* Posts by MJB7

578 publicly visible posts • joined 27 Nov 2013

Page:

SBF's right-hand woman praised for testimony – and jailed for two years

MJB7

Re: Sneaking suspicion...

I don't think that is fair. It was in reply to "hers [sic] being the prettiest she got off lightly" - now that you can apply your rule to.

Starlink's new satellites emit 30x more radio interference than before, drowning cosmic signals

MJB7
Stop

Re: Look...

"Most people on the planet live in the wilds "

The UN says 55% of the population live in urban areas, and this is expected to increase to 68% by 2050. OTOH, it is true to say "Quite a lot of people live in the wilds".

(I'm actually surprised it's as low as that - I would have guessed 75% urban now.)

Boeing's Starliner set for extended stay at the ISS as engineers on Earth try to recreate thruster issues

MJB7
Boffin

Nominal return to earth

"Nominal return to earth" doesn't mean what you think it means. In this context, "nominal" means "according to the expected flight plan". It doesn't mean "roughly" or "approximately".

"Nominal" is a _good_ thing to hear in space flight.

How many Microsoft missteps were forks that were just a bit of fun?

MJB7

Re: Don't mention Visual Source Safe

I never did get round to writing my "Project Manager's Guide to Using VSS as an Excuse For Why Your Project is Late". Step 1 was going to be "don't have sufficient disk space", and Step 2 was "don't have backups". (There were several more rules. I have forgotten them now.)

Unfortunately, our IT department had procedures in place to make both Steps 1 and 2 unnecessarily difficult.

Elon Musk to destroy the International Space Station – with NASA's approval, for a fee

MJB7

Re: Language

Any noun can be verbed (in Indo-European languages at least), and we have been doing it (and the reverse) for millennia.

DARPA searched for fields quantum computers really could revolutionize, with mixed results

MJB7
Boffin

Re: computational fluid dynamics (CFD)

Err, when DARPA write "incompressible CFD" that means the easy stuff - with fluids like water whose compressibility can be ignored.

The fluid in a nuclear fusion reactor is very, very, compressible which makes the fluid dynamics much harder. Not only that, it is a plasma, so the particles are all charged, and if you have moving charged particles you need to consider magnetism. There are people who try and model magneto-hydro-dynamics, but it's ... not easy.

Of course, that doesn't nullify your conclusion "quantum computers won't solve nuclear fusion" - if they can't do the easy stuff, what hope have they got with the really messy stuff?

Christie's stolen data sold to highest bidder rather than leaked, RansomHub claims

MJB7

Re: Smelling Bullshit Here [Money-Laundering]

It adds another layer to get through, and while you may think it doesn't happen the law in the UK says that auction houses have to do due diligence on purchasers who spend more than €10,000 (and that currency symbol is not a typo). See (for example) https://www.mallgalleries.org.uk/anti-money-laundering-legislation.

The EU has the same rules, and I am pretty sure so does America too.

Security pioneer Ross Anderson dies at 67

MJB7

Re: Retiremant Age

UK academics are on a career-average pension now. That's not quite as generous as the previous final-salary pension, but it's still very comfortable.

BOFH: The Christmas party was so good, an independent inquiry is required

MJB7

Re: Plagiarism?

Point of order: Cummings is not "an honourable gentleman". Not even in the language of the Palace of Westminster. That is reserved for Members of Parliament, and Cummings has never done anything so beneath him as to ask the common populace to vote for him.

Google Groups ditches links to Usenet, the OG social network

MJB7

Google has decided [the modern internet] doesn't need Usenet anymore.

No. Google has decided Google doesn't need Usenet anymore.

However, I used to follow a dozen groups or so, and I haven't looked at any of them in certainly the last five years. I doubt I am alone.

Canon claims its nanoimprint litho machines capable of 5nm chip production

MJB7

Re: “ a mask imprinted with a circuit design”

The boring answer is almost certainly electron beams. Cutting very fine details with an electron beam has been possible for ages (I think that's how existing masks are made). The problem for chip lithography is that electron beam is _slow_ (you only cut one bit at a time). An optical mask can cover the whole chip in one go.

PhD student guilty of 3D-printing 'kamikaze' drone for Islamic State terrorists

MJB7

Re: explicitely creating schematics for an explosive warhead

Somebody created schematics for an atom bomb for their PhD to prove that it could be done from publicly available information.

Intel spices up its FPGA game with open source and RISC-V freebies

MJB7

Re: Giving Away Free Stuff?

My employer has recently moved from separate crypto accelerator to FPGA - and expect to go further.

Toyota servers ran out of storage, crashed production at 14 plants in Japan

MJB7

Re: Lost in Translation?

> Also, I would posit it would be organiSed, but it appears Toyota speaks American rather than English :)

Or maybe they speak proper English, as recommended by the Oxford English Dictionary? en.en-gb-oxendict ftw!

Microsoft: China stole secret key that unlocked US govt email from crash debug dump

MJB7

Re: Alternative explanation..

> I'd think even a half-competent government can probably build their own data centers and go fully open source for about the same price.

Do you mean "a government which is half-way along the list of governments sorted by competency"? Looking at the number of government-based IT disasters, I really doubt it.

Or do you mean "a government which is half-way to being fully competent" ? I'm not sure there are any of those.

BOFH: What a beautiful tinfoil hat, Boss!

MJB7
Boffin

Re: ECO DECT

> Plants expirate oxygen, not CO2.

Plants expire CO2 at night.

Space junk targeted for cleanup mission was hit by different space junk, making more space junk

MJB7

Re: Newton on line #2

> Can someone explain to me how a hyper-velocity impact with a satellite fails, enough to break chunks off, does not result is a significant effect on the orbit?

Not sure what the actual numbers are here, but:

1 tonne (1 Mg) stage in orbit.

10g "thing" smacks into the stage at 10,000 m/s relative to the orbiting stage. That's quite a bang, and could easily crack something off, but it changes the momentum by 100,000 gm/s - which is a change in velocity of 10cm/second. Typical LEO orbital velocities are about 8,000 m/s (which is why I chose 10,000).

Net result: The orbit changed (of course), but not significantly. A 10kg bullet would make more of a difference - but it would still be pretty small.

Tesla knew Autopilot weakness killed a driver – and didn't fix it, engineers claim

MJB7

Re: Big plastic wind deflectors

They may cost more than side-bars under the trailers - but wind deflectors save money in the medium term (by reducing fuel consumption - which is something truck owners care _deeply_ about).

Discord.io pulls the cord after crooks steal 760K users' info

MJB7
Boffin

Re: Good and bad here

> Passwords salted and hashed, miscreants aren't going to be able to do much with that

Depends _how_ it is hashed. If it PBKDF2 with 1000 iterations of SHA1, it'll take longer to download the data than to find if the password is one of the top 1000 passwords.

If they are following OWASP recommendations and using Argon2id with a minimum configuration of 19 MiB of memory, an iteration count of 2, and 1 degree of parallelism then I agree. However "following OWASP" probably isn't the way to bet in this case.

... but I do agree that they deserve plaudits for being upfront about the situation.

Virgin Media email customers enter third day of inbox infuriation

MJB7

Re: People needing access to tickets...

I couldn't be bothered to set up Thunderbird account when I switched to a new laptop ~10 years ago. The Gmail web interface is "good enough". Yes, yes, I understand the benefits, but life is too short.

Amazon Prime too easy to join, too hard to quit, says FTC lawsuit

MJB7

Different UI in America?

I wonder if I see a different UI (connecting to amazon.de). The last couple of times I have signed up for a free 3-months Prime trial, I have found it really quite straightforward to cancel my Prime membership.

I also like the fact that I can sign up, place the order, and then cancel it - but it still lasts until my three months is up.

Lenovo's Yoga 9 is flexible at home, but stretches the friendship at work

MJB7

receiving MFA texts on their own phones

Err.

1. SMS is the _least_ secure MFA option (by a substantial margin). Use a TOTP generator instead.

2. There are certainly a substantial number of people in my office who won't install a a custom app to act as a MFA token on their own phones. I don't _know_ whether they would accept texts - but I wouldn't want to bet on it!

DC thermal management, power kit is getting easier to find and a lot more expensive

MJB7

Is it just me?

I read "DC .... power kit" and thought this was talking about "Direct Current" rather than "Data Centre".

False negative stretched routine software installation into four days of frustration

MJB7

Re: Marital Status: British

Minor nit: I _think_ even Alabama now insists on children being at least 14 before marrying.

A 13yo legally married to an adult in one of the United States is probably legally married in the UK. They just can't have sex in the UK (and the adult is at risk of being prosecuted for having sex in America).

MJB7

Re: On the other hand...

The worst bug I ever came across was a memory corruption bug that only occurred if the username had an odd number of characters. The programmer who kept encountering the bug did. The programmer who was trying to debug it had an even number of characters in their user name. That was _days_ of fun!

(This was before valgrind.)

Supernova peekaboo could provide clues to our universe's age

MJB7

Re: Physics check please

Photon's have no rest-mass. However they have energy, and hence have a (non-rest) mass. A dense cloud of photons can gravitationally distort space.

Cheapest, oldest, slowest part fixed very modern Mac

MJB7

Re:Lights on the same circuit as power

Standard practise in Germany. Don't forget, everything is on a series of 16A radials, rather than ring circuits (and neither appliances, nor lights, have fuses).

The safety and cost trade-offs between the UK and European systems are complex - but neither is per-se dangerous.

Upstart encryption app walks back privacy claims, pulls from stores after probe

MJB7

Re: RSA

It is perfectly possible to write secure systems with RSA. What's wrong with it, is that it is slower to sign/encrypt than a corresponding EC algorithm, and it is _much_ slower to generate a new key. That last point matters if each participant generates a new keypair for each message (as they should), and only uses the persistent key pair for authenticity.

There _is_ a theoretical point that because quantum computers break asymmetric cryptography in a completely different way to classical computers, a quantum computer that can break RSA-3076 will need about 12 times as many qbits as one that can break NIST-P256. If quantum computers develop at something like Moore's Law (a _big_ if), that gives RSA-3076 about a decade advantage over P256.

MJB7

Re: Signal AND WhatsApp?

Sure, Signal has _much_ better security than WhatsApp - but while Signal is top of the Premier League and WhatsApp is low in Division 1, Converso is a bunch of mates who get together for a kick-about and a beer.

Astronomers say they've seen the largest explosion yet – and we just had to talk to them

MJB7

Re: Would it even be possible for black holes to suck each other up?

Absolutely. And we have seen it happen multiple times: https://en.wikipedia.org/wiki/List_of_gravitational_wave_observations.

The usual term is "merger" rather than "suck each other up".

BOFH: Ah. Company-branded merch. So much better than a bonus

MJB7

Re: Acronym-Ignorant

The Cambridge Maths Tripos Part III is a fourth year of university which prepares students for a career in mathematical research. The questions on the exam paper are often of the form "Prove or counter-example the following proposition". Legend has it that the exam setters don't always know the answer.

Is there anything tape can’t fix? This techie used it to defeat the Sun

MJB7

Re: Not only mice

You are referring to Zaha Hadid. Coincidentally I was in her fire-station this morning. It was a fire station for a big factory - run by Vitra, which makes designer furniture and is famous for having a factory site with examples of amazing architecture. The fire station is a fabulous bit of a sculpture, but is indeed useless as a fire station.

The Hubble Space Telescope is sinking! Two startups want to save it for free

MJB7

Who's going to pay for this?

"NASA is not going to spend any money on this" - I know space launches are getting cheaper, but they are still not cheap.

I don't think anyone is going to pay for a launch "for the exposure".

You can cross 'Quantum computers to smash crypto' off your list of existential fears for 30 years

MJB7

Wow!

Adir Shamir, Clifford Cockes, _and_ Whitfield Diffie on one stage!

If you don't get open source's trademark culture, expect bad language

MJB7

Just because "rust" is a generic term in one context doesn't mean it can't be a trademark in another. A domain for the movie will contain the word rust, but it won't be the Rust language trademark.

Automation is great. Until it breaks and nobody gets paid

MJB7
Headmaster

Re: "execute his target script 16384 times"

Not exponential: quadratic.

Quadratic is nasty - it won't bite in testing (like exponential usually will), but it bites with a vengeance in production!

Yes, I am a pedant. Why do you ask?

MJB7
Windows

Re: 15 bit computers?

Good grief! Doesn't _everyone_ know that signed 16-bit integers overflow when you increment past 32767? Really?

Icon, my age.

MJB7

Re: I have consulted in many places over the years

Good grief, we have 100's of shell scripts in our git repos - and you can can't any of them without a code review. (I am trying to convert many of them to python scripts - but that's a _long_ term project).

Uptime guarantees don't apply when you turn a machine off, then on again, to 'fix' it

MJB7

Re: wait till a support person arrived

I don't think that is what the problem was.

They should have dispatched the engineer _straight away_, in case the on-site engineer was needed. Then they should have diagnosed and fixed the problem remotely (and then told the engineer to come back).

The alternative is wait an extra half an hour while they diagnose the problem and realize they need an on-site engineer. That's half an hour wasted.

MJB7

Re: meet "Rod"

I'm never really very convinced about effective the Regonomiser is, and how true the "not his real name" bit is.

Germany sours on Microsoft again, launches antitrust review

MJB7

Um, putting Bavarian chauvinism to one side for a moment, you do know that Munich is actually in Germany don't you?

AWS security exec: You don't want to win this database popularity contest

MJB7

Re: The Easy Path was Taken: Why?

Security is difficult, but the one thing you _don't_ need in your list is "an understanding of the maths of cryptograph" (let alone a deep understanding). What you _do_ need, is to understand what promises a cryptographic primitive makes and what promises it _doesn't_ make.

As an example, I know almost nothing about AES or 3DES beyond "stick a secret and a key in here, magic happens, and ciphertext appears out here". However I _do_ know that these only promise that an attacker cannot determine the secret given the ciphertext. What they don't promise is that the attacker can't modify the ciphertext in a way which modifies the secret. For that, you need an AEAD scheme like AES-GCM or AES-CBC + HMAC.

Boffins claim discovery of the first piezoelectric liquid

MJB7

Re: Interesting question

The materials under discussion are described as "ionic liquid salts". If it's a liquid which is full of ions, it is hard to see how it could _not_ be a conductor

(But as they've already done one impossible thing before breakfast, there's no obvious reason they shouldn't do another.)

Google's claims of super-human AI chip layout back under the microscope

MJB7

Re: Not exactly "natural", is it?

The magazine was up and running long before the meaning of “Nature” ...

Exactly. I studied "Natural Sciences" at University, which in my case meant Physics, Chemistry, and Metallurgy.

Are you ready to go all-in, head-first, on a laptop? ASUS's Zenbook Pro 16X asks for that commitment

MJB7

Re: IEC lead

The trouble with having the plug cast into the body, is when you go abroad regularly. With an IEC lead I can take my charger and the right IEC lead and I'm good. With a moulded-in plug, I need an adaptor (which in Switzerland for example will obstruct both the other sockets in the outlet).

White Castle collecting burger slingers' fingerprints looks like a $17B mistake

MJB7

Re: ..a gut-wrenching decision for White Castle's legal team..

This isn't the first court; this is the Illinois Supreme Court. There is no appeal unless they want to try and claim the Illinois state law violates the US constitution (_and_ they can persuade SCOTUS to take the case).

Uncle Sam wants to strip the IoS out of IoT with light crypto

MJB7
Boffin

Remember folks, the S in IoT stands for "Security"

(shamelessly stolen from cryptography.stackexchange.com)

MJB7

Re: "...lightweight cryptography..." ... Or More Misdirection?

RSA 1024 is only acceptable for historic protocols. It should not be used today. RSA 2048 is perfectly acceptable today, but for longer term security, you need RSA 4096 or higher.

Key generation _is_ slow for RSA. The hardware security module my employer makes can take 15 minutes to generate an RSA16384, and it's got a relatively beefy processor. An IoT device is going to take a while to generate RSA2048 (not to mention the problem of "where does it get the entropy from") - but it doesn't have to do that for every message.

Go to security school, GoTo – theft of encryption keys shows you need it

MJB7

Re: Persistent keys are the problem.....

Firstly, you keep claiming that Alice and Bob can communicate securely "with no transmitted keys and no public keys at all." but you refer to Diffie Hellman.

In the Diffie-Hellman protocol:

- Alice generates a secret key a, and a public key A = e**a

- Bob generate corresponding b and B.

- Alice TRANSMITS her PUBLIC KEY (A) to Bob

- Bob TRANSMITS his PUBLIC KEY (B) to Alice

- Alice computers B**a == (e**b)**a == e**ab;

- Bob computes A**b and they have a shared secret e**ab which they can use to encrypt data.

(Beware: the above is a gross simplification. Do not use this to implement DH.)

Secondly, you have also missed the point that this is _storage_ encryption. Communication (data in transit) can use ephemeral keys, but data-at-rest must be encrypted by keys that persist until the data is no longer required.

And I haven't even _started_ on the issue that DH is completely unauthenticated, so Alice has no way of knowing she is communicating with Bob and not Eve.

Bringing cakes into the office is killing your colleagues, says UK food watchdog boss

MJB7

Re: Free healthcare

Changing dentist almost inevitably means changing _to_ paying privately. There are very, very, few dentists taking on NHS patients these days (with the possible exception of children - but even that is dying out).

Page: