redirecting HTTP to HTTPS
Isn't this the sort of thing a first year Comp Sci graduate used to be able to do ?
The UK's TV Licensing agency has taken its website offline "as a precaution" after being blasted for running transactional pages that were not sent over HTTPS. The publicly funded outfit had been criticised for inviting folk to submit sensitive data over unencrypted links. Just a few hours after proclaiming "we will soon …
Well, from my observation many of the university types do certainly think that once they completed their degree, that the learning is done and finished, and they can then start looking down their noses at us other self-educated types who didn't pay £9k PA for a "rarely present tutor" and are interested enough in the subject to be motivated to self-learn
I guess the overpriced degrees in university, breeds a kind of hubristic elitism
A bit like when people buy an overpriced product, and they wrongly equate high price with high quality
“The good work for all education is interest. Until there is interest there is no response"
Well, from my observation many of the university types do certainly think that once they completed their degree, that the learning is done and finished, and they can then start looking down their noses at us other self-educated types
My Computer Science and Engineering Degree taught zero practical skills ... instead I learned the scientific and theoretical knowledge that would prepare me for a lifetime of self-learning.
Also here is at least one "University Type" that respects anyone who has the skills necessary for the job no matter how they acquired them.
Regrettably I also worked with far too few people with skills and no degree and far too many with degrees with no skills, not to mention the 3rd year transfer students with 3.5+ GPA who literally could not complete a single lab assignment without cheating.
So instead of a downvote ... you get a beer.
Mine wasn't as "impractical" as that (although the programming that we did do, did perhaps focus a little too much on near-metal-banging (pointers, malloc, etc) in C, which are things I have never needed to worry about since, as they are dealt with lower down the software stack (although I certainly do acknowledge that we do need at least some people with those skills in order to write, and optimise, those lower parts of the stack).
But, unfortuntately, much of the "theoretical stuff" mainly seemed to be indulgence of the academics' pet areas of research, and rarely anything which gets any real-world use (eg, lambda calculus) or was more than a passing fad (at least a couple of unpleasant courses whose content I have now entirely forgotten).
To be perfectly honest, I think I have learned far more from the web (yes, including various Wikimedia sites, with pinches of salt duly applied), forums, well-written official documentation (yes, it does sometimes exist!), and the O'Reilly menagerie, than I ever did from my first university degree.
The university undergrad experience should really be more about a love of learning in general, learning how to transition into an adult, making new friends and networks, undertaking new experiences, and broadening your worldview.
Unfortunately, coming from a deathly-uninspiring smalltown background, after many years of teachers' strikes (where the teachers' "work to rule" neglected the unwritten part of their mission to help their students grow and blossom as well, unfairly hurting those who had no part in their battle), and then to a university that turned out to be rather more homogenous in its student cohort than the prospectus had implied (so that most of us had all had the same stunted childhoods (but of course were unable to realise that at the time)), meant that it wasn't quite the full experience that it should have been.
You speak like you expected/intended your education to be something that someone else gave you (at school), or perhaps a one-and-done sort of thing? How sad.
I learned more science by reading the 500 & 600 section and subscribing to Scientific American & National Geographic (back when they were useful) than there was ever hope for me to have learned in the thin slice of time listening to someone try to explain things they themselves barely understood in K-12.
As the previous poster mentioned, the critical skills that are needed are not "practical" (and don't go on a resume').
1) The ability to learn new skills. The world is changing, you must keep up. I have literally had my job description completely rewritten between when I accepted the offer and when I showed up the first day.
2) The ability to recognize your own blind spots. The "unknown unknowns" are what kill us. Overcome Dunning-Kruger or be stuck being the one others clean up after.
3) Diligence. No matter how many layers we put between you and the bare metal, there will be tasks that are fundamentally repetitive and non-scriptable. (Think about writing good tests.) Disciplining yourself to doing it right every time.
Yeah, I was a hardass to my calculus students.
Searched for the Beefeater site yesterday and google gave a http link which didn't redirect to https once on it which I thought was odd for this day and age.
To view a menu it wanted my postscode and while it's not the end of the earth for that to be sniffed, it felt too dirty to post it over http so I had to manually change it to https.
My name was a good few years of nagging at el register to https up and it took google to start giving horrible chrome messages and lower search engine ranks to http site before it was changed. Anyone company not using https now should be considered lazy and not fully competent imo.
>> "I presume the BBC is responsible for the infrastructure?"
> Why would they be?
Because TV Licensing _limited_ - the privately owned company which is responsible for actually collecting TV licence fees - is a wholly owned subsidiary of the BBC which then contracts operations out to Crapita and IBM.
It's a nice incestuous little circle jerk when you start digging into it.
"Because TV Licensing _limited_ - the privately owned company which is responsible for actually collecting TV licence fees - is a wholly owned subsidiary of the BBC which then contracts operations out to Crapita and IBM.
That's not quite how it works, according to published information. Maybe your description is equivalent, maybe no one has challenged it for the last few years, but here's an extract from an official description:
https://www.tvlicensing.co.uk/about/who-we-are-AB4
" 'TV Licensing' is a trade mark of the BBC and is used under licence by companies contracted by the BBC to administer the collection of the television licence fee and enforcement of the television licensing system.
The BBC is a public authority in respect of its television licensing functions and retains overall responsibility.
Responsibilities of TV Licensing contracted companies
Capita Business Services Ltd Administration and enforcement of the TV Licence fee.
PayPoint Plc Over-the-counter payment services in the UK mainland and in Northern Ireland.
[continues]"
If there was an actual "TV Licensing Limited" I would expect to see evidence somewhere (ultimately, official records at Companies House. Have you got any?
The big-picture concept of contracting this stuff (collection AND enforcement) out to organisations like Crapita and friends still stinks. As it often does elsewhere. But sometimes details matter, as well as the big picture.
Because some people may want to visit the http version of a site - for testing purposes for instance or the https version of the site may be an entirely different site altogether or a security or certificate problem may mean the https version is down while the http version is up etc etc.
Having a third party decide that it is going to disregard your wishes and the site owner's wishes is not a great solution - they'll be removing parts of the url completely next.
Maybe a popup to say there is a secure version of the site and would you like to visit it?
Maybe use HTTPS Everywhere extension which will use https?
Simplest answer
The BBC is just the governments propaganda machine anyway. Fund from general taxation and cut all the costs out straight off. They have a list of all the houses in the UK without a licence and bombard you with letters and visits demanding that YOU prove to them you dont need a licence with very threatening letters. Frankly better off without any of it.
BBC can be funded by either:
a) general taxation
b) pay per view/subscription like sky
c) advertising
d) selling their 'wonderful' programs (mmm... teletubbies, total crud, perhaps by having to sell the programs they might just decide to make programs worth the effort????)
The tv licence model is broken, out of date and ridiculous, like most other government taxation.
Long over due to move to a single tax and single benefit system so we can really understand just how much we are being screwed by the government of the day.
No idea why you have so many downvotes.
The BBC are happy enough to pay Gary Lineker, Chris Evans and Graham Norton, a ridiculous sum of cash for what is questionable talent.
If anybody has seen Idiocracy, it should be fairly obvious why TV is the way it is
Love Island?
Big Brother?
Celebrity get me out of here?
If these programs are not the result of an ever increasingly stupid population, I dont know what it
Not giving the BBC a carte blanche defence, but if you're going to criticise them, it doesn't help to back up the attack with...
> Love Island?
ITV
> Big Brother?
Formerly Channel 4, now Channel 5
> Celebrity get me out of here?
ITV
(Just to clarify for readers outside the UK- none of those are BBC stations).
"scrap tv licence
Simplest answer"
Yes, but not for the reasons you're pushing.
Radio licensing was scrapped in the late 1960s for the simple reason that with the advent of transistorisation there were too many radio sets to keep track of and the licensing income wasn't worth the hassle. TV licensing was kept because TV sets were large, cumbersome and easy to track.
Times and technology have changed and now TV sets are as ubiquitous as radio sets were at the time their licenses were scrapped.
The assumption since the 1970s has been that "every house has a TV set and every one without a license is a dodger" - with "TV detector vans" mainly being minibusses and the "detectors" being people looking for aerials or the telltale signs of a TV in use (flickering lights and the warbling sounds of coronation street coming from premises which supposedly had no TV)
You'll notice that receiver licensing is no longer a radio regulatory job: that should give a big hint as to its actual necessity.
we're not aware of anyone's data being compromised.
Well, if you're not using HTTPS, you wouldn't be aware of it, almost by design. Not being aware of the man-in-the-middle doesn't mean he isn't there. All it takes is a poisoned DNS server, redirecting requests to a proxy, and someone can be listening in on all the unsecured connections for any domain that DNS server is serving up the address for.
"Well, if you're not using HTTPS, you wouldn't be aware of it, almost by design."
It would be "very good" if the ICO (or the EU privacy oversight watchdogs) declare that it's a prima facie data breach to use http for ANY kind of entry of personal data, regardless of provable data breach - and if there is a subsequent data breach then failure to use https adds a multiplier to the fines.
Anyone noticed HTTP / HTTPS breaking while trying to Check-In online or when Printing a Boarding Pass? You're taken to the Parent-Airline site first to authenticate (HTTPS). But then they send you to the Subsidiary-Airline site (the airline you're actually flying with), to enter Passport and other personal details before issuing the final boarding pass.
That can even just be a random 3rd-Party site (again over HTTP only).... WTF airlines? Get your sht together! The only solution is hold off / don't use it, wait in line at the airport. Might be better anyway, as the amount of server-side user tracking its already toxic:
-
Emirates / Lufthansa dinged for slipshod online data privacy practices
https://www.theregister.co.uk/2018/03/05/emirates_dinged_for_slipshod_privacy_practices/
"That can even just be a random 3rd-Party site (again over HTTP only)"
Any of this is grounds for a complaint to the ICO and making sure that El Reg (amongst others) has enough detail to make it impossible for the airlines to brush off or the government numpties to sweep under the carpet.
"Who" is subject (the person doing something), "whom" is object (the person or thing to whom something is being done by the subject).
Who am I? A grammar pedant.
I am trying to help improve the grammar of the person to whom the glass house belongs.
(I was going to write: "I am trying to help improve the grammar of the person whom lives in the glass house", but I have a feeling that's not right. Is that person the subject of that part of the sentence again, or is it that we use "whom" so infrequently nowadays that it almost always sounds unusual? Or is it that English has such lazy grammar, barely conjugated verbs, vestigial cases, and that most of us who learn it as native speakers sadly aren't really taught very much formal grammar at school so that it is very hard for us to work out what's right and what ain't?)
"privilege" ... seem to remember that features in about the first paragraph of the California Driving code where it explains being given a licence to drive a care is a privilege that that state grants you and not a right. At least in the UK they don't take rescind your privilege for owning magic picture devices for breaking completely unrelated rules.
Do you mind telling the TV licensing gang of that little detail?
They seem to equate "no tv license" with "they need a tv license" irrespective of how someone uses their TV
Anybody who disbelieves this, I highly recommend you to cancel your TV license, remove all BBC channels from your tuned TV, and then watch the highly threatening letters roll in from the BBC tv licensing gang.
By all means vote down, it wont change this little fact
Anybody who disbelieves this, I highly recommend you to cancel your TV license, remove all BBC channels from your tuned TV, and then watch the highly threatening letters roll in from the BBC tv licensing gang.
And they are just that - threatening letters. To prosecute you, they need to prove that you own a TV, use it to receive broadcasts, and are not paying the licence fee. Unless you are silly enough to be watching BBC news in front of the window when their 'enforcement officers' call by, then they don't have that proof. They can't enter your property without a police warrant, so if they come calling (which is vanishingly unlikely), you can quite legally tell them to fuck off and close the door.
So, those threatening letters? Just cross out the address, write 'return to sender' on the top and pop it back in the nearest post box. At least that way, it's not cluttering up your household recycling.
"silly enough to be watching BBC news in front of the window when their 'enforcement officers' call by... can't enter your property without a police warrant, so if they come calling (which is vanishingly unlikely), you can quite legally tell them to fuck off and close the door."
You can also revoke the assumed right of access to your property. This is the right that people - postmen [I use that term to cover post persons of all genders and sexual identities], Jehova's witnesses, etc etc - have to come up your garden path and knock on your door. But you can revoke it - in writing to Capita - and if they then encroach on your property they are breaking the law.
You don't need a license for a TV.
You need a license to receive TV signals at the time of broadcast. That covers TVs (all channels, possibly including satellite, not just BBC content), computers, and recording devices.
It caused an interesting edge case where it was illegal to watch iPlayer live, but not five minutes after the broadcast ended. They've now closed this loophole and you need a license for all iPlayer content, regardless of when (or if) it was broadcast. That's why you need a login for iPlayer nowadays. (That statement has been downvoted in the past, but contacts in Capita & BBC have assured me it was the driving force behind BBCID).
You don't need a license to have a TV for gaming, computer use, watching purchased prerecord (films, tv, etc), or streaming services like Netflix. Pretty certain you can watch the iPlayer equivalents from ITV/C4/C5 freely, but I haven't checked. I believe that watching broadcast TV that someone else recorded for you is against the rules, but god knows how they'd know.
I believe there used to be a few places where you didn't need a license if you only watched ITV/C4 but that was because BBC signals weren't available in those areas (presumably coastal areas with high cliffs or something. Those dark spots no longer exist.
Actually you need the licence to watch ANY broadcast.. including nonBBC, amazing but true... even includes your satellite viewing.
It will be worse, in Germany you need a TV licence for a radio or the internet. In fact they even managed to take a guy to court despite he lived in the woods with no electric.
But you are right the TV licence people dont use a detector van any more, they just send a letter a week to any address with no licence and a thug a month.
'can I come in and check...' NO... another visit, the court, the police, and ... oh but you haven't a tv followed by a carry on of the pre discovery carry on.. they dont even give up if you die
Why on earth would you use http for the admin interface on anything? For crying out loud, I'm no sysadmin for anything, but that's just ridiculous.
Oh, wait. Which article am I responding to? Umm... Well, yeah. Same, song, next verse. Otta get better, but it's gonna get worse.
We need a mass facepalm icon.
This post has been deleted by its author
The same happened with my flat managing company (Warwick Estates since you weren't asking). They were using zendesk chat and had hardcoded "http://" meaning all chat was unencrypted. They had no idea what I was talking about and it was only when I went to zendesk and got them to confirm it, they actually changed it.
Similarly, NHS jobs, until 2 weeks ago, was doing passwords and logins in the clear.
Last year I found the same with credit card details for bookatable. Again, hardcoded 'http://' on a 'back' button.
I am not even an IT professional. This kind of stuff is everywhere.
Naturalky no one has ever thanked me. But I'm not in this for the praise.
That's a good point, and one of the reasons why conventional email really does need to be replaced by a new, open, interoperable, and of course, secure/encrypted, messaging protocol (as GPG, etc, are just too complicated for almost everyone to use).
At least reset codes usually have a validity window, which restricts the time a black hat hacker has available to try to sniff your email. I have received some recently which have had as little as a 10 minute validity window (obviously, if someone has already intercepted your email account, that's still alarming, but, basically it still comes down to the point that we need to rethink email).
Ahh but as far as the unwashed masses are concerned, it is the appearance of security, which gives them confidence to use the interwebs.
if all were so enlitened, the first $1trillion dollar company would be GE in like 20 years, as everyone would have left the security free cesspool that is the internet alone.