* Posts by DuncanLarge

1026 publicly visible posts • joined 10 Apr 2017

Interpol: Strong encryption helps online predators. Build backdoors

DuncanLarge

> My advice is encrypt things your own way

You'd think that would be a good idea but its not. You see, crypto is done. We know how to do it in ways that people who really understand it can safely say its "working". Of course, there could be a flaw somehwere that once discovered will allow anything encrypted with that algorithm to be cracked open but, and its a big but, it will likely be the crypto experts hunting for that bug that will find it and they will be the ones to fix it or create a new algo that replaces the insecure one.

The problem with rolling your own crypto is that ONLY you know how it works and you are likely to not be able to find the issue with it while someone who really does not crypto better than you sees that you are leaking information via a side channel that you dont know is there and boom you are suddenly decrypted.

At least when you use industry standard crypto, like everyone else, you are all using an accepted way of encrypting something. Thus should that method be broken, you all will react along with the experts. But your own crypto that you created yourself will stand alone in the corner, secure till someone who really knows the subject wants to break it and when they do, will you know?

DuncanLarge

Re: FOSS?

Well, their answer to that would to be to make FOSS illegal, which has been attempted before.

DuncanLarge

Re: FOSS?

Just being pedantic but PGP isnt FOSS, GNUPG is

Questions hang over Gatwick Airport after low level drone near-miss report

DuncanLarge

There are ways to get around it.

Also having many drones on the market that dont need a mobile phone connected means you can simply avoid buying DJI altogether.

Intel end-of-lifing BIOS and driver downloads for dusty hardware

DuncanLarge

Old tech

> Mechanics wanting to service one of the hundred or so remaining McLaren F1 supercars face a similar problem. They were reliant on ancient Compaq LTE 5280 laptops in order to service the cars.

Well I find it funny how we see the laptop as !ancient" but the car as not.

If the cars are worth so much and they wont go for the build of a new car, perhaps they should put the money into making a special box that simulates the CA card thats specifically usable only in these laptops. The you just give the box USB, which can easily be converted to rs232 or parralel if needed by the hardware simulation and it will be usable with any laptop that can run this software in a VM.

It really cant be that hard, pay some developers to build a newer interface. Or build a new car.

Actually, another thought. Why not just build a new laptop to the same specs as the old one? Someone has the original schematics, you could even just build spare parts. For the kind of money these cars pull in, surely is not too expensive to commission some custom hardware build. There is nothing wrong with using the laptop or DOS as long as you can keep it running. It still does the same job, no matter how old the bits and bytes get.

Labour: Free British broadband for country if we win general election

DuncanLarge

> Nationalising openreach makes sense

Would this prevent Openreach from leaving my companies leased line unplugged in the cabinet when they decided to test a few things during the night but thought they could get away with not documenting the test or telling anyone?

DuncanLarge

Re: Marx would be proud

> Why are all these companies pulling out of Britain?

Corbyn will say its because of Trump

DuncanLarge

> voters who think Corbyn is cool

I have died a little

DuncanLarge

LOL's

I laughed so hard this morning when I heard this.

I laugh whenever I hear about Corbyn wanting to nationalise this or that, even when I am almost in agreement about nationalising something to "start fresh" after it was run into the ground by to much profiteering, ahem, railways.

There is just one thing that is in his way. The thing that makes me laugh. We are still in the EU.

In the EU, it is illegal to nationalise anything. This rule is in the treaties and all member states must follow it.

HAHAHAHAHAHAHAHAHAHA

Next I suppose someone wil say that Labour are a leave party and will get us out of the EU no matter what we say in the peoples vote they claim they will give us, because if they dont, they cant do jack about implementing most of their now obviously empty promises.

HAHAHAHAHAHAHAHAHAHHA

HA

Remember the Uber self-driving car that killed a woman crossing the street? The AI had no clue about jaywalkers

DuncanLarge

> How "exactly" do you think an AI (Or even a Human driver) should be programmed/taught to deal with the fact that sometimes Pedestrians will just randomly step out "Right" in front of you or that sometimes

Again I ask, what did you score on your hazard perception test? Maybe you are not a UK driver so I will wish you good luck trying to drive on UK roads where you are expected to know how to handle exactly these events, and to prove it, before you are even able to have a license.

Sure, many stupid drivers forget to care about continuing to follow such rules and skills after they do get their license but I cant excuse a machine with a human backup specifically placed in said machine to see these exact issues and react to them. Especially when it becomes evident that said machine was never programmed to handle the random events that WILL happen on the road and the human backup was lazily not doing their job.

I was a software tester and if I had the job of testing this algorithim I would have tested for more than just people crossing the road. I would have trees fall over in front of it, ducks crossing, a ladder falling into the road, a (obviously simulated) child rushing off after a ball or baloon maybe with a panicked parent following. Oh and I'd certainly have it try out a flock of sheep/cows or a combine harvester, tractor etc.

You know, the geek in me was beginning to get all excited about self driving cars. Seeing as a child of driving age is expected to demonstrate more object classification and collision avoidance power than a computer thats trying to simulate such skills I'd say there will be a loong development roadmap before we see anything other than automated delivery vehicles trundling along slowly and stopping the moment they detect a bird.

Jesus, could you imagine how this thing would handle driving in india? Or china?

DuncanLarge

> Cyclists and pedestrians are often regarded as static objects to be avoided

Er, do you know how to drive? What was your score on the hazard perception test?

I cant imagine how a bike can be a static object unless its not moving... which wasnt the case here as it was moving

DuncanLarge

Re: What's the standard for success?

> giving no time for both the AI and the human in the car to react.

If you read the article you will see that you remember wrong.

The A.I had loads of time, decided to ignore he object.

The human driver on board wasnt even looking out of the window. Didnt even see it about to happen. Only knew it happened when the car when bumpety bump.

DuncanLarge

Re: The problem with discrete Object detection

Robin Hood,

Robin Hood,

Driving down the lane,

Robin Hood,

Robin Hood,

Automated for convenience,

Steers like a cow,

Breaks for no one,

Robin Hood,

Robin Hood,

Robin Hood

DuncanLarge

You forgot 3: The human driver NOT LOOKING AT THE ROAD AHEAD.

also:

>We don't need cars that explicitly consider jaywalking. It would have been sufficient if the system had been able to reconstruct, even with low accuracy, an estimated motion path and understood that this was abnormal for the road context

What? Ever crossed the road in the UK? This "abnormal" condition takes on a whole different meaning in the UK. The system has to construct a highly accurate motion path of all road users and road crossers no matter where they are at the time or what they are doing. Thats what I must do when I drive and if it cant match my abilities this system should be relegated to operating inside a wearehouse or reduced in size and turned into a delivery robot that moves at 4mph on the footpath. Expecting anything less is ridiculous.

Or give it a guided road where it operates like a tram. You can then keep the pedestrians off such a road.

DuncanLarge

In the UK

Imagine they bring this system to the UK.

Imagine the carnage!

In the UK there is no such thing as "jaywalking". I had no clue what the american actors on TV were talking about when I was a kid. Nobody called it "jaywalking". I just knew it as crossing the road.

Everyone simply crosses the road, even when there are crossings right next to them.

Not just adhesive, but alcohol-resistant adhesive: Well done, Apple. Airpods Pro repairability is a zero

DuncanLarge

Will avoid

I see no advantage to using wireless earbuds.

People I know who have them keep complaining that they have lost one or one dies before the other. I keep telling them that my cheap JVC gummies require not charging, dont get lost separately and on cost me £9. Spend a bit more for one with a mic that works with most phone models. Also they become the antenna for that built in FM radio that every mobile phone has, apart from a few models who think that there is never a reason to tune to a local station let alone record from one.

I use earBUDS not earDUDS

Microsoft sees sense, will give Office 365 admins veto rights on self-service Power tools

DuncanLarge

Exactly!

We also used GPO to force off the "fast startup" boot mode in windows 10 as we wanted the shutdown option to really mean shutdown and not be just another name for hibernate. We had to use GPO to set several registry entries, just to ensure that when our users do as they are told and shut down their laptop, updates actually do get installed.

We found that every update that was installed turned fast startup back on. Thankfully GPO still works, for now.

DuncanLarge

I'd also suggest that you will have to check periodically to make sure it hasnt turned back on.

I can imagine this happening if the updated versions of each products is published as separate a separate item. Thus you may have it off till the latest published version.

DuncanLarge

Where are they then?

"As employees become more independent and better versed in technology..."

I've yet to see many of these. The ones we do have have built a career around it or gone on specific training/courses. Us IT bods are made aware of this and work with team leaders to provision any software or additional "stuff" thats needed along with allocating (or debating) the correct cost codes that are used and setting up DR plans if needed along with updating the various IT documents to incorporate the new "stuff". Then there is also the updating of the first line team who will be getting calls to support this.

So I have yet to see independent tech savvy employees who can implement and manage something as complex as a Power BI solution. A lot of the time I'm helping educate people what Onedrive is. I sometimes also have to explain to people who never save a document, lose it and ask if it can be recovered, that turning on autosave is generally a good idea. I even had one user say "I turn off autosave because its annoying".

Delayed, over-budget smart meters will be helpful – when Blighty enters 'Star Trek phase'

DuncanLarge

1. Learn to turn off the fire hazards when you are done with them! Who keeps the oven on AFTER they have taken out the food? Get out the compliance stick and learn them some responsibility.

1.1 Stop using a deep fat fryer, eat healthy. If you must use one then tell the user TO TURN IT OFF WHEN THEY TAKE THEIR FATTY FOOD OUT!

2. Get a fan heater with a shut off timer or plug it into a timer plug so it can only operate for the set amount of time. If the user removes the plug or fiddles with the timer bring out the compliance stick. Also, why are you heating the spare room? Why do you need a smart meter to check the fan heater in the spare room? How difficult is it to get to the spare room?

3. Stop looking at a screen to try and figure out what happening in your house. I doubt you live in a huge mansion with 20 bedrooms and 2 wings so why not learn to "do the rounds" and check things are sorted. You shouldn't have to rely on a screen to hint to you that something is up, and if you really want to do that, invest in Nest then you can literally control any socket or device you wish from your smartphone. Show me a smart meter light up paperweight , sorry, I mean screen, that can do that!

> Easier & more certain that going round the house checking everything.

What? You just said that you look at the screen to see that there "might be a problem as the display looks a bit off". So, how the hell is looking at the screen, scratching your head wondering why it looks funny, then going on a search around the house to determine the cause any more certain than simply skipping all that and doing the search anyway?

Its like saying you think its more efficient to see if your front door is locked by ringing next door to come out and check for you, then when they dont bother, going downstairs to check for yourself. You then claim to the world that anyone who goes downstairs to check the door WITHOUT annoying the neighbors first is somehow missing a trick.

DuncanLarge

Even with that the saving is only going to be a few pennies a year considering I boil the kettle twice a day. Its not even full! Just enough water to make a pot (2-3 mugs) of tea.

Oh and it does light up. I actually saved more money by not buying a new kettle because the filter in this one broke. I now just pour the water through a strainer to catch any limescale flakes.

DuncanLarge

> When I put the kettle on, I don't look at the meter.

I plugged in my kettle to my power monitor plug thing and saw how much energy it used.

I did this once as I knew that due to the nature of the world the kettle would use the same amount of energy to boil the same amount of water every time with only a variance in the initial temperature of the water. I only cared to look once and when I saw the "cost" I was like ooh great making tea is so cheap considering I only boil the kettle once in the morning.

DuncanLarge

Re: It's about money

All those wonderful energy saving lightbulbs that save money by putting out the same light for a fraction of the wattage.

Not so money saving once you get a smart meter installed. A simple tickbox on a computer in the energy suppliers helldesk is all thats needed to start charging you for Reactive Power. Suddenly that LED bulb becomes much more expensive, not to mention all your switch mode power supplies.

They say they wont do it, that they will only charge commercial premises for reactive power like they always have. I dont trust them when money is involved. Other parts of the world charge people in reactive power as it costs more. Remember your "saving" is their "loss". They can recoup that by charging you for using efficient tech that has a poor power factor which basically means all LED bulbs, chargers, TV's and so on.

DuncanLarge

What was that you said?

"Those who stuck with "relic meters" risked "very high" maintenance costs, he said."

BS, my "relic" meter is only about 10 years old, new compared to others I have had and like the older ones HAD NO ANNUAL MAINTENANCE REQUIRED.

I have never hand anyone, in all my life, perform maintenance on a meter.

Working in IT I can almost guarantee the maintenance cost that consumers will pay for the new smart meters that end up charging the wrong amount, getting hacked by the Norks, needing firmware updates to support the latest version of whatever runs the hub they all talk to etc.

Oh and what about the poor sods who end up with a smart meter taht because a dumb meter because IT CANT GET SIGNAL? Are these people going to have to be punished too? They will have to submit meter readings like us relic meter users so will appear no different to us.

Already I'm finding I cant change deals and save money because "I must have a smart meter" to get even just a standard fixed rate deal. Offgem, where art thou?

Remember the big IBM 360 mainframe rescue job? For now, Brexit has ballsed it up – big iron restorers

DuncanLarge

Sounds familiar

> it seems it's difficult to send a UK truck into Germany

Reminds me of the price hike on software and support we all got from Microsoft and other companies dealing with 1's and 0's when brexit was announced in 2016. No real reason, just an excuse.

Running on Intel? If you want security, disable hyper-threading, says Linux kernel maintainer

DuncanLarge

Re: Desktops and browsers

Its not just browser tabs spying on each other.

Its the browser tab running in your VM spying on the host too!

Also signing does not guarantee the program is not malicious, it only guarantees that the program is undamaged/unaltered from the repo. Once the GPG keys get compromised or the Git tree modified under the nose of the developer signing means very little beying confirming that the malicious package you just downloaded did in fact get signed by those keys and was not modified.

DuncanLarge

Re: Intel inside embedded

Speculative execution is a very old bit of tech and exists in some form in many CPU designs from all sorts of architectures.

Embedded intel devices may be running on a 386, 486 or pentium if they are older and dont have this issue but anything that embeds a pentium 4, xeon or Atom does. The question is if it is enabled.

DuncanLarge

Re: Quick question

That was answered in the article, its not known how many because its not something you can easily detect.

Its easy to exploit and hard to detect. win win for the black hats.

I'd be more interested in if metasplot has this built in allowing any script kiddie to create something that exploits it after they get home from school.

Not LibreOffice too? Beloved open-source suite latest to fall victim to the curse of Catalina

DuncanLarge

Re: Peak Apple.....

I just got several 2012 Lenovo 410 and 420 (I also have a 420s) from work when we were replacing all the laptops. Picked up a few extra batteries and spare dvd drives etc. Maxed out the RAM, added an SSD, even found a battery that fits in the ultrabay.

Installed Debian Linux wiping over windows, followed a short instructional on how to enable the TPM chip in the machines to act as a source of high quality random numbers to make better random numbers for encryption etc (totally optional but why not do it).

For laptops I'm set for a very long time. They have a ton of ports and only really lack USB3, but I could add that using the expresscard slot if I really wanted to. I'm covered for all display options thanks to the DisplayPort port but I seriously doubt I'll need to use that as my use case for laptops is pretty limited especially when I'm at home as I have a PC, actually I have 3.

DuncanLarge

Wow

So Apple have gone full Trusted Computing style on their users?

I can see how its "will help" security but thats like fitting training wheels to everyones bikes to "improve" safety. It does improve safety but at the expense of the users ability to use the bike.

Apple now basically tell you what you can and cant run on your no longer general purpose computer. Shhh, kid in the back asking "whats a computer?".

The "dialogue fatigue" that users may get reminds me of the exact same thing that happened way back when Vista came out. Microsoft learned many lessons back then and now executables that are not signed simply tell you so and give you the option to run them or not. Next time you run the executable you get that message again, annoying yes but not like what I've heard Apple is doing.

I can imagine the stories we will hear of the certificates being lost, allowing all sorts of malware to be approved, or perhaps a bug in an update actually lets the exe run even when you select to move it to the bin. Or even the certificate chain gets borked for something like Sony Vegas or something preventing many ordinary youtubers from editing their videos.

WIll this result in a mass exodus to systems that allow you to do what you want with your computer?

I doubt it will considering the hold Apple has on its fans.

https://www.youtube.com/watch?v=XgFbqSYdNK4

Google: We've achieved quantum supremacy! IBM: Nope. And stop using that word, please

DuncanLarge

WTF

> that it evokes white supremacy.

WTF has the ku klux klan got to do with qubits?

Power to the users? Admins be warned: Microsoft set to introduce 'self-service purchase' in Office 365

DuncanLarge

Say what?

This has got to be a joke.

Please say this is a joke.

Criminalise British drone fliers, snarl MPs amid crackdown demands

DuncanLarge

Re: Make it like owning a vehicle

> Think about the damage a tiny stone does to your windscreen doing 70 on the motorway

Hardly any. A tiny chip at most.

DuncanLarge

Re: Make it like owning a vehicle

> doing a few hundred mph

Concord doesnt fly anymore.

DuncanLarge

Re: What's the difference

> Swans and geese don't tend to have dense metal motors in them

No they are even denser, having bone, muscle, all sorts of organic bits and parts not to mention a certain amount of water content.

DuncanLarge

Re: I can sense the ghost ...

> a dick move

You mean totally illegal. I suspect you need to read the highway code again. It applies to all road users.

See you in Hull: First UK city to be hooked up to full-fibre broadband

DuncanLarge

Re: Well done KCom

Here is how I read it:

Gigabit capable connections to every home = we have lots of bandwidth we can up sell to you bit by bit.

They wont give it to you in one lump with a fairly decent monthly cost making Hull the fastest lot on the net. This is like buying a house but every few years you are sold an upgrade to your mortgage that "unlocks" some of the extra space/rooms in your house that were denied to you. This way you feel like the house is "getting bigger" and the company can send you letters explaining that they are increasing your prices in order to keep giving you a good service "we have expanded your property every year, but this as you will agree requires us to occasionally increase monthly charges blah blah blah".

DuncanLarge

Re: can we stop calling every internet circuit "broadband"?

I have always considered it as broadband being any dedicated connection to the internet, one that exists alongside a voice or service and does not suffer from interference from either.

Basically anything that does not require you to dial up.

I'd also say that it would need to be the generally accepted minimum speeds and latency of a typical connection, so ISDN is no longer valid.

Euro ISP club: Sure, weaken encryption. It'll only undermine security for everyone, morons

DuncanLarge

Re: Not a moment too soon

> the standard police-key used to open it which may be compromised and copied by any random bad guy, without your knowledge.

Dont forget, this includes a bad policeman!

GNU means GNU's Not U: Stallman insists he's still Chief GNUisance while 18 maintainers want him out as leader

DuncanLarge

He has never alienated me, in fact his message and determination to stick to it even in a challenging way has inspired me.

Although I dont agree on many of his other points of view about other issues, when it comes to defending freedom I almost follow his every word.

I have long believed that lazyness and incremental changes "to make things better" lead to doors opening wider and wider without many caring to notice leaving a large opening for a complete change in direction. Stallman like myself seems pretty sensitive to that which is why he can be so stubborn on an issue. Its because any change, even a small one is the potential start of a slippery slope, so any such changes must be challenged and accepted only if they survive long enough.

I've seen this happen with things the UK government has done/tries to do. "Lets have ID cards, wont that be neat?", "Lets modify the law, just a little, to allow for more CCTV cameras", "Hey we have LOADS of CCTV cameras, wont it be great if they can talk to each other somehow", "Hey this old system of talking CCTV cameras is old and finnikey and expensive to run. Why dont we get some kind of A.I to monitor it al rather than those bunch of expensive humans".

Of course some of those examples dont exist yet but most people I know wouldn't care to even consider what is currently possible, what they wish to achieve even for benign reasons and how that could be abused by governments of the future and why that should factor in against such improvements.

Thus when Stallman does go, either forced out this way or natural retirement, I can see this creeping into the GNU project "to make things better" "to appeal to more people". Eventually I suspect that it all will end up being another Open Source movement (which was the first attempt to make Free Software more palatable) and then get abused while its core principles get fragmented and ignored as and when is convenient (like today).

The D in Systemd is for Directories: Poettering says his creation will phone /home in future

DuncanLarge

Him again?

WTF is he talking about?

Self contained user directories with the user details entombed in the directory?

Thats going to be fun for a sysadmin who wants to manage user stuff with a bit of perl. Now (s)he will have to walk through all the dirs in /home and process loads of redundant JSON stuff rather than just grep/cut/tr/sed over /etc/passwd. This seems more suited for laptops that are loaned out to users, needing their home dirs to move between machines (roaming profiles). But of course he thinks that this should be default even on a static server.

And the encryption key is in RAM when a laptop is suspended, well yep, I'm sure it is. The solution is to shutdown or hibernate the thing if you are really worried. Apple went the way of locking the key away in a special chip that greatly hinders the ability to decrypt the filesystem even if the machine is running but as PC/laptop hardware is so variable we cant guarantee the presence of a TPM, which would be the obvious solution.

I dont have much truck for Poettering/Linux. He needs to stop thinking that he knows best how EVERYTHING should be done because its been done a certain way for a long time and then helping to make it default / required. Why not improve what is already there instead of completely replacing it with brand new untested code that breaks everything? We may end up in the same place but at least it would be a development roadmap with some decent develpment and testing behind it.

Next up: Poettering creates systemd-ramcheck, not to replace memtest86 (which he will do so eventually) but to warn the user that they are not using the correct amount or speed of ram. Upon boot, systemd-ramcheck determines if you are still using DDR2 or less than 8GB of DDR3 and then puts the user into a "light boot" mode where the only function available is to launch a browser that can only browse to amazon and certain pc parts websites where you are expected to order new/more ram. Simply because Poettering thinks that nobody uses older systems or less ram and if they do they need help.

Then comes: systemd-hdddetect that does the same but with HDD's. The intention is that Poettering thinks that your machine should only be booting of an SSD as HDD's are old and slow and nobody uses them.

After that we get: systemd-guires a service that ensures that you are using the correct resolution for your monitor. When you for some reason plug in an old LCD or shock horror an old CRT that only supports 1024x768, because its a headless machine that you only need to see the gui for a moment and any display will do, you will end up with either a red flashing warning window telling yo that systemd-guires does not support anything less than 4K or the machine will attempt to switch to 1024x768, get the timings wrong so you get crap on the screen and then lock up the display manager/compositor.

I honestly think he should make his own distro, Poetter-OS to try this stuff out and then it can migrate from there.

Oh and I still have issues with pulseaudio...

UK Supreme Court unprorogues Parliament

DuncanLarge

> Being wrong isn't normally a crime

Really?

So ignorance of the law also means you are not guilty?

If I go and take any car I wish because I was totally ignorant of the rules surrounding car ownership for some reason I should get off the hook?

If I breed a banned breed of dog, thats fine if I say "I thought it was ok, never heard of that law, nobody told me...".

Doesnt fly. Blair helped invade Iraq with mo hard evidence, going behind the backs of the UN itself. Personally I think the man got off lightly.

DuncanLarge

Go after John Major.

He prorogued parliament for 3 weeks in the late 90's to delay a report.

DuncanLarge

Re: Just when you think UK politics can't get any weirder or messier.

I'd vote pirate party if I had a choice between them and the Corbinites.

DuncanLarge

> not with the law in member states

Not for long.

DuncanLarge

Re: #Sarcasm?

You mean the rich bakers of remain.

DuncanLarge

No, we are still in the EU thus have and expect to have all access we used to have.

Whats ironic is we are still in the EU

DuncanLarge

Re: Damning...

Just to begin again their attempt to hijack the leave vote for their own gains.

Flying priests crop-dust Russian citizens with holy water to make them stop boozing and bonking

DuncanLarge

OMG what is this stuff I'm driking!

> a man spontaneously gave up drinking alcohol after spotting a plane in the sky.

So he was drunk, had never seen a plane before and was scared shitless about the flying dragon in the sky that everyone else seemed to not be bothered about?