Posts by SImon Hobson 2539 publicly visible posts • joined 9 Sep 2006
Well the need for different credentials per site was certainly stated - but not in writing as nothing else was either. To say their processed were "informal" would be a bit of an understatement. Change control, design process, source control ? Yeah, I think some of them had heard of them - the ones that now work where their skills are appreciated.
At a previous job, we had a few incidents where customer sites (some of them online shopping, some of them business processes) were compromised. The devs, or at least, the ones calling the shots*, really didn't understand security.
Eventually the managed to hire someone who did understand security - he lasted longer than I expected before he got fed up and left. He is now doing "quite well". Why was he fed up ? Obvious really, they were still writing insecure sites and then expecting him to bolt on security as an afterthought - and ignoring his "suggestions" that security is something you have to build in from the start. AFAIK they are still building "dodgy" sites.
* I have to say, there were a couple of the devs (it was a small team) who did actually understand these things - they've also left for places where their skills are appreciated.
At a previous job, the web devs needed to change the way they built sites that needed to send mail - which was most of them. Until a few years ago it was simple to setup a basic SMTP service configured to forward everything to the main mail server (using authentication). Apparently at some point the SMTP service was removed, so the site code had to send mail directly.
So for the first site that needed this new approach, I generated them a suitable account which they promptly coded into the site code. Before long I realised that they'd then gone on and re-used the same credentials for every site - rather than, as I'd told them to do, getting me to give them different credentials for each site (allowing per-site sent mail quota's/rate limits). I was really tempted to find an excuse to need to change the password on that multiply used account :D
Ah yes, the removable fronts. As said by others, sticker on both the cover and the front of the server.
BUT, there's another problem I've found with the likes of PowerEdge - though it probably applies to a lot of modern machine now sizes seem to keep shrinking ... A lot of them now don't have enough room to put a sticker on !
At one time, you could rely on the CD/DVD tray, but many of those have gone. So you've a machine where the whole of the front is occupied by removable drive trays, buttons & displays/indicators, and ventilation holes that you really don't want to block when there's only 1U of front to start with. I've ended up with some having to use a smaller print, and cut the label down in width.
Also, label the network connections ! Really helps when some numpty decides that it doesn't matter which cable goes where and connects systems to the wrong networks.
Lastly, PowerEdge have that handy status LED - press the ID button and it flashes front and back. I also labelled the racks - you can buy ready made stickers that will identify the U positions so as a last resort you can check the position front and back (yes, number them front and back) before yanking the power.
Oh yes, if you are on the helldesk and have to talk a customer through "fat fingering" a dead server ... Don't forget that to the average user on site, the UPS in the bottom of the rack looks very much like "the bottom server in the rack" that you told them to power off !
Or you're remotely doing some networking, forget which router you are connected to, and change the address on the wrong bit of the network 8-O Luckily managed to avoid that myself, but had to avoid smirking as I watched the consultant setting up some new routers do exactly that. As it happens, he was able to change the Ip address at the local end of the link and reset it, and it was only 10 minutes drive away anyway - but still good to see others make the mistake so you can file it in your "things to avoid" list at the back of the mind. Learn from the mistakes of others, you won't live long enough to make them all yourself !
there'll be a tax paid on it
No there won't - and that's not tax avoidance either.
Even if there is an inter-company hcarge & payment, the tax effect is nil. Whatever comes in as income (and hence would be taxable profit) is also an expense either to the same company or another in the same group (and hence allowable against tax as a business expenditure). Thus there's a saving in corporation tax on one end which exactly balances the extra corporation tax at the other end. This is quite basic knowledge about taxation that should be known by most people (and anyone in business).
However, what is normally done as a tax avoidance measure is to base one end of the transaction in a low tax location - so the tax on the income is lower than the tax reduced as a result of the expense at the other end. The classic example of this is where ${WellKnownBrand} sets up a subsidiary in a tax haven which just happens to own the worldwide rights to ${WellKnownBrand}. Said brand identity is then licensed to other business units around the world in return for a payment. These other units therefore reduce their profits (and tax) due to the legitimate expense, while the brand holding company makes all the profit but pays little tax due to being based in a low tax location. Or rather than a brand licensing system, it could be a requirement for each country's subsidiary to buy it's coffer beans from one other subsidiary - at a priace which is "a bit above" market value.
Ha, I knew of an even easier "it's my lucky day" case.
Local aviation business rents small plane to someone they don't know. They do all the usual stuff - check identity, check his licence, do a test flight to check that he can actually fly it, etc. It really is just like renting a car or van.
When he is late back, they start phoning airfields - starting with the one he said he was going to. Nope, not been heard of there. Bournemouth had talked to the aircraft as it made it's way across to France - so that set alarm bells ringing and local police were informed.
When he did return, a few hours later than he'd said he would, some young copper was there to ask about taking the plane abroad without permission, not having filed a flight plan, not having done the required customs stuff - and while we're chatting, I'll just have a look around. Now then, what's this white powder sir ? Yup, the guyidiot had done a cross channel drugs run - and was caught simply because he was late returning the hire plane. So a young copper's lucky day, a sizeable drugs haul dropped in his lap.
This was what I found out later. As it happened, this event took place a couple fo days before the club had a flyout. I was "a bit puzzled" why they weren't using that plane, and why there was a copper hanging around it. Part of the flyout was to be a spot landing comp - draw a line across the runway with ... flour ... and see who can touch the wheels down the closest to the line. There are jokes about carryig bags of white powder - which didn't make sense until I later found out about the drugs bust.
It's worse than that, because many comfort cooling systems will just freeze up in a server room. I recall explaining this to someone who had exactly this problem, and were at first a little sceptical that an aircon unit would freeze up because the air is not wet enough !
Some systems are specified to work under any humidity conditions - these are OK as long as you size the unit accordingly. However, many systems rely on the heat taken into the evaporator coil from the latent heat of all that condensing moisture to keep the coil above freezing point. So in humid conditions they work fine. Put them in dry conditions, the latent heat is missing, so the coil gets colder - whatever moisture there is in the air then freezes on the coil and unless the unit has frost detection and automatic defrost, the coil gets blocked with ice. Of course, when the coil is (partially or wholly) blocked with ice, the unit will still be trying to remove heat, so that ice gets very cold so it takes some shifting.
Maaaany years (decades) ago I was in business with someone who had worked in the computer room at a major UK manufacturers - the one with a whole town to their name. He told how he stockpiles the chocolate bars from his discounted (or was it free ?) allowance and went off on holiday around Europe with little cash but several large boxes of english chocolate bars in the boot.
Did very well bartering chocolate for meals etc - oh yes, and the booze.
No problem, if they haven't already, a number of registrars based in the EU will be happy to proxy for you so you can continue to have your .eu domain. Many countries have similar rules, and all have ways around them - mostly by a registrar having a "local presence" which may be as little as a PO Box !
Yes, that's a real problem with standby generators.
However, there is a good way to reduce the problem. There are a couple of outfits that will pool your generator capacity and sell it to the grid as STOR (Short Term Operating Reserve) - ie stuff they can call on when there's either an unplanned loss of a large generation plant, or a sudden spike in demand, or even to work over the "half time and the kettles go on" and there's limited spare capacity.
You get paid just to have the facility available, and get paid more when it's used. But when it is used, it gets to turn over your fuel supply.
In addition, the mods required to allow you to run the generator and export power means that when you do run your own tests, you can properly load up the generator by tweaking it to try and produce a slightly higher voltage/frequency than the grid - and thus load up the generator to full power. Without this parallel operation, it's difficult to properly test the genny, and manglement are generally reluctant to spend the extra money over a simple "switch over with break in supply" arrangement.
successfully sued the US government over access to customer data in Europe
One of those "technically correct" but entirely misleading claims. They didn't really win, it was just that the US government changed the law and made the case moot - at which point TPTB withdrew the case.
So win in this case was more a case of "TPTB said "give us this information", MS said "no, we can't without breaking the law", TPTB changed the law, MS said "OK then "here's the information you asked for". Or if you (as the adverts put it) "shorten the sequence", you get "win" = "TPTB ask for some information, MS give it to then.
But good to see that someone has now come out and declared MS's products as "illegal" under EU law. Now we just need to sit down with the popcorn and watch the court cases progress. I suspect this will be a bit like the Safe Harbour situation - it will drag on for ages, and then there'll be some sort of fudge (like Privacy ShieldFigleaf) that starts the process over from the beginning.
I've given you an upvote, but there are serious possible repercussions beyond the Google/Facebook problem. There is a LOT of international data traffic that underpins international trade. Yes, everyone would adapt, just like they've had to adapt when the original Data Protection regs came in and then GDPR.
Iin the meantime, blow Privacy ShieldFigleaf and Standard Contracts out of the water and it'll cause one heck of a lot of disruption while people adjust to it all.
But IMO both need to be blown out of the water because, AIUI, USA law is fundamentally incompatible with EU law on this - and the USA seems to think that it's the EU in the wrong.
I have relatives who hail from somewhere up that way, and it's a source of amusement to bring out the photo of a sign on a children's' playground stating that it can't be used on a Sunday. The hard core would rather see industry close than allow (temporary) Sunday working in order to get/retain a big engineering fabrication contract.
And then they wonder why the younger people leave the island as soon as they can.
BT did trials many years ago where they de-coppered entire villages.
Basically, the setup is to use fibre to the premises which needs an on-site NTU to convert from the fibre to something the average user can deal with (ethernet for the network connection). It's trivially easy* for the NTU to include a Voice-over-something adapter to simulate a real phone line so the customer sees "just a plain phone line" while in reality it's all bits down the fibre. Since it's a closed system, it's easy for the provider (BT OR) to run VLANs (or something similar) so that the voice channel gets a guaranteed bandwidth etc, and also since they provide both ends, they can avoid the problems some users experience with VoIP. The NTU for a pure fibre connection is mains powered anyway, so no problem** with the battery feed to the simulated POTS socket(s).
Remember that all our voice traffic is now digital anyway - once our line gets to the exchange, everything is digitised; and if you use ISDN then it's digital from your premises, but over copper for ISDN-2. Putting a something-to-POTS adapter in the FTTP NTU is just moving that digitisation point a lot closer to the user.
IIRC, BT said at the time that running such a network was/would be cheaper as faults would be less and easier to diagnose.
* For some level of "trivial". In the grand scheme of things, it's quite a minor problem to solve.
** Well there is the issue of when the mains goes off - for which they fitted small batteries in the NTUs used in the trials.
The "reality" though is that the "only had to deal with one company" benefit only accrued if you used BT for everything. That meant BT could give itself massive advantages over competitors - having been (as part of the job) involved in telecoms and networking for the best part of 3 decades, it had been clear that many decisions have been made on teh basis of a) not compromising their own cash cows, and b) giving themselves a head start over the competition.
When ISDN-2 started getting rolled out, some of the product features were nobbled compared to ISDN-2 services in other countries. Clearly designed to avoid people switching from expensive leased lines to dial-on-demand ISDN. Around this time, I worked where we had several sites connected by (expensive) leased lines and would have loved to use the slow speed packet service offered in (eg) Germany with dial-up configured for the higher speed bursts. When most of the time your traffic is a handful of people pecking away on a keyboard, packet over the D channel would have been quite enough.
Similarly, when ADSL came along, it was quite clear that some of the decisions were made to benefit BT - and again, not nobble their cash cow leased line business.
And thanks to those who further up the comments mentioned NZ. There's a worked example of what can happen when you stop an incumbent being able to dictate policies designed to protect it's business rather than offer better services to both end users and the service providers who service them.
But having said all that, lets not try and pretend that a mass rollout of fibre isn't going to cost a lot of money. It is, and that's going to have to be paid for somehow.
Too true. With a previous work hat on, we saw some of the effects of that (almost) first hand.
We had quite a few very rural customers, and some of them were connected by various local providers/schemes. After the VOA fired both barrels into the business landscape, we had a number of customers shafted by providers shutting down what was now untenable (loss making) infrastructure and forcing them to change to some other option - in one case, almost nothing else to move to !
At one point, we had a customer who could only get connected by having a 3G router stuck at the top of a rather tall pole. Use satellite you say ? Well that's just fine till the provider goes titsup and the first thing the customers know is when there's no internet one morning. It's a while ago now, but IIRC we had this one customer who was originally connected by a small local outfit using about 5 radio hops to reach them. That small company pulled the plug (with notice) after the VOA blunderbus'd the business - and out customer went to satellite. And not too long after, that provider went titsup.
Ah, remember that back of the car conversation on that documentary a few years ago ? Jim Hacker to Sir Humphrey: How come there's a motorway to Oxford but not to Cambridge ? Humphrey in reply: It's been a long time since we had a transport minister who went to Cambridge !
... reformat the drives to another file-system ...
For you, me, and others of the technical calibre communing here, fine. For the other 99% of users, that would just result in a lot of support calls when the user can't read the card they inserted, or can't read it when they take it to another device. Asking users to install foreign file-system support on their PCs isn't going to work either.
There's a reason Micro$oft have held out for so long and refuse to support any other filesystem. Their business model is still built on restricting choice and enforcing lock-in. That model is starting to show cracks (like them having to give in and support Linux in Azure), but natively supporting other than their own FSs in Windows isn't something they've apparently seen too much pressure over. It's a self fulfilling loop - device vendors need to support VFAT for compatibility, that need isn't going to change while everyone supports VFAT - and M$ can sit back and watch the patent fees for implementing VFAT roll in.
Probably the tiny matter of ... if you take the contract from them, who are you going to give it to ?
Hint: The list of contractors big enough to be able to take on such a contract is quite small (they don't refer to them as "the big four" for nothing) and contains the names of other serial offenders.
What - Reg Hacks not including obligatory reference to Micro$oft's prior for this offence ? Just ask a Zune user how good it is. "Note Content that was purchased with DRM may not play if the license can’t be renewed."
At a previous job, "some decades ago" (so back in the days when these devices constituted the contents of a significant chunk of rack space) a colleague told me how someone he knew had been employed by DEC testing processors prior to assembly into systems (or something like that). So he had this 'kin big PSU at one end of the bench and some very thick cables to daisy chain along the power terminals of the systems under test.
Then one day he (literally) got his wires crossed - when he flicked the switch, he let the magic smoke escape from a whole bench-full of processors. Apparently the insurance paid out - but with a condition that said person was re-allocated to a" less expensive if he gets it wrong" role.
But more directly related to the "switched the wrong thing off" part. At my last place one of the hell desk guys was talking a customer through power cycling a server. Consulting the notes/diagrams, the hell desk told the customer it was the bottom server in the rack - press and hold the power button. Of course it was the customer's fault for not recognising the difference between the bottom server in the rack - and the UPS below it that ran everything !
Since that'd be a government web site (the only one you'd have to use to do tax returns...) then that probably doesn't matter, as they have everything they'd need from their local intelligence agency (NSA, GCHQ, whoever it is).
Ha, telling the taxman "no I don't need to do a tax return, <insert relevant spook id> can give you all the information you need" is going to result in what ? In the UK, automatic penalties which ramp up in severity and generally a whole lot of pain. It'll also give them an excuse to "open an enquiry" into your affairs, and once they've done that then they can take a fine tooth comb through your finances for quite a few previous years - and if they accuse you of deliberately misrepresenting what tax you need to pay, then that fine tooth comb can, (AIUI) go back decades.
You can, for most individuals at the moment, still file on paper - but that needs you to do it a lot earlier, and they are slowly closing the bounds of who can still use paper, with them wanting to get to a state where anyone involved in a business at all has to file online and quarterly !
in which case you'd be using your employers computer with your employers standard image on it, right?
Wrong. Looking back, going back to pre-internet (at least, outside of academia) days, I've rarely been using an employers computer. And for quite a while and at least the last two jobs, I've been using my own laptop - maybe a bit of "more fool me for using my own when employer should provide it", but at least I get to use MY choice of computer rather than suffering another breakdown being forced to use something that just drives me nuts.
At my last job, I once had a colleague look up and say something like "you're doing your timesheet aren't you ?" He based his correct guess on the basis of the "colourful language" coming from my direction - the web application was an abomination written in house, and which forced me to fire up a VM as it only worked with Windows and Exploder 6. I did once suggest to the head dev that such constraints were perhaps a bit restrictive - his response was that all the customers used Windows and Exploder, so there was no need to support anything else. It was "interesting" watching from the sidelines as customers started complaining ;-) As an aside to that, another dev, just before he left for somewhere better, fixed the problem that made it Exploder 6 only - it was just a case of adding or removing a ";" A nice leaving present from him to the rest of us !
There are ways and means, it just depends on how far you are willing to go before you personally evaluate the trade-offs and effort involved whether it is worth it or not.
And in the most part, those options you suggest are getting way beyond what most of us (and certainly the majority of users) are prepared to do.
So yes, I stand by my suggestion that "if you don't like, just don't use that site" just isn't practical for all sites. Where the bar sits does depend very much on your level of paranoia and your technical abilities - but it's still there for most users.
I simply never use that site again
Which is all very well if use of that site is optional. There are many of us who for various reasons (legal and contractual) are required to use certain sites. That might be for doing tax returns, or your employer might insist you use a certain third party site for your timesheets, or it may be the only site with information on some topic you are desperately trying to get information on, or ...
the market wanted bezelless phones
Male bovine excrement !
At least some of us absolutely hate the idea. I have a phone (from another well know manufacturer) where the active screen goes more or less to the sides of the device - and it's a right PITA. I've added a case/protector only partly to give it a bit more resilience when I drop it - but as much as anything to add a mm or two to the outline to make the flippin thing usable. I was getting "really annoyed" that it was almost impossible to hold normally without my big fat fingers wrapping round the sides enough to trigger the touch sensor - causing random stuff associated with such touches, and generally being a real PITA.
So no, I don't want a phone where the display and touch sensor goes right to the edge of the device - I want a few mm border so I can actually hold the damn thing without having phantom touches screw things up.
There's something comforting about the simplicity of mechanical systems
Like mechanical systems can't have faults in them. It can happen to anyone ... oh, that one was Boing as well you say ?
do the airlines have any grounds to sue Boeing for costs?
AIUI, yes - and also AIUI, that's already happening.
Basic contract law really. Airline buys an aircraft to perform specific duties - based on what the manufacturer says it can do (and being certified for commercial passenger carrying would be a very key point of the specifications). Aircraft doesn't work properly and is grounded - so the airlines have a case against Boing for selling them a product that doesn't meet the agreed specification.
But having said that, there's no way they'll recover all their losses. There'll be long lasting intangibles such as loss of customer (ie passenger) confidence which could hit the bottom line for years, and the other effect of having moved people to other modes of transport from which they might not return when airline capacity is back to normal.
I always read the price per unit in supermarkets
That's OK when they don't deliberately obfuscate that. Tricks like one pack size being xxp/100g and another size being yyp/each - particularly annoying when it's something (such as the dental sticks I buy for the pooch) you only deal with as eachs, and I don't even recall seeing a weight on the pack !
If the domain is "crackpots" then the .co.uk is registered through 123 - and is showing as expired last month. The .uk is also shown as registered through 123 - and was registered in 2017.
So either you registered it, or 123 registered it on your behalf and either didn't tell you, or you thought the email was spam and deleted it ;-)
I've done it myself in the past - registering a .uk with a different registrar while leaving the .co.uk with the original (bundled with my ISP internet service). Though the Nominet portal has changed since then.
If you log into your Nominet portal, select the domain, click on Edit under the contact details - there are two tick boxes to show your name and address in Whois. I think ticking these two boxes might be what you want - then turn them off afterwards, IIRC it only took a few minutes when I did it.
Actually, you can use different registrars. What you have to do (or did, dunno if the GDPR changes affect things) is make your personal details publicly visible (via Nominet's portal, for the (eg) .co.uk domain) so that the registrar you want to use can verify that the contact details you are entering match those of the corresponding .co.uk. Once that step is passed, you can turn the privacy back on.
Only a little sarcastic, with a large dose of realism and experience !
I have a different approach to interoperability between Google, Amazon, and Apple IoTat - I don't interoperate with any of them. A relative does have an Alexa, and yes it does seem to have some convenience features, but no way am I letting any of that sort of intrusive crap into my home or onto my network.
A charging lead acid is giving off flammable hydrogen or - at best - absorbing that flammable hydrogen in a gel designed to capture enough to last the stated life of the battery (no longer).
This is not how VRLA batteries work. They do gas much like a wet battery - but as long as the charger is correctly designed, the gas generation rate is within what the cells are designed to cope with.
The gel (if in fact it is a gel) is simply a mechanically stable version of a tub of liquid sulphuric acid swilling around - the gel just doesn't swill around. However, AIUI most such batteries these days are AGM - Absorbed Glass Mat. In these, the plates are thin sheets of lead (and lots of them) mechanically separated by very thin sheets of glass mat (like the stuff used for making things out of fibreglass and resin). A very small amount of liquid electrolyte is held in these glass mats - just like how your dishcloth will still be damp no matter how hard you try and wring it out. But note that there is a very small quantity of liquid there.
So between them, these methods remove the problem of having a highly corrosive liquid in large quantities. However, they introduce other problems.
The main one is that the volume of liquid is so much lower. If you cause gassing, then losing even a small quantity of gasses is harmful because they represent part of the limited store of water. This is controlled by two mechanisms.
Firstly, the charging regime must be much more tightly controlled. You can't just slap a big unregulated charger on and wait till it's bubbling nicely to tell you it's full - like many of us were used to doing with our car batteries before we had nice big alternators that could recharge the battery without a long trip every week or two.
Secondly, the chemistry inside the battery is different. The lead plates contain other elements chosen to promote re-combination of the hydrogen and oxygen. As long as the gassing rate isn't two high, this chemical process will re-combine the gasses back into water before they have to be vented from the cell. This is a catalytic process - the materials involved are not consumed, and there is no "only works for so long" aspect to it.
So, provided you operate the ("sealed") battery within the design limits, it won't gas because the hydrogen and oxygen are recombined catalytically inside - and this does not "use up" any gel.
Try to copy each folder, and the OS dies in millions of file lookup table edits and writes.
The issue here is that AT ALL TIMES the system needs to ensure that the filesystem is in some semblance of a consistent state. So for each file, it needs to :
• find some empty space and allocate it - and make sure that anyting else looking for space now knows that it's not free
• copy the data into that free space
• add all the information that the filesystem needs in order to know where the file it etc
• add in all the other stuff about the file - attributes, directory entry, and so on.
Yes, in theory you could write code that would recognise that you are copying a million tiny files - and do each step a million times before moving onto the next step - but that would be relatively complicated code compared to doing "for each of a million files, do this standard process".
So yes, if you copy your ZIP file, there's one space allocation, one data copy, one metadata creation and update. But when you copy the files individually, each of those steps will be performed for each file.
If you take a step back, it would be "rather difficult" to reliably handle your "copy a million files more efficiently" process. The main issue is that the filesystem code (the bit that's doing all these complicated updates to the filesystem data structures) doesn't know what's being copied. Typically you'll invoke a user space program that does the "for each of a million files; copy it" part - and there are a number of different user space programs you might use. Underneath that, the filesystem code just gets a call via a standard API that (in effect) says "here's a chunk of data, please write it to a file to be called ..." - so all it can do is create each file when it's told to.
To do the more efficient "allocate space for a million files, copy the data into that space, create all the file metadata for those files" process could be done - but it would be harder to do and hence more error prone.
You could write your copy program so that it will :
• Call the appropriate API to create each file and specify how big it will be
• Copy the data into each file
• Set the metadata on each file
• Close all the files
Sonds simple - but you need to consider system constraints such as limits on open files. So next you end up having to split large lists of files into smaller groups, and so the task gets more and more corener cases to handle.
Caching complicates the process, as does journalling. Once you have caching, then you have the risk that data you have written into the filesystem doesn't get written to the disk (eg, on power failure) - and worse, that some of it might while other parts didn't, and potentially with the data handled out of order.
So for example, it would be possible for the directory entry to be created etc - but without all the data actually having been written into the file. So the user sees a file (after things have been cleaned up after the power failure) - but what's in it isn't what should be in it. This is just a simplistic example.
So journalling deals with this by writing a journal of what's being changed so that after the crash, the journal can be used to either complete a process or roll back those bits that did happen - so either the file was copied, or it wasn't, no "it's there but it's corrupt" options. Again, somewhat over simplistic but you should get the idea.
But journalling adds considerably to the disk I/O needed - there's no free lunch, what you gain in filesystem resilience you lose in performance. Different types of filesystem have different tradeoffs in things like this.
"me too" !
Family are all addicted to Faecesborg & Whatsapp. I've tried the simple step of asking them to use Signal - but no, don't want to be installing anything else. It's annoying not just because of the obvious data slurping stuff, but also because pretty well all the information, photo, and video sharing is being done via them and so I'm missing out on a lot of the grandchildrens' stuff.
But I feel doubly for the grandchildren. The parents are sharing all their details on their behalf - so by the time they have any say in things, it'll be far too late. They say privacy is like virginity - you can never get it back - but these youngsters stopped being privacy virgins within minutes or hours of birth.
And yes, there's an Alexa in their house.
What I don't see is how HP can claim it wasn't worth $11bn. Something is worth what someone else will pay for it - HP were prepared to pay $11bn for it, therefore it was worth (in HPs eyes) $11bn.
If HP chose not to look inside the bag before parting with cash, well more fool them. It does sound a bit like the Autonomy folks just held up the bag and let HP assume it was a pig inside, and KPMG didn't get as far as checking the contents before HP handed over the cash.
For example if MS would conform to ISO standards
Didn't you get the memo - they do conform to an ISO standard. That was so important to them that they bought their very own - a badly written one, one that writes into a standard errors in their software, one that reinvents (eg) country codes when there are existing standard codes, and which is not implementable or testable since it contains things like "[proprietary and undocumented] blob".
So when you say you want "open standard compliance" they can tick the box and tell you "yep, we've got our very own" !
As an aside, I recall reading a little while after that debacle*, that some standards groups were crippled and unable to do any work. Committees that had been stuffed with MS shills suddenly found lots of new members who were no longer interested - and so they found themselves without a quorum to operate.
* I noted that the BSI did a review of the proposed standard and basically slated it from cover to cover.- but then after an influx of new members to the committee voted for it !
...but GPL v3 acts as a sort of ebola for companies where they cannot combine Open Source code with their own as that now has to be opened too
Have an upvote from me as pretty well everything you said is correct - however, this bit isn't right.
Simplifying a bit ... AIUI, GPL v3 doesn't actually change this from v2. Earlier versions were much the same - if you incorporate GPL code into your product then you may have to also release your own code under GPL.
Also AIUI, if you dynamically link your code with GPL libraries then you do not have to open your own code. But if you incorporate GPL code into one binary with your own code then you do have to open it.
What GPLv3 does bring to the party is a new clause that invalidates your licence to use the code should you ever try to assert patent rights against the project. It is almost certainly the main motivation for avoiding it.
And the "Tivo clause" which was definitely overdue - but disliked by companies who want to control what you use a device for after you've bought it.
Any idea if the US threats to Microsoft over the judicial request for data held by MS Ireland (a seperate company from MS) on servers located in Ireland, a sovereign state, not part of the USA) ever came to anything?
Yes, Microsoft fought it, the US government changed the law to make it explicitly legal, Microsoft basically said "OK then, here's the data".
https://www.theregister.co.uk/2018/04/04/microsoft_agrees_doj_cloud_act_renders_email_battle_moot/
https://www.theregister.co.uk/2018/04/17/supreme_court_punts_email_seizure_decision_into_the_long_grass/
As the latter article shows though, things are still "up in the air".
What's also still very clear is that all the puff from Micro$oft about being able to host your data in EU datacentres where it's safe and legal (eg for GDPR purposes) is just a PR smokescreen and IMO (and that of many others) it is not legal at all to host any personal data on any EU citizen or any person in the EU (and that includes email BTW) with any MS service. It's only a mater of time before Privacy ShieldFigleaf gets blown out of the water as Safe Harbour was - and then all those "guarantees" will be legally invalid (again). Other services may also be similarly affected even though, like Micro$oft, they (in theory at least) have legal separation that should avoid the issue).
Given that US law is fundamentally incompatible with things like GDPR, Privacy Figleaf is just a political way of kicking the problem down the road and allow "business as normal" to carry on in the meantime. Unless the US fundamentally changes it's laws, then no amount of legal trickery will avoid an eventual split between "doing business in Europe" and "Doing business in the USA". As the US seems to be heading in the opposite direction, I see "interesting times" ahead - hence the icon as that's what's likely to happen to transatlantic data handling eventually.
It's OT for this thread, but I once tried to follow the complex web of redirects and authentication proxies used when accessing (eg) Office 355* mail. The redirects ping the client all over the globe, using domains under control of the US parent, and authentication servers under control of the US parent. Even if you opt to keep your mail "securely" under Micro$oft Europe's control and stored in an EU datacentre - your login authentication can be routed through anywhere and thus the Micro$oft in the U$ can "play tricks" with your logins to access the data.
* No, that's not a typo, just a reflection of how reliable their email was in the last year or two !
They could have researched this before issueing the ban
It's not clear that they could. AIUI, the Big Orange One decreed without warning that "though shalt not deal with X" and that leaves everyone in a tricky situation. If they don't comply, then (as said in the letter) they open themselves up to massive legal liabilities - few can afford to win, let alone lose, in the courts. If they do comply, then they open themselves up to an unjustified (as someone described it) Media Circus.
not just a small number of obscure ISPs and an even smaller number of websites that can be bothered
The 90s called and want their meme back !
In the UK, most (all ?) of the largest ISPs do IP6 by default - BT Internet, Sky, and IRC TalkTalk who between them have the bulk of users. So you can untick "obscure ISPs".
And I think you'll find that Gobble and FaecesBorg aren't exactly obscure websites either.
Google reports https://www.google.com/intl/en/ipv6/statistics.html that currently about 1/4 of all it's traffic is native IPv6 - so clearly more than a handful of obscure ISPs with few users. If you look at their per-country stats, the UK is at about that level (24%), while Germany hits 44% and Belgium hits 54%.
Facebook reports https://www.facebook.com/ipv6/?tab=ipv6_country higher figures, and interestingly a different pattern - and the USA showing 58% IPv6 adoption.
It's almost as though National Grid's Short Term Operating Reserve never happened ...
Exactly.
Mind you, those all operate on the timescales of minutes. Near me, they recently finished a "grid scale" battery tank that could (in theory) supply 43MW for 30 minutes - or a little over 20MWHr. Can't find figures for it's cost as all the ones I can find lump it in with other stuff for a total price tag of (form memory) £1.5 billion. I vaguely recall from a talk I went to that it was in the £hundreds of millions range - making it 10, 20, or more £/WHr of storage. For truly grid level storage to avoid firing up peak lopping sets, you will need more than a few tens of MW capacity.
But what it is designed to be used for is second by second balancing (frequency control) - gust of wind increases output at a large windfarm for a few seconds, suck some power into the batteries; cloud passes over a large solar farm, let a bit out of the batteries.
But it's eye wateringly expensive to do grid scale battery storage.
As you say, the likes of Dinowig are good for the 10s+ range, diesel etc are good for the "couple of minutes"+ range. It would be interesting to see how they plan to do the communications needed for lots and lots of "small" UPS systems doing peak lopping at the single-second scale of control.
It may well be a monopoly, that still doesn't mean people don't have a choice
No longer true.
Apart from the tracking and profiling even if you've never ever given them any consent, there are practical issues these days.
Too many businesses and other sources of information are now "FaecesBorg Only". Want (or need) that information - either go to FaecesBorg or don't have it. Not really "have choice" is it ?
If you follow the Light Blue Touchpaper security blog, a while ago they did one where they'd looked into why so many people use FB. A common thread among students was : nearly all parties are only organised/publicised on FB, if you aren't on FB you don't get to go to parties; if you don't get to go to parties then you don't get much sex ! Maybe "students not getting sex" isn't the best argument - but it illustrates the problem, if all your friends are on FB and you aren't, then you miss out.
I've been trying to persuade family to use Signal instead of WhatsApp - so far none of them have agreed to, so I miss out when they insist on using WA to communicate.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
