* Posts by Adam 1

2350 posts • joined 7 May 2012

Don't panic about domain fronting, an SNI fix is getting hacked out

Adam 1
Silver badge

Re: How does Encrypted SNI protect against censorship from DNS Providers?

@doublelayer

> Why can't China do the encryption themselves and find out what the request for a site they don't like would look like?

The way asymmetric encryption usually works is that the client would generate a random encryption key to use with a symmetric encryption algorithm (like AES). Think of this like a randomly chosen password, only with massively better entropy. This key is then encrypted with the public key (eg RSA), so only the server with the private key can derive the randomly chosen key and can then derive the content. So each request to chinadoesnotlikeme.com will look different.

So points 1 and 2 aren't a problem on this account. The real problem is knowing who owns the private key that corresponds to the public key you have just used.

> Could China block all these encrypted requests such that only standard requests get through?

They almost certainly would.

> Does China have enough power to prevent the big cloud providers from using this?

Certainly within their borders.

1
0
Adam 1
Silver badge

Re: But how?

Problematic is one way to put it. Not actually solving the elephant is another.

Censorship bypass requires that the censoring authority cannot know the private key. And if they intercept 8.8.8.8 (for example) then the public key given to the client doesn't have to be the real server's one. The terrific firewall™ can simply MitM the client hello and decide whether to drop your packets; you just used their key.

The headline implies that this is a SNI fix, whereas this solution kicks off to the never never the actual magic needed to solve it.

0
0
Adam 1
Silver badge

But how?

There's a pretty big elephant that they've managed to move if they've got this far, but I'm not following how they've solved it.

Let's rewind, why SNI? Well in HTTPS, the server needs to provide it's certificate in the serverhello message. This certificate needs to match the hostname that the client requested or it can't be trusted.

In days of old, you would bind an IP address and port to a given site, and that was how you knew which certificate to return. Port for a website was in practice restricted to 443 because no one wants colons in their URL, so you basically needed a dedicated IP address per site. That's expensive, not to mention equally easy to block undesired hosts by their IP address alone (reverse DNS lookup).

Fast forward to SNI, and the clienthello message now indicates the hostname that the server will need. Now the server can send down the right certificate, so everyone is happy, save for the fact that the clienthello is letting world+dog know about the host, and here we arrive at the elephant.

In order to encrypt, we need to either:

(a) have pre shared a key; or

(b) use the server's public key so that only that server can determine what host we want

Clearly a is out. The whole point of the TLS handshake is to get such a session key so the much faster symmetric encryption can be used (AES). So now we are talking about (b). So what is the server's public key? How can you be sure that the key provided to you doesn't belong to Mallory?

There's a hole in my bucket ....

0
0

You wanna be an alpha... tester of The Register's redesign? Step this way

Adam 1
Silver badge

Re: I HATE IT!!!!!11!!!111!!

No, *I* promise not to abuse it.

3
0

Official probe into HPE’s Oz 3Par crashes would create 'further negative publicity' if revealed

Adam 1
Silver badge

Re: Don't you just love it when so-called democratic governments do a public cover-up ?

Fraud!? At the ATO? Shirley not. I mean maybe one or two bad apples at the lower rungs. No-one important though. Nothing like (former) Deputy Commissioner level, that's for sure.

1
0

US voting systems (in Oregon) potentially could be hacked (11 years ago) by anybody (in tech support)

Adam 1
Silver badge

not best practice

Shirley the remote assistance platform should have been upgraded to the latest offering from that other Russian vendor.

1
0

Tech support chap given no training or briefing before jobs, which is why he was arrested

Adam 1
Silver badge

> Don't you mean searching on Google and Stack Overflow?

I have an idea for a VS extension. You just type into a search box what you're trying to do, then it searches SO and copy pastes the accepted answer of the best matching question straight into the code.

I mean if we're going to have a process, shouldn't we automate it?

8
0

Huawei won a contract in Oz. Of course there's a whispering campaign

Adam 1
Silver badge

Re: Mixed Messages

And remind me who the feds sold Darwin's port to?

1
0

Forking hell. It's summer, and Windows 10 is already thinking about autumn

Adam 1
Silver badge

Re: 17713 is relatively light on features

> and they move the various system function controls around

This is the antithesis of productivity, or what you've called getting things done. I am embarrassed to admit how long it took me to get my Windows 10 laptop to connect to our work VPN. They tried to dumb it down to about 5 edits, drop-down menus and checkboxes, and in the process moved the settings that are needed behind 6 or 7 mouse clicks.

0
0
Adam 1
Silver badge

Re: Hmmmm

> Why do they spend so much time on Edge browser when absolutely no-one uses it?

Blatant lies. I certainly appreciate improved quality for those times when I need to download Firefox.

4
0
Adam 1
Silver badge

Re: "That was my point - the supposed stable build released"

> The problem is often features attract users more than stability

Concepts like stability* are by nature intangible. New OS supports latest VR toy? Great. New OS boots 8% faster? Awesome. New OS lasts 11% longer on batteries whilst playing 4K video stream? Nice. These are all tangible benefits where a user can decide whether they want faster boot times, longer battery life or the latest gizmos. But something that's now stable might be tangible to someone running Windows ME, anything from XP+ was never inherently unstable, at least until you started installing kernel mode webcam drivers. At scale, instability may be measurably better today, but to an individual user, they won't notice if the mean time to rebuild is a month longer than it was 3 years ago. Sad. But true.

*Substitute quality, privacy or security, it works equally well.

0
0

Google offers to leave robocallers hanging on the telephone

Adam 1
Silver badge

Re: "If the AI detects that a machine is calling you and you don't want to speak to the machine ..."

Ok, new idea.

First a countdown*.

5..4..3..2..1

Then a tone of about 15KHz* at maximum intensity gets blasted down the line

*Gotta have something to avoid false positives.

* We could go higher but we wouldn't want them to miss out if their hearing was down for some unknown reason.

2
0
Adam 1
Silver badge

Where's Tay when you need her?

3
0
Adam 1
Silver badge

Re: "If the AI detects that a machine is calling you and you don't want to speak to the machine ..."

I don't need an app to hang up for me. I need an app to chat with that nice but suspiciously strong accented fellow "John from Microsoft" about that pesky recurring virus that my computers always seem to get.

The evil side of me wants to compensate the said app more the longer they it can keep "John" engaged in conversation.

13
0

Cops suspect Detroit fuel station was hacked before 10 drivers made off with 2.3k 'free' litres

Adam 1
Silver badge

Re: Note to my fellow Yanks ...

All I can say is that if your in Australia and the Mrs tells you to grab a Durex, she's not going to be impressed if you return with a roll of sellotape.

7
0
Adam 1
Silver badge

Re: Smaller in the US.

Even at 2260 it doesn't sound right.

For 10 drivers, that's an average of 226L. My car has a 60L tank and it is, depending on how you define these terms, a giant SUV (right pondian) or a city car (left pondian). That is fairly typical size. The average is almost 4 tankfulls. Something isn't adding up.

13
0

GitHub given Windows 9x's awesome and so very modern look

Adam 1
Silver badge

Re: And this is bad?

Slowly? You must have missed how quickly they were able to ruin things in Windows 8

6
0
Adam 1
Silver badge

Re: Not authentic enough....

Ok. Just give us 49.7 days to come up with something.

18
0

What a flap: SIM swiped from slain stork's GPS tracker used to rack up $2,700 phone bill

Adam 1
Silver badge

Re: Renew Recycle Reuse

What? Postage from Sudan to Poland? I guess the only sensible question remaining is African or European?

8
0

The Notch contagion is spreading slower than phone experts thought

Adam 1
Silver badge

> What are you supposed to use? WiFi? Bluetooth? Some proprietary rubbish on top of WiFi?

The SD card slot obviously.

3
0

MongoDB turns on, tunes in, drops ACID and goes mobile

Adam 1
Silver badge

> I italicised conditioned because they're using it pejoratively; reflecting their skepticism of the need for transactional integrity, I can't help feeling a little skeptical of their conscientiousness in implementing it.

This.

And there was no need to either. Most of the players in RDBMS land weren't initially targeting enterprise. When did you hear any of them say that enterprises have been "conditioned" to think that they need clustering or hot backups or whatever. They simply did it then shouted about the great new feature in $(New version).

0
0
Adam 1
Silver badge

Re: They offer, not drop, ACID it seems

Of course there is an overhead to ACID compliance. It isn't as if $(EVERYONEELSE) has a bunch of Thread.Sleep() calls hanging about. Atomicity requires that my transaction should either run to completion or be completely undone. That requires keeping track of my uncommitted changes until one of those outcomes. Not free. Consistency requires that constraints are honoured. You cannot merely insert a record, you need to assert the existence of every foreign key target. You cannot merely delete a record without checking for child records that would be orphaned. Isolation is a big cost. You cannot have a free for all with different concurrent users updating the same records. Otherwise you cannot have atomicity. This means (usually) some form of record locking, so now you need to lock and unlock things as you write them. Those locks have to be immediately visible across other threads, so you have to wait for CPU pipelines to flush at all sorts of times. And durability means that the thing cannot run off and cry in a corner with missing committed data, even in the event of a total failure of everything other than the storage. So now you cannot be satisfied that the commit has completed until the disk cache has been flushed. And you need to remember to use the appropriate APIs so the OS doesn't lie to you and return early.

Engineering is about tradeoffs. ACID compliance is about guaranteeing data correctness even at the cost of performance in some situations. Mongo et al have their uses. If my document store can be regenerated in the event of a failure, I may decide to forgo the correctness promises of a real DBMS to get better performance. But I cannot trust someone with my data where their worldview is that most people don't need ACID compliance. There are very few problems where data loss is inconsequential, and a half arsed attempt at ACID compliance is the worst of both worlds. You can very easily picture someone with that attitude not waiting for disk flushes and ending in a lot of bother when the proverbial hits.

1
0

Meet TLBleed: A crypto-key-leaking CPU attack that Intel reckons we shouldn't worry about

Adam 1
Silver badge

Not sure who you mean will be sued (Microsoft or Intel).

I think Microsoft would be able to fall on the same arguments they used to patch against meltdown. Yes it slows your system down, but it was necessary as the only possible technical fix. You'll need to ask the processor manufacturer to implement a fix.

Intel will argue that it wasn't their choice to remove the capability. That the capability was still available today, and that if your operating system manufacturer has disabled it, then you should be sending your angry letters to them not us. But because we're such nice guys, you can have a bee's dick percentage off of our latest offering.

Lawyers at 12 paces later, they settle for a couple of tens of million quid for the lawyers and about a cup of coffee compensation to the mugs (ha) that signed up to the suit. Meanwhile, in the real world, people have said to themselves "that cheap i5 laptop I bought in 2015 is really struggling these days, probably time to buy a new one". Outside the tech scene, who wants to take a guess at who made the processor in the new one?

I'd be more interested in how say Apple deals with this. Being responsible for both the hardware choice and OS behaviour means they'd find it now tricky to palm off the blame like Microsoft can, and they also have to contend with the bad press from the whole iPhone old battery slowdown fiasco. Interesting times et al.

2
1

Trainee techie ran away and hid after screwing up a job, literally

Adam 1
Silver badge

he didn't screw up at all

It was clearly horizontal in direction or it couldn't have hit the door.

15
0

Now Microsoft ports Windows 10, Linux to homegrown CPU design

Adam 1
Silver badge

Re: Still at the FPGA stage after all these years?!?!?!?!???

Totally agree with these tin foil hat comments. I mean if Microsoft were to own a large number of data centres where very small percentage improvements in work per watt or operations per second without increasing power can multiply out to a major $$ windfall it would make sense. But clearly this is about killing openness.

3
3

Cryptography is the Bombe: Britain's Enigma-cracker on display in new home

Adam 1
Silver badge

Re: Needs an IoT interface

Pfft, I am just waiting to import bombe.js*

*Too scared to Google this because

1. The search as you type rubbish in all browsers will probably see some black helicopter circling as my door gets kicked in, and

2. I'm worried that this will actually exist.

1
0

Microsoft tries cutting the Ribbon in Office UI upgrade

Adam 1
Silver badge

Re: Come back Clippy

Ahem

13
2

Intel chip flaw: Math unit may spill crypto secrets from apps to malware

Adam 1
Silver badge

Re: Homomorphic encryption only option

Homomorphic encryption only* allowed for operations to be performed on encrypted data. You still must encrypt it at time of input and decrypt it when you want to use those results, so whilst the attack surface would be reduced**, it is not eliminated. Something, somewhere is going to need to do some math on the key, at which point, whatever facts that can be inferred from these registers come into play.

*this is still pretty mind blowing

** and no doubt increased in other areas

10
0

Tech rookie put decimal point in wrong place, cost insurer zillions

Adam 1
Silver badge

>> indexing by the numeric column ID is measurably faster

> If you only need a few columns but SELECT * then you're losing performance in the amount of surplus data you're cramming into the pipeline from the database.

Not to mention what happens under the hood if one of those columns in * is a blob of some form. The expression is "penny wise, pound foolish". Obviously a field index directly converts to a memory address offset so will be faster than an abstraction like a field name, but even that abstraction will likely use some sort of hash lookup internally or otherwise cache on first access, so you can bet your bottom dollar that the difference in almost any real world scenario is too small to reliably measure.

There are occasions to use column numbering, such as computing a row total at runtime for an arbitrary number of columns, but if you're in a position where you need to eek a bit more performance out of your system, there will almost certainly be lower hanging fruit to pick which carries much less risk and gives an order of magnitude benefit over this.

That doesn't even get into the find references to field X in table Y type problems which comes up in the real world quite a lot.

1
0
Adam 1
Silver badge

> "SELECT *" - Screams with pain.

It's one of those things that is nearly always a bad idea. There are some use cases for it where you cannot know the columns available until runtime, but for the most part, it is the result of some code snippet they found in SO.

But the same thing can also occur without selecting * if you think two BAL methods consuming the same DAL method, and one of those BAL methods now needs an additional fact. BAL method one is making an inappropriate assumption about a promise that the DAL never made, and the author of BAL method two failed to consider the effect of their change on others, but the real blame in my eyes is that the author of BAL method one didn't write a test case against the DAL method that would fail if the order was changed (in effect escalating those field orders to a promise). Had they done this, the second author would have had their commit rejected until they either stopped changing the sequence of these columns or adjusted the other methods accordingly.

Type safety can help, but only if the two types aren't otherwise assignable. But it isn't going to save you if you expect an int and the new column is also an int. Some modern languages are even using duck typing, so may not even "break" at runtime. Imagine accidentally selecting an int into a float field or something of that nature. You might get a number, just not the one you need to give the correct output.

2
0
Adam 1
Silver badge

> Presumably this wasn't an RDBMS

I can't see how you came to that assumption. SELECT * will include all columns that get added in the future. Many also have the misguided understanding that addressing a field by name is more expensive than by number. One of those premature optimisation consequences.

You can do this sort of nonsense with MS SQL, Oracle, postgres, mysql, and pretty much anything that would term itself as a rdbms and paired with any modern languages like c#, Java, .....

The thing that you can definitely conclude is that pretty much any test case coverage (even manual) would have prevented it from being released.

11
0

Oddly enough, when a Tesla accelerates at a barrier, someone dies: Autopilot report lands

Adam 1
Silver badge

Re: Not an "autopilot"

Let me follow your logic. The person of your concern has a medical condition that prevents them from driving. They have enough money to live on their own rather than share, but not enough money to move somewhere closer to their employment and their employment is such that they cannot easily find a job that is more conveniently located. And the way you suggest that they may make this work is to buy a US$75,000 car which has a feature that can drive by itself up until the moment it can't.

Yeah, no. Self driving cars will be an amazing source of freedom to many people with medical conditions, elderly, disabled, even people under the influence of alcohol or other drugs. This certainly should not be understated as a benefit, but the problem is where certain people who should know better imply the technology is more advanced than it is, then run for the hills when it isn't.

I want to see manufacturers put their money where their mouth is before they are allowed to imply the car has an autopilot or similar technology. If they paid you out a million dollars if your car was at fault in an accident whilst self driving, and 10 million if that accident resulted in a permanent injury for anyone involved, and 100 million to the family of anyone killed, you might find that companies such as this are a lot more restrained when making these claims.

What worries me here isn't the failure of some sensor, but that we see a company not acknowledging that the design of their system (even down to its name) incorrectly encourages people to trust it beyond its capabilities. That is a design flaw. It needs to be rectified. Maybe it needs to pull itself over and stop if the driver isn't paying attention. When a plane crashes, Boeing or Airbus don't sit back and say well pilot/ground crew screwed up here, case closed. No, they figure out why their safety processes and systems didn't fire or were ignored, and implement changes in both instructions, design and training programs to make it less likely. I'm seeing none of that here. It's entirely about saving their reputation. Until that culture changes, I don't want these things on my roads.

18
0

nbn™ CEO didn't mean to offend gamers, just brand them unwelcome bandwidth-hogs

Adam 1
Silver badge

Re: toing the party line

> *In their mind, only teenagers play Conley games.

That'd be computer games. Freaking autocarrot.

0
0
Adam 1
Silver badge

Re: toing the party line

> So if we had fibre all the way into the home, network concurrency and latency would not be a problem right?

Wireless will, by laws of physics, have concurrency limitations that a long shard of glass internally reflecting a laser beam will not suffer. The only way to avoid it is to build more masts, send up more birds, or free up new frequencies.

Tbh, the anti FTTN mob (where can I sign up) accept the inevitability of concurrency limitations on the wireless parts of the nbn. The congestion we complain about is on the nodes themselves, requiring the total scrapping of the Optus infrastructure that they paid a metric ton of cash for, as well as massive overbuild of the Telstra's cable to get somewhat acceptable speeds in 2018, but with no cheap future upgrade path.

Even mentioning gamers is frankly ridiculous. Games are very bandwidth efficient. They need good latency but the payload itself tends to be small. It's not like they're sending 4K streams to each other during gameplay. The big culprits are things like YouTube, Netflix, Spotify, torrents, etc. But I can well imagine the politics of "it's just a bunch of whining teenagers*" is an easier sell than "we choose technologies that cannot be cheaply scaled as data demands have gone up". I mean who could forsee that selling gigantic 4K internet connected televisions to everyone would result in everyone wanting to download online content.

*In their mind, only teenagers play Conley games.

2
0

Four hydrogen + eight caesium clocks = one almost-proven Einstein theory

Adam 1
Silver badge

Re: This is why science rocks

> I find tap water much better when diluted.

I find it best when diluted with sufficient quantities of real medicine.

1
0

Telegram users get their stickers back as Apple passes update

Adam 1
Silver badge

How's that non-crypto Blockchain going?

4
0

Smart bulbs turn dumb: Lights out for Philips as Hue API goes dark

Adam 1
Silver badge

Wait! If you're telling me that they have a laser pointer attachment, I'll become an IoT evangelist.

4
0

HostingUK drops offline after losing Farmer vs Fibre competition

Adam 1
Silver badge

Re: Single Points of Failure

Have you been living under a rock? It is 2018. You can't even convince some people not to consider their data to be stored until it has been written to some spinning rust or SSD. Because webscale.

0
0

Mirror mirror on sea wall, spot those airships, make Kaiser bawl

Adam 1
Silver badge

Re: Precision

I have a bigger problem than the rounding. Metres? Feet? I mean, what is wrong with saying about 41 linguini?

3
0
Adam 1
Silver badge

I hear what you did there

4
0

Telegram crypto-chat chap says Apple has 'restricted' its app updates worldwide

Adam 1
Silver badge

Re: Apple have never really played ball...

> If sending a flag to the exchange server is enough to get you e-mails that you shouldn't get, then the security on the exchange server is absolutely broken

Not at all. Exchange is implementing security via the RFC3514 flag.

0
0

Capture your late-night handbrake turns with this 'autonomous' car-chasing camera drone

Adam 1
Silver badge

Re: Stalker's wet dream

> Alexa? Tell drone to follow <insert name of famous person>'s car

Alright, which one of you smarty pants was discussing flooring options with your better half?

1
0

A Reg-reading techie, a high street bank, some iffy production code – and a financial crash

Adam 1
Silver badge

Re: Or...

> Will someone please tell me why I am wrong to say that no-one using a modern language (of a higher level than Assembler or C) needs to explicitly code a loop to sum [attributes of] the elements in an array?

Not a downvoter but ...

I have seen LINQ used in some pretty bad ways. Here are a couple.

Developer not realising that their method was O(n^2). They simply forgot that behind those magic select or first or find methods is a loop.

Another developer didn't realise that a .Any(a => a == 5) on a Hashset may yield the same result as .Contains(5), but the former is O(n) and the latter O(1).

In other cases, a loop which iterates some collection and conditionally yields another object with properties based on the initial collection item can end up with such a convoluted expression that the minute it would have taken any half competent developer to follow the intent now takes 10 minutes to unpack, and even then you're wondering if you missed something subtle.

Another issue is with debugging it can be hard to set breakpoints when your line may represent hundreds of function calls.

Note I never said you should never use them. Just remember that most of the time it doesn't matter if your class is 5 lines longer or 150ns slower, but it does matter if your code becomes difficult to read. Use them, but with appropriate discretion.

4
0
Adam 1
Silver badge

Re: Testing

Always wondered what that last outsourced mob got up to after we, er, parted ways.

2
0

Internet engineers tear into United Nations' plan to move us all to IPv6

Adam 1
Silver badge

Re: Mapping plan

> I hope that IPv7 or IPv8 routers

At the risk of having a Bill Gates moment, what on earth do you think we'll be doing in the future to need such an immense address space.

Perspective time. The surface area of earth is roughly 5.1 x 10^8 km2

IPv6 gives 2^128 addresses (ignoring reserved ranges for the minute). That's a big number*.

That results in 667,220,330,000,000,000,000,000 ipv6 addresses per square metre on this planet. How much IoT tat do you need?

*Citation needed

16
3

US judge won't budge over Facebook's last-minute bid to 'derail' facial biometrics trial

Adam 1
Silver badge

interesting angle

What counts as biometrics in this case? Is a photo or collection of photos of a known person considered to be holding biometric data? If so, then this net captures a lot of other businesses and indeed people.

Or does there have to be a conversion on those images to a series of measurements of ratios and angles between features before it is considered a biometric template. If so, does this mean that there are certain algorithms that are not permissible to run on a photo. Would smile and blink detection algorithms fall foul of such definitions.

Don't get me wrong, I'm hardly the person who would stick up for a massive advertising, tracking, manipulative company, but I have much bigger concerns about how they use such data to link people with other people in shadow profiles.

4
0

Russia to Apple: Kill Telegram crypto-chat – or the App Store gets it

Adam 1
Silver badge

Re: Meanwhile, over in the UK ...

Wow that's a bad way to do things. Down here, the powers that be are planning on simply usurping the commendable laws of mathematics with our local laws.

18
0

Waiting for 100 Mbps NBN on wireless? Errr, umm, sorry about that

Adam 1
Silver badge

Re: They got 100Mbps wireless in Iceland (country)

Re size of Australia, if the bottom of Tasmania is in Egypt, Perth is somewhere in Spain, Darwin somewhere up in Sweden, and Brisbane in Turkey. It has a cattle farm that is bigger than Israel (see Anna Creek).

All with the population of California.

But we don't each get our own mountain range. Rather, that population is largely collected in a few cities in the south and east with almost nothing in the middle (except big spiders and drop bears obviously). Serving remote communities with infrastructure of any sort is not without challenges, but nbns problem has always been political. The current mob needed a 'the previous mob are clueless wasters of money angle', a classic case study of not invented here syndrome. History won't look kindly on what the current mob have done to the project.

0
0

Epyc fail? We can defeat AMD's virtual machine encryption, say boffins

Adam 1
Silver badge

Re: National Security Boundaries

Really!? I must have missed Google ceding to New Zealand law and suppressing that name.

What does Apple maps call the spratly islands? How is China with that call? What about the Philippines or Vietnam?

How very quaint of you to think that these companies structure their legal entities and technical responsibilities such that those outposts have no capability to comply with demands made by those companies.

Let's not even get into whether China accepts your right to publish certain political commentary, or whether YouTube should depict women driving cars as prohibited in some backwaters from which a lot of your oil comes from.

If AWS has a bunch of bit barns across western Europe that become illegal to use for servicing European citizens due to GDPR or something, they will have no choice but to sell the bricks and mortar to some European company who isn't subject to American law. This was my very first point.

0
0

Remember that $5,000 you spent on Tesla's Autopilot and then sued when it didn't deliver? We have good news...

Adam 1
Silver badge

Re: If you are contracted….

For any Aussies caught up with similar misrepresentations, you can thank your lucky stars that the Australian Consumer Guarantees explicitly cover motor vehicles unless bought at auction or from a private seller.

See here.

Specifically some pertinent quotes

"Products must also:

* match descriptions made by the salesperson, on packaging and labels, and in promotions or advertising

.....

* be fit for the purpose the business told you it would be fit for and for any purpose that you made known to the business before purchasing

....

* meet any extra promises made about performance, condition and quality, such as life time guarantees and money back offers"

That said, if I'm spending 6 figures on a car, I'm spending a few hundred in getting a lawyer to draft something which they'll find a little trickier to ignore.

2
0

Forums

Biting the hand that feeds IT © 1998–2018