* Posts by Matthew Brasier

40 publicly visible posts • joined 7 Jan 2014

Z-Library operators arrested, charged with criminal copyright infringement

Matthew Brasier

Re: Wrong Target

As an author I can tell you no-one is getting super rich in the publishing chain. There are many people involved in writing, editng, typesetting, producing, printing and distributing a book, and they all need to make a living. While I agree the current system isn't working well, the answer is not "arrest the people doing the job in the way current laws let them", and nor is it "let people have all this work for free".

HDD Clicker gizmo makes flash sound like spinning rust

Matthew Brasier

Re: Cool...

Paper tape? Why not go for the sound of delay-line waves sloshing about in baths of mercury?

PanWriter: Cross-platform writing tool runs on anything and outputs to anything

Matthew Brasier

Interesting option

This looks pretty interesting. I usually use scrivener because it provides an easy way of re-organising chapters and paragraphs, but it's more complex than I need. I will give this a go.

Google promises to adjust search algorithm to favor 'people-first content'

Matthew Brasier

Re: What is this 'Google' you speak of?

Much as I want Qwant, Brave, Duck-duck-go, etc to be viable alternatives to google, they still mostly don't provide useful results. Or at least it feels like searching on Altavsita used to. I am worried that the reason google (while worse than it used to be) returns more relevant results than its competitors is precisely the kind of user tracking and analysis that make the competing products attractive. (I.e. if I google knows enough about who I am to know if I search for Camel documentation I mean the apache project, not the humped animal - something the above search engines all fail spectacularly at).

5G C-band rollout at US airports slowed over radio altimeter safety fears

Matthew Brasier

frankly unlikely to have an effect on airline safety

Unfortunately "frankly unlikely" is not good a good enough margin of error for filling an aluminum tube full of people, hurling it through the air, then trying to land it precisely on a 40ft wide strip of tarmac in dense fog with a 40kt crosswind.

If you didn't store valuable data, ransomware would become impotent

Matthew Brasier

Re: So instead of...

This is the kind of argument that normally appears before someone tells you that Web3 will solve everything. Early web technologies such as PKI, web servers, email, etc envisaged high levels of decentralization, with everyone running their own web server, managing their PKI trust chains, etc. People don't want that. Cryptocurrencies and NFTs are already showing us that if you leave end-users to control their own security permissions they get scammed left, right and center. Giving people even more fine-grained permissions and asking them to take responsibility for managing that themselves is a recipe for disaster.

NASA's SOFIA aircraft preps for final flights ahead of mission end

Matthew Brasier

Re: Fun fact

Many years ago I attended a session by my local Astronomy society where one of the scientists from SOFIA presented. Its a fascinating bit of kit and did some great work, but is somewhat hindered by NASA aircraft being legally registered as military aircraft, preventing it from flying over or near countries that are unfriendly with the USA.

It's fake ooze, don't fall for fake ooze: Alien fossils found on Mars might just be simple chemistry, uni pair warn

Matthew Brasier

Glad to see this research

My father was deeply involved in astrobiology research, and trying to persuade more excitable scientists to set a high bar before declaring anything as "life". He is sadly no longer with us, but it is great to see others are continuing where he left off.

YouTubers fell for shady 'sponsors' who seized, then sold, accounts

Matthew Brasier

Re: Too good to be true?

HTTP (not HTTPS) is a stateless protocol, the server has no way of knowing that a request relates to a previous request other than if the browser sends some data (which is the cookie) to alert the server to the fact that you have communicated before. There is no reliable way for the server to see the real IP address of the client because any kind of load balancer or HTTP proxy will mean that the "source" of the HTTP connection is the LB or proxy. There is a workaround to put the source IP address in as a header, but that can be faked as easily as the cookie.

With HTTPS it gets a bit easier for the server. HTTPS has the concept of a session (the duration for which the session keys negotiated are valid) and because only the originating server should know about the session key the server can be fairly sure that the client is the one that originally logged in. The HTTP session (unless you are using client auth) doesn't know anything about who you logged in as though, because the HTTPS session is established before you log in. Most modern HTTP servers will connect the HTTP session cookie with the HTTPS connection, which makes it a lot easier for the server to ensure the session is aligned to only one (HTTPS) connection, but this functionality can break in some scenarios (such as if you want to allow a user to log in using FORM authentication if client-cert authentication failed), or when using certain SSO providers.

TLDR; Because plain HTTP is stateless, its easy to steal HTTP session cookies, HTTPS can sometimes make this easier because you can tie the HTTP Session cookie to an HTTPS session.

AWS Free Tier, where's your spending limit? 'I thought I deleted everything but I have been charged $200'

Matthew Brasier

Re: spending limit cannot be applied to pay as you go ...in production,

The OP is talking about spending limits, which are a feature of Azure - which is a Microsoft Product, not AWS which I am sure they are aware is not.

SAP exec reminds the world that Microsoft is a customer

Matthew Brasier

Re: As you note...

The larger an organization is the more likely it has a wide range of software, much of which will have come from mergers and acquisitions, or from departments or operating companies selecting their own solutions. For large companies like Microsoft the answer to the question "does your company use product X" is almost always going to be yes, as it only needs one small team to be using it.

This is why I pay very little attention to logo slides in vendor presentations. You will regularly see the same large companies cited as clients of 3 or more software vendors in the same industry because different teams select different products.

Hollywood drone pilot admits he crashed gizmo into cop chopper, triggering emergency landing

Matthew Brasier

Re: Helicopter danger

Going back to the point about helicopters crashing in residential areas. Cars, motorbikes, etc all crash in residential areas more often and cause a lot more injuries and fatalities. I assume you are in favour of banning these much more dangerous vehicles (for which very little training is required to operate them compared to a helicopter) first?

Matthew Brasier

Re: Helicopter danger

The sensitivity required to identify the heat signature as that of a person, identify that person as distinct from other persons and track them for a period of time, while maintaining an evidential quality recording suitable for use in later proceedings. We aren't talking about hobby equipment that mostly does the job. We are talking about equipment that can provide evidence for use in a court.

You only live twice: Once to start the installation, and the other time to finish it off

Matthew Brasier

Re: Fairly Frequent Flier

Several years ago I went on my honeymoon to Australia, and as my wife and I are keen scuba divers, we took full sets of SCUBA equipment with us. My regulators are pretty expensive and I didn't want to trust life-maintaining equipment to airline baggage handlers so I kept mine in my hand luggage. The security staff at both Birmingham (UK) and Dubai (stop over) found the long rubber tubes with large metal attachments to be very suspicious and I was subjected to long delays at security at both airports while they performed every test they had and consulted with ever-growing chains of management. Luckily SCUBA regulators are a common sight for the security staff at all the Australian airports and they didn't even ask me to open the bag.

Rocket Lab boss Peter Beck talks to The Reg about crap weather, reusing boosters, and taking a trip to Venus

Matthew Brasier

Re: Venus

Venus probes tend to have a very short lived lifespan, and it has a much less hospitable environment for radio signals. Simply put, for the same cost as getting a little data from venus, you can get a lot of data from mars. However it is starting to get to the point where a little data from venus offers more unique insights than "yet more data from mars".

Not the Wright stuff: Bitcoin 'inventor' loses bid to sue YouTuber who called him a liar

Matthew Brasier

Bootnote

The best part of this article is the bootnote - I am tempted to start appending it to all text I write on the internet.

Latvian drone wrests control from human overlords and shuts down entire nation's skies

Matthew Brasier

600ft is too low for primary air traffic service radars. Radar installations are placed on high ground and look upwards, there is too much "noise" near the ground for them to be any use. They are intended to assist in deconflicting and dispatching search and rescue for aircraft, and laws generally prohibit aircraft flying below 500ft other than during take off or landing. The radar at the local airport I fly from (or did when such things were possible) can't see aircraft below about 1400ft. As such a drone flying at 600ft is literally under the radar.

Cyber-IOU notes. Voucher hell on wheels. However you want to define Facebook's Libra, the most ridiculous part is its privacy promise

Matthew Brasier

Re: "That said, it's no worse than your money held on your bank account"

The point is that it is protected when the institution becomes unstable. It is underwritten by the government financial services compensation scheme. If the bank goes bust you will eventually get your money back from the government. Although that may take some time it is better than losing it altogether.

Windows Subsystem for Linux distro gets a preening, updated version waddles into Microsoft's app store

Matthew Brasier

Re: Debian on WSL

As a software developer, I generally try and pay other software developers for their work whenever I get an opportunity. I have used Ubuntu on WSL for quite some time now, it is significantly more convenient than firing up a whole virtual machine when all I want to do is fire off a few commands using SSH or the AWS CLI. However distros running on WSL often have a few bugs, and a distro specifically targeting WSL sounds like something I am happy to pay for, especially given its the cost of two beers.

Fun fact: GPS uses 10 bits to store the week. That means it runs out... oh heck – April 6, 2019

Matthew Brasier

Re: Does anyone still use them?

I don't like having "The device that stops be getting lost if the weather gets really bad" and "The device I would use to communicate with emergency services if I become lost" being the same device.

I can see how for navigating towns or driving, a phone can do the job (although I still use a dedicated GPS for driving) but for walking, a dedicated GPS is a very sensible investment.

Who had ICANN suing a German registrar over GDPR and Whois? Congrats, it's happening

Matthew Brasier

Re: "The vast majority"...

Its not really the collecting of the technical and admin contacts that is the issue, it is the publishing of them in the whois database. If they were collected by the registrar, and kept private by the registrar except in the case of a court order or other legal mechanism (as nominet is doing with .co.uk addresses) there isn't an issue - the registrar has the data that it needs to perform its contract, and can provide that information where there is a legal basis to do so.

The issue is that while ICANN claims to operate in the interests of the domain registrars, its main objective here is to ensure that IP lawyers can continue to use the whois database to identify where domains may sound vaguely similar to a well-known brand, and then charge the well-known band thousands of pounds to hound the owner of the domain until they give it up.

Activists hate them! One weird trick Facebook uses to fool people into accepting GDPR terms

Matthew Brasier

Re: Facebook Income

It is true that their income comes from selling advertising space, but the value of that advertising space is created because it targets individuals based on their gathered personal information. If I am an advertiser, I am going to pay considerably more for an advert on a page of someone who fits my target demographic and has had conversations about my products with their friends, than for an advert on a page of a random individual.

How 'parasitic' Google's 'We're journalists!' court defence was stamped into oblivion

Matthew Brasier

Re: I may be misunderstanding the process but...

It isn't different to Bing etc, all the major search engines do it, because when someone searches for a topic then often a well written (if such a thing exists) wikipedia article on the subject is a great place for them to start.

Your code is RUBBISH, says GitHub. Good thing we're here to save you

Matthew Brasier

Vulnerabilities in libraries are not vulnerabilities in applications

We have a number of customers that do their own dependency scans for CVE vulnerabilities using the OWASP dependency checker plugin, it finds vulnerabilities all the time, but having a vulnerability in a library does not mean the application is subject the that vulnerability. It may be in part of a library that is not used, or it may only be exploitable under a specific set of circumstances which will never occur in the application.

Even if you are exposed to a vulnerability, it is often in a 2nd or 3rd tier dependency and you are dependent on the frameworks you are using updating their dependencies, rather than it being anything you can fix yourself.

The key thing is to be aware of what vulnerabilities you are exposed to, and have mitigations in place (or be prepared to accept the risk), it is not feasible to aim for zero reported CVE vulnerabilities.

Uber saddles up for a new cycle of controversy

Matthew Brasier

Locking to railings?

How long before people start locking the bikes across peoples gates or to other peoples property, forcing the property owner to pay to unlock the bike and get access to their property?

Serverless: Should we be scared? Maybe. Is it a silly name? Possibly

Matthew Brasier

Re: Problematic

It isn't completely out of your control, there are a number of things you can do to control costs in a cloud environment, from picking the right technologies in the right places, applying limits etc. This is broadly what "cloud architecture" is about (the drawing a cloud on a bit of paper with arrows going in and out of it is to real cloud architecture, what "Enterprise architecture" was to real systems architecture). Most cloud vendor architecture certifications recognize this, and focus on cost control (along with security) as one of the key pillars of architecting a system.

Baywatch hero drone saves silly struggling swimmers Down Under from going down under

Matthew Brasier

Re: Walks like a duck?

Its unlikely to be part of a demo - those swimmers are in some pretty rough water. It would be pretty silly for lifeguards to put swimmers (even well trained ones) in actual danger to demonstrate a new toy.

It's a decade since DevOps became a 'thing' – and people still don't know what it means

Matthew Brasier

Every time a customer of mine says they do devops I ask the developers how they are getting on with being paged at 4am to support the system. They always look horrified and tell me they don't have pagers because the operations team do that. They aren't happy when I say they aren't doing DevOps then - a key feedback look of DevOps is that developers feel the pain of operational support, resulting in them putting in more effort to make sure that issues are properly resolved and the system is reliable and stable.

Let's make the coppers wear cameras! That'll make the ba... Oh. No sodding difference

Matthew Brasier

Rational vs irrational behaviour

I agree with the poster above that the key issue is that the camera can provide a record of what happens. If we make the assumption that the majority of police are not outright psychopaths, we can probably assume that the situations in which they use force are ones that they believe at the time it is justified. There are quite a few reasons (from psychological "tunnel vision" syndromes through to plain racist beliefs) that can cause a police officers interpretation of the situation to be incorrect, but it is unlikely that in the kinds of events being considered, for the majority of officers, that wearing a camera is going to change their interpretation of the situation (they feel that they or the public are in imminent serious danger).

What a camera can do, when reviewed in hindsight, is provide information as to what kinds of situations are often mis-understood, which could be essential in having targeted training and assistance to ensure that officers better interpret similar situations in the future.

'Screaming' man fined $149 for singing 'Everybody Dance Now'

Matthew Brasier

RE: I'd like "furious cycling"

You probably wouldn't, it is only ever used when a cyclist kills someone.

Europe-wide BitTorrent indexer blockade looms after Pirate Bay blow

Matthew Brasier

That's different, purchasing from Amazon US when you are in the UK is not the same as purchasing from Amazon EU when you are in the EU (independent of which EU nation you are in).

NASA agent faces heat for 'degrading' moon rock sting during which grandmother wet herself

Matthew Brasier

Some facts

My father, who was a pretty well respected geologist, was one of the few non-americans to work with NASA moon rocks. They are indeed very protective of them, mostly because the cost of obtaining them was very high, and they are one of the few sources of "uncontaminated" geological samples from the moon. There are plenty of "moon rocks" in the form of lunar meteorites (parts of the moon that got smashed off in impacts and found their way to earth) but these have been lying around on earth for many years, and so are contaminated.

Part of the value comes from the fact that geological experiments are often destructive - they involve dissolving bits of rock in acid etc - so the rock gets used up over time, and there are no current plans to realistically obtain any more.

NASA also definately do have "agents" of various types. Having attended the launch of the curiosity rover, they also had what could be described as a small military, who were responsible for enforcing the exclusion zone around the rocket before and during take-off.

Web-app devs note: Google wants to banish JavaScript dialogues

Matthew Brasier

Re: What about applications

That should be fine though, the proposal isn't talking about getting rid of the ability to create dialogues, its talking about getting rid of the ability to create dialogues that you must interact with before you can do anything else.

You can still pop up a dialogue asking if the user wants to save what they were working on, you just can't force the user to interact with it.

Headphone batteries flame out mid-flight, ignite new Li-Ion fears

Matthew Brasier

Water

They poured a bucket of water on what was suspected to be a lithium fire?

Java? Nah, I do JavaScript, man. Wise up, hipster, to the money

Matthew Brasier

Re: @wolfetone

Actually, Java was designed to be a language to program set top boxes, it was never designed to replace C/C++ etc. That just kind of happened along the way.

I guess your younger than you think.

Oracle crushes Apiary's hope in slightly awkward email to customers

Matthew Brasier

Standard safe harbour

The stuff about not making purchasing decisionso etc is oracles standard legal disclaimer they put on any product or slide that talks about roadmaps or future versions. It's not really slapping them down in an addendum, it's boilerplate text.

That being said the future of products acquired by oracle is never very clear.

Sainsbury's Bank web pages stuck on crappy 20th century crypto

Matthew Brasier

My wife raised this with their customer support desk last year, who eventually got back to her with "Our site uses industry standard encryption" - She replied that it was industry standard in 1999, but got no reply,

EA Games rubbishes Pastebin breach claim

Matthew Brasier

Re: Ea are well practiced for something that never happens.

The fact that EA accounts are regularly compromised does not indicate that EA have been hacked, it indicates that people who play EA games have weak security.

My experience is that often people set weak passwords on accounts that aren't thought to be important (it's just a game) and then forget to update them when they later add payment details to the account for in-game purchases etc.

Larry Ellison's yacht isn't threatened by NoSQL – yet

Matthew Brasier

I don't think that sales of big data products shows that companies have big data problems they are trying to solve. In my experience what it shows is that they have relational data problems they are trying to solve, and they want to pretend they are as big and unique as google.

Bay Area plots Googlebus tax after local residents riot

Matthew Brasier

Re: Fair's fair

"It's completely different. They could stop their private buses anywhere that it is legal to stop a private vehicle, and do pick ups there"

Correct - however one of the places where it is not legal to stop a private vehicle in the state of California is at a public bus stop.