Posts by Lee D 4261 publicly visible posts • joined 14 Feb 2013
But if they save 1W on each phone connected to them, that could easily become an overall win.
Such things really don't matter in the grand scheme of things. Radio masts are far beyond 1KW and nobody cares about them.
Infrastructure is a power-hungry thing any way you look at it. Hell, I have more than 5KW of network switches alone in a small prep school.
But... the replacement fibre will also be cheaper.
And you could do something like, I don't know, literally put up a sign to say "This site is copper-free". Yeah, it's very "There are no tools in this van" but someone might read it.
If this stuff is that sought after, it'll be cheaper to replace with fibre and keep doing that than it would be to replace with copper and keep doing that (and thereby encouraging the thieves to come again).
That's fine if you plug a Pi into an official supply in your house.
For *anything* more useful, that USB-C needs to be compliant or you need to dig out the soldering iron. USB-C is the choice of power-banks now. If you buy cheap ones of those, they will work but you risk the cheap-battery. If you buy proper ones, they won't necessarily work.
It's not a small thing. USB-C is my next upgrade for everything I do - USB-C power banks, charging cables (from a centralised power source, not the official RPi thing that takes up a whole power socket to power one cable for one device and doesn't even have an in-line switch), car interface, etc.
I'm literally holding off on the Pi4 because of that. I'm not shoving amps into a device that can't properly advertise itself as high-power compatible and, like I say, I'm surprised they're even allowed to say USB-C if they're not compliant.
If you just run a Pi as a toy, you're not affected. If you want to use it in a project, as a replacement for an existing project, in anything other than your home, etc. then it's a problem.
For reference - I want a leisure battery in my car that power a USB-C power bank with multiple outputs, which will cover all my devices and keep the Pi running 24/7 between engine startups. I can't. And I'm not going to shove either a dumb high-power DC supply, or a unit that can't run from an intelligent one, into a car and leave it unattended.
P.S. I was a RPi 1 beta tester, helping resolve the SD/USB/Ethernet issues with Broadcom. I work in schools and was trying to champion their inclusion into schools while helping them break into the market (they do a piss-poor job of that, BTW, and always have mainly because they think they can just throw a Pi at a teacher and get better grades, they don't understand education AT ALL). I have multiple Pi's in work and at home doing actual, real jobs.
Now consider - a school like mine - with USB-C charging banks for tablets, which are highly compliant and managed because they are charging things, in schools, with potentially damaged cables, etc. and you want to have every Pi plug in with either only the official supply and take up a socket, or in a way that it literally won't power up in the class.
Precisely.
My question really is: When can I buy a Pi4 with compliant USB-C (I'm surprised they're even allowed to use the name if their POWER profile - of all things - is misrepresenting itself as a set of headphones, which is what the problem is)? I don't mind a fixed 4 or a 5, but every hardware issue of the Pi has had some unfixable problem or other that needs a board revision - even down to PoE hats which are literally just a PoE chip and a transformer coil.
In-house, out-sourced, thin-client, fat-client, etc. etc.
All the same, and never any different in any positive terms.
You are paying people, to do the same job, via a third-party, who has the exact same legal obligations, who intends to profit, and who has no interest in going above-and-beyond for you in any manner. In fact, they often hire those exact people who you forced out, on the same or better terms (even in that means less or more-regular hours), charge you 10% on top, and all their infrastructure costs, etc. while sticking to the exact letter of their contract and not a bit more because you failed to specify their role precisely enough. They still have to pay NI, working hours, pensions, etc.
It's expensive, pointless and stupid unless you consider one possible factor - the company you outsource to giving kickbacks to the person who made the decision. Whether that's expensive lunches, a portion of the profits, helping out his brother-in-law, or whatever else.
It's like paying someone to sit at your desk in work and do your job for you, and being their only "employer" - so you have to deal not only with whatever work needs to be done, but also cover yourself against the liability and responsibilities of being an employer yourself. And then when they have a sick day, want a holiday, or they don't do the job - guess what... you have to do it, or pay out even more money to someone else to work that part as well on your behalf.
It's the most ridiculous thing I've ever heard of and rankles only of corruption and ineptitude in every company I've ever worked in.
The only slight exception is if you literally cannot afford to hire even one employee to do that job, in which case having an outsource part-timer from a large company might well work for you. That's how it works for, say, cleaners. It does not work for 99.9% of other professions, does not work on any scale of note whatsoever, and nor is it ever any cheaper even if it does work.
Strange.
Literally every other similar company that operates in the EU doesn't have that same problem and offer spare parts. If it's a non-original repair/part that caused damage, generally they can tell immediately.
This is Apple-compliance-with-the-law, rather than anything spectacular. They are always years behind. Ask them about GDPR compliance - you will *never* get a straight answer, mostly because they are totally unable to provide one because they use a random mix of foreign Azure, Google and AWS instances to supply iCloud.
So, literally every time you've ever seen an iPad signed into an iTunes account in a school, it's probably breaking the law as they have no GDPR (or even DPA for that matter) compliance. All the statements you'll find from Apple do *NOT* actually say they are compliant.
Apple skirt the law all the time and get away with it because they have expensive lawyers. In some things I've dealt with them about, it's blatent and disgusting abuse of company and sale-of-goods laws. Ever sent a letter recorded delivery to their European head office (in Ireland) demanding legally-required details of their official company details and their complaints procedure? I have. Literally they do not comply with even those kinds of things.
What it is is that they are losing consumer-faith, slowly but it is happening, and they realise they will be on the end of a some bad lawsuits if they're not careful (e.g. GDPR).
Last time I used an authorised Apple guy (under duress!) was for an iMac hard drive that was faulty (the all-in-one devices with absolutely no way into them).
Apparently the "official" way is to entirely smash the front screen glass, replace the drive, and then re-glue in a new glass. Guess how much it costs from an official repairer to change a single SATA hard drive when it involves destroying a glass panel and then replacing it like-for-like with all the proper glue and heat-treatment to do so?
At that point, and after several other ridiculously expensive repairs for quite simple replacements to hundreds of iPads, dozens of iMacs / Mac Minis, etc I started and eventually managed to convince my employer that Apple hardware had no place in our systems.
For the price of a single iMac, plus the insurance for it (we had two stolen by someone literally just lifting them up and taking them away in front of everyone), plus the cost of such external repairs for the most basic of failures/damages, we could kit out an entire suite of machines in a room and have spare parts enough to last for decades.
Sure, they look slightly less snazzy, but people actually use them, they can be repaired in-house, and if we buy fancy all-in-ones people basically don't even notice the difference.
I'm sorry, tell me again why I would use a company that thinks that this is somehow doing us a favour, or that ever had contrary policies?
Throwing me a bone this late in the game, after decades of deciding you'd rather screw me over and call it business, is so pathetically contrived a concept that it's literally not worth the energy in the black pixels on the screen.
Does the painter and decorator have other customers, or in that time are they solely working for you and have no other customers on their books?
IR35 isn't about what you tell them to do. It's about whether they are just working only for you by proxy and thus not getting the benefits of employment and paying the taxes of employment.
A painter and decorator isn't going to be considered a "proxy employee" if they have other customers, go to other sites, book other work, and do other things.
They will if, for example, you just hired the guy to paint for you for a year but he didn't at any point ever work for anyone else but you.
The scope is much more about "what ELSE does he do" rather than "what's he actually doing".
The determination really is "Should you have just made him an employee and put him on the books?"
Hell, some school and medical information has to be held for 25-30 years. I'm not kidding you.
GDPR does not impose a time limit. It imposes a control of information and a reasonableness for your retention. If you must retain it for tax purposes, then you must retain it. If you must retain it for legal purposes, then you must retain it.
GDPR does not contain, nor has any case law yet fully established, an upper time limit on data retention. It just says to do so for a reasonable time to fulfil a reasonable aim.
It's not unreasonable to retain business determinations of taxation status for at least the period of tax information retention. It would be unreasonable to retain it for 100 years. Similarly, it's not within your rights to use that information to spam your suppliers or to keep everything else around for the taxation period "just because" you don't want to have to deal with different dates for different information.
Get this:
I will pay more to a company that does not force me to spend time and effort playing games to get them to give me a reasonable deal.
I'll literally PAY MORE to not have to deal with that crap. But I'll only pay that to someone who doesn't play that game with any of their customers, not to the companies that do.
This is what bugs me about the USwitch thing and the official regulators saying "just change your supplier" and then wondering why nobody does. I have other things to do, and I'll gladly pay more for better customer service - which means that I hardly ever take "the cheapest deal" on anything. The race to the bottom is really a stupid idea, consumer-wise, as we all end up fighting to get on an underpaid supplier just desperate to make every penny they can from you.
Treat me like, say, a paying customer... one whose business you wish to retain. Then see what happens.
Case in point: Car insurance renewal came up. Was £300 last year. There has been literally no chance in circumstance, so you'd expect another year's no-claims would mean it'd be cheaper or - at worst - the same, right? No, they quote me £700+ for a renewal. Get stuffed! I go on comparison sites - the bottom 25 companies are all in the £300 area. I choose on that I know and get the exact same insurance and breakdown from them. I phone up the original insurer to cancel - they desperately try to keep my custom. Well, you had your chance, and you blew it. But out of interest, as someone who literally is leaving your company now and has a much better deal for no obvious reason... what can you do for me? "Well, we could knock a tenner off".
Cancel. Cancel now. Never contact me again after that's cancelled.
Quite what you think you gain by treating your customers like that, I can't fathom. And I'm hardly an insurance risk that you might want off your books to improve your portfolio (I'm 40, and I've had one single claim in that time).
Honestly, if the renewal had been, say, £50 a year more, I'd have probably just let it happen automatically. But the price quoted I can get TWO insurance policies. out of over 25, with the same cover on the same information within ten minutes.
I will not haggle with you. I'll pay you for a service. I expect YOU to keep me on a decent deal. If I find a better one that you aren't even trying to compete with, I'll go with the competition. If I find you're deliberately over-charging me (i.e. giving other customers a better deal than you're giving me), I'll pay more to someone else. If you try and make me phone up and "haggle" to get a deal, especially for AN ONLINE SERVICE, you can go to hell.
Tell me what you sell.
Tell me how much it costs.
Offer me that. Offer everyone that.
Update that offer as time goes by and don't bother me with nonsense.
There's a reason I do not use any of the major ISPs - for me, an IT guy, they cannot cost-effectively compete against a 4G router and a SIM that I can change whenever I like to a different company. BT wanted £150 to activate my line, plus line rental, plus a monthly broadband subscription. Sure, I could sign up for 18-24 months and get a reasonable price for those (going back to ridiculousness soon after) but the install charge etc. covered most of that. They were offering me "1Mbps on ADSL, up to 10Mbps on VDSL"... I kid you not. And I'm inside the M25.
So I bought a £50 4G router, and a £20 a month SIM with unlimited data that can also go with me wherever I go (I just took it to the Balearics and it worked better than the wifi over there and didn't cost anything extra). At home it runs a VPN, CCTV, streaming live and recorded TV (via tvHeadend), Amazon Prime, Steam with 1000 games, etc. etc. etc. just fine.
Everytime you force me to negotiate, research or mess about - I will spend twice that effort on finding something better that I *never* have to do that again.
"This vulnerability could be triggered by inserting specially crafted headers which are not correctly counted by the xiph_CountHeadersfunction. As a result, the total number of bytes that could be written is larger than expected, overflowing previously allocated buffers," Semmle notes in its disclosure.
"As a result, the total number of bytes that could be written is larger than expected, overflowing previously allocated buffers. In this case, the vulnerability risk is also increased due to the large amount of bytes that can be overwritten, and the possibility that it can also be turned into an OOB read."
It's worse than we thought! I think that quote overflowed into the next paragraph!
People forget that a desktop manager should be completely invisible.
You buy an OS to run programs on. You don't buy it to coo at the pretty sliding animations, wow at the alpha-fading of the windows, and be astonished at the "take over everything you want to do" uncloseable windows.
A desktop manager should be functional and utilitarian.
I would argue that we haven't seen a really decent one since the days of Windows Program Manager, and even that's only allowed because *at the time* it was amazingly functional.
Same as network security:
Encrypt everything.
But don't let people sniff the entire network (or BGP route it through their country) anyway.
Google learned that lesson the hard way with their intra-data-centre communications being sniffed by certain agencies.
Privacy is not about "did someone find it out". That's secrecy.
Privacy is about "did someone actually have the right to be listening indiscriminately to everything".
Meanwhile, despite owning a Samsung laptop, two Samsung smartphones (old ones, though), and a Samsung TV - all independently and based on their merits rather than because of the name - I am now instead looking at a Nokia 2.2.
Removable battery. Removable microSD card. Headphone socket. Dual-SIM versions. 4G. Doesn't have 47 cameras. Latest and clean Android. GPS, GLONASS and Baidou, ~£100.
32-bit is dead, give it up.
The last 32-bit only x86 chips were the Atoms in 2010. Those machine are pathetic for anything vaguely modern, even when they were first released.
Sense the trend - 32-bit is dying across the board and has been for over a decade. Sure, you can do word-processing on an old DOS machine if you like. But when it breaks, you're gonna have replaced it with a 64-bit-capable machine unless it's literally not needed anything in the last 10 years.
To be honest, if people were after cheap, low-maintenance word-processor, I'd say buy a Chromebook. Offline editing, cloud-synced, simple-office-interface, automatic-saving.
Honestly... give it up. Even "old" 32-bit iPads are useless now - half the apps won't work.
Only with explicit (not implied) consent, for a reasonable period, only for that legitimate business function, never to be shared with anyone else without additional, optional and specific consent.
Credit reference agencies literally are the only organisation apart from the government to have the last 20 years of my addresses, not to mention pushing that information to organisations that I may well not consent to, not to mention providing little to no reasonable method to correct errors, and also collect far too much information than that necessary for the purpose.
They're gonna be the "big" test of GDPR as soon as all the early test cases build confidence to take them down. My own bank can't hold the information they do, for as long as they do, and I'm a paying customer of theirs - I never consent to Equifax holding or collating that information, seemingly into perpetuity.
You can have all the memory safety guarantees in the world.
The second that you are able to poke around in / peek at a memory location under your control ("dereferencing a pointer"), then all those safety guarantees go out the window. Because now I can - accidentally or not - overwrite the size of a variable, or write data past its data's upper bound, or make it leak into other nearby memory areas, or access an area that I shouldn't and - if anything is watching at all - trigger a memory access violation (e.g. a null pointer deference).
And in OS terms, that's like saying that your bank is secure, so long as nobody ever want to gets inside. You can't interface with hardware (which will present itself at arbitrary addresses that you need to dereference from, say, the PCI discovery structures), you can't write drivers, and you hit massive performance problems because you end up having to pass information around *everywhere* rather than just refer people to it.
Rust has an "unsafe" mode / command / keyword for exactly this. The second you use it, all bets are off (it's "official" and they know you have to use it, which is why it exists, but they literally say that you have to flag it as unsafe because then YOU have to check your code is right, not the compiler, and if it's wrong, that's not Rust's problem, and they can't stop you interfering with the other "safe" Rust code at that point!).
If it was easy to write an OS kernel, filesystem, hardware device driver, etc. without dereferencing pointers and trusting/interpreting the data therein, then we would have moved on from C before the UNIX era finished, let alone now.
For applications, sure. If they use sensible formats and do everything right they may never need to use an "unsafe" function. But the bits that actually make your computer work are dereferencing third-party pointers that are just handed to them all the time. Every time you see a C-style (cast). That wouldn't work. Every time you receive nothing more than a memory location from hardware and need to use it by pretending/assuming it's something else (e.g. DMA accesses, PCI hardware discovery, framebuffer locations, etc.). That wouldn't work.
Guess where most of all the problems come, for someone writing an OS, especially if it includes third-party hardware support by other-people's drivers?
Did you know, for instance, that 3DFX drivers for Windows 95, etc. literally allowed DMA of the entire memory range of the machine? So by installing the driver for your graphics card, someone writing a game that runs as even a lowly unprivileged user could have queried the graphics driver in such a way that it allows complete unrestricted, unmonitored access to every byte of the computer's memory. Nobody noticed until years later (mostly because looking at driver code is hard, purely because of the safety you need to reimplement everywhere that would normally be in the compiler but with holes poked for what you need to do).
And the second you start using "unsafe" functions, you are actually able to break all the guarantees of "safe" functions throughout the rest of the program.
If memory safety was easy, Java would be secure.
That's fine. Use Rust.
And make sure you *never*, not even once, use an "unsafe" function in it.
Otherwise, you're just recreating C code poorly.
Now, how much of your code can be done? I imagine all of Office should be fine. But Windows, without unsafe Rust functions? Good luck!
The second you are into "dereferencing a raw pointer", memory safety of the whole shebang is at risk. Unfortunately, that's an inherently common requirement in operating systems, drivers, hardware interfaces of any kind, etc. and used greatly for performance tweaks too.
It's not that you couldn't do the same in any C variant either, whether by coding style, explicit compilation checks, or whatever. It works out the same.
As soon as you have to poke memory that you don't know the origin of, and trust what's there, and hope you got the address / size correct, and then interpret the data in that location in some fashion, you're in trouble. And, unfortunately, that's a inherent part of every OS.
Difficulties for blind people, postal votes (the entire military), when a polling station has to close, massive problems with queues at some if there's a problem, etc. etc. etc.
It's a stupid system if it requires, in 2019, people to turn up, in person, at a SINGLE designated polling station (others are just further hassle) within a small time period.
The infrastructure around a vote is expensive and actually used as reasons not to have them (e.g. if we could just flick a switch and have a "no-Brexit vote" now, there is no excuse not to. But if it costs millions and has to be prepared months in advance, they can just say "Oh, we can't possibly do that!").
Voting on paper is open to just as many attacks... how does the polling officer inform the central government of their voting outcome? How do you know that didn't get changed along the way, the guy at the other end "misread", etc. Same thing, just slightly further down the line.
Now imagine an official government gateway page, just visit it, verify your identity, vote. Any time. Any day. Anywhere on the planet. Right up to the deadline. On one, ten, a million different things that you feel are important to you. With verifiable results. And "paper votes" basically becoming the "postal vote" of the next century... you only do that for particular reasons.
Now you know the results of the vote instantly. No "counting" required. You could literally put it in between "Someone attacked us" and "Should we go to war", it could be that simple and quick. In fact, you could know the results of the poll *at any time* you liked... anonymously, but you could tell that it was 52-48 and then went to 51-49, etc. in real-time.
Done properly, there's no reason *not* to have online voting, like there's no reason not to have online car tax discs, online checking of your state pension, online benefit application, etc. Collecting millions of bits of paper and counting them is literal dark-ages stuff in comparison. You're not saving anything, you're not defeating anything. You're just spending lots of money to do it slowly and poorly because "we've always done it like that".
That's because your queries are unbounded by the user executing them.
If you have even a resemblance of proper security, Customer A - no matter what they query of the database, could only ever have access enough to query records of Customer A and nobody else. Changing the magic number would just error.
However, I bet what happens is that Customer A authenticates to the web session. That plants a cookie that lets them query bookings. Then the script that actually returns a boarding pass is executed as a database user with at minimum read rights to the *entire* database of boarding passes.
And I bet their "fix" is to just check inside that script that Customer A is asking for Customer A's boarding pass. *NOT* a proper row-level security that stops them even being *able* to see anyone else's information, no matter what script, portal, compromise or whatever other action is performed by that authenticated user.
We really just don't do security properly *anywhere*.
And if you say "That's an expensive operation"? Then that is why the database query for that shouldn't be direct against the main database with *everyone's* data but to an intermediary server. That is literally programmed as the only thing with full database access. And which refuses - point blank refuses - to return anything other than a rowset filtered to the authenticated user. Then the database is just being polled from (and therefore only needs to be accessed by) one machine and can cache the full results, but the intermediary (which is only allowed to talk to the web machines and the main database) is literally just doing nothing but filtering all results to those that the user that it's being accessed as should see.
Changing an ID in a URL is a classic security mistake. Not because of missing a line of code that should be checking. Because it's indicative of a complete design catastrophe in terms of security.
Least privilege principle. The web servers get nothing. The user authenticates to the web server. The web server passes on that authentication to the query server. The query server checks the authentication and queries the database. Now the database may well contain other people's results (if the query is particularly fecking awful!). But then the query server removes anything that the user doesn't have row-level permissions to see, returns that to the web server, who returns that to the user.
The web server has no access to the database.
The web server has no access to the authentication database.
The authentication server has no access to the web server or the database.
The database has no access to the web server.
The "query" server acts as a blind intermediary. If you request the wrong details, the authentication fails for the rows you are after and the query server baulks. If the query used is changed and accidentally returns an off-by-one record, or the entire database, the query server baulks or filters to only that stuff that you should be able to see anyway. If the web server is hacked entirely, it gets no access to the database except what it can see of live, running queries for limited users (and thus compromises only *their* account information at worst, not the entire database).
And then you go full, proper "I am a commercial enterprise with millions of pounds of business" and you put a firewall, a reverse proxy, an IDS and layers of VLANs over the whole thing to stop that happening anyway.
And you can literally keep your entire customer database, on one huge system, locked away from everyone, with one cable coming out, going to one computer / rack / whatever, which is the *only* way to query the database unless you're literally standing in that room with administrator privileges. One path to audit. One path to log. One path to monitor.
This doesn't take a genius. But if I'm able to just change an ID in a web query, that means the web servers are running scripts that are querying the main database directly, and returning whatever dross it pumps their way, and then pushing that straight to the user's screen *without* at any point bothering to check they own it, or in any way limiting one user's access to another user's information. An "if real_user == intended_user" at that point is *NOT* security.
I dunno.
The Nokia 2.2 looked alright to me.
Removable battery
Headphone socket
microSD slot.
Plain Android
GPS/Glonass/Baidou
~£100
To be honest, if I'm gonna buy a new phone, it's going to be something like that.
But, yeah, 5G capability would be nice, even if I don't put it on a 5G SIM for years to come.
Same.
For nearly two years now, and now I have a proper definition of unlimited data on a proper tethering contract, I can't tell the difference, to be honest.
I also pop the little soap-bar-sized box into my laptop bag occasionally and don't have to rely on pub wifi or airport wifi or foreign cafe wifi either. Hell, I don't even inconvenience my friends by needing to jump on their guest Wifi. Even my car can pick up the Wifi from it, if I want. I actually had Internet speeds in Spain last summer that my hosts didn't even have.
I've also used SIP phones over it, VPNs, all kinds... it just works.
I do have an IoT SIM in my car GPS tracker but it literally costs £25 a year and then a fixed price per text (which is rare and means either I've lost the car or someone has stolen it) with a guarantee that they won't terminate the account for low use because of the annual charge. I'll be doing the same for my house alarm too. And they are all different networks, which is my "backup".
But Wifi To The Windowsill is a very apt name. I just happened to put it onto a Draytek to offer it out to the network and get much better 5GHz Wifi coverage, but apart from that, it's the same idea.
There's a reason that I deliberately held off on all the "unlimited" data packages until recently.
I use 4G as my only Internet connection, via a little Huawei box that powers my whole home network.
Up until this year, you could never get to the bottom of their fair-use and they all excluded tethering (for reasons I can't fathom - 1Gb is 1Gb whether it's on a phone or Wifi, no? And all phones offer hotspotting).
This year, Smarty (a Three reseller) and then - ironically later - Three clarified their terms. "Unlimited" now means 1000Gb, tethering absolutely 100% allowed, according to Smarty, for instance. 1000Gb is big enough for the foreseeable future for me, I'd have to do 10 times my normal traffic to hit that. I signed up immediately (again, ironically, moving away from Three themselves who couldn't be bothered to offer me that guarantee at that point!). And it's on a monthly rolling contract so I can always switch again if necessary.
So now I feel "safe" having a 4G running my whole network, letting all my Steam games download, watching stuff on Amazon Prime all day long, etc.
I will move to 5G when and if someone does the same for 5G. Available in my area. Monthly rolling contract. Better speeds than 4G. And at least 1000Gb of untethered data available before they play any games with my speeds or try to charge me.
For reference, 1000Gb (1Tb) a month is a constant 3Mbit per second... it doesn't sound a lot when you say it like that... but if you expect me to move to 5G, then I can easily see that you'd want more than that or that you could burn through that quite quickly. I think I would want an increase proportional to my actual speed - if 5G really is 10 times faster than 4G, in my own real-world testing, then I'm going to want 10Tb of data before I touch it.
That's neither here nor there.
Don't try to run Windows on Linux or vice versa in an era where everyone's computer has virtualisation instructions in their processors, Hyper-V built into Windows, VMWare available for less than the cost of a Windows licence, and GPU-V passthrough. And VMWare lets you do the old "Linux windows inside a Windows session" / vice-versa tricks so you don't even know that you're virtualising and can use the desktop environment of choice to run everything.
But if you need to stay on Windows (which most people don't), then you don't get a choice. Most people, however, have a choice and are taking it in preference to a whole new machine or even revamping their old. And when you do need to game, a Windows gaming machine is dirt cheap now compared to what they used to be. Unless you're talking 4K VR, your machine can likely run almost anything if it has anything vaguely resembling a discrete graphics card in it.
No consumer is going to install Linux on their working Windows machine, because they never even installed *Windows* on their Windows machine. It was all done for them, and they wouldn't stand a chance of getting UEFI booting off a CD working as an average consumer. Power users, obviously, already know this. Casual users, it's just not an option. Wine is so far from being an option that it's almost as laughable as telling them to use ReactOS.
I speak as someone who's been on Slackware since the 90's, helped make a single-floppy Linux distro, had licences for Crossover Office for god-knows-how-long and still runs 50% Linux servers in my workplace.
Nobody is going to consider a OS unless it's pre-packaged like Android, iOS or Windows. Chromebooks have merged into the Android ground now, and nobody even realises they are Linux underneath. But you have a clear split - people who need games buying Windows desktops (but more likely sticking better graphics cards / processors into their existing desktops), and people who just need "the Internet" and are buying Chromebooks and entirely other devices.
Both are killing the desktop PC market, and harming the laptop market. And I can't say I blame them.
PCs do what they've always done.
An average PC in a shop is more than suitable for the vast majority of people.
Specialist buyers are niche and even then, you don't need to go mad to get decent hardware.
Chromebooks do 90% of what the average person uses their PC for. Especially if you use Google Docs / Office Online, etc.
Also, a Chromebook costs £150, a laptop of any value starts around £300 and goes up quick.
Things like Acer Chromebook Tabs - combining Android tablet and Chromebook in one device - basically mean you have "full" Chrome on a tablet, capable of doing that 90% of the work, plus play all the casual games off the Play Store, for half the price of an iPad.
I will soon be in the market for a new laptop if I can't repair mine adequately (on its second battery, second PSU, and third keyboard, just through sheer volume of use for absolutely everything). According to what I see... a basic "gaming" (not really) laptop will outclass that machine two-fold in almost all respects. And yet that old laptop still runs all 1000 of my Steam games more than adequately.
And desktop PCs are dying outside of business compared to laptops. Nobody wants a chunky thing stuck in the corner any more.
Why do I need a new machine? If I need a new machine, why would I spend a lot of money? If I bought a new machine, why would I go with Windows?
I know *my* answers to those questions don't meld with 99% of the population, but that's what they are asking themselves. And Chromebooks are inheriting that stupid inference of "It's a Chromebook so it can't get viruses", which has never been true of any platform whatsoever, are cheap, have stupendous battery life, and are good enough to do anything you really need to do on them (I've issued them to hundreds of kids, who use them for everything from video editing, to audio/MIDI sequencing, to their primary word-processor, not to mention browsing their entire curricular content - even Pearson are stopping producing textbooks any more).
"The home secretary, Theresa May, has rejected an attempt by Boris Johnson to deploy water cannon on the streets of London and refused to authorise their use by any police force in England and Wales.
May heaped further humiliation on the London mayor by telling him that the three 25-year-old German water cannon, which he authorised to be bought last year by the Metropolitan police, have no fewer than 67 faults that need to be dealt with before they can be used."
Don't buy stuff that isn't currently authorised, without checking that it *will* be authorised.
And this kit was old German refurb (read: The Germans are selling it because they don't want it either) with a number of faults.
The prime reason though was endangering "policing by consent". I can't say that I disagree on that matter.
STOP OPENING PORTS TO THINGS THAT DON'T NEED PORTS OPEN!
Seriously, nothing to do with the firmware or whatever... what the hell is a NAS with those kinds of documents doing handling raw packets from the Internet?
I *BET* this is a UPnP thing too... where the box just says "Hey, open all these ports and point them at me" and people's stupid networks just obey blindly without any notification.
Firewalls are supposed to work BOTH WAYS people. Not letting in anyone who shouldn't be in, not letting anything talk out that shouldn't be out, and NOT blindly doing so automatically or operated by someone who just cuts holes in the damn thing unthinkingly "to make everything work".
An analogy I use... every port-forward is like drilling a hole in your marble worktop, or punching a hole through your house's outer wall. Sure, you have to do so occasionally. Of course it's necessary for some parts to work (e.g. taps). But you don't go drilling more and more and more holes just because it makes it easier for the electrician, and you don't make the holes any larger than necessary and, when you're done with that hole, you fill it back in.
I have less ports forwarded (never just open, but forwarded to another machine on an enclosed VLAN) than almost anyone else in the same industry as me, and yet I offer far more services on-site than anyone else in the same position.
Unless you are running, deliberately running, a server on a well-known port, you do not open (incoming) ports. And you disable UPnP on any gateway device immediately upon receipt (clients can request UPnP all day long from their UPnP services if they like, but it's the gateway that actually acts upon them).
And all "servers" should be treated as such - updates, security, authentication, least-privilege, auditing, logging, and where possible proxying between them and the outside world too. (I once get marked down in a security audit involving an external penetration test because they were unable to query my webservers directly as they all showed up as a Squid/Apache reverse proxy. "Obviously" that stopped them being able to look for version strings and query vulnerability to ridiculous URL constructions like "../../../.." etc. so they marked me down... despite the fact that that's *precisely* why that's in place)
When a tiny regex is capable of taking down a huge chunk of the world's websites (mainly because someone turned off the CPU-limits on queries, I believe!), or a small BGP announcement capable of rerouting vast portions of the Internet through Russia or China, or one timing station capable of taking down an entire global satellite network for days at a time...
I don't think we're learning those lessons. This is kind of my point. We are highlighting the sheer fragility of these things that we're basing our daily existence on, where a slip of a key results in downtime for billions of people. There's no way that we're then in any way learning if they keep happening (e.g. Cloudflare has gone down a few times, BGP outages are still happening all over), and that's not even when someone with actual hostile intent is *trying* to do something.
We're seriously too vulnerable for this kind of thing to be possible and not be immediately rolled back to some kind of "fallback" state from 10 minutes before it all goes titsup.
The precursor to the weapons is going to be completely crippling the Internet to prevent assistance / warning, not to mention that that could well be the method of attack itself (e.g. SCADA controls like we did to Iran?)... The bombs you can't stop. But if they are able to stop you retaliating in any significant fashion because a) you don't know and b) they can use the same attacks against your systems so you can't retaliate at all, then it's not nuclear winter you need be afraid of. It's someone literally walking into your country, annexing it, and nobody being any the wiser until the digital dust settles by which time it's too late.
A suspicious mind would notice lots of very odd happenings in the world of tech at the moment.
Cloudflare worldwide downtime.
Galileo knocked offline.
New York blackouts.
All, while not unprecedented, certainly unusual, and all happening in little brief window in 2019. Even Google GSuite threw a wobbly not long ago and all its services were out for much of the world.
A suspicious mind would say... oh look... cybersecurity... someone gently probing to see the extent they can cause hassle, should they decide to. All "explained" of course, all "internal" causes (but who's to say that the best way to do these things isn't to do them from the inside or make them look like that's where they came from?).
In a world where the US is snubbing China, cosying up to Russia, and pushing away Europe, who's to say what's actually happening.
If nothing else, it should make us think... if three things can all be caused by a slight glitch in the IT... what could a hostile nation state actually achieve if it wanted to?
Unfortunately, you generally have no way of knowing how its been trained, even if you trained it.
If you train by, say, genetic algorithms - it's quite possible that there's a mirror of your data in the trained network and it flags "success" as "John Smith was a success and this guy's data also looks like the John Smith data which I have taken upon myself to copy inside me".
Maybe not intentionally but that's the problem - you have no idea what it's training itself on, what changes that makes to itself (could be a statistic, could be wholesale copying of the input data), or how to untrain / delete that part.
Good luck proving in a court of law that the thing *doesn't* contain John Smith's personal information, especially if you've been copying it around your entire company... whoops! So Mr John Smith's address has been visible inside the trained neural net and you've given that to millions of people as part of your amazing AI product? Oh dear!
These things really are as unreliable, untrainable, uncontrollable and as stupid as they sound.
IR35 isn't about whether you ARE an employee.
It's about whether you're PRETENDING not to be an employee but actually are.
As such, it's not enforced anything. It's proper taxation for the category that you fraudulently claimed not to be finally being applied to you.
And a client waiver will do nothing. That's like getting a waiver from your employer that you don't have to pay tax. It doesn't work like that.
If the nature of your work encompasses you under this tax, because it's changed and you've accepted that, or it was always like that from the outset, then you're liable for the appropriate tax. The taxman isn't going to care one jot about some letter that you agreed between you (that mutually benefits you both at the detriment of the tax man). They'll just find you guilty of fraud too, having signed a letter that clearly said you weren't covered by IR35 when they have determined in a court that you actually were.
Be an employee, or be a contractor. It's really not that hard.
You're either an employee. Or you're not. If you are caught in the middle it means you're working *as* an employee, for a sole employer, for an extended length of time, and get all the benefits of that, while also trying to not pay the tax that you would have to if you were an employee. And you do this by pretending that you're contracting round when actually you're working for one place, at one time, for - say - one year, and just don't want to be an "employee".
IR35 should have caught up with you years ago, for sure you've had plenty of warning that it was happening.
Work as a contractor, without employee benefits or restrictions, or become an employee and pay your taxes.
If you're working "as a contractor" and this hurts you - get employed by the client, or raise your prices.
That's okay, we all learned to put industrial controls on a managed and controlled and isolated and monitored internal network, with no direct access to the Internet, via firewalls and proxies and whatever else necessary to ensure they stay isolated from everything else and, where possible, even each other after the last thing like this.
Right?
Wifi operates entirely on the principle of a shared medium anyway.
No one client is going to get that 2.5Gbit/s, and if they did, they'd be better off with a cable anyway.
You have to go some to max out a wifi point, even of today's technology. And if you are, then pretty much you're using the wrong medium anyway.
Wifi is for casual, low-bandwidth, spiky-connections-acceptable use. Anything else needs to be wired.
Though you might "get away" with it for years, the second you start adding more stuff on wifi near the existing wifi (not even using it, but just trying to interfere/negotiate with it), your max speed will drop anyway.
I stream TV over my very busy Wifi at home quite happily, while gaming, downloading, browsing and all my junk is connected. But my work desk is wired for several very good reasons. Even though I'm the IT guy and I literally have a bunch of very expensive Wifi points to hand and one actually in the room above my desk.
Ethernet for "real work". Wifi for "casual". Yes, I can connect 150+ iPads, Chromebooks, etc. to the access point I use, and it works decently enough for all the ones that my team can physically use simultaneously (i.e. one per person). But you can kill the point with just one huge download unless you prioritise and limit traffic appropriately. I can kill wifi site-wide if there are big updates to push to all the wireless clients (averaging 30-40 clients per AP). I wouldn't ever use Wifi to do huge downloads, copy files, sync network drives, etc.
Our wifi points are Gigabit. If they max out, they max out. I can't guarantee you a signal, a speed, or any reliability on them. You may well *get* good service in those respects out of them, but I will not guarantee it. Especially when you decide to sit 600 people in a place with a handful of access points and then tell them all to "download this video and watch it". Game over. But if you did that site-wide via a Skype call to all their wired desktops, even across sites, over the local network... not a problem in the slightest. I wouldn't even flinch and I'd guarantee that for you.
The sorts of access points that can contain that - not only do they need (multi-)gigabit wiring to themselves, but they also have to mesh together with their neighbours well (which means you need a lot of them) and... they are not cheap. I can pay £600 for a single AP that would cover probably a "room" full of workstations (with maybe 50-100 devices, but range and coverage is the issue, not necessarily the sheer number of devices unless they are all pumping data 24/7).
Even then, it's not just a case of buying a hundred APs and lumping them in a building, you'll end up with worse wifi than 10 more expensive managed APs, properly sited.
Add on centralised/cloud management (a must, really, if you guys have any kind of MDM) and it suddenly becomes a lot more expensive than handing your electrician a 305m roll of Cat6 (about £50 worth) and saying "can you put that in the walls for us". Nobody deals in 100Mb any more, either.
If you have a hundred users on Wifi over two offices in a major city center - you're paying for decent, most likely meshed, managed wifi, probably Ubiquity, Meraki or similar. If you have blanket coverage and not just "the desk areas", then they're paying even more. And they had to pay someone to wire those points in with Cat6, too, or they'd be useless - plus PoE (either switches, or decent injectors with lots of power points around the place to power them up) and decent switches on the back-end to run them all properly.
By contrast I could probably pay a guy to wire an entire floor with double-Cat6 sockets to every desk for much less than even the points cost, let alone the controller and necessary PoE switches.
They've done it for the look of the thing, not to save costs. And they are able to because you don't make heavy use of the system. When you do, you're going to have a shock - involving an awfully expensive wifi upgrade. When my switches max out and can no longer supply 48, PoE powered managed ports at Gigabit each, over a fibre 10Gb backend, I might have to pay a couple of grand to swap it out for an equivalent 10Gb switch with 40Gb fibre ports and give everyone an instant free upgrade.
Fact is, your wifi wouldn't operate at all well without that exact switch sitting in a cupboard somewhere anyway... you've just bought the Wifi on top as a convenience and for the look of the thing.
Exactly.
A dedicated one-gig tube direct to your PC? Or a fraction-of-a-gig, time-sliced, interferable, unpredictable radio connection shared with everyone in radio range?
My rule of thumb for people who "just don't get it": Wifi is *at least* 20 times slower than a cable. It's that simple. I'm sure you can demo a really fast connection in a greenfield environment, but in the real world you're sharing it with everyone's mobile phone, tablet, etc. not to mention a huge tract of unlicensed spectrum users in the form of everything from doorbells to microwaves.
Just assume, no matter what, that Wifi is *at least* 20 times slower. It works. You have a roaming profile on your work PC that takes a minute to log in? Yeah, that's going to take 20 minutes to happen over wifi. I kid you not.
And when wifi does catch up so that even 1/20th of it is enough to run gigabit, then we'll all have 10G and 40G Ethernet connections anyway (10Gb is actually viable today, if you just have a little money to spend on it - the problem is the backend connection on the switch but if it has the processing power, you can get around that with LACP).
It's fine for casual browsing. It's fine for home use. But it's 20 times slower than a cable. It's that simple. And the more you use it, deploy it, and mix it up between old and new wifi, the worse that ratio gets.
You're assuming paint.
I'm assuming radio beacon and/or visual display. A laser in a cat's eye, or on a pole on the side of the road. Radio chirps will work through almost any amount of snow, and the car is *in contact* with the road. Never had a Scalextric? Put a great big sprung connector (like.. a train has!) connecting to the road... it'll clear the way and have a direct electrical connection good enough for data and power (even if it blips). Just like... a train does. There are myriad ways to achieve this and computer-vision is the VERY LAST thing you want to lay a human life on. Hell, 4G and a GPS signal on an isolated lane is more than enough. Just stop it mingling with "normal" traffic.
Snow-covered? Continue on using your front and rear sensors at a slower speed until you pick up the signal again. Just like a train does. Or a human when they can't see the road.
No, the only way it'll work is if you remove all intelligence from the system.
This is a road. There's a BIG LINE down the middle. Encoded down that line is all the information you need about the road you're on and the road ahead (in case the line fades out!). When a car deviates off the line, it stops. The "self-driving" cars literally just rely on being told EXACTLY what to do, when. And tell each other exactly what to do, and when. I am 5m ahead of you, slow down.
The drive to put "intelligence" that we don't have and can't even define into things that are not, and may never be able to be, intelligent is just stupid. What you want is artificial stupidity - computers that obey orders, perfectly, every time.
You wanna change lanes? You have to wait for a lane-change line to approach, then announce that lane-change to everyone around you, and then follow the line you're given.
Such things only work on a "dumb" road. With other "dumb" cars. And "dumb" junctions. Make life easy for the computer. I don't understand why we're deliberately trying to make life difficult for the thing we're putting in charge of ours and other's lives. Make it easy. The same way that we designed a steering wheel for humans to steer the car easily. So when a computer drives, we should make it easy for the computer.
The obsession with putting this junk on the roads with real humans is the single largest downfall of it. It's ridiculous. And then you find that the systems we have made "dumb" generally "just work". Everything from automated train and tram lines, to production factories, to TVs that just play content rather than try to come preloaded with apps and voice recognition and network connections that can get viruses.
I am a *massive* IT guy, I program, I studied computing at university, I was hooked from a young age on these machines. And I would not trust it thinking for itself. If I was to design *any* system it would do what it was told. Sure, that means you have to tell absolutely everything that you want it to do. But I'd rather have an obedient and dumb system than a disobedient "smart" one.
You wanna play with this stuff, do it away from the roads and away from humans and in a controlled environment where the most that can happen is you bump someone's ankle at low speed.
You wanna do something useful... dumb it down to the absolute basics. Like a washing machine with seven thousand programs on it... you just want it to wash the damn clothes. Make the car go from A to B in the simplest way possible where there's no chance of error. That means stop all this automated car junk and - at minimum - designate one lane "automated vehicles only". Stick a crash barrier between it and other people. Jam the cars into it, inches from each other's bumpers. Have them talk to each other, and blindly obey rules about what they do. And label every few hundred yards with a radio transmitter that tells them where they are, what's ahead and what they should do (stop, go, etc.), and the whole system comes to a halt in absence of such instructions.
By the way, it's called a railway.
It's a pipe-dream, ain't gonna happen.
The people who have this thing enabled on their cars are just signing a suicide pact that involves other driver's unwittingly.
Even with a "FSD certification" from a government, I'm still not gonna trust it.
Am I a luddite? No. I'm a realist. With a sense of security and what computers are actually capable of. Voice/face recognition was pathetic in the 80's, it's still pathetic now. That's because it's a *hard* problem to describe to a computer, nothing to do with the power you put behind it. Self-driving is exactly the same.
Google's new Go engine was the biggest, most radical, most humungous step forward in AI since it was invented. Going from the best machines in the world barely beating an amateur to thrashing all the masters, almost overnight. It's unbelievable, I was *so* pleased to see it, I imagined it was some amazing new way of doing things - because I studied Game Theory, Graph Theory and various computer science courses to degree level, and one of my tutors was one of the world experts at making computers play Go. But it wasn't. Little else has resulted from that. It's a very limited niche that it made a leap in and isn't translatable to more complex AI problems.
Musk just has no concept of what he's asking, and what he's selling, and what's actually possible. You'll end up, at best, with a poor AI-driven thing that'll be involved in just as many crashes but in all the "less obvious" scenarios. Sure, it won't fall asleep on a long boring straight road, but it's going to plough down a police officer who's trying to move traffic out of an obstructed lane on a motorway without any special road markings to do so.
And I've said a million times before - stop testing *on the road*. There are a billion test cases you could use to build confidence in such a system that don't risk multiple serious deaths. Have an AI-controlled bus punting around Disneyworld. Make a self-driving shopping trolley, or golf cart (how easy can you get - 18 holes on a closed off course that you can layer all kinds of signals over and minimal hazards), or fairground ride, or airport vehicle... all low-speed, less-impact tasks in controlled, closed-off areas where you can prove that it, say, never even bumped a human in three years of operation. They could have started that TEN YEARS ago and got that reputation and *then* translated it to the real road.
But no, Musk just goes "70mph on the motorway only and tell people they were wrong if they activate it anywhere else!". Idiot.
Quite... they should just shrug their shoulders and say "Here's the information you asked for. Yes, we know it's useless to you. But that's what you asked for."
As technology progresses, the very idea of "trusting" the ISP to be anything more than a shifter of encrypted packets gets more laughable... I honestly don't understand why they were ever considered anything else.
There will come a point where all Internet traffic is encrypted point-to-point and even metadata becomes next-to-useless. It's inevitable.
If someone could please get off their backside and replace email too, we'd be a damn sight closer. SMTP over TLS is *not* end-to-end encryption between sender and intended receiver and cannot be with current protocols.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
