* Posts by Tom Wood

491 posts • joined 14 May 2008

Page:

New Euro-net will let you stream Snakes on a Plane on a *!#@ plane

Tom Wood

I'd much rather take a few hours off that I can spend at home the day before a long flight, knowing that I'll be able to get the work done while on the flight with nothing much better to do. There's not a lot you can do with your time on a long haul flight that is actually really relaxing, so might as well do work on the plane and relax at other times.

0
1
Tom Wood

I used American Airlines' inflight WiFi on a business flight from London to LA - I think they charged something like £15 and while it was by no means "superfast" the ability to spend a few hours of an otherwise long and boring flight working (sending emails, using VPN etc) was great and definitely worth paying for.

Only weird thing was that the service seemed to be tunnelled back to T-Mobile somewhere in Germany so you kept getting sent to German versions of websites.

0
0

UK.gov flings £400m at gold standard, ‘full-fibre' b*&%*%£$%. Yep. Broadband

Tom Wood

Re: 5, 6, 7, 8G...

There isn't (and can't be, due to limited frequency space) the capacity though. Certainly in an urban area, if all the data that flies about through cables was replaced with mobile you wouldn't be getting those good speeds...

8
0

EU €120m Wi-Fi spend explained, but not excused

Tom Wood

Ever read your own articles?

Read the first few paragraphs of this article and tell me what it's about.

"extending the reach of Wi-Fi" could mean anything, to me it sounds like some research to extend the range of a single access point.

But no, apparently it's to do with adding public Wi-Fi hotspots. Yet the word "hotspot" doesn't appear until paragraph 15.

6
0

Thanks, IoT vendors: your slack attitude will get regulators moving

Tom Wood

Time, cost, quality

As with most things, this is the classic trade-off.

Funnily enough industries such as aviation and nuclear spend a lot more money to find and fix bugs in their software than do people developing consumer grade software (desktop and mobile OSs, TVs, set top boxes etc). Consumers demand quickly-developed, latest and greatest software and it is neither possible nor necessary to deliver your mobile OS to the same standards of quality as you would the control software for a nuclear reactor. If you wanted your mobile phone to be as reliable as a warplane then (1) it would take decades to develop and (2) you wouldn't be able to afford it.

The same is true for other things, your house was not built to the same quality standards as the Channel Tunnel was because of the typical trade-off between time, cost and quality and the impact of failure. Software is no different.

And the IoT devices involved in this attack were bargain basement models made as quickly and cheaply as possible, therefore it comes as no surprise that the quality of their software is rock bottom (at least when it comes to security).

0
0

BT Yahoo! customers: Why! can't! we! grrr! delete! our! webmail! accounts!?

Tom Wood

EE, Plusnet: both owned by BT but for the time being at least operated independently, somewhat better

6
2

Virgin Media costs balloon by MEEELLIONS in wake of Brexit

Tom Wood

Re: They are a media company

Fibre cable, coax, headend equipment, ...

14
0

Colour us shocked: ISPs not that keen to sign up for Universal Service Obligation

Tom Wood

Upgrading to fibre is going to be one major way that customers will get a connection > 10 Mbps. Are you saying that if a customer has a 6 Mbps ASDL connection they can't be upgraded to a 50 Mbps FTTC connection until they and all of their neighbours has first been upgraded to a FTTC connection that has been throttled to exactly 10 Mbps?

3
1

Brexit Britain: HP Sauce vs BBC.co.uk – choices that defined voters

Tom Wood

BBC.com

is the version of the BBC website for those *outside* the UK. bbc.co.uk is for those inside. The former has adverts and the latter does not.

Try to access either from the wrong location and you will be redirected.

1
0

London's 'automatic' Tube trains suffered 750 computer failures last year

Tom Wood

Shows the challenge of creating self-driving cars

A railway is relatively self-contained, sure there are occasional junctions/points and the like but basically trains can go forwards or stop, and maybe occasionally reverse direction. It's rare to find people or other obstacles blocking the lines.

Not so a car on a road.

1
0

Milk IN the teapot: Innovation or abomination?

Tom Wood

Re: Never.

Actually, it scums up the coffee pot.

11
0

UK employers still reluctant to hire recent CompSci grads

Tom Wood

Re: I see nothing has changed

"Well I would say that someonee embarking on a CS degree should ALREADY know how to code......"

Well, that wasn't me. Sure I was "good with computers" at school, and learned a bit of HTML etc, and my A-level further maths included modules of discrete mathematics (algorithms and so on), but I didn't actually write my first "hello world" until I started my CS degree course in 2003. There were no programming courses at school, and nobody to encourage me to program.

I graduated with a 1st class MEng in 2007, and have done alright in software jobs since ;-)

I would imagine that most 17 year olds who think they know how to code, don't really. They may be able to hack together code from examples, but they probably don't understand the detail of *why* things are done the way they are (or better ways of doing things)

1
2
Tom Wood

Re: Interesting...

So maybe there really is a difference between "good" CS degrees and bad ones.

"A good way to test this is to give some example code that returns a pointer to a local variable and ask them to describe what can happen if you start to use that pointer."

We have a question based on exactly that problem in our interviews. Not only do I ask what happens if you use the pointer (it depends) but how they would locate such a bug in code that someone else had written.

It's not universally true, but of those with a few years experience, it seems that those without a CS background struggle more with questions such as this than those who studied CS, but that's just the impression I've got from the candidates I've interviewed.

1
0
Tom Wood

Re: unable to write a "for" loop in C/C++/Java

I can't remember the degree, but it was most likely computer science or something very similar (actually we've found at least a couple of unis have a course called Computer Games Programming which is actually basically Computer Science but made to sound sexier to 17 year olds who are applying for a degree).

Though, I'd still expect a Computing/IT graduate to be able to write a loop, maybe in Bash/Python/whatever scripting language they prefer but surely they're going to need to automate doing repetitive stuff at some point?!

2
1
Tom Wood

Re: unable to write a "for" loop in C/C++/Java

The guy who was completely unable to write a for loop was an extreme example, but the sort that sticks in your head. Sure, he'd probably done it before and I'm sure his uni software project must have contained many loops, but sat in front of a computer he couldn't remember the syntax. I can't remember whether he claimed to know C, C++ or Java but as the loop syntax is the same and we'd given him a choice of languages, the fact he couldn't do even this basic thing from memory was rather concerning. (It wasn't the only thing where he failed to show knowledge or understanding, however).

2
1
Tom Wood

Re: Interesting...

As someone who does interview both graduates and more experienced developers (and a comp sci grad myself), in an embedded software business, I'd say I most value someone who has learned the fundamentals of CS (algorithms, complexity, computer architecture, logic) and some software engineering (design, testing, OO, design patterns) and can evidence applying both through their project work. The "Android/IOS/Linux/Oracle/Windows 10/Azure/AWS" stuff I really don't care about, provided their project work shows they have applied some knowledge in some domain areas and can pick it up quickly. (Though understanding the basics of the Linux/POSIX style command line is a big plus).

One reason why I'm always wary of "experienced" programmers who were self-taught and came from a hardware or physics background for instance is that they can bash out code based on tutorials they've learned etc, but they don't really understand basics like what a pointer is or what the difference is between a list and a vector, for example. Which can lead to writing buggy software, or being unable to debug such issues in other people's code...

4
3
Tom Wood

Quality of graduates

We're a small/medium sized software consultancy (~60 or so employees in the UK). This year we advertised a vacancy for a software graduate. Many who applied who were either in the final year of their course or who had graduated with a Computer Science or similar degree failed our 10-question online multiple choice filter test. The test in question is open book and not time limited; the questions cover the basics of programming and CS theory, nothing complex; and our "pass" mark is only 6 out of 10. (Question 11 is "how many of the above answers did you look up online or ask for help with" - we wouldn't necessarily reject someone who looked up most of the answers, provided they got them all right!)

Of those who got to an interview (6 candidates if I remember correctly), none was up to standards (and our standards are not overly high for a graduate; we're talking basic failings like being unable to write a "for" loop in C/C++/Java). We left the graduate role unfilled this year. We do also take a "year in industry" student, who we interview about half way through their second year at uni, with the same questions and interview process, and universally the "year in industry" applicants were brighter and more capable than the graduate ones.

Which suggests that somehow we failed to attract the "good" graduates, and were left with a bunch who had somehow graduated or were on track to graduate in Computer Science but yet failed to understand the fundamentals of their chosen subject.

11
0

GOP delegates suckered into connecting to insecure Wi-Fi hotspots

Tom Wood

Re: Why? - Let's have some critical journalism

And actually, I don't need to control the DNS server, that just makes it easier. Since I can see and intercept all your traffic to my AP, I can look out for any initial non-HTTPS request and spoof a response, for example.

This also works with secure access points, if there is a common password I can get hold of (e.g. WPA2-PSK). If there's a hotel or pub that has a known WiFi password they provide to customers (maybe they stick it up behind the front desk/bar), for example, I could easily set up an AP using the same SSID and password and chances are at least some of the time (e.g. if your device has a stronger signal from my AP than from the hotel's) you will end up connecting to my network.

12
0
Tom Wood

Re: Why? - Let's have some critical journalism

Avast obviously weren't being malicious.

However.

Let's say I can convince you to connect to a WiFi access point (AP) I control.

Chances are you use the DHCP server in my AP to get an IP address *and DNS server address*.

So I configure my AP to point you at a DNS server I also control.

When you type www.facebook.com in the browser, I can deliver a DNS result that points you at a web server I also control, that provides a facebook lookalike login page.

You don't look close enough to notice that this particular connection to Facebook isn't redirected to HTTPS, you log in, I get your facebook password.

You can replace "facebook" for "most other secure websites", unless you've visited them before, and they use HTTP Strict Transport Security, and your browser supports it (Facebook actually do send HSTS headers, but many other secure sites, e.g. online banks, don't.

17
0

Hacker shows Reg how one leaked home address can lead to ruin

Tom Wood

"to open and close his bank accounts"

“I have enough information at this point to open and close his bank accounts, or do whatever I want,” he says.

Er, really? Sure, he knows a fair amount about his "victim", but that still shouldn't be enough to do anything particularly lucrative to a criminal.

Last time I tried to close a bank account, I had to go into the branch (even though it was an "online" savings account), and show the bank card of my linked current account, and sign a form. That was for a dormant account with no money in it - had I actually wanted to withdraw money and close the account I'd have needed the card's PIN and also possibly some other photo ID if the amount in question was large enough. To steal money with online banking, from the two banks I use, I'd need (1) knowledge of logins, passwords etc and (2a) access to my card and PIN or (2b) access to my phone, depending on the bank. The attacker described here doesn't have ANY of that info.

Maybe this speaks more to the lax security policies of American banks than anything else?

And being able to gain root access someone's web server (not really sure how that is related to "replicating" a web site) is entirely unrelated to learning anything about their home address, car registration etc, and more the fact they were running an old unpatched Linux distro.

34
1

London's contactless ticket payment system for sale in £15m deal

Tom Wood

Something's not right in the figures.

"TfL claims 65,000 journeys a day are being made using contactless with 500,000 million journeys made using contactless since its introduction."

If that "500,000 million" is right then at 65k journeys a day it would imply it's been running for 21 thousand years. If it's really only 500,000 journeys then it's only been running for just over a week?!

3
0

Brexit threatens Cornish pasty's racial purity

Tom Wood

Re: Swings and Roundabouts.

"The EU does not allow origin discrimination of that nature on goods, hence the need for the "protected origin" scheme and the roomfuls of bureaucrats to administer it."

[citation needed]

19
3

HR botches redundancy so chap scores year-long paid holiday

Tom Wood

January 1st?

When has anyone ever worked on New Years Day?

11
0

LinkedIn mass hack reveals ... yup, you're all still crap at passwords

Tom Wood

Re: Attitudes to risk

"ANY information they can glean from it can be used to reconstruct your identity, at least to the point they can employ social engineering to get more information and then eventually they have enough to compromise or steal your identity."

They *could*. But *would* they?

Your common-or-garden cybercriminal, much like your common-or-garden house burglar, will go for the easiest targets. They're after quick money not some convoluted identity theft.

In practice, my LinkedIn password is better than "password" or "12345678", but not as good as 12 truly random characters or whatever. Which is fine, as long as there are lots of people who have passwords worse than mine; just as my house isn't likely to get burgled as long as I have pretty good locks on the doors, and the guy down the street has crap ones.

2
0
Tom Wood

Attitudes to risk

I really don't want someone to get access to my bank account, or my email account, or root access to my servers, so I use secure passwords for them.

But LinkedIn, or for that matter some random forum such as this one, what's the worst that can happen if someone logs in as me?

The main risk if someone steals my login details from the likes of LinkedIn (or indeed this forum, which doesn't even use a HTTPS connection...) is if I use the same email and password combo for either this site and others, or for my email account, in which case they can get access to all the "forgotten password" emails and the like.

But if I don't, then what's the problem?

I have a better lock on the front door of my house than I do on my garden shed, for much the same reason. Get into the shed and at most you can steal some plant pots, potting compost, barbecue charcoal and a bit of garden furniture maybe.

9
1

Three UK: Our MMS prices are up. Get around us with WhatsApp or Skype

Tom Wood

Ryanair logic

Customer: "Why is X so expensive? Surely it doesn't cost you anywhere near that much to provide the service?"

Ryanair/Three: "Well, you don't have to use X."

It doesn't really answer the question, even if they are correct that you can generally avoid the charges by jumping through various hoops.

5
1

Bloaty banking app? There's a good chance it was written in Britain

Tom Wood

LOC was thrown out as a useful measurement for *coder productivity*.

It used to be assumed that the more LOC per day, the better the coder.

Now it is often believed that less is more, simpler is better, so actually writing negative LOC could be a very good day indeed. Hence the argument in the article that fewer LOC in non-British banking apps is a good thing.

13
0

Blighty starts pumping out 12-sided quids

Tom Wood

Re: iSIS

http://www.mirror.co.uk/news/uk-news/royal-mint-forced-change-name-7657745

1
0
Tom Wood

Re: counterfeit pound coins

Yes - depending on which article you read something like 30-45 million circulating pound coins are fake.

2
0
Tom Wood

Re: iSIS

They actually seem to have quietly dropped that name since 2014 - the link from the article redirects to a different page. Can't think why.

The potential security features are intriguing though. Could the coins, rather than being just a lump of metal, actually contain some kind of chip?

4
0

One-third of all HTTPS websites open to DROWN attack

Tom Wood

read the details

A server that supports TLS 1.2 is only vulnerable if it or some other server that does support SSLv2 is using the same certificate.

1
0

Cameron co-opts UK mobile industry for EU Remain campaign

Tom Wood

Re: BBC bias

Yes, every BBC Radio news bulletin I've heard in the past 2-3 days has had a brief "x says we should remain in the UK for y reason" from the newsreader, then some spokesperson for the UKIPs/Tories/other xenophobes of choice have been given a 30 second clip to spout complete tripe arguing about why we should leave.

I've not heard a single clip spoken by a correspondent from the "remain" camp.

9
2

Good thing this dev quit. I'd have fired him. Out of a cannon. Into the sun

Tom Wood

Either always use braces, or use Python...

6
0

GCHQ’s Xmas puzzle proves uncrackable

Tom Wood

Re: QR code?

There are online "scanners" that work from webcams or uploaded images. You could have reproduced the QR code in MS Paint or similar if you really didn't have a way of photographing it.

2
0

DWP building a separate ID tool as Verify can’t cut it, whisper sources

Tom Wood

Re: This is a solved problem surely?

Yes, but this is once you have a bank account. Setting up a bank account if you've never had one is a surprisingly difficult task. Especially for recent immigrants (e.g. refugees granted asylum) who have no identity history in the UK and may not even have ID documents from other countries.

It's these sorts of individuals DWP in particular will have difficulty identifying.

I imagine the Verify system would also struggle to identify many of those particularly of an older generation who even if they have a bank account may not have any debts (so no credit record), have no driving licence or passport, etc.

9
0

New gear needed to capture net connection records, say ISPs

Tom Wood

Re: How exactly does this work

@Missing semicolon:

You are correct. But the URL is inside the HTTP request itself - not in the packet headers - and is encrypted for HTTPS. That's what I meant by "Or are they inspecting the contents of every HTTP request and logging that? In which case, what happens when the server is using HTTPS?"

0
0
Tom Wood

How exactly does this work

When I visit www.theregister.co.uk, this isn't one transaction. First there is a DNS lookup, which in my case currently resolves www.theregister.co.uk to 104.20.24.212. Then I open a TCP connection to 104.20.24.212:80 and send a HTTP GET request for /. Then the HTML loads and this may trigger many further DNS lookups and requests for images, style sheets, javascript and so on.

Exactly what are they logging to determine I am visiting www.theregister.co.uk? The DNS lookups? The TCP connection to 104.20.24.212:80? (But who knows what that IP address really is - actually this particular example has no reverse DNS - but it could well be a shared server, CDN server, etc).

Or are they inspecting the contents of every HTTP request and logging that? In which case, what happens when the server is using HTTPS?

10
1

NZ unfurls proposed new flag

Tom Wood

Re: Research

http://www.flaginstitute.org/wp/british-flags/the-union-jack-or-the-union-flag/

1
0

Terrorists seek to commit deadly 'cyber attacks' in UK, says Chancellor Osborne

Tom Wood

The Tories winning the election was pretty terrifying...

6
4
Tom Wood

Has Osborne just watched Spectre?

a new "National Cyber Centre" which is described as "the countries first dedicated ‘cyber force’

3
0

NHS IT must spend a fortune to save a fortune, says McKinsey

Tom Wood

Incremental changes

This would be fine if it were a case of spend £500k, save £1m, 16,000 times over. If it didn't deliver after the first few such projects you could cut your losses and run. If it did work, it would pay for itself in short order and not need much in the way of actual upfront investment.

But somehow I expect it's not that simple...

1
0

Skype founders planning non-drone robodelivery fleet. Repeat, not drones

Tom Wood

It's as if they have never seen Robot Wars

Just imagine all the ways one of these could get (1) stranded through it's own incompetence to deal with the hazards of a typical street (puddles, slippery leaves, dogs and their droppings, fallen branches, parked cars etc), (2) maliciously waylaid (tipped over/put on top of a bus shelter/thrown into the canal/kidnapped by local kids/troublemakers), driven off in a thief’s van, etc.

5
0

The ONE WEIRD TRICK which could END OBESITY

Tom Wood

Re: craft it smaller

In the UK that would be illegal. The smallest quantity for selling draught beer and cider is a third of a pint. You are also allowed to sell two-third pint measures, and any (integer) multiple of half pint measures, but that's it. https://www.gov.uk/weights-measures-and-packaging-the-law/specified-quantities

4
0

CODING PEEP SHOW offers chance to hire devs as they program

Tom Wood

Re: Watching paint dry

"Any idiot can bash out a foreach loop on automatic"

Based on some of the apparently experienced developers I've given technical interviews to, that statement is sadly false.

6
0

Turn-by-turn directions coming to Ordnance Survey Maps

Tom Wood

Re: too little too late

Google maps is fine for road - offroad it's pretty useless though.

Compare for instance Ilkley Moor:

Google map

https://www.google.co.uk/maps/@53.8948331,-1.841674,13z?hl=en

vs OS map

http://binged.it/1JJiJaQ

and that's just based on the 1:50000 OS map data, zoom in and you'll see the extra detail from the 1:25000 version.

4
0

'Hans free' mobe gag crowned Fringe's funniest

Tom Wood
Facepalm

Re: The one from a few years ago was much better

Was that "2011 winner Nick Helm" by any chance?

16
0

Wikiland turns to Shapps and says ‘those emails you wanted, we deleted them, sorry’

Tom Wood

Do you mean Data Protection Act?

The FoI act only applies to public bodies, doesn't it?

A Subject Access Request is a thing where you can get data held on you by a company or organisation under the terms of the Data Protection Act.

6
0

Amazon UK conditions 'exhausting', claims union

Tom Wood

A lot of a warehouse isn't storage

It might be a mistake, but a lot of the floor area in a warehouse isn't "storage capacity" - it's taken up with aisles, conveyors, shelf supports, packing benches, etc.

4
0

Labour Party website DDoS'd by ruly democratic mob

Tom Wood

Re: I'd like to know..

Germany, France, Spain, the Netherlands, Italy... all have state owned railways. Hell, their state owned railway companies even own a good chunk of our supposedly private railway companies. What is it about these countries that means they can run successful state-owned railway companies but we can't?

3
2
Tom Wood

Re: I'd like to know..

Well the railways is fairly easy. The state still owns most of the infrastructure and rents it out to the privatised operators. You just let their contracts expire and don't renew them, or if you want to get more creative find ways to terminate them early. (As the franchises start falling back into state hands, the state then gets to keep the profit from them, which can be reinvested or used to buy up the remaining contracts).

And, of course he could borrow more. Brown didn't "borrow and spend every pound there was to have", as evidenced by the fact that Osborne has borrowed more than Brown did: http://blogs.spectator.co.uk/coffeehouse/2013/11/the-tories-have-piled-on-more-debt-than-labour/

3
3

Page:

Forums