* Posts by Chris Hills

101 posts • joined 17 Jul 2008


Hold horror stories: Chief, we've got a f*cking idiot on line 1. Oh, you heard all that

Chris Hills

Re: Careful of what you write

Back in the day we used RMS Service Desk. There were two notes fields, one for the customer to view, and one for the technicians.

Wow, fancy that. Web ad giant Google to block ad-blockers in Chrome. For safety, apparently

Chris Hills

Re: Google are crafty

TLS v1.3 will render these middle boxes useless.

Chris Hills

Re: Own DNS server?

This is why they are pushing DNS-over-HTTPS. When the application does its own dns lookups, you lose the facility to block using your own DNS server or hosts file.

Chris Hills

DNS blocking will not work for long...

To those suggesting using a dns server which blocks domains, this will likely also be subverted in the future as browsers implement DNS-over-HTTPS which bypass your DNS server altogether. Whilst you have control over it today, I would not be suprised if Google forces Chrome to use its own DoH servers in the future.

Error pop-up? Don't worry, let's just get this migration done... BTW it's my day off tomorrow

Chris Hills

My story

I was once asked to go live on an email migration project the DAY before I finished my job, with no handover in place (~1000 users). I hope that worked out for the best.

A year after Logitech screwed over Harmony users, it, um, screws over Harmony users: Device API killed off

Chris Hills

No more lock-in

This is why I am building my home automation so that I am in complete control. At the coal face are simple sensors and relays with arduino and rs485, and I plan to use the open source Mycroft to replace Amazon Echo. I will probably write the software myself or use something existing like home assistant.

It's been a week since engineers approved a new DNS encryption standard and everyone is still yelling

Chris Hills

Re: Tough

Nobody is forcing you to use Chrome or Firefox, and these are not the only applications that use DNS. You are incorrectly conflating web browsing with the whole internet. I can use whatever device and whatever software I choose so long as it adheres to the internet rfc's.

Chris Hills


I am not a proponent of DNS-over-HTTPS, but on the other hand it is just another application that runs using the internet as transport. Users are free to use it if they want to, and it is not for network backbones to pick and choose what to allow. This is sadly why new protocols like SCTP have not been able to gain traction, because a lot of operators just block them. At the end of the day no one person or organization can make the decision for the rest of the internet. Every day I get more and more surprised it still works at all.

GitHub lost a network link for 43 seconds, went TITSUP for a day

Chris Hills

Re: re: Why did GitHub take a day to resync

One concept Microsoft (afaik) came up with is that of a RID master. It gives out blocks of numbers to other servers upon request. When the server passes the watermark it will preemptively request a new block. In the case of a loss of connectivity, it can still create new objects until the block is exhausted. I thought this could well be applied to database replication.

Budget 2018: Landlords could be forced to grant access for full-fibre connections

Chris Hills

Re: "but a lot of landlords, especially those with blocks of flats just ignore them"

It's not ideal but perhaps this could be solved using an external service riser, just for fibre-optic cables. Alternatively, the floors could be configured in a bus with active equipment or taps from top to bottom.

Chris Hills

Gas distribution networks do not just connect properties for the fun of it. If you want a new connection you will often pay £1000 or more for the privilege.

Here you go, cloudy admins: Google emits NATty odds 'n' sods

Chris Hills

Still using IPv4?

You don't need NAT, you need a FIREWALL.

Google taking action against disguised code in Chrome Web Store

Chris Hills

Re: Google taking action against disguised code

If you want to see just how deep Google's tentacles run in Chrome, take a look at the github project https://github.com/Eloston/ungoogled-chromium

Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security

Chris Hills

Personal Data

Right now the only options for MFA are OTP-SMS or TOTP with the Microsoft app, so either you hand over your phone number, or you install a Microsoft app on your phone. I would much prefer using FIDO U2F keys where the key is generated and stored on the key, and cannot be copied. It is as good as a physical key, without which the lock is nigh on impossible to pick. Unlike FIDO2/WebAuth the key is write-once and in my view more secure. For instance, if I generate a key on my computer and install it on the phone, it is possible for the key to be copied, which is "not possible" with a FIDO U2F key.

Microsoft Azure gains Availability Zones and Immutable Blobs

Chris Hills

Re: "can be created and read, but not updated or deleted"

How is this different to an access control list? An administrator could surely just delete the entire pool, or are they saying they guarantee it will be there for time immemorial?

Solid password practice on Capital One's site? Don't bank on it

Chris Hills

Try typing this password

Edit, el reg does not handle unicode very well...

"The post contains some characters we can’t support"

The original was, as unicode codepoints: U+00F6 U+00BB U+0182 U+0236 U+00AE U+0130 U+014B U+01EC U+1F61B U+0116 U+1F63C U+2601 U+1F633 U+262D U+263E U+0147 U+2628 U+1F62A U+022B U+262C U+2649 U+1F63D U+00CF U+0137

Or in HTML escaped: ö»Ƃȶ®İŋǬ😛Ė😼☁😳☭☾Ň☨😪ȫ☬♉😽Ïķ

Supermicro wraps crypto-blanket around server firmware to hide it from malware injectors

Chris Hills

Is this a good fix?

When I buy IT products, I despise not having control of them. Limiting updates to the manufacturer enforces lock-in and obsolescence. There is a middle-ground where-by a physical jumper could be provided when an update is to be applied.

Official: Google Chrome 69 kills off the World Wide Web (in URLs)

Chris Hills

And yet...

Still no support for dynamic discovery of web servers which would make sense by putting in the top level domain, and has the added benefit of fall back servers and non standard ports. For example example.com -> NAPTR E2U+https _https._srv.example.com -> [2001:22:33:44::385]:5443,

HTTPS crypto-shame: TV Licensing website pulled offline

Chris Hills

Kind of, Capita gets the majority of the work but there are other contractors. I presume the BBC is responsible for the infrastructure?

Excuse me, but your website's source code appears to be showing

Chris Hills


These days most source code is embedded in the page itself. Web sites that do not require javascript are getting few and far between. That said, webassmbly seems to have taken off like a rocket so the only javascript in future may be a thin glue layer.

It's official: Chocolate Factory anoints Tink crypto as Google project

Chris Hills

Re: Great, but...

In a company as large as Google, NIH can equeally apply to other teams as well as other companies.

Chris Hills

Great, but...

Why not simply submit pull requests fixing some of the issues in BoringSSL, another case of NIH?

GitHub goes off the Rails as Microsoft closes in

Chris Hills

AKA we're cashing in on the hard work of open source contributors.

UK.gov to tech industry: Hands up who can help cut teachers' admin

Chris Hills

Is anyone keeping track of all the failed government IT projects.

Infrastructure wonks: Tear up Britain's copper phone networks by 2025

Chris Hills

No PON thank you

Surprise surprise Openreach is going down the PON route so it maintains control of the physical layer (as opposed to PTP fibre where ISP's can deliver their own wavelengths to customers). I would like to see more smaller companies, maybe even community non-profits laying the fibre to stir up more competition.

Juniper pours a shot of its data centre juice into campus networks

Chris Hills


This sounds like SPB (shortest path bridging) under another name.

Microsoft gives users options for Office data slurpage – Basic or Full

Chris Hills

Re: Corporate users?

This is not something you can lobby your MP about. It's a simple market choice. If you do not like what the software does, go elsewhere. There are plenty of alternatives available, both free and commercial.

Cloudflare promises to tend not two, but 65,535 ports in a storm

Chris Hills

Why only IPv4?

The internet is moving on, IPv4 is legacy.

Application publishing gets the WebAssembly treatment

Chris Hills

I run apps in the browser with a poor man's citrix environment using xpra from the winswitch project.

Cloudflare touts privacy-friendly public DNS service. Hmm, let's take a closer look at that

Chris Hills

Ain't it funny

They block edns client subnet, thus reducing performance for those using dns-based balancing, when they run their own anycast network. Unfortunately most end users will not realize that by using cloudflare's dns they are actually making performance worse for some sites. They argue that this is due to privacy but most dns lookups not for research purposes result in a tcp or udp connection to the domain name being queried anyway.

MailChimp 'working' to stop hackers flinging malware-laced spam from accounts

Chris Hills


The reason people have to resort to commercial mail services is because of the cartel that has a stranglehold on mail delivery. This might make domain operators start to treat all mail equally again and stop outright blocking mail based on out of date blacklists of other spurious methods.

Good luck saying 'Sorry I'm late, I had to update my car's firmware'

Chris Hills

A new cause for concern

One thing that worries me, is that when a company is sold, or goes bankrupt and the assets are flogged off, a malicious third party could acquire the private keys and use it to distribute malware. For example, the British company Wileyfox that makes phones has gone into administration. If I were to acquire the company, I could silently push out malware that dialed premium rate phone numbers. With vehicles the potential is far worse. You could send a firmware that causes the vehicles to identify its competitors' management and try to run them over. Yes this is far fetched right now, but I fear less far fetched in the future.

It's begun: 'First' IPv6 denial-of-service attack puts IT bods on notice

Chris Hills


"But on the downside, pretty much every modern mobile device and PC has IPv6 support included and turned on as a default"

This is a very GOOD thing!

Insurance companies now telling you what tech to buy with um-missable price signals

Chris Hills
Thumb Down

I disagree

I disagree with mandating specific products. They should mandate that you use only products supporting a specific standard (e.g. from the B.S.I. - they have standards for computer security, right?).

.UK overseer Nominet abandons its own charitable foundation – and why this matters

Chris Hills

What I want to know is

What can we, the citizens, do about it?

NHS: Thanks for the free work, Linux nerds, now face our trademark cops

Chris Hills

It's obvious

There is far less chance, if any, chance to get kickbacks from open source development.

Mozilla offers sysadmins a Policy Engine for roll-your-own Firefox installs

Chris Hills

MSI Package?

Does this mean they are finally going to provide an MSI package?

Google asks browser rival Vivaldi to post uninstall instructions

Chris Hills

Re: Increased my interest in Vivaldi

Chromium uses Blink which was forked from WebKit which was forked from KHTML, originally made by the KDE project.

UK needs a 'digital twin' to keep track of its data assets – report

Chris Hills

*cough* UPRN

There is so much efficiency to gain by making property UPRN's available for free, but at present you have to pay a large licensing cost.

Sons of Sun DriveScale tempt cloud-lovers with composable infrastructure rig

Chris Hills

Why ethernet?

I do not understand the fascination of ethernet in the datacenter as opposed to the faster and more flexible infiniband.

Tech giants at war: Google pulls plug on YouTube in Amazon kit

Chris Hills

Consumer legislation

It seems like it consumer law's need updating to take into consideration this sorry of digital bait and switch. If I bought a fire TV for the main purpose of watching YouTube then I would expect some amount of compensation (yes even though it is a third party service, it is one of the features advertised).

Ex-cop who 'kept private copies of data' fingers Cabinet Office minister in pr0nz at work claims

Chris Hills
Big Brother

Snopoer's charter

Why do you think they wanted the snooper's charter to apply to everyone except MP's?

Drone maker DJI left its private SSL, firmware keys open to world+dog on GitHub FOR YEARS

Chris Hills

Normally X.509 keys have a lifetime of 1 or 2 years max for an end user/device certificate so if someone found it today it likely would not be much use unless your mark happened to have a clock running a few years slow.

The rest, though, yikes.

Apache Foundation rebuffs allegation it allowed Equifax attack

Chris Hills

The level of chutzpah is outstanding. Has Equifax contributed anything at all to the development of Struts, or are they happy to profit off others' work for nothing?

Vodafone won't pay employee expenses for cups of coffee

Chris Hills

Just because you get free coffee in the office, it doesn't mean you should be able to reclaim £3 for a coffee at a shop for what would probably cost your company 10p to provide. They don't even have to provide it at all. If they are not careful, the company could turn around and scrap these perks altogether.

Bank IT fella accused of masterminding multimillion-dollar insider-trading scam

Chris Hills

What do you expect

When you hire people who are just as greedy as you but smarter. Alas not smart enough to not get caught.

Brit firms warned over hidden costs of wiping data squeaky clean before privacy rules hit

Chris Hills


This is going to require some serious effort to remove individual records from backup tapes.

Virgin Media biz service goes TITSUP* across London

Chris Hills


Maybe there were 2 fibre breaks, but only the second break caused the loss of service. I would expect there to be regular fibre breaks that we never hear about, it is just coincidental that two parts of the same ring were broken at the same time.

Report estimates cost of disruption to GPS in UK would be £1bn per day

Chris Hills

Why not..

..use land stations instead of satellites? GPS can be augmented through a system called RTK, so why bother with the satellites at all?

ISPs must ensure half of punters get advertised max speeds

Chris Hills

As long as it is based upon line sync speed, cable and fttp providers will be unaffected. Actual throughput depends upon many more complex factors.


Biting the hand that feeds IT © 1998–2019