* Posts by Morzel

25 publicly visible posts • joined 15 Mar 2011

IBM offloads Notes and Domino to India's HCL Technologies

Morzel

Re: Last time I used Notes

You could've just hit insert to toggle the unread marks :-P.

Lotus Notes mail was pretty bad at a lot of things, but selecting multiple messages (toggle selection using space-bar) and unread marks (toggle on-of using insert) was way easier in Notes than in Outlook, which required multiple mouse interactions. Notes was far nicer to work with for a keyboard-centric user.

15 years ago, you could administer a Domino/Notes "groupware" environment with mail and applications for a sizable company with a team of 3 admins, while you would need three departments to keep a functionally comparable Microsoft-environment running... It was pretty BOFH friendly, and did a lot of things right when it came down to security, including encrypted communication and local storage (if enabled), workable offline synchronization, active-active clustering, as well as cryptographic key management. And you could just recover that single mail the CEO deleted from backup without having to set up a separate server on which to restore the complete mail store, which was the only way to get it done in some versions of exchange... A lot of high-profile targets (banks etc.) were using it for good reason.

So yeah, its mail implementation sucked golf balls through a garden hose and the cross-platform UI wasn't at home on any of the operating systems it supported. But it shined in places where the alternatives were a big pile of steaming crap.

That was 15 years ago, the rest of the world has caught up (thankfully), and Notes never really got away from all that legacy. Like COBOL, the companies using it right now won't be moving away from it easily as it means redeveloping a whole lot of stuff that works for them, while all the new stuff gets a different environment to live in.

Disclaimer: I've used Notes for more than just mail at the time, and it deserves more than the bad rap it gets for the mail app. Also: I've long moved on, and so should pretty much everyone else ;-).

Former US anti-terror chief tears into FBI over iPhone unlocking case

Morzel

Re: Kind of what I said a couple weeks ago.

> I might be totally off base with the above but I think I got the gist of it right.

AFAIK you are mixing up two designs.

The iPhone 5S has the "secure enclave" chip, which contains a generated secret key to decrypt the data. The only way to get at that key is to pass the correct PIN to the secure enclave. Pass 10 wrong PINs to the chip, and it will destroy the key rendering the data inaccessible. The security is enforced by the hardware, regardless of the OS. The only way to get at the key is to enter the correct PIN or try to extract it by cracking the chip open in het hope that you can figure it out using electron microscopy and such. Brute forcing does not help because the encryption key is generated randomly, so you need to work your way through the whole key space which is mindbogglingly huge.

The iPhone 5C does not have the secure enclave chip, so iOS mimics the functionality in software. In that case, the (randomly generated) decryption key for the data is stored somewhere where you can read it directly (I'm assuming in the flash, but I may be wrong on that), encrypted with the hash of the PIN code. So if you want to decrypt the phone, you enter a PIN, iOS uses that PIN to decrypt the decryption key, which in turn can be used to decrypt the data on the phone. iOS keeps count of invalid PIN entries, adds a timeout after each entry and erases the decryption key after 10 consecutive invalid PINs. This is all done in software, which means that you can turn it off. To brute force your way in, you need to extract the encrypted decryption key, and try to decrypt it with all possible PIN entries to see which one sticks. This is trivial.

In this case, the iPhone 5C is used, which means that forcing your way in should not be that hard provided you have access to the data on the flash. The security experts are all implying that it is not rocket science to read the data from the flash and just decrypt the phone contents, it is well within the capabilities of the NSA, if not other agencies or even companies.

The point is that if the data on the phone was really that important for national security, it would have long been decrypted and analyzed. Now the FBI are just using it as emotional blackmail in the hope of establishing precedent compelling technology companies to give access to that data.

Reprogrammble routers axed by TP-Link as FCC bans custom firmware

Morzel

Re: But it's my router, I've bought it

He can stil *choose* to do it.

The only difference is that TP-Link no longer makes it easy to do so. That doesn't deny him the right to do whatever he wants with the thing.

'Boss, I've got a bug fix: Nuke the whole thing from orbit, rewrite it all'

Morzel
Alert

Re: polishing one

Preprocessor macros are probably the second best way to shoot yourself in the foot after gotos (if not the best way).

They can be genuinely useful when implemented properly, but I've seen far too many cases where it went pear shaped due to macro expansion issues (hint: braces and/or brackets), or unintended macro redefinition issues somewhere in the include path - especially when cross-compiling stuff.

So: use them wisely and sparingly :-).

Chip company FTDI accused of bricking counterfeits again

Morzel

Re: Goodbye FTDI

The point is that you'd have to steer clear of anything with an FTDI label, because it might just be a counterfeit part, in which case you are screwed. So your odds are better with a part that is clearly not FTDI. Make no mistake: people will (even if you consider it unfairly) perceive this as FTDI's fault, due to the fact that they are left out in the cold by FTDI while they acted in good faith.

Not every manufacturer works like this though. I've discussed counterfeit components with an application support engineer working for a big silicon manufacturer (that shall be unnamed), and he had personally run into an issue with a counterfeit: a big customer of theirs was having problems with a radio IC, so he was called in for support. Turned out that in that particular production batch a counterfeit IC (visually indistinguishible from theirs -- they had to perform X-ray analysis to figure it out) was used that supported the datasheet flawlessly but had forgot to implement the errata. I.e. the counterfeit IC did not have the bugs that the real part had, which made it fail because the integration depended on them being present.

After some discussion with his management on how to proceed, they decided to help their customer to fix the issue with the counterfeit, as the parts had been sourced via a reliable channel and the customer was unaware (and was not made aware of) it being counterfeit. The reason being that the relationship with their loyal customer was their first priority, and that dealing with the counterfeit ICs should be done on a different level -- i.e. using the information from the customer to audit where in the supply chain the counterfeits got in.

If I would have to choose between the FTDI way of dealing with this, or the example I mentioned above, there would be no contest: FTDI would not get my business.

Facebook tells Belgian government its use of English invalidates privacy case

Morzel

Re: Schoolyard

This is textbook stalling, standard operating procedure for any court case it seems.

I imagine you get flunked at law school nowadays if you dare to start a case without pleading for delays. If you spend a morning in the police court (dealing with traffic offenses, accidents and stuff like that), every single lawyer representing someone requests a delay because "they were only assigned the case the night before, hence they hadn't had time to prepare properly" -- all while keeping a straight face. How judges deal with this without losing their sanity is a mystery to me.

I'm Flemish (i.e. a Dutch speaking Belgian), and the linguistical argument is utter BS. Those English terms are common loanwords that are officially part of the Dutch language.

WHY can't Silicon Valley create breakable non-breakable encryption, cry US politicians

Morzel
Boffin

Re: Rubbish

That probably had more to do with the fact that BICS (the subsidiary of the telecom company that was hacked) provides quite a lot of roaming hub services to loads of interesting telecom operators (interesting to the NSA/GCHQ, that is).

I would presume that Langley has other means to keep an eye on our (admittedly very good) cryptologists.

JetBrains releases CLion - new cross-platform IDE for C/C++ users

Morzel
WTF?

Re: I like it

Then there must be something wrong with your machine, because it is simply embarrassing how much better IntelliJ is than Eclipse. Although I wouldn't call it frugal, especially with memory -- running it on a machine with less than 4GB (preferrably 8GB) isn't going to get you the best experience. Then again, you can't accuse Eclipse of being any better in that department.

You can change code while debugging (with some limitations though, look up HotSwap), and you have full access to all variables as well as live evaluations, as well as variable values displayed in-line with the debugged code.

When Borland still cared about a good IDE, I was a really big fan of JBuilder, and I still have it running in a virtual machine to support some legacy code. After years of frustration with Eclipse, I discovered IntelliJ and it felt like coming home.

Want to code for Google Glass in C#? Xamarin's got you covered

Morzel
Devil

Re: Linux, Sans Miguel

Remembering Gnome, I would say that he'd already gone over to the dark side far before he became an "MVP" ;-)...

That being said: all the better that someone is pushing for C# on non-Microsoft platforms. IMHO it really shines in areas where Java dropped the ball, so I'm all for it.

Thought you didn't need to show ID in the UK? Wrong

Morzel

Re: @Stevie - @Graham Marsden

>> Finally, I find it odd that you *do* object to the "other horseshit" involved in flying. Why is it that you object to all the other bits of Security Theatre (removal of shoes, limits on drinks, restrictions on what you can carry etc) but think that having an ID card to prove who you to be allowed on the flight is acceptable?

The ID card on a plane has a lot more to do with administration than with anything else. Figuring out what meaty bits belong to whom after the thing has ploughed into the ground becomes a lot easier if you have a passenger manifest to start with. Bus accidents tend to be far less gnarly, and mostly occupied by local folks that should be more easily identified post-mortem.

And most countries require you to disclose your identity when entering their borders, so the onus is on the airlines to make damn well sure that everybody they drop inside is capable of doing so.

Morzel

Re: What exactly is the problem here?

>> The police were just picking on people in the street for no good reason other than to pick on them.

Sadly, those things still exist -- more often than not based on racism, but in those particular cases the ID card is just the stick to beat you with. The key issue here is abuse of power by the police, which I assume exists just as well in the UK. Getting rid of the ID card won't solve that particular issue.

As I've experienced first-hand, if a police officer wants to get you, there'll always be something he can pin on you. And I don't know how it is in common law, but over here the written statement of a police officer (procès verbal) is considered 'special evidence', meaning that it stands as correct unless you can disprove it.

Morzel

Re: What exactly is the problem here?

>> The card doesn't prove who you are, it proves you persuaded the issuing body you were that person. How do you persaude them if you own nothing (or very little in terms of current ID)?

The same goes for any other form of identification/services (be it passport, birth certificate, benefits application). That is not the exclusivity of an ID card. Besides, if you're indeed homeless, my guess is that you have different priorities altogether. I don't see how it becomes any easier for them to get any kind of service by not having an ID card.

>> but I'd be prepared to guess that over time, given that "there is now an easy way to check, you know, just to be sure" this would soon be swallowed up in the new checks that get introduced - because we can, resulting in a net loss of time

In reality, those "new checks" don't exist. We are asked to provide proof of identity for exactly the same things that you are right now (e.g. open a bank account, rent a car, ...). Privacy laws are pretty strict in Europe, and having an ID card does not automatically give everyone the right to require you to show it.

Morzel
Go

Re: What exactly is the problem here?

Depends where you're coming from in the UK and where you're going to in France, but I still see a lot of you islanders (with or without caravan) coming from Dover, Hull or even higher up north, joining the summerly tourist tsunami on our Belgian roads to get to the French cote d'azure.

Morzel
Black Helicopters

Re: What exactly is the problem here?

>> Crucially, we are not required to have one and are not required to carry one.

Even if you don't have to carry an ID card, you are required to be able to identify yourself in certain situations, ID card or not.

>> We are deathly afraid that having a national ID card "for our convenience" is the first step down the road that leads to the Gestapo demanding our papers in the street.

Either there is something terribly wrong with your government, or with the way you think about them. Neither possibility is fine with me. You do have democracy over there?

It is not because there is a national ID card that you're suddenly living in a police state. In fact you might even argue that you're already there without an ID card given the ubiquity of CCTV monitoring in the UK.

Morzel
WTF?

What exactly is the problem here?

I honestly have a very hard time to understand what the big deal is with you Britons and ID cards.

As a Belgian (you know, the place you have to drive through when going to France or Germany) I'm baffled by your persistence in making your own lives more difficult... I would think that one of the primary responsibilities of a state should be to vouch for the identity of its inhabitants in a simple and non-ambiguous way, so you don't have to jump through umpteen hoops to "prove" to anyone else who you are exactly, and you can easily verify the identity of someone else in case the need arises.

Just going through the "proof of identity" requirements at different institutions in the UK make me cringe. I would not be very happy having to offer multiple forms of "proof" that may contain sensitive information -- e.g. bank or credit card statements, utility bills, benefits/state pension status... Not having a proper ID card for "privacy" reasons clearly isn't working.

I also don't buy the "cost" reasoning: the economic impact on having to deal with x superfluous ways of being able to identify someone will far outweigh the cost of having a proper compulsory ID card. While the latter is clearly paid directly by tax money, don't think you're not paying anything right now for the mess you are currently in.

As for identity theft: surely it's simpler to fake a utility bill or bank statement than to fake an ID card that contains a proper cryptographic signature.

So I have a compulsory ID card, and can easily identify myself whenever I need to for whatever cause. Need to identify to a state official? ID card. Need to identify yourself to any kind of institution? ID card. Want to get cigarettes or alcohol from a vending machine? ID card. Want to access any level of government service online? ID card. Get prescription medicine? ID card. Need to prove your medical insurance status? ID card.

It may very well not be perfect, but it seems far better than what you are dealing with right now. So... What gives?

Your kids' chances of becoming programmers? ZERO

Morzel
Boffin

No programming required

>> As you read this, first-year CompSci grads at Cambridge – which is believed by some to be a good uni – are starting to be taught with the assumption that they know no programming: an assumption that ought not to have lasted long after my cohort in 1981.

Actually, this still seems the best approach, as most self-taught programmers usually know very well how to scratch their particular itch in their particular environment, but know jack-shit about the real fundamentals of programming. Double points for using a language like Scheme (are any other language that adapts itself to different programming styles, without being too mainstream), which forces students to rethink what they (think they) know.

I know that my first year in university was a real eye-opener, even though I considered myself a pretty good programmer before.

LOHAN's mighty thruster poised for hot coupling

Morzel
Boffin

Inductive or capacitive wireless power

Why not skip the physical connection altogether and go for wireless power?

I know that Murata has an automotive module for this (see http://www.murata.com/products/wireless_power/index.html for more information) that might fit your needs.

Looks like an interesting little project for an engineering student...

North American teams land in Oz to race for the sun

Morzel
Coat

Re: Sounds heavy

Ha, but what other team can say that their vehicle is Grizzly-proof? (seen that they're coming from Canada and all...)

Ready for the car 2.0? Nvidia preps UPGRADABLE car system

Morzel

Not going to happen...

This module is no different than the other modules that are already on the market and being used; so I have no idea why the interviewer started dreaming about it being "upgradeable"... The interview (of which I only watched the first half) appears to be nothing but the Nvidia marketing guy humoring the wildly speculating interviewer with vague "you could do that"s while showing off eye candy and dispensing buzzwords ("innovating", "unique", ...).

Nvidia has made a SoC module targeted at automotive OEMs, which is (obviously) capable of some pretty graphics and for which Nvidia promises a stable form factor as automotive OEMs tend to be the most conservative bunch you can imagine. That's about all the news value of the article, and it's neither innovating nor unique.

So we might see this module somewhere down the line in a car (probably a low-volume model as a test case for an OEM), and the only upgrade path will be for the OEM, across different models and generations.

Pyrotechnic boffin poised to light LOHAN's fire

Morzel
Facepalm

Re: igniter box

Forget about the hand warmer and just keep the battery box in a sealed styrofoam/aerogel container -- I just looked up some data on the lapse rate and this should buffer the internal temperature of the battery box quite nicely during the ascend and keep it within operating range for Lithium batteries.

I'd still go for less batteries though: there are 3V lithium batteries in AA form factor with high enough peak current output if you want to use an existing battery box design. It will save precious weight.

Morzel
Boffin

Re: igniter box

I'm not sure how far you are in the design process for the battery/igniter box, but you might want to consider to at least test its performance at the designated temperature:

I'm already assuming that you are not using alkaline batteries as their current output is basically zilch at -60°C. If you want to stick with AA batteries, lithium batteries (e.g. Energizer L91) will perform way better than alkalines.

Also, I'd want to be really sure that the mechanical stress in/on the box due to the freezing temperatures does not introduce extra electrical resistance due to a bad mechanical contact -- that's 8 battery-to-battery connections of which only one has to fail sufficiently to result in a no go. Other than that, 8 batteries weigh quite a bit (without the enclosure 8 AA alkaline batteries will be about 200 grams, 8 AA lithium around 120 grams), which is lifting capacity you'd rather use to get your balloon to a higher launch altitude.

For a relatively short trip, you can try insulating your battery box with styrofoam and maybe add an exothermic heater (hand heater pads) to keep the temperature of the batteries acceptable, but this also adds more weight.

Personally, I'd try going with 4 smaller 3V lithium photo batteries (eg Energizer 123); you don't need a lot of charge, but you do need peak current which they should be able to provide even at ungodly temperatures. Stuff four of these in a styrofoam box with a small sodium acetate handheater and Bob's your uncle. For extra NASA-points, replace the styrofoam with aerogel :-).

cheers,

Bram

Boffins pull off room-temp quantum computing with home-grown gems

Morzel
Boffin

No safety goggles?

Surely these would be required in a laser lab worth its while?

Japanese gov makes Fukushima evac zone compulsory

Morzel

Don't feed the troll... (especially not an article-writing one)

Perhaps people have just given up on reading opinionated and condescending articles. Treating the subject like he does, Lewis has probably ticked off way more reasonable and knowledgeable people that are actually in favor of nuclear energy than convincing people the other way around.

It is true that in a lot of mainstream media, the coverage about Fukushima isn't as balanced as it could/should be. People have a tendency to be scared of things that they don't understand, and media have a tendency to exaggerate the scariness of any given situation -- not just the nuclear ones. If you have a good understanding of the topic at hand, then those in your environment that know about it will value your opinion and perhaps feel a bit more at ease to adapt the picture that has been painted in their heads by the news outlets.

If you look purely at the facts in the past articles, I like that there is already more 'objective' information available than in most other articles on the subject although it's not even close to being balanced -- there should be more attention for sources that don't have a vested intrest in everything nuclear. On top of that, the not-too-subtle tone of nearly all the articles until today is that anyone with a different opinion than the one portreyed by Lewis is a bleedin' idiot.

There is a point where people stop debating and figure that the other guy is just being an ass who isn't willing to consider a different point of view.

The worst part of it all is that Lewis is actually capable of writing a proper article, as long as he keeps to the facts; once he starts having an opnion it all goes pear-shaped vewwwy quickly.

Fukushima update: No chance cooling fuel can breach vessels

Morzel
Boffin

You're missing something

(but it's not your fault, as nobody really seems to be interested in accurate reporting anyway ;-).

The radiation level as it was measured very close to reactor number three spiked to 400 mSv/h for a short while. A different sensor, located on the border of the plant measured 8217 µSv/h -- which can be easily explained by applying the infamous inverse square law.

So no real inconsistencies, just that world+dog needs to find a better 'scientific' editor for their publication/tv-station/...

cheers,

Bram

Morzel

Politics

Because they have elections coming up in three months and the voters that actually grasp the complexities of the subject are by far outnumbered by those who are afraid of what they don't understand.

So there's a 'review period' that concludes after the elections, after which can be decided that the stations are deemed to be safe anyway and restarted. Those that have to manage the shutdown/restart and keep the grid going in the meanwhile had better not planned a vacation until then.