* Posts by h4rm0ny

4560 publicly visible posts • joined 26 Jul 2008

Google unveils Windows 8.1 zero-day vuln – complete with exploit code

h4rm0ny

Re: Can't stop laughing..

>>It's a case of "here's a security hole in your product" then "<no repsonse>"

You're saying Microsoft never even acknowledged the Google team's contact of them? Are you sure of that?

h4rm0ny
Facepalm

>>"It really depends on how important security is to you."

No, you're simply unfamiliar with the complexities involved in this sort of software. When I was working on this sort of project, we had a strict release procedure - we had to because it was very complicated system-level software performing critical functions. Pre-release testing took a couple of weeks and had to be done against signed-off code. So I fix bug X which is an important bug. Then bug Y comes in. Do we stop the whole release procedure and hold back bug X for the sake of getting bug Y in? Yes, we can then get bug Y resolved earlier than it would be otherwise, but it's at the cost of bug X being fixed later than it otherwise would. Not to mention a huge amount of wasted resource because we've cancelled an update process part way through when bug Y came in. And that is an EXTREMELY simplified version of things to illustrate the principle that you can actually make your software LESS secure by holding things back to include the latest issue found.

>>"So you're suggesting that this bug is too complex for Microsoft to fix in a timely manner, and have hence ignored the report with the hope it would go away?"

No, I'm not suggesting that and nowhere did I say anything like it. If you want to have a conversation with yourself, I'm not stopping you but please don't pretend one participant in the conversation is me.

>>or that would make you an "armchair developer"

Well no, I have experience of systems level programming and have worked on very large software projects of a critical nature so I have some familiarity with this stuff. And more to the point, I'm not the one asserting that deadline X is appropriate for a codebase I have no familiarity with. Maybe 90 days is suitable, but I doubt it and I know enough not to make confident statements that it is without any knowledge of it. That is why they are "armchair developers" - because they are making assertions without familiarity. I have not done so. I'm just pointing out they (and you) have no idea whether it's right or not. If you struggle with that concept then let me point out that the 90 days is a set period. So you think one size fits all? Obviously it doesn't. Ergo, it's arbitrary and doesn't respect actual needs.

>>"There have already been comments here along the theme of "volunteer OSS developers are able to do it".

So... you're saying 90 days is appropriate because some people here say that it is? See icon.

h4rm0ny

Re: Lets all be anonymous...

>>But you asked "So now companies have to report to Google?"

Yes, and if it had been Apple that did this I would have said them instead. It's not particularly relevant that it's Google as to whether this is harmful or not. It's only relevant in so far as discussing motivations.

>>But let's flip this one around - if it where the other way around, would you be defending Google?

Yes. I don't see why Android users' security should be put at risk, or anyone else's.

>>"Of course not - but what is their motivation?"

I have already explained that in my previous post. In this case, as it's obviously not going to be helping Microsoft and this is harmful to users' security, the answer is PR.

>>"but I think they have a vested interest in securing the Internet in general - it's "their" platform"

No-one is going to stop using the Internet - even people who have been hacked. It's just a non-issue. The only question that is asked is what way people use to access it. Google do not need to protect against people no longer going online. But they do want people to use their products to do so rather than those of one of their main competitors. That is an actual thing they try to safe-guarding. And alongside usability and cost, security is the other big way you persuade people to use your way over a rivals. So obviously Google have no motivation to help Microsoft make a better product. But they do have a motivation to appear to be the most security-aware by publicising competitor's flaws. This is not complicated stuff.

>>"No. The fact that it is Google is irrelevant - it just so happens that they support full disclosure, rather than security through obscurity (both have their merits). "

Again, it is irrelevant to whether or not this harms people, it is - obviously - not irrelevant to discussion of Google's motivations whether or not we're talking about Google. Unless of course it's a motivation that is universal which it is not. You say it's about "supporting full disclosure", but we're actually talking about applying this to your competitor's products and setting your own deadlines and decisions on how your competitor can behave by using their customer's security as a threat. That is not universal behaviour and in fact is not how most security companies behave (if any).

h4rm0ny

>>"This isn't like a few holes where the fix might break other behavior or is complex"

You are either biased or have no experience of large-scale systems development. Regression testing, platform testing, prioritizing of finite resource. Nothing in developing a mainstream OS is not complex. I used to work on a large, low-level project (an OS, but an industry-specialized one, not a user-orientated one). Around forty full time developers and a testing department of around eighteen people. Even the smallest change I made had to be incorporated into testing schedules that went to weeks just as part of the normal process. If we did something out of band - something vitally urgent (which thankfully I only recall happening once), it would involve beginning again and many late nights for our testing team. Therefore our fixes were properly prioritized and we wouldn't hold up a more important fix or feature for the sake of a lesser one. You had a pipeline. And you didn't suddenly stop the process whenever the latest issue came in because that would be holding back more important things.

Basically, all these people going "it's not complex" or "90 days is plenty of time" are armchair developers speaking about code they have little idea of and processes they have no familiarity with.

h4rm0ny

Re: Good on them for releasing information about the vulnerability

>>"If Google took more than 3 months to respond to a vulnerability report then they would also be treated with equal contempt as Microsoft."

Obviously false. Just look at the voting in this or any similar article. There are a legion of Google fans who will downvote even factual posts if inconvenient. Bar the odd outlier, that is far less the case with Microsoft. There's a heavy Google bias on these forums.

h4rm0ny

Re: Lets all be anonymous...

>>"The fact that it is Google should be irrelevant. They have to respond to security reports from whoever they are from, if they care about the security of their systems and products."

The fact that it is Google is irrelevant. I'd say the same of any company that set itself up as policeman of the Internet and tried to get other companies to organize their development schedule around their demands, threatening the security of their customers as a threat.

But it's not irrelevant in a couple of other senses. If it weren't Google, but for example Microsoft releasing exploits for Android or OSX, then you wouldn't see the same "more than enough time" crowing posts. You could also suppose that the motivation of, say a company like MacAffee reporting such a problem, would be different than one doing so against their main competitor. Google are not motivated by improving the Windows OS. Anyone who thinks they are is an idiot. So yes, reasons for publishing such exploits are also different because it's Google. Symantec et al. become aware of vulnerabilities all the time and don't see the need to publish template exploit code and set arbitrary deadlines. Just Google the White Knight does that, who will nobly protect our security by telling the world how to compromise it.

h4rm0ny

Re: The canned response doesn't help

>>"I didn't propose an Inside Job scenario - that was you reading 'manipulating' as being an overt coercion e.g. blackmail."

You're not going to admit that you didn't actually know what this bug did when you wrote about getting someone with login credentials to do their dirty work for them? It doesn't really matter even if you pretend that you did know what the bug does when you wrote that. In any scenario you're talking about getting an insider to do something for you - whether that is "blackmail", bribery or calling them up and pretending to be the IT department, they're not doing anything they don't already have permission to do and whether it's bribery or telling them convincingly on the phone "download this program and click Run", the UAC prompt is not going to make much difference. Not that downloading a program from a link doesn't prompt its own set of equivalent warnings, anyway.

Straight question - did you understand what this bug actually did when you wrote your original post? I think it's pretty clear you didn't and now you're trying to get around that because you don't want to be wrong on the Internet. Honest answer, please.

h4rm0ny

Re: The canned response doesn't help

>>"Bull. The attacker may try manipulating someone with valid login credentials into doing their dirty work for them instead!"

Didn't actually read the bug description yourself, did you? The bug allows software to bypass the UAC prompt (i.e. "do you want to allow this program..."). It is only of use against those who already have Administrative privileges. If the scenario you propose were to occur - i.e. an Inside Job, then presumably the infiltrator would be willing to click "Yes" to the UAC prompt anyway.

Some people are in such a hurry to pin blame, they don't even understand what they're blaming someone for.

h4rm0ny

Re: Lets all be anonymous...

>>"90 days is more than enough time to come up with a plan for handling it and then communicating that with the security researcher to get more time to fix the problem."

So now companies have to report to Google?

h4rm0ny

Re: Sick and tired of microsoft

"Microsoft is not the company that they used to be"

I'd agree with you there - Google are.

h4rm0ny

Re: Good on them for releasing information about the vulnerability

>>"Releasing the proof of concept will help the person trying to fix this bug to test if the fix is effective with the person affected"

Sharing the proof of concept with the person trying to fix the bug helps them test. Releasing it generally, is a PR move.

h4rm0ny

This is basic PR. Does Google have a competitive interest in Windows being a better OS? No, they don't. So do they therefore benefit from silently and constructively helping fix bugs in a non-destructive manner? No they don't. But loudly pointing out vulnerabilities in a competitor's products (to the detriment of its users)? Yes, they clearly do but with the caveat that endangering those users would make them look bad. So clearly what is needed is a way of pointing out those vulnerabilities but making it look like they're not the ones endangering users. Ergo, decide on an entirely arbitrary time scale and say you have given notice and it's your competitor's fault the users are harmed by your publishing this information because they could have fixed it.

Of course the time scale is arbitrary so sometimes your competitor will be able to fix the issue in time and sometimes they wont - hits and misses. But it's necessary so that you appear to be the responsible one.

What is particularly silly is all these armchair critics here saying "90 days is enough to patch it" with NO idea of what fixing it involves. Maybe it is, maybe it isn't.

Equally silly is the person in the article arguing that now we can all take counter-measures. Yes, I'll just reverse engineer the Windows sourcecode and whip up a fix, now. Of course on the other side of the equation, the black hats can just copy and paste Google's helpful How To and tweak to their needs. Yes, a Windows PC still needs to already be partially compromised to exploit this bug but it's the principle as well.

This is PR. If it doesn't look like PR, that's because it's well done PR.

Want to have your server pwned? Easy: Run PHP

h4rm0ny

Re: PHP isn't a language.

PHP is a language.

h4rm0ny

Re: And the alternative is ?

Python.

Why did you leave that off your list of other options?

h4rm0ny

Re: Seriously, he actually believed the advertised PHP version on the server?

>>"Oh, holy fuck! If you start messing around with version numbers for that kind of shit you really will have problems."

Before leaping in with conclusions, make sure you understand what is being talked about. It's a config setting in Apache that decides whether or not it will accurately report version numbers to a requesting client. It's not messing with actual version numbers or what will be reported internally. It's override for external requestors. What the OP is talking about is very common practice.

h4rm0ny

Re: Seriously, he actually believed the advertised PHP version on the server?

>>"It doesn't matter, this security through obscurity technique you're describing is so pointless."

You've missed the point. No-one is saying that. The point is that this person's research on how many servers are vulnerable (and to what) is based on published version numbers. When disabling or altering the published version information is standard practice.

Islamic script kiddies aim killer blow - at Bristol bus timetable website

h4rm0ny

On the principle that no information is more accurate than wrong information, they probably actually improved the site's accuracy. ;)

OnePlus vs Micromax: Dream of Google-less Android now further away

h4rm0ny

>>"You could say exactly the same about the PC industry but just swap Google for MS."

That's the point - Google is the new Microsoft.

h4rm0ny

Re: Sounds like an opportunity for Linux for phones

>>"As Amazon have shown it's possible to build a Google free android device (more the tablets then the joke of a phone). But is Amazon "less evil" then Google, or Apple..."

Doesn't matter - they're competition. Helps keep technology open and prices fair and promotes merit. It's largely a distraction to focus on "Good vs. Evil", I prefer to focus on "good vs. bad".

Freedom of Info at 10: Tony Blair's WORST NIGHTMARE

h4rm0ny

Re: Which law?

>>"Remember his wife is a human rights lawyer"

That's like a midwife being married to King Herod.

Though in reality, I don't think she does much for actual human rights. Maybe on the odd occasion they don't conflict with her husband's business interests.

Frustration with Elite:Dangerous boils over into 'Refund Quest'

h4rm0ny

Re: Arguing over nothing

>>I realise (unlike apparently many others) that funding E:D was going to pay for about 2 hours of developer time

Can I come and work at your place? I would like to be paid one and a half million pounds for two hours work. For that much, I'll even code in Visual Basic if you want!

h4rm0ny

Re: Arguing over nothing

>>"People may not like this, and scream Entitlement all over the Intarwebs, but it still doesn't change this simple, but harsh fact."

And wherever there is a harsh fact, there always appears someone who takes distinct pleasure in saying "I told you so" (whether they did or didn't). But the thing is, "Entitlement" as a pejorative is for all those people who think they should get something just because they want it - the immature "do what I want" mindset. It doesn't really apply to people who paid a hundred quid of their actually earned money toward something. I'm not a big believer in rambling examinations of right or wrong, I assess things on whether the consequence is good or bad. If we all take your attitude of 'there was no legal obligation for them to honour their promise so its your own fault' then all that does is blacken the name of kickstarter and similar good faith projects. If someone lies (and they must have known long in advance that this promise would not come about and whilst they were still taking people's money based on this idea), and people like you just pour scorn on the victims, then all that ultimately ends up happening is damage to other kickstarter projects, community efforts et al.

Trust is important. Good faith is important. Lack of them is directly harmful to a society. Those taking an attitude that there's no legal obligation so you get what you deserve are doing no-one any good except their own sense of superiority.

h4rm0ny

Re: development practices

>>"Or has somebody actually got a valid objection?"

You seem to be trying to dismiss people's anger on the basis of legality. That may be the cause of several downvotes. Someone started a project to create a new Elite game and a number of people who wanted to see such a thing come about donated their own money to help this thing come about knowing full well that they were subsidizing others, paying over the odds, just to help it come about. Many more people came in to do that because they specifically asked if it would have a key feature for them and were told that yes, it would be added. Whether or not this was a deliberate lie at the time, the company certainly knew long in advance that the promised feature had been abandoned so it became one.

Whether or not it was buying a finished product, people were lied to in order to get their money. The lack of a legal commitment to deliver on the feature is immaterial to the fact money was gotten out of them on knowingly false information. However, you seem to wish to dismiss their anger and right to complain on the grounds that they had no legal protection to ensure the feature was delivered.

Lack of legal protection doesn't remove someone's right to be angry over being cheated (as they perceive it). It just seems to give you an excuse to dismiss their angry on the grounds you think they should have known better. Legality and Ethics are not the same thing. Someone who voluntarily donated money at their own risk for something many would benefit from and often at greater sums than they'd actually have to give if they just waited to buy the game, has actually invested more than the person who waits to buy the game. Should not the person who invested more have a greater right to anger over being deceived than someone who paid less, risked less?

The normal response would be to say "yes, they do have more reason to be angry". Except you keep introducing some caveat to say it's not so because they should have known better / should have waited for legal protection. You're essentially placing the blame on them rather than on the company that deceived them for a long time. I actually think it's a rather dangerous mindset to substitute legality for morality and argue, as you implicitly are, that people's anger at being cheated is not legitimate if they showed good faith rather than demanded contractual basis.

Go ahead and argue that it's foolish to expect something promised if there isn't a legal obligation accompanying that promise. But I regard that as a rather tragic worldview and if adopted universally would lead to a lot of promising kickstarters and other things dying a rapid and unnecessary death.

People were promised something to get their money and then it was not delivered. That in itself is an immoral act that legitimizes anger. Blaming the victims to dismiss their anger as legitimate is not good. And that is how your posts seem to me.

h4rm0ny

Re: Arguing over nothing

>>"I don't think that's correct. As far as I can tell multiple people can discover and explore and get the money from flying through the same system."

My understanding (it would help if there were an actual manual for this game) is that yes, you can still get some money, but that it's reduced because other people have already gathered the information and put it on the market. It's intended to simulate Supply and Demand with the information being available from different sources reducing the profitability. Right now there are a lot of systems that are blank slates and you can't buy information on them. As people map the galaxy, they become known systems and you can and rewards go down as well. I don't have a reference but that's what I believe the developers have said. So much of this is word of mouth that it's really difficult to actually know how the game really works.

h4rm0ny

Re: YOU GET TO FLY A SPACE SHIP, IT'S FUN!

tantrum. n.: The anger of a person who cares about something I do not care about myself.

h4rm0ny

Forums

The official Elite forums are some of the most defensive and knee-jerk aggressive forums I've seen right now. Pretty much every criticism or even mild feature request someone makes is hit with a barrage of some or all of the following: "Go play Eve", "Realism" (so why do inert objects come to a stop in Space, then?) or "that's the way the game is, don't like it don't play it". Purely for amusement of people, I'm going to post this exchange from their forums. :)

Thread starter: Doing a mission from the moon station to alpha centauri. How hard can it be...... 10k profit for 2 silver deliver.........Hutton Orbital is 0.2someting LIGHT YEARS away from the drop point. Come on guys.... thats just ridiculous. Flying 1250c at the moment and there is 1:23 hours left. Sitting here just staring at the screen. Please weed out these kinds of systems or make inter-system jump nav points

Respondent: Gotta check systems before taking on missions. No mercy. Look at the Semi Major Axis for the sun's of a system. The number is expressed in AU. 1 AU = Distance Sun<->Earth = 150million km = 8Lm = 480Ls. So if you are going to a multi sun system with suns circling around each other with a distance of say 300 AU then you know you have to fly 300*480Ls = 144000Ls if the station is at the 'other' sun. Too far. Backdraw is that the semi major axis is often only given for 2 partners circling each other in close proximity and that pair is circling around another larger sun, then look at the other suns semi major axis, it's at least a hint.

Kind of amusing. At least I thought so.

h4rm0ny

Re: Arguing over nothing

>>"Those who found a game online, backed it online, paid online and have to download it online and complaining they're not online to play it baffle me."

Perhaps because you've missed the part where they were told they'd be able to play it offline?

The oft-repeated part about having to connect is not the whole story. Yes, there are plenty of people who legitimately complain that they cannot play it now because they planned to play it whilst commuting or have metered access and so on. But there are also other issues this brings than "just" the necessity of being constantly connected. (1)

Forcing the game part of the online play (all "solo" mode does is make you and other players invisible to each other, you still see all the effects of their actions) has several unpleasant consequences:

* You can't pause the game. Not kidding. You can log out and vanish from the map and when you log back in you'll still have your cargo and be placed roughly where you were before, but everything else will have moved on. Things moved, missions expired, prices changed. Basically anyone who has a need for interruptable gameplay is immediately set-back significantly in their ability to play this game. A solo game you can pause, even in the middle of a battle, to take a call from a friend, make some tea, whatever. In ED you are chained to the keyboard or penalized. And I do mean penalized. Missions expire and carry rep and financial consequences if you fail them and they all tick down in real time.

* No replayability. The universe moves on. If you want to make money as an explorer charting new systems (part of the game) you have to do it now, because it's all being done by other players right now. If you start the game six months from now you're going to be getting a very different experience than if you start right now. Already it's impossible to "start a new game" in the traditional sense. You'll never be able to "re-play" ED in the way many people like to.

* You can only have one character. Many people like to try different ways of playing and use different characters to do that. But to avoid "exploits" that has to be limited in online play. So currently you're allowed one character which is who you'll always be.

These are each important things to many players and their absence is a direct consequence of the removal of offline play. You can see why people are pissed.

(1) And just to note, you don't just have to connect to Frontier Development's servers, the game demands open peer to peer so if you need to control where your computer talks to good luck with that.

NUKE HACK fears prompt S Korea cyber-war exercise

h4rm0ny
Boffin

Re: I would hope ...

If the North Koreans have obtained a complete technical reading of this power station it is possible however unlikely they might find a weakness and exploit it

'Turn to nuclear power to save planetary ecology from renewable BLIGHT'

h4rm0ny

Re: Nuclear ANYTHING is disastrous!

>>"For those that believe that there is a safe, reasonable solution to the storage of nuclear waste I suggest you volunteer to have some of this stored in your garage "

Why is it some people think that unless someone is willing to bathe in nuclear waste they're not allowed to discuss how to dispose of it? I think gas is relatively safe as well but I'm not going to fill my house with it.

h4rm0ny

Re: Dunno about warming @H4rmony

>>"Hydrogen is not a method to store energy H4rmony and I never said it was, it is a gas that burns with an almost invisible flame and has no odor."

So did you just out yourself as the AC I replied to? Well anyway, they or you wrote that Hydrogen gives back less energy than it takes to "produce" it. I pointed out that this is true of all the methods of storing energy that we have. And yes, Hydrogen is a method of storing energy. You can't be that dense. Unless you think that a battery is not a means of storing energy but just lithium, a silvery-white metal with a high reactivity.

You're also aware, since you bring up "burning", that Hydrogen Fuel Cells don't use combustion, I hope. No hydrogen is "burned".

>>"You continually offer the use of hydrogen as a "solution" to our energy needs,

I haven't done that even once. Your comprehension of my post is dreadful. Hydrogen is not a source of energy. It is a way of storing it. Use electricity to produce it, instead of charging up a heavy battery with a very limited lifespan or pumping water uphill or whatever other means of storing energy you care to name. And then use a fuel cell to get the energy back later.

I have proposed nuclear as the "solution" (your extreme interpretation of my position, btw), possibly with solar alongside. These are the ways to meet our energy needs and replace fossil fuels. I'll repeat, since you got it wrong in the very first line of your post - hydrogen is a way of storing energy.

Most of the rest of your post is various facts you seem to have Google'd up but don't have the familiarity with to understand the context. For example your confident assertions about how hydrogen couldn't be stored in a car or how it would explode in Texas. You realize that Toyota are mass-producing a hydrogen car, yes? And that this is a road-legal vehicle in the USA (including Texas, you know). You dig up random bits of information to try and prove something can't be done even whilst it's happening! Example: you confidently assert "At room temperature, liquid hydrogen tanks must be vented or they will explode". What, any tank? Regardless of thickness / material / manufacturing process? Have you any idea how stupid what you've just said is? I'll tell you exactly what has happened here. Of course you know, but I want you to know how obvious it is to everyone else as well - you have gone to a search engine and typed in phrases like "hydrogen tank" and "temperature" and "explode" and found someone who makes hydrogen tanks that have to be refrigerated and then come back saying "Ah ha! Hydrogen tanks explode if they're not vented!". You'd better go and tell engineers who have built cars that run on hydrogen that their cars can only run in sub-zero temperatures. Because apparently you know better than them.

>>"the electrical energy it takes to do so, is enormous compared to the process of combustion. It takes more energy to produce Hydrogen than you can ever get in return.

Ah, I knew you thought hydrogen vehicles worked on combustion. You have no idea what you're talking about. In fact there are two things wrong with the above. Firstly, the obvious fact that you're talking about combustion which has - let me emphasize this - NOTHING to do with what we're talking about. Secondly, that your objection is that you get less energy out than you put in. It is a STORAGE medium. You get less energy out than you put in with any energy storage mechanism whether that be even the best batteries, pumping water up hill or anything else. You're condemning hydrogen for not breaking the laws of physics!

>>"Since you OBVIOUSLY can't understand, check the following link"

I think I've figured out the search terms you used - you just typed in "hydrogen safety" didn't you? Your link is one of the first results for this. You might have copied selected parts from this link for your post but you plainly haven't understood it yourself (whilst asserting that I "can't understand"). For example, you talk about how you couldn't have a car in Texas that uses hydrogen because when it got hot it would explode. Your own link shows that hydrogen has an autocombust temperature over twice that of gasoline vapour.. It gets better. You use an argument about how you wouldn't want to smoke around a hydrogen truck. Well no, that would be a safety violation but again, your own link shows that hydrogen has a vapour density of less than 3% that of gasoline vapour. In fact it's about 7% that of air. You know what that means? It means smoking around a hydrogen truck is safer than smoking around a propane tank or a gasoline tank. Because whilst both of those are denser than air and will linger, hydrogen will disperse faster than any other gas. I mean smoking around either is silly but your own argument is shot down by your own link because you have not understood what you are saying.

>>"As Hydrogen is not the best choice, then the only alternative gas is CNG or LNG. Both are being used as fuel right now and are far cleaner and safer than hydrocarbon liquid fuels like gasoline or kerosene."

They're not cleaner - the output of a hydrogen fuel cell is water. Safer is a relative thing - both are combustible materials but there are strong reasons why hydrogen can actually be safer, e.g. you never need to deliberately burn it and it disperses upwards immediately. In either case, both require sensible safety measures but the point is that hydrogen is no more dangerous than natural gas and in some ways safer. But the simple fact that you call the gas cleaner shows how very little you understand.

I honestly prefer arguing with Trevor Potts as at least he makes factual arguments and valid points even if accompanied by violent threats. You however, reach depths of ignorance I did not know existed. How you can know so little and yet not be aware of your own ignorance is a mystery that may never be solved. Go and inhale some hydrogen - it might increase the density of your head a little.

h4rm0ny

>>Certainly we need fusion power, and asap. Fission is a dead end.

Want to support that? Not the part about fusion power, that would be lovely. No, the part about Fission being a dead end. The principles of Physics are unlikely to alter any time soon and there's enough fuel to keep us warm and toasty for centuries to come, so what makes it a "dead end" ?

h4rm0ny

Re: How many errors can you fit in one paragraph?

>>"In 2014 renewables are going to have contributed somewhere in the region of 15% of UK electricity supply. How is this paltry?"

Primarily because it's relative to the amount of the resource that has been put into it. Yes, it wouldn't be paltry if we were talking about people peddling bicycles to generate it. But for the amount of money and environmental impact that has been put into Wind power, you could be seeing many times that amount of electricity from other sources.

>>"As you well know, energy price increases <> energy bill increases because energy consumption is not static. Average household electricity demand is down about 15% since 2005 and average gas demand is down more than a quarter."

The article is stating that actual bills have risen. So if you're stating that usage is actually down then that makes the situation worse, not better. And what are the reasons for electricity usage being down? If it's better insulation or similar, then that's no credit to wind power, it's something that is independent of energy source. If it's down to rising energy costs however (which surely is a factor), well then that's not a good thing, it means people are being driven to use less by the increased costs of which renewables are a very large part.

>>"Costs of support for renewable energy amounts to 5% of energy bills and about 5% of the increase in bills since 2010."

Those are actually pretty big sums of money. You got angry at 15% being called "paltry" despite the huge cost of that 15%, but you want to dismiss 5% surcharge on energy bills. And in reality, the cost is much higher because investment and development of the renewables has taken the place of other more economic means of energy production. It has displaced better technologies.

>>"15% of electricity supply isn't far behind nuclear. So do you believe that nuclear is also giving us very little in the way of carbon reductions?"

They both do offer much reduced carbon. The difference is that Nuclear is viable by itself and you still get that reduction. Wind power relies on the reduced carbon argument to sell itself. As you have just admitted, carbon reduction is comparable between the two, so why go with the hideously inefficient and expensive one?

h4rm0ny

Re: Dunno about warming @H4rmony

>>"Please stop speaking about "hydrogen" It is the biggest fallacy there is. Hydrogen cannot be contained for lengthy periods, is VERY dangerous and takes more energy to produce than it will give back. Useless!"

Let's take this in order of easiest first. Hydrogen isn't a source of energy, it's a means of storing it. And no means of storing energy we have is 100% efficient. You could as easily say "batteries - we get less energy out of them as we do charging them up" and it would be just as true and just as useless as an argument for or against them. All that your statement proves is that you either don't understand that it's about storing energy rather than producing it, or you're trying to pull a fast one with things that sound Truthy. If the latter then you pick a forum with a bit less technical knowledge floating around it than an IT news site.

Let's talk about storage next. There is the oft-bandied around fact that Hydrogen can leak through steel. 'Goodness!' think most people - how can you ever contain it? Well the answer is that the "leaking through steel" is true but critics keep seeming to ask the question the rate at which it leaks through steel. It's not that fast. Fill up a tank with hydrogen and by the end of the year, you'll have a bit less hydrogen in it. It's not the big deal people make it out to be. The rate also obviously depends on the pressure which drops over time as well so the rate decreases. A bigger issue is hydrogren embrittlement but you know what? We have ways of dealing with that.

Finally, let's deal with "VERY dangerous" (your capitals). It's actually not that dangerous. People die from electric shocks every year - are you against mains electricity too? One nice thing about hydrogen, btw, is that it rises. VERY fast. You know all those Hollywood car explosions which are a giant ball of flame (not that realistic, but that's Hollywood for you). Instead picture a tall candle of flame that vanishes rapidly upwards. That's hydrogen. Nice, eh?

>>If you are opposed to Nuclear, we have Natural Gas

Wait, weren't you just attacking Hydrogen for being "VERY dangerous". And now you're in favour of something that explodes far more dangerously? I'm confused. Or you are. Let's go with you.

And I'm not opposed to Nuclear - that's pretty much the point of my posts here: Nuclear is great but it doesn't ramp up or down very quickly so to deal with fluctuations in demand run high and put the excess during dips into hydrogen to power our vehicles. Beautiful.

>>"CNG or LNG doesn't matter. It is as clean as any alternative because the percursors for all the "Alternative" energy sources create more CO2 than it does to EFFICIENTLY burn Natural Gas or use it in Fuel Cells."

CNG / LNG certainly aren't as clean as a hydrogen fuel cell at the end stage because hydrogen fuel cells waste product is water. And they're not cleaner to produce because your "Precursor" you seem to care so much about can be nuclear power. How anyone can compare the "EFFICIENT" burning of anything at all (your caps again) with nuclear power, I can't fathom. Combustion verses atoms splitting? You think the former could ever be more efficient than that? (Sorry - EFFICIENT). Several billions of tonnes of waste into the atmosphere versus a few hundred tonnes of easily collected and containable dense metals? And you talk about "clean" ?

>>"Much Sturm und Drang about nothing. The fluctuations in solar output have more to do with the climate than these so called "scientists" will admit. Liars every one! Follow their source of money and you'll understand."

You're mixing your messages badly here. You know that Lewis Page is actually quite the critic of AGW? One of the main points is that Nuclear makes sense regardless of which side of the debate you fall on (or even if you try to avoid picking one). Fossil fuels are running out sooner or later, they pollute the atmosphere with all sorts of things and they make us (speaking as a resident of a Western country) highly dependent on some very nasty and vicious regimes. Whereas we can get Uranium from Australians. Okay - they've inflicted some bad soap operas on us and their mice look funny and are seven foot tall, but they're generally pretty nice and I'd far rather buy a small amount of Uranium from them than endless tonnes from the Saudi and Qatar regimes.

Your post is ill-informed and all over the place as regards its point. But as you took the time to single me out in your topic title, enjoy my reply.

h4rm0ny

Re: Dunno about warming

>>Fukushima harmless?

Well if you're going to take positions to extreme absurds then no. Very few accidents are completely harmless. But in the history of power generation (any type), it's down there.

>>1. Bit early to say as radiation induced illnesses are ot like some virus, hitting everyone immediately (except for those worst exposed to heaviest doses).

If it's a "bit early" to say that it isn't harmful then it's a "bit early" to say that it is. You're basically just taking a Russell's Teapot approach here - you haven't been able to show harm so you're invoking the spectre that maybe we'll find out later that it is. We actually have an extremely good idea of how much radiation was leaked and precisely what contaminants. And we're able to compare the quantities with other nuclear accidents and - importantly - everyday "natural" radiation and activities like being a pilot. And you know what? It's not that high.

>>2. So, all that money,people, homes evacuated .... That's all costless, is it?

The real question is, is it necessary or is it an overreaction. Actually, there are two questions here - the other one being why are you holding nuclear to a standard that it must be completely harmless and there can never be any cost? Because if you apply the same standard to other power industries, nuclear looks pretty good. Do you know more people have been killed building and maintaining wind turbines than have died as a result of nuclear accidents? True fact.

>>3. Long term storage of the waste products in an increasingly unstable world (politically).

Why do you think the ever smaller amount of waste is so insurmountable a problem? The USA has an entire facility under a mountain where it can be stored. You seem to be conflating nuclear waste with nuclear weapons, btw.

>>4. So, no cooling water (that becomes rather warm) is discharged, no land used and irrecoverable in our lifetime, not even as a theme park. No cables, nothing.

I genuinely have no idea what you are babbling about.

>>it just shows the down-voters discomfort with views or facts that do not fit his ideas.

Seriously? The old pre-emptive "people who downvote me are biased" attack? In this day and age?

h4rm0ny

Re: Dunno about warming

>>"There's also the option of building various hydrocarbons (for which we already have the distribution infrastructure) out of carbon dioxide, hydrogen and energy."

True and if the numbers work out, that would definitely have the advantage you say - existing infrastructure. However, I would like to see a move to hydrogen fuel cells because it leads to much cleaner air and is a lot more pleasant to be around. Converting petrol to hydrogen for the sake of that would not make sense. But if it's a choice between turning your electricity into hydrocarbons or hydrogen, then long-term hydrogen would be preferable.

h4rm0ny

Re: Dunno about warming

>>"Fukushima proves the point, and from one of the most technologically advanced countries on the planet."

Perhaps not the point you think it proves, though. To me it's an example of how multiple reactors from 1960's designs, built over four decades ago not only survived one of the worlds most powerful recorded earthquakes without melting down or leaking significant radiation, but also survived the following tsunami still without significant leakage.

Add on four decades of improvements and safety features, I'm pretty happy about it. Is that the point you were thinking it proved?

h4rm0ny

Re: Dunno about warming

>>"the downside is that there is little demand in those areas so we need mahoosively long and expensive power lines to get the power to where it is needed."

Oddly enough, that's actually feasible and cost-effective. At least from the study I read on the idea. But it doesn't need to be done that way, either. I'm actually very in favour of using hydrogen fuel-cells to power vehicles. Middle East states could go from being main exporters of petrol to main exporters of hydrogen quite comfortably, if they wanted to. Toyota have a commercial hydrogen fuel cell car that has great range and power, far better than battery-power. So transmission by powerline is not the only way this can be hugely useful.

h4rm0ny

Re: This isn't about energy, it's about ideology.

Wow.

h4rm0ny

Re: How convenient...

>>"it's the most heavily subsidised industry in the history of all subsidised industries."

In the field of power generation, I think that honour would go to Wind power. In the vast sweeping context of "all subsidised industries", I'm not even going to touch such a ridiculous statement.

Nuclear "subsidies" are primarily the government providing the insurance since you can't get that privately. But the State absorbing the risk is not really the same sort of "subsidy" as say wind power. The latter is a definite and ongoing cost. The former is a chance of having to pay out but if all is well, not a cost at all. Calling it a subsidy is not really conveying to people what it is as people assume that means money is being handed over.

h4rm0ny

Re: Dunno about warming

In amongst your damning of renewables you include solar. Wind is almost a disaster as an alternative power-source and biofuels totally are. But Solar actually has a very positive role to play. It has been middling so far but it's a very immature technology. Unlike wind and biofuels there are a lot of good reasons to expect it to improve rapidly over the next decade.

What solar cannot do is provide a good baseline. We don't have the energy storage technology and even if we did, we'd need huge areas of land to generate enough energy. But what it can do is provide an excellent compliment to nuclear power. Nuclear is by far the best power technology for a number of reasons (until Fusion comes along, maybe!) but it doesn't ramp up and down quickly / efficiently. So pair it with Solar which ramps up in the day when our usage rises and down in the evening when it falls, and you have a pretty nice pairing with nuclear. There are also regions where solar can be much better too - deserts of North Africa and parts of the Middle East. These are areas where there is little ecosystem and consistent daylight hours all year round. Build some large solar farms in the Sahara or wherever and you have a nice source of power where it's not going to bother anyone. At scale, this could be pretty effective.

Finland ditches copyright levy on digital kit, pays artists directly

h4rm0ny

Re: Not pirates - just because you don't carry along a CD player anymore...

>>"These taxes/levies are not enforced because of piracy, but to "compensate" for "personal copies": you buy a CD"

No I don't. I buy an MP3 from Amazon. I don't think that I have bought a CD in at least four years.

h4rm0ny
Mushroom

How the fuck is this justifiable? So were I living in Finland, I would now be being forced to pay compensation for the actions of pirates?

MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for terrorism'

h4rm0ny

Re: they're not morons

>>"The very best IT admins are the kinds of people who, in the midst of a shit storm, will readily admit to their mistakes in order to prevent further harm, *to get the job done*. Officials at MI6 and other intelligence agencies could learn a thing or two from that."

But we have what I call a Daily Mail society in this country - we (as a nation) do not tolerate failures. Once the gutter press get hold of something they demand a head. MP loses his temper with someone and calls them a pleb? Dragged through the gutter and their political career on the line. Someone murdered on the street in a million to one event? The press want a head for their pike. Anything the press get hold of the pressure on the government to deliver a response his huge. MI6 can't simply say "we missed something, but mostly we're pretty good at this" because they'd be torn apart from the press that want their mournful and contrite confession and - preferably, someone to hound out of their job.

We are not a society that allows imperfection (in other people, of course). Buy a copy of the Daily Mail and read it whilst repeating to yourself "2nd most popular newspaper in the UK" repeatedly.

First is The Sun, btw. Third is The Mirror. We all live in Salem now.

Microsoft tries to defend Irish servers from US g-men invasion, again

h4rm0ny
Facepalm

Re: Good on Microsoft

>>"Exactly. So they only have their in Ireland? If that were true, that's not something to brag about if you're trying to make out that you're a highly available and scalable cloud provider."

Because Ireland is a tiny country that could catch fire and lose all your backups? It's just not safe having Dublin and Cork so close together!

Idiot.

Linus Torvalds releases Linux 3.18 as 3.17 wobbles

h4rm0ny

Re: I feel that I must defend Linux here.

>>"Remember, Linux is a toy - an impressive toy, to be fair - but still a toy, so it's unfair to expect the same of it as you would professional systems."

Apparently a child sees everything as a toy. Even if that "toy" underlies billions of £'s of business daily.

Idiot trolls are idiot trolls regardless of their target.

h4rm0ny

Re: Seems wrong...

>>"Is there any difference?"

Mint says 'yes'. Gentoo and Debian say 'no'.

Orion hacker sends stowaway into SPAAAAACE

h4rm0ny

Re: Boys and their toys -- in spaaaace

<a href="http://www.ruralking.com/media/catalog/product/cache/1/image/9df78eab33525d08d6e5fb8d27136e95/p/l/playmobil_toys_shark_7006.jpg>This one</a> first!

h4rm0ny

Re: Why the fuck ...

>>"Maybe if it was a deep space probe or at least a multi-year orbital mission. But just for two orbits in less than 4.5 hours followed by a splashdown? It sounds like the sort of publicity stunt the Reg SPB would do with with a balloon launched rocket powered 3D printed spaceplane rather than multi-billion funded NASA :-)"

Well I'm sorry that you don't get out of bed for less than a hundred complete orbits, but if others get a kick out of this - good for them. The thing about "publicity stunts" is that they're only a negative for bad causes. If this gets schools, enthusiasts or anyone else paying attention to spaceflight, that's a good thing, imo. Have you even looked at their site? Here it is:

http://mars.nasa.gov/participate/send-your-name/orion-first-flight

Go on - take a look. This is fun stuff if you're a kid, it's got a mock-up "boarding pass" for your name, you sign up for updates and you get to see maps of where it is and learn more about it.

Didn't you all get the memo? Being a jaded above-it-all cynic is so Nineties. Enjoying stuff and being enthusiastic is what the cool kids are doing these days. Go and listen to your Cure albums or something if you don't like it. :p

Manchester festival marketers fined £70,000 over spam ‘mum’ texts

h4rm0ny

Actually it is possible to fake a sender. Very nasty potential for abuse. Especially as any replies can go to the relevant entry in the phone's address book.

SMS is long overdue for a complete re-do but I don't know how likely that is.

On a related note: Bill Hick's on Marketing. I don't know if it's just confirmation bias, but I have found the field of marketing attracts some of the least pleasant types of people to be around that I've met. It's all the ones who are really full of themselves and think they're oh-so-cool, despite pretty much everyone outside of their niche group thinking they're arseholes. At least, that's an impression I have formed over the years.