* Posts by Adam 1

2545 publicly visible posts • joined 7 May 2012

So you've 'seen' the black hole. Now for the interesting bit – how all that raw data was stored

Adam 1

Re: The usual exaggeration

> This would be like trying to find a needle in a haystack, in the dark, with a laser for a flashlight.

So you're saying there's a chance?

What bugs me the most? World+dog just accepts crap software resilience

Adam 1

Another take on this problem was pointed out by "uncle Bob" in a lecture I saw but am now too lazy to find the link.

The number of people that you would loosely define as "computer programmers" has roughly doubled every five years since the 1960's. Or to put it in a more frightening way. About half the code warriors involved in every piece of software you might buy today have less than 5 years experience. Many haven't yet been burned by the shortcuts they think they can get away with, and many in that bracket aren't yet at the levels where they can push back against the PHBs demanding dangerous processes (or more usually lack thereof)

Chap joins elite support team, solves what no one else can. Is he invited back? Is he f**k

Adam 1

And at the risk of defending the indefensible, also don't forget to take notice about the KPI structure such employees are working under. Do they need to close X tickets per day? Do they need to maintain an awaiting investigating queue below Y? Does the employee who closes the most tickets get singled out for either praise or even a bonus? Does the employee who takes the longest suffer poor performance reviews or have to sit with some stuffed toy sloth on their desk that week?

If any of these or like minded hare brained schemes are in place, anticipate, no actually expect employees to play their own games to protect their own wellbeing. So if you come along with one of those "it's annoyingly slow but still technically working" style tickets, expect the incentives to influence the behaviour. Having an efficient payroll department isn't only never directly incentivised but also in this case would almost certainly hurt their measured KPI.

If manager types spent more time reflecting on KPI side effects and less on other reports, they would objectively run a better operation. Of course, managers have their own KPIs which they're themselves playing their own games, so it's turtles all the way down.

Meet games-streaming Stadia, yet another thing Google will axe in two years

Adam 1

alas, latency

I have no doubt that they can throw down 4K at a pretty impressive frame rate using what we used to call powerful servers with lots of GPUs in a data center, but now must call cloud.

The real question for most gaming is how long it takes for a player action to be noticed by the game, and for this you are likely north of 5-10ms because physics.

Q&A: Crypto-guru Bruce Schneier on teaching tech to lawmakers, plus privacy failures – and a call to techies to act

Adam 1

Re: Willful Clueless

The second group churns through the advice from as many as required of the first group until they get advice that, when held at a distance and eyes squinting in just the right way, can form a set of words that doesn't entirely rule out the position already held by the second.

Adam 1

Re: Pro Bono? TINSTAAFL

> This is how we end up picking someone with a second class BA degree in geography to run the country

I refuse to believe that our honourable reps have any concept of geography, let alone tertiary training.

Uber won't face criminal charges after its robo-car killed woman crossing street

Adam 1

Re: Humans

A human who was also tasked with capturing information about the vehicle's performance on a device as it drove. If they had her in the car solely as "your job is to monitor the decisions being made by the car and intervene if necessary", your comment would be reasonable. But her job required her to also be a data entry clerk. As such, it was perfectly foreseeable that her attention would from time to time be averted. If the car cannot operate safely workout a human supervisor, then they were negligent in not having a human supervising it at all times.

Don't mean to alarm you, but Boeing has built an unmanned fighter jet called 'Loyal Wingman'

Adam 1

Re: So how is this any different?

WARNING, THE FOLLOWING LINKS HAVE IMAGES DEPICTING THE AFTERMATH OF A DROP BEAR ATTACK:

* Article

* Photo (NSFW)

Drone technology is being pushed down under because it is just too risky to hold these beasts in a cage with a living pilot in the same aircraft.

Adam 1

Re: So how is this any different?

This one has cages to launch drop bears over the enemy.

It all hinges on this: Huawei goes after Samsung with its own foldable hybrid Mate X

Adam 1

Re: If you think that this device is expensive

Just don't fold it wrong.

Password managers may leave your online crown jewels 'exposed in RAM' to malware – but hey, they're still better than the alternative

Adam 1

Re: Security software 101

> You keep it at least hashed

A hash is a cryptographic one way function. Knowing the hash, it is mathematically impossible to recovery the original string without brute forcing all possible strings and looking for one that gives the same hashed value. Being able to vomit back the original password into a password box is kinda a big thing for a password manager.

> or XOR-ed with some other binary

So where do you put that binary so the attacker can't do the same? Why don't you just put the passwords there instead.

Also, what would happen if you xor'd the obfuscated passwords together with other obfuscated passwords from that same secret binary? What can you learn about the key? What if you discover just one of those passwords in a paste bin dump then xor the obfuscated password with the known one? Oh look, secret binary in clear. Now we can read any others too.

Fun isn't it?

Even something as "simple" as clearing the secret out of memory is much harder than you might think. Depending on the runtime involved, you be relying on a garbage collector to actually overwrite the memory and you control over that process is limited. And that's before you consider whether it might be in the CPU caches which might as recent vulnerabilities show, be an oracle.

Secret mic in Nest gear wasn't supposed to be a secret, says Google, we just forgot to tell anyone

Adam 1

Re: TL:DR version

In fairness, they were upfront in admitting it had a speaker. They never actually made a claim about where the energy to move the speaker coil was going to come from.

No yoke: 'Bored' Aussie test pilot passes time in the cockpit by drawing massive knobs in the air

Adam 1

> the pilot also drew what the Aussie publication described with unfamiliar restraint as "some intriguing, somewhat phallic symbols"

Just wait until NT News picks it up.

/Popcorn time

You know the drill: SAP has asked Joe Public to name Munich arena so go forth and be very silly

Adam 1

Footy McFistFace

Or if this is a shameless branding exercise

Sapatron

Court sees Morissette Meter flip out as Oracle assumes anti-arbitration stance in pay dispute

Adam 1

Re: title

It's like RAAAAAIIINNN .....

LG folds at prospect of launching bendy phone while Samsung flaunts its upcoming kit on telly

Adam 1

You're folding it wrong.

Australian prime minister blames 'state level' baddies for Oz parliament breach

Adam 1

Re: Personally I hoping

But B33tr00ter passed the complexity rules.

Adam 1

Come on guys. It's unhealthy to hold a grudge forever. It was one delivery 38 years ago.

Hold horror stories: Chief, we've got a f*cking idiot on line 1. Oh, you heard all that

Adam 1

Re: Careful of what you write

And next Monday, that time when that mate of a mate put the *cough* technical notes into the customer notes field by mistake.

Wow, fancy that. Web ad giant Google to block ad-blockers in Chrome. For safety, apparently

Adam 1

Re: Firefox forever (except at work)

I should add, there at least used to be a Firefox and Chrome extension that could open up specific sites using a tab with embedded IE (IETab or something like that). That was really useful at the time. I'd be surprised if it or something similar isn't still available.

Adam 1

Re: Firefox forever (except at work)

Intranet isn't really where you normally need to worry about web nasties. So you can use ie or whatever for your work sites and FF for outside stuff.

Stage fright or Stage light? Depends how far you dare to open your MacBook Pro's lid

Adam 1

Re: Rinse and repeat

I believe the accountants know the game and to be frank, are playing it brilliantly.

Through a couple of decades, hardware advances themselves justified a new shiny every couple of years. Experientially faster, better screens, new gimmicks. But for most consumer workloads, tell me what a 2014 spec'd i7 couldn't do if you swapped out its HDD and put an SSD in when compared to a modern machine at a similar price point? There's only so much compute power needed to run office 365. This literally freaks out these companies (no need to single out Apple) as their business model relies on repeat customers. It is an existential threat to their profitability. Of course, if you can engineer the parts so that they'll definitely last 3 years, but after 5 it needs to be facing west when you power it on, they can strut out someone to say "that old thing, wow, haven't seen that model in ages*, you need a new shiny, I'm afraid warranty blah blah" without destroying their reputation. It is no accident that more and more components are glued in place.

*at least a three days ago

Holy crappuccino. There's a latte trouble brewing... Bio-boffins reckon 60%+ of coffee species may be doomed

Adam 1

Re: Temperature?

> if Starbucks et al have proved anything, it's that coffee drinkers will pay more for coffee.

If Starbucks has proven anything, it is that Americans will drink anything lukewarm and full of sugar and caffeine.

Are you sure your disc drive has stopped rotating, or are you just ignoring the messages?

Adam 1

I'm not even sure that half the developers read the prompts they are adding

Encountered a prompt in a piece of software along the lines

Confirmation

This will cancel the operation? Please confirm.

[Ok][Cancel]

But I won't name and shame the large Washington based software behemoth.

Computing boffins strip the fun out of satirical headlines

Adam 1

algorithm is actually pretty easy for headlines

bool IsHumourous(string headline)

{

return Soundex(headline)==Soundex('Supercalifragilisticexpialadocious');

}

Reg Standards Bureau introduces the Devon fatberg as coastal town menaced by oily blob

Adam 1

Fosters

... just kidding. We only export that to you lot because we don't drink it. Mainly because it tastes like s*!?*

I'm just not sure the computer works here – the energy is all wrong

Adam 1

Re: Ah, the carefree days of yore

Drives a Jeep.... Don't judge too quickly. Those jump leads might come in handy. (Although a tow strap is another gift idea)

Happy new year, readers. Yes, we have threaded comments, an image-lite mode, and more...

Adam 1

Re: Width

> The point varies by breakpoint: 40th child on 884px+ wide devices

So what you're saying is that 40 child threads should be enough for anyone...

Is Google purposefully breaking Microsoft, Apple browsers on its websites? Some insiders are confident it is

Adam 1

Re: Brittle software?

Comments are not included in a compiled binary.

A few reasons why cops didn't immediately shoot down London Gatwick airport drone menace

Adam 1

Re: Got it.

Or maybe they could mandate the use of Logitech harmony APIs.

Adam 1

Re: Blockchain

Blockchain!? Maybe DevOps

Adam 1

Re: Other options...

I think you'd need one of the bigger supersoakers rather than the original one. Like this.

German cybersecurity chief: Anyone have any evidence of Huawei naughtiness?

Adam 1

it's like RAAAAAIIINNN ....

... except actually ironic.

One of the following statements explains why Huawei is banned from the Australian 5G networks. The other is part of the Assistance And Access Bill 2018 written by the same collection of muppets. To hold both positions simultaneously is an incredible feat of intellectual contortion. To holda straight face expousing it is nothing short of incredible.

"the government considers that the involvement of vendors who are likely to be subject to extrajudicial directions from a foreign government that conflict with Australian law, may risk failure by the carrier to adequately protect a 5G network from unauthorised access or interference."

"a notice may require a provider to facilitate access to information prior to or after an encryption method is employed"

Brazil bested by hackers, Virgin plugs hub bugs, and France surrenders… records

Adam 1

Re: "while the apps themselves are secure"

Unfortunately, they also collect your outgoing messages courtesy of your keyboard app, and display outputs courtesy of your video drivers. But I'm totally confident that these parts of the operating system and apps don't have debug modes that log to disk.

If most punters are unlikely to pay more for 5G, why all the rush?

Adam 1

Re: Well, if they can secure it, then it's okay, I guess

@DougS, this remains at least technically possible even if you don't buy a new shiny. Your current handset will be vomiting out your IMEI regularly, which the operator could intercept on their microcells to gain your location with much higher precision.

Godmother of word processing Evelyn Berezin dies at 93

Adam 1

little known fact

This word processor had the ribbon a long time before Microsoft.

Ah, my coat, thanks.

Adam 1

Re: Redactron

And like many government efforts, it achieves the redactions by gluing a black square over the top of specific words, names or phrases.

Supernovae may explain mass extinctions of marine animals 2.6 million years ago

Adam 1

I guess it's possible

But I think to confirm for sure, they should really be checking the fossil records for evidence of the superpowers that these sharks developed.

Waymo presents ChauffeurNet, a neural net designed to copy human driving

Adam 1

> Self-driving cars won’t learn to drive well if they only copy human behaviour, according to Waymo

I hope it didn't take a PhD for someone there to figure that out. Meatsacks too often drive without reference to prevailing conditions, without anticipating what other meatsacks might be about to do, without a good night's sleep, with screaming kids in the back, paying attention to the radio/GPS/SMS/air conditioning knobs rather than the task at hand, with their seating position and mirrors just wrong, with boredom and wandering minds, without indicating, at inconsistent speeds, in the wrong lanes, towing too much for the rating of the vehicle, without maintaining their vehicles properly, often trained by other incompetent meatsacks who propagate the same bad habits.

As good as a human driver most definitely should not be considered the high watermark.

Official: Voyager 2 is now an interstellar spacecraft

Adam 1

Some time 6-7 billion years ago

God: 14,959,790,000,000 Km ought to be enough for anybody.

Wow, what a lovely early Christmas present for Australians: A crypto-busting super-snoop law passes just in time

Adam 1

> no, they are going to outlaw CO₂ thus solving Global Warming once and for all

You know, I'm doubtful that they'd get such a proposal through their party room .... You'd need to convince them that CO2 was bad first.

Adam 1

Re: "Ship! Come back!"

WhatsApp is a closed source app that implements an open source protocol (signal).

If they add the capability to generate a new group key-pair whenever requested by the server without authorisation within the app, then a systemic weakness had just been included that anyone who manages to pwn WhatsApp servers can now exploit.

You might as well just let the server manage the session keys.

And if you have ever run a Java decompiler (I have but for the record, not on WhatsApp or any other application for which I did not have permission to do so), you would struggle to hide "if (request.Guid==magicGuid) return true;" inside the method responsible for collecting user's consent. The bad guys would have that line NO-OPd within minutes of it being discovered, or they will just move onto whatever other app that implements the signal protocol but is based in whoknowswhere.

Adam 1

Re: "Ship! Come back!"

They can update the app, but egress traffic from each participant cannot be avoided without fundamentally changing the protocol.

And I'm not sure what you mean by ignore the keys. These are public keys of each participant for the new participant that allow them to decrypt the messages you send and allow you to decrypt messages that they are trying to send you. Ignore them, and they cannot understand you or vice versa.

Adam 1

Re: "Ship! Come back!"

@Mark, the signal protocol used by WhatsApp requires each participant to push their group key to the new user. Whilst Signal/WhatsApp can BCC all comms to 5eyes, they are not in possession of the encryption keys used by the group conversation. If they tried to push an invite out to 5eyes, then each device could notice that the administrator has pushed an invitation to a new member.

Without weakening the security by adding a vulnerability to permit the servers to manage the session key, they cannot comply. They must either weaken security for all or refuse to comply.

Thanks very much Labor for supporting the laws of fairy math. I had held hope that you had understood what the experts were all, without exception, telling you. History will judge you poorly for supporting such a dangerous law.

College PRIMOS prankster wreaks havoc with sysadmin manuals

Adam 1

Re: Value added installer

I once had to handle a complaint about system responsiveness. The client application had to wait for a bunch of data from the server, but given that the penny pinchers had, er, purchased network kit and internet connections that one could make a case were more suited to a small household than a business, occasionally these responses would time-out/retry or just take absurdly long to complete.

For reasons that largely boil down to historic cries of "just push it out, we promised it two weeks ago" from the PHB, the calls themselves locked up the UI thread which as anyone with an ounce of foresight can see was going to make the application appear unresponsive.

I couldn't magic up better performance given the data required and network conditions, but it's amazing how the complaint disappeared as soon as I included an animated gif progress bar and demonstrated how much faster the new version was.

Adam 1

Printer test page, missed a trick there

[Company Logo]

Memo

Directive to all service staff - Beer O'clock Super Special Tuesday

From this Tuesday afternoon, we will be commencing our new Super Tuesday initiative. We value our regular patrons, so whenever an order is placed for a craft beer, the first one is on the house.

Cheers

Management

Pencil manufacturers rejoice: Oz government doesn't like e-voting

Adam 1

> Who uses a pencil to cast their vote? Use a pen!!!! You can't rub out a pen.

If you are planning to subvert an election by changing the votes, do you:

(A) Open up the ballot box, pull out an eraser, carefully rub off all the marks, then renumber them according to your evil plans; or

(B) Print out new ballot forms and then number them according to your evil plans;

(In both cases you need to figure out how to stuff those faked ballots into the box).

Adam 1

As someone who strongly advocated against the government's mathematically illiterate magic fairy unbreakable but yet somehow still possible to assist in breaking when receiving a magical signed order, can I express relief that at least on this proposal they managed to see what a stupid idea it is.

Warning: Malware, rogue users can spy on some apps' HTTPS crypto – by whipping them with a CAT o' nine TLS

Adam 1

Re: It's time to start over

I saw a lecture by "Uncle Bob" once, and he made an interesting observation about the rate of growth of programmers. Broadly speaking, since about the '60s, the number of programmers has doubled every 5 years. Or another way to word that is that half the monkeys bashing keyboards today have had less than 5 years experience in the profession. I personally think that this explains quite a lot.

Fresh releases of TypeScript and Visual Studio 2017 for Mac round out November

Adam 1

Re: Er, so this TypeScript is not a language

> Er, so this TypeScript is not a language just a C-stylee preprocessor ?

Only in the sense that c# is an MSIL preprocessor, or that c is an assembler preprocessor.

It is perhaps more helpful to think of JavaScript the way that you think about MSIL; a set of instructions that the runtime can execute.

The example of the + meaning between string concatenation and addition depending on data is right but on its own really doesn't explain the problem in a significant enough way to get why you'd bother. It becomes a lot more helpful when you can't accidentally pass a complex model in error and allows intellisence to better guess what you're trying to pass. It's the benefits that any typed language provides.