Posts by Adam 1

Re: It's funny to see that now...

> I mean we are long past the time when a passive attacker was a realistic scenario

It seems to me that no-one has shared this fact with a bunch of airlines, ISPs, pretty much every hotel you have ever stayed at.

I'm afraid that this is pretty close to par for the course. And you can't actually see those who just track rather than actively manipulate the traffic, but I would be amazed if it wasn't an order of magnitude greater.

Yes, TLS is imperfect because you need to trust a bunch of CAs some of which have been vaporised after spectacularly failing at their only job™, but in terms of risk management, it is night and day improvement. It's like arguing that there's no point locking your door because authorities could just open it with a carefully placed exclusive.

Companies cannot MitM a HTTPS website unless they own the computer. If they own the computer, they can just install they're own root CA, but no hotel or airline or internet cafe or ISP can do that to my device.

Re: superuser rights on the vacuum

Shirley it should be an iOS derivative? Needs to have lots of shiny.

> you will sure be regretted

That has got to be one of the best backhanded compliments that I've ever heard. I will be sure to use it on one of those oversized farewell cards that periodically frequents my desk.

Re: So kids, sometimes recycling is *bad*

Nonsense. All bits may be recycled. You just need to reuse them in random order.

Re: How does Encrypted SNI protect against censorship from DNS Providers?

@doublelayer

> Why can't China do the encryption themselves and find out what the request for a site they don't like would look like?

The way asymmetric encryption usually works is that the client would generate a random encryption key to use with a symmetric encryption algorithm (like AES). Think of this like a randomly chosen password, only with massively better entropy. This key is then encrypted with the public key (eg RSA), so only the server with the private key can derive the randomly chosen key and can then derive the content. So each request to chinadoesnotlikeme.com will look different.

So points 1 and 2 aren't a problem on this account. The real problem is knowing who owns the private key that corresponds to the public key you have just used.

> Could China block all these encrypted requests such that only standard requests get through?

They almost certainly would.

> Does China have enough power to prevent the big cloud providers from using this?

Certainly within their borders.

Re: I HATE IT!!!!!11!!!111!!

No, *I* promise not to abuse it.

Re: Don't you just love it when so-called democratic governments do a public cover-up ?

Fraud!? At the ATO? Shirley not. I mean maybe one or two bad apples at the lower rungs. No-one important though. Nothing like (former) Deputy Commissioner level, that's for sure.

> Don't you mean searching on Google and Stack Overflow?

I have an idea for a VS extension. You just type into a search box what you're trying to do, then it searches SO and copy pastes the accepted answer of the best matching question straight into the code.

I mean if we're going to have a process, shouldn't we automate it?

Re: Mixed Messages

And remind me who the feds sold Darwin's port to?

Re: 17713 is relatively light on features

> and they move the various system function controls around

This is the antithesis of productivity, or what you've called getting things done. I am embarrassed to admit how long it took me to get my Windows 10 laptop to connect to our work VPN. They tried to dumb it down to about 5 edits, drop-down menus and checkboxes, and in the process moved the settings that are needed behind 6 or 7 mouse clicks.

Re: "If the AI detects that a machine is calling you and you don't want to speak to the machine ..."

Ok, new idea.

First a countdown*.

5..4..3..2..1

Then a tone of about 15KHz* at maximum intensity gets blasted down the line

*Gotta have something to avoid false positives.

* We could go higher but we wouldn't want them to miss out if their hearing was down for some unknown reason.

Re: Note to my fellow Yanks ...

All I can say is that if your in Australia and the Mrs tells you to grab a Durex, she's not going to be impressed if you return with a roll of sellotape.

Re: And this is bad?

Slowly? You must have missed how quickly they were able to ruin things in Windows 8

Re: Renew Recycle Reuse

What? Postage from Sudan to Poland? I guess the only sensible question remaining is African or European?

> What are you supposed to use? WiFi? Bluetooth? Some proprietary rubbish on top of WiFi?

The SD card slot obviously.

> I italicised conditioned because they're using it pejoratively; reflecting their skepticism of the need for transactional integrity, I can't help feeling a little skeptical of their conscientiousness in implementing it.

This.

And there was no need to either. Most of the players in RDBMS land weren't initially targeting enterprise. When did you hear any of them say that enterprises have been "conditioned" to think that they need clustering or hot backups or whatever. They simply did it then shouted about the great new feature in $(New version).

Not sure who you mean will be sued (Microsoft or Intel).

I think Microsoft would be able to fall on the same arguments they used to patch against meltdown. Yes it slows your system down, but it was necessary as the only possible technical fix. You'll need to ask the processor manufacturer to implement a fix.

Intel will argue that it wasn't their choice to remove the capability. That the capability was still available today, and that if your operating system manufacturer has disabled it, then you should be sending your angry letters to them not us. But because we're such nice guys, you can have a bee's dick percentage off of our latest offering.

Lawyers at 12 paces later, they settle for a couple of tens of million quid for the lawyers and about a cup of coffee compensation to the mugs (ha) that signed up to the suit. Meanwhile, in the real world, people have said to themselves "that cheap i5 laptop I bought in 2015 is really struggling these days, probably time to buy a new one". Outside the tech scene, who wants to take a guess at who made the processor in the new one?

I'd be more interested in how say Apple deals with this. Being responsible for both the hardware choice and OS behaviour means they'd find it now tricky to palm off the blame like Microsoft can, and they also have to contend with the bad press from the whole iPhone old battery slowdown fiasco. Interesting times et al.

he didn't screw up at all

It was clearly horizontal in direction or it couldn't have hit the door.

Re: Still at the FPGA stage after all these years?!?!?!?!???

Totally agree with these tin foil hat comments. I mean if Microsoft were to own a large number of data centres where very small percentage improvements in work per watt or operations per second without increasing power can multiply out to a major $$ windfall it would make sense. But clearly this is about killing openness.

Re: Needs an IoT interface

Pfft, I am just waiting to import bombe.js*

*Too scared to Google this because

1. The search as you type rubbish in all browsers will probably see some black helicopter circling as my door gets kicked in, and

2. I'm worried that this will actually exist.

Re: Come back Clippy

Ahem

Re: Homomorphic encryption only option

Homomorphic encryption only* allowed for operations to be performed on encrypted data. You still must encrypt it at time of input and decrypt it when you want to use those results, so whilst the attack surface would be reduced**, it is not eliminated. Something, somewhere is going to need to do some math on the key, at which point, whatever facts that can be inferred from these registers come into play.

*this is still pretty mind blowing

** and no doubt increased in other areas

>> indexing by the numeric column ID is measurably faster

> If you only need a few columns but SELECT * then you're losing performance in the amount of surplus data you're cramming into the pipeline from the database.

Not to mention what happens under the hood if one of those columns in * is a blob of some form. The expression is "penny wise, pound foolish". Obviously a field index directly converts to a memory address offset so will be faster than an abstraction like a field name, but even that abstraction will likely use some sort of hash lookup internally or otherwise cache on first access, so you can bet your bottom dollar that the difference in almost any real world scenario is too small to reliably measure.

There are occasions to use column numbering, such as computing a row total at runtime for an arbitrary number of columns, but if you're in a position where you need to eek a bit more performance out of your system, there will almost certainly be lower hanging fruit to pick which carries much less risk and gives an order of magnitude benefit over this.

That doesn't even get into the find references to field X in table Y type problems which comes up in the real world quite a lot.

Re: Not an "autopilot"

Let me follow your logic. The person of your concern has a medical condition that prevents them from driving. They have enough money to live on their own rather than share, but not enough money to move somewhere closer to their employment and their employment is such that they cannot easily find a job that is more conveniently located. And the way you suggest that they may make this work is to buy a US$75,000 car which has a feature that can drive by itself up until the moment it can't.

Yeah, no. Self driving cars will be an amazing source of freedom to many people with medical conditions, elderly, disabled, even people under the influence of alcohol or other drugs. This certainly should not be understated as a benefit, but the problem is where certain people who should know better imply the technology is more advanced than it is, then run for the hills when it isn't.

I want to see manufacturers put their money where their mouth is before they are allowed to imply the car has an autopilot or similar technology. If they paid you out a million dollars if your car was at fault in an accident whilst self driving, and 10 million if that accident resulted in a permanent injury for anyone involved, and 100 million to the family of anyone killed, you might find that companies such as this are a lot more restrained when making these claims.

What worries me here isn't the failure of some sensor, but that we see a company not acknowledging that the design of their system (even down to its name) incorrectly encourages people to trust it beyond its capabilities. That is a design flaw. It needs to be rectified. Maybe it needs to pull itself over and stop if the driver isn't paying attention. When a plane crashes, Boeing or Airbus don't sit back and say well pilot/ground crew screwed up here, case closed. No, they figure out why their safety processes and systems didn't fire or were ignored, and implement changes in both instructions, design and training programs to make it less likely. I'm seeing none of that here. It's entirely about saving their reputation. Until that culture changes, I don't want these things on my roads.

Re: toing the party line

> *In their mind, only teenagers play Conley games.

That'd be computer games. Freaking autocarrot.

Re: This is why science rocks

> I find tap water much better when diluted.

I find it best when diluted with sufficient quantities of real medicine.

How's that non-crypto Blockchain going?

Wait! If you're telling me that they have a laser pointer attachment, I'll become an IoT evangelist.

Re: Single Points of Failure

Have you been living under a rock? It is 2018. You can't even convince some people not to consider their data to be stored until it has been written to some spinning rust or SSD. Because webscale.

Re: Precision

I have a bigger problem than the rounding. Metres? Feet? I mean, what is wrong with saying about 41 linguini?

Re: Apple have never really played ball...

> If sending a flag to the exchange server is enough to get you e-mails that you shouldn't get, then the security on the exchange server is absolutely broken

Not at all. Exchange is implementing security via the RFC3514 flag.

Re: Stalker's wet dream

> Alexa? Tell drone to follow <insert name of famous person>'s car

Alright, which one of you smarty pants was discussing flooring options with your better half?

Re: Or...

> Will someone please tell me why I am wrong to say that no-one using a modern language (of a higher level than Assembler or C) needs to explicitly code a loop to sum [attributes of] the elements in an array?

Not a downvoter but ...

I have seen LINQ used in some pretty bad ways. Here are a couple.

Developer not realising that their method was O(n^2). They simply forgot that behind those magic select or first or find methods is a loop.

Another developer didn't realise that a .Any(a => a == 5) on a Hashset may yield the same result as .Contains(5), but the former is O(n) and the latter O(1).

In other cases, a loop which iterates some collection and conditionally yields another object with properties based on the initial collection item can end up with such a convoluted expression that the minute it would have taken any half competent developer to follow the intent now takes 10 minutes to unpack, and even then you're wondering if you missed something subtle.

Another issue is with debugging it can be hard to set breakpoints when your line may represent hundreds of function calls.

Note I never said you should never use them. Just remember that most of the time it doesn't matter if your class is 5 lines longer or 150ns slower, but it does matter if your code becomes difficult to read. Use them, but with appropriate discretion.