianity

Space probe in orbit above Mercury sees signs of polar ice

Paul Powell

What's with the tortured acronyms?

Once upon a time they named space missions to be mythic (Mercury the swift messenger, Gemini - the twins etc) then they transitioned with Apollo (both mythic and the acronym "America's Program for Orbital and Lunar Landing Operations") and gone further into contorted acronyms ever since.

Why not just name it something and have a separate description rather than a painfully contrived acronym that gives very little understanding...


Binned PCs were stuffed with MoD and Sun staffers' privates

Paul Powell

Once is enough

Just overwrite the drive once with zeroes using dd and it'll be fine for anything below top secret or the recipe for coca cola.

To get round that would require such a ludicrous amount of effort as to never be worth it - or to put it another way, it'd be a lot simpler and more reliable to stage a break in and steal the disks before you wipe them...

Windows 8 ribbon entangles Microsoft

Paul Powell

The ribbon is mostly a good thing

Most people in business have not the slightest idea how to use 99% of the functions in MS Office. This wastes a hell of a lot of time and effort. With the ribbon I've noticed that my users are finding some of the more interesting functions.

If I had given them the option they would initially have stuck with the menus and continued to not use 99% of the functionality. Now they use about 5% - well, you can't have it all can you!

Crypto shocker: 'Perfect cipher' dates back to telegraphs

Paul Powell

OK - this is how a one time pad works

The one time pad IS inherently and provably unbreakable (properly implemented of course). There is obviously some confusion about this:

A one time pad is pre-shared encryption key that is used for only one message and then discarded. The key is of at least equivalent length to the message. Each letter in the message is shifted by the amount suggested by the corresponding part of the key. The key must be properly randomly generated.

Frequency analysis will not work as every instance of each letter is shifted by a random amount. Because the key length >= the message length there is no repetition of the shifts to attack. In the same way the discarding of the key after one use prevents analysis over several messages.

You could try every key combination - but that would just yield every possible message of equivalent length with no way to distinguish the right message - i.e. for a 17 letter message you would have all of the following decrypts:





etc etc.

To put it in context:

A simple shift cipher (ROT 13) is attacked by trying all the values to shift by

A Caesar cipher can be defeated by frequency analysis

The Spartan cipher rod is a transposition cipher and can be broken by putting the code into various tables

Polyalphabetic ciphers (using a different cipher alphabet for every nth character) are vulnerable to frequency analysis - but each alphabet needs to be broken individually.

Machines like Enigma change the cipher alphabet for every character, but do so in a pre-determined way given a particular set of initial settings.

A one time pad uses a different cipher alphabet for every character but does so in a 100% random way.

Stieg Larsson: Oxfam's number one best seller

Paul Powell


I work for a charity. Everyone here works for substantially less than charity sector rates let alone market rates. They also work very hard with many doing a lot of unpaid overtime. I think you're probably slighting a lot of people who work in the charity sector and make a real difference.

People seem to have this silly idea that charities should all be run by OAP volunteers and spend nothing on administration. Why is it silly? because they also want the charity to be effective, efficient, and accountable. That means a heck of a lot of administrative work. Small administrative costs, effective, fully accountable - choose two!

An example - I get people telling me that we should use email rather than print media to communicate with them because it's cheap. I guess that's because they have an experience of sending *an* email. What they don't get is that you have to send someone out to do the interviews, send someone to get the photos. Because some people don't want email we need to get a designer to put the thing together. We then also need to pay the printer and the mailing house - which with bulk discounts cost virtually the same amount as before. I then have to adapt that content for email and send it via a bulk mailing service. You can't send it through outlook as bulk mail gets rejected as spam if you do.

I can give a hundred examples of such complexities and get fed up when people moan about this stuff with no idea of what it really involves or costs to get things done.

I agree with senior executive pay being an issue (it isn't and issue here mind) - but you have to pay people a living wage - they do skilled jobs.

Microsoft floats 'site-ready' IE10 preview

Paul Powell

The big install issue

If firefox could be bothered to build an MSI installer, and release an adm pack to be able to configure FF installations then I'd consider it as an option. Chrome is just as bad.

The main issue is keeping the damn things patched across the organisation.

If there was support for Chrome and Firefox I'd add it as an installable option via group policy.

And yes, I do know that there is 3rd party msi support, and that there are adm files out there - but really, it wouldn't be so hard to maintain the msi and adm as part of the regular build.

Cloud no cure for IT department haters

Paul Powell


What you have there is a shambles, not an IT department.

If you want good IT then hire two people - one who is a technical whizz with a proven track record and one who gets on with the technical whizz but has business sense and can talk to management. Then give them what they need - mostly budget, staff, a strategic voice, and free pizza.

Quantum crypto felled by 'Perfect Eavesdropper' exploit

Paul Powell

Actually to be totally secure it's neither

Technically the Quantum Key Distribution enables the distribution of a one time pad.

Symmetric keys* and asymmetric keys indicate encryption methods that are both vulnerable to cryptanalysis - i.e. you can crack the message without knowing the key, or you can guess the key from the message.

A one time pad uses a random key at least as long as the message. As long as the key is truly random this makes the message totally uncrackable without the key. You can try every possible key, but this will reveal every combination of characters of the same length as the message.

Of course due to the one-time nature of a one time pad key distribution becomes the biggest problem and weakness. QKD essentially strives to solve this problem, implementation issues aside.

Of course for plebs like us we just have to be happy with unencrypted records secured in a public train carriage without an attendant civil servant.

*yes a one time pad is a symmetric key in terms of the same key is used to encipher and decipher the message, but it is used for a single message and then thrown away.

Nintendo: no DVD, BD playback for Wii U

Paul Powell

Fixed Vs Variable costs perhaps?

Developing a new format is a fixed cost, whether you produce one thousand or twenty million devices the cost of developing it remains pretty much the same.

Licensing is a variable cost scaling with the number of consoles sold, and in all probability the number of game discs sold as well.

At small scales licensing makes sense. At large scales it only makes sense if the licenses are dead cheap or if you don't have the capital to develop your in-house system in the first place. This is pretty much the same argument as Google developing and producing its own network kit rather than using off the shelf stuff from Cisco or similar.

Incidentally I would say that this also applies to hosted services via the cloud. Setting up your own in house servers makes no sense as long as the fixed cost is high and the number of users low. Once you grow above a certain number the reverse is true.

HTC Wildfire S Android smartphone

Paul Powell

You should know this about it

The "S" phones have a signed bootloader which makes it currently impossible to root this phone without a hardware device to turn the security off.

ICT classes in school should be binned – IT biz body

Paul Powell

It's the marking that's the problem

In order to enforce a curriculum and have measured 'standards' ICT (or cumputer studies as it was in my day) is getting killed.

The reason a class is asked to turn in near identical posters is because that's a lot easier to compare, mark, and show that we have reached a standard.

Children then become like dogs doing tricks - with little comprehension of why except they get a treat of approval at the end of it.

I wouldn't mind the MS Office stuff as people desperately need educating. The problem is that it is stuck in the 90's teaching bold, italic, underline, and font sizes rather than styles which amount to semantic markup. In excel people really need to understand how to construct a formula that matches a given equation. They need to understand how to aggregate data, use pivot tables etc. These are the things which will make you an invaluable employee.

Scientists reveal eight-legged Jurassic beast

Paul Powell

Who wants pictures for the goliath spider then?

Google image search for "Goliath Spider":


can you not resist? Don't blame me!

Radioactive Tokyo tapwater HARMS BABIES ... if drunk for a year

Paul Powell

The limit is in Bequrels per litre - not an absolute amount

Title says it all

Moving to Windows 7: Is it worth it?

Paul Powell

Easy solution

The up button was removed because the path is clickable to go up a single level or multiple levels at once - hence the last but one clickable element in the file path is the up button.

Endeavour crawls to Kennedy launch pad

Paul Powell

Or maybe, just maybe

What the hell is wrong with 1 Gigabyte per second?

it's like saying that a car was travelling at a speed equivalent to a cycling 100 miles in an hour

Traffic-light plague sweeps UK: Safety culture strangles Blighty

Paul Powell

Er - no

The judgement you have posted clearly refers to someone who is "Walking across a pedestrian crossing pushing a bicycle"

That does not broaden automatically to "anyone pushing a bicycle is a foot passenger". It's even qualified with "having started on the pavement on one side on her feet". How would that ever apply to someone who is starting on the road?

Flash drives dangerously hard to purge of sensitive data

Paul Powell

Surely it's about appropriate measures?

Your security is only as good as it's weakest link.

When I decommission HDDs I wipe the drive with random data, take it apart, score the platters, take them out, dispose of the electronics separately, and then if I don't need a new coaster I use a pair of pliers to bend the platters.

It's possible that someone could still get data from that drive - but really, how much effort would that be? How much would that cost - just following the tracks round a warped surface that you could never flatten would be bad enough.

It would, I suggest, be much cheaper and easier to break into my office and steal the HDDs from the running servers, or to hack in.

On the other hand if you carrying missile plans etc then your office is probably more secure than most. In that case, destroy it. utterly.

The thing is that most data loss (at least that which we hear about) is due to leaving unencrypted devices on trains or sending CD's through the post, or selling on old PCs without making sure that they are wiped first. Flash drives don't get decommissioned - they get lost.

All this making sure there are no large chip fragments is rubbish except for the highest grade - if you have broken the devices electronics then you've eliminated all except those that are prepared to solder. If you break each chip then my guess is that you'd need some pretty hefty hardware along with some dedicated boffins and a large payroll to get anything out of it.

Anyone got an idea of the technique, an approximate price list for the equipment?

Anonymous hack showed password re-use becoming endemic

Paul Powell


The salt is combined with the password before hashing. You can store the salt in plain text in the table next to the password hash (one for each user).

When a user enters their password it gets combined with the salt and then hashed. If it matches the hash value then the user is let in, otherwise no. This defeats rainbow table attacks which look up the hashed password in a large database of password hashes.

The only advantage I can see of concealing or encrypting the salt is that someone can attempt to break each password one by one to get back to the original plain text - this however is infeasible and is the reason people started making rainbow tables in the first place.

If you put the salt if first the position is never given away as the entire hash changes with just one character different in the salt. Putting it in after is just obfuscating the hash and is easily crackable.

By the time someone is using rainbow tables you can pretty much presume that they have your entire password file/db, any web code, and anything else in your back end database - otherwise what is the point of using them? This means that they already know where you put your salt (it's in the code after all). They already know what your 'secret' salt is as well.

If you have put in the salt after the hash then you'll need to go back and look at that...

Hashing passwords is not security through obscurity - it's a peer reviewed open technique that is mathematically proven (given the absence of Quantum computing and that P=NP is not true)

No wonder CompSci grads are unemployed

Paul Powell


This article opens with a comment about algorithms, but then goes on to discussing programming languages. Programming languages and the relative usefulness and popularity thereof are not what computer science is about (or at least wasn't when I got taught).

Programming languages are merely instances of programming paradigms (of which I learnt several). Algorithms span languages (and most of the time paradigms). Most real world problems can be reduced to one or more well understood algorithms. Each of these algorithms offer different overheads. All of this can be worked out without ever turning on a computer.

What the author seems to be complaining about though is not people merely missing this knowledge (and a lot are missing it). He seems to be complaining about the lack of ability to apply this theoretical knowledge, and the lack of experience of mucking about with computers just for kicks.

I don't blame the universities for that - I blame the sealed slick computer experience that is Macs, Windows, Facebook, Google etc. It is entirely analogous to the mechanical knowledge that is disappearing due to cars being only fixable by the garage, and consumer electronics so cheap that there is little point finding out how they work. If a 9 yr old knows how to program then good on em, but the days of the bedroom programmer are gone.

Branson 'spaceship' successfully falls off mothership

Paul Powell

Spaceships, orbital and sub orbital

This is just a re-run of the old confusion about Alan Shepard being the first American in space (in a 15 min sub orbital hop very similar to Virgin's plans) and John Glenn being the first American in orbit (what people today think of as being in 'Space'). Sub-orbital was also all that was needed to secure the Ansari X-Prize

Its a smart plan - book up the sub-orbital schedule with early adopters and get your foot in the door, make a shed load of money and then use it presumably to develop orbital capability and charge all the early adopters again. Meanwhile the now well tested and streamlined sub orbital model can be punted to the well off rather than the super rich. Just like DVD and Blu-Ray!

Grocery terminals slurped payment card data

Paul Powell

If I were attempting this...

I reckon sending a new terminal direct to the store with a note from the bank would probably do the job, perhaps an advisory faked email two weeks before...

Supercomputer geek builds Cray-1 around home PC

Paul Powell

Running speed of the colossus

From http://www.picotech.com/applications/colossus.html

"Design of Colossus started in March 1943 and the first unit was operational at Bletchley Park in January 1944. Colossus was immediately successful, and the Colossus – Tunny combination allowed ‘high grade’ German codes to be decoded in hours. This proved immensely useful during the D-Day landings. The parallel design of Colossus made it incredibly fast even by today’s standards, a modern Pentium PC programmed to do the same decoding task taking twice as long to break the code."

So that seems like it was from the late nineties. Processor speeds should be at least 64 times faster by now, along with significant speed increases in other areas.

Having said that, I don't know if the poor old pentium was given a crib, or if it just had to chew through the whole lot. That all said, I think it's feasible that the Cray-1 could still give a modern pc a run for it's money in certain operations.

You can't know it all

Paul Powell


I agree, and yet just because there are many valid ways to accomplish something that doesn't mean that there are none that are just plain wrong in any set up. The criterion for me comes down to does it work reliably and accomplish what it's meant to without exposing us to serious risks of data corruption or security breaches. If yes then we can have a polite discussion about whether it is the most elegant, efficient etc solution possible. If no then it's wrong and needs to change.

Mozilla and Opera call for Google open codec in HTML5 spec

Paul Powell

Patents just suck!

Petty minded suits stopping the adoption of the best technology for the situation. Sucks.

Watched an interesting documentary the other day on the humble shipping container (no, it was interesting). The inventor gave royalty free patents to the industry so that everyone could use the same containers with the same locking mechanisms etc. Imagine how world trade would suffer if each company ran their own dock with their own container mechanisms, with their own lorries. Or if each dock had to have a specific crane for each container type.

But no, the suits sit there with their DVD region codes, content scrambling systems, proprietary codecs, and frickin iTunes stores all trying to monetise their little slice of the net as if it were a fixed product. Instead they could be putting together infrastructure that would allow completely new levels and new types of industry to form.

Google: Street View spycars did slurp your Wi-Fi

Paul Powell

Don't see a problem

I appreciate that there may be laws against this - but I still don't see an issue.

Using open WiFi is like sending a postcard - also a point to point system. I wouldn't write anything on a postcard that I didn't want a postman to read. For that matter, sending email is exactly the same - it'll probably go over several servers with data being logged. The difference is that Google was purposefully looking from the outside I guess. Still, http traffic is routinely stored and inspected by your ISP, the web host you are browsing to, and any number of analytics companies. People get outraged, but if they only knew the amount of data stored on them this'd pale into insignificance.

The practical upshot is clear - there are widely implemented, widely available, well documented ways to secure your communications. If you don't use them then you are liable to be listened in on.

Exam board deletes C and PHP from CompSci A-levels

Paul Powell

Problem is people treating programming as a subject

This is an A-Level in computer science, not a vocational course in programming.

I learnt Pascal at A-Level - and it was great for learning about ALGORITHMS. Algorithms is what Computer Science is fundamentally about. Pascal is perfectly adequate for teaching this, whilst hiding some of the complexities of C (strings and pointers I'm looking at you).

At degree level I did more pascal - this time looking in more depth at algorithms with more complex data structures (trees etc). Only in my second year did I touch C, but armed with a trusty K & R it didn't take me long. I also did modules on Functional programming, predicate logic based languages, and object orientation. So that's four different paradigms, two of which are rarely used in industry. Practically all the rest of the course was algorithms and concepts. Why? BECAUSE IT'S COMPUTER SCIENCE!

If you can't pick up a manual and get up to speed quickly I would question whether you had learnt anything about computer science at all.

How a Tory gov will be the most tech-savvy in history

Paul Powell

too many twits make a tw*t

I think David Cameron had it right.

I wish that this story was an April fool somehow held up in the El Reg approval queue. Anyone out there welcoming our new numpty overlords?

Android - the winning formula for tablets and netbooks?

Paul Powell

How about this as an idea

I want a phone with a fast processor - fast enough to be a netbook

I want it to be the size of a normal phone

I want to be able to plug it into a monitor, lcd tv, or even a pad like screen that I an carry with me if I need to do extensive work.

I want to be able to plug in usb devices

I do not want to carry around my computing world on two different devices, both of which I have to keep in sync with a device at work and a device at home.

Now as for toddlers being able to play with iPads, and other comments about things just working with apple - fine, go for it, revel in the sandbox of your closed system and throw your cash at people who get things to work for you in a way you can understand - this is your choice.

Don't however deride those who want more control, who are interested in what lies beneath. This is exactly the kind of person that is making your iPad work for you, or your networks, or your latest downloaded app.

Rom-coms, period dramas are rubbish: Mathematical proof

Paul Powell

Compelling != Good

I admit it, I have a 24 problem. I start watching a box set and it robs me of my sleep, makes me irritable, and here is the shocker - it isn't that good. I don't savour an episode, I wouldn't watch one twice, I just want more.

Most modern action movies / TV shows are like crack. You get gripped, you get your fix, you forget about it and go after the next one. It's an addiction pattern, not one of appreciation.

Linux coders do it for money

Paul Powell

Er - no

75% of fixes being contributed being from paid coders does not automatically equal 75% of coders being paid unless all coders contribute an equal amount.

It seems to me far more likely that the paid coders can contribute all day every day and so contribute more code.

Nexus One bits and bobs cost $174

Paul Powell


OK, so that's the component cost - now add assembly, testing, shipping, support, wastage

I used to work in the gift business and standard mark up was 6x the cost price of the item - that's how you make money.

To be honest I'm surprised it costs so much for the components (although bulk pricing will help a bundle)

Small biz told to sort TV licences for PCs

Paul Powell

Super Secrecy - not

Not one person has, as far as I am aware, ever been prosecuted using evidence from a detector van, nor has a search warrant been served on the basis of such evidence. If they had then the defence would be able to ask for details of how the technology works, and how that establishes proof. Just consider all the protests against wrongful conviction with speed cameras.

Of course the BBC refuses under the FOI act to give out details of the technology, the number of vans, the prosecution rate, or just about anything other than their own FUD.

I did however write to them telling them that I am withdrawing their implied right to access to my property (so they can't even come up the driveway) and to my surprise got a polite letter back from them for the first time ever.

Still, the sooner they remove the wretched licence and fund the beeb out of general taxation the better.

CRB check failures rocket ahead of massive expansion

Paul Powell


CRB isn't a bad idea - just poorly implemented.

Having worked with youth groups, where it saves you is when you have someone enquire, you tell them they need to do a CRB, and then they never get back to you.

systemic and repeated abuse does happen (although not as much as the daily mail would have you believe). It typically happens in high trust situations, and that's the issue. One of the reasons it occurs in faith groups is the high level of trust because of the unspoken assumption of morality.

It's very easy to speak of lives ruined by being wrongly identified on a CRB check. There is a solution to that - get better at running them. As for people trusting the clearance too much - well that is also an issue for doing things better in that organisation. Scrapping the whole thing stops the 10,998,500 checks that were done properly, let alone those who were deterred by the prospect of having to apply.

The scout association has been running checks for donkeys years with a central agency (before CRB they used their own system). They turned down Thomas Hamilton (who carried out the Dunblaine shootings) - not a bad spot that one!

NASA gets cold feet on Moon base plan

Paul Powell


You're probably right about document destruction - but in a way that's the point I was making - from being able to do a suborbital hop to walking on the moon took just over eight years - even with doing all the learning for the first time.

And all of it was done without CAD software, computer simulations, composite materials. It should be a hell of a lot easier now - so what gets in the way?

It does all cost a hell of a lot, but not that much in the scheme of things - as JFK said "A staggering sum of money, but somewhat less than we spend on cigarettes every year"

Still, there we go - perhaps the Chinese will put the American's backs up and get things moving again.

Paul Powell

Surely it can't be that hard? (relatively speaking)

1961 - First American in space, less than a month after Gagarin

20 Days later JFK commits to the moon programme. At this stage the mercury capsule is little more than a pressurised bubble on top of a redstone rocket (Basically a Ballistic missile) on a *Sub Orbital* hop.

1969 - Armstrong on the moon - that's eight years and a couple of months (and a hell of a lot of dollars I'll admit).

So then NASA spends years on the space shuttle, space stations etc, and somehow it now takes till 2020. Sure the goal is more ambitious, but with all that learning under their belts what is holding NASA back?

Microsoft's online Office variant preps for business

Paul Powell

Standing up for office

Never thought I'd be the one asking this- but why is everyone so down on office?

My experience of office is that it generally is a good product - the biggest issue always seems to be the person operating it. Why does it do this? they say - well it's because you've not defined this, understood that, and checked this I reply.

It's like complaining that your guitar doesn't work because you can't get the tunes to sound how you want. Well, either skill up or go buy Guitar Hero, or a CD. What is it with people wanting tools to be versatile, professional, etc AND so easy you can use them without learning how, or even thinking in some cases.

For doing lots of little bits of one off data manipulation Excel is totally weapon of choice. With VBA office lets you do practically anything. Most people complain because what they want is a tool somewhere just above wordpad and a calculator.


Channel 4 fails to open archives to Mac, Linux fans

Paul Powell

TV License

There is enough FUD spread about the tv licence by TV Licensing - here is the authoritative answer:


You only need a TV Licence to get programmes whilst they are being broadcast.

Also, check out this site: http://www.bbctvlicence.com/

Debt collection can be harassment, rules court

Paul Powell
Thumb Up


Please somebody prove this against TV Licensing!

Israeli Linux fan squeezes Windows refund out of Dell

Paul Powell

Cans of beans with sausages

If a can of beans with sausages in it came with a bit of paper saying that you could return the sausages if you didn't like them then of course I would expect to be able to return them.

Microsoft has offered a right in it's contract, and so it should follow through. There are enough clauses in a proprietary EULA designed to shaft us - why not take advantage when we can?