nav search
Data Center Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by The Mole

355 posts • joined 18 Apr 2007

Page:

Hot NAND: Samsung wheels out 30TB SSD monster

The Mole

If you have high enough throughput even with AES instructions encryption quite definitely isn't free. Though disk bottlenecks are quite likely to kick in first.

0
1

Stop calling, stop calling... ICO goes gaga after home improvement biz ignores warnings

The Mole

From the ICO report

"Criminal penalties are imposed by the courts and not the ICO. Direct Choice had paid off £40,500 of its previous civil fine. The ICO has recently been informed that the company has applied to go into liquidation and will be working with the Insolvency Service on recovering the outstanding balance."

Not sure anybody is going to see this as a deterrent though if the punishment is so low - though that may be that they chose to use the lowest possible court who can't impose significant fines.

19
0

Destroying the city to save the robocar

The Mole

Re: Obviously the solution is....

Because in a world of mostly automated cars the vast majority of the accidents will be judged the fault of the manual driver (remember the data will be logged to prove this). The cost of insuring the automated car will be lower (as they should be safer due to less driver errror) and many of the current low risk (high profit) drivers will switch to automated cars. Therefore the manual cars will be more complex/specialised for the insurance industry, probably be driven by people who are higher risk takers (they've rejected the safer option), and are more prepared to pay for the privilege (they obviously love driving enough to value it higher).

At first the difference may not be substantial - except due to subsidies from the automated car manufacturers to pursuade people to buy the car, in fact I wouldn't be surprised if they offered to self insure them for free/part of the rental cost. Over time the number of manual drivers will decrease (why pay expensive driving lesson fees) which means the size of the pool decreases meaning higher overheads and more conservative pricing models.

0
0
The Mole

Re: Obviously the solution is....

I think what they actually meant to say is ban the manual driving of cars on the road. Not necessarily ban the ability to drive manually off public highways (or in emergency).

0
0

Hehe, still writing code for a living? It's 2018. You could be earning x3 as a bug bounty hunter

The Mole

Re: Worth it?

Agreed, my experience is the skills of a 'median' developer are rather mediocre and are unlikely generally to be able to find any bugs eligible for bug bounties. On the other hand the median skills of a bug bounty hunter who has successfully managed to claim at least one bug bounty (let alone be able to make a living out of it) are likely to be at least 2.7 times better, if not more...

3
1

Biggest vuln bombshell in forever and storage industry still umms and errs over patches

The Mole

Re: The security folks will say...

It also depends on what access the ssh into the shell gives you. If the only users have system level access (not necessarily root but perhaps same user that all the appliance apps run at) then at that point you've lost. As you and others say meltdown/Spectre is irrelevant as they already have all the access they need. The additional risk of Meltdown is negligible and the cost in terms of performance is high.

2
0

UK's Just Eat faces probe after woman tweets chat-up texts from 'delivery guy'

The Mole

Why? The delivery driver works for the restaurant he should be no less trusted than any other member of the take-away. Considering how busy most take-aways are I'd much rather the driver had my number to directly call me then than to spend 20 mins trying to get through to the restaurant to ask which house is mind, for them to call me, then call the driver back and give a garbled message. If you don't trust the driver then you probably shouldn't trust any of the restaurant staff and not give them your number at all.

31
2

UK Data Protection Bill tweaked to protect security researchers

The Mole

The problem is that this is hard, very hard.

Take for example of only including the first half of the postcode, that's pretty anonymous, unless of course you have multiple postcodes (home and work, home and holiday home) at which point you will start getting unique or near unique combinations - particularly when you start adding year of birth in.

In isolation that data set may not be a problem, but combined with another one (land register maybe or just knowledge from facebook/friends) you can start to identify some classes of people.

With those people you may then be able to de-anonymize your health provider location (presumably it is a consistent mapping otherwise it is useless), at which point you can then start to identify more people.

Your main point is correct though, unless it has been successfully aggregated and combined much of data should just not be passed.

6
0

Yahooooo! says! its! email! is! scrahoooo-ed!

The Mole

Mostly as I have had it for the same amount of time as you (that's now the majority of my life), it does the job (most of the time), is free and I can't be bothered to change given the number of logins that I'd have to update.

0
0

Take notebooks: About those new Thinkpads...

The Mole

No difference in data transfer speeds, the SD caddy is purely cabling making the pins of the micro SD card bigger, no additional electronics involved. Now finding the micro card, finding the caddy, putting them together putting in camera, taking photos, taking out micro card on the third attempt, dropping it, finding it again and putting in laptop is likely to take much more time.

Probably better just to give up and just stick a USB cable in the side of the camera.

17
1

Microsoft offloads networking to FPGA-powered NICs

The Mole

Machine spec?

Without knowing the spec of the machines the boast is meaningless.

If there is just 1 or 2 CPU cores then the claim is fairly impressive. If they have 24 cores available then it is pretty atrocious.

1
0

Fridge killed my baby? Mag-field radiation from household stuff 'boosts miscarriage risk'

The Mole

But did he give birth? No in which case obviously your anecdote proves that he must have been having miscarriages and that the study is accurate.

Or perhaps he would have lived even longer without ionising radiation or been able to be trained to poo where you wanted him to.. we just don't know.

4
0

One more credit insurer abandons Maplin Electronics

The Mole

What amazes me is that despite years of problems they still have so towns and cities with multiple stores in them. Places like Southampton really aren't big enough too need two stores, particularly so close to each other, I'd be amazed if either are making a profit. I really don't get why the owners haven't done a round of store closures to remove the duplication.

14
0

Erase 2017 from your brain. Face ID never happened. The Notch is an illusion

The Mole

Re: I'd happily own a phone

No that was almost certainly done with the ambient light sensor rather than a full camera

19
1

What will drive our cars when the combustion engine dies?

The Mole

Re: Just popping down the battery station for some half dead flowers

The difference is that filling stations will keep a stock of batteries and therefore don't need to recharge them quickly, they can take advantage that the demand for replacement batteries is lower over night or on different days and therefore charge them at a much slower average pace - and probably include doing it with intermittent local power supplies such as wind/solar when available. They also have the option of shipping a new container worth of batteries in if they can't keep up with demand.

Still lots of challenges, not least that with petrol you get consistent mpg from each tank, where as mpb (miles per battery) will vary depending on the health of the battery which makes big issues for billing and user experience.

2
1

As Apple fixes macOS root password hole, here's what went wrong

The Mole

Re: Everyone hyping - slow down a little

This doesn't create a new user if the user doesn't exist. What this code is is migration code.

First it checks the newest format password database, if the entry isn't there it checks the old password format database, and upgrades the account password to the new database.

Unfortunately there is a bug that if the password wasn't in the old password database it still does the upgrade with whatever was passed in, which is rather stupid, but isn't the same as creating a new user.

5
0

Parity's $280m Ethereum wallet freeze was no accident: It was a hack, claims angry upstart

The Mole

Re: The Blockchain

Because of all the other transactions by other people that have happened in the meantime, you would wipe out all those transactions as well which is going to cause even more confusion. The 'chain' in blockchain is the key word, each transaction is linked to the last so you can't manipulate previous transactions.

1
0

Would insurance firms pay out if your driverless car got hacked?

The Mole

Re: A one-way street

FUD, but as with most point has a gem of truth that it allows manufacturers to suddenly introduce new 'features' which suddenly cause the vehicle to share new classes of information that it didn't before. But given how much vehicle movements are tracked in the uk perhaps not the biggest worry.

2
1

Transparent algorithms? Here's why that's a bad idea, Google tells MPs

The Mole

Re: Walking directions?

That's pretty much what i do whenever i get into a taxi.

1
3

Google slides text message 2FA a little closer to the door

The Mole

Re: Slight problem?

For many people android conveniently shows you your notifications (including new SMS messages) on the lock screen - no unlocking of phone or moving of SIM needed.

3
0

Jeff Bezos fires off a blue dart, singes Elon Musk and SpaceX

The Mole

You are right, without competition they would make massive really really fat profits. Having two teams competing against each other is actually a great way to add in the level of urgency to get the engineers concentrating on what needs solving better (and not gold plating) you also potentially double your chances of it working and not ending up down an expensive deadend - afterall look how well Nasa has done getting us out to space quickly in the last 20 years...

8
0

Didn't install a safety-critical driverless car patch? Bye, insurance!

The Mole

Re: Credentials

Well considering how much money they charge for the 'real' work I imagine the gaps between cases whilst they wait to find the next whale are more than ample to fit in becoming an 'expert' on this subject!

0
0
The Mole

Will there ever be vehicles driving itself?

"a vehicle is "driving itself" if it is operating in a mode in which it is not being controlled, and does not need to be monitored, by an individual"

Whilst sounding like a definition it fails (at least in this part) to actually define anything.

If I tell my car the final destination does that mean I'm controlling it? What if mid journey I tell it to adjust the route to avoid traffic am I now controlling it? What if there is a button to hint it changes lane as that one looks like it is going faster?

What if there is a dashboard indicator 'take manual control' that may flash (or with alarm bells etc) if the car decides it needs human intervention due to an unexpected situation (poor weather, sensor failure, aliens on the road). Even if it only happens once in 10000 miles is the mere possibility of it happening and the requirement to monitor for it occurring sufficient to mean that the car 'needs monitoring' by an individual?

3
2

Smartphone SatNavs to get centimetre-perfect GNSS receivers in 2018

The Mole

The reason your sat-nav does that is because at speed the accuracy of gps can easily be +-50m and so it simply doesn't know reliably whether you actually have left the motorway or not. If the accuracy is reduced to +-5m at speed (>1m level when stopped) then it can much more reliably tell the difference between being on the slip road compared to being on the motorway as the hard shoulder/verge now provides sufficient separation of the error radius.

11
0

123-Reg customers outraged at automatic .UK domain registration

The Mole

And of course it really does depend what the question is. "Are you concerned about the fact that if you didn't register your .uk domain name then a competitor will steal it and post such terrible stuff on it that the PR backlash will drive you bankrupt in HOURS!?"

- Yes I'm really scared

- No I'm a terrorist sympathiser and that is perfectly fine

2
0

It's official: Users navigate flat UI designs 22 per cent slower

The Mole

Re: A serious question.

The simplest example is rather than having a button which is 3d shaded to make it clear and distinctive that it is something special you may click on, a 'flat' design may just have a box surrounding the text which may (if you are lucky) change colour if you hover the mouse over it to show you can interact with it (particularly good when you are using touch screen style of interface). Of course other objects may also have boxes round them, or they may decide the box can be removed just leaving the text that changes colour when you realise you might be able to click over it. Similarly a flat webpage may choose to style a hyperlink so that it isn't underlined, isn't in another colour, if you are lucky it may be bold/italic but possibly only if you hover over it. Or a collapsed tree may not show any sign that it is collapsed, other than maybe the text being bold until you click on it and realise you can expand it.

Basically flat is removing any visual indicators to make it look 'clean'

23
0

DJI strips out code badness, reveals some GPL odds 'n sods

The Mole

You do know that remote control model planes have been available for decades don't you? And that building a drone from scratch with a few motors, arduino and gps module isn't exactly difficult.

If it doesn't make a blind bit of difference to the negatives happening then why punish everybody else?

18
3

Oracle has to pay top sales rep stiffed out of $250,000, US court rules

The Mole

Re: I wonder if...

I agree with you that undoubtedly being a good sales person is hard and becoming one requires experience and skills. But then the exact same can be said for the senior technical people who put at least as much time, skill and effort into ensuring that a potential bid can be converted into a sale (and then have to live with the consequences of what exaggerated claims have been made).

But there appears to be this weird expectation that sales people have to be bribed to do the their job, if they weren't getting bribes (sorry sales based bonuses) then they will just sit back and not do their job properly. Unlike other roles where people are (rightly) expected to do the job they are being paid for well and where, if they are lucky, get a bonus as a multiplier of their salary based upon their and the companies general performance not tied to individual sales.

All I can think is it was some very good sales people that managed to sell that idea to management.

18
2

NVMe fabrics could shuffle traditional arrays off to the graveyard

The Mole

Re: Raid inside SSDs ?

You could have raid built into the SSD, but how useful that is depends on what you are trying to protect again and what failures you are expecting. With SSDs I wouldn't expect that the failure is on the individual NVM chips but more likely to be the auxiliary components on the device - e.g. the external interface, diodes and resistors. Failure of these is likely to take out the entire device making useless the redundantly stored copies. Even with a good degree of separation most failures are caused by something, such as localized heating or power surges, within the same device there is a real chance the cause will damage both circuits at the same time.

Independent units are far more likely not to fail synchronously, and given that RAID1 halves your storage, you are going to need twice the number of devices anyway so you may as well keep the RAID between the disks instead.

4
0

Singapore court awards $2.9m over bad job reference

The Mole

It depends at what stage in the process references are taken (if ever). It varies from industry to industry and country to country but it is common for references to be the very final checks to be performed after the rest of the hiring decision process has been made - including potentially wage negotiations and indications of the intent to hire to the candidate. Only then would references be taken (they are invasive and potentially time consuming to do) and if they come back bad the candidate may be told (or guess) the reason the company has changed its mind.

7
0

Police camera inaction? Civil liberties group questions forces' £23m body-cam spend

The Mole

The lifetime of a £50 camera, SD cards and battery pack would probably be on average a matter of a few weeks or days.

Remember the £480 per camera probably also includes costs for associated systems and training to actually transfer the data off the camera (scaled to however many officers in each shift have a camera), store the data redundantly (imagine what the response was if the crucial video was 'lost'), systems to view, locate and extract the video for court/interview purposes, provide large scale battery charging etc.

Given a basic GoPro seems to be about £150 there is obviously some government contact premium here but it isn't as bad as it could be.

14
2

NASA short-lists six candidates for future missions

The Mole

Obviously a lack of scientific rigour should be a criteria - so if you manipulate the results and present an 'acronym' that doesn't include all your words it should be instantly binned.

Looking again that is most of these candidates out then.

0
0

Assange offers job to sacked Google diversity manifestbro

The Mole

Actually what I believe he actually said (using your paraphrasing) was:

1. 50% of horses are blue.

2. But Blue horses on average are not as likely to win footraces than pink horses, (though not many pink horses are good at footraces either).

3. We therefore shouldn't expect that 50% of horses entered into footraces will be blue.

4. There are many good blue horses which do exceedingly well in footraces and having that diversity is a very good things as it makes the footraces better.

2
1

Crap gift card security helps crims spend your birthday pressie cash

The Mole

Re: PIN on the back

Can't say I've ever seen gift cards with pin numbers on them - then again I've not used them for years.

But as the article says that is one of the fixes that have been put in place to prevent this type of cloning.

2
0

An 'AI' that can diagnose schizophrenia from a brain scan – here's how it works (or doesn't)

The Mole

This was my thought. How certain are we that the 46 people all do actually have schizophrenia?

Its not clear from scanning the paper whether the error was mostly false positives or false negatives. If it is predominately false negatives that could just mean the computer is 100% accurate at detecting schizophrenia and the remaining patients have a different brain condition that presents the same set of symptoms and therefore have been misdiagnosed.

5
0

Media mogul Murdoch's 'Sky dataset' swallow poses 'grave threat'

The Mole

Re: Data Slurping

They've already been able to do that for years now: https://www.skyadsmart.co.uk/

They are only interested in adverts (where's the money in changing the news) but if you have a family it means you may see an advert for a ford c-max whilst otherwise you may see the one for the ford mondeo. Most of the decision is done locally by the STB so probably not quite as bad as websites doing it, and in theory it means you at least get to see more relevant adverts.

0
0

Now here's a novel idea: Digitising Victorian-era stamp duty machines

The Mole

Simpler solution

Compared to a costly government IT project (is there any other kind) surely all they need to do is employ the machine cleaners on a night shift instead? That would double the number of hours worked! I imagine a 3d printer could print out a few additional machines without too much work as well!

11
0

Semiconductor-laced bunny eyedrops appear to nuke infections

The Mole

Resistance

What's the evidence that bacteria won't also evolve to be resistant to this treatment? All you are doing is swapping one type of chemical structure (which happens to be classified as an antibiotic) with another chemical structure. We don't know how it works, so don't know if a proportion of the bacteria population would resist it, and if they do then they will emerge as the dominant strain. If it is 100% effective then this is a double edged sword as it probably means it also kills off 'friendly bacteria' in the body.

That said any new avenues for treating bacteria is a good thing given the deadly consequences to the world if some of the current superbugs go pandemic.

4
2

Google DeepMind trial failed to comply with data protection – ICO

The Mole

Re: Part of the article is missing

It is also missing the part where Google was investigated and fined. Afterall once the data was passed to Google they also became a Data Registrar and failed in their duty to lawfully hold sensitive personal data. There lawyers should have pointed out to them that insufficient due diligence and process had been carried out by the hospital. And of course Google actually has its own pockets to pay fines rather than it just being the tax payer paying.

26
0

F-Secure's Mikko Hypponen on IoT: If it uses electricity, it will go online

The Mole

That's easy. A software 'sim card' connecting to a 5g network. 5G has some stuff designed in for IOT, presumably those sims would be locked to only talking to a specific set of servers and the devices only send small relatively infrequent messages and so the manufacturer just buys 'bundle' of messages to support the number of devices they have. In bulk this will just be a few pennies per year per device.

10
0

'OK, everyone. Stop typing, this software is DONE,' said no one ever

The Mole

Contradicted by his own argument:

"In most cases, though, what works now works well enough. Even lowly, much-maligned Windows XP still works well enough. The only reason it's insecure is that its creator decided to stop making it secure."

So quite clearly Windows XP wasn't done otherwise it wouldn't need security fixes.

The argument is also flawed in it ignores all the software products which don't get updated. Mostly small simple tools that do a single job but I'm sure if you look you will find many *nix tools which haven't had any meaningful changes in a long time even though they are regularly used. For everything else the fundamental reason is that requirements change, hardware changes, new ideas come along and so there is always more that could be done to make something 'better'.

7
3

Ex-SpaceX avionics tech loses safety certificate-forging wrongful dismissal lawsuit

The Mole

Re: With friends like this ...

Whilst you get to choose who you hire, expert witnesses are meant to be independent acting on behalf of the court. They are duty bound to reveal anything they find which is relevant regardless of whether it is beneficial for the people paying them.

11
0

Amazon granted patent to put parachutes inside shipping labels

The Mole

They are also meant to be inventive.

I'm pretty sure delivering goods by dropping them out of aircraft attached to parachutes is not inventive.

Having labels on them describing where they should be dropped isn't inventive.

Self adhesive parachute connectors may be inventive I guess - after all most people would want a better guarantee that the parachute stays attached to the cargo all the way down.

0
0

SSD price premium over disk faaaalling

The Mole

Re: ReRAM?

Doubt they are particularly counting on new technology. The two factors that are probably most responsible are new entrants/factories increasing supply allowing competition to drive down prices, and over 5 years the upfront capital investment should have been written off (or down at least) reducing the production costs per unit.

0
0

While Microsoft griped about NSA exploit stockpiles, it stockpiled patches: Friday's WinXP fix was built in February

The Mole

"It sold a defective product and wants to be paid to fix it. How many other industries would get away with this being standard practice?"

I'd actually (controversially) venture a guess the answer is most other industries. The only exception are those where the issue is actually directly safety critical. I'm sure Microsoft would strongly claim that there product isn't intended for safety critical purposes (except perhaps Windows for Warships) and if people use it inappropriately then it isn't there fault. I've got a pair of walking boots where the seams have come apart on both shoes at exactly the same time (obviously a manufacturing or design flaw). If this had happened on a mountainside I could have been seriously injured or stranded over night, however I don't expect that the manufacturer is going to do a recall on them.

Perhaps Microsoft did act wrongly in this case and should have released the patch sooner if they knew it was actively being exploited (I've got some sympathy to this argument), but backing it up with straw men about 'other industries' isn't the argument to pick. After-all if you want to compare to the car industry the more reasonable comparison isn't handbrake problems but instead the door lock being easy to jimmy and the car to hot wire. I haven't noticed the motor industry retrofit more secure locking mechanisms to all those 80s and early 90s cars which suffer from this security issue, they just design their newer releases to be more secure.

4
1

Leaked: The UK's secret blueprint with telcos for mass spying on internet, phones – and backdoors

The Mole

Re: Hmm, bugger off, government. I didn't elect you, and I don't respect you

"Also, why this issue with May in particular? Either (like me) you didn't vote Conservative, in which case they're all pretty much as bad as each other. Or you did vote Conservative and ended up with a PM who seems pretty standard tory as far as I can see."

You may want to read up on all the big brother style laws she tried to push through as home secretary. She is definitely towards the authoritarian end of the spectrum, even when compared to much of the Tory party.

21
1

UK boffins steal smartmobe PINs with motion sensors

The Mole

Re: APIs not to blame

"The APIs used in this case aren't the vulnerability, they just expose it"

No they expose the attack vector, the process of exposing that attack vector is the vulnerability and in this case the API implementation within the browser is the vulnerability.

0
1

Capacity shortage hits AWS UK micro instances

The Mole

"Amazon was, at the time of writing, unable to say why its normally elastic compute cloud was unable to keep the newly launched UK micro instances from running dry."

Elasticity isn't magic. If they haven't brought and new hardware quick enough (or there was an abnormally large surge) then there is no hardware and they would have run dry.

4
0

Anyone for Virtual Monkey Tennis? Telco tries to sell us on 5G

The Mole

Home broadband

I totally agree those speeds have little benefit in a mobile phone. In a dongle/homehub however allowing you to stream 8k video to our 50 inch tv is a compelling use case, particularly for those people who currently live at the far end of some damp string. Of course you'd use your monthly data allowance within a couple of minutes but ignoring that it is probably cheaper to roll out than fibre to the premises (or even to the cabinet) particularly if you convince people to drop having a real phoneline (perhaps having a virtual one connected to the homehub to bridge the gap).

0
1
The Mole

No, the systems aren't 100% efficient to begin with. If you only need to spend 50% of the time to send the same amount of power, but if sending uses 10% more power, then in total you are only using 55% of the power than you were before.

0
0

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing