* Posts by Brian Miller

1239 posts • joined 3 Jul 2007


US govt proposes elephant showers for every American after Prez Trump says trickles dampen his haircare routine

Brian Miller Silver badge

Re: Surely the washing instructions

You aren't supposed to dry clean hamsters.

So you've decided you want to write a Windows rootkit. Good thing this chap's just demystified it in a talk

Brian Miller Silver badge

How to learn how to actually write a Windows program

Rootkits are the only way to really learn how to write Windows programs. Anything else, and you just might as well use something like JavaScript to get the "job" done. Sharpen your skills, people, and "copy con program.com"!

Ooh, that should be an El Reg tshirt! "Stay calm and copy con program.com".

"Root Windows for the greater good!"

Search for 'things of value' in a bank: Iowa cops allege this bloke broke into one and decided on ... hand sanitiser

Brian Miller Silver badge

No cash lying around

"Now, we could be wrong, but banks usually keep quite a lot of cash on hand, right?"

Well, it's all kept in a safe. The new banks actually use armored dispensers for the cash, so the customer takes a receipt to the dispenser, which then doles it out.

So of course they guy took the hand sanitizer, because it had more value than the paperclips and pens lying about.

Fresh astro-underwear, anyone? Orbital shenanigans as Progress freighter has last-minute ISS docking wobble

Brian Miller Silver badge

More Bondo, Number One!

"Those watching the video stream of the cargo ship docking with the International Space Station (ISS) were treated to the sight of the spacecraft seeming to go off course as it approached the outpost."


Don't worry, that software bug is totally correctable.

Bill Gates debunks 'coronavirus vaccine is my 5G mind control microchip implant' conspiracy theory

Brian Miller Silver badge

"Please don't go down that rabbit hole, people."

Who are you kidding? We went down the rabbit hole of C++ decades back, and you want us to climb back out of rabbit holes?? Are you blind to the libraries of books dedicated to just that one hole?

Crucifixions are a dawdle.

Brian Miller Silver badge

Re: Angels are real

But are you sure that it's even a hypothesis? A hypothesis is a scientific wild-assed guess that is dressed up to produce a paper for a grant. A theory is a hypothesis dressed up for more grant money.

I'm not sure that anyone has ever had a hypothesis about angels that has resulted in a grant to study them.

Oh what a cute little animation... OH MY GOD. (Not acceptable, even in the '80s)

Brian Miller Silver badge

I don't regret it!

Since PC networks consisted of sneakernet back in well-spent youth, the closest we got to distributed disturbance was when I was in Army signal school. The barracks had a 70V speaker system wired in every room. Well, somebody had the "bright" idea of hooking up their car stereo up to it, and playing (badly) a bit of Jimi Hendrix. Of course, I and my fellow barracks rats decided that we had to do better, so my rather decent amp was hooked up. Yes, with full fidelity, out came The Hitchhiker's Guide to the Galaxy radio show, the last episode featuring the Man in the Shack.

We were never caught, and I regret nothing!

(Yes, on Monday our sergeant gave us a collective verbal drubbing, and told us never do it again.)

Cereal Killer Cafe enters hipster heaven, heads online: Coronavirus blamed for shutters being pulled down

Brian Miller Silver badge

Re: released a cookbook, etc

That bowl of cereal was about the same as a pint in a pub. So is a pint also too high? Maybe. It's the punter's choice, though, to either dine and drink at home or dine and drink down the lane.

Police and NHS urge British public not to call 101 and 111 non-emergency numbers after behind-the-scenes kit failure

Brian Miller Silver badge

Re: Vodafone mess up again?

Do you suppose they are still using relays and wire recording in their systems? Or maybe someone spilled their punch cards...

Developers renew push to get rid of objectionable code terms to make 'the world a tiny bit more welcoming'

Brian Miller Silver badge

Master changed, really?

Just started a new project recently, and, ah, "master" is still "master." Oddly enough, I've never seen a "slave" branch.

In Rust, we lust: Security-focused super-C++ language still most loved among Stack Overflow denizens

Brian Miller Silver badge

It's a worthwhile endeavor if you think it is. Really, people learn all kinds of languages. It's a different perspective on how to do things. I learned Rust using the online tutorials, then I went and implemented N-Queens solution and a more complex dining philosophers solution. Do I use Rust at work? No, but I would like to do so. I think it's a decent language, although the lifetimes stuff can be a PITA.

Learn it, use it, and implement something. Have some fun!

Galaxy S20 security is already old hat as Samsung launches new safety silicon

Brian Miller Silver badge

Re: A chip helps but doesn't make something secure

The ARM TrustZone is a joke, and it's a rather bad one. If Samsung has implemented their cryptography properly, and if the firmware and OS use it properly, then it goes a long way towards eliminating a lot of threats. Positive identification of a phone really isn't that big of a deal. The big deal is to keep malevolent code from running on the device.

'I wrote Task Manager': Ex-Microsoft programmer Dave Plummer spills the beans

Brian Miller Silver badge

Why wasn't it in by design?

The one thing I couldn't understand about Windows was why didn't they design in so many good ideas from Unix land? After all, they had Xenix. Apparently they ignored Xenix completely during the development of all of the Windows incarnations. "kill -9" should have a song written about it.

TensorBlow? Data boffins struggle with GPU shortage in Google Cloud, opposition offers to help out coders

Brian Miller Silver badge

Re: So... the cloud...

No, they're falling on their GPUs.

But really, it's all a non-issue. How much research is really needed into AI recognition of cat videos in order to drive cars and fly airplanes? Just let the cats grab the wheel, and keep the laser pointer steady.

If you don't LARP, you'll cry: Armed fun police swoop to disarm knight-errant spotted patrolling Welsh parkland

Brian Miller Silver badge

Re: Plague Doctors?

Why worry about that? The "doctor" was wearing a face mask. Since the regulations around my neck of the woods "require" a mask, even if it's a scarf, then anything counts.

Yes, the Darth Vader mask is valid in my book.

Driveway karaoke singer who wanted to lift lockdown spirits cops council noise complaint

Brian Miller Silver badge

"They call him the streak, fastest thing on two feet ..."

Just remember to run when giving "performances" and then they probably won't know where you live.

(Thanks to Ray Stevens for that song)

DEF CON is canceled... No, for real. The in-person event is canceled. We're not joking. It's canceled. We mean it

Brian Miller Silver badge

Re: Do you have to dial into their zoom call

Everybody dials into Zoom calls. Those are boring. So are yours. Could you please put something interesting on your computer?

GitHub Codespaces: VS Code was 'designed from the get-go' for this, says Microsoft architect

Brian Miller Silver badge

Re: And so the rush back to dumb terminals with subscription access continues

Let's see, according to the title, that would mean Multics.

While IBM did have support for TCP and web servers on their mainframes, it was always just insanely expensive. That gave Sun an edge, but that edge was lost when Linux got good enough to do the job. Now it's pretty much all derived from System 7, and an open source reimplementation of System 7. Makes one wonder what it would be like if AT&T had either clamped down from the get-go and never let System 7 out the door, or never paid any attention to K&R's efforts at all.

FYI: Your browser can pick up ultrasonic signals you can't hear, and that sounds like a privacy nightmare to some

Brian Miller Silver badge

It's the microphone, not the browser

The microphone is doing the conversion of sound waves to electrical signals, not the browser. It would be best to limit the microphone in Android or iOS, not mess with a spec. While there isn't a snowflake's chance of building a ski slope in hell of it happening, it's a better chance than changing a spec or API.

There's a black hole lurking within 1,000 light years of Earth – and you can see stars circling it with the naked eye

Brian Miller Silver badge

Re: Starman on his way...?

When a black hole enters our solar system, yeah, sure, Starman could go in. However, there's a far likelier chance of one of the Voyager probes taking a dive into one, since both Voyager 1 and 2 have entered interstellar space.

Sweet TCAS! We can make airliners go up-diddly-up whenever we want, say infosec researchers

Brian Miller Silver badge

Re: But how?

Could a drone of some sort carry something to spoof the transponder signal? Or maybe balloons could carry a box with SDR.

Caltech to Apple, Broadcom: You know that $1.1bn you owe for ripping off Wi-Fi patents? Double it, hotshots

Brian Miller Silver badge

Reinstate the Xerox lawsuit

If the Xerox lawsuit was reinstated by presidential fiat, then Apple would really have something to worry about! But this is how much of iPhone sales?

OK, so you've air-gapped that PC. Cut the speakers. Covered the LEDs. Disconnected the monitor. Now, about the data-leaking power supply unit...

Brian Miller Silver badge

Yes we know they squeak

We've all known for years that power supplies can squeak. Not news. And of course you'll have to be using SSDs intead of HDDs, and make sure that the fans always run at max because you don't want data exfiltrated through RPM changes.

At some point, we just can't have nice things out in public. Just the way it is nowadays.

Latvian drone wrests control from human overlords and shuts down entire nation's skies

Brian Miller Silver badge

Re: "During a controlled test flight ..."

Well, it did have somebody twiddling knobs and such. Just because the on-board system decided that it was a great time to take a holiday shouldn't be seen in a bad light.

Rise of the machines: we're off to the beach. You fleshies can keep working.

Google is a 'publisher' says Aussie court as it hands £20k damages to gangland lawyer

Brian Miller Silver badge

But isn't a fact exactly that, a fact? The lawyer was charged. Fact of action, by the police, and is public record. It doesn't matter if the charges were dropped later. The charges were filed.

This looks a lot like 1984, where the past gets scrubbed and rewritten.

Prank warning: You do know your smart speaker's paired with Spotify over the internet, don't you?

Brian Miller Silver badge

Spotify declined to make an on-the-record statement...

No, really? After all, this isn't a vulnerability, and it's not a bug. It's a global feature that just everybody on the planet wants! Yes, everybody wants to play music to a speaker that they can't possibly hear.

Really, the speaker should have some kind of control to revoke who accesses the thing. Maybe a factory reset will do the trick. Use the button activated by a sledgehammer.

I'm doing this to stop humans ripping off brilliant ideas by computers and aliens, says guy unsuccessfully filing patents 'invented' by his AI

Brian Miller Silver badge

No ETs, no problems

"What happens when a highly advanced extraterrestrial civilization visits Earth?" Thaler told El Reg.

If they actually bother to visit, they'll just nicely wipe us out and preserve the rest of the planet for their own exploitation. We're just not that amusing.

The question is, who trained the AI? Betcha it was Thaler and partners. Thus, it was their efforts that went into the creation of what the AI generated.

Now, the real question is, who owns the invention when the AI was trained on the summation of English literature, and then the AI churns out an invention and files a patent? The AI needs to do everything on its own, and then when the patent office rejects the application, the AI can sue the patent office.

Based on the current state of what AIs actually produce, that isn't going to happen for a very, very long time.

Rust core devs mull adoption of alternative compiler front-end for improved IDE support

Brian Miller Silver badge

Simple code, simple solutions

When one is writing simple code, then simple solutions are easy. I doubt these features would have been useful for either of my post-tutorial projects, which involved threading. Getting help with lifetimes would be nice, but I have my doubts about advanced Rust and "helpful" IDEs.

In Rust we trust? Yes, but we want better tools and wider usage, say devs

Brian Miller Silver badge

Re: "vim, make, gcc, gdb, strace etc"

But that's the environment I've been using with Rust, just not with gcc and make.

I have used Rust a bit, and I've found that I can get a mutex lockup using their standard library. Really, sometimes a mutex doesn't release when it's supposed to. I've had no problems with the parking_lot mutex, though.

The language is tricky, and the "helpful" error messages can very quickly lead a person astray. The checking up front is great, and there's other good concepts.

Grab your Bitcoin while you can because Purse.io is shutting up shop in June and you could lose the lot

Brian Miller Silver badge

Ran out of magic?

Collect garden gnomes -> magic??? happens -> profit

There is much irrational exuberance (still!) around Bitcoin and ilk. Could also blame multiple business closures on Covid19, too.

Stack Overflow banishes belligerent blather with bespoke bot – but will it work?

Brian Miller Silver badge

Will it work? See YouTube...

YouTube has a lot of automatic moderation. How effective is it, really? That depends. Say your video has a randomly generated background. Well, the bots can flag your video just because someone else put up a randomly generated background before you. And you lose revenue until a human gets off their but and presses a button. Your video uses content within the law of copyright and DMCA, but you can get flagged regardless of that.

There are no good options.

'Come 75,000 workers, join us!' says Amazon. Just don't dare complain about the boss or you're out on your ear

Brian Miller Silver badge

Highest turnover in the industry

And what do you expect, employee retention? Amazon is one of the best places to quit!

RAND report finds that, like fusion power and Half Life 3, quantum computing is still 15 years away

Brian Miller Silver badge

Quantum vs COBOL

Ok, so the US just might be vulnerable to encryption being cracked by quantum computing. Maybe. If there is usable quantum computing...

The thing is, the really sensitive government stuff is protected by encryption that is not public. The problem is one for the rest of us out here, who are actually far more vulnerable to a chair and rubber hoses than encryption being broken by quantum computers. And because some mainframe back there is running COBOL, doesn't mean that it has information that is sensitive enough to warrant the expense of being cracked using a quantum computer.

Current encryption is far more vulnerable to math and GPU attacks than the alleged eventual arrival of quantum computers.

Sunday: Australia is shocked UK would consider tracking mobile data to beat pandemic. Monday: Australia to deploy drone intimidation squads

Brian Miller Silver badge

Bleating and babbling, we ...

"We'll see how long it takes before someone breaks and smacks one of the buggers with a crowbar. "

"When cometh the day we lowly ones, Through quiet reflection, and great dedication Master the art of karate, Lo, we shall rise up, And then we'll make the bugger's eyes water."

Self-driving truck boss: 'Supervised machine learning doesn’t live up to the hype. It isn’t C-3PO, it’s sophisticated pattern matching'

Brian Miller Silver badge

Re: Finally, a proper description of what the media dubs "AI" actually is

But why is this news? All along "AI" has been pattern matching, and has always been shown to be pattern matching. I remember early demonstrations of AI telling the difference between headshots of men and women, and then being confused when given headshots of the Beatles.

The real question is, can we use pattern matching to reliably navigate a multi-ton object without human intervention? Sure, if the object is on rails, and isn't subject to major random interference.

Forget James Bond's super-gadgets, this chap spied for China using SD card dead drops. Now he's behind bars

Brian Miller Silver badge

Re: Money-laundering?

$5k + $5k + $5k + $5k = $20k, no problem, no report to the feds.

I, too, am surprised to see such a light sentence. If probation is a factor, then he might only see a year in jail.

Looming ventilator shortage amid pandemic sparks rise of open-source DIY medical kit. Good thinking – but safe?

Brian Miller Silver badge

Re: It's not just the mechanicals that are needed

However even a positive pressure air system ventilator that's kitbashed together, and works acceptably, can help a less serious case and can be the difference between recovering at home and ending up in hospital.

Hey, I'm set! If I get sick, all I need to do is run a hose from my case fans to a mask, and game until cured or dead!

Tinfoil hat brigade switches brand allegiance to bog paper

Brian Miller Silver badge

Re: you'd still struggle to get through a couple of rolls

A roll a week? How?? I'd have had to have eaten a mess of things that would run through my gut like the 24 Hours of Lemons race to do that. Of course, I don't work from home. Ok, now that my employer has screamed "OMG it's a pandemic! Watch out for these symptoms!" (None of which would catch even one zombie, mind you) that I'm here at home with a new defacto mouse and keyboard farm.

Seriously, at roll lasts a minimum of two weeks, usually three.

It is 50 years since Blighty began a homegrown and all-too-brief foray into space

Brian Miller Silver badge

Black arrow is red and silver?

For some reason, I would have thought they would paint the rocket black, instead of red and silver. Especially with the nose cone such a bright shade of red, as in, "this end up."

Life in plastic, with a classic: Polymer £20 notes released into wild sporting Turner art

Brian Miller Silver badge

Re: Offensive?

No, use criminals on death row for a source of tallow. That's sure to offend far more people!

Austrian foreign ministry: 'State actor' hack on government IT systems is over

Brian Miller Silver badge

Source article interesting, kind of

The attack of the 4-byte file

The entire attack on a target network starts with a tiny command line module that sends a TCP request to an external command / control server, the command consisting of only four bytes of text [!]. This command brings in a so-called “dropper”, which then places the subsequent trojan in disguise.

This is just sooooooooo bogus! They make it sound like it only takes four bytes to hack a server, and it's done with a request. What were they expecting, a treatise on nihilism?

The attack starts because somebody in their network has said compiled code on their computer. The code from Kaspersky looks like something done as a demo of the attack, not the attack code itself.

Many years ago, a programmer made the point that firewalls should be able to whitelist only connections to known services, not just any old thing out there. Since 13277 is off in the weeds, disallowing outbound requests on that port would stop the problem.

Crypto AG backdooring rumours were true, say German and Swiss news orgs after explosive docs leaked

Brian Miller Silver badge

Re: Spies gonna spy

"moral high ground": There is no high ground in a pig wallow.

The spies do act for the government they stand for. Thing is, they may stand for a number of governments at any one time. They're just flexible like that.

Microsoft's little eyes light up as Oscar-winning Taika Waititi says Apple keyboards make him 'want to go back to PCs'

Brian Miller Silver badge

Show a PC keyboard?

Clue for the clueful: that's a C64 there! Really now, show an original PC keyboard! You know, the one with the 5-pin DIN cable and the IBM logo!

Arm gets edgy: Tiny neural-network accelerator offered for future smart speakers, light-bulbs, fridges, etc

Brian Miller Silver badge

Re: Oh No...

So what's to stop your IdiOT from still sending all that wonderful data back to the mother server for integration into the silicon all-mind for the purpose of optimizing advertising to change your mind about which toilet paper to buy?

(Hint: just steal your toilet paper from work. They have plenty.)

Super-leaker Snowden punts free PDF* of tell-all NSA book with censored parts about China restored, underlined

Brian Miller Silver badge

3.6Mb download, copy, paste, read

No problem, I can't speak or read Chinese, but I can download a 3.6Mb file, open it, copy and paste into Google Translate, and then read it just fine. Takes a little bit of effort, but not that much.

Forget the Oscars, the Solar Orbiter is off to take a close look at our nearest (and super-hot) star

Brian Miller Silver badge

Sun, science ...

What, not studying the Frog Star? Sun, sand, suffering!

RIP FTP? File Transfer Protocol switched off by default in Chrome 80

Brian Miller Silver badge

Re: File Transfer Potocol

Clue: When logging in as user 'anonymous' and your email as your password, the security of the data is rather irrelevant.

And when we wanted to do business securely, we used a physical thing called "cash". When we wanted to send confidential data, we encrypted it first, and/or sent it on a physical medium through registered mail.

Grasshopper, when you can snaffle the data transferred by punch cards in the TEMPEST room, etc., etc.

Boss planning to tear you a new one? Google Glass is back: Weird workwear aimed at devs, but on sale to all

Brian Miller Silver badge

640x360 display??

All these advances over the decades, and we don't even get CGI resolution??

Google's OpenSK lets you BYOSK – burn your own security key

Brian Miller Silver badge

Don't roll, buy

The Nordic dongle is simply a NFC CPU dev kit. This is not a solution I would recommend, and you could substitute just about any CPU on a USB key here. I could probably take the project and dump it on that Linux-on-a-business-card kit without too much difficulty. Good excuse to buy a SMT oven, though.

I do recommend the Microchip ATECC608A and ilk dev kits, though. I wrote a Python interface for their AT88CK590 dev kit, it wasn't that hard. The chips are good.

Yeah, side-channel attacks are a PITA. The company I work for runs tests for that on our chips, and has revved the prototype designs a couple of times to thwart that. All of the crypto operations look exactly the same.

Brian Miller Silver badge

Re: It's all very fascinating

OK, clue time here: the private key is generated inside the hardware itself. There is no external generation of the private key. You send the chip a command, it performs the command, and it keeps the results of the command inside it. Then you perform cryptographic operations with that value for external use. There are a few really good crypto chips that do that.

Some chips do, indeed, require a programming step with external data. And some HSMs don't have a lot going on inside them other than running Linux with everything floating around in plain text while the device is in operation.

For simply doing things like 2FA, etc., there's at least two I2C chips that fit that bill. Otherwise, you're running everything in an OS of one flavor or another.



Biting the hand that feeds IT © 1998–2020