* Posts by Cynic_999

2855 publicly visible posts • joined 15 Aug 2013

Somebody's Russian to meddle with UK coronavirus vaccine efforts, but GCHQ won't take it lying down

Cynic_999

Re: Still confused about the 90%

That's the difference between our testing and the Russian testing. IIUC the Russians *do* deliberately infect the trial group, and so get more accurate results more quickly. That would be illegal in the Western World, so we have to rely on statistical evidence, which needs far larger trial groups and is less accurate.

Cynic_999

Re: Still confused about the 90%

"

No you don't, because if you had looked at excess deaths this year compared with other years it'd have been pretty clear that however you want to count them there are a lot more.

"

Counting "excess deaths" does not tell you a great deal, because it includes those who died as a result of the reaction to covid rather than covid itself. e.g. fatal heart attacks that would have been treated sucessfully had the victim not been dissuaded from going to doctor/hospital due to lockdown. People dying as a result of postponed treatments and tests for cancer and other conditions. However covid has almost certainly cause a great number of deaths.

But there will also be many deaths in the years to come, long after covid, due to poverty-related conditions resulting from the severe slump in the economy & job losses. The situation is thus far from being as clear-cut as many believe. There is a huge tradeoff between "more deaths now" vs "more deaths in the coming decade". The difference being that the immediate deaths from covid will be mainly elderly people with serious illnesses, while future deaths will include a large proportion of children & younger adults.

Cynic_999

Infantile

So effectively Russia is saying, "Your vaccine is rubbish!"

And the UK is responding, "Shut your mouth, it's your vaccine that's rubbish!"

Then both chant, "Nah na na nah nah - my daddy's bigger than your daddy so there!"

Not sure that's what our tax money should be paying our security services for.

Zoom strong-armed by US watchdog to beef up security after boasting of end-to-end encryption that didn't exist

Cynic_999

Re: "So which video services actually do offer true end-to-end encryption"

"

And what issues verifies that a key can be trusted? Who controls that?

"

All keys are generated ONLY by the computer of the person sending the data. Nobody else is involved at all. So the only person you need to trust is the person you are communicating with. I detailed one possible way of achieving this in an earlier post.

Cynic_999

Re: End-to-end?

No! If data is decrypted in the middle, it is DEFINITELY NOT end-to-end encryption - even if the middle re-encrypts the data before sending it on.

I don't care how five-eyes may have redifined the term, that's not the way E2E encryption works. I can however see why they want to pretend that it is - because that way they can intercept the data at the server while fooling the plebs that they have secure comms.

With true E2E encryption you do not need to trust the server at all - a MITM attack is simply not possible.

Cynic_999

Re: End-to-end?

Note that only the encryption must be end-to-end, *not* the path of the communication. The data itself can pass through (and be distributed by) intermediate servers, so long as those servers are only forwarding the data "blind" and cannot themselves decrypt the video.

In other words only the destination end point(s) has the means to decrypt the data that was encrypted by the origin end point.

Cynic_999

Here's how it could work for limited upload bandwidth users ...

First each participant generates its own public-private key pair, and sends its public key to all the other participants. Next each participant generates its own, random symetrical encryption key (e.g. AES), and sends that key to all the other participants, each encrypted with their respective public keys. Each participant will thus receive the PK-encrypted encryption keys of all other participants which they can decrypt using their respective private keys and store internally. Note all these communications can go via a public server, because the server cannot decrypt any key as it does not have any of the private keys.

After that initial handshaking, the video streaming can take place, with the outgoing video encrypted with the AES key of the participant sending the video. It can be securely sent & distributed via the public server because the server cannot decrypt any of the streams. Each incoming video stream (relayed/distributed via the server) can be decrypted by each participant using the stored key of the participant from which stream originated. Thus Tx bandwidth is just a single video stream which is then distributed by the server - but the Rx bandwidth is that of all streams from the other participants.

To be more secure, AES keys can be changed at regular intervals and all participants updated with the new keys using PK encryption as before.

It's very easy to implement, (easier in fact than SSL), and I don't understand why Zoom did not do this from the start.

Cynic_999

Re: End-to-end?

Not sure why "StrangerHereMyself" was down-voted. What he says is 100% correct.

Bad software crashed Boeings. Now it appears the company lacked a singular software supremo

Cynic_999

Re: Interesting spin

The reason that the pilots of some airlines were not trained on that system was because *Boeing did not tell them it existed* If the aircraft does something totally unexpected that you have no idea what is causing it, then no pilot will know what to do.

Cynic_999

ISTM that the type approval would be no more than needed for the engine re-positioning. Not sure whether pilots would have to be re-certified for a slightly longer undercarriage - but it would not require major retraining if all flight characteristics remained the same. In fact it would make a tail-strike less likely and so give greater latitude during takeoff rotation and landing flare.

Cynic_999

"

The root of the issue was they they fitted the 737 airframe with new engines the cowls of which were basically too large and really mandated a complete redesign of the airframe.

"

Not sure whether a " complete redesign of the airframe" would have been necessary. Could probably have managed with a redesign of the undercarriage (& retraction mechanism) to give it more ground clearance.

UK's 'minimum viable product' for Brexit transit software will not be ready until December, leaving no time for testing

Cynic_999
Joke

I saw this and thought I'd share ...

It's the year 2120. The UK government sends an MP to Brussels to request an extension of something called "Article 50" Nobody knows how this annual tradition started, but the ritual takes place every January.

India, UK strike tech co-operation pact and plot deeper links once Brexit's done

Cynic_999

Re: Escape India

Indians do not *want* to work in UAE. It's just that it is often the only viable way to prevent a life of abject poverty and give their children a reasonable future.

Cynic_999

Re: Doh!

I would certainly emigrate to India in a heartbeat if I could continue to earn my current UK salary. I could live like a king while enjoying superior weather (apart from monsoon season - which even then may be very wet, but is also warm).

Cynic_999

Re: Doh!

"

That's what the Indian government will request from the UK - a ton more visas.

"

Why on Earth would the Indian government want its skilled workers emigrating to the UK? Do you similarly believe that the UK government will be asking for more British people to be given US work permits in its trade negotiations with the USA?

Cynic_999

Re: Doh!

"

I also suspect many more Indian IT workers will be headed to the UK.

"

I'm not sure for how much longer the UK will be seen as a more desirable place to live than an upmarket suburb in an Indian province. The advantages of living in the UK are rapidly becoming more that of perception than real. The UK is certainly not desirable because of its weather or friendly, welcoming people. Nor its superior job opportunities. A lower salary in another country does not matter if the cost of living in that country is corespondingly low - in fact you can have a very good overall standard of living in many countries (including India) on far less income than you would need in order to achieve the same standard in the UK.

Suspended sentence for bank IT worker who broke into his boss's webcam because he didn't get a payrise

Cynic_999

Re: I agree it seems like very light punishment

"

It's possible, I agree, but bullshitting about his past can only work for so long before biting him in the backside. The truth is out there for anyone curious enough to look.

"

If he has changed his name and moved to a different town/city, it's not that easy to find out about his past even with the mighty power of Google. Especially these days when you can easily invent a perfectly plausible employment history that has all your previous employment in companies that are no longer in business.

Cynic_999

Re: I agree it seems like very light punishment

Quite correct. The only sentences that are virtually the same as a "not guilty" verdict are absolute and conditional discharges. If either of those sentences are imposed, it is not regarded as a conviction for the purpose of any future legal proceedings. Judges will sometimes impose such sentences if they believe that although the defendent is technically guilty of the offence (so cannot be found "not guilty"), the prosecution was unjustified in the circumstances ... e.g. a motorist who safely went through a red light in order to clear the way for an ambulance on an emergency call.

Trump H-1B visa crackdown hit with legal double whammy: Tech giants, Chamber of Commerce challenge rules

Cynic_999

NASA

It's all very well to say that companies should hire from the domestic pool rather than wooing foreign talent, but where would the USA space program be today had it not been permitted to bring in foreign expertise (from e.g. Germany). Hiring the most talented or experienced regardless of nationality will always be the best way forward for a company.

You can't spell 'electronics' without 'elect': The time for online democracy has come

Cynic_999

As said, I have never once been asked for proof of ID in any UK election (and I've voted in many). So long as the name I give appears on their list (taken from the electrol roll), I am handed a voting slip. I cannot see how it would be legal to demand ID before allowing a person to vote, seeing that ID cards are not (yet) mandatory in the UK.

Cynic_999

England. I just go to the voting station with the white card sent to my address, they cross my name out on their list of people on the electrol roll for that district, and hand me a voting slip. If I did not have the white card they would just ask me for my name (which it specifically states on the card). I have never had to produce any ID at all when voting for a UK election.

Cynic_999

"

The thing with Modex isn't the security issue. It's that you don't need anybody's permission to use a ten pound note, you need the card issuer's permission to use a card.

"

Totally and completely incorrect. The Mondex card was generic and not issued to any individual. It was effectively a wallet, and could legitimately be used by anyone, not only the person who it was originally issued to, (ultimately the plan was to have them freely for sale just like wallets). It worked standalone and did not communicate with any bank or financial institution. Unlike a debit or credit card, the money was contained in the card's memory. You could have as many cards as you wanted just as you can have as many wallets as you want. How much money you put in each was up to you. Put £5 in the card you give to your 8 year old for their lunch money, or put £300 in the card you intend to take to the supermarket to do a week's shopping. Lose the card and, like losing a wallet, you lose the money. If the card is stolen you cannot cancel it or get the money back from a bank any more than you can cancel a £20 note that is stolen. It did however have the facility to lock it with a PIN, which made it less desirable to a thief.

Cynic_999

Re: You. Are. An. Idiot.

In one Hollywood film, the ballot box was swapped while en-route to the counting place, and an identical box full of bogus voting slips substituted. Just bribe (or blackmail) the driver& crew transporting the box ...

Count those bogus slips as many times as you like, overseen by the whole World.

Cynic_999

Re: Online Identity Authentication

Why should any more ID be necessary to register on an online voting database and cast a vote via computer than is required to be placed on the existing electoral roll and cast a vote at a polling station?

Cynic_999

Security

I am quite certain that if a banking system can be made secure enough to support 100's of electronic transactions per account holder per month while keeping fraud to within acceptable limits, that a voting system can be made secure enough to support 1 vote per electrol roll entry every 5 years to within an acceptable level of fraud. Given that there is far more incentive for most people to get money they are not entitled to than there is to cast a vote that they are not entitled to cast.

Cynic_999

Absolutely ZERO ID is required to cast a paper vote. So long as I am certain that a particular person is not intending to vote, I can walk into their polling station, tell the person at the desk that I am that person, and cast a vote in their name with almost zero chance of it being detected.

It always amazes me that people always demand that a computer system be 100% secure even when the system it is replacing is full of holes. It was the same when Mondex was proposed to replace cash. Many rejected it as being insecure - while ignoring the fact that while it was not 100% secure, it was far more secure (and convenient) than carrying cash notes in a wallet.

Cynic_999

Re: Bought votes?

Easy to see that with hindsight. But if you were the party willing to buy an election, how would you know *beforehand* how many votes you would need to buy, and who from to ensure victory? And for that very uncertain outcome you would face the very real and very high risk of going to prison should just one person you tried to bribe tell the authorities.

Cynic_999

Re: Bought votes?

That's just not true. If anyone is bribed to vote in a certain way at a polling booth, then you can be 100% sure that they have got some way to ensure that the bribed person has done what they were paid to do. The usual way is to have someone in the polling station that they have to show their completed voting slip to immediately before folding and putting in the ballot box. In fact, when it is suspected that there may be widespread bribery or intimidation of voters, the monitoring authority will look for signs of such "checkers".

But in a Western country it would not be possible to bribe voters in sufficient numbers to make any significant difference whether online voting or not. The individual bribes would have to be large, and there would be bound to be quite a few people who tell the authorities that they were offered a bribe.

Intimidation would be a bit easier with online voting. Not in a widespread way, but by a single member of a household dictation how the other members of the household voted. I'm not convinced that it would be prevelent enough to alter the outcome.

You only live twice: Once to start the installation, and the other time to finish it off

Cynic_999

Re: Sadly, no international jet-settng for me

"

Probability of being in a serious car accident is MUCH lower than probability of contracting COVID by being in a confined space with a bunch of other people for a couple hours.

"

Not sure about that being a fact (I recently read that the aircon system on an aircraft lowers the risk of infection considerably), but my main point was about the probable consequences of the two, which for the vast majority of people will be a *lot* worse for a road accident.

Cynic_999

Re: Sadly, no international jet-settng for me

There are no government regulations or laws to say that internal flights require any ID at all. However the *airport* may require ID before allowing you airside, and individual carriers can make whatever rules they like.

Just as there are no laws that you need to have a passport to *leave* the UK. But if you are refused entry at the destination, the carrier that brought you there must take you back at no charge, so it is in the carrier's interest to ensure that you are not likely to be refused entry. Which is why any required visas are also checked before you get a boarding pass.

Cynic_999

Re: Sadly, no international jet-settng for me

You would much prefer to be crushed in a road accident than infected with coronavirus (from which you will probably make a complete recovery from in a couple of weeks)?

Cynic_999

Re: Not just in exotic places

Sherlock & Watson were on a camping holiday. Sherlock woke Watson in the middle of the night and asked, "Watson, what do you observe?"

Watson groggily awoke, looked around and said, "I observe the stars and the Moon".

"And what do you deduce from that observation?" Holmes persisted.

Watson sighed, and said, "I deduce that it is a clear night. The Moon is in its 3rd cycle, the constellation Scorpio is ascendent. What do you deduce, Holmes?"

Sherlock replied, "Watson, I deduce that someone has stolen our fucking tent!"

Cynic_999

Re: Not just in exotic places

There have been many thefts of RAM sticks from office PCs that really has gone unnoticed.

Cynic_999

I thought everyone who has any dealing with explosives knows not to take anything that may have had the slightest contact with an explosive on a flight because it's highly likely it will be flagged by security - and to have a good shower beforehand as well. I think most farmers know to do the same wrt any handling of fertilizer.

Cynic_999

Re: car key or Dutch House Key!

As it was the 1970's, it's a good job you didn't have a copy of the book "Black Beauty". Which was banned in South Africa for quite some time until someone actually read it and discovered it was just about a horse. Many things were banned at that time - such as Simon & Garfunkle's, "Bridge Over Troubled Water" Which I would never have known was a reference to drug-taking unless the South African censorship board had helpfully pointed it out. (Apparently the 'silver bird' is a hypodermic needle).

Why, yes, you can register an XSS attack as a UK company name. How do we know that? Someone actually did it

Cynic_999

How long before ...

Someone uses different coloured bricks to permanently put a 2D barcode on the side of a building, thus triggering 100's of smartphones into opening a web site when anyone takes a photo that has the building in the background.

Cynic_999

Re: Reminds me of Mr. Bastards.

A woman in a prestigious family owned a racehorse called "Fanny"

I recall a radio anouncement - "We apologise for an earlier announcement in our racing summary when we stated that Lady Argyle's "Fanny" had been scratched. That was incorrect. We have since learned that Lady Argyle's "Fanny" had not been entered.

Researchers made an OpenAI GPT-3 medical chatbot as an experiment. It told a mock patient to kill themselves

Cynic_999

GIGO

"

Trained on 570GB of text scraped from the internet

"

They have obviously not heard of "Garbage In, Garbage Out"

Oculus owners told not only to get Facebook accounts, purchases will be wiped if they ever leave social network

Cynic_999

Vey few people have enough time or money to take a lawsuit against Facebook to its conclusion.

Cynic_999

Re: How to piss off potential customers 101

Except it is pretty much impossible to open a separate Facebook account. Unless you go to extraordinary lengths, Facebook algorithms eventually figure out they are controlled by the same person and link them.

How the tables have turned: Bloke says he trained facial recognition algorithm to identify police officers

Cynic_999

Re: Portland

"

Yes, you are very correct, throughout history we would simply kill other people when they did us wrong.

"

The first police force in UK was created in 1837. Almost the entre industrial revolution, with all the progress made during that time took place before then. As for killing other people - we have done so to a far greater extent since the formation of the police than we ever did so before. It's just that governments do it rather than private citizens - although I think that your idea of how life was prior to the police is far more violent than was in fact the case.

Cynic_999

Re: Portland

The reason policing is not by consent is that the police has become an unelected arm of government, used to enforce government policies (laws) rather than only keeping society safe.

Cynic_999

Re: Portland

The police started off as a private force - essentially organised "neighbourhood watch" groups. The police had a uniform but no special powers. The government could not tolerate such a thing and so had to bring it under government control, which is how it has remained. There is absolutely no way that any government these days would consider not having absolute control over the police, though ancilliary services can and have been privatised (e.g. forensic services, office management etc.).

Honey, I shrunk the battery: Something's gotta give as iPhone 12's logic board swells to accommodate 5G chippery

Cynic_999

Re: Why not...

I remember a time when the *only* thing you could use a phone for was to talk to people ...

Cynic_999

Re: Why not...

You can easily solve the problem by pulling a car battery around on a trolly. This will last many weeks between charges.

Cynic_999

Re: Just curious

"

Woah! Stop and smell the roses some time - life is so much more.

"

I did not say that it wasn't. It's is something I consider if and when I am deciding which phone to buy. It does not imply that having a phone is a particularly important aspect of my life.

Did Arthur C. Clarke call it right? Water spotted in Moon's sunlit Clavius crater by NASA telescope

Cynic_999

Why would a Moon base need to get water locally?

Water is a substance that can be fully recycled in a closed system. This would be a lot easier than getting it from trace amounts in the soil. There would inevitably be some loss, but this could surely be kept small enough to be made up by fairly infrequent resupplies from Earth. ISTM that it would be far more difficult to obtain sufficient food and oxygen to support a largely self-sustaining colony, though some form of farm might provide both if it was practical to grow suitable plants (perhaps vats of algae) on a large enough scale.

Cynic_999

Re: A question for an industrial chemist

Why do you think there would be brine a few hundred meters below the suface of the Moon?

Cynic_999

Re: Sunlit side?

But the quote was,

"

“We had indications that H2O – the familiar water we know – might be present on the sunlit side of the Moon,” said Paul Hertz, director of NASA’s Astrophysics Division in the Science Mission Directorate.

"

You might argue that a reference to "dark side" means the "unexplored side." But this reference is to "sunlit side". There is no permanent "sunlit side" - and no easy way to explain such a statement except to conclude that Paul Hertz's understanding of astrophysics is below high-school level.

A cautionary tale of virtual floppies and all too real credentials

Cynic_999

Test environment?

In my company, developers do not have any access whatsoever to any live servers or databases (apart from the server used by the development department itself of course). All new code gets put onto a test server first. Only after the technical director himself has done a final test of the code on the test server does he, personally, put it onto the live server(s). If someone trashes data on the the test server, a new test server is simply cloned from the relevant live server (although sensitive databases will be replaced with dummy databases).

I would have thought that a bank would have a similar process.