nav search
Data Center Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by Adam 1

2324 posts • joined 7 May 2012

Microsoft tries cutting the Ribbon in Office UI upgrade

Adam 1
Silver badge

Re: Come back Clippy

Ahem

13
2

Intel chip flaw: Math unit may spill crypto secrets to apps – modern Linux, Windows, BSDs immune

Adam 1
Silver badge

Re: Homomorphic encryption only option

Homomorphic encryption only* allowed for operations to be performed on encrypted data. You still must encrypt it at time of input and decrypt it when you want to use those results, so whilst the attack surface would be reduced**, it is not eliminated. Something, somewhere is going to need to do some math on the key, at which point, whatever facts that can be inferred from these registers come into play.

*this is still pretty mind blowing

** and no doubt increased in other areas

9
0

Tech rookie put decimal point in wrong place, cost insurer zillions

Adam 1
Silver badge

>> indexing by the numeric column ID is measurably faster

> If you only need a few columns but SELECT * then you're losing performance in the amount of surplus data you're cramming into the pipeline from the database.

Not to mention what happens under the hood if one of those columns in * is a blob of some form. The expression is "penny wise, pound foolish". Obviously a field index directly converts to a memory address offset so will be faster than an abstraction like a field name, but even that abstraction will likely use some sort of hash lookup internally or otherwise cache on first access, so you can bet your bottom dollar that the difference in almost any real world scenario is too small to reliably measure.

There are occasions to use column numbering, such as computing a row total at runtime for an arbitrary number of columns, but if you're in a position where you need to eek a bit more performance out of your system, there will almost certainly be lower hanging fruit to pick which carries much less risk and gives an order of magnitude benefit over this.

That doesn't even get into the find references to field X in table Y type problems which comes up in the real world quite a lot.

1
0
Adam 1
Silver badge

> "SELECT *" - Screams with pain.

It's one of those things that is nearly always a bad idea. There are some use cases for it where you cannot know the columns available until runtime, but for the most part, it is the result of some code snippet they found in SO.

But the same thing can also occur without selecting * if you think two BAL methods consuming the same DAL method, and one of those BAL methods now needs an additional fact. BAL method one is making an inappropriate assumption about a promise that the DAL never made, and the author of BAL method two failed to consider the effect of their change on others, but the real blame in my eyes is that the author of BAL method one didn't write a test case against the DAL method that would fail if the order was changed (in effect escalating those field orders to a promise). Had they done this, the second author would have had their commit rejected until they either stopped changing the sequence of these columns or adjusted the other methods accordingly.

Type safety can help, but only if the two types aren't otherwise assignable. But it isn't going to save you if you expect an int and the new column is also an int. Some modern languages are even using duck typing, so may not even "break" at runtime. Imagine accidentally selecting an int into a float field or something of that nature. You might get a number, just not the one you need to give the correct output.

2
0
Adam 1
Silver badge

> Presumably this wasn't an RDBMS

I can't see how you came to that assumption. SELECT * will include all columns that get added in the future. Many also have the misguided understanding that addressing a field by name is more expensive than by number. One of those premature optimisation consequences.

You can do this sort of nonsense with MS SQL, Oracle, postgres, mysql, and pretty much anything that would term itself as a rdbms and paired with any modern languages like c#, Java, .....

The thing that you can definitely conclude is that pretty much any test case coverage (even manual) would have prevented it from being released.

11
0

Oddly enough, when a Tesla accelerates at a barrier, someone dies: Autopilot report lands

Adam 1
Silver badge

Re: Not an "autopilot"

Let me follow your logic. The person of your concern has a medical condition that prevents them from driving. They have enough money to live on their own rather than share, but not enough money to move somewhere closer to their employment and their employment is such that they cannot easily find a job that is more conveniently located. And the way you suggest that they may make this work is to buy a US$75,000 car which has a feature that can drive by itself up until the moment it can't.

Yeah, no. Self driving cars will be an amazing source of freedom to many people with medical conditions, elderly, disabled, even people under the influence of alcohol or other drugs. This certainly should not be understated as a benefit, but the problem is where certain people who should know better imply the technology is more advanced than it is, then run for the hills when it isn't.

I want to see manufacturers put their money where their mouth is before they are allowed to imply the car has an autopilot or similar technology. If they paid you out a million dollars if your car was at fault in an accident whilst self driving, and 10 million if that accident resulted in a permanent injury for anyone involved, and 100 million to the family of anyone killed, you might find that companies such as this are a lot more restrained when making these claims.

What worries me here isn't the failure of some sensor, but that we see a company not acknowledging that the design of their system (even down to its name) incorrectly encourages people to trust it beyond its capabilities. That is a design flaw. It needs to be rectified. Maybe it needs to pull itself over and stop if the driver isn't paying attention. When a plane crashes, Boeing or Airbus don't sit back and say well pilot/ground crew screwed up here, case closed. No, they figure out why their safety processes and systems didn't fire or were ignored, and implement changes in both instructions, design and training programs to make it less likely. I'm seeing none of that here. It's entirely about saving their reputation. Until that culture changes, I don't want these things on my roads.

18
0

nbn™ CEO didn't mean to offend gamers, just brand them unwelcome bandwidth-hogs

Adam 1
Silver badge

Re: toing the party line

> *In their mind, only teenagers play Conley games.

That'd be computer games. Freaking autocarrot.

0
0
Adam 1
Silver badge

Re: toing the party line

> So if we had fibre all the way into the home, network concurrency and latency would not be a problem right?

Wireless will, by laws of physics, have concurrency limitations that a long shard of glass internally reflecting a laser beam will not suffer. The only way to avoid it is to build more masts, send up more birds, or free up new frequencies.

Tbh, the anti FTTN mob (where can I sign up) accept the inevitability of concurrency limitations on the wireless parts of the nbn. The congestion we complain about is on the nodes themselves, requiring the total scrapping of the Optus infrastructure that they paid a metric ton of cash for, as well as massive overbuild of the Telstra's cable to get somewhat acceptable speeds in 2018, but with no cheap future upgrade path.

Even mentioning gamers is frankly ridiculous. Games are very bandwidth efficient. They need good latency but the payload itself tends to be small. It's not like they're sending 4K streams to each other during gameplay. The big culprits are things like YouTube, Netflix, Spotify, torrents, etc. But I can well imagine the politics of "it's just a bunch of whining teenagers*" is an easier sell than "we choose technologies that cannot be cheaply scaled as data demands have gone up". I mean who could forsee that selling gigantic 4K internet connected televisions to everyone would result in everyone wanting to download online content.

*In their mind, only teenagers play Conley games.

2
0

Four hydrogen + eight caesium clocks = one almost-proven Einstein theory

Adam 1
Silver badge

Re: This is why science rocks

> I find tap water much better when diluted.

I find it best when diluted with sufficient quantities of real medicine.

1
0

Telegram users get their stickers back as Apple passes update

Adam 1
Silver badge

How's that non-crypto Blockchain going?

4
0

Smart bulbs turn dumb: Lights out for Philips as Hue API goes dark

Adam 1
Silver badge

Wait! If you're telling me that they have a laser pointer attachment, I'll become an IoT evangelist.

4
0

HostingUK drops offline after losing Farmer vs Fibre competition

Adam 1
Silver badge

Re: Single Points of Failure

Have you been living under a rock? It is 2018. You can't even convince some people not to consider their data to be stored until it has been written to some spinning rust or SSD. Because webscale.

0
0

Mirror mirror on sea wall, spot those airships, make Kaiser bawl

Adam 1
Silver badge

Re: Precision

I have a bigger problem than the rounding. Metres? Feet? I mean, what is wrong with saying about 41 linguini?

3
0
Adam 1
Silver badge

I hear what you did there

4
0

Telegram crypto-chat chap says Apple has 'restricted' its app updates worldwide

Adam 1
Silver badge

Re: Apple have never really played ball...

> If sending a flag to the exchange server is enough to get you e-mails that you shouldn't get, then the security on the exchange server is absolutely broken

Not at all. Exchange is implementing security via the RFC3514 flag.

0
0

Capture your late-night handbrake turns with this 'autonomous' car-chasing camera drone

Adam 1
Silver badge

Re: Stalker's wet dream

> Alexa? Tell drone to follow <insert name of famous person>'s car

Alright, which one of you smarty pants was discussing flooring options with your better half?

1
0

A Reg-reading techie, a high street bank, some iffy production code – and a financial crash

Adam 1
Silver badge

Re: Or...

> Will someone please tell me why I am wrong to say that no-one using a modern language (of a higher level than Assembler or C) needs to explicitly code a loop to sum [attributes of] the elements in an array?

Not a downvoter but ...

I have seen LINQ used in some pretty bad ways. Here are a couple.

Developer not realising that their method was O(n^2). They simply forgot that behind those magic select or first or find methods is a loop.

Another developer didn't realise that a .Any(a => a == 5) on a Hashset may yield the same result as .Contains(5), but the former is O(n) and the latter O(1).

In other cases, a loop which iterates some collection and conditionally yields another object with properties based on the initial collection item can end up with such a convoluted expression that the minute it would have taken any half competent developer to follow the intent now takes 10 minutes to unpack, and even then you're wondering if you missed something subtle.

Another issue is with debugging it can be hard to set breakpoints when your line may represent hundreds of function calls.

Note I never said you should never use them. Just remember that most of the time it doesn't matter if your class is 5 lines longer or 150ns slower, but it does matter if your code becomes difficult to read. Use them, but with appropriate discretion.

4
0
Adam 1
Silver badge

Re: Testing

Always wondered what that last outsourced mob got up to after we, er, parted ways.

2
0

Internet engineers tear into United Nations' plan to move us all to IPv6

Adam 1
Silver badge

Re: Mapping plan

> I hope that IPv7 or IPv8 routers

At the risk of having a Bill Gates moment, what on earth do you think we'll be doing in the future to need such an immense address space.

Perspective time. The surface area of earth is roughly 5.1 x 10^8 km2

IPv6 gives 2^128 addresses (ignoring reserved ranges for the minute). That's a big number*.

That results in 667,220,330,000,000,000,000,000 ipv6 addresses per square metre on this planet. How much IoT tat do you need?

*Citation needed

16
3

US judge won't budge over Facebook's last-minute bid to 'derail' facial biometrics trial

Adam 1
Silver badge

interesting angle

What counts as biometrics in this case? Is a photo or collection of photos of a known person considered to be holding biometric data? If so, then this net captures a lot of other businesses and indeed people.

Or does there have to be a conversion on those images to a series of measurements of ratios and angles between features before it is considered a biometric template. If so, does this mean that there are certain algorithms that are not permissible to run on a photo. Would smile and blink detection algorithms fall foul of such definitions.

Don't get me wrong, I'm hardly the person who would stick up for a massive advertising, tracking, manipulative company, but I have much bigger concerns about how they use such data to link people with other people in shadow profiles.

4
0

Russia to Apple: Kill Telegram crypto-chat – or the App Store gets it

Adam 1
Silver badge

Re: Meanwhile, over in the UK ...

Wow that's a bad way to do things. Down here, the powers that be are planning on simply usurping the commendable laws of mathematics with our local laws.

18
0

Waiting for 100 Mbps NBN on wireless? Errr, umm, sorry about that

Adam 1
Silver badge

Re: They got 100Mbps wireless in Iceland (country)

Re size of Australia, if the bottom of Tasmania is in Egypt, Perth is somewhere in Spain, Darwin somewhere up in Sweden, and Brisbane in Turkey. It has a cattle farm that is bigger than Israel (see Anna Creek).

All with the population of California.

But we don't each get our own mountain range. Rather, that population is largely collected in a few cities in the south and east with almost nothing in the middle (except big spiders and drop bears obviously). Serving remote communities with infrastructure of any sort is not without challenges, but nbns problem has always been political. The current mob needed a 'the previous mob are clueless wasters of money angle', a classic case study of not invented here syndrome. History won't look kindly on what the current mob have done to the project.

0
0

Epyc fail? We can defeat AMD's virtual machine encryption, say boffins

Adam 1
Silver badge

Re: National Security Boundaries

Really!? I must have missed Google ceding to New Zealand law and suppressing that name.

What does Apple maps call the spratly islands? How is China with that call? What about the Philippines or Vietnam?

How very quaint of you to think that these companies structure their legal entities and technical responsibilities such that those outposts have no capability to comply with demands made by those companies.

Let's not even get into whether China accepts your right to publish certain political commentary, or whether YouTube should depict women driving cars as prohibited in some backwaters from which a lot of your oil comes from.

If AWS has a bunch of bit barns across western Europe that become illegal to use for servicing European citizens due to GDPR or something, they will have no choice but to sell the bricks and mortar to some European company who isn't subject to American law. This was my very first point.

0
0
Adam 1
Silver badge

Re: Complete security is a MYTH there is ALWAYS the human element to bugger up the works.

> If a "rogue host-level administrator" is in charge of your network then you have bigger problems.

So where does an AWS or Azure sit in your threat model here?

If it helps, imagine there is a country out there, let's call this place Murika, which believes that it's laws apply to all other countries. Let's call these other mysterious places Notmerika, and let's pretend that they have their own governments, laws and legal frameworks. Notmerika has certain laws that governs the treatment of data of its citizens and companies. These laws restrict what data an organisation may collect and with whom it may be shared, including how law enforcement can, through legal mechanisms like subpoenas, force the organisation to hand over data.

If the host can access the guest's memory in a decrypted state, then it becomes practically certain that they will be subpoenaed by a Murikan court to produce contents from the guest which would otherwise have required the appropriate paperwork be passed to the Notmerikian authorities.

Two classes of people should care about this:

1. Murikan's who hope to sell their cloud services in Notmerika; and

2. Notmerikians who went to run services for other Notmerikians whilst complying with Notmerikian law.

4
1

Remember that $5,000 you spent on Tesla's Autopilot and then sued when it didn't deliver? We have good news...

Adam 1
Silver badge

Re: If you are contracted….

For any Aussies caught up with similar misrepresentations, you can thank your lucky stars that the Australian Consumer Guarantees explicitly cover motor vehicles unless bought at auction or from a private seller.

See here.

Specifically some pertinent quotes

"Products must also:

* match descriptions made by the salesperson, on packaging and labels, and in promotions or advertising

.....

* be fit for the purpose the business told you it would be fit for and for any purpose that you made known to the business before purchasing

....

* meet any extra promises made about performance, condition and quality, such as life time guarantees and money back offers"

That said, if I'm spending 6 figures on a car, I'm spending a few hundred in getting a lawyer to draft something which they'll find a little trickier to ignore.

2
0

US Senator Ron Wyden to Pentagon: Encrypt your websites

Adam 1
Silver badge

Re: Why is self-signed such a bad idea ?

> - To encrypt the connection to

> the endpoint.

> - To verify that the endpoint is

> the intended recipient.

> Self-signed combats the first

> but not the second.

A subtle point here that I suspect Lee understands but others may have missed.

The first point is more correctly stated as "To encrypt the connection to some endpoint". If you deliver your site over a self signed certificate, you cannot be sure that the self signed certificate presented to the browser is the one you sent. Here is the scenario in action.

1. Alice visits bob.com from Mallory's internet cafe.

2. Mallory intercepts the initial clienthello negotiation and sends a fake serverhello with a self signed bob.com certificate.

3. Simultaneously, Mallory does her own clienthello to the real* bob.com and negotiates everything from there.

4. When Mallory gets the response back from bob.com, she decrypts it with the negotiated session key between her and the real site, then re encrypts that stream with the session key she negotiated with Alice.

5. The process is reversed for sending any requests to the server.

Realise that neither Alice nor Bob see anything unusual in this interaction. Alice would be informed by a big red warning box in her browser that the certificate is untrusted. The problem in our scenario is that this is exactly the error she will see where communicating with bob.com without Mallory in the middle.

*A comment on real site in this context. Even Mallory could not know in this step whether another mitm exists between her and bob.com. It's turtles from there.

0
0

Uber robo-ride's deadly crash: Self-driving car had emergency braking switched off by design

Adam 1
Silver badge

If being aware of these things is the driver's job, then being a data entry clerk cannot be a simultaneous task. You can't expect a human to diligently perform both tasks at the same time. Human brains aren't wired that way.

20
0

You know that silly fear about Alexa recording everything and leaking it online? It just happened

Adam 1
Silver badge

Re: Great move Amazon

If they were smart, they refund + small payment (Amazon gift card) + NDA with penalty and this never happened.

5
0

Google listens to New Zealand just long enough to ignore it

Adam 1
Silver badge

Re: Another example...

> There is a New Zealant arm of Google, as well as an NZ-localised version of their site, so it's not unreasonable to expect that part of Google to comply with local laws. Saying they don't have the technical means to do it, when they do so for various European jurisdictions sounds ... wrong ..?

One wonders whether they may find compliance cooperation more forthcoming if that lovely

.co.nz domain disappeared.

3
1

Braking news: Tesla preps firmware fling to 'fix' Model 3's inability to stop in time

Adam 1
Silver badge

Re: "Tesla won’t stop until Model 3 has better braking"

Shirley that's boom crash!

Ah thanks, I was wondering where I'd left that coat.

1
0

Telstra's mobile networks go TOESUP* in national outage

Adam 1
Silver badge

Re: Lucky

Yes. Paying less per month now* line rental isn't a thing, but getting unlimited data, unlimited national calls and unlimited calls to mobiles.

Will look at NBN at some point. We have the box drilled onto the outside wall, but they still need big Mal to sidestep some laws of mathematics with the Telstra under-provisioned fraudband cable before they can shine some lightelectrons down it.

*Ok very marginally more if you add the VPN cost but I value my privacy, but no bill shock on bigger. months.

1
0
Adam 1
Silver badge

Re: Lucky

Works both ways. When I moved into my current place, they had a pensioner discount* applied on the plan. Did the right thing and called up their accounts. They said thanks, told me they'd fixed the issue, just pay the discounted amount and next month it'd be normal.

Next month, you'll never guess what happened.. so I called them again, explained again how they had applied it by mistake and asked for its removal. Sure thing, they said. The last phone monkey pressed the wrong button but it's all fixed now.

Next month, go on, take a guess. So I called, told then that this was the final time that I would call them, re explained that I don't want this on my account. Then explained that no, I am not trying to apply for a pensioner discount. Eventually they got it, told me about how the other phone monkeys must have missed the steps. Got a receipt number that time.

So next month, actually let's fast forward a bit. About 5 years later, they sent me a nasty letter demanding documentation proving I'm entitled to the discount in 30 days or else they would cut off my discount. Perfect.

So about a year later, I transferred my phone line to nakeddsl with "not Telstra", still receiving my discount every month.

*This is Telstra's idea of a discount, which means only 1.9x the competition instead of 2x

2
0

Biometrics: Better than your mother's maiden name. Good luck changing your body if your info is stolen

Adam 1
Silver badge

Re: US Verification

@allan, the salient point is that seemingly non identifying attributes in combination can build up a profile that is anything but anonymous. I'm not really sure why you bring up authentication or reasonable doubt testing. But I guess if somehow police knew your date of birth, gender and suburb but absolutely nothing else about you, they would only catch you 80% of the time.

0
0
Adam 1
Silver badge

Re: US Verification

Three facts: Date of birth + gender + post/zip code get a surprisingly unique profile. I don't have the figures on hand, but it is enough to uniquely fingerprint a single person in well north of 80% of occasions.

So you heard it here first. Want privacy, be an identical twin....

1
1

nbn™ isn’t fixing HFC, it’s ‘optimising’ it

Adam 1
Silver badge

@Julian, I think you'll find that the laws of mathematics don't apply here, so it's all good.

0
0

Off with e's head: E-cig explosion causes first vaping death

Adam 1
Silver badge

Off with e's head

His head fell off, you say?

Peter Madsen might have just got an idea for his next appeal.

2
2

Wah, encryption makes policing hard, cries UK's National Crime Agency

Adam 1
Silver badge

Re: Wut?

> Remember that time a crazy person went into that primary school with a copy of "FIPS PUB 197" and he encrypted all those poor children

And I would have got away with encrypting the whole school if not for that pesky kid Robert'); DROP TABLE Students;--

3
0

Microsoft programming chief to devs: Tell us where Windows hurt you

Adam 1
Silver badge

> To say that .NET is a shit copy of Java is a bit harsh..

More than a bit harsh. Can we interest you in a mutable datetime class? Whoever thought that was a good idea, I'll have whatever they were smoking.

XAML is a brilliant idea terribly executed. Over engineered to the point where the winforms folk scratch their head as to why it should take an hour to write the code to hide an element based on an enum with some value and'd with some other bool property. Your triggers end up just as long as war and peace, can't be easily unit tested, resulting in people (ab)using their viewmodels and having to add a gazillion notify property change events, or (ab)using multivalueconverter because the expression is much simpler and you can at least write test cases on the converter. If it transcompiled to html5 then it would be very strong, but it doesn't open up any web options, unless you count silverlight or xbap (er, just no)

But back to my point, it's a bit stupid to claim it as a poor copy. It was able to avoid some of the more stupid architectural traps Java found itself in and end up with things like lambdas much earlier. The async await stuff is also excellent.

2
1

HP Ink to compensate punters for bricking third-party ink cartridges

Adam 1
Silver badge

Re: Motherf***ers. I strongly doubt this is the only HP that has done this.

> More expensive than fine champagne. Tastes awful though.

You don't like champagne?

0
1

Blighty: If EU won't let us play at Galileo, we're going home and taking encryption tech with us

Adam 1
Silver badge

Re: Stupid Boy

> FFS most script kiddies could launch a working GPS system.

Totally true. Saw this on stackoverflow just this morning

I have written a GPS system. Here's my code.

#include <stdio.h>

int main()

{

printf("Hello, World!");

return 0;

}

I want to have sub metre accuracy in both longitude, latitude and elevation but I don't know where to start. I think I need generics.

5
0

AWS sends noise to Signal: You can't use our servers to beat censors

Adam 1
Silver badge

Re: Block of flats

> Anyone know why they can not just use https without sni?

There needs to be a way for the web server to resolve the intended domain of the HTTPS request so it knows which certificate to use.

Without SNI, your server needs to rely upon a unique IP address per hosted domain. IP4 addresses are a limited resource, making that a costly proposition.

I guess SAN certificates are another option, but then you get a list of unrelated sites (including potentially, er, questionable activity sites) listed on your certificate. Try explaining that to world+dog.

0
0

Failbreak: Bloke gets seven years in the clink for trying to hack his friend out of jail

Adam 1
Silver badge

Here phishy phishy phishy.

/Mine's the bright orange one, thanks

0
0

if dev == woman then dont_be(asshole): Stack Overflow tries again to be more friendly to non-male non-pasty coders

Adam 1
Silver badge

read his blog post last week

and I've got to say he nailed a few things. I can't really comment about hostility to women or people of colour (being neither myself). I haven't seen anything but that may be because the mods catch it early. But there is definitely a vigilante element where someone dares to ask two questions about a block of code. They get strung and quartered if they dare start a sentence with "what is the best practice for ....". They could have answered "The best practices in this area is heading into opinion territory. Rather, here is one way to achieve what you want that uses recognised design patterns XYZ."

I totally support the downvote of the code dump "My code has a problem" or the "insert literal quote from someone's homework with no effort of a solution". I totally support the XY response. I think people can be too aggressive on the duplicate flag, but support it in the right circumstances. I just don't get the idea of down voting something without you or someone else pointing out why the answer is wrong or dangerous or just a code dump without context.

At the end of the day, if there are people out there who don't contribute because of prevailing attitudes, then the answers aren't as good as they could potentially be. That doesn't mean that everyone is a snowflake. But it is possible to show respect to someone even when you think they are wrong. If you cannot articulate why there are dragons (or at least missed opportunities) on the suggested answer or comment that you disagree with, then that says more about you than the answer and you should defer to someone else to respond.

6
0

A developer always pays their technical debts – oh, every penny... but never a groat more

Adam 1
Silver badge

Re: if it works

He called it a measure, not a silver bullet to fix all debt. And on that basis I think his point is strong. Quite strong.

The sorts of organisations* that don't value unit testing** are highly correlated with the organisations that are too focused on the here and now to allocate time to resolving this technical debt.

It's understandable at one level because resolving technical debt is expensive. The only thing more expensive is to not resolve it and then attempt a fix/improvement. But don't expect the business to recognise that the week spent on fixing some deficiency here has saved them two weeks on other projects over the following 6 months.

*I speak of organisations because individual developers within those organisations may well be pushing the proverbial uphill trying to get the business onboard, but if they can't be convinced of the benefits of unit testing then they are likely to see any attempt at technical debt reduction as developers taking liberties with valuable company time.

** By value, I don't mean platitudes about their merits. I mean actually invest time into doing it, as well as investing in some sort of ci that runs them on every commit, as well as actually being prepared to rewrite code so badly coupled that unit testing is nigh impossible, as well as actually using the facts about whether an individual developer is consistently decreasing coverage as a KPI at their performance reviews.

0
1

Watchdog growls at Tesla for spilling death crash details: 'Autopilot on, hands off wheel'

Adam 1
Silver badge

Re: Don't be naive

@wally, I agree with 90% of your post, it's just the other 90% where we differ ;p

> Seriously, whoever is responsible for ensuring that a car hitting that barrier at the legal speed should not result in a death

Newton has a thing or two to say about such a possibility. Kinetic energy follows a square relationship to velocity.

ie. K = 0.5 * m * v2

What that means in practice is that a car doing 120km/hr must shed 4 times the energy it would have at 60 (or 16 times the energy of a 30km/hr crash).

At highway speeds, the barrier's main goal is to control the direction of the collision so you are less likely to be torpedoed into another vehicle (especially head on). With that much energy to absorb head on, the shear force of your brain mass hitting your skull is likely to be fatal, even if the barrier, crumple zones, air bags, pretensions, etc all perform perfectly. For perspective, EuroNCAP frontal test is at 64hm/hr. Take a look at one of the better performers in that test, then try and picture it without 4x the crash energy.

But I totally agree that replacing safety barriers after a collision must be a priority. I also share a big concern over why the sensors failed to detect the obstacle even if it got confused over the lane markings, or if it did see the obstacle, why it didn't appear to attempt to avoid it.

2
0
Adam 1
Silver badge

Re: Walter had complained to his Tesla dealer...

What are you stating, the obvious?

6
0

Microsoft Australia flicks switch on Protected Azure-for-Gov service

Adam 1
Silver badge

I guess it's

> They're only about a dozen kilometres apart, but on different floodplains and nicely close for networking and failover purposes.

lucky that Canberra isn't vulnerable to any other types of disaster.

1
0

Wanna work for El Reg? Developers needed for headline-writing AI bots

Adam 1
Silver badge

careful

This site has quite a proven track record of predicting the future.

A year ago, coincidentally to the day, there was an innovative suggestion about JavaScript crypto miners being delivered by a website rather than ads to annoy people. Now we have coinhive to deal with.

My best wishes to the successful applicant. May this be a memorable day for you.

31
0

World celebrates, cyber-snoops cry as TLS 1.3 internet crypto approved

Adam 1
Silver badge

The client then says which encryption system it plans to use for the weaker, session key – which allows data to be sent much faster because it doesn't have to be processed as much

That's a bit misleading. The session key allows data to be sent faster because it uses a symmetric cipher. That is AES these days, and this is computationally as simple as bit shifting and XORing.

Asymmetric encryption is usually done with an elliptic curve* variant of the Diffie Hellman algorithm. In ballpark terms, that costs about 5000x more CPU time for the same payload. The real question is why not just use symmetric encryption? Spoiler alert, symmetric encryption requires both parties to know the shared secret (session key). How are two parties to communicate this without "Eve" learning it too? By using the asymmetric encryption to send the session key, you, in general, get the throughput close to symmetric alone but without the problems around how to share that key without another party discovering it.

*There is nothing wrong with Elliptic curves, just don't use the parameters that NISTNSA were pushing.

4
0

The Register - Independent news and views for the tech community. Part of Situation Publishing