* Posts by SImon Hobson

889 posts • joined 9 Sep 2006

Page:

So what exactly sits behind Google’s Nearline storage service?

SImon Hobson
Bronze badge

Could well be using the HGST drives

Using either of the shingled drives needs filesystem support - while the Seagate drive will "work" without, it hits certain performance issues (like - stops doing anything for a while while it shuffles data) if you don't have an overlying file system that understands it.

Since Google have the brains to have their own filesystem anyway, there's just nothing at all to say they aren't using either of the shingled drives for this. Actually, for the way their storage works, the shingled drives are probably a good fit.

0
0

SOHOpeless: Security stains on Honeywell's Tuxedo home automator

SImon Hobson
Bronze badge

Re: The problem isn't IoT by itself

@ Christian Berger

That's perhaps a bit hard - I'm sure there are a lot of honest and competent developers working on some of this stuff. I can't help thinking that the problem lies a bit further up the chain - ie the managers who set the priorities and allocate resources. I know that at one ${dayjob} they had a sh*t-hot security gut on the dev team - but he left because he couldn't get any buy-in from management to include security as part of the design rather than something he nailed on afterwards.

> Ohh and of course people will want to use the functionality from outside, but they don't know how to set up a VPN.

And of course, here in the UK, some of the biggest ISPs either won't let you have a fixed IP at all, or charge a stupid amount for one. No reason other than simple marketing - if you want a fixed IP, we want "business ISP" income from you. Yes it's easily worked around with dynamic DNS - but it's one more "cussedness factor".

Many routers include VPN support - but they tend to be the "less budget" ones. And of course, we all know that consumer routers are all well secured as well don't we (not) !

0
0

Hurrah! Windfarms produce whopping ONE PER CENT of EU energy

SImon Hobson
Bronze badge

Re: Actual facts and figures

> There are very few period of zero (about 45 periods in 231k)

But there are periods of zero output. So that's lie number one from the "windies" well and truly debunked.

When you include "not quite zero, but for all the use it is, it might as well be" then the number is considerably more. And (without looking at the specific data mentioned), it's a fair bet that these periods of low or zero output tend to be clustered around periods of peak demand - like late December 2010 when demand was very high, but wind output was minimal.

Yes, it's actually very very easy to deal with - we "just" keep a load of fact-reacting OCGT plants available.

I think it would be an interesting intellectual exercise (one for Tim W ?) to work out ...

What rated output would a windfarm operator give if when connecting and selling their lecky they had to be able to provide that level of dispatchable supply at any time ?

Rules :

Whatever stated capacity they have must be available - other than due to pre-notified shutdowns etc.

The backup can be done either by having their own backup plant, or by contracting with another supplier to cover the difference - and of course, paying them whatever that other operator needs to make a profit.

Excess generation over the stated capacity doesn't get subsidies - but does get to compete in the settling mechanism.

Generation provided by a non-renewable backup doesn't get ROCs, just the market price.

Failure to provide a dispatched demand get "fines" - perhaps the STOR rate per missing unit ?

I reckon the stated wind capacity under this system would be a small fraction of what it is now. No operator could afford to give the max output as the costs of dealing with the shortfalls would be punitive - we all share that cost "invisibly" at present. Too low a figure would result in very little income. Somewhere in between will be a "sweet spot" which will vary between operators. My (sticks wet finger in air) guess would be that rated outputs would be something in the order of 10% to mid teens % of rating plate capacity. I;d be surprised to see much above 20% except perhaps for the very best sites and very best windmill designs.

4
1
SImon Hobson
Bronze badge

> One unwanted by-product is dirty electricity. My UPS swings from 210v to 265v in minutes as the wind / sun comes out.

Yikes, that's far worse than we get here.

But you have hit on one of the many hidden subsidies renewables (or more technically, intermittent generation) gets. There is a lot of work going on into understanding and mitigating the effects of lots of embedded generation on the whole distribution network. Historically it was built to handle large scale producers and one-way power flows. When you suddenly inject large amounts of power into the consumer end, then the currents reduce (or reverse) the volt drops reduce (or reverse), and the consumer voltage goes up.

Traditionally, the DNO operators have preferred to run the network at the highest voltage they can without hitting the upper limit - that reduces the currents, and hence their "I squared R" losses in cables and transformers. They can permanently lower voltages, but that increases losses.

AIUI from bits I've read and had from "inside knowledge", there is more tap-changing going on, and work on more automated monitoring and feedback to that process. Yes some of that would have been done anyway, but dropping a load of intermittent generation on the network has certainly added huge costs that [strong]are not included in the costs put forward by the renewables supporters[/strong]. The ROCs farmed by wind and solar installations are just the start of the costs - already mentioned are costs for re-engineering the distribution network, and all that standby generation (there's a farm in the NE somewhere with rows of diesel generators paid for by STOR payments), the increased costs of keeping marginal plants open (high per-unit costs, and payments to the operators to stop them closing down), the generally higher costs from those plants that are staying open without subsidy but which are having to ramp up and down far more to follow not just load changes but also (wind) supply changes, and the aforementioned increases losses if the DNO has to turn the tap-changers down a notch to avoid going over-voltage during periods of high embedded generation output.

2
1

Canucks: Hey, Big Dog Telcos. Share that fiber with the little guys, eh?

SImon Hobson
Bronze badge

That's interesting, thanks.

0
0
SImon Hobson
Bronze badge

Totally off topic, but this reader from the moderate climate of the UK is curious ...

Over here it's not uncommon for technicians to have to pump water out of the manholes before they can get to work on whatever is is they are doing. In very cold climates, I can't help thinking that the water might have set solid - not just in the manholes, but in the ducts.

Is this a problem ? How do they deal with it ? Do you have some faults/service provisions that can only be dealt with when the weather is warmer and the ice melts ?

0
0

Acer Revo One RL85: A pint-sized PC for the snug

SImon Hobson
Bronze badge

Re: Moving "users" folder

> Windows 10 does a better job of this ...

Does it still use things like "C:" to identify drives ? How very 1980s !

9
4
SImon Hobson
Bronze badge

> Why do we still have overscan?

Because when all this new fangled digital stuff was being thought about, there was a lot of backwards compatibility baggage to load aboard - and a load of <insert preferred derogatory term> didn't think ahead far enough.

The problem is that when the digital standards were first being created, CRT displays were still the norm - don't know if flat panel displays were around, but if they were, they were not the sort of thing many people would have. CRTs really need some overscan so you can have a nice clean edge - otherwise you get a fuzzy picture edge, and possibly various other things - ever seen the Teletext data "dots" creep in at the top of a badly adjusted TV ?

Because of overscan, part of the image isn't viewable - there are specs for how much to assume is lost. So program makers will avoid putting anything "important" near the edges of the image - if you look carefully at a non-overscanned display you'll be able to see this effect (titles, credits, captions, important action - all away from the image edge).

And because most content is made with the assumption of overscan, overscan persists as the default - and so the cycle goes around. IMO, now we have (in general) quite large displays, I don't think anything is lost by not chopping off the periphery - you still get all the detail and action, but a bit like Phillips Ambilight, you get that peripheral stuff adding to the immersiveness (assuming the content is good enough to draw you in that is !)

But I am really surprised that someone with Nigel's knowledge would even consider trying to get Windows to compensate for overscan when the **ONLY** correct way is to disable it on the display. Of course, if you like looking at a fuzzy picture that's deliberately mangled to be worse than the display can do, then I suppose it would be correct to get the computer to fuzz it and then let the display fuzz it a bit more.

Consider this ...

The default is for the display to overscan. So you take your nice crisp high-res image and send it to the display - lets say it's full HD at 1920 x 1080. The first thing the display does is to throw away about 1/3 of that image, then resample what's left. So instead of generating a 1080 line image and displaying it as a 1080 line image, what you actually see is something in the order of 700 to 800 lines which has been upsampled to 1080 lines - and similarly for the horizontal resolution.

For an "analogue" display like nicely rendered video, you won't notice - it's reckoned many people don't notice the difference between SD and HD channels on an HD set ! But for a computer desktop it's just flipping awful.

Yes it's completely flipping stupid these days - but we have "backwards compatibility" to deal with.

2
0

Universal Pictures finds pirated Jurassic World on own localhost, fires off a DMCA takedown

SImon Hobson
Bronze badge

Re: A Scanner Darkly

No, they should be prosecuted for filing a false legal document that they've put their name to.

AIUI, one of the supposed "protections" in the DMCA is that the notice must be signed by a person who signs to say that it is a true statement. Since the statement is false, and could be seen to be false by anyone competent to be making claims about it's accuracy, then whoever put their name to is should be prosecuted.

If that person didn't actually sign it (as I suspect is the case) then whoever produced the document with a forged signature should be prosecuted.

No, I can't see that happening either !

15
0

Jeep hackers broke DMCA, says EFF, and that's stupid

SImon Hobson
Bronze badge

Re: Cyber Pinto?

> I think they were more referring to the get rear ended / car may explode aspect of the pinto.

That was my assumption - the car model, not the engine.

The Pinto was famous, not so much for exploding if rear-ended, but for Ford deciding that it was cheaper to pay out the claims than to redesign the car. Supposedly there was an internal memo that got leaked with the numbers and the conclusion that it's "cheaper to let them burn".

I can't help thinking, along with the peson who said it, that we're going through the "cyber" version of this. The manufacturers almost certainly know that they have security issues - but since they can mostly deny them and get away with it, they've probably decided it's more cost effective to carry on regardless than it is to employ proper security people to work with the various projects.

Hence the comment about this potentially being the Cyber Pinto". So few people will be affected, and it'll be so hard for them (or their next of kin) to prove, that it'll be cheaper to leave the security problems as they are and pay out on the few cases they might be held responsible for.

2
0

Security tool bod's hell: People think I wrote code for Hacking Team!

SImon Hobson
Bronze badge

Re: if they used GPL code in their products...

> The same goes for linking (dynamic or static) to a GPL library.

Wrong again, there sure is a lot of FUD around the GPL.

Statically linking a library into your binary blob does mean that your whole blob must be under the GPL is any of the libraries is. That's not the case where they are dynamically linked (especially since most libraries are under the LGPL which specifically covers this).

If you couldn't dynamically use a (L)GPL library without making your own code GPL then things would be incredibly restrictive - but they aren't.

0
3

Disaster-gawping cam drones to be blasted out of the sky in California

SImon Hobson
Bronze badge

Re: We should, but for now it is simple

> You've clearly not been following how police powers and public order legislation has been used in the UK in recent years.

Indeed, and I was thinking this as I read through the earlier comments.

The standard technique used by all governments seems to be "find something everyone agrees is bad, pick a situation, legislate for that - but carefully word the legislation to cover a shed load more than it's claimed. In this case, who could possibly argue against letting the firefighters do their jobs ? So it's easy to push through the legislation as "it's clearly needed and no-one can argue against it".

But then what ? All it needs is for the officer in charge to declare <whatever it is> and he then gets free reign to abuse the legislation to attack perfectly reasonable and otherwise legal (for example) protest. Or there's examples like the sex offences laws (think of the childrun) used to convict someone for taking a pee in some bushes or the father who lightly slapped his teenage daughter (deservedly so by her own admission).

It does seem that there are already laws in place that would allow the emergency cervices to deal with these remote controlled devices. There is no need to use the event to pass what would otherwise be quite contentious laws.

3
0

Dough! Dominos didn't register dominos.pizza – and now it's pizz'd off

SImon Hobson
Bronze badge

> risk becoming permanently associated with risk and cybersquatting

What's with the future tense ? That bridge was crossed a long time ago.

I wonder how long it will be before a business that's big enough and has the cash sues one of the registrars for running a protection racket. That fact that some of the new TLDs allow names to be blocked "on payment of a fee" does rather smack of a "nice brand you have there, shame if anything happened to it" racket.

3
0

IT as a profit centre: Could we? Should we?

SImon Hobson
Bronze badge

> Bean counters sometimes appear to want caviar for fish-finger prices

Ah yes, there is nothing that can survive letting the bean counters loose on it.

1
0

Are you a Tory-voting IT contractor? Congrats! Osborne is hiking your taxes

SImon Hobson
Bronze badge

Re: Add more complexity

> the new proposals are unnecessarily complex

You write that as though it's a fault !

I've come to the conclusion that TPTB do this deliberately - if the rules are complex enough, then it leaves wiggle room in the "interpretation" which they can work out later (in their favour). Of course, if your interpretation differs from what they later decide it should be (having seen how people are interpreting the rules to the tax payer's advantage) then you are on the hook for penalties as well as the "underpaid" tax. Trebles all round.

0
0

Americans find fantastic new use for drones – interfering with firefighting

SImon Hobson
Bronze badge

> The problem they run into, is they are following FAA rules written assuming any flying vehicle is manned, so they must avoid damage to other vehicles at all costs.

While that may be true, the bigger problem they run into is that if they hit a drone, it could cause serious damage to the firefighter's aircraft. So they must avoid the area to avoid the risk to human life a collision could cause.

I'm inclined to agree with other comments - have a means of bringing them down, preferably intact so the owner/operator can be traced. It's going to have fingerprints, serial numbers, possibly WiFi access codes and/or the MAC address of whatever has been connected to it, and all manner of computer forensics on it. Then charge them with obstructing the firefighting operations.

Until there are a few well publicised prosecutions, people just won't see that there's any harm in flying them where they like.

3
0

Apple and Samsung are plotting to KILL OFF the SIM CARD - report

SImon Hobson
Bronze badge

Re: What an embarrassment of knee-jerk reactions

> Can you seriously not envision a technical implementation of virtual SIM cards that gives you the same functionality that physical SIM cards give you today?

Yes, I can envision an implementation that does everything anyone could be bothered about. It just don't, for one second, believe that the manufactuers and carriers will do that. Apple alone is not exatly known for openness these days, and I can't believe it'll pass up an opportunity to further control what users can do with their devices.

> The Apple SIM gives you the flexibility to choose from a variety of short-term plans from select carriers in the U.S. and UK right on your iPad.

Note the "select" bit there. Not "any" carrier, but "select" carriers. Presumably the "select" actually means "ones who paid us enough to get on the list".

Yes I'm being cynical, but that's a result of observing how some vendors act these days.

6
0
SImon Hobson
Bronze badge
FAIL

Re: Wow

> virtual SIM card system will presumably give you the same abilities as a physical SIM card system.

That's an assumption, and you know what assumption does don't you - it makes an "ass" out of "u" and "me".

However, you are correct that a soft-SIm COULD provide all the facilities a normal removable SIM card can do. That's "could", not necessarily "will".

Those of use with longer memories than a goldfish (7 seconds ?) can look back and see how most manufacturers - especially Apple - have been heading down a road of user lockin. Microsoft had a bit of a go in the 90s, but it took Apple to show them how to do it and only now is MS catching up.

So it's a fairly safe bet that to switch sim you'll need to connect your iThingy to your computer, run whatever Apple software it is by then (currently iTunes), and can then configure the device - but only using carriers that appear on the list of available carriers. SO this will be about who is prepared to give Apple enough dosh to appear in that list. It's no different to applications for your iWhatsit - if you are a developer then you play by Apple's rules, accept Apple's decisions without question, and pay over your Danegelt to Apple.

I really can't see Apple being more liberal with the SIM & carrier choice than they are with applications - all in the name of security of course !

And of course, the carriers win as well. They'll be able to control which devices the 'sim' can be used with - so if you've bought an expensive iThingy, the carrier will now be able to properly enforce you only using their more expensive iThinky tariffs with it.

And even if, if we take leave of our senses and ignore history for a bit, none of this restrictive practice does come about - there is still the issue of practicality.

I can pop the SIM out of my phone and pop it into another device - I used to do that a fair bit when I had a phone that didn't tether. And as above, I can take the SIM out and pop a different one in - I used to do that as well when I used to keep a PAYG one going for backup (patchy coverage round here).

Once you go soft SIM, then the carrier can prevent you moving the SIM to another device, or restrict how often you do it, or require that you be online to do it (tough if you are in-communicado until you've swapped your SIM !), or charge a fee each time (some carriers still charge to unlock a phone that's out of contract).

SO yes, the soft SIM could do everything a removable SIM card can do. But I really really really cannot see that happening. Apple alone has a good track record of doing lockin, it would really have to change it's spots to do something that didn't in some way restrict what users can do with devices it pretends to sell them.

7
1

BT circles wagons round Openreach as Ofcom mulls forced split-up

SImon Hobson
Bronze badge

> My main concern is where the investment would come from for continued improvements.

Simple.

For "run of the mill" stuff, the expenditure comes out of retailed profits. The equation is fairly simple, it charges "customers" for use of it's infrastructure, it pays out it's running costs (rates, wages, taxes, etc), and what is left over is retained profit. Of course, it'll need to do improvements - add a cabinet here, add more cable there, upgrade some old kit, and so on. For most of these, it's just another operating expense.

Now for "big ticket" items (like a fast and nationwide rollout of FTTC) it goes out to the money markets with a business proposal along the lines of : "we need £X to fund this project, as a result of this project, we'll be able to take in £Y, and projected return on investment will be Z%. Who's up for a share of that ?"

If the figures stack up, investors (who may include the ISPs who'll get to sell the services) will put their hands in their pockets and the capital will be raised that way - by either selling bonds or more shares. Behind the scenes, that's what BT will have been doing for their multi-billion investments - except that instead of selling bonds, they've sold shares.

Where the figures don't stack up, they'll do exactly what BT did - and go to the government/councils/whoever and blackmail them. "If you want <spiffing new service> in these unprofitable areas, then you'll have to pay for it". Where someone will pay for, or at least adequately subsidise, it - then they'll install it.

Where I'd see the biggest benefit is the removal of the political restraints. Those of us with an involvement in telecoms for long enough will know that pretty well every new service BT has done has been in some way crippled in order to protect their existing cash-cows.

For example, ISDN2 never caught on in the UK because it was expensive and crippled. In some countries it flourished because it wasn't and wasn't. How and why was it crippled ?

Well in Germany, you could send low speed data via the D channel without dialling up a B channel. This meant that for WAN applications you could handle low speed data without racking up the call charges, and then fire up one or more B channels when the link got busy. Over here you couldn't, except in certain expensive and crippled ways designed to make sure few actually did it.

And why was it crippled like this ? Well of course you could never prove it, but had it been as full featured as Germany's ISDN2 then it would have slashed income from leased lines - BT's then cash cow. It was in BT's interest not to allow something that could harm that cash cow.

And I can't help thinking that BT's lethargy in rolling out ADSL initially was a further attempt to stave off the further butchery of it's cash cows. Why pay £6k/year (at a previous employer, we had two lines that cost £8k/year each to give us 64k to a couple of remote sites) for a Kilostream when for many applications a couple of ADSL circuits and VPN capable routers would do the job for a fraction of the price ?

I can believe the comments about NZ having a boom in services once the lines business was split from the services business. Over here we don't have dark fibre - much better to rent a lit fibre and screw the customer for speed related charges. You can't (other than very limited options) buy a circuit from A to B that doesn't go via the exchange. It's "very difficult" to rent duct space. And so the list goes on.

Split off BTOR and the political pressure to not allow various services has gone. Yes I'd expect BT to squeal - it would remove some very real and very significant advantages it has (specifically being able to tailor available products to suit it's own requirements) and force it to compete on a more level playing field.

Leaving aside some fairly light regulation ... Remember that **NOTHING** BTOR do at the moment is specifically to give "us" something better. **EVERYTHING** they do is designed to give BTOR (and therefore it's sole owner, BT) the best return possible.

Split BTOR away from the controlling influence of BT and I'd expect to very quickly start seeing some new and "interesting" products and services.

0
0

Uber slapped with $7.3m fine for keeping quiet about driver accidents

SImon Hobson
Bronze badge

Re: More and more

> Just ask Big Blue, Ma Bell, or MS how fighting with the government turned out.

Actually, they'll probably tell you it's not that big a deal.

IBM dragged it out for (IIRC) about a decade and then got their choice of president elected who promptly returned the favour by getting all the investigations to go away.

Bell was broken up - but over the years the parts have re-combined.

MS - well they got the equivalent of telling a naughty kid to "don't do it again or ... I'll tell you not to do it again". Even in the EU where they actually lost, all they had to do was put up the "browser choice" screen for a while which was a farce since it was years since they'd seen off the competition. Probably the only painful part was having to document all their network protocols - anecdotally, going back "some years" MS's engineers used to talk to some of the Samba team at conferences and such in order to find out how the MS stuff worked !

1
0

Microsoft to Windows 10 consumers: You'll get updates LIKE IT or NOT

SImon Hobson
Bronze badge

Re: THE SKY IS FALLING!

> While I agree that *those in the know* should be able to control updates, I think this is a positive move by MS for the vast majority of **consumer** level users - knowing that they will all have the latest updates ...

But this is not what the complaints are about. Automatic updates are already the default IIRC and the user has to take proactive steps to turn them off - and will then get forever nagged about it.

This is about not having the option to turn automatic upgrading off at all - and that just stinks for all the reasons given. It essentially means that no-one other then enterprise users is in control of their systems anymore as software "upgrades" will be controlled by a third party.

6
1
SImon Hobson
Bronze badge

Re: no matter what MS force on us

> To force updates onto PC's is in my mind a breach of the Computer Misuse Act.

Unfortunately not, by accepting the agreement you have given permission for this.

You could go to court, argue that the term is unfair under the Unfair Terms in Consumer Contract Regulations, and if you get that OK'd by a judge then the term becomes unenforceable, and then it would be a breach of the Computer Misuse Act.

Only a few minutes ago we were talking about Win10 in the office - specifically about the "Nagware" installed under the false description of "enhancing computer performance or security" just the same as every other security update. Now I believe that could reasonably be considered an offence under the CMA on the grounds that users only agreed to install it because Microsoft misrepresented what it does - so any consent (whether implied (not turning off automatic updates) or explicit (installing updates manually)) is void since it was obtained by false representations.

Now - who's up for complaining to Old Bill ?

17
1

Apple's chip'n'firmware security demands behind HomeKit delays

SImon Hobson
Bronze badge

As per some of the earlier comments - enforcing security=good.

But this is enforce security in Apple's way, in a way that requires Apple kit to work, won't interoperate with anything else, and will become obsolete when Apple decide it is obsolete - which you can absolutely guarantee from past experience will not be when the hardware is very old. That's a crapload of negatives - but as also said, it'll probably sell because ... well it's Apple isn't it.

So overall I reckon this is at least as bad for the market as it is good. Apple could have mandated security standards, supported the manufacturers in that, and still supported interoperable and open standards. But this is Apple, so they do what they do best - build in non-standards to lock out the rest of the market.

I, for one, won't be buying any of it.

2
0

Apple snuggles closer to IPv6

SImon Hobson
Bronze badge

Re: IPv6 Leakage?

> It would seem that this implementation of IPv6 DNS will leak by design.

It will leak no more and no less by design then before. The leakage is not because the host OS is using IPv6, it's because the VPN endpoint isn't doing it's job properly.

Put another way, the IPv6 leakage is due to a crap VPN only dealing with IPv4 traffic. There is absolutely no excuse for this - any VPN worthy of the name should handle IPv6 traffic, or at the absolute least (configurably, but default to on) disable it while the IPv4 tunnel is up.

2
0

What do you MEAN, 'Click on the thing which looks like a Mondrian?'

SImon Hobson
Bronze badge

Re: You Think You've Got It Bad?

> Try providing IT support by phone to my mother.

I'm struggling to type now - just the thought causes a nervous twitch.

My Mum's favourite is to throw into a conversation that "A message came up", what does it mean ? No she didn't make any note of what it said, no it's not still on the screen.

But otherwise, "I clicked something, a message came up" (where neither the "something" clicked, nor the message is either specified or can be remembered) is a fairly common description of the fault - which usually cannot be reproduced.

But +1 for remote control software. Being a Mac, I just use the built in Screen Sharing - which I can do remotely via an SSH tunnel to my server there.

0
0

Uber to drivers: You make a ton of dosh for us – but that doesn't make you employees

SImon Hobson
Bronze badge

Re: Rather than Criticize...

> I have a friend who owns a car service; ... The drivers fill thier gaps in bookings with Uber rides.

OK, so you give an example of drivers who are licensed and insured. I find it, to be polite, "highly unlikely" that even a significant majority of drivers are legal.

It's also telling that only a quick look at their website shows several causes for concern by non-USA people. Their website isn't compliant with EU law (on several counts), even after setting a UK city as the location - and their help pages are clearly USA only.

1
0

Brit teen who unleashed 'biggest ever distributed denial-of-service blast' walks free from court

SImon Hobson
Bronze badge

> Given the rest of your comment, it appears you don't know how a DNS amplification attack works.

Have an upvote for that.

And IIRC (could be wrong, might have been another reflection/amplification attack I'm thinking of), at the time BIND was only just getting rate-limiting as a feature - I think it was there but hadn't filtered through to all the distro-specific packages yet. If the package you are using doesn't have rate limiting, then that does make such attacks hard to mitigate.

0
0

UH OH: Windows 10 will share your Wi-Fi key with your friends' friends

SImon Hobson
Bronze badge

Re: Slightly misleading

> only applies to PSK networks

AKA pretty well all home networks, and a very large proportion of small business networks

> the "friend of a friend" sharing appears to only happen if you manually give your friend the password instead of sharing it with them via Wi-Fi Sense.

Since I don't have a Windows machine, and if I have a Win10 VM it'll have this turned off, that's the only way I'll be giving people the password. Hence, I'll now have to check everyone's device (can't ask them, as per previous comments the vast majority of users will have no idea) to make sure this is turned off before letting them join.

Still, I was planning on setting up a 3 (at least) way network - one for me and trusted devices, another for any IoT stuff I let in the house, and a 3rd for visitors.

0
0

VPNs are so insecure you might as well wear a KICK ME sign

SImon Hobson
Bronze badge

Re: Do the users of these services care?

I think the point is not that these services can be insecure - as you say, for many people the geo-location thing may be all that they are bothered about. But there will be people using them who are reading the vendors hype, thinking they are more secure than they actually are, and therefore exposing themselves to "danger"* - perhaps to "danger"* that they wouldn't accept if they knew the truth.

* Whether that danger is just a matter of remaining anonymous on a blog, through to cases where it could really involve personal physical risk.

I would hope that people where "danger" actually meant real physical danger would take more care, but as we all know, many people really have no idea about technology, and even less knowledge about how to assess the security of a VPN.

0
0
SImon Hobson
Bronze badge

Re: @Sebby - Why did the IPv6 rollout have to be such a mess as to encourage these problems?

> Actually because real-life companies (banks as an example) have critical mission systems and other tens of thousands of host running just fine on their internal IPv4 networks

But the point is, they don't have to change their existing internal networks if they don't want to. They can continue using their existing IPv4 allocations, or use RFC1918 addresses.

But the pubic facing systems are a different matter - these are all relatively new (how many banks have old online banking portals ?) It's quite possible to upgrade the public facing portals while keeping IPv4 only on internal systems.

And while we know that many of the internal critical systems are old, IPv6 has been around for something like a couple of decades. It's because people have stuck their head in the sand (or up their backsides) for a couple of decades that we are in the current situation and still talking about methods (carrier grade NAT, where's the barf bucket ?) to try and keep IPv4 going - and often it's the same people putting effort into this that are still dragging their heels and trying to pretend that the rumbling noise they can feel through that shiny bit of metal they are standing on really isn't the IPv6 train coming down the line.

0
0

French Uber bosses talk to Le Plod over 'illicit activity' allegations

SImon Hobson
Bronze badge

> Certainly in the UK, the normal driving license does not cover you to drive "for hire or reward"

Actually that's not correct. A normal Group B licence will cover you for driving a taxi (as long as it has 8 or fewer passenger seats as required for Group B vehicles).

> you have to get a PSV licence for that

AIUI there is no such thing. There is however a licence class (Group D) you need to drive a bus (Group D1 is a minibus with 16 or fewer passenger seats, Group D is a bus with more than 16 passenger seats).

Those of us who probably now qualify as grumpy old men will have got Group C1 (light goods up to 7.5t) and D1 (minibus), plus towing rights (+E) for those and Group B. New drivers don't get those groups and need additional tests for any of C1, D1, B+E, C1+E, D1+E - with IIRC some concessions along the lines of pass X+E and you can have Y+E as well, but I don't recall the details of that.

> I would guess that strictly speaking most Uber drivers in the UK are illegal as well

Yes, but not for licence issues - it'll be the "hire & reward" bit which they won't have insurance for. No standard domestic policy includes H&R without a significant extra premium - many don't even cover commuting without it being specifically asked for (as a "commercial use" extra).

They'll also probably fall foul of the requirements for running a H&R vehicle - which IIRC (I had a mate who did it for a living) included things like a 6 monthly MoT test which was less "pragmatic" over minor issues than most regular tests.

1
0

Courtney Love in the crossfire! Paris turns ugly over Uber

SImon Hobson
Bronze badge

Re: So what will happen...

> Apparently many Uber drivers continue to operate, now illegally, and little or nothing is being done by the authorities to stop this activity.

That seems to be the key issue.

Uber can complain all it likes - but it should, like everyone else, obey the law as it stands now. OK, if they don't like the law then petition to get it changed, but the law is as it is and they should obey it.

What should be happening is the authorities clamping down, arresting and charging any drivers found flouting the law - and drag in Uber as facilitating that illegal activity (conspiracy to commit a crime, assisting an offender). Even leaving aside whether Uber itself is legal, I bet an awfully large proportion of it's drivers don't have the right insurance etc - so they can be had for that alone, and again Uber as an accessory unless they can show (which they won't be able to) that they've taken all reasonable measures to vet their contractors for legality.

0
0

BT: Let us scrap ordinary phone lines. You've all got great internet, right?

SImon Hobson
Bronze badge

Re: Don't get ADSL at all

> I seem to recall that dial-up at 28.8kbps ticks the box

I thought it was 1200bps as the only "guarantee" they provide of data service, but it is a long time since I last had that quoted at me.

0
0

10 things you need to avoid SNAFUs in your data centre

SImon Hobson
Bronze badge

And there was me thinking that the rules for cables are :

Never use a 1m or 2m cable if a 5m one will do, better still, use a 10m cable to go 6U up the rack.

Use different coloured cables - but always use different colours than what the site standard specifies for that function.

For bonus points, having used excess length of the wrong colour cable ... fold up the excess length and stuff it into the cable management bars (if there are any) so as to make tracing all but impossible.

The exception to this is of course servers, of the "roll out on rails" type. Then you always use the shortest cables possible (even to the extent of running them diagonally from socket to inlet) so that the server can't be rolled out without the cables pulling out the back. Cable management arms intended to manage the cables on roll-out equipment should of course be discarded during installation.

So there's a no 11 to add to the list. Before rolling out a server at the front, check that the cables will allow you to do so. It's "a tad embarrassing" to roll a server out and have it go quiet when it's about 1/3 of the way out <sfx: whistles into the air while trying to look innocent>

1
0

Ecobee3: If you're crazy enough to want a smart thermostat – but not too crazy – this is for you

SImon Hobson
Bronze badge

Re: On your next review...

> although if it makes you feel any better they are a Canadian company

That doesn't mean they can't disappear or decide to stop supporting it.

The big issue with anything that relies on cloud to make it work is "what happens when that support goes away" ? Does it have a local fallback, or does it stop working.

Even big names can dump their customers - just ask anyone who bought a Zune !

0
0
SImon Hobson
Bronze badge

Re: Not for brits

@ Gordon 10

> firstly I don't shower at the time someone is doing the washing up.

Lucky for you, some do.

> Secondly most modern high flo combi's solved that problem years ago.

Only by using ever higher power outputs - ie installing boilers that are grossly over-sized for what they do most of the time. I did measurements in my flat after fitting a thermal store ...

With daytime temperatures hitting the heady heights of "not still freezing" the flat took an average of about 2kW total to keep it "comfortable". The combi (which now is only used as system boiler to reheat the store) is nearly 30kW for a p**s poor flow rate (start filling the bath, go back and watch telly, and hope it's filled before it's gone cold) - with (for this model) a minimum range of just under 10kW. So the boiler (on minimum output) is around 5 times oversized for average load when heating. Yes, modern boilers have got "better", but they are still crap compared with a decent stored heat system.

@ Jon 37

> Thirdly - get a thermostatically controlled mixer shower, then when someone turns a tap on the shower stays the same temperature, but the flow might reduce a bit.

A bit ! Try "down to a dribble if you're lucky".

@anothercynic

> Getting your heating engineer to install a boiler that will give you hot water at mains pressure in the shower while your dishwasher *and* washing machine run is not always easy, but it's better in the long run.

No, it's a darn stupid idea. You'll have to fit a huge capacity boiler, it'll cost you a fortune (capital, maintenance, and running costs) compared to one that's even vaguely sized to the heating load, and it'll be somewhat inefficient when running the heating.

A 30kW combi will still only give you a "modest" flow rate, but unless you have a big house it will be well oversized for the heating. If you do have a big house where a boiler that ranges down to perhaps 8 to 10kW is suitable, then your house is most likely too big (too many people) for a 30kW combi.

@ AndrueC

> Or get an electric shower.

Then you can imagine what it feels like to have someone stand over you and give you a "golden shower" such is the flow rate vs temperature trade off. Most combi boilers are around 30kW and upwards, which is enough to run a decent shower and (with care) a small flow from one tap. Most electric showers are in the "up to" 11kW range - with many significantly smaller.

Something else while the subject is efficiency ...

While there's the same "flushing the cold water out of the pipes" wait as you get with a stored heat system, with a combi you get either another delay (so wasted water) or wasted heat. At the same time I did the measurements in the flat, the house next door was empty so I could do a direct comparison. With the heating off, and no hot water being used, the combi in the house (a fairly modern one) used TWICE the energy keeping itself hot and ready for hot water as was lost from the thermal store in the flat. That's with the boiler firing up from time to time to keep the DHW heat exchanger warm - yes you can put it in eco mode and stop that, but then it takes longer to produce hot water (you can even buy an (expensive) valve designed to restrict the hot flow until the boiler is hot to mitigate this wastage of water while waiting for it to heat up.

Summary - combi boilers are expensive, complicated, unreliable, and inefficient. When, not if, they break down then you are left with no heating or hot water - unlike flipping on the switch to use the electric immersion heater a stored system allows you to have for backup.

But builders/property developers love them because it allows them to shave about 1 square meter of the space needed in a dwelling.

2
0

Webmail password reset scam lays groundwork for serious aggro

SImon Hobson
Bronze badge

Re: Um... Not quite as easy...

But think about all those data leaks we keep hearing about. Just suppose it's nothing more than the basics that gets lifted in a hack (so people go "meh, no credit card numbers"), just think what this scam could do with a list of names, email, and phone. Once you have access to the emails, then you probably have access to the users postal address and lots more just by reading their emails.

3
0

Downing Street secretly deletes emails to avoid exposure to FOIeurs

SImon Hobson
Bronze badge

As you say, it's not necessarily the best medium for a lot of things.

BUT it is used for a lot of things, and what is said in emails can often be very important - hence why there are some very good (and expensive) systems whose sole purpose is to maintain all emails in a retrievable form. They are also admissible as evidence, and are an acceptable form of contract, and in law are considered a letter for things like the information required by the Companies Act to be shown on business letters.

Even without the comments that it made work very hard, I absolutely do not believe for one second that important stuff wasn't dealt with by email, and that important decisions weren't arrived at via email exchanges. As such, for an organisation like No 10 there is little (if any) valid argument for not having an "archive by default and delete only what's justifiably not important" policy.

0
0
SImon Hobson
Bronze badge

Actually it is more than just "a feeling of wrongdoing" ...

If you study much of the verbal diarrhoea that come out of the cabinet (especially during the Tony B Liar years, and especially from certain Home Office ministers) then the rule is that they clearly would only have done this if they had something to hide. It was a common theme that no-one has any reason to worry about privacy unless they had something to hide.

So it's clear, by their own logic, the only conclusion we can draw is that they did have things to hide. And what's more, we've found out since then that there were indeed "goings on" ...

EDIT: And aren't there any government rules on retention of official documents ? Surely those responsible for instructing for this to happen should be charged for breaking those rules ?

21
3

At last, switching between rubbish broadband providers now easier

SImon Hobson
Bronze badge
Facepalm

Re: Not so easy to switch ...

> I don't see any provision for the old ISP to forward web requests or email for that matter ...

Indeed, I'm sure the hassle of changing email addresses is why the big providers are happy to provide an email address tied to their account. It amuses me when you see businesses (sometimes not very small ones either) still using an ISP specific email - especially when they've got their own domain name (they have the web address there as well).

But yes, I see a bit of slamming going on here ...

One thing I do worry about that's just come to mind ... How many people manage things like phone and internet on behalf of friends/relatives (eg an elderly and not very tech savvy relative) ? At present it's hard for them to accidentally agree to something as they'd not be able to get the MAC - but it seems they'll be able to fall for any old sales waffle from tomorrow. Hmm, must mention that to a couple of people - FFS don't buy any internet or phone service without asking me.

It's bad enough with the old trick many ISPs have (TalkTalk is definitely one of them) who each time the fixed term comes up offer you something "free" - 18 months ago it was a "free" new router for my SO. Of course, what they forget to mention is that they are also signing you up to a new 18 month contract. I'd been waiting for that to expire, then I get home and blow me - she's only agreed to another "free" upgrade with another 18 month contract.

That got cancelled, but not without a hard sell. Mind you, when I made it clear it was the new 18 month contract, the guy did back down. Offered me 12 months, the tone of my instant "NO" must have been a clue as his next statement was agreeing to cancel all the changes ! So now I can switch when I've sorted a couple of things out :-)

0
0

Client-attorney privilege up for grabs in Google fishing trip

SImon Hobson
Bronze badge

> The fact the lawyer firm is crying foul suggests that there is a fire to be found

I disagree here.

Put yourself in the position of being on the receiving end of some charge - so naturally you take legal advice etc. You reasonably expect whatever you discuss directly with your lawyers to remain between the two of you. Would you really (and think carefully) not "constrain" what you say if you thought that the discussion was not going to remain confidential ?

What Google are doing here is basically claiming that something bad is going on, with no evidence whatsoever. They are then demanding huge quantities of material, lots of it irrelevant, and lots of it covered (normally) by client-counsel confidentiality.

It's the equivalent of you having had some conversations with a solicitor, and then someone coming along and demanding your solicitor tell them what you discussed so they can see if there's any grounds to sue you.

There are good reasons for the concept of client-counsel confidentiality, and the same for patient-doctor confidentiality.

Now, if Google were asking for a limited set of documents, on a limited range of topics, and not including client confidential ones - then I'd agree with you. But they aren't - this is an outright fishing trip designed to try and find something to justify the fishing trip.

1
1

EU MEPs accept lonely Pirate's copyright report – and water it down

SImon Hobson
Bronze badge

Re: “The commercial use of...

> ... in the UK, if you're doing commercial filming, you have to get the necessary permissions ...

That's an entirely different and unrelated set of permissions - and the same is true in most places I expect. I've heard that in New York they actually have a whole local government department dedicated to dealing with film makers etc - ie dealing with the paperwork, arranging road closures, and so on (they see it as an important positive thing to have films and stuff made there). I suspect that in London they have a range of departments, none of them dedicated, but all of them doing their upmost to get in the way ! But I digress.

The difference is, if you want to (say) film along Oxford St, you need permits for that, permission to close the road, security, and so on. What you don't need is copyright permission from every shop with a frontage along there. The rule as written would mean that any single shop could refuse to allow you to include any image of their frontage - and sue you for copyright infringement if you did include an image.

As pointed out, an aerial shot of London would include one heck of a lot of landmarks - and you'd need permission from the owner of every one of them.

It would make things like this completely impractical regardless fo budget

http://www.theregister.co.uk/2013/02/21/bt_tower_360_panorama_london/

5
0

Phone hacking blitz hammers UK.biz's poor VoIP handsets

SImon Hobson
Bronze badge

> Use MD5 or SHA1sums or whatever

You don't need MD5 or SHA - they impose a limit on the length anyway. On a GNU/Linux system you have a source of random data to hand and can do something like this :

tr -dc '[0-9A-Za-z] < /dev/urandom | head -c 20 ; echo

"0-9A-Za-z" is the list of characters to allow (edit to your preference), and the 20 is the length you want.

0
0

Vodafone hikes prices to 37.5p/min – and lets angry customers flee

SImon Hobson
Bronze badge

Re: Whooooosh!

> what happens to the phone

Interestingly, when my SO got a new phone (from O2) not long ago, the phone itself was on a completely separate finance agreement. So it looks like the operators are wising up to this one.

If it's an "all in one" agreement that includes the service and phone then you can keep the phone without paying any more. If, like my SO, it's on a separate agreement then you'd still have to pay for that.

3
0

Google – you DO control your search results, thunders Canadian court

SImon Hobson
Bronze badge

Re: Another bad law/ruling

> 1. Google does not operate in Canada.

Are you sure - because if Google thought that, they could have just told the court to sod off. The fact that they bothered to run up suggest that they do in fact have some presence there.

> 2. Injunctions are filed against people who actually break the law not third party individuals who have nothing to do with the actual crime.

Wrong again. If Google provide links to the criminal's sites then it is assisting the criminal. Here in the UK there is a specific offence of assisting an offender - so if you know someone committed a crime and don't shop them, you are guilty of a crime yourself. You don't have to have had anything whatsoever to do with the original crime itself.

I imagine Canada probably has something similar.

But if you read the article, you'll see specific reference to not imposing extra-territorial orders in general. In this case, the court decided that it's highly unlikely that any other jurisdiction would be "offended" by the imposition of an order who's sole purpose is to interrupt a criminal activity which is probably an offence even in China.

2
0

Don't panic. Stupid smart meters are still 50 YEARS away

SImon Hobson
Bronze badge

> What have I missed in the last 7 years?

Not one of the ones being talked about here.

I don't think many people (myself included) would be concerned too much if all the meter did was aggregate usage and basically transmit the register reading(s) ever so often (though I would be unhappy at every day).

The problems with the "smart" meters is that they transmit much more data than is actually needed using the "because we can" principle. To provide billing does not need readings for every half hour of every day ! All that is needed is a total over some period of usage at each rate that is charged.

The meters are designed to support having 48 different charge rates during a day, and to vary that by day, and to allow it to be changed remotely with next to no notice. In effect, if "they" think the country is going short on generating capacity then the first step is to hike the price to something stupid (think 50p/unit) for the next few hours - and it'll be down to the householder to realise and not use power (sorry dear, I know you've had a hard day at work, but we can't have dinner yet as we can't afford to use the oven).

And if that doesn't work, then they can remotely turn off your supply. As already pointed out, no we don't have any faith that the big suppliers won't "cut off first, argue later" when there's a "disagreement" over billing.

And of course, apart from the privacy issues when the usage records database gets hacked, it'll be fun when the control network gets hacked and meters are put onto stupid rates and/or half the country gets turned off at random !

2
0
SImon Hobson
Bronze badge

Re: ??@ adnim

> The only real benefit of smart meters is that we think that they'll greatly reduce the number of estimated bills ...

But just remote reading of a normal register would also do that. No need whatsoever for sending back individual consumption figures for 48 periods per day.

Those of us who didn't fall for the propaganda know exactly what they are for - and it's not remote meter reading, that's just a nice incidental benefit !

The real function is load side demand management. It's carefully not really talked about that the real reason is to be able to hike prices when demand is more than supply (like long cold spells when the wind isn't blowing (think December 2010)). And if that doesn't work, to start cutting people off - like in the 70s but on a more granular basis.

As for the "get your machine to do the washing at 2am" story - nice idea, run machines that are known to be an above average fire hazard in the home while people are sleeping, and of course if you don't live ina detached house, f**k the neighbour who's trying to sleep while your washing machine is rumbling the ceiling of the flat below.

6
0

Scientists love MacBooks (true) – but what about you?

SImon Hobson
Bronze badge

> When did that forcing happen? Sure, Apple wants everyone to go cloudy, but I choose what to keep local and what in which cloud.

OK, I'll bite.

It started in earnest with version 10.9

Before then, you could sync an iWhatsit or an Android device locally. Doing this (for contacts and calendars) requires Sync Services which was a standard service for "a long time". In 10.9 Sync Services were quietly dropped on the basis that "everyone syncs their iWhatsits via iCloud" (and an inference that users of other mobile devices don't exist and/or don't matter.)

There was a big backlash against it, so Apple actually had to backtrack - so being able to connect your iWhatsit via USB cable and sync was restored. Sync Services as a whole wasn't, so "Missing Sync for [ Android | iPhone | Blackberry ]" became useless and has been dropped as a product for new purchases.

It's what's keeping me on version 10.8.

0
0

Apple extends idiot-tax operation, makes devs pay to fix Safari snafus

SImon Hobson
Bronze badge

> This just feels like a huge kick in the face from Apple

As far as I can tell, that's normal if you deal with them. I've seen a few businesses where they've been doing OK, then Apple pulls the rug out. In some cases it's because Apple have seen that they've got a nice little market and release their own product (often bundled so all users get it which means few will buy anything else), or in the latest case (which applies to a piece of software I use) they've just dropped sync services from the OS because "everyone uses iCloud".

Well I'm not ****ing using iCloud, and it's a right ****ing PITA trying to sort out alternatives for what the one piece of software used to do. The vendor has been forced to drop their main products.

1
0

Israeli firm gets legal on Indian techie over ISP ad injection spat

SImon Hobson
Bronze badge

Re: Bharti Airtel and Flash Networks

> That is theft, plain and simple

Not necessarily - plain and simple ;-)

If Indian copyright law is similar to UK copyright law then it's probably not in any way against the law. There are specific exemption from the "though shalt not copy without permission" for things like critique and comment.

Without having looked, I assume he blogged along the lines of "my ISP is screwing with my web pages, look what they are stuffing in", in which case including at least part of the code would be "fair commentary" - and if the code is small then "a small part of it" could well be "all of it".

1
0

Page:

Forums