* Posts by SImon Hobson

1685 posts • joined 9 Sep 2006

German competition watchdog toys with ban on some Facebook data-slurps

SImon Hobson Silver badge

Re: About time

Facebook has only the data you and your friends willingly input ... plus a "like" button on only the most questionable websites ...

What rock have you been living under for the last few years. Faecesborg harvests far more than you seem to think here - carefully harvesting whatever they can, correlating with anything else they have, and building a shadow profile. Lookup Max Schrems and his case against Faecesborg.

Germany has a problem with the entire point of Amazon's daft Dash buttons – and bans them

SImon Hobson Silver badge

Re: Just dumping the stuff in a cart wouldn't be a terrible option.

You can't re-order until the order's been dispatched

With a system like Amazon's, that could mean ordering several times in a day, and before there's any warning by something arriving at the front door (if you aren't the sort that checks their email every few seconds)

Begone, Demon Internet: Vodafone to shutter old-school pioneer ISP

SImon Hobson Silver badge

Oh another one gone under the Thus -> Clueless & Witless -> Vodamoan transitions. Reg, please note correct spellings of their names !

Vodamoan are utter **** to deal with, even for business services at business service prices. Went through something similar at my last job, having to migrate away from the leased line and class C address block we'd had since ... well before I joined the company. Trying to get something as basic as a FTTC connection working was beyond them - I left the company before they got one of the lines working (it had been something like 5 months IIRC).

Oh yes, and another one who got online thanks to Demon's tenner a month service. RIP

SImon Hobson Silver badge
Coat

Re: sniff!

Aye, nostalgia isn't what it used to be

The D in SystemD stands for Dammmit... Security holes found in much-adored Linux toolkit

SImon Hobson Silver badge

Re: Whatever happened to Upstart?

Couldn't decide whether to upvote you for Yes, I will never forgive Debian for that. or downvote you for At least they still provide a means to avoid it, though. !

They don't provide a means to avoid it though - all that exists at the moment are few packages that won't work at all without it. Since systemd is the default, and supporting non-systemd systems is not mandated, over time it will get harder and harder to duct-tape a non-systemd Debian together.

That's why Devuan was born, to ACTIVELY maintain non-systemd package status - forking Debian packaging for those packages that need modifications, and providing replacement for a couple of irretrievably borged ones.

Despite vows to spend more with smaller firms, UK.gov sure does seem to love legacy lock-in

SImon Hobson Silver badge

Well, there's no excuse for not having the technical skills ...

All they need is a few technically qualified contractors on the procurement team to hold their hand. Plenty of those about ... ah, except they've done their best to p**s them off with taxation bull manure imposed by people who lack the technical skill to see that it's bull manure.

Attention all British .eu owners: Buy dotcom domains and prepare to sue, says UK govt

SImon Hobson Silver badge

Re: Don't worry, it's only money

Since when has the EU given any thought to how much its bureaucracy costs the member states?

More to the point, it looks strongly like "the EU" (or at least, certain high ranking people) are keen to make life as hard as possible for the UK regardless of the cost to the EU. If we leave without it being very visible painful for us then it opens the floodgates for other countries to leave. And lets be realistic, there are other countries that would be better off out of it.

I'm just not sure the computer works here – the energy is all wrong

SImon Hobson Silver badge

Re: Memories

Autopilots are great at controlling a fully functioning aircraft, and can do so better than a human pilot. But are not designed to react correctly to a myriad of abnormal situations which ...

I recall watching a program on the gogglebox some years ago that was talking about the issues faced by pilots when "something's broken". For example, in the Sioux City DC10 incident, the pilots ended up flying he aircraft with just the two remaining engines - they were fortunate in having a training captain on-board who managed this for them and took some of the pressure off the situation.

Anyway, modern airliners can use alternatives to the traditional control surfaces - eg some of them use spoilers instead of the ailerons. There has been talk of training computers to use "whatever is working" - and I recall them saying that some simulator trials had shown that the computers would often manage to fly an aircraft that the pilots couldn't fly.

SImon Hobson Silver badge

Re: Memories

Aircraft autopilot is actually an almost trivial task since it's going to be flown in known conditions where ATC (normally) takes care of avoiding banging you into another aircraft. It would always be monitored anyway, so the pilots would not allow it to (for example) autoland on an obviously blocked runway without ATC permission to land. And for that autolanding, it doesn't have to try and figure out where the runway is by analysing pictures from a camera - there's an expensive, complicated, and continuously monitored system transmitting a radio signal for it to follow. Or more recently, a GPS system with ground augmentation and an accurately placed runway in the database.

You don't generally cyclists, animals, drunk pedestrians (or worse, ones glued to their mobile devices), etc once you get above a few feet off the ground - and security usually keeps them all off the runways.

In contract, the "self driving car" has a task several orders of magnitude greater in complexity.

SImon Hobson Silver badge

Re: Similar story

Ah yes, a relative had a similar story from when he got started with a geo-surveying outfit.

One of his earliest jobs with them was up the north east where there's some large radar installations - and they were a few fields away. Anyway, they rocked up with a load of trucks of gear and started to set up camp - and were quickly visited by military people checking up on what a bunch of blokes with technical looking kit were up to in close proximity to a military site ...

After that was sorted, they started setting up and found that the radars were crashing the computers - so they had to up sticks and move to the other side of a hill to shield them from the radars.

One I;ve personally had was a customer who made drum closures - the big snap-fit bands that hold lids onto oil drums. Their factory contained a number of powerful spot welding machines - and for a short time we were convinced that this was the problem corrupting their floppy disks. Moving the machine to the office didn't fix it though - and it tested perfectly on my test bench.

Eventually we twigged ... Apple had pictures in the brochures showing an Apple II with two floppy drives on top, and a monitor on top of that - and that's what the customer had done. However, unlike the Apple monitor, the one they had didn't have magnetic screening in the base to allow it to sit on top fo floppy drives without causing problems.

Fake 'U's! Phishing creeps use homebrew fonts as message ciphers to evade filters

SImon Hobson Silver badge

Re: html in email...

Agreed. I read email for the message

Me too !

too many people want it to look pretty - marketing people I am looking at you.

Except that often the result isn't that it looks pretty - it often makes it unintelligible.

I'm slowly getting into reading some of my emails on my phone - with a small display. Plain text emails are fine, but formatted ones, even non-HTML get shrunk so the formatted version fits in the screen, resulting in impossible to read text. Even on a laptop screen, many emails are "hard to read" because they render in the stupid font/size and stupid colour the sender's email program defaults to - like the small blue text Microsloth seem to think is a good idea.

And don't get me started on Microsloth's contribution to email usage by defaulting to top posted replies.

And to think people at work kept telling me I was in the wrong for using plain text and bottom posting :-/

Forget 2019's tech biz takeovers, here's the mega-merger everyone's talking about: Milky Way and LMC, coming soon

SImon Hobson Silver badge
Joke

Will this be another event that we can go to, then retrospectively when we get back, invest 1p to pay for the trip thanks to a billion years of compound interest ?

50 years ago: NASA blasts off the first humans to experience a lunar close encounter

SImon Hobson Silver badge

Re: Apollo 8 in 1968 - IT! WAS! AWESOME!!!

when you take the RISKS necessary

Especially this, too much these days is all about "but what about the repercussions if it goes wrong ?"

If they were trying to do it today, you'd see a crown of legal firms round the homes of the crew's homes - waiting for bad news so they can get in and "you've lost a family member, let us sue NASE for you ?"

SImon Hobson Silver badge

Re: Apollo 1

Could have been worse. I was listening to a talk (on air accident investigation) a few years ago, and the guy giving it has some interesting tales ...

He was visiting the AAIB (Air Accident Investigation Branch) at Farnborough, and while walking round he casually picked up an instrument off a table. The chap showing his around advised his to put it back down as it still had someone's brains on it. Now that sort of puts perspective on what accident investigation can involve - and I dare say they'd not have been allowed in the house at all if the ones you saw were like that !

Corel – yeah, as in CorelDraw – looks in its Xmas stocking and discovers... Parallels

SImon Hobson Silver badge

Re: Not surprising

Corel has always been the final resting place of the also-ran software that they acquired from some failing business.

As a long term Parallels user, I can assure you that it's not and "also ran" bit of software. But it is worrying that it's been acquired by a company with such a reputation - and I feel a sense of deja vu coming on ...

Many many years ago I was using a bit of software called (IIRC) Virtual PC which did more than just a compatibility layer as it also had to do machine level translation to emulate the Intel chip on the Power PC (G4 or earlier). Then the company was acquired by Micro$oft who clearly were after it's "windows on windows" capabilities. Needless to say, ongoing development for Macs didn't happen and when the G5 came out then it stopped working. My memory is too hazy to recall what I used between that and getting an Intel based Mac - but since I got an Intel processor I've been using Parallels as an essential tool. I really hope it does go down the pan.

Mark Zuckerberg did everything in his power to avoid Facebook becoming the next MySpace – but forgot one crucial detail…

SImon Hobson Silver badge

Would that be such a bad thing?

No, but it won't happen.

Basically the network effect means that if you don't use Faecesbook then you aren't connected. I can't find it now, but in a security blog, I recall someone having done a little research into why students were all on FarceBork. It came down to, most are, most parties are only advertised there, so if you aren't onit you don't get to go to the parties - and if you don't go to the parties, you don't get much sex !

That's what FB has been working hard towards, as the article points out. By linking into everything, they make themselves such an integral part of online (and even offline) life that lots of people "can't do without it". As long as they maintain critical mass, then they can keep the "be on FB or be nothing" facade in place - and thus coerce people to using it. Only today I was looking at job ads, and for one company their only online presence was on FB - that's what FB want. If they can maintain that sort of thing, then they operate from a position of power - yeah you can be like one of those "oddballs" who lives without [ a bank | TV | electricity | whatever ], but "everyone" who's not a nutter uses FB".

A year after Logitech screwed over Harmony users, it, um, screws over Harmony users: Device API killed off

SImon Hobson Silver badge
Mushroom

At least with Google/Amazon et al you have a fair guess it won't disappear overnight.

No, they'll usually give you at least a few days notice ! BTW - try asking a Revolv user what they think of Google's approach to long term support ;-)

But yes, it's a problem if you buy into all this "online connected" tat - you are at the whim of some beancounter at some outside company who does not have your interests in mind.

The Palm Palm: The Derringer of smartphones

SImon Hobson Silver badge

Re: 2nd phone

Has anyone found an operator that will let you have two phones with the same number active on the same network at the same time ?

That is indeed the issue - and I vaguely recall having read that (IIRC) Vodamoan did indeed have this facility, at a price, and with limitations. If it was Vodamoan then it makes sense them having grabbed the UK rights to it.

However at £350 they are avvin a larf. If I wanted a second phone for when I'm oout and about and don't want to risk my main phone - I'd want something cheap so I'm not too fussed when it disappears in the midden, gets dropped and stood on by a cow, or whatever.

Equifax how-it-was-mega-hacked damning dossier lands, in all of its infuriating glory

SImon Hobson Silver badge

Neither is fair, but I don't think the "scapegoat" was fired for ... but rather for "not applying an important patch in due time", which apparently he did (fail to) do.

The question is, was he actually under instruction (whether from management or the systems) to do so ? Reading the article, it sounds like they knew there were instances to patch, but missed some of them because they did a scan wrong when looking for all of them - the latter raising other issues about knowing what's running !

If the instructions were to "patch this list of servers" and the one he didn't do wasn't on the list then he's not to blame. But even he did miss one he was instructed to do, I'd think he's still got a good case for wrongful dismissal since it's clear that his error was only a tiny cog in the big system that allowed this breach.

Why millions of Brits' mobile phones were knackered on Thursday: An expired Ericsson software certificate

SImon Hobson Silver badge

Re: Reminder

From the way it's written, this doesn't sound like the security certificates people here seem to be assuming. A lot of software like this uses keys (or certificates) to enable features - when it runs out, the software/feature stops working. Thus you have to keep paying the vendor's support fees for as long as you want to keep using the software/feature.

And typically there is some management function that will a) warn you about impending expiry, and b) allow installation of new keys/certificates.

It sounds a lot like "something went wrong" with this renewal process, so come the expiry time of the key, the software/feature stopped working - and the network stopped working.

The British Home Office was warned about its crappy data management – then Windrush happened

SImon Hobson Silver badge

Re: Notes from a Small Island

It wasn't the ID card per se that people objected to. It was the massive database to go with it, the requirement to hand over all sorts of data that wasn't required, and massive fines for not informing them of every little change. So instead of having an innocuous card that would be useful as official ID, we had a data fetish's wet dream of a database that no-one (or at least, no more than a handful of people) was prepared to trust the authorities with.

European fibre lobby calls for end to fake fibre broadband ads

SImon Hobson Silver badge

Re: Where to draw the line?

Explanation for my downvote ...

You're correct, but in context it is irrelevant. Anyone could (subject to factors like service areas etc) order a high speed connection from one of many providers - and it will arrive at your house/premises over a bit of glass. But these are mostly business products with a price tag to suit - by your own admission £10k (is that the install cost, or the per year recurring cost ? I assume the latter).

I've made the comment a few times before when people said things like "I'm paying for 8M, I expect 8M" that they are not paying for 8M, they are paying for the poor man's option of whatever this poor man's option can deliver - and if they really want a service with guaranteed rates they can have one, if they are prepared to pay for it.

In the context of this article, users are being hoodwinked - it's a deliberate marketing department lie to call FTTC "fibre", and as mentioned above, using the same logic then so it ADSL and even dial up.

PS - part of my last two jobs has involved the procurement and management of such lines.

NHS supplier that holds 40 million UK patient records: AWS is our new cloud-based platform

SImon Hobson Silver badge

Re: USA Patriot act

Would that be the same Microsoft that "just handed over" data located on servers in Ireland once the US passed the CLOUD act ?

https://www.theregister.co.uk/2018/04/04/microsoft_agrees_doj_cloud_act_renders_email_battle_moot/

As such, the Feds issued a fresh warrant under the CLOUD Act instead and – hey presto – Microsoft responded.

If there was the legal and technical separation claimed, then Microsoft in the US would not have been able to access the data, and Microsoft Europe would have refused to hand it over. Also, the recent SNAFUs affecting Microsoft's authentication services prove that there is no technical separation as claimed since an outage of a server in the US would be unable to affect users not supposedly connected to the US. If a user authenticates using a server in the US, then subverting that authentication process can over-ride any supposed technical separation.

Euro consumer groups: We think Android tracking is illegal

SImon Hobson Silver badge

Re: Also consider Bluetooth

I've recently bought a bluetooth widget (NIX colorimeter) and for the app to talk to the device you have to give it permission to access location. WTF ? Why does it need location permission to talk to a bluetooth device ?

Domain name 'admin' role eyed up as latest victim of Whois system's GDPRmeggdon

SImon Hobson Silver badge

Re: The cloud will save us

At some point people need to be responsible for the crap they throw onto the Internet

I think you've missed the point. I'm happy to manage my domains - it's really not that difficult.

But why should I have to have my name, email, and home address splashed across the internet when that "splashed across the internet" bit is 100% not required in order for the registry operator to perform their part of the contract ?

Yes, the registry (and reseller) need my details so they can bill me etc - that's basic contract stuff. But that information is really only relevant to the three of us involved - not every tom, dick, or harry on the internet. GDPR is clear on that - neither the reseller or registry can make allowing me to have a domain name contingent on me agreeing to collection of data that isn't needed for the contract, or publishing what data they do collect. In both cases they may ask me - but I can simply say no.

THAT is what the debate is about.

Facebook spooked after MPs seize documents for privacy breach probe

SImon Hobson Silver badge

Re: History lesson

... could vote to use the company cash pile for, well, whatever they please. Such as shipping it off somewhere safe, out of the way, for their own enjoyment ...

IIRC there have been sueballs from shareholders over much less. Such a move would so massively devalue those non-voting shares that there'd be few holders who wouldn't head straight to court for their pound of flesh.

Remember that the officers of the company are required by law to act in the best interest of it's members (shareholders) - and deliberately acting to personally massively enrich themselves (by making off with the cash) at the expense of all the others could not be classed at acting in the best interests of those shareholders left with nothing.

Shocker: UK smart meter rollout is crap, late and £500m over budget

SImon Hobson Silver badge
Mushroom

Re: How are these supposed to save energy

Also you are unlikely to run a washing machine/tumble dryer overnight ... since fire safety advice ...

Not just fire safety, but safety from having your brains bashed out by the neighbours kept awake by the vibrations. The icon suggests my feelings if I were unlucky enough to live in a flat with a neighbours (above or at the side) running such a machine in the early hours.

SImon Hobson Silver badge

Re: Smart meters do not save energy

Smart meters only enable surge pricing if the changes in price can be communicated in real-time to the meter.

It can, it's a basic part of the communications network - at least when it's fully rolled out.

I would hope that a court would take the view that the company simply could not prove that ANY of their leccy had been supplied at anything other than the lowest price offered during the billing period in question

And you'd be disappointed. The meters record usage for every half out period of every day - and the price charged at the time. So yes, they can show that you used several units at £1/unit because you dared to want to eat dinner at dinner time when you get home from work.

This is one of the objections, that very detailed usage information is send back to a humungous database which we have to trust will remain as secure as we are being told it will. Not that any large government (or Crapita, or ...) system has ever had a security issue - oh no, government (and it's contractors) IT is perfect :D

It would have been sufficient for billing purposes to tally up usage with a register for each rate used - but they decided not to do that.

SImon Hobson Silver badge

Re: Smart meters do not save energy

The regulations, in the UK, regarding disconnection that apply to dumb meters applies to "smart" meters as well. There are a number of hoops to jump through before disconnection. Finally, somebody has to physically disconnect at the property to ensure, for example, there is no life saving medical equipment is installed.

The difference here is that disconnection CAN be done remotely. How touching that you trust the big energy suppliers to get their billing correct, that they won't accidentally decide that you have an old debt of several gazzillion quid and disconnect you for bad credit, that they won't accidentally hit the wrong key and disconnect you instead of someone else, etc, etc. The regs means SFA when it comes to corporate incompetence.

And the remote disconnect facility has been in the specs from the outset - EVERY "smart" meter has the facility, because it's needed for the second stage of the demand management they are being put in to provide. The first stage is price rationing, the second stage is rolling power cuts like we had in the 70's - but done on a more granular level.

BTW - the "smart" gas meters also have the remote disconnect facility - but they cannot be remotely reconnected. For safety reasons, the user has to manually turn the gas back on.

In theory someone with medical equipment etc can be put on the vulnerable person register. While this may affect decisions by the DNO about maintenance and exclude the property from rolling power cuts, I can't see it dealing with corporate billing cockups.

Washington Post offers invalid cookie consent under EU rules – ICO

SImon Hobson Silver badge

Personally I think the ICO is wrong here.

As has already been pointed out, there are salaries and other costs to be paid if you want news*. So you either pay directly (eg by taking a subscription), or you pay indirectly (the paper gets paid by advertisers). If you refuse the tracking cookies then the advertisers won't pay as much - so the difference has to come from somewhere.

At least they offer the choice - unlike the likes of FaecesBork who don't seem to have realised that GDPR (or indeed, any other law) actually exists.

And of course, no-one has mentioned all those sites that say "you can turn off these other cookies by going to [long list of scum sites] and ask them to stop tracking you".

Ethernet patent inventor given permission to question validity of his own patent

SImon Hobson Silver badge

Re: Curiouser and Curiouser

As Pascal says, he moved company. You may have to read between the lines, but it's fairly clear in the article.

After inventing the "thing", he assigned the patent to Cisco - fairly common that employers want the patents on things their employees invent as part of their employment. So Cisco, not he, owns the patent.

After that, he left and (with other Cisco employees) startup up another networking gear company - Arista. Now it stands to reason that some of the things they'd like to sell would infringe said patent, so they have three options : 1) Say "pretty please" to Cisco and buy a licence on whatever terms Cisco may (or may not) want to give them; 2) avoid infringing on the patent (which may mean leaving features out of the product); or 3) challenge the validity of the patent. Don't forget that other than in the case of a standards required patent (ie something that's incorporated into a standard*), Cisco do not have to licence the invention if they don't want to - they can refuse and so prevent any other vendor from taking advantage of the invention. And if they do licence it, they can name their own terms - which could be quite expensive.

So here, it was Arista that challenged the patent, and presumably this happened before Cheriton left. But either way, strictly speaking, it's not the inventor challenging the patent, it's his company.

* Where a patented method is incorporated into a standard, there's normally a FRAND clause attached - the holder of the patent must licence it to anyone on a Fair, Reasonable, And Non-Discriminatory basis. This is to avoid someone getting their patented method included in a standard, and then being able to to hold everyone else to ransom - or even block certain competitors from using it at all.

OK Google, what is African ISP Main One, and how did it manage to route your traffic into China through Russia?

SImon Hobson Silver badge

Re: The obvious solution would be a "Web of Trust"

The thing is, there is no easy solution to this.

In the generalised case, only one peer knows what route their customer should be emitting - and that's the one directly providing the service. But that only applies for the "leaf nodes" - so if I get a line in form a couple of ISP to my little hosting biz, both of those ISPs can (and should) filter my BGP announcements to only allow the small set of IPs I have. That bit is relatively simple - and as long as every end-point provider does this basic filtering at source then one avenue of cock-up is blocked. But if they don't then ...

Both of those ISPs will be taking my traffic to one or more exchanges and publishing my routes alongside many others. So my route advertisements now appear coming from two different ISPs - the problem is that all those other peers connected at the exchange(s) will not know (or have any way of knowing) whether the routes the ISPs are sending on my behalf are genuine.

And it gets worse. Those peers will pick up my routes and propagate them across their network, and at some other point they will get broadcast to other peers. These other peers (now twice removed from any relationship with me) will not have any way to know whether or not they are genuine.

And so it goes on, with peers around the world getting further and further away from knowing who I am and who should be carrying traffic towards my IPs.

But that is only the simple case where the error is in a leaf node where it's relatively easy to know what routes should be advertised from there - the ISP asks me when providing connectivity what AS numbers I own and put those into their filter for the connection itself.

In the case here, the error happened at a transit peer that by definition must be handling lots of routes for people it knows nothing about.

In this case, what I think has happened is that internally they've setup routes to send Google traffic direct to Google via their peering arrangement. Basically that's a matter of "send this list of IP blocks via this gateway". At the same time, they should be filtering those same IP blocks from BGP announcements they make via other connections - specifically the sub-sea cable they operate. They made a mistake here, so the peering specific routes leaked out.

But as above, the other peers involved have no way of knowing that this was a mistake - it could be that the announcements they saw were the result of some new connection going in that made this a good route for the packets, something that's not easy to determine. The key thing is, these other peers really have no way of knowing whether that link genuinely is a route to those destinations. Just signing the route advertisements won't help - because all those routers will have to propagate the routes anyway, so seeing a route that's signed does not tell you anything about whether the router you received it from should actually be routing that traffic.

Bear in mind that the global routing table is heading on for 3/4 of a million entries, propagated across many thousands of routers operated by thousands of operators. It's hard to see how any web of trust could be setup that would handle that scale

UK.gov fishes for likes as it prepares to go solo on digital sales tax

SImon Hobson Silver badge

Re: Tax isn't my strong point...

you use their services for free

As you point out, it's not free - there's a real cost involved. What is missing (and I doubt will ever be provided until GDPR really catches up with them) is an option to pay real cash and not be slurped.

they just show you ads and maybe use your data that (as long as you consent to it) to sell to others

If only that were what they do. If all they did was show you ads then fine, but they don't. Untargetted ads are worth little, the big money is in showing ads carefully matched to the data they've slurped on you. And there's never any element of consent - both Google and Facebook will slurp data on you without you ever having an account or ever consenting to them doing it.

One thing that's "irritating" me at the moment is the number of sites where they say "we use these third party cookies, if you want to stop them then you go to the third party and tell them to stop". Great, so to stop Faecesbook tracking you, you'd have to create an account on Faecesbook (because they'll ignore you otherwise) - but to do that you have to agree to their Ts&Cs which give them permission.

So how can you tax someone that provides a service for free, just because they then make money of you using their service for free?

Note that the money isn't made from people using their services (at least with Google) - Google makes money by showing adverts to you on every f***er elses' websites. So even if you have never ever, not even once, used any "free" Google service - they will still be making money from your data because of the sites you do visit showing ads that they get paid for.

For good measure, Google in particular is very good at using it's clout (particularly it's dominance in search) to take over any market it wants to. There were other mapping tools around, and some of them have managed to survive so far - but when Google started giving mapping away free* by using cross subsidies from it's massive marketing bis, they had an advantage over anyone else. So some other company could have a great idea - but because they don't have the backing of something the size of Google, there's no way they can both develop it and give it away free. Thanks to short sighted sheeple thinking "ooh, free", other offerings have tended to wither away, or limp on with little development, or stick to a niche commercial market - leaving Google to monopolise that market and then use it's dominance to a) push adverts to further it's own business, and b) keep any upstarts from succeeding. The USA has laws specifically to deal with this sort of behaviour - but a poor track record of actually doing too mush of practical use with those laws, c.f. Standard Oil, IBM, Microsoft who all avoided any significant penalty for blatant abuse of a dominant position in one market to give themselves a leg up in another.

Can your rival fix it as fast? turns out to be ten-million-dollar question for plucky support guy

SImon Hobson Silver badge

Re: I'm just going to say...

... trying to explain to the moronic fuckers at my bank why ...

While you are at it, how about reporting them to the FCA for forcing insecurity on their online banking customers ? If you've identified real security issues, and the bank has refused to accept them, then the FCA ought to be interested.

I wonder if the ICO would be interested as well as the sort of issues you've raised would seem to violate GDPR compliance as well.

If you have inner peace, it's probably 'cos your broadband works: Zen Internet least whinged-about Brit ISP – survey

SImon Hobson Silver badge

Re: I'm with Vodafone

Blimy, you must be dealing with a different Vodamoan to the one I had to deal with at work. As part of some business changes, we arranged for several customers to move to Vodamoan provided VDSL (FTTC) lines - and it was a complete and utter shambles, one of the lines never did get installed properly.

Contrast - Vodamoan ordered line from BT OpenRetch, wrong cabinet specified so they should have just ordered a cease and reprovide. After months and months of phone calls they still didn't understand. We also got a line installed from another provider which thanks to BTOR incompetence also had the same problem. However this other provider knew the tricks and got a working line in under 2 weeks. It helps when the provider employs people with a clue rather than script monkeys. Like A&A and Zen, not the cheapest but we always found Gradwell to be good at fixing things when it went wrong.

To be fair to everyone involved, the premises was supplied by two different cabinets - it's just that only a few of the units were off one cabinet - but that cabinet was the one that came up first in the address search. Also, the BTOR chap that came to install the Gradwell provided line tried really hard to find a routing that would connect the line as provisioned - but there was just no route as the cabling from the cabinet the line was provisioned on went no-where near our unit.

As an aside, the BTOR guys can fix a phone line by going into the systems and changing the routing to deliver it via the right cabinet - and changing the jumpering at the exchange. Apparently it's Ofcon rules to curb BT's anti-competitive behaviour that stop them doing the same with the FTTC connections - they have to return the job so it gets flagged to the ISP, who have to order a cease and re-provide on the service to get it delivered via the right cabinet.

Needless to say, we found Clueless and Witless went downhill in service standards after Vodamoan acquired them.

Unsure why you can't log into Office 365? So is Microsoft

SImon Hobson Silver badge
FAIL

Why both sides of the Atlantic ?

Isn't that obvious ? As was demonstrated when they had an "isolated" data centre failure, their systems are globally intertwined like a platetruckload of spaghetti. If you ever install a tool like Little Snitch and allow connections from Outlook one at a time then you will find that simply signing in requires the program to follow a long list of DNS redirects (from memory at least half a dozen) that send the connections all round the world.

Given the way things seem to be built, it's a wonder it ever works at all !

Also makes a mockery of any claims to be compliant with GDPR - I hope no-one here is using O365 for anything business related and relying on Microsoft's claims ;-)

Budget 2018: Landlords could be forced to grant access for full-fibre connections

SImon Hobson Silver badge

The problem is that there's a financial incentive for small developers to ignore the problem. If it's a choice between "cough up money" to put in the ducting etc, or just ignore the problem and force BTOR to put overhead washing lines in from the nearest pole - then it's a no brainer for the ignorant developer to go for the cheaper option.

So yes, there needs to be some sort of presumption that developers must install ducting unless they have compelling reasons not to. It needs to get to the point where ducting for comms is considered as essential as gas, lecky, water, and drains - but for many people that doesn't even enter their minds.

SImon Hobson Silver badge

Re: Hmmm

... there's no way I would want them imposed on me

It's not about imposing anything on you. It's about allowing a tenant to get a service installed where the landlord simply ignores requests for permission to install it. As the article says, if a tenant wants a service installed - eg high speed FTTP - then typically they need the landlord's permission (the landlord may also need the freeholder's permission). If the landlord just doesn't answer then it's currently a longwinded (and I imagine expensive) process to get an order from the tribunal to allow it.

So this is about making the process for getting an order, where the landlord ignores requests, easier.

SImon Hobson Silver badge

... and the Gas Board or whoever they're called nowadays want to connect my property to the network, I can say no

Yes indeed. However, suppose you rent out the house and the tenant wants gas installed - perhaps it's just been installed into the village. The analogy is where the tenant wants gas installed, the gas company realise they need your permission, try to contact you but you just ignore them.

At the moment they will simply give up and the tenant then can't have the service installed. Under the new rules, if you ignore the request then it'll be easier for the communications company and the tenant to get an order from a magistrate. I would imagine that if you respond and say no, then that would be the end of the matter - but as a landlord I would have no problem with the request subject to agreement on how it was to be done.

From today, it's OK in the US to thwart DRM to repair your stuff – if you keep the tools a secret

SImon Hobson Silver badge

Re: Cars? Trucks?

There already systems that cover the safety aspect.

But, for example, John Deere has been using DMCA to prevent anyone but their authorised dealers repairing equipment. Bear in mind that modern tractors are highly computerised - engine management, gearbox management, etc, etc. Given that a big part of fixing a problem is working out what the problem is, being able to (for example) find out what the various sensors are doing is critical to that. Even if you could fix the problem without this help, often you need the diagnostics software to reset the system (perhaps take the engine out of "safe mode") and clear the fault light. Thus it makes a lot of maintenance impossible for third party mechanics - most of whom are as good as the ones working at the John Deere franchises.

Quite simply, they are using the DMCA to cripple competition - but (falsely) using "safety" as the justification for it.

SImon Hobson Silver badge

Re: Mine vs Yours

If, for instance, Ford decided ...

That is a very good thing to mention, because some years ago the EU looked at the situation with cars - where manufacturers did in fact run a closed system, with approved dealerships (which had to be exclusive), it was a condition of the warranty that you had the car services at an approved dealership, and so on. The manufacturers of the cars made all teh same arguments we here these days - for the protection of the users from fake parts, to ensure updates get applied, and so on.

The EU decided firmly that this was a load of male bovine manure and banned the practice. Manufacturers were no longer allowed to have exclusive dealerships, were no longer allowed to control sale of genuine parts, no longer able to make warranties dependent on servicing at approved dealerships, and so on.

I think it was a separate ruling where they said that the manufacturers had to come up with a common and open diagnostics interface - and could no longer have proprietary interfaces and refuse to provide protocol/message details to third parties.

The best way to screw the competition? Do what they can't, in a fraction of the time

SImon Hobson Silver badge

Ethernet ran over coax! are you comparing coax to twisted pair perchance ?

Eh ?

Yes, ethernet originally ran ONLY on coax cable (firstly the thick stuff, later the thin stuff), twisted pair only came "quite a few years" later. I realise that some youngsters might find it hard to believe that there was ever anything other than twisted pair, but it really is true !

One of my regrets is not keeping hold of samples of various bits and pieces over the years, partly for "now grandchildren, this os what I used to work with", and partly to use in talks.

SImon Hobson Silver badge

Re: "Ethernet is so much better"

Wasn't it Ethernet 10base2 or whatever

Yes indeed.

A brief history of timeethernet for you wippersnappers who've never seen anything older than twisted pair with switches.

Once upon a time, at the Xerox Palo Alto research centre (from where many things we take for granted came - including the mouse, the graphical desktop), they came up with this idea for networking devices. The very first version ran at (IIRC) 4Mbps, but by the time it made it out of the labs it became 10Mbps - and used a thick (1/2" dia) cable that looked a lot like hosepipe. This "thick ethernet" typically had few connections - possibly only one at each end for the terminator - with devices connected via "vampire taps" which were clamped round the cable and had prongs that pierced the insulation to make contact. This cable could be up to 500m long, and the system was known as 10base5 - 10 because it's 10Mbps, base because signalling is baseband, and 5 because it can go to 500m.

Anyone who's worked with it will tell you that 10base5 wasn't the easiest to work with - the cable being thick and not very flexible, and a restriction on where you could put the taps (the cable was marked where they could be put - it's something to do with the wavelength of the signal), and you needed these thick and inconvenient AUI cables (15 pin D connectors) between the tranceiver clamped on the cable and the device. So the cunning engineers came up with a variant using thinner cable - smaller, cheaper, more flexible, using easier to use BNC connectors - which could be taken directly to the device. So now we got the easier to work with but more fault prone "thin ethernet" (or "thinnet", officially 10base2) which cane be up to 185m long (round that up, and you get the 2 in 10base2).

If you needed more than what was doable with a single cable - or wanted a bit more reliability - then you could link multiple segments together with a repeater, or if really deep pockets, a multi-port bridge. Hands up who still remembers the 5-4-3 rule :D

Then the clever bods came up with the idea of using twisted pair cabling and star wiring from a central multi-port repeater (which came to be called a hub) to each device - the 10baseT (T for twisted pair). 10baseT still had many of the issues of the coax networks - still only one collision domain, still swampable by a single faulty node, still the 5-4-3 rule.

As an aside, there was a 10baseVG which used four pairs of Cat3 (voice grade, phone cable, hence the VG) which never caught on.

And over time, we got faster networks (100baseT) and switches (aka multi-port bridges). The latter provided collision domain isolation - allowing A to talk to B while C was talking to D.

And of course, things got faster again, and again, ...

Kids of today, don't know they're born. Cue obligatory Monty Python sketch :D

Openreach hacks full-fibre broadband prices for developers... Property developers, that is

SImon Hobson Silver badge

Their policy was definitely (well still might be, don't know what the prices are) self defeating in the medium term.

Mother looked at a new build on a development of 6 houses. I queried why no underground ducting for phone service - "too expensive" came the reply. So instead the 6 houses get overhead washing lines, and cables clipped down the front to the single phone socket the developer could be ar*ed to install.

Now, had BTOR been more sensible, they'd have got some ducting installed by the developer and it would be much easier to put in something less 19th century like fibre - thus saving on costs later, and saving on maintenance as ducted underground cabling is far less failure prone that overhead cables flapping in the wind.

UK data watchdog fines Facebook 17 minutes of net profit for Cambridge Analytica brouhaha

SImon Hobson Silver badge

I no longer have a Facebook account,... So therefore their is clearly some tracking going on based on my device profile, IP address or some other data they are able to slurp without my knowledge to track what I have been looking at on the internet.

Having no FB account doesn't stop them ILLEGALLY profiling them. To start with, they won't have deleted anything when you deleted your account - your data is too valuable to them for them ever delete anything !

It is clear (look up some of the details in the Max Schrems case) that they keep a very detailed profile on people - and if you think about it, some of it isn't hard to do. One of the things they do is to nag users to "just upload your contacts so we can invite them" - and people are daft enough to do it (also illegal). Say one person uploads you home phone/email and another uploads your work details - FB can now tie your personal and work details together.

But the online tracking is also intrusive, pervasive, and sneaky. Ever noticed all those sites with a little "f" logo on them ? When those icons, as well as doing something related to FB, hide tracking code that allows FB to harvest a lot of information about your browsing habits. Very similar approach to the tracking Google does via it's tracking code disguised as statistics gathering for the site owner.

Euro eggheads call it: Facebook political ads do change voters' minds – and they worked rather well for Trump in 2016

SImon Hobson Silver badge

Re: Idiocracy

Seems very much like the "target the Sun and Daily Wail reader" demographic approach - but updated for the online age.

'The inmates have taken over the asylum': DNS godfather blasts DNS over HTTPS adoption

SImon Hobson Silver badge

Re: @LDS - no there will be no hints and statistical techniques

The big downside to this proposal is it'll steer traffic towards the usual suspects, ie Google, MS etc who'll still be able to monetise the requests.

Indeed, it only improves privacy if you trust the single entity you use for your DNS to not treat this new goldmine of information as something valuable to be sold to the highest bidder.

As I read the RFC, you (or your provider) configures one or more DoH servers and use only those one or two servers for all your requests. In practical terms, that means one server has a complete record of all your DNS activity - so they better be trustworthy. Particularly if you run your own resolver, that information can only be obtained from sniffing the wire (which in practical terms means within your ISP for it to be complete) since your DNS requests get distributed across many authoritative servers.

I can see authoritarian countries simply blocking all access to an IP that hosts such a DNS server. It'll be easy to check - just analyse https traffic and if anything looks like it might be DoH then test that address with a DoH client. If it responds, then just block the IP - and if that breaks other stuff sharing the IP then tough, the provider shouldn't have shared an IP between DoH and other https traffic.

SImon Hobson Silver badge

Re: "AND the header-level clues that DNS resolution is being requested."

There will be several hints and statistical techniques revealing that's a DNS request

Lets start with the SNI header !

But I agree with others - it's going to be one real cluster-duck when it comes to debugging the problems that DO occur on a routine basis.

SImon Hobson Silver badge

Re: The first thing that struck me

Is it the customer's router that does DNS, or does the router DHCP DNS information point at a server run by the ISP in order to make caching more coherent?

IME many SOHO routers give the router address when there is WAN link (and it hasn't got DNS information from the ISP yet) - then when they get the information from the ISP the DHCP is updated and it gives the ISP provided DNS server list.

This makes some sense, since some of them also redirect all DNS lookups to themselves so that when offline the user(s) get the router status page regardless of what they try to bring up in the browser. Telling the clueless home user that there is no internet connection is probably OK, but it's a complete flippin PITA in so many situations - particularly screwing up https connections with a barrage of certificate error warnings to the user (and don't get me started on the interaction with browser caching !)

But as is often the case - "it depends".

And for good measure, many SOHO routers lack the resources to do timely DNS lookups. I've seen situations where users were complaining about "slow internet", and simply switching the DNS away from the router was enough to fix it. ISP provided routers are built to very tight budgets.

Facebook, Google sued for 'secretly' slurping people's whereabouts – while Feds lap it up

SImon Hobson Silver badge
Big Brother

Hmm, still no popcorn icon ! This could run for a while - both Google and Facebook are defending the core of their business model here, don't expect them to do anything other than drag it out and lie about what they are doing. It's vital for them that users and non-users* don't realise or care about what's going on.

Facebook in particular treat you as a commodity to be tracked, profiled, and sold even if you don't have an account - c.f. Max Schrems case. What's more, for some of the online privacy options, you have to sign up for an account, in the process waiving your rights to privacy, in order to set the options for them to ignore.

Biting the hand that feeds IT © 1998–2019