Posts by Vic

Re: UPS

I understand Ohm's law.

You quite clearly don't.

A car battery - which is what a UPS is, tied to an inverter - is 12v 400A or more

A car battery is 12V. The current supplied depends on the resistance across it. A human is of sufficiently high resistance that that current is insignificant.

Additionally, have you ever seen a battery like that short? They are quite spectacular.

We're not talking about a short - we're talking about a high resistance human being across the terminals. The current is almost immeasurably small.

My father worked in truck fleet repair for several major breweries

Well then, you go and ask him if he's ever put a finger on each terminal of the battery. It would amaze me if he has not.I've done it many, many times and it has no effect whatsoever.

And deadly current can be as low as 100mA if it goes from limb to limb

100mA across the chest will likely kill you. But putting 12V across your arms will not drive 100mA through you. That's Ohm's Lax - V=IR. To get 100mA off a 12V battery would require R=120ohm. That's quite a few orders of magnitude different to a human.

But not something to be ignored

From 12V? Yes, something to be completely ignored. If you don't believe me, try it for yourself. If you don't have the spuds for that, sort out the transport and I will come and do it for you. If you think you can get electrocuted from a 12V battery, you do not understand simple electrics.

Guess what the 2x4 and a nearby friend is for.

Pushing a leaking lead-acid battery out of the way, I should imagine. It certainly has nothing to do with 12V electrics.

Vic.

For any brainwashed neoliberals out there that believe 'private sector is always best'

The private sector does OK as long as the correct metrics and incentives are put in place.

In recent years, it seems that making short-term profit is the only measure of a company's success - and that's why they all do it. That invariably leads to long-term losses, but they don't care.

Part of an incentive package should be the penalties for not doing the job. If a company can make big money out of running a service into the ground, then those penalties were clearly not strong enough. Bonuses should be tied to the long-term health of the business.

But the people who need to be convinced of this are the ones making out like bandits by things remaining as they are...

Vic.

Re: Secure Email

Surely the solution for this kind of problem is a secure ID so that you know the sender is who they say they are?

Digital signatures have been possible for years.

Now try to get that implemented in any commercial organisation. It's always "too hard"[1], and we need to understand that "loss of productivity costs real money"[2].

Vic.

[1] It isn't. It's actually rather easy,.

[2] There's a tiny amount of training required to teach people how to sign emails. But apparently, that costs too much, whereas the sort of losses we see from this article are acceptable costs of doing business.

Re: Loop until... Loop until...

in the UK properly trained emergency drivers will ideally either attempt to pass the lights on the other side of the road if safe to do so, or sit in the traffic with their audible warnings switched off until the lights change, so as not to terrorise other drivers.

So there is clearly some difference in training...

A few years back, I was in a monster jam on a motorway. A cop car tried to come through the traffic with lights and sirens running. He got to about two cars behind me - where he sat, with sirens running. No-one moved out of his way, because there was nowhere to go; we'd all moved as much as we possibly could.

Those sirens are loud...

Vic.

Re: Old PC motherboards

I wonder are they still made?

Yes, they are. And they're frequently used in dive computers.

Vic.

Re: Mr Bean does Russia, Cuba and China

Rowan Atkinson in Bean mode is probably closer to reality of the secret service operatives.

He's already done that - the Johnny English series...

Vic.

Re: trust and verify

In HSBCs case your license or passport, which are themselves built up on trust of a number of official forms of identification.

My passport is a renewal of the one before; no further ID was required.

That passport was also a renewal.

The one before that was issued on the basis of my birth certificate alone. And that birth certificate was printed out for me on the basis of going the the records office with my name and date of birth...

It's the thick end of 30 years since I had to do all that, so I don't know if things are more effective these days - but I can't be the only one in the country with the root of the web of trust being myself.

For the removal of doubt: yes, I am the person I claimed to be back then.

Vic.

Re: HMS Forth??

IIRC, you can assign 4 to equal 1 in that language

So you can...

: 4 1 ; ok

4 3 + . 4 ok

Rather pointless, though :-)

Vic.

Re: Easy to get rid of the lawyers

Maybe not enough thought was given to the license in the first place

On the contrary - this is exactly the situation that was desired.

This way, no-one can "take over" the kernel and turn it proprietary.

Vic.

Re: I know giving BT a kicking is a longstanding Reg tradition, but...

what idiots are making out of bundle calls? I bet there's not a single punter here who makes even a dent in their allowance.

Well, as I don't have an allowance, I guess I'm that idiot.

I was pissed off at my service going up to 15p/min until I read this article...

Vic.

Re: Actually an argument for a public utility to own the last mile

It's would be brilliant! No... hang on. Not "brilliant" but that other word...

British?

Vic.

Re: I've forgotten...

That's also its weakness because it makes them delicate, allowing them to fail in obscure ways that results in a cascade where the reported point of failure isn't really the point where it started to go wrong

That's just nonsense. Explicit scripting is inspectable; the point of failure is trivially found.

Plus SysV doesn't use dependency triggering but delays.

Again, not true; the only time a script will delay is if there is good reason to do so - which a systemd initialisation will also need to do. The only difference in terms of how te two ytems are supposed to work is that systemd is asynchronous whereas SysV is synchronous. That makes SysV more robust and more easily debugged, and it makes systemd faster.

And if that had been the extent of what systemd had done, there wouldn't be this recurring argument. But it isn't; most of us couldn't really care whether the start system is sync or async, what we care about is that far too much code is getting subsumed into systemd. That smacks of very poor design.

Vic.

Re: re: and there was me thinking it was mainly down to religion.

How would you feel if another country's military arrived and destroyed our government?

The last time that was a serious proposition was in the early 1940s.

The SIS established the "Home Defence Scheme", and other parts of government established the "Auxiliary Units". Both of these groups were intended to use "irregular warfare" methods against an invader.

These days, we'd call that terrorism. Back then, we considered it valour.

Vic.

Re: You think _that's_ bad?

We are starting to mix things up here, but the client-side salting is intended to avoid/minimise replay attacks. The goal here is that the server should not have knowledge of the actual password.

I understand what you're trying to do - I'm pointing out that it is ineffective.

If you apply salt at the client end, all you've done is add a few characters to the password used; the hash is just a hash, and susceptible to rainbow table attack. You also need to get the salt to the browser each time you log in - either by transmission from the server or by storing it locally. This is all a bad idea.

This is orthogonal to an attack (including self-inflicted) on the server end.

But the attack on the server is much more likely to succeed by your method; you only need a collision or a rainbow match. By using salting correctly, you would obviate that problem, but with the method you describe, all that is required is for a captured hash to be reproducible. That's a very much simpler problem if you don't salt correctly.

And - it's just occurred to me - if the client side is doing the hashing, then all the server is doing is a text comparison. So if an attacker has captured the hash - either off the wire or from a server compromise - he doesn't actually need to do any attacks, since that is the set of characters that will get him in. That makes a server-side compromise very dodgy indeed.

Vic.

They could not have had steam catapults fitted, because there is no steam plant to generate steam

I wonder whether that is set in stone...

There's quite a bit of electricity available on these ships - it shouldn't be beyond the whit of man to put an oversized kettle on board to generate steam.

Caution: very rough calculations ahead...

The large steam catapults described here generate a thrust of 36,000Kg over a length of 94m - that's some 34MJ. That's the energy expended per launch.

This page is about energy storage in compressed air - I've assumed a similar compressibility for steam. It reckons 1m³ of compressed air at 70bar stores approximately 30MJ - that's pretty much the same figure as an aircraft cat launch. A dozen such cylinders essentially gets you one launch for each of the aircraft we're actually planning to have without recharging...

Of course, these boats have been designed by BAe Systems, so we're going to be looking at >£5B per ship just to do the above calculation...

Vic.

Re: Most Surprised

It does mean that this is useless for hard real-time applications. Branch execution time is now impossible to predict.

I wouldn't go that far; worst-case branch time is still predictable, so it's still possible to do hard real-time.

Whether it's worth doing so is another matter...

Vic.

Re: Selling those tickets?

Then why did they bother to take the tickets?

Evidence?

Vic.

Re: Slippery slope.....

then before long it will be security services killed a suspected terrorist who as it turns out had no links to terrorism whatsoever - and people will say "well... if it keeps me safe, I suppose we'll just have to live with the possibility that anyone could be killed for being a suspected terrorist - even if they aren't"

This is, of course, most worrying if you happen to be a Brazilian electrician.

Vic.

Re: AT a BBQ last weekend

I am guessing the beer he consumed with his food was enough vegetation to keep him regular.

For most beers, it's actually the isinglass that has that effect on the body. And isinglass is not vegetation.

I tend to favour vegan beers - not because I'm vegan, but just because they tend to taste better :-)

Vic.

Re: Google are switching to OpenJDK...

at the (and this is one of those coincidences that Google may end up regretting) expense of being byte code compatible with Java

Dalvik is not byte-code compatible with Java. It merely has similar APIs.

Vic.

Thought you weren't allowed to fly drones near airports.

You aren't. They are.

At AAIB the other week, they were telling us about their drones - DJI units, but modified to be allowed to fly within ATZs.

Vic.

Re: Touchdown

cue an update to the software ti add a "if (! load_on_undercarriage)" to the code that retracted the under carriage

Relying on that is specifically warned against...

Some pilots were in the habit of pre-selecting gear up, then taking off. As the aircraft leaves the ground, the wheels are retracted of their own accord. And it all looks very cool.

And then you hit a bump just before takeoff, the load goes light, and the wheels are retracted long before rotate speed...

Vic.

Re: 260 submissions per second?!?

and as of this writing (2015) it handles about 400K to 500K HTTP requests per day

500K requests per day is only about 6 per second.

Perhaps the Census could have run two bare metal powerful servers to get a similar result, and saved >$8 Million?

I think they'd need a bit more than that. But I still don't know how to spend that much money on the job without flagrant gouging...

The other thing to remember is that 260 submissions per second doesn't mean 260 DB transactions per second; far too many shitey websites bury everything in the database, so a single page render can mean >50 transactions. That sort of coding hammers the DB.

Vic.

Re: Wrong lesson, I am afraid

the V-force, which required the airbases still be in tact to launch.

The V-force might have required some airbases to be functional, but it was pretty resilient in terms of which ones.

If you look at the undercarriage on a Vulcan, for example, you will see a rather large number of wheels. A more conventional design would have been lighter, leading to a better aircraft - but doing it the way they did meant that it could land on a wider variety of surfaces, so the destruction of the home base would not necessarily put the aircraft out of commission.

Vic.

Re: Not just code transparency for security etc

If someone knows that the software they are writing is going to be OSS, I would hope they spend a little more time actually make it work correctly and be properly documented

Code is like underwear; if you're going to display it to other people, you really want it to be clean...

Vic.

Re: Simples!

Not quite a definitive solution, but just enable strict SPF / DKIM and mark all external mail by amending its subject, or something like that.

That requires the domain owner not to be a dork; many of them fail badly at that hurdle.

I went through a phase a while back where I was seeing loads of domains with "+all" at the end of their SPF records. I cannot see a single instance where that can be anything but harmful, so my SPF milter now treats "+all" as if it were "-all". That helps...

Vic.

Re: This makes me wonder . .

Please review the meaning of the word "geostationary" and get back to me.

Everyone except you knows the meaning of the word "geostationary". For your edification, I shall give you a simple definition: it means the orbiting object has the same angular velocity as the Earth. This only means it is moving at the same speed if either the distance above the Earth is zero (i.e. it is on the ground) or of the angular velocity is zero (i.e. the Earth is not spinning). Neither of these situations relates in any way to this situation.

So here - I wasn't going to do this, but you appear to need a worked example. Here are my initial data:-

• Earth's equatorial radius: 6378 km
• Geostationary orbit height: 35,786 km

Your super-ladder sits with its base on the equator, and (initially) points directly upwards).

The circumference of the Earth is given by 2*pi*r = 40,000 km, near enough. It makes one full rotation per day, meaning its speed is 40,000 km/day or nearly 1700km/h. This is the speed at the bottom of your ladder.

Now let's look at the top of your ladder. The distance from the centre of rotation (the core of the Earth) is 35,786 + 6378 = 42184km. The distance the top travels in one complete rotation is given by 2*pi*r = 265,000km approx.

Now if your assertion about the speed being the same at the top as at the bottom, then the distance travelled in a day would be the same at the top as at the bottom. Thus the top of your ladder would travel a mere 40,000km a day - which is rather less than a sixth of the distance it needs to travel to make a complete rotation. It falls over very quickly; it is *not* geostationary.

Conversely, if it were geostationary, it would travel the entire 265,000 km in a day. This would leave the top of the ladder above the bottom, as required - but the speed at the top is now our 11,000 km/h as declared in the NASA figures, and is very much not the same as the speed at the bottom, as you have asserted.

So tell us - which of these do you prefer? That your "geostationary" ladder is no such thing, or that your assertion is plain wrong? Either makes you look decidedly foolish.

Your position is untenable. You have chosen to ignore the fact that NASA's factsheet declares you to be completely wrong, I notice. Now I've had to hand-hold you through basic arithmetic to prove that your theory cannot hold water. Please stop bullshitting and read up on the geometry of circles - it's really very easy and would mean you don't make such monumental cock-ups in future.

FWIW, I do understand your points. It's just that my point is still perfectly valid.

No, it isn't. Your point is wrong. Your continued assertion that it has any value demonstrated that you have no understanding whatsoever of the arguments presented here. Your continued avoidance of the discrepancy between your claim and the data offered by an agency that has put satellites into orbit speaks volumes.

Vic.