* Posts by Lee D

780 posts • joined 14 Feb 2013

Page:

Abort, abort! Metal-on-metal VIOLENCE as Google's robo-car nearly CRASHES

Lee D
Silver badge

Re: Road Network

Just wait until you get LACP - and then they divide each passenger between several cars going down all the lanes of a motorway.

4
1

Warning flags were raised over GDS farm payments system – yet it still failed

Lee D
Silver badge

Re: Why do government projects fail?

@amanfromarse:

I wasn't aware that GDS built their own computers, wrote their own software, etc. rather than called in various vendors to bid for the options provided? Like, say, Kainos mentioned in the article? Not to mention those other "third-party suppliers" who had to co-operate to get the integration working.

Just because it goes via GDS doesn't make it immune to the basic bidding process.

This is a system for 300,000 farms, some of which will be jointly owned. At best, that's £500 per end-user. That's a disgrace, and they may as well just process them all manually and pay a guy £500 to do a week's paperwork for each of them (not counting what it costs the farmers to fill this out, hire advice, etc.).

4
0
Lee D
Silver badge

Re: Why do government projects fail?

Because the company that gets awarded the contract makes a lot of money even if it falls flat on its face and achieves nothing else.

And the ministers that approve such contracts allow that to continue, with clauses that require payment to those companies even if nothing comes out of it.

And the reasons for THAT, are that being in a position to choose a random company to allocate £100m to allows you to dine out very well for many months of "negotiations", then give the contract to your brother's next-door-neighbour, who'll somehow work out a way to give you 10% of it back once the fuss has died down.

You think the Academy programme is about getting better schools? It's not. Every contractor, sponsor, and supplier involved in an Academy will be putting a little something somewhere. Think that "superheads" running these places are independent and have no declared interests? Think again.

Extend to the NHS where it can cost £16 for a pack of AA batteries and you can only use "procurement-approved" suppliers.

I speak from experience on the schools and from my girlfriend's experience on the NHS. It's not hard to extrapolate to the larger government organisations at all (military, banking, etc.)

8
1
Lee D
Silver badge

So is Government honestly trying to tell me that if we got 150 IT experts together, paid them a million pounds each to work on what was effectively a website with payment system, for a year, that it would be impossible (or even unlikely) to have got a better system?

If that's NOT what they're saying - then why didn't they just do that? And you'd have £27m left over to actually supply the hardware for the first year or so of operation.

That's just a ridiculous amount of money.

14
0

Cambridge boffins: STOP the rush to 5G. We just don't need it

Lee D
Silver badge

Both.

Provide coverage now, but keep ever-increasing speeds in mind.

Don't be blinkered and think that 2G-ing that out-in-the-sticks deployment is all you'll ever do to it... get into it being the nature of the business that you want everything using the same equipment with the same capabilities. Bring in those out of the way areas using 4G now, yes, that's first.

And then when you are 4G everywhere, then you can go to 5G everywhere. Don't make the mistake of thinking that going 5G in London and 4G everywhere else is acceptable on anything more than the short-term.

That place you're having trouble wiring out in the countryside? Do it once, do it right, make sure it's future-expandable.

I think that a central push for coverage will just 3G everyone while those in the cities are on 5G, 6G or whatever and they get left behind yet-again.

And I'm saying this as someone who has always lived and worked in and around London.

Stop having second-class customers at all - give them all the same service and get more of them into your company by expanding into the empty/quiet zones.

But it will never happen like that. How many billions did the 4G auctions make?

2
0

Cisco in single SSH key security stuff-up

Lee D
Silver badge

Re: Suggestion

I don't get the fascination with Cisco routers outside of the datacentre.

I have to say, on the shelf next to me are several Cisco routers that I have refused to install after the various faffing with firmware, closed-off configuration tools that you can't download without support contracts, lots of updates pending on them, hideous configuration methods, etc..

My network, there are Cisco switches and wireless points throughout. They are much nicer to configure because they're aimed at doing so but they're entirely different beasts.

The incoming leased lines etc. all have ISP-managed Cisco stuff that they claim they need on our end for failover, remote configuration, etc. They do nothing more than an Ethernet switch or fibre-convertor would, from what I can see.

But on the boundary, between the two - at our interface between "lots of third-party junk and untrusted Internet" and "trusted internal network that we need to secure", we actually use Linux-based stuff (Smoothwall).

I'm sure if you're an ISP they're great, but I never see anything but people struggling to configure them and keep them up to date and patch against ridiculous things. The failover protocols they use aren't complex or unique in any way.

And no amount of fancy ISP kit disguises the fact that their supplied devices take a fibre or Ethernet at one end and push it to an Ethernet at the other end and do NOTHING to it in the meantime. Some of the configurations that you can pull from such kit (if the kit even ALLOWS you to pull configs back) are so basic as to be worthless. They have to forward all traffic, the incoming fibre/Ethernet only has a limited IP range anyway, it doesn't stop any kind of DDoS or unsolicited traffic coming in (I wouldn't want it to, they'd just break things), it doesn't do any kind of firewalling (my internal router still sees gratuitous attempts to ping, malformed packets, SYN-floods, etc.) and the only "fancy" thing is some HSRP or whatever it's called to let one router ping it's partner and failover if something is amiss. I've literally got ISP-supplied routers here with an IOS config that I could fit in a small screen on notepad. At one point I assumed it was for protecting their network from bad traffic from us, but that doesn't even seem to be true either (and, surely, a Cisco on their other end is their protection against that - I could swap out the in-and-out cables on their routers here in a trice).

I always wonder why they bother for the majority of business lines compared to just "And this is your incoming, unfiltered Internet cable" and leaving it at that.

Last time one of them had to configure a Cisco router, it came pre-configured from the ISP, then needed five engineer visits before it would pass a bit of traffic, then was sent back twice, then had to be manually configured in person on-site (at our insistence) by the head of the technical support, and then they would not configure it for our site needs (e.g. port-forwards, etc.) or license us for the tools to configure it via the GUI (only via telnet in IOS syntax), so they just left it at the point we'd need to put another router on the end of it anyway, That one's still on the shelf beside me, and I just plugged the unfiltered connection into our Linux-based router instead.

I worked for some years on Freesco - a project designed to make a single-bootable-floppy Linux router that run on any PC with network cards (or modems or whatever). It was back in the dial-up, 10Base2 days, but even back then I used to use it as it was more powerful - coupled with some junk of a PC from the rubbish heap - than anything the fancy expensive Cisco routers could manage. pfSense etc. are it's logical successors nowadays but I still battle to find out quite what people expect to get from a Cisco router with only an "in" and an "out" Ethernet port that they couldn't manage with required downstream devices themselves anyway.

3
1

BT: Let us scrap ordinary phone lines. You've all got great internet, right?

Lee D
Silver badge

Re: Landline number

Type in zeroes.

Seriously, any online form that assumes you have either a landline or mobile telephone and won't let you continue without it is not a place to do business with.

(If I were malicious, I'd say put in a number starting with an directory enquiries or similar prefix, so when they dial it to sell you stuff they end up costing themselves money - do not be an idiot and use anything that starts like the emergency service numbers, however).

Oh, and name and shame such places.

0
0
Lee D
Silver badge

The logical conclusion is that, sooner or later, everything will be IP.

Virgin services are IP, effectively, over cable. TV, phone, Internet.

Almost all businesses and schools are moving to IP in-house. They are investing in wireless and Cat6 and it's stupid and pointless to not use it in preference to some cheap 4-core run by the latest yahoo working for BT. And if you're using the same cable, might as well make it IP so phone, printer, computer, WAP, CCTV etc. can all co-exist and you can just branch from it as required.

They are moving towards SIP trunking (to save on line rental and international costs, if nothing else).

IP is the inevitable solution to all these things. If your system isn't IP-capable, you need to start moving onto one that is.

So changing the USO to be "we must you give a way for an analogue phone/fax to work and a way for an Internet connection to work" seems to be quite reasonable, to be honest. The current USO is literally never going to see expansion past that necessary to provide some crappy 56k copper out in the sticks, so might as well change it to an IP USO and let people get the same end-result using other, more easily deployable, extendible and shareable technologies. Things like fancy alarm systems that can't work over such analogue->IP convertors should die. You shouldn't assume your copper line can do ADSL of any speed, so losing ADSL frequencies on the master phone socket isn't a problem, SO LONG as there's an IP alternative of some decent speed.

And then you're doing what Virgin do. One cable to the whole street (rather than a plethora of telegraph poles), joint onto it as required, encryption and shared access using DOCSIS such that you can't interfere with the neighbours, and then pull off IP, telephone and even television as you need it. And because you're only going 100m or so, you can put stupendous speeds down it (e.g. standard Cat5e will give you Gigabit even on a homebrew version of this!).

I don't see why not. But the proviso is exactly that - you can substitute the USO only where you provide an equivalent (or damn close to it) IP service. And the USO isn't allowed to change in terms of call quality, uptime, dialling costs, etc. one iota towards the negative.

To be honest, I think that's a forward step.

The problem is that BT will then run a copper, put ADSL on it, then run your phone line over IP on it, and still cock it up because that's the equipment they have and want to get rid of.

1
2

That shot you heard? SSLv3 is now DEAD

Lee D
Silver badge

Unlikely.

TP Online are still vulnerable to a vast range of ancient attacks for years and nothing's been done:

https://www.ssllabs.com/ssltest/analyze.html?d=tponline.co.uk

(Hell, it still supports SSL 2.0! That's possibly the lowest score I've ever seen in my life on SSL Labs!)

The instructions given still MUST be completed in IE 7 or above (and you can't use anything but XP or 7), the process is a faff, the signup site still gets validation errors in every other browser, and at the end of it this is used for vast amounts of Teacher's Pensions and (in some cases compulsory) security checks for teachers nationwide and has for many years, unchanged (the instructions they supply have not changed for 3 years at least).

The site is backed by BT TrustWise, Symantec, etc. and has been unchanged for several years.

4
0
Lee D
Silver badge

Great.

Can someone tell banks and places like TP Online whose instructions state that you have to use IE ("7 or above") and that you have to have SSL 3.0 enabled, and that you have to download your ultra-secure client certificate to use with the service via an SSL 3.0 webpage that fails verification in most modern browsers anyway, and only with that cert installed in your personal trust store can you connect back to their website in order to log in with credentials anyway and do things like, say, pay Teacher's Pensions or do List 99 checks on staff.

Cos that would be great.

12
0

Privacy advocates descend on proposed domain name change

Lee D
Silver badge

Re: It's called DotCom for a bloody reason.

Companies are required only to give you their head office name and address. NOTHING else. The "particulars" as they are known.

The guy behind the counter does not need to give you his name at all. His company might say that but they are under no obligation to at all. There is no legal requirement that he show YOU his qualification certificates or allow you to ask his university whether he is actually a pharmacist or not. He doesn't have to give out his phone number or home address to anyone who walks up.

The ONLY details that *you* are legally able to get off him without a court order are the company details of the company he works for. That's it. You want any more, you have to ask a policeman or court to obtain them unless he gives them up voluntarily. However, if there's a grievance, you go to someone who DOES have that capability.

There is no requirement for him to publish his name, address, home phone number, personal email address etc. and put it on a placard at the front of the pharmacy and publish it online. None. Because it's HIS. Even if he's a sole-trader - unlikely - he doesn't need to give that information to YOU, nor to every single person who looks. Market stall holders do not need to tell you their home phone number, even if you demand it, without a court order. They have to give it to police / courts on demand, of course, but that's always an available option via places like ICANN and proxy companies anyway.

Not everyone with .com is a business, not every business is a company, not every guy selling crap out of his loft via his own domain will want to register as a company just to stop you getting his home address.

So, please stop talking rubbish. You're inflating what a company is required to do with what a sole trader, private individual selling goods on eBay, or random person with a Donate button on their website would be required to do.

And .com might have originally meant commercial but it also meant INTERNATIONAL / stateless commercial (that's why the regional descriptors are there, but we're supposed to be .gb anyway, not .uk) - so anyone with a .com who doesn't trade internationally should be thrown off too (bye bye askmid.com, the official UK government place to check if you're on the motor insurance database), and .org should be non-profit organisations, etc. but NOBODY has ever enforced any of those restrictions ever. Because they aren't binding, only a recommendation. There's nothing that says they will take your .com away just because you're not a commercial entity or vice versa.

(P.S. I'm sure you don't use 90% of online websites, then, if you don't use proxied-whois.)

3
3
Lee D
Silver badge

Re: um...

Sole traders.

Indie game makers.

People who take chips out of old ZX Spectrums and sell them on via Paypal for a couple of quid a time.

eBayers

People who use Etsy and put their stuffed animals on their website.

Cam-girls (private individuals selling videos)

A small pottery down in Somerset which is a one-retired-man operation to keep his hands going.

Random political blogger / whistleblower who wants to not have to publish a name to put information on his domain.

I can think of any number of private individuals, and especially some who DO NOT want their personal data sitting on their domain name, that won't be registered companies but might well come under these restrictions.

For most of them, just the cost of registering a company would be prohibitive compared to what they bring in in a year via that activity.

But, ignoring all that, my personal data is my personal data. Under EU law, you have to have a need to be able to disseminate that. Giving Joe Bloggs on the other side of the world my home address, on demand, just because he asked is not a reasonable use of my data. Sorry, but it's not.

And companies are EXACTLY the type of people who should be forced to give them information, and personal users the ones not to, not the other way around.

9
1

Wake up, sheeple! If you ask Siri about 9/11 it will rat you out to the police!

Lee D
Silver badge

Re: Depends...

"On how Siri is activated. It may well be that the phone's owner is in some way incapacitated, and shouting to siri is their last recourse."

God, I'm dead.

No voice recognition that I've ever used even gets close to understanding what I say, no matter how many times I repeat, how much I improve my diction, or how slow I speak.

Seriously.

Hilariously, however, my Apple-mad colleague happened to discover that saying "Call <name>" in any conversation automatically unlocks your iPhone and starts dialling their number and then SILENTLY puts the call through to you and the caller can hear you and you don't even know you've rung them.

So you say "Did you call Fred? That absolute (&(£*"&$ of a man, what a moron, why doesn't he grow a pair?" etc. with your iPhone in your pocket and Fred gets to hear it all.

He found some option later, but he was as shocked as anything to discover that was the default on his flash iPhone while all us non-Apple people sat there and laughed at him, and that his iPhone was listening 24/7 even when locked for the magic words "Call <whoever>" and immediately acted upon the command.

Fortunately, Siri is so bad at understanding voice with even the slightest background noise that he never actually managed to activate it himself until he read about it and started testing his phone directly which he was convinced it wouldn't work on.

13
0

June 30, 2016: The day the US will hand over control of the internet

Lee D
Silver badge

Yeah, cos that's not a forced backronym.

1
0

Assange™ celebrates third year in Ecuadorian embassy broom closet

Lee D
Silver badge

Involve just one met-retained lawyer who's familiar with embassy-based international law and you can spend 90% of that in one question.

6
0

Pew, pew, pew! Sammy shoots out updates to plug mobile keyboard snooping bug

Lee D
Silver badge

Your devices getting updates depend on your carrier re-jigging them and pushing them. Blame your carrier. This is why Kies works - because that's the Samsung update mechanism. Samsung have no direct control on if/when/how your carrier pushes published updates to your phone.

Security policy updates are pushed all the time, however. It's an option in the menus for Samsung Android devices. It happens in the background and - I believe - is basically SELinux profiles.

That the device does not update from non-Windows? That's an issue but that's true of basically EVERYTHING. Try and reinstall/update/unlock an iPhone from anything other than a Mac, for instance.

2
1

MILLIONS of broadband punters aren't getting it fast enough – Which?

Lee D
Silver badge

Re: Does Anyone Use this capacity? I'd love it!

The Watford area is quite bad. I have just put in a huge leased fibre into a school around there because, generally, the ADSL/VDSL is so atrocious.

After two ADSL2 lines were deemed inadequate, we moved one to a VDSL. Promises of "up to" 75Mbps. We get 45Mbps at the property boundary (according to the engineer). 30Mbps by the time you get it somewhere useful. Our actual, usable, Internet-measured speed was 15Mbps at best.

And BT took years to try to get a leased line to us and then decided that the exchange was inadequate so delayed more years. We cancelled.

0
0
Lee D
Silver badge

I don't know about this survey, but SamKnows does an awful lot of broadband monitoring. I know, because I have their kit in my house. And they supply that data to government, and probably places like Which too sometimes.

Basically I have a box that tests everything from download and upload speed to RTP packet jitter to DNS reponse time, you name it, throughout the day. I get a fancy little summary at the end of each month with pretty graphs going back years. If nothing else, I keep it because a) I know what it can and can't do (it's VLAN'ed off from my LAN and I can monitor its traffic using my router if necessary), b) it doesn't hurt my connection at all, c) It's nice to know that I am getting what I pay for at the top end even if sometimes I swear about "the connection" being slow (probably just my clients/wireless) d) I like to think that my ISP could easily detect I have one of these boxes and given that they contribute to the government statistics on which ISPs are performing and which are not, I imagine they might want to ... ensure my service level is consistent with expectations... ;-P

Plus, at any time now, I can turn it off and I get to keep the re-firmware'd wireless router that it's based on for myself (after the first year).

3
0

MOUNTAIN of unsold retail PCs piling up in Blighty: Situation 'serious'

Lee D
Silver badge

The PC market is sitting on a ton of perfectly adequate hardware. The ones who want to move it are dropping their prices.

Last year, I started at a new workplace and replaced every single PC, it was cheap enough to do and didn't come anywhere near the price of replacing a single decent blade server. For that, I got rid of all the old junk that was lying around, I gave everyone the impression the machines were newer, faster, better (they were, but even what I bought was old models even if it was new stock, the biggest speed advantage came from a refresh and a clean image instead of the old multiply-cloned junk they were using, and they were better because they could all use the same image and "just worked" as they were clean installs of everything), I managed to give away a ton of old machines to charity, and I have a large stock of spares that are perfectly functional and can be slotted into any purpose in a few minutes.

The problem is - I did this more to remove any doubt about the old hardware than anything to do with it being 100% necessary. I bought old models because we didn't need the fancy new stuff. I just needed "shiny, and still in the plastic". As such, I won't be doing the same this year, or next year. Why would I? And, quite literally, the machines were so cheap that I didn't particularly care about replacing every machine on site - and they all came with original manufacturer warranty! Hell, just the spare keyboards, cables and mice they came with actually means I replenished an awful lot of my dwindling stock too.

Soon after, a supplier phoned up to say they had 20-something new machines they wanted rid of - fully boxed, warrantied, etc.. They were so cheap, I just said yes. Literally, that's the only reason I took them. They can use the same image and are pushed out as normal stock for replacements, etc.

PC's don't have a lot of money in them anymore. The money is in laptops (which I fight against because for our purposes they aren't suitable) and tablets (same) and in servers. The servers I have, I spent a lot more money on than all my desktops put together, twice. Probably more than that.

The end-user desktop needs are so low compared to the specs you get that I barely bother to read the specs any more. In my last place, we just pushed out Atom PC's because they were so ludicrously cheap and - literally - nobody could tell the difference. I had so-called "IT expert" staff telling me how fast and wonderful they were and could they have one. It had more to do with an extra couple of gig of RAM in an Atom than the processor power which you can barely notice in most office-type use nowadays.

And Windows 8 made the job easier as it actually can lower requirements. Windows 10 looks headed the same way. We don't need a ton of processing power, just a dual/quad core, plus a bit of RAM, and maybe if we're really showing off a graphics card jammed in there. Again, the cheapest one I can find should be more than adequate - we won't be playing Crysis 7 on them.

As such, those PC's in the warehouse are going to stay there until someone lowers the price. You want to sell PC's, you have to have other angles - service, warranty, software, integration, "packs" of laptop with charging trolleys, buy one server, get 10 PC's free, etc. PC's on their own aren't worth much. If you're paying more than £150 per PC (so call it £300 per seat once you add monitor, software, etc. but even there - why would you buy new monitors until your current flatscreen is inadequate?), you're just throwing money away unless you can justify it. And those PC's will be capable of virtualisation and all sorts themselves (Windows 8 Pro included Hyper-V, remember?).

Business PC's have plateaued. Great for me. I could redo the whole network of client two to three times a year if I needed to. Bad for sellers. They need to offer more than just box-shifting. And none of my suppliers has an interest in just selling me a bunch of PC any more. They are all about "service", "support", "relationships", etc. trying to get me to buy new servers every few months. Fact is, I'm set for the next few years at least, so god knows where they'll be making their money.

15
0

'Oracle, why are your sales f-' CLOUD CLOUD CLOUD, blasts Larry

Lee D
Silver badge

Re: This obsession with growth...

Agree in part but...

Look at all the "constant currency" stuff. In real term, they are making less and less profit every time, and their money that they are holding onto is worth less and less.

Growth needs to match inflation at the very least or you're actually shrinking, not staying still.

Think how that translates to someone who paid, say £1 per share last year. If their shares aren't worth MORE now, they have actually just lost money. And given that banks are holding near-zero interest rates, business investment is one of the few ways to make money again.

And, unfortunately, shareholders are why the business operates, not customers. Businesses exist for the benefit of their shareholders, there are even certain legal wordings and definitions of things like "company" that enshrine that in stone.

As such, the "constant currency" growth is actually a loss, behind weasel words. Shareholders are losing money, which means they'll sell the stock off cheap if things don't improve soon. This will make the company shares worth even less.

Given what they've done to just about every major project they've ever purchased (Java, MySQL, OpenOffice, etc.), I can only wish this to continue and accelerate. But it's still serious and not just a case of "We've got so much money we can just sit around doing nothing for a while".

1
1

Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X

Lee D
Silver badge

Re: Whooooops!

Apple currently still has, on its app store, an app expressly stating that it is intended to be used to "bypass your school filter", etc. It's as simple as installing it, and you get full, free, VPN access to the outside world that's almost undetectable.

Not a huge issue, but there are no real ways to "block" a particular app install even with MDM APIs. You can turn app installs on or off and monitor them, but you can't blacklist an app. If you want to use, say, Cisco Meraki to push apps to your iPads in a school (a very popular choice) you need to have the "install apps" option on, or else you have to manually recall every iPad and do it manually every time.

The only real option you have is parental filtering, where you can block apps with certain age ratings.

The above app is STILL, after several reports, marked as being 4+. Apple have steadfastly refused to do anything about it, as they categorically state that it's nothing to do with them and it's up to the app-makers to decide the age-rating (not much point in having an age-rating, then, really?). This app allows bypass of any and all filters and access to the unfiltered Internet, for free, just by clicking "Get App".

However, Chrome was briefly pulled from the store and recategorised as 18+ because it "allows unrestricted access to the Internet".

Apple don't care about what they are doing, so long as they are making money. They are right and everyone else is wrong, and that's the end of it. And no amount of head-banging against their complaint department, tech support, etc. will do anything to change that at the moment.

19
5

The Register invests in Infrastructure (channel)

Lee D
Silver badge

<sarcasm>Does it discuss how to IPv6 your networks and SSL your website?</sarcasm>

1
0

The NHS pays up to NINE TIMES over trade price for commodity kit

Lee D
Silver badge

Re: Bureaucratic procurement

This is exactly it. And there's no "official" way around it because you can't buy it yourself without incurring the wrath of the procurement departments, and you would never get reimbursed.

Was posting about this on here only the other day - my girlfriends works in the NHS in charge of a lab and has to pay something like £2 each for an AA battery. And gets... an AA battery. Down the road you can get a pack of them for £2, just the same. But you're not allowed to do that.

Somewhere there's a health minister with a procurement company who's getting their percentage on every product and then decrees that you can ONLY go through procurement.

Scumbags.

17
3

LastPass got hacked: Change your master password NOW

Lee D
Silver badge

Re: Say what?

"And my last bloody spam-free email address is now for sale :("

Buy the cheapest domain you can find.

Point the MX record at the cheapest of cheap VPS.

apt-get install postfix dovecot

Then use whatever you want@domain.com - i.e the name of company you give it to - theregister@mydomain.com

Every time you give out an email put it on a whitelist, everytime you get an unsolicited spam, put that company's email in the block list.

And if you want you can just forward all email to another address (or even duplicate it all to, say, a GMail address) for security. Hell, you can make your backup MX be your domain registrar's original so if the VPS goes down, email just gets forwarded a normal.

It gets me that techy people aren't running their own domain but complain about spam.

6
0

Duqu 2.0‬ malware buried into Windows PCs using 'stolen Foxconn certs'

Lee D
Silver badge

Maybe or maybe not the certificate is forged using a stolen private key.

The question begs, however, why ALL Foxconn-signed executables are trusted automatically just because they're signed by Verisign.

This is the problem with Windows, and Windows admins particularly. Rather than "Look, this is all my known software, anything not on this list - whether signed or not - I want to know so I can authorise it on the network or not", they go for the "Microsoft must know better than me what some third-party who signs another third-party who signs some third-party software does, so I'll just let them all run by default".

Sorry, Kaspersky, but I judge you immensely here. It's not where the file came from or who signed it that matters. It's what idiot didn't have a software authorisation list and/or put it on the authorisation list.

If only they had an antivirus or Internet Suite capable of detecting unknown executables and allowing the network administrator to approve / not approve their execution...

2
12

Limited edition Iron Man S6 sells for $91,000 thanks to ... serial number

Lee D
Silver badge

Thanks for the uselessly redundant and reducible equality there.

People are people. And people are dumb. A person might be smart, but people are definitely dumb.

2
2
Lee D
Silver badge

God, people are dumb.

9
0

Sun's out, guns out: Plucky Philae probot WAKES UP ... hits 'snooze'

Lee D
Silver badge

Re: Excellent work!

Whenever I see space stories, I can't help but think that - so long as there's nothing else in the area - a big box filled with the cheapest set of wheeled-toy cameras all on slightly different frequencies with experiments bolted onto them en-masse would probably get more back than these multi-billion dollar missions with one thing.

I mean, just blanket-drop a ton of toy cars with cameras, drills, etc. over where the Mars Rovers were and let them loose. Let schoolkids control them (four-minute or whatever delay pending).

But then, I just *know* that what would break would be the thing that was supposed to drop them and never did, or the one box that can talk to them or whatever.

We need a mission that sods the accuracy and fancy calculations and just salvo-fires a ton of cheap experiment en-masse in the hope that just one works.

And if the Mars Rovers had been closer? Maybe one could have helped repair the other.

0
26

DON’T add me to your social network, I have NO IDEA who you are

Lee D
Silver badge

I can't stand LinkedIn. It's like Facebook, but for you and your boss and future bosses. Why the hell would you sign up for that?

I have an entry, but it's there just to shut people up when they do the "Oh, you can find me on LinkedIn, are you on there?". Yeah. I'm there. With about a line of text and email notifications disabled. Past, current and future workplaces are not on there.

Strangely, I still get this junk. People add me because they think that will help them sell to me (nope). They add me because I work with them (you're THERE... just down the corridor... why do I have to add you online? You barely talk to me in real-life!). They add me because... god knows, random spam I assume.

Facebook, in my opinion, is for friends and family to share info - funny stories, the odd photo, and that link to little Johnny's online game that he wrote for school. LinkedIn... it's like Facebook for Work, but less useful.

I'm certainly not going to put up a work history on there - I left for a reason and though that reason was often quite amiable, anyone from there that I want to stay in contact with I have elsewhere (usually Facebook!). My current workplace? What's the point of putting people on there? So I can "link in" the people I work with and see every day? And when it comes to jobs, I don't want LinkedIn to be my CV work history. Because it contains none of my past or current workplaces anyway.

The only people I end up with are those persistent shites of suppliers that won't go away, so you add them to LinkedIn to shut them up. They never contact you from there anyway.

2
0

ISP Level 3 goes TITSUP after giganto traffic routing blunder

Lee D
Silver badge

Re: Tolerate a nuclear attack my arse!

And, even if it were, it certainly wasn't to do so immediately, with zero downtime or with zero human intervention worldwide.

Else things like BGP would have been in the bin decades ago. I mean, seriously, just having routing tables hit certain sizes is enough to make many brands of high-end networking gear just fall over. BGP routing tables grow into the same kinds of fixed spaces. And, hell, BGP announcements do nothing to take account of CAPACITY of the system on either end (i.e. the preference of a particular route based on its response time etc.).

The Internet won't invisibly and automatically survive any kind of attack. However, it will be not-so-difficult for even a small bunch of humans to cobble it back together even if that means throwing out DNS, BGP or similar in some fashion to allow it to do so.

2
1

Don't panic. Stupid smart meters are still 50 YEARS away

Lee D
Silver badge

Re: Evidence Based

Energy reduction will be zero.

If you cared, you'd be monitoring already. It's not hard to do and requires NO electrical work (clamp meter on the incoming cable at worst).

Seeing what you use does not stop you using it - you already know that you're using it or not. If not, you either care about it (in which case why didn't you know that huge hot tub was sucking 10KW before?), or don't.

Now add on thousands of unnecessary smart meters, plus the infrastructure to monitor them wirelessly, plus the server-end costs of hosting all that information, blah blah blah. You're talking net loss, before you ever get close to things like policies and legislation costs on top.

Now consider why the electrical companies would care about that?

Now consider why they might otherwise have an interest in having new fancy controllable kit sitting in your meter cupboard if not for the above?

3
0
Lee D
Silver badge

Re: @Oddlegs

The burglar argument is naff.

Want to know if someone is at home? Ring their home phone or knock on the door, look for lights on, etc.. No answer = 99.9% chance there's nobody home. And, besides, I have just as much running automatically when I'm not at home as I do when I'm at home and that's only going to get more true as time goes on.

Nobody's going to bother to use smart-meters for that. That's not the problem at all.

The problem is when they want to put smart-meters in that have the capability to cut power to non-essential circuits. Not burglars deciding whether 0.1KWh more or less means you're in or not when they still have to drive over to your house and knock on the door anyway.

4
2
Lee D
Silver badge

I think any kind of wireless transfer, I would find annoying. Certainly no need to talk to my kitchen etc. If they ever decide to stick with 3G/4G for these things, I do have a plan to create a Faraday shield in my under-stairs cupboard - it already plays host to a ton of electrical and IT equipment and is so tiny I could do it in an afternoon with some suitable-grade chicken wire.

I'm not entirely sure they could do ANYTHING about that. I provided you with access to the property, as requested. Nothing says I have to give you the airwaves. Oh, is it too costly to move all the meters at your expense? Shame. Because, you know, the only other viable place is in the alleyway and I'd have to put a safety guard grille over it if it was out there. Health and safety don't you know, or I'll be bashing it off the wall with my bike every time...

I imagine they are only really seriously considering power-line communications for the data transmission in the long run because of problems like this (if nothing else, they would be paying cell carriers for the data connections in perpetuity otherwise!), but the internal bits in the house (the entirely pointless "how much am I pulling" things that a £20 clamp meter and a smartphone app can do better than any kind of smart meter)? That's up to the user, not the electricity company.

3
0
Lee D
Silver badge

Re: I already learnt my lessons .....

I have to say, if I do get given a smart meter that has the capability to cut power (whether or not they say they'll ever exercise it), the first thing I'll do and which I'm sure I won't be alone on: Buy a generator. put in solar panels, etc.

Then if they do cut off through some "mistake", I will be sure to charge them for the hassle, fuel and inconvenience at generator rates. And unlike the many threats I've received over the years that have always come to naught, I *will* send in the bailiffs to their head office to collect if it gets that far.

8
1
Lee D
Silver badge

Because you've fallen into the trap? Look at all the cool gadgets! (Sound familiar? Look at all the advantages of this national ID card tied into every database that even your landlord will need to query / update before you can rent a house!).

It's called feature-creep. Once a microprocessor-controlled device connected to the Internet is in your house, the next steps can happen without your knowledge.

A proper smart meter, however, is destined to have the ability to curb your electrical usage. The electricity companies know EXACTLY how much energy they are pulling at any one moment. Smart meters do not enhance that. They may enhance USER knowledge, but so does a £20 clamp meter on a smartphone app. However, smart meters' purpose is then really in doubt. They aren't there to be smart *monitoring* meters. They are there to do something else, eventually.

That may not be what they're deploying at the moment (I have a suspicion that those install numbers are pretty similar to the number of, say, new-build homes and/or local-government-controlled property?), but you get no say in what the device can or can't do or what model they put into your particular home.

There are also already-published vulnerabilities in just about all the devices currently used that may allow more than just a number to go back and forth, we're talking Internet-connected devices after all.

That aside, however, the system as is relies on the honesty of the user and moving to smart metering implies I'm NOT being honest with you. You have to prove that to me before I'll let you change an existing, perfectly-working, sufficiently accurate system with some random IoT junk that could do anything it liked with my data and/or supply.

Maybe not today, maybe not tomorrow, but soon and for the rest of your life.

Paranoia? Possibly. But when people are so vague about what they are installing and WHY they are installing it (the real reason is to be able to cut you off at peak times unless you are a paying member of their Energy Prime subscription, to be honest), and you look into quite what they could gain by the stated purpose (nothing) against what they could gain from a not-fantastical extension of capabilities that you'll get no say over (i.e. control of your off switch).

29
1

OpenSSL releases seven patches for seven vulns

Lee D
Silver badge

Why would you want to renegotiate the protocol at all?

Surely an actual change of protocol is so rare, it deserves a full disconnection and reconnection?

Renegotiate the key, yes. Maybe even renegotiate certain parameters (compression, etc.). But renegotiate the actual protocol?

0
0

HGST shimmy shimmy shingles its way to a 10TB spinning rust drive

Lee D
Silver badge

Re: Cannot imagine wanting under any circumstances

Agreed. Stop faffing about and make reasonably-priced 4Tb SSD's or similar instead.

This kind of thing is just wasting money compared to what you could do ramping up production of modular SSD's and getting to the point where you can just put together 4 layers of chips in one drive, 10 in another, and only one in another, and sell them to anyone and everyone at a range of decent prices.

1Tb SSD's are ALMOST there. Really close. Another 10% or so off the price and I'm sold. But, no, everyone else is still messing about with hybrid, helium, spinning disks, and faster and faster SSD's instead. Don't. Just give me reasonable storage (that is, after all, the primary purpose of a drive) at SSD speed (not hybrid) at a decent price, and I'll buy five.

3
4

'Stolen' art found on nearby shelf. Police keep looking anyway

Lee D
Silver badge

Re: amateur...

He was IT staff, so if he'd asked, we'd have given him a key to use even at home (it was a school, so certain educational agreements allow that).

There's a reason that KMS was introduced, however.

0
0
Lee D
Silver badge

I had a guy working with me in an IT team once, both doing the same job under an IT Manager.

We noticed things occasionally went missing. A disc here. A component there (RAM, disc, fans, etc.). The disc with the VLK pre-burnt into it one day.

We knew what was happening, but couldn't gather evidence to do anything about it. When he wound himself up to leave of his own accord, our boss dropped-in a sideways mention of the missing things in the course of conversation (no accusation, just "Oh, have you seen the X disc because we can't find it", etc.) Later that week, another casual mention that the VLK installs could be tracked (he wasn't bright enough to know that the tracking wasn't actually that good, especially not without making a lot of fuss with Microsoft, etc.).

The day he did decide to leave, he came in at 5:00am. He was friendly with the caretakers, so they let him in before anyone else. He told them he was working early. By 8:00am, he'd gone and never came back. But that day we found discs and components and VLK discs tucked into odd places where they'd never been before, and where we would have noticed them immediately if they'd been there the day before.

Strange that. Rather that than have to prosecute the guy (which I don't think we'd have done anyway), but it was one of those things that I won't forget. My boss at the time said she got a reference request for him a few weeks later, from a security firm to monitor CCTV for theft, etc. I would love to know exactly what she wrote, but I have a pretty shrewd idea what kind of lines it would have gone down, even if there was no way she could write a direct accusation in it.

9
0

Webcast: How to survive Windows Server 2003 end of life - safely

Lee D
Silver badge

Fourth, a seminar from myself on how if it's taken you this long to do the above, that you shouldn't be doing the job you're doing. With a side-talk from my cat about how "My boss wouldn't let me / I didn't have the funds / Management blocked it" is only an excuse when you're the one responsible for it and those same bosses/management will sack you if something goes wrong because you DIDN'T upgrade in time.

Responsibility for something = capability to fix it, or you don't have responsibility. If you're not responsible, not your problem, but I bet someone is and if you don't know who - it's you. If you're responsible but "not allowed", then it's time to gather your things as you're the scapegoat that never stood up to say "No. We need this. It isn't optional."

1
1

Apple preps summer bonking bonanza for Brits

Lee D
Silver badge

So you doink for your Oyster, doink for a newspaper, doink for a sandwich from your shop, and then you have to go find somewhere to tap in the PIN anyway? Anyone who uses it for the intended purpose ends up having to put in a PIN every day? Anyone who doesn't even know their card does it doesn't? That's the wrong way around.

Not at all sure what you're saving here, except for a fraction of a second, at the risk of £60 (soon to be £90) of unauthorised charges.

The question is not what happens if you lose the card (but, generally, in that case unless you know the PIN you can't withdraw from ATM's or charge it in shops or even use it most places online - and those you can you won't be liable for because they failed to check your details and/or shipped to an unauthorised address anyway), but how easy it is to fake / force a transaction.

Doink to the card is inherently insecure. Work briefly anywhere there's a doinker, order a replacement doink-device, strip it down, walk around London bumping into people (or, as demonstrated, site it somewhere inconspicuous and have it point down a road - you can power up the RFID coils in the cards remotely and just snatch the transaction out of the airwaves as normal for doinking). If you have a brain, make it charge the people who stop / look / visit the shop it came from on a 1/100 basis, so it disguises as just an accidental / double transaction, if they notice that they didn't buy a sandwich on Monday at all. By the time people catch on, you can have stripped the account and been long-gone.

Doink to the phone isn't any more secure but - actually - if the phone is software-authenticating your fingerprint then the software has the ability to authorise a transaction. Although modern devices are FAIRLY isolated, there are by no means perfect. It's like storing your credit card number on your desktop - in theory it should be secure, but it's not really the kind of thing you want to be doing.

First thing I turned off on my phone was RFID (because I could doink and get info from my card from 20cm quite easily - not the sensitive info as it's all encrypted but it's ONLY the encryption that stops that, the capability to have reader hardware that ubiquitous is scary in itself, but again it's one software / encryption compromise away from complete access). First thing I did when my bank issued a doinker-card was stick it in an RFID sleeve and test it against my RFID reader - it worked enough to block the card no matter what I did. Also saves me from "card clash" as Oyster etc. as so keen to point out ("Hey, our technology is so good we can charge entirely the wrong card in one little doink without you getting a say in the matter!").

3
4

Google: Our self-driving cars would be tip-top if you meatheads didn’t crash into them

Lee D
Silver badge

Interesting game. The only winning move is not to play.

27
0

Gamers! Yes, gamers – they'll rescue our streaming Fire TV box, hopes Amazon

Lee D
Silver badge

OnLive Mark 2.

What, precisely, changed between then and now? I understand Amazon have a shed-ton of spare server capacity so that covers their server costs (I doubt they are putting GPUs into all of them, however), but what about the latency, quality, dependency on a third-party, renting model, etc. concerns that killed OnLive?

Renting and streaming games works great for... well... no-one. Casual gamers will suffer the latency but not the ongoing cost, and more experienced gamers will happily pay twice as much but won't suffer the latency one bit. Who's it aimed at?

If you threw it in with Amazon Prime, still it would be only casual gamers playing and they won't spend much at all so you won't make money on it. If you charge separately, you have to work out cheaper than buying the game and "owning" forever, and the cost of potentially losing the whole account if you go through a rough-patch and can't afford the monthly fee.

I don't see the target audience.

5
0

Sysadmins rebel over GUI-free install for Windows Server 2016

Lee D
Silver badge

Don't care how easy it is.

Don't care what users you are targetting.

Don't care that it's possible to fix.

Don't care that you might not like the way some users admin their servers.

Don't care. You removed an option that wasn't hurting anyone. PUT IT BACK.

This is the MS stuff that drives me nuts. Worse? That they ALWAYS - EVERY DAMN RELEASE - do something like this just to hear the outcry, only to change it before release so they can say they "listened to the users". Listen now - stop it, and stop removing options. Removing the start menu really worked out well compared to just having an option, didn't it? Now you've had to put it back in.

Not at all scared of command-line management but give me the damn choice that I always used to have and stop peeing about with release previews to make it look like you're doing something.

25
1

Welp, PEAK GIF is upon us! Facebook now supports animated images

Lee D
Silver badge

Re: Easily fixed

I use Opera. For the last X years, it's had "disable animated images" on a context menu available on a per-site or global basis.

Roll on Vivaldi and the return of real browsers again.

3
0

Hardcore creationist finds 60-million-year-old fossils in backyard ... 'No, it hasn’t changed my mind about the Bible'

Lee D
Silver badge

I'm the absolute opposite of a creationist but...

I'm more comfortable if you "believe" that God created Earth 6000 years ago to LOOK millions of years old.

It's still stupid, but is at least self-consistent. And why couldn't a God manage that? Why would he do it is a better question but you could argue, say, that as more humans come into being, he creates more "history" for them to explore for their own satisfaction, entertainment, etc. Otherwise we'd "know" everything already and there'd be nothing new to learn.

It's all absolute baloney, but at least try to make your beliefs from stuff that you can detect around you rather than what some book claims (indirectly) to be true despite everything to the contrary.

It's like the concept of Hell - God is so forgiving that everyone who doesn't believe will burn in hell for all eternity? It's self-inconsistent. However, the "belief" that I've heard others express that I can live with: Not believing in God and thus not getting to heaven is it's own punishment... Hell is the absence of heaven, comparatively, not a specific inflicted punishment. That I can see as self-consistent whether it's baloney or not.

Love everyone, but hate the gays? etc. etc. etc.

Believe what the Hell (pun intended) you want. But it has to make SOME sense at the very least. And not just "working in mysterious ways".

18
1

Carry On Computing: Ten stylish laptop bags for him

Lee D
Silver badge

Man bag.

They all look like man-bags, except the last.

I have held on to rucksack-style laptop bags. They're the only way to go. The one I have is padded enough to protect without being heavy at all. Space for a decent 17" screen and more, plus all the bits I could carry. It has headphone-out ports so you can pull out some headphones and listen to your mp3 player / laptop even in the rain. It carries comfortably on one shoulder, but I prefer two. It has the heftiest handle on the top for if you're carrying around.

It was cheap, nothing like the £70 and £150's of the article, more like £20. It's been abroad on any number of planes, through security any number of times (sometimes stopped just because of the SHEER number of cables, batteries and bits inside it that even with the laptop removed, it looks like a bunch of cables and blocks on the X-ray... usually taking it, unzipping it, and pulling out the mass of cables from the pocket will prove that I'm a geek not a terrorist in seconds. It's protected two different laptop over several years, and they always survive the journey whether by hand, car or plane even with a BUNCH of peripherals shoved in so much that the zip is straining.

I would hazard that if you attempted to just pull it off my back and run off you and I would end up in a tug-of-war and the rucksack / laptop would be pretty much unharmed whatever the outcome.

And it looks like a rucksack anyway, so I have walked through London with it quite happily.

Go on Amazon, look for "laptop rucksack" and a model that's not immediately associated with expensive hardware (or doesn't have logos visible).

Not these over-priced man-bags.

0
0

City of birth? Why password questions are a terrible idea

Lee D
Silver badge

Re: From one Extreme to the Other

I lost my little banking-calculator thing that creates transaction PINs for you.

Then my bank started offering a digital PIN on a smartphone app. Much better, I thought, and tried to sign up. How can you lose a smartphone app? Except you can't sign up without plugging in a code from your PINPad thing. Fair enough. I can see the logic there.

I phoned up to get a replacement. Went through the security questions. Told them that I'd lost the PINPad. I was told about the fancy new smartphone app instead. Yes, please, I'll have one.

"Great, Sir, all you need to do is go on our website and put in a code from your PINPad".

"The one I lost?"

"Yes."

After ten minutes of to-ing and fro-ing I got put through to someone who could understand the infinite loop / hole in my bucket situation.

"Great, Sir, I'll send you out a PINPad and when it arrives you can sign up to the smartphone app and then throw the PINPad away as it can't be used any more" (Green credentials be damned, apparently).

"Okay, cool".

"I just need to send you out the pad and also a security code to activate it."

"No problem."

"The PIN pad will be sent by mail, it'll take 2-3 weeks."

"Grr... okay then."

"How would you like the code sent out? I can send it to you by email so you have it instantly or I can pop it in the post and it'll be with you in 2-3 days."

"Well... what difference does it make?"

"Email is faster, Sir".

"But... if the PIN thing isn't here for weeks, how's that help?"

"Well, it's faster sir." (Fortunately, he didn't try the "green" argument or I'd have cited the above exchange anyway.

I was always told that to work in a bank was a prestigious job and they only took the finest candidates and you had to pass all kinds of tests because you were handling people's money. It appears I was lied to.

2
0

DDoS attack downs University of London learning platform

Lee D
Silver badge

Re: C'mon

I think four-hours is quite good personally.

I mean, quite what can you do but go to your upstreams and ask them to block? If their response is slow, so will yours be - plus some more while you work out who to call, try to block it in the meantime, etc. while you can't get on the net yourself.

Combatting DDoS is, unfortunately, not as simple as just flicking a switch or blocking an IP. Likely nowadays you get hit with randomised packets from millions of sources simultaneously, and just blocking everything is no better than not being able to access your services because of the DDoS.

Sorry, but whoever gave that four-hour quote is a damn idiot, or trying to sell you something that he doesn't have himself anyway.

14
0

ZX Spectrum 'Hobbit' revival sparks developer dispute

Lee D
Silver badge

Re: You appear to be hosting a known malware platform on the site...

Never noticed with my "you have to click on a plugin before it does ANYTHING about loading it" options in my browser.

Hate people who complain about plugins who don't enable the simplest of security options for them.

By the time something asks you about "Adobe Flash" wanting to run on your system, your system has already started to load the plugin into memory in order to obtain that name from the supplied HTML embed.

Turn on click-to-play and then you never see anything worse than a page full of play buttons, and only ever play the single plugin you want, only on the pages you want.

0
6

Page:

Forums