Posts by Cynic_999

Re: So... which VPN providers are actually legit and really don't log anything?

It would be stupid to run a VPN without any logging at all. How else could you identify the sources of the inevitable DOS and other malicious attacks? It would be almost as stupid as admitting that you log users.

Re: I have nothing to hide

There is absolutely nothing wrong with having "something to hide". And just about every adult, no matter how law-abiding, has almost certainly done many things in their life that they would not want everyone else to know about. Next time someone claims to have nothing to hide, just ask them to tell you intimate details of their sex life, including fantasies and any embarrasing incidents they suffered in their teens so you can post it on a public web site.

If having something to hide is regarded as undesirable or suspicious, bear in mind that governments want to hide far more things than most citizens.

"

... calling in local fire response services to point their pumps at substation transformers ...

"

Doesn't sound safe. One slightly misdirected stream hitting a connection on the HV side of the transformer could result in permanent damage to the hose operator.

Re: Anybody who knows anything about plumbing ...

"

... knows you don't plumb two water sources together. Ever.

"

Erm - AFAIAA most CH boilers in the UK have a means of temporarily coupling the CH circuit directly to the mains water supply in order to fill or top-up the CH system. In my recently installed boiler it is achieved by opening two ball-valves using a screwdriver. In my case I do so once or twice during Winter when the CH pressure falls below 0.8 bar (probably due to small leakages in the CH circuit). This is explicitly detailed in the instruction manual for the boiler - it is not an unapproved arrangent put in by a cowboy plumber.

The CH circuit has chemicals in it to prevent scaling and freezing, so we would definitely not want it to leak back into the mains water supply. AFAICS the only thing that prevents this from happening when both ball valves are open is the assumption that the mains water pressure will always be higher than the CH circuit pressure. While there might be a non-return valve somewhere inside the boiler to prevent flow from CH to mains (I don't know), a non-return valve (if it exists) would not negate the fact that the two water sources are plumbed together.

So I am not sure that your observation is correct.

Re: "Messi had been employed by Jackpotcomics Ltd"

It certainly sounds like the perfect name for most of the companies hired to do work for the government.

Re: Provocation

You think the UK military is in any better shape?

Re: To sadly turn this political

And the Spanish navy sail through Gibralter's territorial waters and we don't interfere ... Oh. Wait ...

Re: Diplomacy

Russia has never claimed that it fired shells *at* the warship. Russia claimed it fired *warning shots*.

Re: Interesting

Why holographic? I don't see that it requires a 3D view for this application, nor anything with high definition. A camera and LCD displays would be perfectly adequate in allowing the driver to see objects hidden behind the pillars. The camera being moveable by the driver to provide the correct field of view from the driver's position, the same way as rear-view mirrors are adjusted.

No need to give the illusion of looking through the pillars any more than the rear-view mirror gives an illusion of having eyes in the back of your head. Just somewhere to easily look that gives a view of objects usually obscured by the pillars.

Re: I remember a SciFi book about this.

Single molecule light receptors & emitters would not work. To be able to interact with light, the device must be bigger than the wavelength of light. It's why you need an electron microscope to see things smaller than a certain size. Things smaller than the wavelength of the light (or other EM radiation) being used just don't reflect (or obstruct) that light, so no amount of magnification will allow you to see it.

It's also why UV light is used to image ICs with small geometries. Visible light has a wavelength greater than the size of the features on the IC.

But you don't need a pixel size anything like as small as a molecule. So long as the field of view has at least as many pixels as the number of rods and cones in your retina, the granularity will not be detectable.

Yup, embedded software (firmware) does seem to be something that very few people are learning. Most educational courses concentrate on high-level programming. I speak as an embedded software/hardware engineer who typically writes assembler programs for systems where the CPU speed is measured in tens of MHz, and memory in kB, and yet must have functionality that is a tad more complex than a typical microwave oven or washing machine. We are a dying breed. Why use a custom PIC design when a complete Raspberry Pi is not a lot more expensive and can be programmed with a C application running on Linux?

One of the first common office networked computer systems I worked on was Wang. It used an 8 bit 8080 or Z80 running (IIRC) at 4MHz and 64K of RAM for both program & data. Perfectly adequate for 90% of the office tasks carried out these days on GHz PC's and GB of RAM. Productivity was probably a bit higher due to not having the distraction of Facebook & Youtube etc. (And El Reg come to that).

Re: Much cheaper.

"

Oh and BTW - what has WFH really got to do with it?

"

It is not feasible for anyone to do a daily commute between Croatia and England, so unless the person is WFH they would have to emigrate to the UK. Which means they would have the same cost of living as anyone else in the UK and would not be perfectly content on a salary that is low by UK standards. Thus no advantage in employing a foreign worker. Plus all the hassle of getting a residence visa, relocating family, living in a different culture etc. means that only a low percentage of foreign candidates would apply for the job anyway.

If all the UK employees are WFH, then it makes no difference to the company where those homes are geographically situated, so it makes sense to recruit from areas that have a low cost of living (and thus a lower salary demand).

Re: Old encryption is returning?

Look up "steganography" It is not returning, it has never disappeared.

Your example is not very good, because a message containing a word salad that makes no sense would be immediately suspected of having a hidden message.

The modern digital method is to encode conventionally encrypted data into the low bits of (say) audio or video data. The audio or video file still plays perfectly OK, with the low-bit changes just altering the slight random noise that is present in almost all audio or video files. IOW the low-order bits of most (decoded) audio or video data is *already* essentially random, so changing one random bit-pattern to a different seemingly random pattern is not detectable (without access to either the original unchanged audio or video or the decryption key for the encoded encrypted data). You cannot see or hear any difference in the audio/video of the carrier data, so nothing to flag it as containing steganographic data.

The downside is that it requires many times the data size of the hidden encrypted data - but as both storage and bandwidth become bigger and cheaper, this is becoming less of a disadvantage.

Re: Obvious solution

"

- Sure, you think, just post the key (or it's fingerprint) - except the mail gets intercepted.

"

The whole point of PK encryption is that it *doesn't matter* if the public key gets intercepted. In fact the normal method is to post your public key to a public forum that everyone can see, which prevents your key being substituted by someone else's public key. You can then check the public forum to ensure that your key has not been replaced by an impersonator.

Of course, no form of encryption guards against being duped by someone who is pretending *from the outset* to be a good guy but is in fact a criminal, or vice-versa.

Re: One Time Pads.

"

If someone can man in the middle all the conversations, he can substitute his own sets of keys during the initial exchange and man in the middle all the subsequent conversations. To really be sure, you would need to exchange keys in person with someone you can trust present who can vouch for the identity of each party.

"

The usual way to overcome that is to publish your public key on a public forum or a public repository. If someone manages to hack into that forum/repository and change the key, you will know as soon as you log onto that forum and see that the key you published has changed. Similarly, if someone were to publish a bogus key to the public platform in your name, you would see that fraudulent post. You can then shout long and loud in clear emails and messages that someone is trying to impersonate you.

In addition you can send your public key to the other party via several different routes. Public forums, email, social media etc. The other party can verify that they are all the same. The probability that an imposter will be able to intercept and change every copy you sent is as close to zero as makes no difference.

Re: Alternative steps

It most certainly has occured to the legislator - in fact it is the main reason for the legislation. Same reason that speed enforcement cameras in the UK must be conspicuous and have advance warning signs.

Re: There still remains......

I have no doubt that a 2.4MW charger is perfectly feasible. But supplying many such chargers with 2.4MW of electrical energy each is not feasible - not from the national grid anyway. Very few of our distribution transformers are big enough to cope with that sort of loading, even for a few minutes.

No, I said long ago that the only practical way to go is to have fast battery *swapping* rather than fast battery charging. Automatically measure the remaining charge in the battery being swapped out and the actual capacity of the charged battery, with the customer paying for the difference.

Then physically ship the discharged batteries from the filling stations to & from various specialist bulk battery charging locations that are close to a source of cheap power (e.g. hydro or nuclear) for charging during off-peak times. Charging time per battery then becomes unimportant, and no upscaling of the national grid is required. Keeping the power stations on full load 24/7 makes them more efficient.

Re: Loitering/multiple targets?

It would be very difficult for anyone to care less about collateral damage than American soldiers (or drones) on foreign soil.

Re: undeveloped Trusting trust

Not necessarily. The original can be intercepted & developed, and then a photo taken and the new undeveloped film substituted.

Re: It's all about timing

The sting would be exposed as soon as the court cases start. The prosecution have to provide not only the evidence of the criminal acts, but in many countries the basis on which they conducted the arrests. Where the basis for scores of arrests came from a single source, that source would inevitably have to be revealed.

Re: Just think and consider for a moment ...

"

Zero, it's not something you could buy, as the article says; it was supplied by criminals exclusively to other criminals.

"

Realistically, how likely is that to be true?

The only products that are sold exclusively to criminals are things that could *only* conceivably be used to commit a crime. And I would hope you agree that an encrypted messaging application is not one.

Assume you happen to know who developed the code - maybe you worked in the same company and heard about it via the office grapevine, or a fellow computer geek told you what they were working on when it was still in the conceptual stages. Then assume that someone offers you £100 million for that person's name.

"

If he stays away from that world, those people, and stays clean, he stands a much better chance. He presumably will be offered a new ID. It's not like these people are bound together by honesty - their lives are full of double crosses, betrayal, and physical attacks. They'll move on to other grudges.

"

The drug gangs have a *lot* of money. At least one person, and probably several people will know who the developer is even if they have a new identity - friends, family, police employees etc. Will they all resist the temptation of lottery-win amounts of cash in return for a name & address? Or, arguably worse, give the name of a completely innocent person.

To believe that all the criminals caught in such a high-profile operation will just shrug their shoulders and forgive and forget within a couple of months is, I fear, being a tad naive. Some of these people will not hestiate to kill someone just for not showing them enough "respect".

Not sure why the downvotes. There must be a lot of people very angry at the person who created the bogus app, and who will be offering a lot of money for their identity.

So if that person was sensible, they would indeed be very frightened by now.

Re: Trusting trust

And

3) The OTP must never be stolen or intercepted by the enemy.

Something that is not generally under the control of the people using it.

Which is why PK encryption is much better than OTP.