* Posts by Len

155 posts • joined 26 Jan 2009

Page:

Europe: Go on. Ask us to probe the £130m 'sweetheart' deal HMRC made with Google

Len
Go

The point is that the EU only "messes" with this on request of UK citizens/parliament. Considering multiple people in the UK have requested this the EU can review this case.

Frankly I am glad there is some additional point to turn to if Westminster turns out to be too corrupt not necessarily working for the good of the country.

6
0

Come on kids, let's go play in the abandoned nuclear power station

Len
Facepalm

Sorry to be pedantic. We're getting the French to build the reactor (if it even still goes ahead, http://www.bbc.co.uk/news/business-35415187 ). The Chinese are only there to partly fund it. The UK doesn't have the money to subsidise plant construction as building nuclear power plants has become prohibitively expensive.

Furthermore, the only way to get the French and Chinese to pay for construction is if we promise to pay them more than double the current market rate per kWh ( http://www.bbc.co.uk/news/business-22772441 ). The UK taxpayer is going to subsidise running a loss-making power plant for a couple of decades.

By the way, I wholeheartedly agree with your point about the desire to build stuff. While in Germany it is a criminal offence to call yourself an engineer without the required five-year degree from a proper university, in the UK some bloke who did a one-day training to hookup broadband modems comes to my house calling himself an engineer. The UK has become a country where people aspire to become journalists writing thinly-veiled personal opinions disguised as 'news' instead of building bridges spanning 2500 metres across an estuary.

8
0

Snowden bag-carrier Miranda's detention was lawful – UK appeal court

Len

Which means that David Miranda should now go over their heads and take it up with the ECHR.

18
0

Engineer's bosses gave him printout of his Yahoo IMs. Euro court says it's OK

Len
Big Brother

Separate work from private life!

I have had a great many colleagues who had absolutely no issues running their entire private life via work email. Funny cat video to share? Who broke up with whom? A heavy night on the tiles last night? Hate your manager? They had absolutely no issue using work email for personal matters. And if they moved company they just told everyone they had changed email address and presumably it went on...

I have never understood it. Work email is just that, work email. I have absolutely no issue with an employer reading my work email, they pay for it after all and provide it so I can work. They can expect it to be used for work. I'll use my personal email for my private life.

That said, I wonder how relevant a case such as this still is. I bet most people currently use a mobile phone for private comms, not their work desktop.

28
0

EU lawmaker committees call for single EU telco regulator

Len
Go

Interesting idea.

It's an interesting idea, and not very surprising that it's mooted (again).

We are slowly but surely moving to a single EU telecoms market. We've had price ceilings for internal calls for years. Fortunately there is, finally, also some serious traction with regards to the abolishing of roaming charges (the concept of roaming is in conflict with a single market). Through expansion and acquisitions we've seen pan-European telco giants such as Vodafone, T-Mobile and Telefónica emerge.

With a lot of push (not a least from the British government who feels Britain could strongly benefit from it) now towards developing a single European services market these telecoms developments will only be stimulated further.

In that light, having one instead of 28 telco regulators makes perfect sense.

3
0

Alu Alu! Nokia gobbles French rival Alcatel-Lucent in €15.6bn deal

Len

Re: Finns gonna pay the fat redundancy cheques again

True. Britain has one of the lowest labour productivity stats of the developed world, certainly a lot lower than France. Just 'being visible' at work does not equal productivity. I know plenty of people who spend the last two hours at work on Facebook just because they can't be seen to be the first one to leave.

I'm not sure if I'd want a 35 hour work week, but then, I'm a workaholic. If the French can get more done in 35 hours than the Brits in 45 more power to them!

3
1

UK will pay EU £180m in fines due to botched CAP IT system – NAO

Len

Re: Fraud incentive?

@dogged Don’t get me wrong, I’m am most certainly not saying most or all farmers are fraudsters.

All I know is that every year many EU member states (including Britain) fail to get their books signed off by EU auditors because the national agencies tasked with distributing EU subsidies can’t provide adequate proof the money was spent as it should be. Upon subsequent audits they uncover a mixture of incompetence, administrative mess and fraud (mainly overstating land and cattle size I believe). This new system was supposed to clean up this mess and reduce fraud in one go.

This being Britain it’s probably 80% attributable to incompetence/mess and only 20% to fraud.

0
0
Len
Holmes

Fraud incentive?

[Tinfoil hat]

I wonder if some people had an incentive to have this project fail.

There are suspicions of quite significant fraud with EU subsidies by British farmers and the more accurate the measurement, the harder it becomes to defraud.

Considering subsidies are tied to numbers such as land size, land type, cattle type, cattle size, litres/kilos of product produced etc. having numbers that are scattered across different records, hard to verify or ambiguous makes checks much harder. Having it all automated can make certain fraud flags a lot easier. “How can someone with only X hectares of land and Y amount of cows produce Z litres of milk?” That sort of stuff…

[/Tinfoil hat]

3
1

Yesterday: Openreach boss quits. Today: BT network goes TITSUP

Len

Re: Back up and running.

Seriously, people should stop voluntarily sending ALL their DNS traffic to Google. All the sites you visit, all the mail servers you check, all the sync services you use, all the FTP connections you make etc. all sent to Google.

Just use a OpenNIC Project server near you: https://www.opennicproject.org

5
5

Former parking ticket bloke turns out to be cybersecurity genius

Len
Pirate

Re: not really surprising that options/bad education has limited peoples potentials

Agreed. HR, lawyers and cleaners are best involved at the end when there is a mess to clean up. If you involve them too early nothing ever gets done or only done poorly.

An HR person will only hire safe (but often mediocre) bets, a lawyer will advise against pursuing most things because doing nothing caries the lowest risk, a cleaner will advise against cooking a delicious meal because not cooking at all will keep the kitchen clean.

Just involve them when the work is done and the mess is made, that's what they're good at.

6
0

Apple’s TV platform just became a little more secure (well, the apps at least)

Len
Holmes

Re: How long before "Smart TV" revert to just TVs?

Not long. I believe this whole Smart TV fad will take a massive turn within the next year or two. TVs will become dumber, just screens really, and all the intelligence will come from little boxes like ChromeCast, Apple TV, Roku etc.

This means you can keep your expensive screen for many years while replacing the intelligence by just upgrading that cheap box you hide behind the TV. Those little boxes can be much more flexible, more user friendly and more easily upgradeable than a TV can ever be.

9
0

TalkTalk attackers stole 'incomplete' customer bank data, ISP confirms

Len
Holmes

Re: How stupid

The only reason I can see for storing their customers' bank account data but without the full bank account number is for the purpose of support. It might be that the hackers actually got access to a TalkTalk helpdesk system. As you say, the helpdesk often only has access to the last four digits for ID purposes.

The billing systems (which would contain the full details) are likely not compromised.

That would suggest that the hackers probably have contact details and the last four digits but indeed not enough to commit fraudulent transactions on those accounts. Judging from a few cases of people who are missing money that I heard on the radio it seems that the hackers took the details and started calling the victims. They received a phone call informing them about the hack, probably from the hackers identifying as TalkTalk. If you have contact details and the last four digits it should be relatively easy to convince people to hand over any missing details.

9
0

Want to self-certify for Safe Harbor? Never mind EU, YES WE CAN

Len

Re: Who cares?

Fair point. Not a problem in our case but to be on the safe side you shouldn't use American businesses to store your data. Nice message the US government is sending out, "don't buy American".

It's no wonder Silicon Valley is up in arms on this topic.

19
0
Len

Who cares?

Who cares what the ill-informed opinion of some US department is? Either you stop breaking the law or you cease trading.

We just made sure to choose a hoster which guarantees us they don't store our data outside of the EU. Job done. Don't tell me billion dollar can companies such as Facebook are technically not able to operate within the law. Operating within the law is part of doing business. Of course, any business can, at times, sail close to the wind. However, having a business model reliant on knowingly breaking the law is not called a business, it's called a criminal organisation.

21
0

'Safe Harbor': People in Europe 'can get quite litigious about this'

Len
Go

Re: Let's have some European competition

Hear hear!

It’s time we get some of our pride back. With over 500 million EU citizens the EU home market is considerably bigger than the US home market and nowadays has a fairly homogenous legislation making the rise of European internet giants a real possibility.

Of course, the challenge remains that we have so many languages but that could be turned into an advantage. American companies are notoriously bad at internationalisation and localisation (why does Facebook insist on telling me the temperature at an event in the UK in Fahrenheit!? Why does Tweetdeck insist on only allowing to schedule tweets using the moronic 12 h clock!? Why does Wordpress default to the broken date notation of 5-13-2015!?). We should be able to turn this American weakness into an advantage for rapid growth.

I actually appreciate the actions of companies such as large hoster OVH that publicly state that "OVH datacentres are situated outside Patriot Act jurisdiction area" (https://www.ovh.co.uk/aboutus/technologies/datacenters.xml). My company too has added to its privacy statement that all our data is hosted inside the EU. More companies should be doing (and saying) similar things.

The real remaining challenge is then funding. European investors are typically much more risk averse when it comes to throwing cash at the umpteenth ‘Facebook+household chores+menstrual cycle+currency markets social sharing mash-up service’ than American investors are.

14
0

IPv6 is great, says Facebook. For us. And for you a bit, too

Len

Re: 20-30% of sites available via ipv6

It's true, the UK is woefully behind most other countries in Europe when it comes to IPv6 use. We'd be lucky to make it into the European top 30 some day. For now we're trailing behind countries that have only recently got stable electricity networks and indoor plumbing...

https://www.google.com/intl/en/ipv6/statistics.html#tab=per-country-ipv6-adoption&tab=per-country-ipv6-adoption

Another comparison? Have a look at basic hosting accounts. In many EU countries even very basic (three quid a month) hosting accounts give you an IPv6 block as standard. In the UK even major hosters will tell you they have no idea when they'll implement it. It means that I have now consolidated all my hosting that used to reside at seven hosters at just two that do understand IPv6. Mythic Beasts for the more techie stuff and OVH for the more mainstream heavy load stuff. Good riddance.

4
0
Len

Re: Nat as a security measure

The default use of IPv6 on most operating systems uses RFC4941 Privacy Extensions so your device will not have a uniquely identifiable global IPv6 address.

2
1
Len

That's not correct. Facebook only has IPv6 servers, they removed IPv4 from all servers some time ago. Internally they only use IPv6 (both on servers and on desktops) because they ran out of RFC1918 addresses!

This is quite a good presentation about their network structure: http://www.internetsociety.org/deploy360/blog/2014/03/facebooks-extremely-impressive-internal-use-of-ipv6/

They translate IPv6-only to Dual Stack (IPv6+IPv4) at the network edge for legacy IPv4 users.

5
0
Len

What you're looking for is not IPv6 NAT, that would be pointless and would actually limit your full use of the internet. What you're looking for is Privacy Extensions (https://tools.ietf.org/html/rfc4941). That is done on the OS level and most big operating systems support that. Many have it on by default.

Essentially it means that your OS will change it's internal IP address every so often (every 24 hours?) so any outside observer can't track to see if it's the same machine or a different one. As an end user you don't notice this at all, just like you don't notice DHCP addressing, it just works.

1
0
Len

Re: To NAT or not to NAT

Even the most basic firewall will provide much better security than NAT ever will. Just because it has an unintended side effect of breaking your internet connection doesn't mean that NAT can be relied on for security. If you depend on NAT instead of a firewall for your security you should expect be wide open to the internet.

7
3

'Major' outage at Plusnet borks Brits' browsing, irate folk finger DNS

Len
Black Helicopters

Re: heh

Wait, so you voluntarily share all your DNS data with Google?

Every website you visit

Every mailprovider you POP/IMAP

Every messaging server you use

Every update server your installed software contacts regularly

Essentially anything that involves domain names gets shared with Google

Why not have a look at the OpenNIC Project? http://wiki.opennicproject.org/Tier2 You can choose which country the server resides in (No DNS providers outside the EU for me), whether they log any data etc.

Just select a dozen that you trust, run them through NameBench and pick the fastest ones…

3
1

At LAST: RC4 gets the stake through the heart

Len
Happy

Re: Good luck, with some devices embedded management servers...

That's why the article says:

"Mozilla that its defaults will be no-RC4 in version 44 expected in January (but users will still be able to explicitly set a preference if they need it and know what they're doing)."

The most important thing is that webserver administrators all over the world are being forced to update their security because otherwise their visitors will not be able to visit their site in Q2 2016. If individual power users have some pressing need to still use RC4 they can re-enable it.

10
1

Web Summit looks at new homes ... this time with sun and decent Wi-Fi

Len

Lisbon!

While Amsterdam would probably not be a bad choice (easy to get to from just about anywhere thanks to Schiphol Airport, plenty of big conference venues and things to do around the conference) I'd prefer Lisbon simply because of the climate.

The upside is also that it gives some flexibility planning-wise. You could easily do it as early as the end of February or as late as October and still have nice weather. Quite useful in an already crowded conference calendar.

2
0

German railways upgrade their comms tech from 2G to 4G

Len
Devil

I'll raise you with a bigger anorak.

Here is the source image: https://www.flickr.com/photos/joshtechfission/8867725658

Apparently it's a British Rail Class 55: https://en.wikipedia.org/wiki/British_Rail_Class_55

Top tip: Don't press that red button on the top left. It stops all trains in the vicinity. Useful if you've just crashed into a lorry on a level crossing and don't want a colleague coming from the other direction crash into it as well. Not recommended at other times.

4
0

And on that bombshell: Top Gear's Clarkson to reappear on Amazon

Len
Happy

In other news...

Amazon have signed a contract for three more seasons of Last of the Summer Wine.

27
1
Len
Mushroom

Panto!

Three seasons behind a paywall and they're ready for panto!

5
1

Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet

Len

Re: Congratulations on repeating exploits before they can be fixed

Of course Apple will fix this in the production version. It's just that the beta for El Capitan was just released yesterday while they probably need more rigorous testing before they want to push it out to production.

It's fine screwing up a beta version, not screwing up a production version...

6
3

The French want to BAN .doc and .xls files from Le Gouvernement

Len

Re: What's up DOC?

The primary motive is not money, using non-proprietary open formats guarantees you can still read these documents decades from now. That might not be very important for most people and organisations, for governments it often is. They have archival and transparency requirements that many other orgs don't have.

As a side effect it also frees them from vendor lock in. Even if they may not decide to drop MS software right away they can do so at any moment in the future when something better or cheaper is a serious option. Their own files will not hold them hostage to one supplier any more. This will also require MS to stay competitive on features and cost. It allows for actual competition (which is also why MS is fighting this tooth and nail). They lost the fight in the a couple of countries (including the UK) and it will be interesting to see if they lose it in the France too.

8
0
Len

Re: What's up DOC?

In all the most commonly used office suites setting ODF as the default save format is a one time setting. A setting that can easily be set by their administrator. Most people won't even notice the change as most people won't look at file extensions anyway.

5
0
Len

Re: te-he

Be careful not to confuse switching to OpenDocument with leaving MS Office.

For most governments going down the open formats path it’s not the software license cost which is the issue, it’s the closed file formats. Especially when thinking about being able to read government documents a few decades from now and not being locked in to one vendor it makes sense to ditch proprietary/closed formats.

Because MS doesn’t want to lose lucrative government business they have responded by adding ODF support to MS Office (although not always 100% compliant) because in more and more countries it’s a requirement in the tender. That is the way it should be. If someone feels MS Office is the best tool for their job, so be it. As long as it doesn’t hamper innovation and competition. I am fine with people using MS Office in combination with ODF if that is what they want.

7
0
Len

Re: If you can't beat them...

Just found this, apparently MS has started to take ODF 1.2 serious:

http://www.computerweekly.com/news/4500243446/Microsoft-adds-ODF-12-to-Office-365-to-adhere-to-government-demands

3
0
Len

Re: If you can't beat them...

Oh, it can definitely use some compliance love. Hopefully ODF 1.2 becoming an ISO standard recently and more governments requiring it means MS will get their act together.

6
1
Len

Re: At last!!

That was implemented, exactly one year ago today. https://www.gov.uk/government/news/open-document-formats-selected-to-meet-user-needs

I don't know how far they are with changing the default save format on government desktops though. I think the most important thing is that IT suppliers to government departments can't sell services, hardware and software any more that requires or produces not-approved file formats.

I expect decisions like these by various governments not to create a revolution (we would have seen that by now as the first government required ODF many years ago) but rather a slow trickle. IT suppliers can't ignore ODF any more and I expect we'll slowly see more and more product support ODF. If anything, it's a massive shot in the arm for developers implementing ODF, creating its frameworks etc.

5
1
Len

Re: If you can't beat them...

Microsoft implemented OpenDocument since MS Office 2007 SP2. That means that practically any office desktop in the world can read and write OpenDocument files now. MS had to because many governments started to require ODF support years ago and they we're not keen on losing those sales.

But I assume you mean why they had to invent their own format instead of using the existing OpenDocument. I think I know why but it's a shame indeed...

6
2
Len

Re: Just like the UK gov?

I don’t know what kind of supplier to the DWP you are but presumably a supplier to any government operation can’t deliver software or hardware that spits out files in a not-approved format.

That civil servants have their default file format set to a not-approved format is a smaller issue. That should be tackled by their IT department. It shouldn’t be too difficult to roll out a GPO to have all instance of MS Office default to output in OpenDocument.

6
1

Crims and politicians using RTBF to scrub themselves from Google? Not quite

Len

Re: No crims?

Nobody says it's not used by crims. However, the evidence suggests they make up a tiny part of the people using the RTBF.

Those BBC stories prove very little. Only politicians, criminals etc. would be important enough to have their dirty laundry reported by the BBC in the first place. 15 year old Jane Bloggs who was the victim of a bullying campaign on message boards two years ago, would not make it onto the BBC web site. If she wants to start a new life at a new school she would either have to go and sue a number of unknown board administrators across the world, or she can now ask Google to remove all references to those posts.

1
1
Len
Holmes

No surprises here

This shouldn't surprise anyone. The fact that immediately after Google lost the case the media were overloaded with scare stories about how people with a dubious reputation would use this to hide their deeds was a sign that Google had a PR campaign to fire at the ready.

Not a mention of ordinary people being bullied, missing out on jobs or wrongfully accused because of things that Google held on its database for ever and ever.

It's PR 101 from Google. Well executed but a bit too suspicious to fool this ex-PR.

4
2

UK rail comms are safer than mobes – for now – say infosec bods

Len

Re: Not Invented Here Syndrome

That section did not have ERTMS but conventional signalling, that was the whole problem. Under ERTMS the train would have slowed down automatically.

0
0
Len

Re: Not Invented Here Syndrome

The article describes it as if ERTMS is a new system. It isn't, it's just relatively new to the UK.

The first stretches protected by ERTMS opened 11 years ago in Spain. Most modern high speed rail lines in Europe now use ERTMS, many thousands of kilometres of ERTMS protected railway line have since been installed and thousands of train services are protected using ERTMS on a daily basis.

Since its first use it has ERTMS has been through various updates already, currently on version 2.3.0d. Version 3.0 is currently being tested.

In short, ERTMS is not new or still in its infancy, it's been in production for over ten years. You could argue that the benefit of the UK being rather late to the game is that the Spanish, Italians, Dutch, Swiss, French, Swedes etc. have already worked out its teething issues.

0
0

Mozilla's ‘Great or Dead’ philosophy may save bloated blimp Firefox

Len
Go

Ditch electrolysis, drive progress

I have no issue with Mozilla using diversified income streams to support its development. It makes them less dependent on a single company or power dictating direction. And at least their growth strategies are above board, instead of the malware tactics used to force Chrome on unsuspecting users.

Of all the major browsers it still is relatively light on bloat and fast. I just hope that they shelve electrolysis. One process per tab is exactly the type of bloat that makes other browsers so heavy on overhead, CPU and memory. The main source of browser instability, Flash, is already running in a sandboxed process so can't kill Firefox any more.

The one thing I would really wish they'd do is become the web's driving force for new technologies once again. Drive new standards, be the first ones to develop and implement actual solutions to actual problems. For example, make a list of the ten reasons some sites are still using Flash and tackle those as a priority (copy to clipboard comes to mind).

7
3

Facebook casts a hex with self-referential IPv6

Len
Meh

Lucky

We should probably consider ourselves lucky that the options are limited. Apart from things like :dead:, :beef:, :babe: and :taco: of course.

0
0

Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X

Len

At first sight this looks like an issue that is buried very deep and could require a considerable overhaul of the underlying system. Not a question of checking some bounds or adding an escape character.

As that could take fairly long to fix they've probably already separately looked at the attack vector. At least that reduces the risk until the developers have fixed the underlying problem. It seems that the malware would have to come in via the App Store, otherwise why would these researchers have gone down that route? If the App Store is the only attack vector and you know what a malicious app needs to do to gain access you can look for it in the app vetting process.

It's not perfect but it's better than nothing.

6
1

Hey kids, who wants to pwn a million BIOSes?

Len

How about making it part of OS updates?

OS X updates regularly contain patches to the UEFI which are just flashed on reboot. Couldn't there be a way for WindowsUpdate and the update systems of the various Linux distros to do something similar?

0
0

Foreign firms must obey EU laws no matter where they're based, says EU. Hear that, Google?

Len

Re: Tit for Tat, EU. We can do that too!

Google trades in the EU, there is no doubt about that. They have local offices across the EU where local people sell localised (and often translated) services to local businesses. These businesses pay their local Google office (which are locally incorporated companies) in their local currencies.

If a Spanish Product Manager based at Google’s Madrid office tailors a Google product to fit a specific Spanish industry to help them target Spanish customers and a Spanish Sales Executive based at Google’s Madrid office sells that tailored product to a business based in Spain who pays Google in euros they are trading locally in Spain (and therefore in the EU). That the CEO of Google is based in the US is irrelevant.

By trading in a country a company is subject to the local laws. Don’t like them? Then don’t trade in that country.

12
0

Ex-cop: Holborn fireball comms outage cover for £200m bling heist gang

Len

This doesn't add up at all

First of all was the fire quite some distance from Hatton Garden. Over a kilometre as the crow flies and considerably longer by road. They are not even in the same district.

Second of all, the fire was on Wednesday while the crims are thought to have started on Friday because the vault would have been open on Thursday as usual.

0
2

The coming of DAB+: Stereo eluded the radio star

Len

Re: Ever seen a Digital Tick?

Correct, I'm not sure if it's even officially launched yet. The application process for radio manufacturers opened just a few months ago. I hadn't expected the actual Digital Tick in stores until later this year to be honest.

0
0
Len

Re: If you have an old DAB,

In other words, "DAB transmissions are less susceptible to doppler and multipath interference than FM."

3
0
Len

Re: Wrong way round

Considering the rest of Europe went DAB+ some time ago most DAB hardware on sale has been DAB+ compatible for some time. Many radios sold as DAB in the UK actually support DAB+ too but the manufacturers don't include it in the specs. The only nuisance is that some manufacturers disable DAB+ in software for the UK market.

I expect that they will stop that practice now and companies like PURE will probably offer firmware upgrades to enable DAB+. They already offered that for people who bought their PURE set in the UK and then moved to the continent or Australia.

Besides, all the new cars that come with DAB radios (an estimated 2 million this year) actually also support DAB+.

Now there will finally be a DAB+ station in the air there is no excuse for manufacturers to not support or advertise it.

3
1
Len

Not for music, no

I don't think many stations will be pushing stereo music over 32 kb/s AAC.

However, I expect the 32 kb/s in the proposal will become a speech stream. For speech it would still be overkill but it would be more than enough for sport commentary, news, inane chatter like LBC etc.

0
0

Apple about to make Apple TV WAY LESS SUCKY - report

Len

Re: UK media rights problems

What Apple is doing here is circumventing the existing gatekeepers (cable companies) that make money out of bundling popular channels with niche channels and selling that package at inflated prices. Very nice if you get 200 channels but if you only want to watch 3 channels you’ll still pay for the others.

By now trying to circumvent the gatekeepers, Apple could make separate deals with tv channels and come out cheaper/smaller packages. While this first instalment is clearly aimed at US cable companies there is no reason why that won’t come to Europe later.

There has been a long standing rumour that Apple is working on a 4th generation AppleTV. The rumour has it that the new hardware would go hand in hand with opening it up for a proper SDK and App Store for the AppleTV. In addition to games, smart home apps etc. it would allow the BBC, ITV, Channel 4, Eurosport, National Geographic, Dave etc. to add their own channels to the AppleTV (some free, some paid presumably). They could also easily be geo-locked to UK only users to solve some of the rights issues.

The hold up is supposedly the Comcast merger which threw all content deals out of the window. If Apple has now changed strategy and has decided to compete with Comcast instead of working with them this development might suddenly come unstuck again…

1
0

Page:

Forums