EE, Plusnet: both owned by BT but for the time being at least operated independently, somewhat better
486 posts • joined 14 May 2008
Re: They are a media company
Fibre cable, coax, headend equipment, ...
Upgrading to fibre is going to be one major way that customers will get a connection > 10 Mbps. Are you saying that if a customer has a 6 Mbps ASDL connection they can't be upgraded to a 50 Mbps FTTC connection until they and all of their neighbours has first been upgraded to a FTTC connection that has been throttled to exactly 10 Mbps?
is the version of the BBC website for those *outside* the UK. bbc.co.uk is for those inside. The former has adverts and the latter does not.
Try to access either from the wrong location and you will be redirected.
Shows the challenge of creating self-driving cars
A railway is relatively self-contained, sure there are occasional junctions/points and the like but basically trains can go forwards or stop, and maybe occasionally reverse direction. It's rare to find people or other obstacles blocking the lines.
Not so a car on a road.
Actually, it scums up the coffee pot.
Re: I see nothing has changed
"Well I would say that someonee embarking on a CS degree should ALREADY know how to code......"
Well, that wasn't me. Sure I was "good with computers" at school, and learned a bit of HTML etc, and my A-level further maths included modules of discrete mathematics (algorithms and so on), but I didn't actually write my first "hello world" until I started my CS degree course in 2003. There were no programming courses at school, and nobody to encourage me to program.
I graduated with a 1st class MEng in 2007, and have done alright in software jobs since ;-)
I would imagine that most 17 year olds who think they know how to code, don't really. They may be able to hack together code from examples, but they probably don't understand the detail of *why* things are done the way they are (or better ways of doing things)
So maybe there really is a difference between "good" CS degrees and bad ones.
"A good way to test this is to give some example code that returns a pointer to a local variable and ask them to describe what can happen if you start to use that pointer."
We have a question based on exactly that problem in our interviews. Not only do I ask what happens if you use the pointer (it depends) but how they would locate such a bug in code that someone else had written.
It's not universally true, but of those with a few years experience, it seems that those without a CS background struggle more with questions such as this than those who studied CS, but that's just the impression I've got from the candidates I've interviewed.
Re: unable to write a "for" loop in C/C++/Java
I can't remember the degree, but it was most likely computer science or something very similar (actually we've found at least a couple of unis have a course called Computer Games Programming which is actually basically Computer Science but made to sound sexier to 17 year olds who are applying for a degree).
Though, I'd still expect a Computing/IT graduate to be able to write a loop, maybe in Bash/Python/whatever scripting language they prefer but surely they're going to need to automate doing repetitive stuff at some point?!
Re: unable to write a "for" loop in C/C++/Java
The guy who was completely unable to write a for loop was an extreme example, but the sort that sticks in your head. Sure, he'd probably done it before and I'm sure his uni software project must have contained many loops, but sat in front of a computer he couldn't remember the syntax. I can't remember whether he claimed to know C, C++ or Java but as the loop syntax is the same and we'd given him a choice of languages, the fact he couldn't do even this basic thing from memory was rather concerning. (It wasn't the only thing where he failed to show knowledge or understanding, however).
As someone who does interview both graduates and more experienced developers (and a comp sci grad myself), in an embedded software business, I'd say I most value someone who has learned the fundamentals of CS (algorithms, complexity, computer architecture, logic) and some software engineering (design, testing, OO, design patterns) and can evidence applying both through their project work. The "Android/IOS/Linux/Oracle/Windows 10/Azure/AWS" stuff I really don't care about, provided their project work shows they have applied some knowledge in some domain areas and can pick it up quickly. (Though understanding the basics of the Linux/POSIX style command line is a big plus).
One reason why I'm always wary of "experienced" programmers who were self-taught and came from a hardware or physics background for instance is that they can bash out code based on tutorials they've learned etc, but they don't really understand basics like what a pointer is or what the difference is between a list and a vector, for example. Which can lead to writing buggy software, or being unable to debug such issues in other people's code...
Quality of graduates
We're a small/medium sized software consultancy (~60 or so employees in the UK). This year we advertised a vacancy for a software graduate. Many who applied who were either in the final year of their course or who had graduated with a Computer Science or similar degree failed our 10-question online multiple choice filter test. The test in question is open book and not time limited; the questions cover the basics of programming and CS theory, nothing complex; and our "pass" mark is only 6 out of 10. (Question 11 is "how many of the above answers did you look up online or ask for help with" - we wouldn't necessarily reject someone who looked up most of the answers, provided they got them all right!)
Of those who got to an interview (6 candidates if I remember correctly), none was up to standards (and our standards are not overly high for a graduate; we're talking basic failings like being unable to write a "for" loop in C/C++/Java). We left the graduate role unfilled this year. We do also take a "year in industry" student, who we interview about half way through their second year at uni, with the same questions and interview process, and universally the "year in industry" applicants were brighter and more capable than the graduate ones.
Which suggests that somehow we failed to attract the "good" graduates, and were left with a bunch who had somehow graduated or were on track to graduate in Computer Science but yet failed to understand the fundamentals of their chosen subject.
Re: Why? - Let's have some critical journalism
And actually, I don't need to control the DNS server, that just makes it easier. Since I can see and intercept all your traffic to my AP, I can look out for any initial non-HTTPS request and spoof a response, for example.
This also works with secure access points, if there is a common password I can get hold of (e.g. WPA2-PSK). If there's a hotel or pub that has a known WiFi password they provide to customers (maybe they stick it up behind the front desk/bar), for example, I could easily set up an AP using the same SSID and password and chances are at least some of the time (e.g. if your device has a stronger signal from my AP than from the hotel's) you will end up connecting to my network.
Re: Why? - Let's have some critical journalism
Avast obviously weren't being malicious.
Let's say I can convince you to connect to a WiFi access point (AP) I control.
Chances are you use the DHCP server in my AP to get an IP address *and DNS server address*.
So I configure my AP to point you at a DNS server I also control.
When you type www.facebook.com in the browser, I can deliver a DNS result that points you at a web server I also control, that provides a facebook lookalike login page.
You don't look close enough to notice that this particular connection to Facebook isn't redirected to HTTPS, you log in, I get your facebook password.
You can replace "facebook" for "most other secure websites", unless you've visited them before, and they use HTTP Strict Transport Security, and your browser supports it (Facebook actually do send HSTS headers, but many other secure sites, e.g. online banks, don't.
"to open and close his bank accounts"
“I have enough information at this point to open and close his bank accounts, or do whatever I want,” he says.
Er, really? Sure, he knows a fair amount about his "victim", but that still shouldn't be enough to do anything particularly lucrative to a criminal.
Last time I tried to close a bank account, I had to go into the branch (even though it was an "online" savings account), and show the bank card of my linked current account, and sign a form. That was for a dormant account with no money in it - had I actually wanted to withdraw money and close the account I'd have needed the card's PIN and also possibly some other photo ID if the amount in question was large enough. To steal money with online banking, from the two banks I use, I'd need (1) knowledge of logins, passwords etc and (2a) access to my card and PIN or (2b) access to my phone, depending on the bank. The attacker described here doesn't have ANY of that info.
Maybe this speaks more to the lax security policies of American banks than anything else?
And being able to gain root access someone's web server (not really sure how that is related to "replicating" a web site) is entirely unrelated to learning anything about their home address, car registration etc, and more the fact they were running an old unpatched Linux distro.
Something's not right in the figures.
"TfL claims 65,000 journeys a day are being made using contactless with 500,000 million journeys made using contactless since its introduction."
If that "500,000 million" is right then at 65k journeys a day it would imply it's been running for 21 thousand years. If it's really only 500,000 journeys then it's only been running for just over a week?!
Re: Swings and Roundabouts.
"The EU does not allow origin discrimination of that nature on goods, hence the need for the "protected origin" scheme and the roomfuls of bureaucrats to administer it."
When has anyone ever worked on New Years Day?
Re: Attitudes to risk
"ANY information they can glean from it can be used to reconstruct your identity, at least to the point they can employ social engineering to get more information and then eventually they have enough to compromise or steal your identity."
They *could*. But *would* they?
Your common-or-garden cybercriminal, much like your common-or-garden house burglar, will go for the easiest targets. They're after quick money not some convoluted identity theft.
In practice, my LinkedIn password is better than "password" or "12345678", but not as good as 12 truly random characters or whatever. Which is fine, as long as there are lots of people who have passwords worse than mine; just as my house isn't likely to get burgled as long as I have pretty good locks on the doors, and the guy down the street has crap ones.
Attitudes to risk
I really don't want someone to get access to my bank account, or my email account, or root access to my servers, so I use secure passwords for them.
But LinkedIn, or for that matter some random forum such as this one, what's the worst that can happen if someone logs in as me?
The main risk if someone steals my login details from the likes of LinkedIn (or indeed this forum, which doesn't even use a HTTPS connection...) is if I use the same email and password combo for either this site and others, or for my email account, in which case they can get access to all the "forgotten password" emails and the like.
But if I don't, then what's the problem?
I have a better lock on the front door of my house than I do on my garden shed, for much the same reason. Get into the shed and at most you can steal some plant pots, potting compost, barbecue charcoal and a bit of garden furniture maybe.
Customer: "Why is X so expensive? Surely it doesn't cost you anywhere near that much to provide the service?"
Ryanair/Three: "Well, you don't have to use X."
It doesn't really answer the question, even if they are correct that you can generally avoid the charges by jumping through various hoops.
LOC was thrown out as a useful measurement for *coder productivity*.
It used to be assumed that the more LOC per day, the better the coder.
Now it is often believed that less is more, simpler is better, so actually writing negative LOC could be a very good day indeed. Hence the argument in the article that fewer LOC in non-British banking apps is a good thing.
Re: counterfeit pound coins
Yes - depending on which article you read something like 30-45 million circulating pound coins are fake.
They actually seem to have quietly dropped that name since 2014 - the link from the article redirects to a different page. Can't think why.
The potential security features are intriguing though. Could the coins, rather than being just a lump of metal, actually contain some kind of chip?
read the details
A server that supports TLS 1.2 is only vulnerable if it or some other server that does support SSLv2 is using the same certificate.
Re: BBC bias
Yes, every BBC Radio news bulletin I've heard in the past 2-3 days has had a brief "x says we should remain in the UK for y reason" from the newsreader, then some spokesperson for the UKIPs/Tories/other xenophobes of choice have been given a 30 second clip to spout complete tripe arguing about why we should leave.
I've not heard a single clip spoken by a correspondent from the "remain" camp.
Either always use braces, or use Python...
Re: QR code?
There are online "scanners" that work from webcams or uploaded images. You could have reproduced the QR code in MS Paint or similar if you really didn't have a way of photographing it.
Re: This is a solved problem surely?
Yes, but this is once you have a bank account. Setting up a bank account if you've never had one is a surprisingly difficult task. Especially for recent immigrants (e.g. refugees granted asylum) who have no identity history in the UK and may not even have ID documents from other countries.
It's these sorts of individuals DWP in particular will have difficulty identifying.
I imagine the Verify system would also struggle to identify many of those particularly of an older generation who even if they have a bank account may not have any debts (so no credit record), have no driving licence or passport, etc.
Re: How exactly does this work
You are correct. But the URL is inside the HTTP request itself - not in the packet headers - and is encrypted for HTTPS. That's what I meant by "Or are they inspecting the contents of every HTTP request and logging that? In which case, what happens when the server is using HTTPS?"
How exactly does this work
Exactly what are they logging to determine I am visiting www.theregister.co.uk? The DNS lookups? The TCP connection to 22.214.171.124:80? (But who knows what that IP address really is - actually this particular example has no reverse DNS - but it could well be a shared server, CDN server, etc).
Or are they inspecting the contents of every HTTP request and logging that? In which case, what happens when the server is using HTTPS?
The Tories winning the election was pretty terrifying...
Has Osborne just watched Spectre?
a new "National Cyber Centre" which is described as "the countries first dedicated ‘cyber force’
This would be fine if it were a case of spend £500k, save £1m, 16,000 times over. If it didn't deliver after the first few such projects you could cut your losses and run. If it did work, it would pay for itself in short order and not need much in the way of actual upfront investment.
But somehow I expect it's not that simple...
It's as if they have never seen Robot Wars
Just imagine all the ways one of these could get (1) stranded through it's own incompetence to deal with the hazards of a typical street (puddles, slippery leaves, dogs and their droppings, fallen branches, parked cars etc), (2) maliciously waylaid (tipped over/put on top of a bus shelter/thrown into the canal/kidnapped by local kids/troublemakers), driven off in a thief’s van, etc.
Re: craft it smaller
In the UK that would be illegal. The smallest quantity for selling draught beer and cider is a third of a pint. You are also allowed to sell two-third pint measures, and any (integer) multiple of half pint measures, but that's it. https://www.gov.uk/weights-measures-and-packaging-the-law/specified-quantities
Re: Watching paint dry
"Any idiot can bash out a foreach loop on automatic"
Based on some of the apparently experienced developers I've given technical interviews to, that statement is sadly false.
Re: too little too late
Google maps is fine for road - offroad it's pretty useless though.
Compare for instance Ilkley Moor:
vs OS map
and that's just based on the 1:50000 OS map data, zoom in and you'll see the extra detail from the 1:25000 version.
Re: The one from a few years ago was much better
Was that "2011 winner Nick Helm" by any chance?
Do you mean Data Protection Act?
The FoI act only applies to public bodies, doesn't it?
A Subject Access Request is a thing where you can get data held on you by a company or organisation under the terms of the Data Protection Act.
A lot of a warehouse isn't storage
It might be a mistake, but a lot of the floor area in a warehouse isn't "storage capacity" - it's taken up with aisles, conveyors, shelf supports, packing benches, etc.
Re: I'd like to know..
Germany, France, Spain, the Netherlands, Italy... all have state owned railways. Hell, their state owned railway companies even own a good chunk of our supposedly private railway companies. What is it about these countries that means they can run successful state-owned railway companies but we can't?
Re: I'd like to know..
Well the railways is fairly easy. The state still owns most of the infrastructure and rents it out to the privatised operators. You just let their contracts expire and don't renew them, or if you want to get more creative find ways to terminate them early. (As the franchises start falling back into state hands, the state then gets to keep the profit from them, which can be reinvested or used to buy up the remaining contracts).
And, of course he could borrow more. Brown didn't "borrow and spend every pound there was to have", as evidenced by the fact that Osborne has borrowed more than Brown did: http://blogs.spectator.co.uk/coffeehouse/2013/11/the-tories-have-piled-on-more-debt-than-labour/
Re: It's £3.88 a month
That's for a full membership. You can pay a minimum of £3 to become a "supporter" which means you get a vote in the leadership contest but none of the other perks of membership.
Re: Netatmo's Welcome costs €199, which is presently about £140.
You just need to get a decent credit card that doesn't charge such fees. http://www.moneysavingexpert.com/credit-cards/travel-credit-cards
Re: I got one at work
Indeed, I run my own mail server and use suffix addressing (sometimes called "plus addressing" as that is what is supported by gmail) for this purpose. In gmail you can use firstname.lastname@example.org and it will be delivered to email@example.com. Use a different "anything" for each account and if it leaks you know who has been passing your address, and can block that variant (or just block it if they don't honour unsubscribe, etc).
Since the plus character is commonly used for this purpose it's actually not that good as a spammer could strip it out and still reach your inbox. If you have your own server you can specify an alternative character to use, I use a dash/minus sign, but you could use a dot, underscore etc. Someone could still guess and remove it and hit your inbox, but in practice I've found that doesn't happen, and if it did I could just dump the inbox and create a new one, and redirect all the existing aliases to it.
Re: Probably these work the same as bank scams
Indeed, looking at my mailserver logs, I received two attempted mails this morning to an address that is no longer used, allegedly from firstname.lastname@example.org:
Aug 5 08:52:58 mail postfix/smtpd: NOQUEUE: reject: RCPT from unknown[126.96.36.199]: 550 5.1.6 <email@example.com>: Recipient address rejected: Address no longer in use; from=<Spectrum.firstname.lastname@example.org> to=<email@example.com> proto=ESMTP helo=<static.vdc.vn>
Aug 5 09:06:21 mail postfix/smtpd: NOQUEUE: reject: RCPT from unknown[188.8.131.52]: 550 5.1.6 <firstname.lastname@example.org>: Recipient address rejected: Address no longer in use; from=<Spectrum.email@example.com> to=<firstname.lastname@example.org> proto=ESMTP helo=<[184.108.40.206]>
I have never used this address (or any address for that matter) for anything to do with Ofcom.
So there is no data leak, this is just general non-targeted spamming.
Probably these work the same as bank scams
They send them to millions of addresses. Some people who have a genuine reason to have contact with Ofcom (or Barclays, HSBC, etc) see the email and think it must be targeted directly at them.
Admittedly radio hams are towards the more niche end of the spectrum, which reduces the number of targets for the spammer, but also probably increases the likelihood that those in the target audience do fall for the scam.
Mostly these things are sent by botnets and will be caught by the usual anti-spam DNS blacklists.