* Posts by Tom 38

4341 publicly visible posts • joined 21 Jul 2009

EBay, you keep using the word 'SECURITY'. I do not think it means what you think it means

Tom 38

"Encrypted" passwords

Damn well hope my password wasn't encrypted, and was actually hashed.

It would have been more useful if they had said whether the passwords were salted or not. If my salted hashed password has been released, I'm totally "meh" about it, where as if my unsalted encrypted password has been released then I'm much more angry.

EE boffin: 5G will be the LAST WORD in mobe tech – literally

Tom 38

I was born with a hack that allows me to call people within 100m...

Brits: Wanna know how late your train is? Now you can slurp straight from the source for free

Tom 38

Re: Good Thing (TM)

Trains aren't that shit to be honest. I spent 5 years commuting by train, for 4 hours a day. Occasionally something really unexpected happens, and you get stranded for 2-5 hours in the middle of nowhere - that happened to me just once.

Infrequently, the first branch service would not show up, because the train didn't end up in the right place the night before or overrunning engineering works. Branch services definitely aren't as reliable as main line services, but if your main line train is delayed, they'll often delay the departure of the branch line to compensate.

The only thing bad about the trains are the cost and the overcrowding. The former is only necessary due to the latter. Everyone tries to get on trains that arrive between 8 and 9 am, with later trains basically deserted.

I suspect that it is all rigged so that commuters all travel at the expensive time - there is no significant benefit to taking a later train if you travel most days, the season ticket is the same price. This then constrains the off-peak price, because if they lowered it too much, commuters would travel later and buy individual day tickets (which would, incidentally, solve those overcrowding issues on the trains and tube and lead to a more even flow of passengers throughout the day, but hey, less money, so lets nix that one).

Here's my list of desired features from the train companies:

1) Flexible season tickets - I want to buy a season ticket of 30, 60 or 90 non-consecutive days, especially as I am expected to work from home two days out of every five.

2) Flexible walk up pricing on non-peak trains - if the train is empty, it shouldn't cost you more than £1 to ride it.

3) When I give you £6000 for a years season ticket, and in return you give me a machine processable token to get through entry gates, then the token should be durable and resilient. A paper card with a magnetic strip that lasts 2 months tops (1 month if its also a tube travelcard) is not sufficient.

3a) Stop making me carry my photocard, embed it in the ticket

Achtung! Use maths to smash the German tank problem – and your rival

Tom 38

Re: Danger!

I get it perfectly well - the law says that when you accidentally give access to information to someone not authorized, you're not publishing the data, and when the unauthorized person access that data it is unauthorized access to a computer.

The law is a fucking ass. Putting something online is publishing, allowing someone access to data is authorizing them to access it. The law says that these things are not publishing nor authorization, and so the law is - obviously - wrong.

It does not matter that you did it accidentally - don't have bad processes.

It does not matter that the "someone" is an unidentified anonymous internet user - that is who you authorized to access it.

Businesses and courts don't like this because it made their lives difficult, so instead they made the law difficult. Much better to redefine what "published" and "authorized" mean in newspeak than to properly secure your data.

Anyway, the whole point of this was not about the vagaries of URL manipulation - TFA suggests you can infer information from your competitors, and indeed you very often can.

Just be wary when you realise you can extract a great deal of information from them and think about the legal implications before you fire up a script to capture all that lovely information - it might be illegal to retrieve the information they have "published" and "authorized" you to access, for the reasons listed above.

Tom 38

Re: Danger!

When you take data that is not available and make it available to people, it is called publishing.

If you accidentally publish and distribute 10,000 incorrect leaflets, it does not stop being publishing because it was a mistake.

Tom 38

Danger!

Your competitors' websites can be a valuable hunting ground.

Yes and no. Say your competitor has accidentally leaked 0.1% of their records on their homepage, and you notice that by clever manipulation of the URL you can make it also reveal the other 99.9% (0.1% at a time), should you then go on to extract their entire database?

Common sense says that they have published this data, the law commonly comes down on those who extract databases in this way - just ask weev.

Big data? Internet of things? Sport of Kings inches into high tech

Tom 38
WTF?

a permanent 2Gbit wireless network

A what?

Dogecoin off the leash after Doge Vault admits server attack

Tom 38

Re: Physical access

It's easy to get physical access when you're the guy paying the bill each month.

Tom 38

Re: I am shocked and appalled....

I am shocked and appalled....

...at the standard of grammer in this article!

Good job you don't mind the spelling mistakes.

World loses mind: Uber valued at TEN BEEELLION DOLLARS, Pinterest pegged at $5bn

Tom 38

Re: Worth $10 billion

ckm5: Show us on the doll where the cabbie touched you

Tom 38

Re: Get in Early

There are reasons why regulation of cabbies exist - it is not just a cabal to limit supply - and it is unclear that the business model of Uber et al go far enough to obviate the need for said regulation.

But no worries, as you said, its not Uber's fault, we just need to re-align our thinking to accept low/no background checks on our taxi drivers, and having 10 mobile phones on the dash is de rigueur these days and not at all distracting to the driver.

Boffins run iOS apps on Android hardware

Tom 38

Re: Stop gap

This isn't virtualisation, it's emulation. The linked PDF does explain:

While virtual machines (VMs) are useful for desktop and

server computers to run apps intended for one platform on

a different platform [36, 44], using them for smartphones

and tablets is problematic for at least two reasons.

[…]

To address these problems, we created Cider, an OS com-

patibility architecture

This is how FreeBSD's linux emulation works, the linux binary is linked to it's linux libraries, and a special rtld that maps any linux syscall (which would be handled by the linux kernel) to an equivalent BSD syscall.

For cider they have to do a bunch more work to make API stubs for iOS user-space libraries, but the premise is identical.

Tom 38

Re: "run **UNMODIFIED** foreign binaries"

like Intel dynamically recompiling ARM code on x86 Android

Not at all like that, because this isn't recompiling or translating opcodes or anything like that, it is simply a shim around syscalls - the same original instructions run, not different instructions inferred from the original instructions.

Game of Thrones written on brutal medieval word processor and OS

Tom 38

Peter Dinklage is an awesome actor, check out these flicks:

The Station Agent

Death at a Funeral (2007 UK version, not US remake, although he is in both)

Tom 38

Re: Word bad, raw text editor good

Eight Megs And Constantly Swapping

(another vim fan :)

Tom 38

Re: @Badvok

The 'age' of the characters is irrelevant, the book is set in a fantasy world where there are dragons and magic and shit, there is no reason why their years == our years.

Timing is weird in Westeros - a good definition of a year is the time passing between seasons until you return again to the same season, and it has been "summer" for (at least) the past "15 years", so how a Westeros Year is defined is unknown.

Arya is 9 at the start of the books, Jon Snow 15. Do either Maisie Williams (17) or Kit Harrington (27) look 9 or 15? By the end of book 5 (maybe equates to season 5/6), they should be 11 and 17.

My conclusion is that Westeros years are longer than Earth years.

Tom 38

Re: "Windows is coming"

Well, one of the few complaints about GRRM is that it takes him an inordinate amount of time to write any one of his books. He apparently finds it hard to keep track of all the different stories going on, and is constantly editing and rewriting and moving bits around - I think I read somewhere that a typical writing day for him is 30 minutes new stuff and 8 hours editing.

Normally I'm quite happy to let artists do their artistic thing, but two things worry me about GRRM:

1) He's getting on a bit, and he's not exactly svelte. He takes, on average, 6 years for a book and he's got at least 2 left to write.

2) He's signed away the story of ASOIAF to the GoT crew, including the basics of the next two books. If GoT get to the end of book 5 (as a source; they've stopped following the books except in spirit) before book 6 is released, then spoilers will be in GoT and not ASOIAF.

Comcast exec says wired broadband customers should pay-as-they-go

Tom 38

Re: I hate the incorrect piracy warnings on DVD/BlueRay

Criminal copyright infringement is already criminal. There is such a thing as non-criminal copyright infringement, which, unsurprisingly, is not criminal.

Tom 38
Joke

It would be more efficient if they used a larger block size.

Tom 38

Re: Gouging

Actually, I've found the opposite. With my gigabit connection, my downloads go at 80+MB/s - thats megabytes, not bits - and as such, its very difficult to be constantly using my connection. 99% of the time these days, my connection is completely idle.

I would say that yes, possibly I download a little bit more than before - not much though, the majority of my downloads are automated, and haven't changed in quality nor quantity.

The main difference is that before my connection would have been utilised 20% of the time downloading things, now it is less than 1% of the time.

Really bad analogy with lots of holes: if you upgrade from a car that can drive to the shops and back in an hour to a car that can drive around the world in an hour then you might drive a little bit more than before, but you're not going to spend your time doing laps of the equator for the lulz.

You might however start going for coffee in Rome and the beach in Maui (think I've jumped the shark in this analogy now).

Tom 38

Re: Gouging

BT's best FTTP offering is 300Mbit down, 20 Mbit up for £60/month. 20Mbit is better than 1Mbit, but its a farce - there is no technological reason to not offer higher upload speed, BT just don't want you using more upload.

My ISP, Hyperoptic, only does FTTP (you have to be in a building they cover, usually new build), and they only offer synchronous connections - 20Mbit (£12), 100Mbit (£25) and gigabit (£50), all synchronous. It's even framed as ethernet where it comes in to my property, BT's FTTP still does PPPoE.

Surprise! Google chairman blasts EU's privacy ruling

Tom 38

Re: Forget-me-not

There is no right to be forgotten, there is the right to privacy (of the individual) and the contrasting right of free speech (of google). This judgement solely means that in circumstances where the two rights are in conflict, the court has the power to decide which right must be upheld, in that specific circumstance.

Google will not need an army of anything, since before anything will be forced to be removed by them, a court has first agreed.

Get cracking on STARTTLS says Facebook

Tom 38

Re: Hmm

However, for those using exclusively the likes of Hotmail, gMail, etc, encrypting in transit makes life that bit harder for spooks - they can't just dragnet them on the wire

If the email was encrypted in the users client, they still can't read it off the wire, so I'm not sure what your point is.

If they use a web-based client, their "client" is the web server servicing their requests, and all communication with that is SSL already (or should be). The "client" receives data over SSL, immediately encrypts it with the target users public keys, and stores a version encrypted with the senders public key (for sent mail).

Handling the decryption on the client side would require a piffly JS cryptography standard.

STARTTLS is popular with service providers because it gives point-to-point security whilst still allowing the service provider to do whatever they like with your cleartext - the poacher is telling the gamekeeper how to fix his fences.

We spend billions on making sure Joe Sixer can watch DRM'd HQ cat videos in his browser without the chance of Joe being so evil as recording it, but we cant spend 1% of that to properly fix email security...

Convergence as a new new thing

Tom 38

Good article, however:

If you have a pair of virtual servers on a particular host and they need to communicate with each other, they do so via the hypervisor's on-board virtual switch: the traffic doesn't ever even hit the LAN switch underneath. By cutting out a number of layers

that's a bad example, as it isn't cutting out the layers, they hypervisor's virtual switch operates at level 4 (transport), and since the nodes are actually on the same machine, there is never a need to drop to level 3 (network). This is just ISO-OSI as it was originally envisioned - can you do what you need to do at this layer? "Yes - go do it" or "No - call a lower layer".

Dixons and Carphone Warehouse confirm £3.7bn merger

Tom 38

Re: Boring Name

House of Dix, surely.

GCHQ's 'NOSEY SMURF' spyware snoops dragged into secretive tribunal

Tom 38

Re: It'll be found to be legal if...

Please, the UK is hardly a repressed populace held together at gun point and forced to toe the line - mainly things don't change because mainly people don't give a fuck.

Conversely, it doesn't really matter how much you or I care, since that is irrelevant to the overall proportions. I can be miffed a little about it, or I can be raging about it, but the attitudes of society in general wouldn't change.

no-one who ever fought for their freedom (and won) were apathetic.

Definitely true, but it doesn't cover when 1% of the country really really really want to stop the 1% running the show, manage to do so, and become the new 1%. People don't just fight for freedom, they fight for control when they have none. The first control they want is "freedom", but "power" comes soon after.

Linux distros fix kernel terminal root-hole bug

Tom 38
FAIL

Re: Definition of "local"

It would appear that "local" doesn't just include someone sitting in front of the screen, but rather anyone who can gain shell access remotely, if this C code is anything to go by.

A local user is someone who has unprivileged access to run code on a computer. A remote user is someone who has access to provide inputs to a program running on that computer.

This isn't new.

Archos ArcBook: An Android netbook for a measly hundred-and-seventy clams

Tom 38

Does it run rockbox though, that's the big question?

Microsoft's Azure cloud goes a bit wobbly in West Europe

Tom 38

Re: Huh?

I thought these wonderful cloud systems were supposed to be highly reliable?

No, they are supposed to be cheaper in capex.

Everyone's comments here are proof that it is possible to build a reliable service on top of an unreliable service, TCP being a reliable service that is implemented over IP, an unreliable service. The idea of clouds is that lower capex costs allow you to dynamically scale your loads, allowing you to provide a reliable service to your users that is built on commodity cloud servers that may be unreliable.

Not seen one done right so far though, and if you are in business long enough, the benefit of lower capex is quickly extinguished by the massive increase in opex.

Tom 38
Stop

It's good to know that The Register is following the highest standards of journalism possible, as practised by the BBC, viz that it is not news unless you can find two arbitrary people complaining about it on Twitter.

Fuck yeah! Digital engagement!

Silicon Valley bod in no-hire pact lawsuit urges court to reject his own lawyers' settlement

Tom 38
Joke

The tentative settlement, if it stands, amounts to big profits for plaintiffs’ counsel, insulation from real liability for the defendants and locks in a significant net loss for the class

Aha, so he does understand how American law is supposed to work.

Hey, does your Smart TV have a mic? Enjoy your surveillance, bro

Tom 38

just don't plug it into the internet?

Increasingly, smart TVs are equipped with built-in wifi, so inaction is not a solution.

Are they also magically hacking said wifi to determine PSK and auto connecting to it? No?

Not a problem then, and inaction would be a perfect solution.

If GCHQ want to listen to you through your TV (and they don't, it's usually MI5 or the police, but no matter), they have MI5 watch your house until you leave, they break in and install a listening device in your TV - just like they did with Ahmed Ali's flat in 2006.

They don't wait until you buy a new Sony, ring up Sony and say "hey, its Bill from MI5 here, gissus a code to connect to the wifi on yous teles".

$3.2bn Apple deal would make hip-hop mogul Dr Dre a BEEELLLIONAIRE

Tom 38

Nothing sold as a "gaming headset" is ever going to sound as good as high-quality studio/monitor headphones from Sennheiser, Beyerdynamic, AKG etc., even if it is better than the Beats rubbish.

And nothing sold as a studio/monitor headset is going to have a microphone.

Sennheiser gaming cans sound great, have closed backs, chunky indestructible mic booms. They aren't as crisp or clean as Sennheiser studio cans, deliberately.

Frankly I've used "super audiophile" monitor headsets that just sound crap and tinny to me Different people like different things.

IBM chip boffins mix phase-change-flash cocktail: Voila! SUPER fast memory card

Tom 38

10^6 times

Or as everyone else says, a million times, which doesn't sound that great.

A first-world problem solved: Panoramic selfies, thanks to Huawei's Ascend P7

Tom 38

Re: Truisms Spoken Aloud

IIRC Hyundai had what amounted to a "name pronunciation awareness advertising" campaign in Australia at one point to address this issue

Hyundai actually use different pronunciation in different countries - in the US it is "hoon day", in the UK it is "hi-yun-die' - the former is how Koreans pronounce it, the latter is how everyone in the UK says it.

'Bladdered' Utah couple cuffed in church lawn sex outrage

Tom 38

Re: Mormons?

Pfft, it's easy to sneer TheVogon, but how else would you go about reading reformed Egyptian for goodness sake!

Virgin Media sales are a bit flat under the Cable Cowboy's reign

Tom 38
Joke

Re: Nothing to do with the quality of their customer service?

they are all separate companies, Virgin Media is as far from Virgin Money as Sainsbury's is from Harrods

About 50 metres?

BT fibre 'availability checker' looks into FAR-OFF FUTURE. Again

Tom 38

Re: Same here

Meanwhile I go to visit Romania often, where in Bucharest you can get 100/100 for €7 or so per month and 1Gbit/1Gbit for only slightly more!

I have Gbit/Gbit in London, it's a lot more than €7/month :)

BT's suite of fibre products are distinctly uninspiring - even on FTTH installations, there is 1Gbit/s coming in to the openreach modem (actually, 1.2+Gbit), at which point it splits it off in to 4 virtual 300Mbit connections, so that you can have a separate BT subscription for each room in your house....

Worse than that, it's fibre, but for some reason that still means an asymmetric connection - 300Mbit down, 20Mbit up. DSL and coax cable by necessity require asymmetric connections - bandwidth is fixed, the asymmetry determines how much is allocated to uploads and how much to downloads - but with fibre there is absolutely no need as there is equal bandwidth in both directions.

BT would prefer that people who buy it's broadband continue to only use it to consume mass media.

I'm sure many people reading this would say "20Mbit up? Where do I sign", but it really is a disservice and stops you doing things like more easily using remote services like dropbox - 20Mbit upload means a maximum remote disk write speed of about 2MB/s, 300Mbit would be more like 25MB/s, and my 1Gbit varies between around 50MB/s and 70MB/s, which is good enough to treat cloud storage like a local disk.

Atom, GitHub's code editor based on web tech, goes open source

Tom 38

How long before the fork that removes the google analytics from your text editor?

Tom 38

So it's a desktop/cmd-line application using HTML5/JS?

Yes - not sure on the HTML, but it uses CSS, so probably.

Presumably they are also planning an actual web version... because that would actually be more useful to me?

Does everyone usually plan to do what is useful to you? Wish I could be you.

And no. This is a standalone application, not a web application. It's written in JS instead of C - that is as webby as it gets (actually it has a .io domain, webby+=1, and when you use the program it constantly sends analytics to google, webby+=100000).

RBS Group hopes £750m IT shakeup splurge will prevent next bank mainframe meltdown

Tom 38

Remind me again

How much money they saved off-shoring permies and slashing contractor rates (and hence contractor headcount)?

PEAK APPLE: Mystery upstart to hurl iLord from its throne 'by 2020'

Tom 38

What is a VC

To understand Fred Wilson's viewpoint, you have to understand who he is and what he does.

He is a Venture Capitalist. His job is to have money, and give it to the people who tell him things that he thinks are true. Right now, he's been sold on the idea of "cloud" and "big data", and he's given a bunch of money to people doing "cloudy" "big data" things, who have convinced him that what Apple are doing is no good for making money.

In fact, he's really convinced - he's put a wodge of his money (well ok, mostly other people's money, probably some of his own) in to this. Once you put $10m behind something, you're definitely singing from the same choir book.

Personally, I think that he is sort of on the right track - *startups* will find it very difficult to do what Apple are doing, concentrating on hardware, but Apple itself should have no problems - apart from the very very successful and profitable hardware division, they have enough cash to re-tool as they see fit and seem quite capable of identifying and exploiting new markets.

Tesco to tout its own smartphone – now THAT'S an unexpected item in the bagging area

Tom 38

Re: Far too creepy Tesco

I have a MyWaitrose card, but I only use it to get the free paper and tea each day.

Oh, and I do also shop at Waitrose - not all the time, I'm not rich - I just don't present my 'please track me' card.

Denmark dynamited by cunning American Minecraft vandals

Tom 38
Thumb Up

"We are very happy to see that so many players around the world is creating fancy nice things and have fun," Hammeken said.

More people in government like this please.

Snapchat updates fap-snap sharing app ... now with more Chat

Tom 38

23-year-old CEO, Evan Spiegel, has reportedly turned down acquisition offers worth as much as $4bn

I really hope, for his sake, he doesn't feel like a chump when he's 35.

You've heard of the internet, right? Well this here might just be the INTERCLOUD

Tom 38

the customer can immediately slurp data out of Provider A via a dedicated connection, shuttle it through the owned servers, then spurt it up into Provider B.

Most cloud providers go out of their way to dissuade you from doing this. For instance, Amazon won't charge you to load data in to their cloud storage, but there is a fee when you pull it out.

I also take umbrage at 'immediately'. You can immediately start the process, but it can take days or weeks to transfer a large dataset from one DC to another, even if they are yards apart and have great fat wads of fibre connecting them.

Sony on the ropes after revising losses UP to $1.3 BEEELLION

Tom 38

Re: It's not my birthday today! @Gene Cash

a company that's in trouble, who, over the years have provided a fair few innovations, in many areas of both consumer and professional electronics. The Walkman and the first CD player, immediately spring to mind.

Followed shortly by the rootkit-on-a-cd and inept security leading to the loss of 77 million unencrypted account details?

I don't get the gloating over the misery of others, but there is some irony to say they've provided a fair few technological innovations, when the two that come to mind happened in the 70s and 80s....

Behold! World's smallest 3D-printer pen Lix artists into shape – literally

Tom 38

Is it me?

The final photo shows a cup and saucer set and a beaker that have been made by this "game changing" device - I might be wrong, but there seem to be lots of holes in all of them that may violate some of the functional requirements of their intended form.

Chinese iWatchers: Apple's WRISTPUTERS ALREADY in production

Tom 38

Re: You will need

It's called humour.

Allegedly

Brain surgery? Would sir care for a CHOC-ICE with that?

Tom 38

Re: A very informative headline.

Please read the lyrics to Adam Ant's 'Prince Charming'. You may say 'DOH!' when you note the pop culture reference that you missed.

Adam Ant hasn't been "pop" culture for several decades I'm afraid.