Posts by Grendel

Freedom of Speech?

Thought not...?

I have a use for it!

Will Stanene (Stannene) make the perfect tin foil hat? 100% conductivity = 100% protection from mind controlling death rays and other electrical interference...

Surely it should have been Shatner?

Surely the correct speech would have been:

... "Mars: the final frontier. These are the voyages of the Mars rover Curiosity. Its two-year mission: to explore strange new worlds, to seek out new life and new civilizations, to boldly go where no man has gone before" ...

voiced by William Shatner?

Grendel

PS. Why Paris? Because she probably things that Mars is a chocolate bar :-)

Double standards at the ASA?

Ok, so Carbonite can't claim "unlimited storage", so what about the farse that is "unlimited internet" then Mr. ASA? For years we've had the "unlimited (with conditions)", the "unlimited (with acceptable use)", the "unlimited (unless the ISP doesn't like you)" etc. etc.

Please go sort our ISPs out first - they're a darn site closer to home and affect a lot more consumers!

G

Lets call it STI

Lets call it Square Touch Interface (STI) ... after all from the sound of it, its about as welcome as a dose of clap!

Grendel

Why Paris? Because she probably knows what STI means :-)

The really don't "get it"

Forget the 11+ hours hold time, why do Quantas think that 17 minutes is acceptable as a hold time?

Its utter clap-trap to tell customers that they are "valued and respected" and then treat them with contempt by under manning call centres, rationing resources and making people wait.

If Quantas think that 17 minutes is acceptable then they won't be getting ANY of my business.

Fiasco? What did I do wrong then?

Ordered my N7 from Ebuyer "one of 500 available for pre-order" on 11th July, two emails on 12th July ("payment processed" and "order despatched") and it turned up on 13th...

Excellent service, excellent product and a week early!

Mike

Precisely 20 minutes or about 20 minutes?

To quote " ... which lasted precisely about 20 minutes ... " or was that how long it takes to drag a sheep from one end of the data centre to the other??

G

Time for two"times" ;-)

Strikes me the solution is pretty obvious - we need two "times" and one "interval" (the second):

a) a 'scientific' time that is rigorously defined and that increments at the standard interval - the second - forever and does not have leap-seconds - lets call this "epoc time", and

b) a 'practical' time that is is aligned to the scientific standard, i.e. it uses the same interval (the second) but is adjusted via a local "offset" which provides the local time that we see - the yakns call this "wall clock time".

Leap-seconds are applied to "wall clock time" via the local offset as required to keep the time right (within 0.9 seconds) such that sunrise and sunset work and people watches work.

Important systems such as international telecommunications, computer networks, scientific experiments use "epoc time" and simple humans use "wall clock time".

GPS already does this with its difference between GPS time (1st Jan 1986) and UTC with its "UTC offset". We can reuse this idea - all we need to do is to take the existing unix time_t epoc time, extend it to 64-bits (UINT64) and synchronise it to the 300+ atomic clocks in the world and call this the international standard.

The trick here is to have one internal standard that just keeps counting without interruption and a local representation with is adjusted on use/on display, i.e. on output, without resorting to changing the underlying master source.

unix does it already... can't be hard...

Mike

Phobos-Grunt to hit Cardiff?

Isn't this one for the guys from Torchwood to sort out?

How far can they go before breach of contract?

The real problem is how far they can go before they are in breach of contract? What I mean by this is if I bought "internet access" and then they change it to "crippled internet access" will they let me out of my contract? If they won't let me out of my contract then where's the competitive pressure going to come from? I could end up locked in to a contract for DSL service for a year!

I had an argument a bit like this with Demon internet 6-7 or so or so years ago when they, without warning, blocked ICMP on several of their London DSL nodes (like lon1-aj1c.demonadsl.net) - this really mattered to me because one of the uses of my DSL at home was to monitor services at work. They said they had to "protect their network" - I argued that ICMP is a *core* part of the internet suit of protocols. After some to-and-fro they eventually gave in and let me transfer to Zen internet, whom I am still with ;-)

Competition with strings or with no redress is meaningless in terms of pressure...

Mike

What about the Sheep?

We need to know the distance in that other el-Reg defaco unit of measure... Sheep... if Sheep can be used for height then they can also be used for length (we'll need to know if the sheep are standing or stacked on their side)...

So, what's the distance from Darwin to Adelaide in Sheep?

Mike

Grey mail... I thought this was "ham"?

So, what Microsoft are callsing "grey mail" is actually "ham", as in "here is the ham you ordered, sir"... or to put it another way - one person's spam is another person's ham...

Mike

Luckily the moon doesn't affect radio!

Luckily the moon doesn't affect radio reflections from meteors (strictly speaking the plasma trail from meteors) so if you cannot see much of the night sky you still might take a 'listen' for Perseids...

If you have an FM radio and an outside aerial facing north east through to south east and tune to a quiet part at the bottom of the band (around 87.5-88MHz) you may be able to hear "bursts" of foreign radio stations lasting from a fraction of a second up to 20-30 seconds or so...

Mike

Evidence-based policy-making - pah!

Sir,

To quote you: "...Governments sponsor academics to produce "science" of dubious quality to support conclusions reached in advance, what you might call "evidence-based policy-making..."

Are you sure that you didn't mis-typed this and mean "policy-based evidence-making" ?

Mike

British Rocket Experimental Amateur Space Test => BREAST

After all they did say that "BREAST was BEST"??

Mike

So... anyone can be a criminal and not get their collar felt?

So, lets get this right... anyone can take an piece of electronic equipment and stamp Chinese Export ("CE") on it and whether it passes the required testing or not is irrelevant?

As far as I was aware "... a criminal office is committed if a device is placed on the market or taken in to use [after the proscribed date] that fails to meet the basic protection requirements of the (EMC) Directive".

There is something very dodgy going on here... Ofcom *should* publicly state that XYZ products fail to meet the requirements of the Directive at which point they *should* be prohibited from sale or use *and* Trading Standards *should* enforce it.

Otherwise what is the point of all the legislation, standards, conformance testing and enforcement people? Is this all just some glorious gravy train that actually means NOTHING??

Surely its about time that the BBC, CAA, RSGB, Police, Military and any other stakeholders in the radio spectrum **forced** some action out of Ofcom... perhaps they need a big pointy stick in the form of a judicial review of their (in)actions and failure to enforce law?

Mike

The bigger problem is "passwords" and perceived security

Ok, so we recognise that storing plain passwords is bad or even passwords that have been simply hashed - which are vulnerable to attack.

There are various layers of defence available, such as hashing with passwords with a 'salt' (yes, my comment was generic and doesn't represent the exact recipe we use on any specific system) but better solutions exist - for example maintaining the authentication on separate back-end systems accessed via RADIUS or LDAP.

Personally, I think that the time for static passwords has passed... how many people use the same password on multiple systems? How many people never change passwords? Answer: the great majority of people. Why? Because we're innately lazy! ... and we think security is someone else's problem.

[BTW: how many of the people reading this post have an insecure front door on their house, flat or property?... Brute forcing that old Yale lock is very easy these days... http://en.wikipedia.org/wiki/Lock_bumping or YouTube 'lock bumping'. You won't get in to my castle trying that technique either... ]

The days of the "fixed password" have to be numbered? We need something better and while RSA's Secure-ID looks to have just had a significant compromise of its own recently one-time-passwords (OTPs) have to the the future...

We've just built our own implementation of RFC4226 HOTP and are evaluating it for a client project as the majority of users have Crackberry, Droid or iJobs smartphones and can run a software implementation of OTP so we don't even need a token. For those users that do need a token they can be purchased from China for $8 USD each these days :) Who needs RSA Secure-ID anyway?

Mike

Node really does deliver!

We are using Node.js to deliver real-time web-based resource tracking (vehicle tracking, asset tracking, staff tracking) and mapping solutions to tens of customers with thousands of resources and millions of resource-movements per day on our SaaS service called 'Xlocate' over at www.xlocate.net

We use Node to provide all of the real-time communications between a range of radio and GSM based tracking devices, MySQL databases and client machines usingusing a web-browser and HTML5+WebSockets.

The architecture is real-time being almost entirely event-driven and the applications are developed in Django using model-view-controller and Javascript in the client and comms servers (Node.js).

Our solution is implemented with Dell R210 application servers at the front-ends and medium performance Dell R410/R710 servers for the comms and database have bench-marked our system at over 6000 transactions per second (TPS)... (as long as our clients use Chrome! and not IE9 or FF3.5) ...

We like the event-driven nature of the system, ease of coding/prototyping/test harness building, outright performance and especially the ability to move modules of code between the back-end servers (Node.js) and the client (browser) as the solution develops.

Node.js + V8 really rocks and was a great find for us!

Anyone for Chess?

Anyone remember playing Chess on a HSC50 cluster controller?

Mike

Are they both wrong and does this amount to Computer Misuse?

To me it looks like Google/Microsoft/Apple are wrong in sending 'stealth plugins' - if this is indeed what they are doing *and* it looks like Moz Firefox is wrong to accept/install them without querying it!

However, the interesting question then is if, say, Microsoft do download a stealth update to my computer via this method then are they in breach of the computer Misuse Act (1990) - afterall it means that they modified the contents of my computer without my express permission and while I was using a third-party application, ie. not covered by an M$ EULA.

It would be an interesting one to see argued out in court...

Ideally two things would happen:

1. the website, service or whatever *should* on detection of the need to install a plug-in direct the unwary user to a page that says something along the lines "To use service 'foo' we need to install plug-in 'bar' - click 'ok' to proceed"

2. Moz Firefox should alert and pop-up a message along the lines "Wesbite 'foo' is attempting to install plug-in 'bar' - click 'ok' if you trust this site and want to install this plug-in"

Mike

Shoot themselves in the foot?

As 'Petur' said this is *exactly* the way for Turkey to set back their EU entry hopes another five years!

Grow up and stop acting like a spoilt brat or a country that had its 'god' ridiculed in a comic strip!

If you want to be 'western' you have to accept plurality and freedom of speech.

Grendel

PS. Why Paris? Well she would probably know a thing or two about romps in hotel rooms!