* Posts by corestore

417 publicly visible posts • joined 13 Jul 2007


Pentagon dumps $1.5B more into military sat network that's already slipping behind


Does this mean...

They're... adding manpower to a late project?

Tesla knew Autopilot weakness killed a driver – and didn't fix it, engineers claim


Risk tolerance

I've driven recent model Teslas. The automation - lane keeping and adaptive cruise control is essentially what it is - worked very well.

I think part of the problem here is that some drivers simply have a higher tolerance for risk than is healthy; self-driving systems are not yet fully autonomous, and are made available with warnings that human surveillance must be constant, and driver intervention may be required at any time - but some drivers, after a certain amount of experience with the system, are lulled into paying a greater reliance on it than is healthy; their tolerance for risk is higher than that of the manufacturers, or the NHTSA. Familiarity breeds contempt, and the system is used in ways that were not intended.

The *other* problem is the whole notion of 'partial automation'; we KNOW some drivers will evince the behaviour described in the previous paragraph, they will ill-advisedly rely too much on the automation, and accidents will happen. Give we know some will do this, I'm by no means sure these kind of interim solution partial automation systems should be offered to the public at all. I'd be more comfortable if the systems were SAE level 3 or higher - but AFAIK no level 3 systems are currently offered to the public?

Chinese media teases imminent exposé of seismic US spying scheme


Re: I'm very dubious about this

Not so.

I SAID we located the last NK nuke test from NZ, using predominantly NZ data; such a big bang is very well detectable around the world, or at least the hemisphere it occurs in.

A nuke weapons test cannot be hidden. There are systems designed to detect any such thing, and they are proven to work and work well, under CTBTO auspices.


Re: I'm very dubious about this

You don't NEED to "hack into" anything to get earthquake data because the data is public! For any decent sized earthquake you will get data, and solutions, from multiple international sources, including Chinese ones. The Global Times 'explanation' is, frankly, cod. You can't "infer" an "underground cavity" of that nature from seismic data. Seismic tomography is very much a thing, but it operates on MUCH larger scales.

And if you want to know the "regional geology" there will be a bazillion papers published on that subject.

Note I'm not saying the story isn't true; I don't know; I'm just saying it *seems* unnecessary. And I'm not saying spying doesn't occur; it undoubtedly does.


I'm very dubious about this

There's nothing remotely secret about seismic data, and it can't be hidden because seismic energy doesn't respect national borders; we detected and located the last NK nuclear test from NZ :-)

Here in NZ, all our seismic data is freely available in real time - https://www.geonet.org.nz/data/access/FDSN - and I would be surprised if it was any different in China; they're also part of FDSN: http://fdsn.adc1.iris.edu/networks/detail/CB/

So there's no NEED to 'spy'.

Arrogant, subtle, entitled: 'Toxic' open source GitHub discussions examined


"Alexa, what does a pissing contest look like?"


NASA in 'serious jeopardy' due to big black hole in security


Nothing new there...

About 15 years ago I bought an SGI Onyx system (big high-end workstation) from a guy, who had bought it at public auction but never got it going.

I had to incant some very obscure runes to nuke the PROM password, get it to boot single-user, and hack root, but I did it. And what did I find?

The machine had come out of GSFC - Goddard Space Flight Centre. NASA. And they hadn't wiped it! It has previously been a web server - sprecher.gsfc.nasa.gov - came with a bunch of NASA stuff installed: webservers, internal NASA tools - Earth Observing System Data Gateway etc - user credentials, personnel stuff, Oracle databases - fascinating stuff!

Pic of the thing: https://pbs.twimg.com/media/DuvjScpU8AAhxvk.jpg

Seagate demos hard disk drive with an NVMe interface. Yup, one with spinning platters


"Intel's 3D Xpoint persistent-memory technology has immense promise, even if currently it's struggling in the market. This grade of non-volatile memory can be used literally as memory – it can be fitted into a server's DIMM slots, rendering off-board interfaces such as NVMe obsolete."

Ye Ghods, they've invented the core store!

So I’ve scripted a life-saving routine. Pah. What really matters is the icon I give it


El Reg on Twitter: "If they erected a 2-object memorial to your life, which icons should they use? A Nokia 3210 and a voltmeter.."

A pdp-8 and a workstation running scolv...

FBI drops subpoena to identify readers of USA Today article about shootout with agents


I've been banging the same drum...

...for 20 years at least.

If *any* organisation gives a damn about privacy, the simplest step they can take is to *not store the information in the first place*!

Why would a newspaper log the IP address of everyone who reads a story in the first place?! I mean you can wave arms about cookies and targeted ads and goodness knows what else, but why keep that log file? That's data you simply shouldn't have.

Parliament demands to know the score with Fujitsu as Post Office Horizon scandal gets inquiry with legal teeth


Re: There needs to be established...

That might possibly 'get' the post office prosecutors, although it could be argued that since the PO was privatised they're no longer 'in a public office', and it wouldn't touch the Fujitsu employees who were equally central to this.

No, I stand by my suggestion of 'reckless prosecution' - although perjury could also apply to individuals.


There needs to be established...

...a criminal offence of 'reckless prosecution', along similar lines to 'reckless driving'.

Prosecutors and witnesses, as in this case, have the power to destroy lives as effectively as a dangerous driver - and when their conduct in using those powers amounts to recklessness, they should face similar penalties, including imprisonment.

And this, I think, is one of those very rare cases where the conduct was so serious and persistent that it could be argued the proposed law should be applied retroactively.

Tesla Autopilot is a lot dumber than CEO Musk claims, says Cali DMV after speaking to the software's boss


Re: Is the market voting with its feet?

Briefly, those numbers ARE subject to a certain amount of woo, mainly because Autopilot is primarily engaged on highways, which are subject to lower crash rates anyway. So that's a little beside the point.

My main point was all about the *human* factors; the *perception* amongst at least a subset of drivers that using Autopilot at a higher level than SAE Level 2 automation on highways is 'safe enough' for them - despite that use leading to occasional spectacular, and generally fatal, wrecks.

And this is by no means confined to self-driving; there's a substantial difference between the levels of safety that highway and vehicle engineers consider acceptable and attempt to deliver more generally (in terms of fatalities from whatever cause per million miles etc), and the *range* of levels of safety different members of the public find tolerable.

This isn't about what we should or shouldn't 'allow' or what marketing people do or don't do; this about how the end users actually *use* whatever products we give them.

On a purely personal level, I'm... uneasy... about the existence of any level of automation between Level 1, adaptive cruise control, and level 4 FSD. Either you take full responsibility for the course of your vehicle, or you take none, and doze off happily.


Is the market voting with its feet?

This prompted thought:

"The US National Transportation Safety Board in its report [PDF] on the incident said the probable cause of the crash "was the truck driver’s failure to yield the right of way to the car, combined with the car driver’s inattention due to over-reliance on vehicle automation…""

I'm sure this - drivers not paying attention - happens a fair bit more often than Tesla would care to know or admit. And yet the stats show that, even now at level 2, letting Autopilot do the driving is significantly safer than doing the driving yourself.

Could this be a case of the market anticipating the regulators, and drivers feeling comfortable enough with the automation to let the car do the driving and not pay attention? At least on the highway? It's marketed as level 2, it's intended to be used at level 2 - but at least some drivers seem to be comfortable using it at a higher level than that, in a way that was not intended, and the resulting accident rate is within the bounds that people (rather than regulators) find acceptable?

Cosmo Communicator: Phone-laptop hybrid is neat, if niche, tilt at portable productivity


Why are you going with Psion comparisons?

To me at least, the obvious resemblance is to a Nokia Communicator.

Google reveals the wheels almost literally fell off one of its cloudy server racks


Re: A couple of degrees...

It survived mostly intact!


A couple of degrees...

Of tilt were enough to disrupt the operations of the machine?!

I once had an IBM System/38 (google it) fall off the liftgate on the back of a truck. The whole thing dropped ~ 4-5ft onto concrete, landed on its back.

Damage? Broke the cast alloy hinges holding the back doors in place.

Dragged it upright again. It powered up no problem and IPLed (booted) and ran just fine.


IBM quality.

Remember the big IBM 360 mainframe rescue job? For now, Brexit has ballsed it up – big iron restorers


Re: I was the underbidder on the eBay auction...

Oh I would absolutely be assisting - but I'm in New Zealand, so a bit out of range.

And I think your reply was a bit harsh and uncalled-for; the wink at the end was intended to be interpreted as humour.


I was the underbidder on the eBay auction...

...and I'd still take it off your hands if you're really struggling ;-)

UK Supreme Court unprorogues Parliament


Are you serious?!

The PM's position throughout, and that of the Tory party and many of their supporters, is that this was NOTHING to do with Brexit; it was just a normal prorogation leading up to a normal Queen's Speech, and it was a complete and total coincidence that it covered a period when Parliament would have been very engaged in scrutiny of the executive, and possibly legislating, over Brexit, and it was just an accident of timing that it was for five weeks instead of the usual five days.


It was transparently obvious to the dogs on the street that it was a lie, a complete load of cobblers, and the Scottish courts saw right through it instantly.


One the best tweets came from The Guardian's political sketchwriter:

"Amazed that so many Brexiters who insisted the prorogation was nothing to do with Brexit are now adamant prorogation being declared unlawful is an attempt to stop Brexit"

I believe they hit the nail on the head with a very satisfying thump.

Google readies Pixel for the masses, but are the masses ready for Pixel?


Re: re: Really can't agree with the tone of this article.

I don't want sycophants, and as my post makes clear, I'm not one. I've had a Samsung phone too - and the crap on that made me want to go back to the plain vanilla no frills Google Android experience.

No sycophants - but this is a bit too much like a hit piece. IMHO.


I would somewhat agree with you there.

Nexus 6 is one of the best phones I've had - my sons still use them. But my Pisel 2XL, and my wife's Pixel 1, are the only Pixels we've had. They hiked the price too much with Pixel, IMHO; hopefully with the 3A we'll see a return to more sensible pricing.


Really can't agree with the tone of this article. I'm sure some customers have had issues; I'm sure you could find similar issues with various phones from *every* manufacturer - but you wouldn't run quotes saying they 'shouldn't be in the hardware business'!

I'm not a Google fanboy by any means, and I've had a couple of issues with phones from them too. But I've had had Google phones since the very first Nexus, and I'd honestly recommend them to anyones shortlist.

They do need better international support however. Had issues with a Pixel 2 while overseas. Under warranty, no problem, they'll replace it, right? Wrong. They said sure we'll replace it - when you're back in the USA. But that won't be for a couple of months? Tough. They apparently have no ability whatsoever to ship a replacement phone overseas; they need to do better on the international service and support front.

New Zealand cops cuff alleged jackasses who shared mosque murder video, messages online


We're far far beyond merely 'disgusting' which is, as you said, very subjective.

As the Chief Censor here in NZ, the video, and his 'manifesto', were "designed to inspire, encourage and instruct other like-minded individuals to carry out further attacks."

That is why they have been, rightly, banned.


Errrr I can, that's why so many people are pissed off with him, as I said.

You're running at an open door.

Should I have said 'majorly pissed off'? 'Incandescent'?


Re: His Manifesto

You missed out the most relevant part of his manifesto; he's a raving white supremacist / white ethno-state proponent.

That's WHY he was shooting brown people in a mosque.


I doubt it; he hasn't committed any offences under NZ law.

Pissed off New Zealanders? Absolutely. But no criminal offence.


People who "don't like Muslims"???

Today it's people who support and praise terrorists who butchered fifty of us.

Today it's people who called for Muslims (and indeed all non-whites) to be "culled".

If I ever say anything similar about anybody then please, go ahead, arrest me, I'll deserve it.


Arrested for sharing and describing the actions of the terrorist as "excellent!"

After having made a video where he says "bring on the cull!" (of Muslims).

This is who we're talking about.


Another Apple engineer cuffed over alleged self-driving car data theft: FBI swoop on bod as he boards plane to China


"Those core staffers are split into siloed departments, and only have access to their own department's databases with every request to look outside their immediate area of work reviewed by an administrator."

"...A programmer who gets authorization to learn about the addressing structure has to demonstrate a separate need to know to learn the instruction set. The avowed aim of all this red tape is to prevent anyone from understanding the whole system; this goal has certainly been achieved..." - Internal IBM memo commenting on the security procedures for the *failed* FS project.

London's Gatwick airport suspends all flights after 'multiple' reports of drones


I wonder if...

There may be more to this than meets the eye. Reports of multiple sightings of multiple drones, from ~9pm through to at least ~3am.

That's probably not some kid being stupid, or a prank. That's starting to look like we need to at least consider the possibility of a planned attack on infrastructure; a takedown of the airport. Maybe even a rehearsal; now imagine the same thing happening at several airports across the southeast; chaos cubed.

Houston, we've had a problem: NASA fears internal server hacked, staff personal info swiped by miscreants


Re: Hah!

I found someone had made a webpage of my original usenet post documenting the procedure for posterity!

http://www.sgidepot.co.uk/onyxnvrampwd.html -

How to clear the NVRAM password on an Onyx/Challenge

By Michael Ross and Chris Patterson (MCE)

1. Enter POD mode using the debug options as documented my Ian Mapleson at:


Note that the POD prompt will only appear on a terminal connected to the console (tty1) port - the GFX display will remain blank.

2. At the POD prompt, type 'zap'.

The PROM password is now clear, you can type 'io' to start the PROM monitor, from where you can now access the command monitor, install software, etc. etc., without a password.

3. Don't forget to disable POD mode again before rebooting!

'zap' is documented in the POD prompt help screen (type '?' for a list of POD commands), but the description is something very innocuous, like 'reinitialise environment', and gives no clue to the fact that it blows the PROM password away!

NOTE: 'zap' also blows away your entire configuration. So when you go into the PROM monitor, console is set to tty1 not GFX, your boot/root/OS devices may well be wrong - my setup was defaulting to boot dksc(0,....) when the disks were all on dksc(1,...) etc. etc.

So be sure to review and fully understand your configuration BEFORE using 'zap', if at all possible (I know, it's kinda hard since you're locked out of the command monitor).

Thanks to all who helped!





Back in the late 2000s, I bought an SGI Onyx workstation on eBay. The previous owner had bought it at government auction but didn't want it so moved in on. My gain. Nice upgrade from my previous Crimson.

I had to research some pretty obscure hackery to bypass the BIOS password, which enabled me to boot single user and hack root. And what did I find? A NASA machine; from the Goddard Space Flight Center in Washington DC. And they hadn't wiped it! Judging from what I found, its graphics had been outclassed by newer machines, but they repurposed it as a server; it was full of Oracle databases, personnel stuff, and a bunch of internal websites etc. Fascinating stuff! Pic for any doubters:


Astonished they let that out without wiping it first!

Facebook: Up to 90 million addicts' accounts slurped by hackers, no thanks to crappy code


Needs more clarity...

How does this interact with 2FA? Is that still secure, if it's turned on?

Presumably any attempt to actually *use* these access tokens would generate a 'new login from unknown device' warning from FB? I certainly always see that when I try to login from a device I haven't used before. Is that warning a default, or something you have to set up when you configure security? I can't recall.

Google says Pixel 2's narcoleptic display is being fixed in June update


Greatly impressed with the Pixel 2, greatly unimpressed with Google support.

Mine, 2 months old. Just failed. Won't charge - and when I unplugged the charger cable after trying for 5 mins, the metal part was so hot it almost burned my hand. Phone very hot too, after just 5 mins attempted charge. Google happy to offer warranty replacement - but not until I'm back on US soil - 'tough, you'll have to do without a phone for a couple of months; we can't ship overseas'.

It's a fairly premium product; it deserves premium service. Does no-one in Google have the wit to stick a phone in a box and slap a shipping label on it?!

UK's first transatlantic F-35 delivery flight delayed by weather



Alternatively, Engines Turning Or Passengers Swimming...

Google listens to New Zealand just long enough to ignore it


Re: Another example...

I didn't say or mean anything like that; please don't put words in my mouth.

My primary point (which I thought was obvious from the 'Canute Syndrome' opening) was the sheer futility of thinking national courts can control the borderless internet with suppression orders or injunctions. That entire concept is in its death throes.

What boots it for NZ courts to forbid NZ media (and individuals) from disclosing details of a court case when everyone else on the internet, from Baltimore to Bangalore, can publish with impunity because they're *not subject to NZ laws*? (and everyone in NZ can read the resulting publications of course).

My secondary point was to make a stand against this encroaching... balkanization of the internet. You don't like the 'right to be forgotten'? You want your search results uncensored? Just use the US Google servers - but that shouldn't be *necessary*.


Re: Another example...

I think it's a lot simpler than that, DavCraw.

The legal term for this kind of injunction is 'contra mundum' which means, literally, 'against the world'. Someone seems to have taken that very literal meaning and run with it. What it actually means in practice of course is 'against anyone within the jurisdiction of the court' - and UK courts don't have jurisdiction overseas; the wording simply refers to an injunction that applies to everyone in the UK, whether or not they've been formally served with it, as distinct from a normal injunction against certain named people or organizations.


Another example...

...of what I call 'Canute Syndrome'. There isn't a little local NZ internet for little local NZ people, and courts are going to have to come to terms with that. NZ has very strict 'suppression orders' at times; not too long ago, a fairly prominent politician went on trial on certain eyebrow-raising criminal matters (historical allegations I believe) which would have been front-page news in any other country. In NZ, the entire case was suppressed; the media could only report on it in the vaguest possible terms (and without so much as hinting about the identity of the politician, or even that he *was* a politician, it was just 'a prominent New Zealander appeared in court...') thanks to sweeping suppression orders that applied before, during, and after the case.

We've seen similar stupidity here in the UK, most preposterously when the then Attorney General insisted that the injunctions issued by British courts protecting the new identity of Jon Venables applied to the entire world, and that they made it a crime for anyone, anywhere to publish any information concerning the matter - which is of course facially wrong and fractally nonsensical; how could he purport to suggest that a British court could override the first amendment in the USA, just for starters?!

(Interestingly, every time the story comes up, every UK newspaper report I've seen mentions that injunction, and continues to parrot the line about it having jurisdiction over the entire world, uncritically. I wonder why; they *must* know it's a load of rubbish!)

Equifax reveals full horror of that monstrous cyber-heist of its servers


Re: And how...

I think you miss part of my point.

This is a case where the company has very publicly demonstrated failure to keep some very important personal data safe; that's _why_ the story has been such a big deal.

I'm asserting that, quite apart from the general principle, such cases are ones where 'severe breakdown in trust' _overrides_ any concept of 'legitimate interests' and would (or should) allow the subject to compel the deletion of data. It's especially egregious in the case of credit reference agencies, as the subject has NO direct contractual relationship with the agency; they're not in any sense a 'customer' of the agency, and they're not free to 'take their business elsewhere' in a free market.

That's why credit reference is an example of a special case where 'legitimate interests' is (or should be) FAR less compelling even under existing law.


Re: And how...

Well if it's possible for anyone to delete their data, the presence or absence of that data can no longer be relied upon; it'll break entirely away from the 'everyone leaves a data footprint' way of thinking that seems to have grown up with remarkably little question or oversight.


And how...

If we're sufficiently angry about this, can we tell Equifax "I don't trust you to hold my data; I require you to delete every piece of data you hold on me"?

It would seem a reasonable request in the circumstances - but is it possible? If not, data protection laws are worth very little. We need the ultimate sanction, as individuals, of being able to easily compel companies and organizations to delete all identifiable data they hold on us.

Having ended America's broadband woes, the FCC now looks to space


Since when does the FCC regulate satellite launches?! Wouldn't that be down to the... FAA or something?

And, there's a space treaty which has been in force for a long time and which places the responsibility for regulating commercial space activities on the country *from which they are launched*.

Americans sometimes have funny ideas about this stuff - I seem to remember a small kerfuffle a few years ago where the US purported to assert the right to regulate the sale of satellite images, even when they were taken from a foreign-owned satellite and offered for sale overseas.

Cryptocoin investors sue Chase Bank for sky-high credit card charges


Re: The Bank is RIGHT

You can absolutely buy foreign currency with a credit card in the USA. Just the first result:


So I don't see how, if you can buy Euros with a credit card (or indeed a bank loan), you can't buy cryptocurrencies with a credit card. It should absolutely be possible.


This kinda emphasizes the problem with cryptocurrencies at present.

It's the tulip bulb problem - by which I mean, people who bought and sold tulip bulbs had little or no interest in *flowers* or in *growing the bloody things*; they were simply vehicles for pure speculative bubble investment that had no relation to the bulbs actual utility in the real world.

Likewise, people generally don't buy cryptocurrencies to *spend* or to *use as currencies*; it's mostly pure speculation; their utility as functioning currencies is limited in the extreme.

That's a MASSIVE red flag.

Hold the phone: Mystery fake cell towers spotted slurping comms around Washington DC


Re: This has been a scandal for years

Surprised it's so slow. The last 2G network was turned off in Australia last year IIRC, and there's only one left in NZ; the penultimate one was turned off here a few weeks ago.


This has been a scandal for years

What are the telcos doing to secure THEIR networks against such devices?! It's their networks that are being spoofed; they should by now have some secure authentication to ensure that phones ONLY connect to genuine cellphone towers, not Stingray and other devices of that ilk.

Google, Apple etc. moved quickly to make communications more secure after the Snowden revelations - crypto on by default, end-to-end encryption, crypto on the backbone etc. But what have we heard from the telcos about Stingray? Crickets. Why? El Reg should be asking them hard questions, and being persistent about it!

Intel admits a load of its CPUs have Spectre v2 flaw that can't be fixed


So if they can't fix them...

...with microcode, will they offer to replace them as they did with the defective Pentium FDIV hardware?