* Posts by SImon Hobson

1551 posts • joined 9 Sep 2006

Infrastructure wonks: Tear up Britain's copper phone networks by 2025

SImon Hobson
Silver badge

Re: Every Telephone Pole Resembled The Mess Associated With Wire Frames

But on estates built since, say the '60s ... the entire telecoms network is buried.

O really ?

I think you'll find that a lot of developments even today still do not come with provision for communications. Mother was looking at a new build, and the guy didn't put any ducting in while the groundworks were being done because "it would cost too much". Read that as, "I can get away with doing nothing and BTOR will string another half dozen washing lines from the pole" - with the subtext of "I don't give a s**t about aesthetics either".

Yes, the whole development (6 houses) was an exercise in cutting corners - and I believe you'll find that it's the norm.

So IMO the first thing the government should do is to mandate that all new builds treat ducted communications provision the same way you treat gas, water, electricity, and drainage - fundamentals that are "just there". Yes I know there are places without mains gas and so on, but would you really expect a new build to have no water or lecky - and have to dig up the new drive to put them in ?

0
0

BGP borked? Blame the net's big boppers

SImon Hobson
Silver badge
Thumb Up

To be fair, while it does read much like a re-iteration of GIGO - they have actually tried to quantify how much GI is being allowed. Thumbs up for the quantification.

3
0

Nissan 'fesses up to fudging emissions data

SImon Hobson
Silver badge

What is the implication on car tax going forward?

I'll answer that in a moment ...

But this news comes as no surprise - in fact the only surprise is that it's taken so long to come to light. It's fairly obvious that if you a) impose virtually impossible to meet targets, and b) set those targets in a very specific set of tests, then the result will be that manufacturers will game the tests. Whether this gaming is detecting when those test conditions are in effect (VW), or using the GPS to detect when you're at a test facility (Ford IIRC), or something else doesn't really matter - because the regulations do say that you have to meet those emissions under those conditions and say nothing about other conditions. IMO the fines levied on VW were unjust for the simple reason that regardless of what the press would have people believe - those vehicles DID meet the emissions regulations in the tests as laid down. That they had massively higher emissions outside of those tests is irrelevant - they DID meet the requirements of the tests.

c.f. when they introduced monitoring and league tables over hospital waiting times, and were completely shocked when the effect on waiting times became part of the decision on how to treat patients. You do have to wonder why TPTB seem unable to grasp the connection between laying down of targets and it resulting in those subject to the targets working towards meeting them !

But back to the question ...

Good question, and you have to wonder if the system would even allow for the changing of a car's status after it's already gone into it. But if an owner did get a letter saying (words to the effect of) "Nissan lied, the emissions figures were wrong, we've no re-classified your car and it will cost £x/year in future for your VED" then they'd have a case for going back to the dealer they bought it from and issue words to the effect of "we were given false information when buying this car, it's now costing us £z/year extra car tax, you will be paying that".

The dealer would be liable as the goods were not accurately described, and the customer is entitled to be put in the position of not losing anything because of the misdescription. This would be pursued through the "small claims court" (more accurately, the fast track service of the county court) but there's a limit of 6 years.

I can't see any decent dealer not covering the difference - and if it's worth the admin time, going back to Nissan for re-imbursement. More likely, Nissan would offer the owner some freebies in a "if we give you some goodies, will you go away and promise not to sue us over this in the future ?" manner.

6
1

Boffins want to stop Network Time Protocol's time-travelling exploits

SImon Hobson
Silver badge

Re: Connections, connections

But the chance of there being no operating tower your phone can connect to is probably smaller than the likelihood of the outage taking down the exchange your landline is connected to

As long as we're talking about the UK, then no - quite the reverse.

BT exchanges have some 'kin big batteries that will keep it running for some time, and I believe some larger ones have permanent generators present to take over.

Mobile phone towers are a different matter. They may well have batteries, but nothing like the scale BT exchanges have, and I doubt if many at all have on site generators.

TL;DR - if the power goes off, the mobile towers will stop working before the BT exchanges.

Well that's for voice, data is a bit more complicated. ADSL uses kit installed in the exchanges - so in principle ADSL will keep working as well. VDSL uses active street cabinets, so that will only keep working as long as the internal batteries last - and there's going to be no generator getting plugged into it because (like the mobile network, but on a bigger scale) there are quite a lot of them !

1
0
SImon Hobson
Silver badge

Re: Mum

All my mobile phones will still ring if the power is out

Don't count on that !

They will still work IFF the outage is localised enough for there still to be a cell still powered up AND still have communications back to the network. That is most definitely not always the case !

Suddenly people realised that, without electricity, there is no internet, no mobile phones, no contactless payment, no lifts and no petrol pumps.

Most mobile phone coverage was lost within an hour

The biggest impact on most people was that few knew what was happening. By looking out of the window, it was obvious that there was a widespread power cut but none of the usual sources of information – TV, internet, text messages or social media – was working.

The point is, while this was an extraordinary event - I know from inside knowledge that there have been a few "near misses" in terms of substations being flooded, even after work to raise the level of flood protection at many. Lancaster was lucky in some ways - they were able to draft in generators to get supplies back on fairly quickly while sorting out the main substation. If two such events happened close together (far from inconceivable) then there may well not have been the numbers of large generators required.

And then we need to factor in "modern" supply management policy. Once upon a time, the electricity supply industry was run by engineers with a brief of "keep the lights on". Generator capacity was organised to have a diversity of fuelling, with spare capacity and some pumped storage to help manage the "half time tea break" surges and the like. That was abandoned under Thatcher, and centralised forward planning was replaced by "kick the can down the road" politics (no new nuclear for decades) plus free market "what can I make out of this" planning by multiple competing suppliers. They are now pushing so called "smart" meters for one primary function - what is euphemistically called "demand side load management". The combination of "tin kicking" and lack of planning now results in a supply system without enough spare to cope with forseeable peak demands - so "smart" meters are there to control demand, firstly by price rationing (if you want to cook dinner at dinner time, tough, it'll cost you 10x the normal rate), and if that fails by more fine grained rolling power cuts (many of us remember the 70s). Yes, remote disconnection is part of the spec, and therefore in EVERY "smart" meter for someone to, somewhere, to click a button and your power goes off.

Of course, we are promised that there are sufficient safeguards etc, etc - but I guess it's tough luck if your power is turned off and it's up to you to persuade your supplier that their billing system has got it wrong and you don't owe them £20,000 ! (sarcasm)Oh no, mistakes like that never ever happen do they. (super-sarcasm)And of course, we all believe that no-one will turn off the wrong meeting.

1
0

ICANN't get no respect: Europe throws Whois privacy plan in the trash

SImon Hobson
Silver badge

Re: a silly question...

like everyone else, why could they not send everyone an email telling them that they need permission to share that info.

Actually, yes they could - and it would be legal. Two issues with that though - with one leading from the other.

By making it opt in (and no, it's not allowed to pre-tick the "I want to be spammed by the world" option on the web form !) it means that few will opt in. That's the first thing to keep in mind.

That leads on to: ICANN't doesn't want to do that. Firstly it means they have to adapt their policies and systems to support it - a process which they claim will take years. Secondly it means admitting that it actually is bound by outside rules/laws.

It looks very much like ICANN't have developed a real belief that they are a law unto themselves and don't have to consider what anyone else says - the comments about them having a Jobs like Reality Distortion Field seem well founded. They are suddenly finding out that this isn't the case.

4
0
SImon Hobson
Silver badge

Re: Good for regulators

that any one government or small group of them think they can grab the right to control something worldwide

Yet again, the EU is NOT doing this. ICANN't really can do whatever they like with (say) US citizens' data and the EU won't give a toss. So a US registrar, operating in the US, can sell to a US citizen not living in the EU - and the EU is not trying to prevent the registrants personal information going into whois, that's for US authorities to deal with and note that California has just passed a law very similar to GDPR.

But where (eg) the registrant is an EU citizen living in the EU, then that's different. It does not matter at all who the company is - GDPR applies and if the organisation has any presence in the EU then it's possible for the EU to fine it for GDPR breaches.

Now, lets consider an analogy - a poor one because there's physical goods involved etc. Suppose a purely EU based car manufacturer wanted to sell their cars into the US. The US authorities would say words to the effect of "sell into our market and you abide by our rules" - so the cars would have to meet US DoT regulations, have lights that work "the US way", and so on. That's not the US saying that cars sold in the EU have to meet US regs - they simply would not care - only that cars sold into the US have to meet US regs. And it works both ways - a US manufacturer has to make their products meet EU regs if they sell them into the EU.

8
0
SImon Hobson
Silver badge

Re: Slippery slope

thinking that a country or small (and getting smaller) group of them can dictate to the world...

Actually they are not dictating to the world. A registrar based in the US can demand whatever information it likes from a US citizen and publish it in whois records for the world to see - but see other comments about California having just passed a similar law. As you point out, all of that bit is none of the EU's business.

But, if the registrant (or anyone who's personal information is included in the registration) is an EU citizen, or lives in the EU, or the registrar has an EU presence - then any of these put the data collection and use within the scope of the EU regulations. But if (say) I as an EU citizen decide to register with a registrar based in the US (and with no EU presence) then that's my loss because I'd be giving my details to an outfit that I (should) know is outside the scope of the EU regulations.

If I am more sensible and use an EU based registrar, then it is illegal for that registrar to pass any of my personal information to ICANN't - and so the EU registrars are simply telling ICANN't that they are ignoring the illegal clasuses in the contract and not passing along the personal information. In other words - the EU registrars could see what ICANN't were (or weren't) doing and put their own processes in place.

It will be "interesting" to see what happens next - definitely needs popcorn on standby. The best ICANN't could try would be to cancel the contracts of any registrar not proving the information it wants - the "do as we tell you or bog off" approach. But just think of the ramifications - they'd instantly destroy the credibility of the (say) .com TLD. Just think how many (for example) .com domains the likes fo GoDaddy and Joker will have registered, and the chaos that cancelling the registrations of those domains would cause. Now I know ICANN't have some real problems with reality - but I don't even they would consider this a good move !

6
0

United States, you have 2 months to sort Privacy Shield ... or data deal is for the bin – Eurocrats

SImon Hobson
Silver badge

Re: Privacy Shield

U.S. law does not have to bow down to EU law

Very true, and actually no-one is saying that it should - it is entirely a choice for the US government to make as to how it handles things.

Basically it comes down to this :

If you are based in the EU and hold/process personal information on any EU citizen or any person resident in the EU, then you have to abide by certain regulations. What's more, those regulations aren't actually very complicated. But a key thing is that you cannot transfer/store/process that personal data to anywhere where it is not adequately protected - and that still says nothing about US laws.

What is does mean is that if the US decides not to create an environment compatible with EU GDPR, then that's fine - it's own choice - but the ramification is that it becomesstays illegal for any business with a presence in the EU to put such personal data anywhere "within reach" of any business with a US presence. It still does not say what the US must do about laws - just that if the US chooses not to be compatible then it cannot expect to get/retain the business.

In a way there is the usual (and usually broken) analogy with cars. A US manufacturer is free to decide whether to make cars that comply with EU regulations - no one is forcing them to. The flip side is that if they do not, then they cannot sell cars into the EU.

TL;DR - Basically, if you want to play in our playground then you have to play by our rules.

5
0

DNS ad-hocracy in peril as ICANN advisors mull root server shakeup

SImon Hobson
Silver badge
Pint

Re: Trust

I wonder if it was less that and more she knew when bereavement calls were going around and let her husband know about them so he could get the jump on Strowger.

While that is possible, remember that in those days all calls were operator connected. In the case of a bereavement, the caller would most likely ask "to be connected to the undertaker" - and if there was more than one, then it would be for the operator to choose. Obviously, if her husband is an undertaker, the operator is going to put such calls through to him.

I'd say impossible to determine the reality now - but regardless of reality regarding the claims, it prompted development of what has to be considered the cornerstone of telephony for many decades.

As a sidenote, to watch "Strowger gear" in operation, it's an engineering marvel - mechanically counting pulses, searching for a free circuit, just amazing that it ever worked at all, let alone reliably. It is said that an experienced exchange engineer could tell if the exchange was working properly (as a whole) just by the noise it made - and a room full of Strowger gear in full flow was certainly far from silent. There's a reason telephone engineers like Tommy Flowers were involved in the Bletchly Park operations. Icon for all of them, they deserved a good round.

0
0

When Google's robots give your business the death sentence – who you gonna call?

SImon Hobson
Silver badge

Re: well done

I've had meetings with BT's ...

I've had conversations with BT people adamant that the building we wanted lines installed into did not have any means of installing them. In the end I had to drive to site (again), climb up high enough to read the label on the JB on the back wall of the building, and then call back the local engineering manager to tell him that the building is served by DP nnn on the back wall of the building in xxx street ! Just telling him over the phone exactly where the DP was did not work - apparently it was too complicated for them to either look in their records, or have someone drop by (less than 1/2 mile from the exchange) and take a look.

Oh yes, and that's after BT foooked up the installs by sending all the paperwork (including the notification of the install dates) to empty shops and then had the OpenRetch engineers turn up, find no-one there, and just cancel the job without telling anyone - after being given explicit instructions what address to use for paperwork. Oh that was fun, we had site hooked up with 3G modems at one point - great for a new business (our customer) on the high street (not) !

1
0

Facebook, Google, Microsoft scolded for tricking people into spilling their private info

SImon Hobson
Silver badge

Re: "we are committed to GDPR compliance across our cloud services"

And the law doesn't say that you have to be objective and present all the arguments for/against, now does it ?

But if they present a very biased appearance - ie presenting all the reasons you should allow it but ignoring all the negatives - then that is not informed consent. That's the reason the regulations specify that consent must be informed - ie it's not OK to hide the real purpose behind a gazzillion pages of dense legalese while presenting a misleading summary that prompts the user to accept without knowing what they are accepting.

5
0

Dob in naughty data slurps to top EU court, privacy groups urge

SImon Hobson
Silver badge

Re: Delay

All we have to do is delay this for 9 months ...

In about 9 months time it will become even more of a problem for the government. At present, while we are part of the EU then we are part of the EU for data protection purposes - and it's up to others to prove that we don't protect data/privacy enough (hence these cases).

Once we leave the EU then it's a lot harder. We have to demonstrate to the EU that we have sufficiently robust laws in place to have "equivalency" to EU regulations - which we clearly do not and given the way our current (and past) incumbents down in Whitehall and Westminster talk about it, never will. Without this EU declaration that we have equivalency in data protection laws, it will be ILLEGAL for anyone with a presence in the EU to deal with us.

Just stop and think for a moment what that means ...

For example, it would be ILLEGAL for anyone dealing in personal data of an EU citizen (or a non-citizen located in the EU) to use ANY service provider based in the UK - simply because under UK law, that provider will not be able to guarantee security/protection of that data to the level required by EU law. So suddenly, ALL UK based hosting providers will be locked out of EU business, UK banks would be locked out of EU business, etc, etc. Forget any issues around competitiveness, tariffs, etc - a whole swath of business currently carried on in the UK would become ILLEGAL under EU law and we would be locked out of that market.

For a parallel, look at the EU-US situation. We used to have Safe Harbour, which for many years provided the illusion that EU persons' data could be safely exported to the US. Everyone knew it was a pile of steaming manure, but there wasn't any proof prior to Ed Snowden's revelations - after which the authorities could no longer stick their fingers in their ears and shout "LA LA LA CAN'T HEAR YOU" any longer to protect the status quo. Max Shrems first legal case blew Safe Harbour out of the water - so TPTB hurriedly came up with Privacy ShieldFigleaf, which itself will be blown out of the water when Max Schrems' current case works it's way through the system.

The US likes to talk the talk and claim it's got measures in place - but in reality they don't and their law is fundamentally incompatible with EU law. Yes, their law is FUNDAMENTALLY INCOMPATIBLE (and getting made even more so, eg CLOUD act, over time) and no amount of whitewash paint will hide that any more.

So will be the case between the UK and EU. There is a big difference though between UK-EU and US-EU. With the US, there are powerful interests that want things to carry on - hence Privacy ShieldFigleaf being hurriedly put in place after Safe Harbour was blown away. But with the UK and the EU there are powerful forces that want to actively see us fail, so instead of there being active measures to lean a bit, squint a bit, put the telescope to the blind eye, and see no problem - here there are powerful forces that will want to actively sabotage any UK-EU data protection equivalency ruling because they want to see the UK hurting as much as possible.

You only have to look at statements made by the likes of Juncker - it's clear that they'd rather see the EU hurting than miss an opportunity to hurt the UK. It was a natural response of course - they NEED Brexit to be a failure for the UK because they know that if it isn't then there are several other countries lined up to follow suit.

0
0

Amazon, eBay and pals agree to Europe's other GDPR: Generally Dangerous Products Removed from websites

SImon Hobson
Silver badge

The big problems being ...

As already mentioned, this cannot possibly work.

If the items carry a CE mark then the seller can "claim" that they are compliant and the big four are abusing their dominance by blocking legitimate products. Get the popcorn out.

But as already said, the CE mark is something the manufacturer (or importer) sticks on a product themselves - supposedly after having gone through the right processed to ensure compliance. So for "cheap tat" knockoffs shipped direct from China, there really isn't a way to know if the CE mark is genuine and the product is safe, or it's just the "Chinese Export" mark. Even large professional retailers in the EU can get caught out - there are plenty of tales of them having goods (eg USB PSUs) made in China where the samples are all OK and pass (eg) EMC testing, but once the production units start flowing, there are components (eg input filtering to achieve EMC compliance) left out to save manufacturing costs.

The average punter won't have a clue how to spot the genuine & safe "kettle lead" vs the dangerous one with unfused plug (OK, that should be obvious - but the rest not), non-conformant plug size, sleeved earth pin, undersize copper in the cable, etc. The average punter doesn't know the details of BS1363 - just that if it fits a "13A socket" then it's a "13A plug". Once you get into more complicated things (like laptop PSUs) then there's no chance.

I can see this being almost completely ineffective, while screwing up honest vendors caught up in "bad feedback" from dim witted buyers.

1
0

Painful truth: DNS, CDNs and CAs are Achilles' Heel for top websites

SImon Hobson
Silver badge

Re: The resilient distributed nature of the Internet?

Maybe we should all take some responsibility for our own stuff.

And only one upvote allowed !

At my last place, we ran the DNS for around 600+ customer domains - and when I started it was hosted on two servers sat in the same rack and protected by the same dead UPS. One was on a different internet connection though.

When I left, we still hosted the master in our own server room, but employed a 3rd party to run secondaries for us - so an outage either at ourselves or at the 3rd party could not bring down the DNS for those domains.

But also when I left, manglement were busy getting rid of anything needing brain cells - and were transferring the DNS to a significantly inferior hosting service, with a PITA GUI, significantly reduced features, and most critically, all under one hosting provider who had already had more than one major outage in the couple of years we'd been using them.

For good measure, the main mangler decided to just rip out all the infrastructure (documented, reliable, worked flawlessly for many months after I'd left until it got mangled) - partly on the basis of "I don't understand it, so it's coming out". Had he asked anyone with a clue, he could have avoided taking out the master for 200 domains and having them die a week later as the secondaries expired their cached entries (fun when your VoIP phones go down due to a DNS issue). For starters, the 3rd party hosting had a neat feature that would have allowed promoting them to using a local database - so a few clicks per domain would have dealt with it. Instead they left it till it started taking customers offline and then went into panic mode.

Still, said manglement were well versed in outright lying to customers - no doubt they'll have blamed a 3rd party service for the outage.

I use OpenDNS instead of ISP's DNS service. I'm never affected by DNS outages as an errors just lead to the use of a cached entry.

Do you only use Open DNS ? If so then you're at the mercy of OpenDNS and if they have a major outage. Only if you use them PLUS another completely independent service do you get that degree of resilience talked about in this article.

0
0

Priceless: The cost to BT for bothering you with spam? 1.5 UK pence per email

SImon Hobson
Silver badge

Although this is a pittance of a fine, given that this is a "real" business, there are two upsides compared to many of them :

1) It will actually be paid, unlike many of these massive fines that will never be paid as quite coincidentally the business filed for insolvency just before the fine was announced, and also quite coincidentally the same people have started a completely unconnected company doing the same type of work from the same office.

2) It's a permanent black mark against the company and some senior managers will take note of that. Granted less of them, and less notice than before (long time ago) when it was actually run by people who gave a s**t about service and image - but it's still (yet another) blemish on their image.

0
0
SImon Hobson
Silver badge

Re: Marxism

Since they already provide you with a line, not only are they entitled to market another of their products but of course they know if they’ve switched on broadband for you!

That was "iffy" before, but as of 25th May no longer true. The information they hold in order to provide teh phone line cannot be used for any other purpose without your explicit consent - failing to opt out of assumed consent no longer washes.

Similarly, they may not use information on which communications provider had them enable ADSL for any purpose other than to manage that provision.

But presumably these complaints predate 25th May, and so they may have assumed consent, or used a pre-ticked "let us spam you" box on a web page, or a box to tick labelled in 2 point text with "tick this box if you want us to not unwithhold your information from 3rd parties", or ...

1
0

Apple takes $9m kick down under after bricking iPhones

SImon Hobson
Silver badge
FAIL

Re: weird decision by Aussies

Ah, and thus the ignorance showeth. Time for a bit of education

From the person demonstrating their own ignorance in incorrectly trying to correct someone else's !

Power negotiation over USB cables is a thing that does NOT require the sort of shenanigans done by Apple. Look it up, there are agreed standards for such negotiation - and if there wasn't once that was adequate, then Apple could have done their own in a way that did not prevent use of 3rd party cables.

What Apple DID do was to use technical measures (chip in cable, phone talks to chip, phone refuses to work if right response isn't received) to make it so that cables without the right chip&software would not work for things like playing video to an external screen and so on. Simply, it was a tax - pay Apple's prices, pay "approved" 3rd party prices (which includes fees paid by the 3rd party to Apple), or don't get a fully functioning cable.

It really is that simple - the primary reason for the way it was done was to prevent the option of using inexpensive 3rd party cables. IIRC they dressed it up in the usual "to protect the users from poor quality cables" lies - but ultimately it was protectionism pure and simple.

As a user it would (if I had one of the devices) be my right to choose whether to pay for an Apple (or approved 3rd party) cable or to use a cheap cable and accept that there may be issues. I could (just about) accept Apple putting up a notice when a "cheap" cable is plugged in, warning of the risks, but what they have done is wrong and should be illegal.

This result (on a very related topic) in Australia is one tiny step in the right direction. The money is irrelevant - it's the public slap in the face and the finding that what they did was illegal and wrong that counts.

8
0

Visa fingers 'very rare' data centre switch glitch for payment meltdown

SImon Hobson
Silver badge

Re: Still not understanding

Why it took so long to disable the failing switch once it was identified

As already said, the guys that wold have been able to diagnose this AND do something about it have all gone. The people running it now will probably be junior techs on a different continent with a) manglement imposed limits on authority and b) culture imposed limits.

The latter is important. For many of us in northern Europe it's seen as a good trait to be able to sit down, look at the evidence, and formulate a theory as to what is wrong - and formulate a plan for how to fix it. So as already said further up the comments, a good ops team would probably have had it fixed before many people realised there was a problem.

But AIUI, in many of the places such functions are offshored to, there is a different culture - where individualism is frowned upon, and the techs are supposed to "just follow the flowcharts". In such a culture, to get the offending switch powered off would require the problem passing up many manglement levels, endless meetings, and above all - discussion of who takes the blame.

A secondary factor is the modern disease of not supporting people to make decisions. So even if a techie did realise that "all it needs is to power cycle this switch" - it's a very secure person who can take on that decision and expect his manglement chain to support him in doing so. More normally, the "safe" option is to do nothing - it's not your fault the system failed. But go and do something that should fix it, but for some reason doesn't - well your head is on the block for doing it.

Go and read some of the "the day I ..." stories in ElReg - and in particular the comments. Some of the best ones involve the person "doing something" but being supported by their managers on the basis that "the only person who never made a mistake was the one who never did anything".

4
0
SImon Hobson
Silver badge

Partial failure... is NOT rare

... having a well trained ops team ... It also needs to have the authority to do so.

So much truth, and only one upvote allowed.

I've only been in a very low level of networking - even I've seen more than one instance of such partial failures, switch has failed to switch packets properly but still looks to be OK. There's a limit to how much you can automate for such situations, but as you say - a well trained ops team with the right monitoring and the authority could have dealt with this in a timescale that would have made it into a "Visa had a blip yesterday, nothing to see here" in the next days back pages instead of the major incident it was.

As I wrote in a comment to one of the earlier reports on the problems - the problem users saw was not due to a hardware failure, it was due to an organisational failure to properly plan for forseeable problems and put the right measures in place.

2
0

Microsoft shoves US govt IT contract where ICE throws kids: Out of sight in a chain-link cage

SImon Hobson
Silver badge
Mushroom

Re: Separating kids from parents ? Us Brits can shut up, oh, so can the French!

Not to mention the Home Office insisting on original documents being sent to them - and then routinely losing them leaving the applicant up the brown creek without a paddle. Even if the documents aren't lost, they (HO) can take ages to process anything - no, they don't appear to have a system where they check the documents and return them while they process the application.

See https://forums.theregister.co.uk/forum/containing/3547043

Treasonous May has a lot to answer for - she was quite happy to put evil policies in place while she was in charge there.

Icon for what the people responsible deserve.

1
0

Apple hauled into US Supreme Court over, no, not ebooks, patents, staff wages, keyboards... but its App Store

SImon Hobson
Silver badge
FAIL

Re: On balance, I have to support apple

this applies to pretty much any device

Downvoted you for this shortsighted and dangerous attitude. It's precisely because people accept the "everyone does it so 'so what'" argument that it's been able to prevail.

As I wrote in an earlier reply - if Ford, GM, Toyota, etc, etc ALL decided to make it so that they could control where you got your car serviced, where you could buy your petrol, where you could buy your (eg) tyres, and where you could drive it (eg, it just won't drive on any "road" not in their database). What then ? According to you that's perfectly OK because "everyone does it". Not for me it's not - "everyone does it" is not a measure of "rightness" !

In the automotive world, no manufacturer could manage that (not even Tesla !) - YET, too much competition. But I bet we'll see creeping restrictions in the future if it doesn't get stamped on. For reference, this is exactly the sort of complaint that's getting levelled at John Deere - they are busy using DMCA to prevent non-authorised people servicing the tractors they've sold, ie using the software element and the bad law passed for the computer & entertainment industries to control what the farmer does with the tractor that the farmer apparently no longer owns outright*.

* IMO, one measure of "do I own it outright" is "can I do what I like with it". If the manufacturer retains some controls/restriction then no, I don't own it outright.

1
0
SImon Hobson
Silver badge

Re: ugh. Its sooo obvious..

Apple built and owns its app store and has every right to set whatever conditions it wants on the apps being sold there

Yes, but ...

OK, this is a bit of a strained analogy, but suppose Ford implemented a system whereby when you bought a Ford car, it could only be serviced by Ford, would only accept petrol from a Ford garage, could only use tyres bought from Ford (even though still made by Michelin, Dunlop, etc) - and for good measure, had controls in place that would prevent you using it in certain ways. Basically you have bought the car but Ford effectively controls how you can use it*, what fuel you put in it, what tyres you put on it, etc, etc.

The same argument applies - if you don't like the policy, don't buy a Ford. But that only works if GM, Toyota, Seat, VW, and all the others haven't done exactly the same thing. In the mobile market there are two main options - Apple and Android (with Google applying similar controls, just more easily worked around).

* Example. There is an iOS app for doing WiFi surveys, only available if you jailbreak the device because Apple won't permit it in their store. So you have to jump through some pretty tricky hoops to do a basic network function. Similarly, the iPad I have doesn't support me using a bluetooth GPS - it's cpaable of it because there's a third party option to enable the support, again only possible on jailbroken devices. Yes, two specific function where Apple has specifically denied me the option of using MY device (yes, I paid money for it, so it's mine) for what I want to use it for - unless I jailbreak the device which they go to great lengths to try and prevent.

Oh yes, for good measure - doesn't anyone remember the cases (note the plural) where apps eventually got removed from Apple's App store for doing nefarious things. Apple checks that the App only uses official system calls and stuff like that, but it's unable to police an App "phoning home".

They also deliberately separate "customers" from "suppliers". For example, if a newspaper wants to sell a subscription to a reader, Apple's way doesn't allow that seller to know who the buyer is. OK, privacy by default - but it removes the option for a buyer-seller relationship. IIRC they went as far as changing the rules to insist on the seller using Apple's process - thus blocking direct sales AND allowing them to pocket 30% as a bonus.

1
0

Asylum seeker spreadsheet data blurt: UK Home Office loses appeal to limit claimants

SImon Hobson
Silver badge

After what I've been reading ...

This does not surprise me at all. It seems that the Home Office is institutionally incompetent - not just implementing bad policies, but incompetent in handling just about everything. It's clear from some of the complaints levelled against them that they have no systems in place to do the job properly.

Things like losing important documents (e.g. foreign passports, marriage certificates), meaning that people are left in limbo - unable to get on with their lives (no passport or driving licence means you can't prove you are who you say you are, can't get a job, can't rent a home, and are really lucky if the Home Office doesn't suddenly decide you are an illegal immigrant and start the process to chucking you out.

Even if they don't decide to throw you oout, not having such documents can screw your life up - such as having your bank account frozen because you can't prove your identity.

Or using minor errors on tax returns to label you as a terrorist and throw you out.

But worst of all, they seem to have a policy whereby they can declare someone an illegal immigrant/terrorist/whatever and the process isn't put on hold pending appeals. I.e. they can screw someone over and leave them unemployable, homeless, etc while the Home Office take their leisurely time over deciding if they made (yet another) mistake.

3
0

Da rude sand storm seizes the Opportunity, threatens to KO rover

SImon Hobson
Silver badge

Re: A place in history

Pah, 25MHz, 20MHz, 2MHz - you youngsters today don't know you're born.

I raise you 1MHz and just 1kbyte (yes k, not M or G) of static RAM.

Obligatory Monty Python sketch :-)

3
0

Devuan ships second stable cut of its systemd-free Linux

SImon Hobson
Silver badge

Re: systemd-free?

It might help to understand that there is a difference between Debian where it might be possible to remove sysemd and Devuan where it is not present. If you do remove systemd from Debian then you are on your own - the only supported arrangement is with systemd.

So packagers are free to remove SysV init scripts - not insurmountable as you can provide your own, but still more work.

Packagers are free to remove (eg) calls to traditional syslog and only call systemd's ginger haired stepchild of syslog - so if you remove systemd then you will either have no logging or the package won't run at all. If you try raising this as a bug then you'll get a "wont fix" as you are running an unsupported setup.

This problem will only get worse and worse as systems continues to re-invent (often badly) more and more existing tools.

IF systemd had only been an init system as was originally claimed, then there wouldn't be the vitriol thrown it's way - it would be easy to toss it out and re-instate SysV init or put OpenRC in. But it is NOT an init system - it's a giant hairball of cruft that links far too much together in a non-modular way*. And for good measure, because it lumps so much into the hairball, then it vastly increases the attack surface for bugs. It's designed to encompass as much as they can borg into it - and many of the changes are explicitly designed (even if non-intentionally) to break compatibility and force an either/or choice on packagers (such as whether to use the new supported systemd logging or use the (eventually) non-supported syslog).

Had I still been working at my last place then I'd now be in the process of migrating quite a few systems from Debian to Devuan - all had been held at Wheezy as I wasn't prepared to allow systemd onto production servers.

* Don't let the pro-systemd camp confuse you. Just because code is in a number of modules does not mean that it is modular. Modular systems allow you to replace any module with a different one - such as replacing "syslog" with "syslog-ng" or "rsyslog". Systemd doesn't even provide a stable API between modules, so it just isn't possible to swap out a single module without a lot of work in reverse engineering an API and then watching for undocumented changes in it.

6
0

Open Source Security hit with bill for defamation claim

SImon Hobson
Silver badge

Re: Open Source Security Inc. Doesn't Make Open Source

You may use, copy, modify, and distribute any Linux kernel modified by combination with grsecurity patches under the terms of GPLv2.

What's the issue?

What about redistributing the source for that modified kernel ? GPLv2 says that if you modify and distribute a piece of GPLv2 code, then you are required to provide the source if asked for it.

AIUI, grsecurity also allow you to redistribute the patched source - but if you do will terminate your contract with them. That's not exactly allowing you to redistribute in accordance with GPL - it's basically saying that you can't redistribute if you want to carry on getting their patches in future. That's what Bruce Peren's opinion was about.

1
0

Visa Europe fscks up Friday night with other GDPR: 'God Dammit, Payment Refused'

SImon Hobson
Silver badge

Re: Cashless society

If a piece of hardware can block some half a billion visa cards from working

That was my first thought when I heard about it on the radio - this was not caused by a hardware failure, this was caused by inadequate/faulty business continuity planning. If the BC plan had been adequate AND had been correctly implemented, then there would have been a minimal outage for a minimal period of time.

The scale of the outage (EU wide) and it's duration clearly shout that the BC plan was not adequate or was not correctly followed. So it was a preventable outage.

So what's that about having all your eggs in one basket ? Can't remember the last time I was offered the opportunity of having a Mastercard, it seemed everything was Visa these days.

13
1

Whois? Whowas. So what's next for ICANN and its vast database of domain-name owners?

SImon Hobson
Silver badge

Re: Personal vs business

I've seen other sites in the past though where not even the ToS mentioned any names beyond whatever the brand (site) itself was called

At a previous employer, they wanted to setup a web shop under a different brand name to the ones we were already using. Being in IT I got to see a draft of the website before it went live, and had to go to manglement and point out that "err, this website isn't legal" - and then had to point to the specific legislation (Company Names Act of some year or other IIRC) where it specified what information must be present on any communications. Grudgingly they put the company details buried somewhere on the T&C page where they wouldn't be found.

2
0

GDPRmageddon: They think it's all over! Protip, it has only just begun

SImon Hobson
Silver badge

Re: @AC

Your HTML (or JavaScript or however you put adverts on there).

As I read it, his site does not put the adverts there - his hosting company does it when sending pages out. Ie it's the hosting company that is modifying his code before it gets sent to the client.

I would suggest that it's STILL the website owners problem - they have chosen to use that hosting outfit to serve their site, and they need to ensure that they have appropriate contractual clauses with the third party (the hosting company). In this case, the hosting company (or the ad companies they subcontract to) is going to be collecting data that is in excess of what they, and the website owner, needs to collect in order to perform the act of serving up the website. Thus the hosting company is in breach of GDPR, and the website owner is in breach because clearly they do not have contractual terms in place that would (or should) avoid this.

0
0
SImon Hobson
Silver badge

Re: Brexit.

If the EU has a problem with UK data protection they can fuck right off ...

Ahh, but there's a difference between Privacy FigleafShield and any future EU-UK arrangement. With the EU, they desperately need to not kill transatlantic data traffic - and regardless of what anyone might say, to kill off transatlantic data traffic would have caused massive hurt all round.

With the UK, the high up people will be keen to "make it painful" for us (some have publicly said they would, to discourage any other countries from trying to leave) - so I suspect we can look forward to being forced to jump through lots of hoops and play much much better than everyone else.

0
0

Ongoing game of Galileo chicken goes up a notch as the UK talks refunds

SImon Hobson
Silver badge

Re: @ Roland6

Unfortunately, for this to happen you tend to have to schmooze and not insult each other...

And unfortunately such schmoozing was never going to happen. It was clear from the outset that "the EU position"* was going to be "we'll do anything we can, even if it hurts us badly, to make it painful for the UK". Given that "the other side" has taken up a position of "we aren't interested in any agreement that doesn't punish you for leaving" - hard to see how any sensible agreement could be likely.

* Based on statements made by senior EU bods

1
0

Mobile app devs have, oh, about 9 hours left to decide whether to stay on Google's ad platform

SImon Hobson
Silver badge

Re: loads of email about GDPR asking me to sign up

If you already have suitable consent (a pre-ticked box or scraped data isn't consent, then the email is pointless, and might be illegal depending what it asks.

Not quite.

AIUI many data controllers do have consent - but might not have evidence to the standard required under GDPR, and might not have given clear enough information to the level required by GDPR. Because of this, AIUI the ICO is recommending that data controllers go back to the data subjects and get fresh consent - so they can show that they have obtained informed consent from each subject.

0
0

Finally: Historic Eudora email code goes open source

SImon Hobson
Silver badge

Re: I paid for it...

I paid for it too - great program, but with "some issues" (in particular it had some issues with IMAP accounts).

Someone mentioned supporters not providing a single point in it's favour - so I will. It had a good UI.

By good, I mean it showed different mailboxes in different windows - instead of this really stupid modern idea that everything has to be in one window where you switch mailboxes from the menu on the left. The Eudora way is just so much easier to work with.

I only stopped using it when a system upgrade stopped it working.

0
0

Openreach consults on shift of 16 MEEELLION phone lines to VoIP by 2025

SImon Hobson
Silver badge

Re: So, can somebody clarify for me?

AIUI what they have done so far when doing "fibre only" connections is to terminate the fibre into an NTE (there needs to be something) which DOES include a terminal adpater to allow an analogue (POTS) phone to "just plug in". So customer gets to keep their existing phone (and internal wiring), all that is different (for the telephony) is that the master socket is bigger and needs a power supply (so an issue if there isn't a mains socket nearby as there often isn't).

The NTE also has a socket into which the router is connected (router, NOT modem+router) and the router just needs to talk IP over ethernet or PPP over ethernet depending on how the service is presented (I've not read anything saying much about that side).

At work, I've worked with a few services which were just presented as plain routable IP over an ethernet connection - the provider's NTE handling all the fibre-something conversions together with any protocol conversions that might be needed - so from the end user's PoV you just talk IP over an ethernet link. Makes it a doddle doing your own routing/firewalling/etc - especially in our own office where we had a whole /24 to play with :-)

1
0
SImon Hobson
Silver badge

Re: No thanks

i.e. All at once, so you wouldn't be able to make an emergency call?

See https://www.raeng.org.uk/publications/reports/living-without-electricity

Large part of a city without power for "some time". POTS still worked thanks to the copper connection and exchange batteries. If your end users are reliant on an NTE battery with a life of just one hour then such a failure would lose you EVERYTHING at the same time. Note that the emergency might not occur within that first hour - your proverbial elderly relative may fall during the night following the power cut (perhaps trying to get around the house in the dark).

2
0
SImon Hobson
Silver badge

Re: Problems

neither lifts nor mobile phones can be relied upon in the case of a non trivial power cut

Absolutely. However the same might apply to fu;l fibre products as well - see below ...

Fortunately, the chances of significant losses of supply are reducing as fast as market forces are encouraging the UK supply industry to invest ...

Quite the reverse ! Market pressures - specifically for lower costs - are actively reducing the level of redundancy in the network. Instead there are moves towards things like interruptible supply contracts (ie pay large industrial users to shut down) instead of putting in/maintaining redundant capacity to cater for (eg) a circuit fault.

I recommend a read of this : https://www.raeng.org.uk/publications/reports/living-without-electricity

The subject of what happens to mobile networks is covered - they stop working ! In practical terms, the cost cannot be justified of equipping all base stations with anything more than a token battery backup, nor is it physically or financially practical to have standby generators available to roll out to them all.

What is clear from the report is that it was lucky that the outage was relatively local - had there been a widespread problem then the generators brought in by the DNO (ENWL) could well have been needed elsewhere.

Now back to the telecoms network itself. IF the connection goes all the way back to the exchange with no active equipment then it should keep going as BT exchanges normally have some very large batteries to keep everything running. But if there are any active devices in the link (like there are the green cabinets in FTTC connections) then it's questionable whether these would hold up for any sensible time (or at all) given the ongoing cost of maintaining batteries at every node. AIUI the NTEs used to date in all-fibre connections have a backup battery to maintain POTS service for a short time (hours) in the event of mains failure. I could well see these becoming a maintenance problem - will they ever get changed ?

That's the key benefit of the current copper based POTS lines - very reliable and completely independent of mains power (including powering basic end user terminal) for quite some time.

Nothing insurmountable, but it WILL add costs (eg periodic battery replacements) to various applications.

3
0

UK.gov expects auto auto software updates won't involve users

SImon Hobson
Silver badge

Re: OTA Obsolesence

Not only that, but as mentioned above there is the EoL issue - how long does the manufacturer provide updates for. Not hard to see cars hitting EoL for software updates and the options being to scrap them or pay ever increasing contract prices for ongoing support. Think MS and Windoze XP extended support.

Add in the way that (for example) John Deere in the USA has used their DMCA laws to prevent third parties from repairing tractors and you can see the scope for shenanigans.

1
0

Social networks have already violated the spirit of GDPR

SImon Hobson
Silver badge

Facebook is an advertising platform so you expect new orgainisations like El Reg NOT to use it?

And THAT is the biggest part of the problem. FarceBork have become so ubiquitous that there's an element of "screwed if you do and screwed if you don't" about using it. For many people these days, "the internet" == ("facebook" OR "google") - if it isn't on farcebork or the first page of google's results then it doesn't exist.

So because "everyone is one farcebook", most people are pressured into being on farcebork or they'll miss out. There's a reason that they buy things like WhatsApp which allow people to communicate without using farcebork - by buying it, they bring it into their data mining business and so it doesn't matter which people use, farcebork still get your networking information.

3
0

Admin needed server fast, skipped factory config … then bricked it

SImon Hobson
Silver badge

I'd never seen a component physically blown off the motherboard before!

You'd never lived then lad !

My boss from a few jobs ago had worked at a local outfit that made specialist sonar equipment. One unit he described was a stack of circular boards that fitted into a cylindrical casing - with one board being the power supplies. As is normal, they'd done all they could to protect the unit from "accidents" ...

They got one returned as "not working", and when moved there was a rattling from inside.

Opening up the unit revealed the power supply board had zero components on it - many were rattling around the case sans-leads, some had just "vanished". Went back to the customer and asked "you didn't accidentally connect it to the 1000V supply did you ?" In that industry, they use many voltages and frequencies with the obvious scope for getting it wrong.

The customer was adamant that they hadn't, until said manufacturer suggested it would have to get legal and they'd be suing the manufacturer of the transorbs that had exploded - at which point they admitted their mistake.

For those that don't know, transorbs are a surge protection device that behaves a bit like back to back zener diodes - more or less open circuit up to some voltage, then they break down and become conductive thus allowing momentary over-voltages to be shunted away from the delicate electronics following down the line. But they have a limited power dissipation limit - so basically momentary spikes, not a full time over-voltage. When connected to 1000V instead of 400V - they literally exploded and the shock wave sheared all the component leads off flush with the board.

18
0
SImon Hobson
Silver badge
Mushroom

Re: Lightning icon required =========>

until I noticed that one valve was entirely glowing red

Ah that reminds me of a tale told to me by a friend in the broadcast industry ...

A colleague was sent to service/repair a large transmitter - and as described, the fault meant that one of the valves was glowing red hot. Except that these weren't tiddly little ones like in tellys, these were 'kin big things driving a 1/2MW transmitter ... Said colleague was round the other side of a rack doing some measuring or something when he heard a "big bang" almost instantly followed by the clatter of circuit breakers tripping.

When he looked round the end of the rack he saw his apprentice crouched motionless in front of a pile of glass powder and still holding the can of freezer spray in his hand. Didn't find out if clean underwear was required. Icon suggests what had happened to the hot glass envelope of the valve when hit with the freezer spray.

Apprentice learned the way you don't forget - don't try cooling valves with freezer spray.

I can't repeat some of his other tales - at least not in polite company !

20
0

Supreme Court punts on Microsoft email seizure decision after Cloud Act passes US Congress

SImon Hobson
Silver badge

Re: GDPR

Where does it say that?

It doesn't explicitly say that - but the inconvenient fact is that under US law it is IMPOSSIBLE for a US based business to (truthfully) provide the assurances required. Given what we now know about how the US authorities can, and do, tell businesses to "hand over this data, and BTW you cannot tell anyone" with what appears to be no effective oversight/control - it's just no possible for those businesses to provide realistic assurances about where the data may end up or what it may be used for.

The fact that MS suddenly (as it seems) said "OK then, here's this data you wanted off our servers in Ireland" to the DoJ should be a big hint. They previously claimed that they could not physically access it - so were they lying about that ?

0
0
SImon Hobson
Silver badge

Re: GDPR

AIUI, it effectively becomes illegal to use non-EU providers come 25th May.

At a previous place, I asked several times of the MD whether he discussed this issue with customers he was pushing over to Office 365. He just shrugged it off with "no problem, you can choose where the data is located". Given that MS has just handed over personal data held on a server in Ireland - thus proving that they DO have access to it - this becomes something of an issue.

But even if MS did have the legal separation that they have claimed to have, with the US company physically unable to access data on Irish servers, access to them by customers involves elements under the control of the US parent.

But until Privacy ShieldFigleaf gets struck down (which it will eventually), then companies will cite the protections in that to get away with it.

It's going to get very interesting - as in the Chinese curse.

2
0

Facebook previews GDPR privacy tools and, yep, it's the same old BS

SImon Hobson
Silver badge

Re: Optional

Surely this is against some sort of data protection law?

Under current law, it's questionable at best.

From 25th May it will be expressly illegal - but that won't stop them doing it.

0
0
SImon Hobson
Silver badge

I cannot understand is why successful big international companies want to do it

MONEY

What else is there to know ? These businesses are in business for the function of making money. They may have started out with good intent - Google started out with the aim of making stuff easy to find, Facebook started with the idea of networking people, etc, etc. But just like Google has dropped any pretence at "don't be evil" and now operates in a "how can we make most money, regardless of ethics" mode, FarceBorg has similarly gone down the route of "lets make lots of money" with the networking feature just being a way of getting people to give them the personal information they need to be able to sell it for that money.

0
0
SImon Hobson
Silver badge

Re: Fines on the way for facebook

I gave you a downvote because, yes, that is what SHOULD happen. But look how long Max Schrems had been going at them and how useless the Irish data protection people have been so far.

FarceBorg know that it'll take ages before the authorities decide that they can't keep their eyes closed any longer, and then ages again while they drag it out through the courts.

So I agree, large fines should be in their future - but I can't see it being as soon as we all think would be justified.

1
0

Facebook admits it does track non-users, for their own good

SImon Hobson
Silver badge

Re: RE: As a never-signed up non member....

It will take a damn sight longer to remove stuff from Facebook if you don't have an account, than if you do.

Well you very well illustrate a big part of the problem - many of the tools to "manage" your privacy require you to open an account with $provider, which requires you to accept their T&Cs. So in order to have $provider stop invading your privacy, you have to (taking typical T&C terms) give them permission to invade your privacy.

It will be interesting to see how this pans out when GDPR comes in. Given the story in ElReg about Ireland watering down privacy protections, I expect the first cases will be just tossed out, then there'll be an appeal to whichever EU body is responsible for complaince and the Irish government will be told in no uncertain terms that their law is illegal. There may be several rounds of this before Irish law correctly implements GDPR - and once that's in place then Farcebork are going to get well and truly reamed.

But like the OP, I know for a fact that Farcebork have personal information about me - thanks to "friends" and relatives who can't see what the fuss is about. At the moment I'm waiting for Max Schrems case to reach the point where (inevitably) Privacy SheildFigleaf gets struck down and then we can all start laying into them.

10
2

'I crashed AOL for 19 hours and messed up global email for a week'

SImon Hobson
Silver badge

Re: With hindsight

I had a thought about this ...

They could have fiddled with the DNS to get a poor mans load balancer. Set the mx to (say) a.domain.tld with (say) a ttl of 3 hours. After (say) half an hour, change the mx to b.domain.tld, also with a tld of 3 hours. After another half hour, change to c.domain.tld. And so on. You could script the DNS updates to automate it.

Then each resolver would cache just one of a.domain.tld, b.domain.tld, etc and so (using the numbers originally given would try and contact only one of 5 different MXs. Different resolvers would cache different records depending on the timing of when they last fetched the records. That was definitely doable back then.

If they had geographically distributed servers then they could also have done some conditional DNS stuff to present different MXs to different area - can be done with BIND using views, but I don't know whether that feature was available then.

0
0

Whois is dead as Europe hands DNS overlord ICANN its arse

SImon Hobson
Silver badge

The big problem that many seem to have overloooked is that the EU cannot get at ICANN directly as ICANN doesn't (AFAIK) have an EU presence. However, all the registrars with an EU presence must abide by GDPR - and that means it would be illegal for a registrar to pass any personal data to ICANN unless ICANN abides by the rules of GDPR.

BUT, ICANN is a US based outfit and must abide by US law - which is incompatible with GDPR. That's going to be interesting once Privacy Shield Figleaf is officially declared incompatible.

4
2
SImon Hobson
Silver badge

Re: Unstable operation coming soon...

"you can't tie provision of a service to a waiver on data that GDPR covers"

Citation needed!

Try the ICO guide to GDPR.

Basically, if you are saying that you won't provide the service without the person giving consent then that consent is't "freely given" - so don't bother.

However, that doesn't automatically stop you collecting and processing data because you can collect and process information that is REQUIRED for the performance of a contract. In the case of domain registrations and whois, the registrar is entitled to collect certain information for performance of it's contract. BUT, making that publicly available via whois is not required for the performance of the contract and so must only be done with consent and the person must be able to withhold that consent without affecting the ability to have domains registered.

32
0

Forums

Biting the hand that feeds IT © 1998–2018