* Posts by Adam 1

2545 publicly visible posts • joined 7 May 2012

Forget trigonometry, 'cos Babylonians did it better 3,700 years ago – by counting in base 60!

Adam 1

Re: a reasonable builder's approximation

7 * 7 = 50, but only for sufficiently large values of 7

Node.js forks again – this time it's a war of words over anti-sex-pest codes of conduct

Adam 1

Re: "there are downsides to codes of conduct"

> participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation

Shirley it should include the full harassment free experience whether one pads left or right

/I'll grab my coat

El Reg gets schooled on why SSDs will NOT kill off the trusty hard drive

Adam 1

Re: What's in it for me?

A media server with 10TB of storage isn't mainstream. HDD will own that market for a few years. Whilst you are correct that SSD is more likely to just die without warning, you also assume there that a typical user will take action the first time they see an OS not detected press F1 message on boot or hear the click of death. Sorry, not buying it. My experience of typical users has been "oh yeah it did make a funny sound, blue screen, tell me there was no os last week, but I reboot it again and it seemed fine". Even a highly paid software engineer who I was working with (who definitely should have known better) had the click of death whilst I was checking something with her. I said that doesn't sound good. So she did absolutely nothing until a week later when it failed and she lost a day's work. So it's only an advantage if you act on it.

On price, the floor is much lower than a HDD. Whilst they can make a 32GB HDD, they can't do it at the price of the same capacity flash drive. At some point, the amount of storage that your Dell/hp whack into their desktops by default is going to be the same price point. The default purchase will then be a SSD, and you will flick to HDD if you need additional capacity. I don't think that is as far away as presented in the article.

Mozilla ponders making telemetry opt-out, 'cos hardly anyone opted in

Adam 1

Re: NO!

Sure. My issue isn't with being asked. It is with the behaviour when the user doesn't know the option exists. Simply, they are solving the wrong problem. Imagine that you saw the following message after an upgrade.

"We'd love your help. We think we can improve your experience/achieve peace in the Middle East/whatever if we collect information about the websites that you visit.

This is what we will gather...

This is how we will protect your privacy...

Can you help us?

* Yes, sure

* No thanks

* Busy now, ask me tomorrow

As long as Yes, sure is *not* checked by default unless you have previously opted in, I am totally happy to be asked. I will still answer No (which may well be an El Reg commentard thing), but I have no objections being asked.

Adam 1

NO!

Don't do it.

> because so few have opted in that it's hard for developers to get a good sample of what causes problems.

Did it occur to them that so few have opted in BECAUSE they don't want it on? If we want to be slurped we would just use chrome.

ASUS smoking hashes with 19-GPU, 24,000-core motherboard

Adam 1

Love how you can be down voted for asking a question that isn't answered by TFA.

A short correction to my post. It would be 35,000x faster than this (mixing up my GHs and THs). If you mention crypto currency and you aren't talking about Bitcoin, you actually need to state what you mean.

Adam 1

> The result? 407 megahashes per second, if the planets align

That math doesn't look right. The antminer s9 is allegedly good for 14THs (call it 35x faster for somewhere around US $2500). If we're comparing apples and apples then you are going to want a pretty special price or at least another zero in the hashes per second stakes.

Germans force Microsoft to scrap future pushy Windows 10 upgrades

Adam 1

sweet

Now I just need to learn German.

Speaking in Tech: I am Wink, Wink.i.am, do you dig my smart home jam?

Adam 1

Not sure who is writing/doodling on their papers during the recording but it is quite noticeable (eg 44 minutes in). Unless it's Greg trying to get out the boot/trunk.

Lottery-hacking sysadmin's unlucky number comes up: 25 years in the slammer

Adam 1

Using the time as a seed is a bad idea™ when you know the time it will be run (or at least can narrow it down to a relatively small window). It lets you rule out a whole swath of possibilities.

Adam 1

Shirley, his lawyer, could have got him off with a little more creativity. Your honour, my client was asked to write a function that returns a random number. This was a simple misunderstanding, nothing more.

IBM likely to close Australian data centre

Adam 1

> but is over 25km and an hour's drive from Sydney's central business district, and 90 minutes from its airport at peak times. ®

Or about 5 minutes drive from Castle Hill station which is opening in a year or two.

75 years ago, one Allied radar techie changed the course of WW2

Adam 1

I don't know. Socrates is all Greek to me.

/Sorry, I'll grab my toga*

*which you'll no doubt point is Roman rather than Greek.

Adam 1

"The children now love luxury; they have bad manners, contempt for authority; they show disrespect for elders and love chatter in place of exercise. Children are now tyrants, not the servants of their households. They no longer rise when elders enter the room. They contradict their parents, chatter before company, gobble up dainties at the table, cross their legs, and tyrannize their teachers."

-Socrates (469–399 B.C.)

/Now get off my lawn

Foxit PDF Reader is well and truly foxed up, but vendor won't patch

Adam 1

Re: dropped it a few years back

Worse. I actually enjoyed your joke, but I think there is a fundamental difference between adware, creepy tracky browsers and something that silently scans your PC to see what is installed, changes your homepage/desktop/toolbars as it sees fit. In one case it is the price* they are asking to use the software. In the other, they are not upfront.

*Whether that price represents good value is left as a judgement call on the reader.

Adam 1

dropped it a few years back

As soon as they started bundling spyware in their installer.

Linux-loving lecturer 'lost' email, was actually confused by Outlook

Adam 1

You didn't show him how to change the font to white?

Intel's 8th-gen CPUs are called Ice Lake. And so are the 9th-gen

Adam 1

Re: The Answer You're Looking For

Hey, get off my lake!

Nokia's comeback is on: The flagship 8 emerges

Adam 1

Re: No wireless charging? No sale.

Also, some newer cars have a Qi pad built into the little nook where you chuck the phone. Sure there's USB ports in there too, but we're talking about the 15 seconds of nuisance every time you hop in and out. Shirley the harder needed would be under a dollar. There are plenty of things I'd lose* before wireless charging.

*Sadly, my Nexus 5 finally succumbed to a dead screen. I could deal with the broken power button, the broken mic, and 2 hour battery life, but I had to say bye when the screen died replacing the battery. New cheapo doesn't have wireless charging. First world problems totally, but I do miss it.

Outage outed: Bing dinged, Microsoft portal mortal, DuckDuckGo becomes DuckDuckNo

Adam 1

Re: @Justin

> At best sites can find out that you used DuckDuck somewhere in the past

Shirley it is just DuckDuckGo that can read that cookie (save some XSS bug obviously).

Adam 1

Re: "CMOS" as a sample test query?

I always use a phrase that is sure to be on my browser cache.

Slurping people's info without a warrant? That's OUR JOB, Google, Facebook et al tell US Supreme Court

Adam 1

> Slurping people's info without a warrant? That's OUR JOB, Google, Facebook et al tell US Supreme Court

There is a fundamental difference between making an active decision to share information about yourself in exchange for a service you think you want* and being compelled to share such information with a government. I can decide not to use twitface if I don't think that trade-off is reasonable. I am not compelled to use it and they are not able to incarcerate me** or fine me***. The state however can demand my information from me or my service providers, arrest or fine me or apply some other form of punishment. As that power can be abused, we have separation of powers to limit what any arm can do. A warrant is simply the judicial arm agreeing with the police that the restrictions that should normally apply can be overridden in this specific case, with limitations (it's not a free for all). Again, this is to protect society from a rogue police chief. The fact that it limits their capabilities is not an oversight but a core design principle.

*Irrespective about my view on whether it's think that you are making a wise choice.

**Can't really comment on what is possible in THE LAND OF THE FREE.

***Any "fines" they can issue me are only possible because I have entered into a contract with them, so it is underwritten by a legal framework which the companies do not write (although see previous point (

Brit firms warned over hidden costs of wiping data squeaky clean before privacy rules hit

Adam 1

Re: It is just not going to happen

@drsyntax

> it will then have a bearing on competitiveness

Exactly as I wrote:

> Unless one of the competitors can actually figure out a cost effective way to comply which is cheaper than the fines

There is no bearing on competitiveness unless someone is able to come up with a more efficient way to comply (or a loophole that means they don't need to).

Otherwise the cost will either be absorbed by the shareholders or the customers. Maybe some companies might strategically sacrifice shareholders' profit to grow market share but eventually customers will pay. If I sell a service for 50 quid a month and my competitors are similar in price and I have a new regulation that costs 5 quid a month, I can either raise prices to 55, decide to live on 45 paying the 5 out of my own pocket or leave it at 50 and hope I don't get caught. Perversely, the latter will also grow market share from those who do comply. Laws of unintended consequences and all that...

Adam 1

Re: It is just not going to happen

Fines will be treated as a cost of business and passed on to customers. Whilst supply and demand curves should see a reduction in demand if price rises, that can in practice take a while to flow through because of inertia and frankly some services would still be valued at the higher price point.

You see this all the time as currency movements make imports or exports cheaper or dearer. Unless one of the competitors can actually figure out a cost effective way to comply which is cheaper than the fines, the customer will pay the fines. Maybe in the short term some vendors might make a sell at a loss market share ploy giving the best of both worlds (ie, compliance + no price increase), but I wouldn't hang my hat on it lasting.

US military spies: We'll capture enemy malware, tweak it, lob it right back at our adversaries

Adam 1

> Once we've isolated malware, I want to reengineer it and prep to use it against the same adversary who sought to use against us

What does the DoD have against NSA?

World's largest private submarine in mystery sink accident

Adam 1

I sea what you did there

/I'll grab my wetsuit

Infosec eggheads rig USB desk lamp to leak passwords via Bluetooth

Adam 1

Re: Uh-oh!

Pfft. Easily defeated with a piece of cardboard and sticky tape. Real l337 haxors would ramp the CPU load up and down to encode the HDD data using fan speed and the mic on a nearby machine as a pick-up.

Adam 1

Wait what!? You want FireWire rather than USB because you think it's more secure?

Er, no. It gets a DMA side channel that can bypass pretty much any OS level control. The bypassing the OS bit is why it is (or at least was) so much faster than other standards of its day.

https://github.com/carmaa/inception

Ancient IETF 'teapot' gag preserved for posterity as a standard

Adam 1

more important than ever

Shirley the need for a 418 response is more justified than ever before given the vast growth of IoT interconnectivity.

Good Lord: Former UK spy boss backs crypto

Adam 1

Re: Won't make any difference.

You guys are lucky. At least you have the commendable laws of mathematics. We don't get them here.

Schoolboy bags $10,000 reward from Google with easy HTTP Host bypass

Adam 1

Re: Kudos to all involved

Google has well thought out policies about what is permissible. The $10K looks to be for "Logic flaw bugs leaking or bypassing significant security controls" with "remote user impersonation" listed explicitly as an example. If you were strictly applying the rules you could argue that "Never attempt to access anyone else's data" wasn't followed, but there is also an argument that he couldn't know he would be accessing confidential data before it redirected him, so it isn't like he's trying to access another user's Gmail or something I think they probably just appreciated that they know about it before* it was maliciously exploited.

*Probably

Adam 1

Re: Kudos to all involved

Responsible disclosure. Freaking autocarrot.

Adam 1

Kudos to all involved

Firstly, to the kid for responsive disclosure and for being so level headed ("I just think it was a very simple bug")

Secondly to Google for just paying the bounty. Certain other companies would try and get the kid hit with some ridiculous charge or threaten if he so much as farts in public they'll throw the book at him.

Textbook stuff.

US court system bug opened hole for hackers to scoop up legal docs for free on victims' dime

Adam 1

Is that why ...

... they needed Hutchins for the weekend?

Horsemen of the disk-drive apocalypse will ride upon 256TB SSDs

Adam 1

Re: What do you mean...

No not the one with the entire British library, the other one with the 8K VR video stream of kittens riding on Roombas.

Microsoft bins unloved Chinese cert shops

Adam 1

A CA has one job

Guarantee me that the certificate provided by the website belongs to the folk that control that website. If what you do means that yes might not actually mean yes then you are failing at your one and only job. You are simply wasting space in my cert store.

Marcus Hutchins free for now as infosec world rallies around suspected banking malware dev

Adam 1

Re: Blind support

> He is is definitely innocent, since he has not been proven guilty

He is not definitely innocent. Simply, no judgement about his innocence/guilt has occurred. He retains the same right to be treated as innocent as someone who has not been accused. By the way, my sentence you quoted is out of context without the one that followed pointing out that every person is in one of those categories.

> since one is presumed to be innocent, there is no need to be declared 'innocent'

Correct. I used declare in the context of the English translation of the Latin quote to tie it together. Basically, being accused of something doesn't imply anything about your guilt. Big problem is that it doesn't stop people inferring it, which is why reporting about it is such a difficult thing to get right.

Adam 1

That is quite unjust. I get that bail offices need to close, particularly in smaller regions*, but given the probability** that the accused may turn out to be innocent, there has got to be a better way. Again, assuming that all is in place except the money, why can't they accept payments via bitcoin or direct transfer or PayPal or ...... Of course some of these won't work, but it's worth trying to make the process a bit fairer.

* Not that this is the case here

** Even if it is small, it is definitely non-zero

Adam 1

Re: Who hasn't written "malware" code?

I once wrote a small service that ran on a colleague's machine. When issued a command from a client application running in my system tray, it would eject his CD ROM tray. Entertained us for the better part of a week. Now I'm older and wiser, I wish to publicly apologise for authoring botnet.beverageHolder

Adam 1

Re: Blind support

> innocent until proven guilty

If you squint the right way that phrase is ok. The problem with it is that there is an indirect implication of guilt and the problem is simply proving that.

> innocent unless proven guilty

That phrasing is better but it still allows people (usually the shock jocks) to focus on the proven bit and not the innocent/guilty question. "We know t'was you what done it. We just aren't allowed to waterboard a confession (mutters something about partisan activist judges).

I prefer something like "starts from the presumption of innocence". The exact legal principle we are talking about comes from the Latin

"ei incumbit probatio qui dicit, non qui negat"

The burden of proof is on the one who declares, not on one who denies

It is based on the knowledge that our capabilities to investigate are limited by skills, resources, technology and environmental factors. Because of these limitations, sometimes we cannot know for sure one way or the other. Sometimes we might be 99% sure of innocence or 99.99% sure of guilt, but convicting an innocent person is much more abhorrent than wrongly releasing a guilty person.

I'm proud of that legal tradition. It's a shame that our elected representatives so often come up with brain farts that counter this principle.

So on this case, Hutchins denies the charge. He might be innocent. He might be guilty. Each and every reader of this comment is in one of those two categories for this crime. He has been charged (declared), so at least the authority there thinks that they have a case. Well fine, but theirs is the burden of proof, not him.

FBI's spyware-laden video claims another scalp: Alleged sextortionist charged

Adam 1

> The NIT involves a specially crafted video file – such as this one

I was half expecting to be Rick rolled there.

A sarcasm detector bot? That sounds absolutely brilliant. Definitely

Adam 1

Just makes me want to use a message containing a bunch of U+2395 characters (⎕) for the perverse thrill of watching the recipient try to find a font that can display it.

Still not quite as evil as this.

Adam 1

Re: This is totally sick

It might take a few more sample messages. The heuristics are looking for a LOL in an inappropriate place.

Re-identifying folks from anonymised data will be a crime in the UK

Adam 1

Then you are more courageous than me sir. I was using hyperbole with ROT13 (I hope that was obvious, sometimes tone can't be easily carried). My point is that a combination as simple as gender/date of birth/postcode is frighteningly close to unique. Under this sort of rule, could such a study such as that undertaken by Harvard in the link even be possible?

Security researchers shouldn't have to risk their personal freedom to responsibly disclose anonymisation vulnerabilities that may be exploited by less savoury types. The company will argue that they acted on good faith when some combination of data which was exploited was not commonly known to leak identities and that they took reasonable steps to check their process up front (security experts at 12 paces). They're just the victim of bad advice, or advice that was considered best practice at the time. But that horrible security researcher is in violation of this shopping list of laws. We at ACME totally support security research but the actions of this researcher are just beyond the pale. Plus she even used end to end encryption like a terrorist. There is also the recent arrest of the Wannacry ratchet. If he's innocent, then this is exactly the sort of thing that turns would be researchers to other endeavours. If he's guilty, I guess that proves the companies point that these researchers are just criminal haxors. They can't win either way.

Adam 1

This is my concern too. Making it a crime to de-anonymise some half arsed 'we used double ROT13 to protect our beloved customers' data' is a good thing. But the way I imagine this to be written will pretty much leave security researchers on the hook every time they discover data at risk. We saw this same lack of foresight down under with #censusfail and 'statistical linkage keys'. It boils down to whether the company finds it cheaper to comply with the legislated anonymisation requirements or just sue the researcher. I know where my money would bet.

Adam 1

Re: IP Addresses

> Umm, so does that mean using WHOIS will be illegal?

Real people do not need WHOIS.

Send mixed messages: Mozilla wants you to try its encrypted file sharing

Adam 1

Re: Question for all y'all...

Well given that systemd is now able to use its AI engine to autonomously comment in the El Reg forums....

Adam 1

Re: Question for all y'all...

Shirley the ability to send hundreds of megs of encrypted data belongs in the init system.

Four techies flummoxed for hours by flickering 'E' on monitor

Adam 1

Re: No, it wasn't a long long time ago .........

You had sound!? Luxury! We used to dream of having no sound. We just had a tarpaulin covering the hole where the broken TV should have been. We had to get up at 12 o'clock at night, lick the tarpaulin clean with our tongues, go to work for twenty four hours a day at the mill for fourpence every six years, and when we got home, our Dad would slice us in two with a bread knife.

Hacked Chrome web dev plugin maker: How those phishers tricked me

Adam 1

injecting advertisements?

Seriously, the miscreants gain total pwnage of a developer plugin with millions of users through clever social engineering but all they want is a tiny click through percentage. Something tells me that either we haven't heard the whole story yet or the developer should purchase some lottery tickets.