* Posts by really_adf

183 publicly visible posts • joined 21 Feb 2017

Page:

The glorious uncertainty: Backup world is having a GDPR moment

really_adf

Re: Not my field of expertise

Keep a log of those people who have successfull requested deletion.

If you restore a backup, re-run deletions from the time of the backup.

That log would be covered by legitimate interest.

Not sure your last point applies but I note only someone restoring data needs to be able to read the log and entries can be removed after the retention period for the data is reached.

Seems like a pragmatic solution to me.

BOFH: Their bright orange plumage warns other species, 'Back off! I'm dangerous!'

really_adf

The fire was in an office where there was one double socket that had, IIRC a PC,a printer, a kettle, a walkie talkie battery charger and a fan heater connected to it via multi plug adapters.

Unsurprisingly the wiring eventually gave up and burst into flames

As long as the kettle was in one socket and the rest connected to the other, that should be fine...

If all hanging off one socket, it might not be quite enough to blow a 13A fuse (20A?) but surely still shouldn't be a problem unless the wiring is faulty (poor contact, incorrect conductor size), the cable is damaged or similar.

I'd guess the most likely candidates are faults in the battery charger PSU or the heater, but the latter would probably be obvious.

Uber jams Arizona robo-car project into reverse gear after deadly smash

really_adf

Re: Autonomous vehicle safety ignored

You cannot equate that with a human who is fully engaged in driving the vehicle, the awareness and concentration required is completely different.

No, the awareness and concentration required is the same. That given was different, thus the collision.

Look how modern we are! UK network Three to kill off 3G-only phones

really_adf

Re: Allocated spectrum

It doesn't matter if it's a state owned monopoly (Network Rail) or a private monopoly (OpenReach). Monopolies are bad - end of.

Interesting point. Network Rail seems broadly analogous to OpenReach but the former was renationalised. While state-owned has issues, that doesn't necessarily make it worse. Though it doesn't mean it wouldn't be, either, but I think that example shows it's more nuanced than you imply.

NASA’s new exoplanet-spotter survives sling past the Moon

really_adf

Re: The dark side? Again?

If you are on earth, looking at a full moon - a fairly canonical mental image - then "dark side" is accurate.

But El Reg should know better.

Android devs prepare to hit pause on ads amid Google GDPR chaos

really_adf

Re: Consent

... running the risk of spending their advertising budget on ads that are shown to random individuals with no interest in the product or service? They might not want to pay for advertising in the latter case

As per a quote I heard: "Half the money spent on advertising is wasted; the problem is working out which half."

So when can you get in the first self-driving car? GM says 2019. Mobileye says 2021. Waymo says 2018 – yes, this year

really_adf

Re: I have a 2018 Nissan Leaf with ProPilot...

No, they just have to work significantly more safely than human driven vehicles, which is actually a pretty low target.

Agreed that AVs don't need to be 100% safe, and that being significantly more safe than humans is a low target. By this measure, AVs may look good even today.

But I wonder if a more important measure is injuries/deaths involving an AV that either would not have occurred were a competent human in control, or are avoided by a human (taking control or in/on another vehicle). I think that needs to be very low indeed, and I suspect is a far greater challenge.

Cambridge Analytica dismantled for good? Nope: It just changed its name to Emerdata

really_adf

Re: Claim They Did Nothing Wrong...

What is it with the culture nowadays, where so many people lie and have absolutely no conscience in doing so ?

I'm not sure whether people have changed, but I think our awareness of their behaviour has greatly increased. And that includes the awareness of other people inclined to behave that way, creating a snowball effect.

GitLab crawling back online after breaking its brain in two

really_adf

Re: GitHub > GitLab

Judge for yourself: just compare the GitHub help with the GitLab help.

Most of what you wrote is about git, not GitHub/GitLab, so is equally true of both. Both also have wikis, although I don't know how they compare.

It's not clear what your point is regarding the help. IMHO some parts of GitLab's help aren't great (to put it mildly), but I've suffered far worse.

really_adf

GitLab self-hosted slurp

Actually, there is some slurp by default, but quite high-level "How many using this feature" type stuff.

Oh dear... Netizens think 'private' browsing really means totally private

really_adf

Re: re Long version

"It's called Stupid User Glossover."

Only if you're a smug jerk. Don't blame the users! The blame lies with Misleading Marketing.

Much as I hate marketing, and am generally cynical, it seems a big assumption that the express intent is to deceive. Like "unlimited broadband" (that you mentioned), "private" browsing is an unavoidable simplification.

Users absolutely have to take some responsibility. The information is right there, they just have to read it. But many don't, and make assumptions.

As I recall, some years ago, Microsoft advertised (on TV) IE's "private" mode as a way to hide something like buying your spouse a present, which it works well for, IP-based advert targeting aside.

Facebook puts 1.5bn users on a boat from Ireland to California

really_adf

Re: privacy protections

Not just me who noticed that interpretation was perfectly valid, then.

Get the FTP outta here, says Firefox

really_adf

Reasons?

Refusing to load http subresources from an https page makes sense, and it is logical to apply that rule to ftp subresources from an https page. Apparently this is already the case.

But I don't see the reason or benefit to block ftp subresources in general. Following links from the article, removing FTP support is mentioned as a possible eventual goal, and I don't have a problem with that, but I don't see this change being a step in that direction.

Slap visibility beacons on bikes so they can chat to auto autos, says trade body

really_adf

Re: Really?

As a bicyclist myself, I can tell you that it's even worse if you're on a bicycle driving by an oncoming bicycle that has one of those things.

Hmm, now I think about it, since they are a near-point-source of light, they could probably be blocked by an extended middle finger...

really_adf

Re: Bricked

How the **** do I know when it's working and when it dies, or just needs jiggling to fix that dodgy connection?

You know it's stopped working when you were cycling somewhere and wake up in hospital...

really_adf

Re: Really?

If you really want to talk about lighting issues, then a far greater problem is the colour temperature of modern headlights causing serious night vision issues for other drivers.

They're bad when driving, but far, far worse when cycling. The same goes for very bright and stupidly aimed cycle lights (flashing or steady).

really_adf

Re: No, it's not AI

This is the same sort of content-free thinking that's brought us DRLs - make cars more visible so you can see them.

It seems to me that DRLs exacerbate the understandable tendency of drivers to look for cars, instead of hazards in general. One could say they train drivers to look for the lights.

It strikes me that it would be likely for "AI" to be far more vulnerable to this effect: "looks a bit like a bicycle, no beacon detected, must be an erroneous recognition..."

Plus I don't see how a bicycle beacon is going to help an AV control system predict action (as opposed to simply being aware of current state) considering signs an attentive human driver can readily pick up on: hand signals, looking over shoulder, pothole/puddle/ice/whatever ahead that the cyclist will move to avoid, etc.

Just when you thought it was safe to go ahead with microservices... along comes serverless

really_adf

Re: Is it just me

I suspect you're right that the spin up /down will add to the cost. However, those costs are less than the savings made from not having hardware sitting doing nothing.

Servers ideally do exactly nothing except when there is a request to serve. I mean "server" loosely here - could be a VM, container, process or thread.

"Spinning up" a server is ultimately a case of getting stuff organised in memory so you have something ready to respond to a request.

So it seems to me that from a hardware perspective, "serverless" is trading CPU and responsiveness for memory. Whether that is a saving depends on many things; I wouldn't say it is a given.

(Of course, there's more to it than just the hardware perspective.)

Leading by example: UK.gov's secure server setup is patchy at best

really_adf

From the article: The government also promotes the secure server setup best practice, not least through a handy guide published by the National Cyber Security Centre here.

That guide suggests using ECDSA or (strong) DH for key exchange, both of which provide Perfect Forward Secrecy (PFS), but for the latter then seems to suggest you might want to deviate to use PFS. Am I reading it wrong or have I misunderstood something?

Uber breaks self-driving car record: First robo-ride to kill a pedestrian

really_adf

Re: Pedantic

Why do supercars have huge actively cooled carbon fibre discs?

Because brakes convert kinetic energy to heat. A heavier vehicle, one braking from higher speeds (especially this), or braking more often needs to be designed to dissipate greater power in its brakes to prevent them overheating.

really_adf

Re: YAAC offered, "UK official stopping distance at 30mph is 23m"

If with perfect reflexes +perfect brakes I can stop from 30mph in 6 car lengths, then the kid is safe if they step out 6 cars ahead of me but not 4. So speed limit in school zones is 20mph = 4 car lengths.

At 20mph rather than 30mph, some collisions become avoidable, but of at least equal benefit is the greater survivability of unavoidable ones.

Developer mistakenly deleted data - so thoroughly nobody could pin it on him!

really_adf

Re: Two years ago

$ set -o nounset

$ echo "rm -rf $xxx/*"

bash: xxx: unbound variable

Or, in case you think nounset is set, but you're wrong:

echo "rm -rf ${xxx:?}/*"

DVLA denies driving licence processing site is a security 'car crash'

really_adf

Re: Certificate chain

"Thus if you run a web app, best to check it in all the major browsers.."

True but primarily for application issues.

For HTTPS configuration, running a test for that specifically (eg Qualys server SSL test) and actually understanding its results is best.

In both cases, if you follow standards, there is a good chance you won't have any problem.

Clearly, the DVLA (or subcontracted entity) didn't do this, which is a big fail.

Oculus Rift whiffed, VR fanbois miffed

really_adf

While it is not completely clear either way, the mention of a specific DLL in various reports suggests to me that what has expired is a certificate used for code signing (or similar) rather than a remote service.

Of course, even if so, that doesn't mean a remote service is not required...

Up to 25% of new builds still can't get superfast broadband – study

really_adf

Danny wrote: Virgin are quite stingy on pushing stuff out of the house.

Ledswinger wrote: That's because they're still using DOCSIS 3.0

As far as I know, they can't go (much) faster upstream without a massive infrastructure upgrade: there are amplifiers along the several-hundred metre co-ax runs, but only for downstream. Upstream frequencies are filtered (frequency division duplex, although each direction is also TDM between users) and bypass the amplifiers. Both the filtering and lack of amplification mean upstream is constrained to low frequencies.

The other way to increase upstream data rates, sharing between fewer people, is also fundamentally limited by current infrastructure (where the cables run), and probably not desirable anyway.

This is based on old information and could be wrong... Happy to be corrected.

Copper feel, fibre it ain't: Ads regulator could face court for playing hard and fast with definitions

really_adf

I used to work for VM (and ntl before that). Cable networks have always been more "fibre-ey" than DSL, but it wasn't until the DSL folks started using the word fibre in ads that the cableco started to do the same.

You have it backwards. Virgin started marketing "fibre broadband" in 2008 (if not earlier). BT VDSL trials didn't start until 2009.

https://youtu.be/PCls_SCpPs4

https://en.wikipedia.org/wiki/BT_Infinity

Ex-Google recruiter: I was fired for opposing hiring caps on white, Asian male nerds

really_adf

[Reverse discrimination] is unequivocally illegal in England, as I understand it things are more vague in the US.

http://www.legislation.gov.uk/ukpga/2010/15/part/2/chapter/2

I am no expert but I don't see that making the common (IME, in England) employer practice of guaranteeing interviews to disabled people meeting minimum role criteria "unequivocally illegal". This is very clearly reverse/positive discrimination.

Intellisense was off and developer learned you can't code in Canadian

really_adf

Re: C fun

Without [case], the names are interpreted as labels for use with goto statements.

Oh good grief. I've no idea how I've never made that mistake (or perhaps it was picked up by the compiler).

Thanks Binky and MacroRodent.

really_adf

Re: C fun

switch (some_enum_variable)

{

constant_a:

some_code1();

break;

constant_b:

some_code2();

break;

constant_c:

some_code3();

break;

}

OK, looks like I'd be in the same situation you were. What's the problem?

Zuckerborg, Microsoft, Amazon letting the side down for green energy among hyperscalers

really_adf

> On the other hand, a small natural gas plant (gas turbine) can be built within a building in the middle of a city, and won't have the losses that you get transferring power over long distances.

Transmission losses of electricity into the middle of the city are probably less than those of gas, and both probably less than the relative efficiency of large scale generation.

Home fibre in the UK sucks so much it doesn't even rank in Euro study

really_adf

Re: It doesn't help

> Nowhere do Virgin claim they do FTTP, and I fail to see where the problem lies here.

I think the point is that if FTTC is sold as "fibre", how do you differentiate FTTP (for the lay person)?

See also "HD ready".

Bring the people 'beautiful' electric car charging points, calls former transport minister

really_adf

Re: And where will they be?

The other thing to consider in that situation is, what is there to stop people from unplugging the cables so the car doesn't get charged.

In my limited experience of one (a BMW hybrid), the cable (or rather, connector at each end) was locked to the car and charging point.

Forget cyber crims, it's time to start worrying about GPS jammers – UK.gov report

really_adf

Re: Big Brother is Watching You

@Voyna i Mor

Audio amplifiers in domestic equipment easily pick up mobile phone transmission IME. I guess it's the transmitter on/off or other low frequency pattern in the signal.

I've also seen disturbance on a CRT TV (analogue UHF signal) but not sure at what stage the mobile signal is getting in.

The effect is real, whatever the mechanism (I'd be interested to know more too).

Crooks make US ATMs spew million-plus bucks in 'jackpotting' hacks

really_adf

Re: "...spew hundreds of dollar bills..."

Does the phrase "Pound Note" mean one UK Pound, or does it include fifty pound notes?

I'm from the UK and a "pound note" can only have a value of one pound*. Same idea for "dollar bill" and I had the same reaction as you to the article wording.

* However, I am old enough to remember their withdrawal 30 years ago, which may or may not be relevant.

Electric cars to create new peak hour when they all need a charge

really_adf

News just in...

... from the Department of the Bleeding Obvious.

Still, at least the issue is quantified to some extent.

Talk about a positive mental pl-attitude: WD Ultrastars shed disks without hit to capacity

really_adf

Re: Speeds?

So a 6T drive at same RPM and same number of platters/ tracks as 3T drive could in theoryl be twice as fast at same position on drive.

Yes but, to a first approximation, the tracks get closer by as much as the bit time gets shorter. End result: sequential transfer rate at a given RPM is roughly proportional to the square root of platter capacity.

7K600: 6TB / 5 platters = 1.2TB/platter

7K6: 6TB / 4 platters = 1.5TB/platter

Predicted improvement:

(1.5/1.2)^0.5 - 1 = 11.8%

Third NAND dimension makes quad bit bucket cells feasible

really_adf

Re: The tragic N "Level" Cell misnomer

Three and four levels is at least useful. With a Single Level Cell, how do you store any data? :)

Genuinely, why is SLC called that? The only thing I can think of is that it refers to writing, not reading or erasing.

PowerShell comes to MacOS and Linux. Oh and Windows too

really_adf

Re: binary pipelines

find ./ -exec ls -l {} \; | awk '{print $3}' | grep . | sort | uniq

Untested but should be useful pointers even if not quite right...

POSIX:

find . -exec ls -ld {} + | awk '{print $3}' | sort -u

GNU find:

find . -printf %u\\n | sort -u

Transport pundit Christian Wolmar on why the driverless car is on a 'road to nowhere'

really_adf

Re: Public transport is already self-driving

Once you try to make public transport in more rural areas (or minor conurbations like Oxford with large rural areas) work, it becomes exactly what Doctor Syntax describes... a royal PITA with bad connections, which leads to negative feedback loops (bad connections = less people using it = more expensive = reduction in services = more bad connections = less people using it...).

Bad feedback loops can exist within an urban area too, eg where I live I've seen Doctor Syntax's diversionary bus route to (badly) cover where there used to be two routes, and more cars on the road -> "I know, let's scrap this bus lane so there's more room for cars" -> worse bus service -> fewer people using it -> more cars on the road...

Seems to me it gets worse for everyone. How do you break the cycle(s)?

We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare

really_adf

Re: Gamers largely unaffected by KPTI?

"Pure guess here - it may be just one single kernel transition to update the world per frame."

Yeah, that's the sort of thing I was thinking of by "batched up". I'm sure once (or even a dozen times) per frame would make KPTI utterly irrelevant from a performance perspective.

really_adf

Gamers largely unaffected by KPTI?

I'm surprised at the note in the article (and elsewhere according to an admittedly brief search) that game performance is not significantly affected by KPTI. Talking to hardware such as a storage controller or network card is mediated by the kernel; this is necessary for security and stability. And applications doing this are affected.

Game code, running on the CPU, needs to continually update the "world" the graphics card draws so, like an application heavy on storage or network I/O, I'd inductively expected games to frequently need kernel transitions and be highly affected. Can anyone enlighten me as to why this is apparently wrong? Is low level access to control the GPU provided into userspace, or are operations batched up to reduce the number of transitions, or..?

Seagate's lightbulb moment: Make read-write heads operate independently

really_adf

Re: What's the point?

Having said that: I never understood why hard drives don't "stripe" across all heads.

AIUI head alignment requires constant adjustment so you can only have one head aligned at a time if they are mechanically linked. Unless, I guess, you massively reduce density and hence capacity.

Thou shalt use our drone app, UK.gov to tell quadcopter pilots

really_adf

Re: Common Sense or New Laws

blcollier: "News reports are not a good indicator, since you only get to hear about the extreme ends of the bell curve and usually it's relayed in a sensationalist manner."

Yes, but try telling politicians (and those that seek to influence them) that.

Mythical broadband speeds to plummet in crackdown on ISP ads

really_adf

Re: Weasel Word...

As far as I can see, the logic is that it's fine because everybody's calling FTTC fibre.

To my recollection, it's all Virgin's fault, as their existing HFC network was transformed overnight to provide "fibre" internet by the marketing department. (OK, there was new hardware at both ends, but the network itself had just as much fibre as before.)

MEPs vote to update 'cookie law' despite ad industry pressure

really_adf

Re: Session cookies

Session cookies are used to tie together the pages viewed on one visit and are auto-destroyed by the browser some 20-30 minutes after the visitor has left the site - these are reasonably benign.

Originally, session cookies lasted until you closed the browser, ie lifetime is "browser session".

Since browsers started offering "When launched, pick up where I left off", enabling this means your browser session never ends, and so your session cookies persist forever.

What is often lost after 20-30 minutes is server-side state referenced by a randomly generated cookie value, due to a lack of requests providing that value. But the server-side doesn't have to discard this state after any particular "idle" time, it could be designed to keep it forever...

El Reg was invited to the House of Lords to burst the AI-pocalypse bubble

really_adf

Re: Sarah O'Connor

Obviously, they looked up the wrong name in the phone book.

JS code at the network edge. Oh, you're still here and not running, screaming? Read on

really_adf

"equivalent feature at Akamai"

Adam 52: I use the equivalent feature at Akamai

Also JavaScript, or something else?

As a more general question, what would be a better choice than JS and Service Worker API for what CloudFlare are providing, and why?

Regardless of (endlessly debatable) faults, if the target users are likely to be already familiar with the tools, it does mean less to learn, which surely has some value.

NatWest customer services: We're aware of security glitch

really_adf

Re: password specifications..

Would it not be possible to hash each character in your password, add a slat to it as well to make it a bit harder to brute force if the DB bacame compromised.

Unfortunately, that's barely better then storing the password in the clear, since there aren't many different characters (OK, including all of Unicode takes it to ~10^6), and you'd be able to find the password character by character - in parallel if you want.

The interface for a system to store passwords, issue challenges for certain characters, and validate the response seems fairly simple, which should make it much easier to develop a secure, isolated system for this purpose.

In other words, in this case, making sure those passwords won't leak seems achievable, with reasonable care.

However, the implementation also seems like it should be fairly simple, which ought to preclude the sort of issue in this story...

EasyJet: We'll have electric airliners within the next decade

really_adf

Re: Well....

is feasible.

GIven the work that Renault et al are doing on 'in-motion" EV charge systems (car is charged as it passes over the road) it's not beyond reason to go for runways that provide initial takeoff power.

I'd have thought a passenger-friendly version of a steam catapult (ie just pull the aeroplane, not transfer energy for its own motors) would serve this purpose much more simply, no?

Since this isn't done already, I guess there's either some difficulty that can't be overcome or the benefit isn't enough to warrant it. *Shrugs*

Page: