* Posts by John Robson

1840 posts • joined 19 May 2008

Mo' money mo' mobile payments... Security risks? Whatever!

John Robson
Silver badge

Re: No thanks.

"As for using a smart phone for my banking, no thanks. Why should I pay the likes of Apple or Google for the privilege of paying a bill? Finally I do not have a smart phone and no wish to get one."

Erm - you don't.

It might be that the merchant gives them a kickback - but the bill to you is the same either way.

If you already have a smartphone it is therefore a zero incremental cost option.

2
0

UK not as keen on mobile wallets as mainland Europe and US

John Robson
Silver badge

Re: Define "regularly"

"since by law you are required to have your drivers license on you when driving"

Are you? - I'm not...

I am required to be able to present it at a police station within 7 days of it being requested - but that's pretty easy.

Obviously for large scale reading etc I prefer an e-ink display, or even (gasp) dead trees... but when I'm out and about, I can easily have a book shelf with me in case I end up waiting for something...

For serious photography I use a DSLR, but for snaps (the majority of my photography is recording family moments) - the phone camera is actually pretty good.

But the point is that the phone does sufficient things that it's useful enough for me to be carrying anyway. At that point the fact that it can be used as a card (with no more time at the till, I open up the wallet and authenticate whilst my stuff is being scanned, and present it as I would a card, takes half a second) means that there is yet another thing I don't need to carry most of the time.

If I am going shopping shopping then I'll grab the wallet - but that's mostly to be allowed to spend over the £30 limit. It's also a good way to limit expenditure, because I can't buy 'big' things without deliberately going out to do so...

1
0
John Robson
Silver badge

Re: Define "regularly"

I've stopped carrying my wallet around nowadays...

Paying by phone is somewhat more secure than by contactless card - because I have to unlock the device (either by passcode or biometric).

Do most mobile wallets pass the debit/credit card details to the merchant, or just a one time token. Because if you don't trust the merchant then that might be another driver for mobile wallets.

Personally it just means I only need to carry one thing, after all it's replaced the walkman, books, the camera, the calculator, the diary, the alarm clock, the address book, the Filofax... the library even...

Why not replace a bit of plastic as well?

10
8

Three challenges UK watchdog to a duel over mobile spectrum rules

John Robson
Silver badge

Re: What really pisses me

It's not really taxation if you don't overpay for your mobile service.

I pay a few pounds a month, and only once in the last several years have I added another few pounds to boost the data (and that was abroad, so lots of remote data (a lot of it being mapping) being used).

I see shops advertising £30,40,50 pound a month contracts... and I generally just walk on by.

I *do* pay ~£30/month for a specific application for two months, but then a radio studio generates significant upload traffic - 40GB over the course of four weeks.

That is something I am happy to pay for, and I don't see £50-60 (often easiest to buy as two months, with the 'month end' in the middle of the broadcast period) as an excessive expense for a continuous 128kbps stream (well, I have it relayed, so I don't pull data when no-one is listening) and to enable remote access for me to start the auto-DJ in case a presenter has forgotten to enable it...

2
7

Australia reviews defence export controls, perhaps easing cryptography research

John Robson
Silver badge

Re: "exploit licenses"

Not quite how PGP got out and about:

https://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_investigation

It's a pretty good story - I was vaguely aware that it had been printed, and had assumed that that was how it had been exported, but that was apparently a legal wrangle later in the process.

The initial export was as an upload to a newsgroup with a 'US Only' tag (because the author didn't, at the time, know all that much about how usenet routed messages).

2
0

Connect at mine free Wi-Fi! I would knew what I is do! I is cafe boss!

John Robson
Silver badge

Re: Obession with (free) Wi-Fi

" If I connect to a wifi network not on the list, or over wireless data, it fires up the VPN. "

But what happens to traffic generated before the VPN is established? Does it get routed insecurely, or is it blocked until the VPN is up?

That's the key.

I only want the VPN establishing traffic to leave my phone/tablet/laptop, unless I'm at home/work.

5
0
John Robson
Silver badge

Re: Obession with (free) Wi-Fi

Free WiFi + VPN.

I wish you could add a flag to a WiFi connection to say 'connect to this, but don't allow any traffic out until the VPN is up'

37
0

EE!? The sound customers make when the interwebz don't work

John Robson
Silver badge

Why would failed DNS break VPNs - surely if you are running a VPN then you either have split DNS or you use DNS provided by you VPN provider?

4
2

Ad blocking basically doesn't exist on mobile

John Robson
Silver badge

1Blocker here

But I suspect that elreg readers are in a minority smaller than 1%, and I'm not even in Canada/USofA

4
0

GTFO of there! Security researchers turn against HTTP public key pinning

John Robson
Silver badge

Re: Still think DNSSEC gives us the better solution here...

DANE it is then - I'm surprised it took 7 years to get from DNSSEC to DANE, it took me about 30 seconds to realise that it was a pretty damned good way to distribute public keys. (I stopped actively mentioning it and looking for it about 7-8 years ago (job change)).

DANE support being baked into browsers would make life much easier for many people. I could pin the top level let's encrypt CAs and forget about it for a long while.

We could also drop most of the root CAs from browsers (or at least devalue them to orange padlocks or something, until explicitly trusted (per site or globally?))

As mentioned below - the CAA record does some of the same, although the actual keys are still not explicitly presented.

3
0
John Robson
Silver badge

Still think DNSSEC gives us the better solution here...

If you run HTTPS then publish your cert in your DNSSEC authenticated DNS records.

It's not necessarily fully sideband communication, but it's pretty close to it.

If I can't find your cert in your DNS then I have to trust the CA, if I can find it then it could even be self signed (I do need to trust the holders of the root DNS keys, and the chain below that, but I think they have demonstrated themselves more trustworthy than most of the CA's baked into all our browsers).

To be fair - this could be combined with the above idea (Chronos) and put the CA cert in your DNS...

You need to keep some eye on when that changes, but you need to do that what/how-ever you are pinning.

11
0

'Driverless' lorry platoons will soon be on a motorway near you

John Robson
Silver badge

"The driver is still going to have to concentrate on the road. It's not full autopilot being proposed just speed control."

Yes they are initially proposing a lower level of assistance - but the end game is what we are concentrating on.

In the same way that Mercury and Gemini were useless at getting men on the moon... except that they weren't.

2
0
John Robson
Silver badge

Getting to the major road is easy - you use a driver.

Getting from the major road is even easier than now - you use a driver who is rested rather than one who has spent the last n hours concentrating on the (almost unchanging) road around them.

This should reduce the tendency of HGV drivers to suffer from fatigue towards the end of their journey.

6
6

India's Aadhaar national biometric ID scheme at risk after Supreme Court rules privacy is a right

John Robson
Silver badge

Re: upcoming conflict

Sold to the highest bidder?

And then to the next highest a month or so later, and so an and so forth...

3
0

Kill animals and destroy property before hurting humans, Germany tells future self-driving cars

John Robson
Silver badge

Re: Who - "invisible" objects

TitterYeNot

It's in there because it is purely for the convenience of motorists - as is much of that document. The UK is a pretty heavily car biased society (not quite as bad as the USA yet, but we're getting there).

Have you checked out Rule 126:

Drive at a speed that will allow you to stop well within the distance you can see to be clear.

That's not - can't see that there is an obstruction - it's *can* see that there *isn't*.

Around most towns and cities, and most major roads there is sufficient street lighting to make people visible whatever they are wearing. On minor roads the addition of your own headlights, and the fact that the pedestrian would be walking in such a way as to see you coming, change things a bit - but you should still be able to see a pedestrian from quite a distance.

The issue is almost never one of visibility - it's one of attention but the person with the lethal weapon.

My observation of the behaviour of a significant minority of motorists is that they treat the speed limit as a minimum speed, with anywhere up to ten miles and hour above being considered 'reasonable'. If they come across anyone doing even 'only' the speed limit they will overtake whether or not they can see far enough to complete the manoeuvre safely. They will ignore the double white lines on the road in order to do so...

In the context of people who simply don't look down a road when they take actions behind the wheel of a car it is pure victim blaming to suggest that 'they weren't wearing stuff' when the reality is that (many) motorists just don't look - or rather that they look, but only for other motor vehicles, not for clear tarmac.

The attention video is well worth a watch...

https://www.youtube.com/watch?v=vJG698U2Mvo

3
2
John Robson
Silver badge

Re: Who - "invisible" objects

"When I see bicycle riders and pedestrians crossing in all black clothes at night in the rain"

Can I just point out the irony... "When I *see*". People in suits aren't instantly invisible, I don't lose my feet because I've put black socks on...

There is no requirement in law (or sense) for a pedestrian (or a fallen tree, or a concrete block, a landslide or a cow) to be wearing something which you might consider a convenience to you. The requirement for cyclists is that the vehicle (not the rider) shall have a red reflector to the rear, as well as a legally compliant light. Note that these can be as dim as 4 candela, and flashing, 50% cycle, at 2-4Hz. Pedal reflectors are *sometimes* mandatory (older bikes are exempt).

Although as you have already pointed out - you can see these people dressed in black, so what's the problem... The problem is that you don't want to drive in such a manner that you can stop in the distance you can see to be clear...

18
7
John Robson
Silver badge

Re: Who

"For self driving cars, we need a mandatory "black box" accident recording system, which is independently engineered from the car manufacturer but which records sensor data, control inputs and all around 360 degree video."

Why are you limiting this to autonomous cars?

It should be the case in *all* motor vehicles.

8
3
John Robson
Silver badge

Re: Who

"Like I've said before, I think autonomous cars should give priority to people who are "where they're supposed to be". So if there's a pedestrian on the sidewalk, the car should not be permitted to deliberately leave the road and kill them to avoid a worse accident."

The US has a perverse set of regulations which were imposed by the motor lobby.

The civilised world doesn't criminalise walking along rights of way. Pedestrians are absolutely entitled to be on any section of the highway (with the exception of some roads, motorways).

A pedestrian crossing a road is an expected hazard around the civilised world (not that there are exceptions for pedestrians who step off the kerb whilst within a few metres of your vehicle, but you should still be driving slower around places where that might happen).

The US (implied from your use of the word 'sidewalk') is far from civilised when it comes to transport.

20
4

El Reg gets schooled on why SSDs will NOT kill off the trusty hard drive

John Robson
Silver badge

Re: There is more to storage than performance

"I am very sceptic of flash replacing disk altogteher as well. One of the points is, that flash performance is simply not needed for many applications. The video industry as an example has a highly sequential access pattern, enormous dataset sizes and a well-defined performance profile, that simply needs not be made faster. That's why they use disk for most of their data."

Yep - idle power consumption is another pretty important factor, particularly in the low concurrency world of the home user.

If a flash manufacturer could get their head around that user group then we could potentially see some rather large, very lower power storage devices that don't have infinite IOPS, but are capable of pulling data in over a decent LAN connection and pushing out a couple of HD/4K streams simultaneously.

But Disk is dead - long live disk.

Tape is dead - long live tape.

SSDs are dead - long live SSD (although I suspect that SSDs are the most vulnerable of these to being replaced by something completely different)

9
0

Calm down, internet. Elon's Musk-see SpaceX spacesuit is a bit generic

John Robson
Silver badge

Re: Double vacuum

"I'm trying to think of a situation where the pressure increases inside a space suit."

Safety factor is an engineering thing...

You test to double the stress expected to give some margin of safety in operation...

"How do you know you know what he means, he's talking gibberish"

Clearly double vacuum means that the pressure difference has been tested tontwice the difference expected in use - normally done by adding air to the suit until its well above atmospheric pressure...

11
0
John Robson
Silver badge

Double vacuum

Isn't double zero the same as the square root of naff all?

(Yes, I know what he *means*, but that's less funny than the wilful misinterpretation)

15
3

PayPal, accused of facilitating neo-Nazi rally, promises to deny hate groups service

John Robson
Silver badge

Re: So no service for the White House then...

"Why is it 'as much as they can reasonably do'? PayPal isn't a Government-funded charity that must serve all without question. It's a private company. As long as it itself doesn't break laws, it can take or reject those who it feels have broached the contract between them."

Because such discrimination is, quite rightly, illegal.

If a baker can be hung, drawn and quartered for refusing to bake a specific cake (not for refusing to bake for the couple, but refusing a specific commission) then we shouldn't be holding PayPal to a different standard. (yes, yes, UK/RoI vs US)

1
0
John Robson
Silver badge

So no service for the White House then...

Trying to define hate is rather difficult - because you tend not to see the hate you perpetrate...

Not that I would support the group in question, but this sort of 'won't do business with' is on dodgy ground... By all means keep an eye on their transactions and flag anything that looks potentially illegal, but that's as much as they can reasonably do.

7
4

Space boffins competing for $20m Moon robot X-Prize are told: Be there by March 31 – or bust

John Robson
Silver badge

Because a third stage isn't hypothetical - it's what virtually all spacecraft have.

What gets a satellite from GTO to a GO?

0
0
John Robson
Silver badge

SpaceX have a vehicle which can put a reasonably sized payload into LEO - much of that payload could be fuel - a third stage - allowing a small lunar rover to be sent to the Mün^Hmoon.

Another 8km/s (bearing in mind that some of that could come from the F9 second stage in a direct ascent launch) is achievable I'd expect. It's only ~doubling the dV of the F9 itself.

5
0

Ten spacecraft – from Venus Express to Voyager 2 – all tracked same solar flare

John Robson
Silver badge

Awesome

I like the 'add a couple of kilos to your spacecraft' recommendation (hopefully it won't need anything like that mass)

2
0

NASA delivers CREAM-y load to ISS to improve cosmic ray detection

John Robson
Silver badge

Re: Scientists and Acyonyms

They prefer BOB - backronyms...

1
0

Florida man is world's fastest flasher: Just 53 quintillionths of a sec

John Robson
Silver badge

Re: Video

Because you don't 'video' one electron - You take a series of images of electrons, a different one each time...

Then put those frames together to work out what happens when you stop knocking the electrons out of the way

3
0

Nimbus Data becomes OEM supplier of high-capacity SSD tech

John Robson
Silver badge

Re: Ok, I'll ask the inevitable

50 TB SSD would be nice, but for the average home user it doesn't need the stupendous IOPs or sequential data rates which are normally associated with large SSDs.

I'd pick up a couple of slow 10TB SSDs without too much fuss if they were vaguely price competitive (including power costs - 1W is worth about £1/year, and I expect disks to last quite a few years most of mine are 10 or so)

0
0

Uber drivers game Uber's system like Uber games the entire planet

John Robson
Silver badge

Uber doesn't have any workers...

At least that what it claims. Then again I'm pretty sure they'd claim that money didn't exist if they thought they could evade some more tax

15
0

Arcade Fire releases album on USB fidget spinner for £79/$105

John Robson
Silver badge

Re: Finite and Infinite

0/10 is perfectly reasonable as a fraction.

It's x/0 which becomes dodgy - and if x=0 it becomes really interesting because it's absolutely 0,1 or infinity depending on how you approached the 0/0.

And if I am a loan shark^H^Hpayday loan company then I charge you 1000% interest. That's an entirely correct (if immoral) use of percentages above 100%.

Fractions are a perfectly good way of representing any rational number (of which there are an infinite selection between 0 and 1), it's only when numbers become irrational than they fall down (unfortunately there are an infinite number of irrational numbers inbetween each pair of rational numbers IIRC).

YouTube Link

0
0
John Robson
Silver badge

Re: Finite and Infinite

£79 is infinite percent more than £0

Of course the £0 assumes you like ads, if you pay for Spotify then you have to allocate some of that monthly fee towards each track you play... every time you play it...

3
1

Microsoft Surface laptop: Is this your MacBook Air replacement?

John Robson
Silver badge

Re: ... but will it

"Why would you but a microsoft branded laptop to run linux?"

Because they have historically made some pretty good hardware. Albeit I'm thinking about mice and keyboards, so a completely different hardware class - but...

If they get the hardware right then why wouldn't you buy it?

1
1

NEWSFLASH Now even science* says moneybags footballers are overpaid

John Robson
Silver badge

Maybe that's just because they person they replaced was unpopular?

You can't make a single change...

0
0
John Robson
Silver badge

"Did they include how much the crowds are willing to pay to see them?"

Yes they did - although not in the statistical analysis - because are you willing to pay to see $soccer_resource^Hplayer or do you want to pay to watch $soccer_business^Hteam?

5
0

UK waves £45m cheque, charges scientists with battery tech boffinry

John Robson
Silver badge

Really?

> She admitted that a "good portion" of the research will "fail".

Research doesn't fail, unless it isn't published.

That's the only real failure possible - a failure to share what you learnt. OK, so you might not have learned how to put a a GJ of energy into something the size of a microSD card which can accept or release all that energy in a fraction of a second...

But you will have ruled things out.

8
0

systemd'oh! DNS lib underscore bug bites everyone's favorite init tool, blanks Netflix

John Robson
Silver badge

Re: Am I missing something here?

@John Hughes:

"If you are using bind9 then systemd is likely to be the least of your problems. Get a decent DNS package. I'd recommend unbound for a recursive resolver."

I like unbound for a recursive resolver as well, but what do you use for authoritative domains?

Last time I was building DNS servers (commercially) I put BIND internally and exposed it through unbound to reduce the attack surface...

0
0
John Robson
Silver badge

Separate file maybe...

"This file is part of systemd."

Even if systemd is spawning another of its own processes, it's still systems which is doing the resolving. Just get my system running, and log errors....

That's all I need you to do...

52
2

The Italian Jobs: Bloke thrown in the cooler for touting Apple knockoffs

John Robson
Silver badge

I hope...

... that there is something more specific in the charge labelled "structuring financial transactions", or every accountant and treasurer, homeowner, car leaser or... well, everyone has done the above...

8
0

I've got a verbal govt contract for Hyperloop, claims His Muskiness

John Robson
Silver badge

More importantly I can come up with several failure modes (some of which seem quite likely in the US) which don't result in instant death for someone right next to it, let alone 200 miles away on the same track...

1
0

Breathless F-35 pilots to get oxygen boost via algorithm tweak

John Robson
Silver badge

Re: I'd have to ask...

Destin did it on Smarter Every Day recently - as an illustration of why you put your own mask on before that of your kids in a plane.

However much your parental instinct is to do them first, you aren't going to get your own on afterwards... Whereas the kids being unable to put their mask on doesn't matter if you are doing it anyway...

YouTube Link

14
0

Testing, testing, 1, 2, 3, 4G: Tube comms trials for emergency crews

John Robson
Silver badge

Re: 2020?

That's bandwidth, not frequency - though there is some down at 700MHz

1
0
John Robson
Silver badge

2020?

I still don't see Airwave getting turned off by then...

I just don't believe that EE will be able to provide the LTE coverage that is required, or the resilience...

But hey, what do I know. Since we can make 'good guy only' backdoors in encryption I'm sure that the laws of physics* can be overcome as well...

*To be fair I haven't checked what the minimum available carrier frequency of LTE is, so it might be just about possible if they invest very heavily, and cooperate with AW to access all the sites that they have in discrete locations (like national parks etc)

1
1

Electric driverless cars could make petrol and diesel motors 'socially unacceptable'

John Robson
Silver badge

Re: "Having a level 5 autonomous vehicle would be very nice indeed."

"The key words here are "a very significant proportion" because "a very significant proportion" doesn't mean "all". But it needs to be "all' if you want to take the driver out of the equation. As long as you require some occupant interaction/supervision/emergency override you require a sober, alert, non-distracted occupant. So forget about watching movies, sleeping, writing code, etc. Said another way, Level 4.8 isn't almost Level 5, it's just Level 4."

Unless it can be level 5 on motorways, and 4/3/2 elsewhere.

I see that as being achievable relatively easily - motorways are by definition and design simple roads to drive, with limited vehicle types, limited speed differentials, all the junctions are of one basic type (merge out/in) - navigation is simple as well...

If I can drive the 5 miles to my nearest motorway junction and then rest/relax for 5 hours before getting prompted to take back over for the last 20 miles then my capacity for paying attention in those last 20 miles will be vastly improved over the version of me that has been paying close attention to the behaviour of all the other vehicles on the road for the last 5 hours - that's just inevitable.

And of course in all likelihood the car will be monitoring my off motorway driving and providing alerts, or even emergency inputs, as well - which would be an additional boost to the safety of my driving.

It's coming, and I hope it will be here fairly soon.

However I do get a little concerned by the apparent tie-in people see between the driving technology and the power technology. Just because Tesla are doing a pretty damned good at both, doesn't mean they have to come together... I've seen some pretty decent stuff from Mercedes autonomous division with petrochemical propelled vehicles.

0
0

UK.gov snaps on rubber gloves, prepares for mandatory porn checks

John Robson
Silver badge

Re: but...

Closing the barn door, despite the whole barn having been destroyed in a tornado...

https://www.google.co.uk/search?q=pointless+gate

0
0

Pastor la vista, baby! FCC enforcers shut down church pirate radio

John Robson
Silver badge

Re: "The cost is about £5-6k/month"

"Apologies in advance if I'm missing something here"

We use RSL rather than Community licensing, since we broadcast for 28 days (as constrained by the RSL, we might do 30 odd otherwise).

I haven't looked at this year's fees, but in the past few years it has been a very significant fee, and the PPL/PRS fees were significantly larger for FM than IP broadcast. IIRC the IRN fee was also increased for FM over IP as well. Then you have to link the studio and transmitter, and the radio license for an STL isn't cheap.

As a complete aside... my VPS provider kindly waives excess bandwidth charges for that month as well (which makes it safer from my perspective)... So the comparison is with a two month phone contract, so about £55 for the duration, and the PPL/PRS/IRN online fees (all lower than their FM equivalent)

0
0
John Robson
Silver badge

Re: "The cost is about £5-6k/month"

25W at 25m altitude (which is the standard restriction) gets up to about 10 miles, with reasonable coverage - given favourable geography it can get a fair way further as well...

1W is obviously significantly lower power, but the transmission strength decays as r^2, so ~2 miles is a likely approximation - not quite a whole town (unless you are in a geographically convenient location)

0
0
John Robson
Silver badge

Re: "The cost is about £5-6k/month"

PPL, PRS, News ... I've got all the radio transmission kit (except the STL, which is now harder to get because of rf licensing changes - but adds another £600 or more onto the costs).

FM is an expensive proposition for a charity - we just can't afford it any more :(

1
0
John Robson
Silver badge

Re: I think someone may have reported them

Even relatively cheap FM kit can be pretty tight though. The stuff I use is old, and wouldn't have been expensive (or new) when we got it.

I put it into a high quality RF analyser (joys of working where Indid) and it was an almost perfectly clean spike... certainly none of the harmonics were stronger than about 100dB down.

3
0
John Robson
Silver badge

"AFAIK it's not actually very expensive or difficult in the UK to get a transmission licence for a local, low power FM station. One suspects that part of what makes them "better" is the whole living dangerously on the edge thing."

As it's something I try to do each year... (legally I might add)

The cost is about £5-6k/month

That includes the FM license and the music licensing, as well as a pittance to buy in national news for 2 minutes an hour.

Recent loss of grants for youth work has left us in a position where we are now online only. The music licensing is far cheaper than for FM, and of course there are no FM licenses.

Buying the right mobile phone contract, at the right time, to allow for 24/7 streaming is the new challenge...

6
0

Forums

Biting the hand that feeds IT © 1998–2017