* Posts by Lee D

2838 posts • joined 14 Feb 2013

National Museum of Computing to hold live Enigma code-breaking demo with a Bombe

Lee D
Silver badge

Re: Message Reads -

What phrase is in every message? Heil-bloody-Hitler!

(P.S. Great movie and I don't care whether it's inaccurate).

0
0

That syncing feeling when you realise you may be telling Google more than you thought

Lee D
Silver badge

Good, maybe it'll stop my boss moaning that he "never has his favourites" when he wanders onto some arbitrary computer.

No, apparently, remembering to sign-in to the browser is too difficult.

6
0

iFixit engineers have an L of a time pulling apart Apple's iPhone XS

Lee D
Silver badge

They changed their network twice (so three networks in total).

It still cut out every single time they ever called. They changed their handset with every upgrade possible. They lived in London, same as me, in fact they were closer.

Whenever I heard "Hello, hello? Are you still there?" I would just ask "How is XXXX?".

Sure, it's one datapoint, not something to hinge a national telecommunications strategy on, but it *literally* happened to the point that all parties concerned saw the same pattern and joked about it - to this day.

2
0
Lee D
Silver badge

It is a running joke that the only person I knew who had to have "the latest iPhone" ALWAYS - and I mean, statistically ALWAYS - cut out about 20 seconds into the conversation and had to call back.

Once or twice, or if we were always taking their calls at home, I could understand that possibly there could be other factors. Literally the only difference was the iPhone.

Maybe they had Wifi-calling or something, maybe, I don't know, I refuse to help people with Apple devices (isn't that what you pay the premium for - to get "better support" and "more intuitive" devices?). But it became a running joke and I used to countdown when they were phoning us.

2
0

Fallover Friday: NatWest, RBS and Ulster Bank go TITSUP*

Lee D
Silver badge

Re: Back now

And back-out plans means the worse that happens is the upgrade doesn't go through tonight, try again tomorrow.

In case you didn't notice - ABSENCE of a rapid, pre-approved back-out plan... got them into the papers.

I'll be much more worried about a place that requires approval of a back-out plan (rather than taking care to only approve plans with a safe back-out) - when the change is slowly churning through the entire database causing widespread corruption and affecting more and more and more records, and you have to wait for "approval" from someone to back that out.

Hey... maybe that explains TSB, eh?

2
0
Lee D
Silver badge

Re: Back now

So you make a firewall change.

The alarms and monitors all go off that your outside connectivity is now non-functional since the change.

You wait 30-seconds to see if it's just the config taking effect.

The alarms are still going off.

You go to your change management log, see that the change in question is the cause of the problems in question (and it's not just a lucky time correlation), and back out the change made.

That should *not* take five hours. On a multi-million pound banking system. With a competent team and proper processes. Where it's literally *costing you money* each seconds it's done.

28
3

Curiosity's computer silent on science, baffling boffins

Lee D
Silver badge

"I'm holding your data to ransom until you pay me a fair wage, you horrible people."

6
0

30-up: You know what? Those really weren't the days

Lee D
Silver badge

Re: Umm ...

Did you have room for the talk-home DRM, the background service running all the time, the media indexing-against-online blacklists, the constant file-search process running, etc. in those 4096 bytes?

5
0
Lee D
Silver badge

I would be quite happy if some physical limit had prevented processors ever going past, say, 100MHz. Like, literally, it's just not possible to operate at a speed faster than that.

And some physical limit on "memory you can fit inside a handheld/computer size device".

Then maybe we'd actually see some decent attention to the user and their needs and the hardware capabilities than just "recompile Android, sling it on".

12
0

Deliveroo to bike food to hungry fanbois queuing to buy iPhones

Lee D
Silver badge

Yes, I think "I took a day off work to buy a status symbol" pretty much ranks just as high in the list of problems I have with it too. :-)

14
0
Lee D
Silver badge

I find it more worrying that people spending such money generally aren't at work from 9-5 in order to queue all day for, and collect, said phone.

What we have is either a nation of already-retired millionaires splashing their money on tat and pizza and enjoying sitting in a London street in a queue, or a nation of people who really have nothing else better to do spending money they don't actually have or should be spending on other things.

I'm not entirely sure which one I find more disturbing.

The obvious problems (YOU HAVE NO IDEA WHAT YOU'RE ACTUALLY BUYING and whether it's even any good) pale in comparison to "how/why have you afforded to have a day off work to queue in the British wind and rain to buy a phone that I would have to seriously check my bank balance before I even thought about purchasing it?"

That said, this year alone, Apple's support has cost them hundreds of iPads and dozens of Macs from my workplace, because we're ditching them all purely because of their ridiculous and totally uninterested, and not even compliant with Companies Act support and communication (i.e. I was refused the address of the company's head office and they do not have any kind of proper complaint process. As the Head of Written Complaints, Apple, Ireland - that's all I could get out of him on the phone - REFUSED to confirm to me in writing the most basic of information, or even acknowledge that they'd received my complaint. They literally took zero action except to phone and tell me they wouldn't even reply to the recorded-delivery letter demanded mandatory details of their company).

Why anyone would ever do business with Apple, I absolutely cannot fathom.

23
2

Brits pay £490m extra for mobes they already own – Citizens Advice

Lee D
Silver badge

Re: Astonishing isn't it

Charging for a promised service that isn't delivered is an entirely different thing.

The contracts will be clearly written, however, to say "you will pay X per month until Y when you will pay Z per month". And "After N months, you will own the phone".

NOWHERE will it say that you're still paying for the phone with the surplus after those months. You're not. You're paying for a contract which contains items which include, to whit, the provision of one telephone over the life of the contract. That you then continue to pay it unnecessarily for years afterwards is completely different to, say, VM charging you for a line you don't even have.

1
1
Lee D
Silver badge

Re: Astonishing isn't it

Do you know how many people I know who have "bought a new car" on only to realise three years later that they didn't read the small print and now they have to pay some huge portion of the overall cost or lose the car entirely?

If people sign up to a long agreement and then FORGET that they've done so... and then let that linger for any significant portion of time, when they were given the contract, had it all explained, have it there in writing in front of them? Yeah, I think there's an element of "learning experience" there for them.

The exact people who get those agreements are the exact people who can't *afford* to be sloppy with money because they couldn't even afford to buy their phone outright. Though that might flag as something we should babysit for them, I really think we'd be better off just leaving them to it.

There isn't a court in the land that would demand the mobile companies "pay back" that unnecessary extra paid as every piece of paper they have clearly lays out what they're paying, how long for and what it'll cost. That people just let that roll over, without even phoning up the company and saying "I seem to have been paying for this an awful long time now" or "I can get a better deal elsewhere", means they don't care.

And it's for something that I consider a luxury item. Smartphones don't have to be luxury items, but the ones you need to take out finance just to purchase them? Yeah, that's a luxury item for you, I'm afraid.

6
7
Lee D
Silver badge

Re: Astonishing isn't it

People are stupid.

There's free money in doing it for the mobile companies.

Anyone with a brain buys their phone outright or via a separate loan agreement (e.g. giffgaff offer completely unrelated loans on all the top brands of phones).

I have literally met 18/19-year olds who are paying more for their phone each month than they are food. I mean, hell, sometimes even the parent's Sky package is cheaper!

There comes a point where it's just a stupidity tax that we should let those people pay.

27
7

DNSSEC in a click: Cloudflare tries to crack uptake inertia

Lee D
Silver badge

Re: in large part because DNS providers don't see much of an upside to offering it

Depends what you're trying to do.

I imagine if, say, the government wanted to quietly take over a "secure" forum of dissenters, whistleblowers (e.g. Wikileaks) etc. for whatever reason, they could easily get a CA of their choice to sign a certificate, if indeed they don't already have a trusted root cert they can issue under in every single browser already.

Then they could hijack the DNS for the website in seconds and you'd never know.

CAA would not combat this (they could just "encourage" the right CA). Certificate-pinning/HSTS might. But DNSSEC would also... as there is a similar effort to record keys that were used and it's trickier to change them even if you own the root TLD.

Think not "guy trying to get into your Wordpress" but, say, China trying to capture everyone who logs into a proxy site.

1
0
Lee D
Silver badge

Re: El Reg writes "In some respects it is like IPv6...."

My work here is done, and I pass the reins on to others....

:-)

1
0

Vodafone sues Ofcom to reclaim 'overpaid' mobe spectrum fees

Lee D
Silver badge

Re: So that means...

Vodafone I have severe problems with.

I couldn't order the above SIM via their website because apparently I've "already ordered one" and it's impossible to complete sign-up. I've tried four times on four different emails / set of details.

Today, their website (despite promising what you say) won't let me continue to the checkout as there are no provisioning dates (and literally the page breaks and you can't continue because of that). I'm not even doing anything unusual - fresh Chrome browser, tried 3 times, it takes my address and then you can't proceed because it says "We'll inform you of your start date" but won't let you continue until you select a start date... of which there are non.

Their online services are all like this every time I used one. It worries me that simple things that are GIVING them business are broken like this and have been for a while now (the SIM thing is still broken after a year).

That aside, those deals do exist for FTTC areas, which I'm supposed to be, but that's an 18-month contract. In theory I could get 35Mbps if I paid £30 a month. But... I already get that on 4G. Easily. And I can take that 4G box everywhere I go.

Plusnet: I won't touch with a bargepole (always bottom of the awards, along with TalkTalk, despite being my go-to for over a decade back before they were BT-owned).

Sky: £25 "and then £38.99", 12 or 18 month minimum term. Guarantee of 25Mbps.

I'd rather pay more for 4G on a monthly-rolling contract.

0
0
Lee D
Silver badge

Re: So that means...

I'd happily pay more if they got rid of or vastly increased the stupid data limits.

But you can't really argue with £20-something a month for 40Gb plus several data-not-measured services (Netflix etc.) via Three, or even £30-something for 50Gb and LOTS of data-not-measured services via Vodafone (with their pass things that exclude everything from Amazon Prime to Netflix to Spotify to Whatsapp from your data usage).

Bear in mind that I *only* have a 4G Internet connection and no landline, and it's actually cheaper for me that way. Sure, if I had a big family I'd want more but I'd also pay more too. Cheapest broadband I can get from any kind of decent name (i.e. not TalkTalk) is £20-something plus £20-something line rental, plus install, plus a 2-year-contract, plus buying a better router, etc. etc. etc.

0
1

Early bird access to .NET Framework 4.8? Microsoft, you spoil us

Lee D
Silver badge

Re: Despite coding in it ...

From a non-developer point of view, it's just a HUMONGOUS library, no different to any other, except that for some reason it takes 30+ minutes to install / update sometimes.

There are also numerous (and seemingly "not compatible") versions of it that all have to be installed to actually run that tiny little program that does not-very-much (e.g. run https://simplednscrypt.org/ on something that's a fresh machine) and where you have to keep around a copy of all the previous .NET Frameworks (some of which no longer install nicely on modern Windows, some of which are integrated into Windows as a "optional feature" that you have to install, etc.

And which multiple major software vendors either a) don't upgrade so you have to keep .NET Framework 3.134784374387 around because that's what they base their code on and reinstall it on every machine you want to run the program on or b) have to do a humongous Framework install / Windows Update / etc. every time they change it.

Then you call all those frameworks the same thing with slightly different numbers (3.0, 3.5, etc.) and hide them on the Microsoft site, and hide the "full installers" even further away so people spend half their life downloading them all.

Then, at the end of it, you get something approaching an "ordinary" Win32 program that may or may not work depending on whether you go it all right, with no clue as to what was wrong except from the developers who have a "recipe" for installing their particular variant of it in the right order.

Meanwhile, you've downloaded 5Gb of Framework, wasted hours of your life, churned the disks on the machine for hours while it "searches for previous installs / updates components" and can't push the software that uses it in any sustainable fashion as you can't guarantee that the end machine will have the right version at the right time.

Honestly, just statically compile the damn thing into the binary because I'm sick of it by this point...

12
6

Check out this link! It's not like it'll crash your iPhone or anything (Hint: Of course it will)

Lee D
Silver badge

"there's zero reason why anyone should be unwilling to upgrade..." "and 12.0.1 would inevitably follow to clean up any lingering issues"

(raises hand)

Oooh, oooh, me, sir, I've seen the answer!

8
0

Brit airport pulls flight info system offline after attack by 'online crims'

Lee D
Silver badge

Re: The weakest link....

We really, desperately need to stop making systems where a browser-click compromises the system.

For a start, if all this stuff does is show flight info, why the hell is there even a browser installed?

Until we relearn least-privilege principles, where people don't get any button they don't need and programs don't get any access they don't absolutely require, we might as well just hand the hackers an open pass now.

10
0

Guess who just bought Maplin? Dragons' Den celebrity biz guy Peter Jones

Lee D
Silver badge

Re: Successful delivery!!??

I've never had a package go back to the supplier.

Their depot, maybe, which may be a drive away, but never to the supplier. They warn it's possible if you don't collect within <however many> days but I've never had one returned because of that.

If anything, I'm infinitely more annoyed that historically their depots only ever opened M-F 9-5, which is just ridiculous. Now, at least, they have a weekday that's open later and usually on a Saturday too. Or I can pay for redelivery at a specified time/date/location (I've never had to).

0
0
Lee D
Silver badge

I can't say that parking costs have ever affected my shopping habits.

That said, I generally shop in big shopping towns, where there's tons of parking and I'm not subject to one guy with a paintbrush and a bucket being the only source of parking spaces.

You know what stops me parking more? Stupid places that don't take card, notes or pay-on-exit (when I can actually go and get some change without having to leave my car unpaid-for in a card park to do so). Pay-by-text schemes that are so unnecessarily convoluted that it's ridiculous (seriously... I text my plate to a number, maybe including a site number if you're too lazy/cheap to buy one DDI for each car park you operate - what more do you need? You can charge me for an hour and then text me in an hour's time to see if I want another hour).

I don't even care about walking a little. But I would never use a park-and-ride.

No, the reason I don't use Maplin is quite simple. Prices. Availability to me is not a concern. Amazon Prime Now will deliver anything from a UPS to a PSU in a matter of hours. Anything more urgent than that, I should have had it in stock already, or be able to cope without it.

But I always wander into Maplins whenever I pass one. My partners hated walking past one because they knew I'd always wander in and look at everything. And, literally, the last five years I can't justify a purchase in there. A "basics" mouse was costing something like £10. The RPi and Arduino kits were ludicrous (£60-70 each sometimes). Soldering gear was cheap-made but expensive-priced. Simple cables cost a fortune. And there was a ton of disco stuff. A ton of Christmas-toys. A ton of TV coax and satellite cables (who does that that often?). But you couldn't pick up an SD card for a decent price, or an SSD at all (that may have changed, but I gave up going in them eventually).

Parking didn't even figure in it. I'd probably pay parking just to go *look* in a Maplin's at most points in my life.

8
4

UK networks have 'no plans' to bring roaming fees back after Brexit

Lee D
Silver badge

The magic words they have "no plans" to.

Give it a week and I'm sure someone could knock up a plan now that it's been mentioned.

I have no plans to marry a supermodel, but you can be sure if the opportunity arises it will become a serious consideration, especially if - as in this case - there'll be almost no obstacle to doing so at all.

11
1
Lee D
Silver badge

If Brexit were so simple, it would have happened already.

You wouldn't have watered down proposals of how to do it.

You wouldn't be reliant on the EU bending to your will.

You wouldn't have done things like "forgot" that you have to get it past the House of Lords, when if you'd just done that a year before anyway, you could have pushed it through a second time and their objections that time would mean nothing as it could just become law anyway.

There wouldn't be stories about what could happen *now*, that everyone could have told you years ago would happen in this case.

"Amazingly, when we pull out of the EU, all those EU-wide agreements mean nothing any more". Gosh, I'm shocked.

It doesn't have to be the end of the world to be a silly idea.

And if we did everything that 50%+ of people vote for, you'd end up with men having to look after all babies at home, and towns in Sweden voting themselves free money instead of having to work (literally just happened!).

If we're gonna vote on these things, I'd infinitely prefer a vote on "Should we go to war with country X" (with a min 75% threshold for ceratinty), which we never seem to get.

21
4

Do not adjust your set, er, browser: This is our new page-one design

Lee D
Silver badge

It's almost like we should have a way to isolate the content of the news articles from the design.

And then mark upgrades to the formatting / layout as a particular version people can look at.

And then people can choose how they want the page to look without at all affecting the way the content is produced and handled on the backend.

And thus letting people choose whether they want the old Reg fixed-width thing, or the shiny-new, or the shiny-new-that-we-broke-but-we'll-fix-it-later.

And then, maybe, we could come up with a catchy name for those formatting layouts. Like...

Themes.

SERIOUSLY. Stop faffing with the website doing things that instantly alienate 50% of people, and instead focus on the content and making the site work and have useful features (like searching through my old posts, etc.).

Then let your designers run riot on a theme. And then you can change what the DEFAULT theme is to your heart's content. And we can still view The Reg as if it were a site to convey news and not have GIGANTIC side-bars on it, or unnecessarily large "highlighted" stories when we just want to view them all as a list.

9
0

2-bit punks' weak 40-bit crypto didn't help Tesla keyless fobs one bit

Lee D
Silver badge

Re: Problem-solution dichotomy

Have you people not heard of trolleys?

5
8
Lee D
Silver badge

Re: Problem-solution dichotomy

It gets me that the VERY NEXT ACTION you take is to touch the door.

So... if you've already got to touch the door... why do you need this stuff to be remote?

And entry should be a very different matter to starting the engine. I don't consider my car "safe" to put valuables in, but I do expect that they can't just drive it away.

35
0

First it was hashtags – now Amber Rudd gives us Brits knowledge on national ID cards

Lee D
Silver badge

I have no problem with ID cards. I effectively have one in my wallet already.

I have a objection to you JOINING THAT INFORMATION, exactly like the cookie problem you describe.

Literally, just give people driving licences when they turn 18 that don't have entitlements on them - that's the ID card problem solved.

What *you* want, though, is a central system to tie in everything I do to that number. I don't currently have to provide a driving licence number to, say, rent a house. Or file a complaint against my council. Or ring my bank. Or access an adult site. Or rent an 18 movie.

What I'm concerned about is not another bit of plastic. That's just an expensive exercise in redundancy, we can knock those up today if you want to pony up the money for them.

No, it's that once you get an "official" ID card, what are you going to join together, and what new things will suddenly be linked to / require my ID? The first that springs to mind is things like website access, ISP records, etc. Government are pushing for mandatory ID for such things, rather than just proof of age (entirely different thing). Currently, it would be suspicious and a deliberate act to join, say, my Internet credit card purchases to my running for local councillor. It would involve court orders to banks, police records, etc. etc. But once you join the databases it's "too easy" for someone to do that just playing about on the ID database - we know this because as NHS goes digital the number of people being done for "just looking" at celebrity details are far too common.

And then you want to tie it in via NHS number? Bang, there's my medical records for you too. Benefits. Driving record. All kinds of things currently held at different places which are all formally recording requests for access and providing the minimum information required. Join them together and those guarantees won't survive. It'll be a free-for-all.

We know, because everything from council bin collection agencies to food standards agencies are putting in requests that they never used to be able to before to track and trace people. Join them all into "one easy number" and you will end up with cops sneaking into your celeb profile, linking it to your purchases from your Amazon account for sex toys, your online browsing of legitimate and legal porn, and leaking it to media. Hell it happens WITHOUT those connections, with them just makes it worse. And no amount of log-keeping, warnings, etc. has yet proven effective at stopping people with access doing such things.

Now, there are obviously advantages to linking things. If nothing else, spotting financial fraud, etc. But it has to be controlled and justified. Tying everything to an ID number is a dangerous and stupid thing to do.

I don't care about the card. But it is another worthless piece of plastic. Like Manchester trial of ID cards where people effectively threw their own money in a bin on something that nobody ever really recognised.

I care about the data connections. The government does not, and has no need, to know my Amazon account, emails I use, domains I own, movies I watch, etc. Even if they could legitimately obtain that information if a court so ordered, they don't need to. And I have to trust that the courts wouldn't allow it unless it was necessary for law enforcement. That's my safety barrier.

Linking systems and centralising an ID bypasses that, if all those systems have to query the central database for authentication, they are basically advertising the records that join together. While they are separate, they don't advertise the connections to a single, central authority.

Now, I have "nothing to fear". I trust law enforcement and the courts. You can see my posts on that everything. I really don't care about someone potentially finding out that I earned £X but claimed £Y in income for tax purposes because for me X=Y at all times. That's not the issue. The issue is that the potential for misuse is too great and tempting for a nation state. By not having it, they can't do it, certainly not without expense and a paper trail which is our primary safety barrier. But the second there's a central authority that everyone has to authenticate against and which links into every bank, every contract, every shop, every thing you do in everyday life... that potential can and will be misused.

Even if it's to tax people who buy too many plastic items, or chase why they bought 100g of plastic this week but only put 80g in their recycling bin. Whatever it is, however petty, that potential is damaging.

And I object to *that*.

113
0

Chromebooks gain faff-free access to Windows file shares via Samba

Lee D
Silver badge

Re: DFS

I've never had a problem with DFS on Linux.

The \\domain part just resolves to a server within the AD heirarchy, which handles the request (even if it's not serving that share itself).

Googling around, people have been doing that just fine since at least 2012, and it doesn't involve Samba at all, just the CIFS filesystem modules, the kernel keystore using "keyutils" and a WINS server setting. Certainly none of those are doing any clever interrogation or whatever.

http://mattslay.com/connecting-ubuntu-to-windows-shares-and-dfs-trees/

Literally set up your system properly, connect to DFS shares the same as you would any SMB share.

It's about setting up the system to trust that one machine is capable of giving you Kerberos tickets valid for a share where you may have to use another server in a little while. Nothing to do with the SMB protocol, really.

5
2

Vodafone cops ads rap over Martin Freeman's vanishing spaceship

Lee D
Silver badge

More importantly - you can sync at a Gigabit if you like. That doesn't mean you aren't throttling the traffic or overloading your backhaul so that users only ever get 1 bps.

I "sync" at gigabit on every single piece of equipment I ever plug in. But it's a different matter to be able to offer gigabit downloads to every one of them simultaneously at peak time.

Sync speed is misleading. Throughput speed is not. The ASA, for once, are catching on to the tricks.

And unless you're using cellular / radio, the sync speed shouldn't be far off the real throughput if you're operating things properly. That high contention is finally gonna come back to bite you.

They also have it backward:

If the line is dodgy, the sync speed will be low, and that may be out of your control (i.e. the run is just that long or the line that noisy and your engineers can't fix it). If the sync speed is high but throughput is low - you have a bottleneck in your backend. That's entirely within your control.

1
1

Raspberry Pi supremo Eben Upton talks to The Reg about Pi PoE woes

Lee D
Silver badge

Re: Oh dear, a fan

The PoE hat only works with the 3B+. Only that has the pins to support it (that pull through the Ethernet pins to the board).

And, no, it *doesn't* need the fan. Because the 3B+ doesn't need the fan and you can turn the fan off entirely perfectly safely.

0
0
Lee D
Silver badge

Re: Oh dear, a fan

PoE has many uses.

The fans can also be disabled - it was a "freebie" with the board, not required for the PoE to operate. Additionally, the RPi has adequate temperature control (by throttling) without any fans at all. So the "only moving part" can fail and not much will change. Or you can just turn it off.

PoE in an official box means that these things can replace lots of things. Everything from IP phones to IP-based speakers, can be powered throughout a building from a central place (with UPS, etc.) and also be pretty invisible when in situ.

My workplace has PoE phones, wireless (APs and bridges), cameras and speaker/alarm boxes. The Pi can directly replace at least three of those. Not to mention things like thin clients (the free utility rdesktop on a Pi is actually SOLD by a company called nComputing as a thin client for Windows or Linux remote desktops), etc.

5
0

Python joins movement to dump 'offensive' master, slave terms

Lee D
Silver badge

I tend to find that when an organisation reaches the point where such things become a consideration rather than, say, concentrating on achieving the product/service they provide, that's the point where things start to go downhill.

People literally have too much time on their hands if they care about a terminology such as this. What next, blacklist/whitelist being racist? Male/female connectors not including an intersex variant?

Just code the damn thing, nobody's actually bothering to writing code that's both functional and yet subtly racist

242
8

Dust off that old Pentium, Linux fans: It's Elive

Lee D
Silver badge

Pah.

https://gist.github.com/jwieder/7e7e643cc71c81f63958

That's an x86-bootable chess game in 512 bytes.

9
0
Lee D
Silver badge

Re: If it's snappy on old kit...

Yeah if you haven't noticed, OS haven't actually got quicker over the last few decades. Even though they are not doing very-much more. Windows 10 was about the first Windows OS to actually *improve* performance on existing machines and even that's debatable.

To be honest, I baulk at the sight of needing 512Mb of RAM to draw a few windows on the screen. We're really still doing something drastically wrong. I know there's a lot more to it than that, I know there are myriad background services and all kinds of connectivity and layers and security and god-knows-what going on to facilitate showing those windows. But I can remember when I had to upgrade from 1Mb to 2Mb just to show a 640x480 window (when I already had 1Mb video RAM) and I couldn't fathom why that was necessary.

Fact is, we're not making the OS any faster but taking everything modern and paring it down. If you want to do that, you have to throw out 99% of what the OS / window manager currently does that's unnecessary.

41
2

Email security crisis... What email security crisis?

Lee D
Silver badge

Re: Email is absolutely broken...

Email protocols are real garbage and drastically need a complete overhaul for the modern world. There is no reason why we can't, but nobody has yet posited a standard that would work.

We need a decentralised, encrypted end-to-end, certificate-verified system where even if GMail are receiving your email for you from the wider net, they AREN'T able to read your messages. Then we need an "opt-in" requirement where you can select who you want to receive emails from (which will come about accepting THEIR certificate).

Then we can start thinking about the more complex solutions of email forwarding etc. or just change the system entirely. You can then remove all the SPF, rDNS, greylisting, etc. stuff.

However you *won't* escape a dependence on DNS though if you have half a brain you'll insist on the relevant records being provided over DNSSEC.

Until we literally throw SMTP, IMAP and POP out permanently, we can't progress on email security.

3
1

PPI pushers now need consent to cold-call you

Lee D
Silver badge

Re: How long have you kept them on the line?

The robocallers cost them nothing.

The call costs them pence.

About the only thing they're paying for is the person to listen to it, likely way below minimum wage in a foreign country somewhere.

And yet they wasted how much of your time, and what's your normal hourly rate?

1
0
Lee D
Silver badge

International friends have any number of ways of contacting me. It can be as simple as "leave a message".

Withheld calls? Sorry, blocked. They literally don't even ring. If you don't want to tell me who you are, I have no interest in talking to you. If you can block them officially or with the message "This number doesn't answer withheld calls"... problem solve. Guess what... if it's important, they still have to contact me anyway. Which means not withholding their number, or contacting me some other way.

For a) that's easily solved. For b) it's literally *their* problem, not mine.

Do you think I live in a bubble and don't have those things? Most of the time such places don't even HAVE my number. The local council certainly don't. And if they're too dumb to set the CLI on their switchboard to the main council building number, etc., then I literally don't trust them with my data.

What do you think they do for the old deaf people, those who are out all day and don't have an answering machine, those who don't speak English, those who don't own a phone at all? Life goes on just the same.

9
0
Lee D
Silver badge

You mean people answer phone calls from numbers they don't know?

And during mealtimes etc.?

There's a really simple solution staring you right in the face.

8
0

Y'know what? VoIP can also be free from pesky regulation – US judges

Lee D
Silver badge

I agree, for most people VoIP is basically optional.

But we would need a ruling saying that if you're replacing or ONLY offering to supply a line to a household via VoIP... then it becomes their only method of communication not by choice and you're a utility provider.

Soon, though, the whole thing will be moot... one of "internet connectivity" and "phone access" has to be classed as a utility or you're going into a world of pain where everyone has to do everything like taxes, etc. online/by the phone and neither of them will have any kind of guarantee of availability, let alone actual service levels.

The days of needing a copper wire to dial emergency services are probably over, yes, but there's still a need for something else.

16
2

Vodafone hounds Czech customers for bills after they were brute-forced with Voda-issued PINs

Lee D
Silver badge

And if you want to hold customer's liable for their choice of PIN, they have to have chosen it.

As in, they have to have logged in with the temporary credentials, changed it to something of their own choosing, and THEN get compromised.

Which isn't what happened.

13
0

Official: Google Chrome 69 kills off the World Wide Web (in URLs)

Lee D
Silver badge

Re: The layers keep piling up

Please describe how that's any different from the state-of-the-art, quantum-effect-reliant, billions-of-transistors electrical-number-cruncher in front of them when they are just "clicking on the box" anyway?

1) You can't expect people to understand how everything they use works, beyond a primitive knowledge (like my knowledge of the internal combustion engine... I can draw you all kinds of diagrams, I wouldn't have a clue how to go about making one actually work though)... and that's *at best*.

2) Most people, even if they could, don't care about how the machine works.

3) The DNS / IP system is nothing but a pretty layer over ugly technicality anyway. It literally exists so people can type in things like google.com and have stuff happen.

4) Nobody has really cared about the www. part for years, possibly decades... exactly the reason some sites don't serve the base domain only the www subdomain, or vice-versa. Don't even get me started on emails going to name@www.domain.com

5) SSL CA's have always included one where you request the other. It's literally that common.

5) Unless you have a really good reason, I can't see why the base domain or the www. should do anything different to each other. When someone accesses port 80/443 of your IP, surely you want to send them to your website, no? I can understand not advertising, say, server1, server2 etc. subdomains, that are used internally to serve the content, but what are you expecting someone who just types in yourdomain.com or www.yourdomain.com to do differently?

6) The pool.ntp.org example is a classic "techy" solution - I know, because I run a bunch of servers for them. And typing in pool.ntp.org will send you to a random-guys web port of a random time server. I'm pretty sure that's not a very bright idea at all and they should have used an entirely differently sub/domain. For example, pool.ntp.org and www.pool.ntp.org should go to the website. But time.pool.ntp.org gives you a time server. No different to how mail.domain.com (or equivalent) should be your mail server, or smtp. or time. etc. - not just using the raw domain for that (because then it's tricky to separate one service from the other when you want to migrate one to an entirely different IP and you end up hard-coding IPs into things like SPF records rather than use mail.domain.com and then give that an A record to point to a different IP)

You can't cover up decades of convention, tradition and bad design *now*, as an excuse for a browser doing what some browsers have been doing for years. Especially not when apart from real-oddballs like NTP pool (who really should have done it better) hardly anyone could ever be affected. Now, if the edit didn't give you the full URL when you went to copy/paste but the shortened version instead... yeah, then I'd have serious issues with it.

5
28

How to nab a HTTPS cert for a stranger's website: Step one, shatter those DNS queries...

Lee D
Silver badge

So if you can fake packets to the nameservers coming from the IP in question, intercept the response and break it into pieces and modify the second piece, and then forward that on as if you were the original nameserver WITHOUT (or presumably BEFORE) the original nameserver packet returns... and you do this all while someone is trying to verify their domain (or else you're generating an awful lot of emails from CAs to the victim in question which will raise their suspicion), then you could get a fake cert with their name on?

Seems to me that there's a lot easier ways to cause damage in that situation, not least just proxying / intercepting / modifying / falsifying every little packet in question including - EMAILS coming into their mailservers, which you could use to activate a domain.

An attack, yes. One solved by DNSSEC already, no need for some fancy fix. One that hinges on what we've always known was the primary assumption - that DNS is authoritative (if these guys can proxy between you and the root and modify DNS with IP-spoofing, nobody who connects to your secure site is safe anyway). One fixed by fixing that assumption not making up ever-more-complex rules. Things like... the ACME protocols used by LetsEncrypt, for instance.

5
0

World Cup TV sales offset dip in computing demand says Dixons Carphone

Lee D
Silver badge

I'm sorry, but if you're buying your PC from PC World, it's already game-over for you.

Literally, no hope.

Give up now.

Go back to an Etch-a-Sketch.

Especially if you're reading a tech site online and are "shocked" that PC World are somehow useless.

8
0

Benchmark smartphone drama: We wouldn't call it cheating, says Huawei, but look, everyone's at it

Lee D
Silver badge

Re: Isn't this easy to fix?

"It seems easy, doesn't it? But you're going to have to use the same data set and so on every time and that will be difficult. Games? You're going to have to find a way to cycle exactly the same game sequence."

Gosh. If only lots of games allowed you to play saved replays since, say, the days of Doom/Quake.

The second the program you run is NOT the game the user will run, it can be detected (hell, my nVidia drivers do it automatically and "patch" shaders in games that it recognises... and you can tell it to force Intel Optimus for one program and nVidia for another. If nVidia can do it for game settings profiles, they can do it for benchmark programs to cheat. But try cheating when the game being run is the game being benchmarked and the only difference is that the reviewer loads in a replay of a game that he's created on one machine and loaded on all the others (so you can't even detect a "standard" benchmark replay file, etc.).

And what kind of insane person would benchmark email (but it's very easy to do)? You would benchmark, say, Chrome against a WebGL test suite. Good luck detecting that, especially if you use a different test suite for each review (not each device, but each comparison of devices).

Comparing review models is really easy. Hell, you don't even have to load a huge set of licensed benchmark suites on every machine to do so. Literally a Steam account with a bunch of games... just like... a user with a bunch of games on Steam.

With phones etc. it's even easier - have a profile of the App Store apps you're pushing down to them and push down the same apps on them all.

As soon as you get into "benchmarking software", it's a lazy review. It's "let's just load this and check the number". Not, as stated, the temperature, CPU usage, whether it's getting priority, real-world use, etc. etc. etc.

5
3
Lee D
Silver badge

Re: Isn't this easy to fix?

Or just stop using fabricated benchmark that aren't indicative of much, and run the programs that people are likely to run directly.

That way any "cheat" is then available to the users the same as the benchmarkers, any performance enhancement causing battery use or higher temperatures, or cheaper shaders, etc. will also impact on normal use of the product, etc.

Benchmarks are a silly idea because nobody wants to know the raw integer performance of a processor nowadays. It matters not and is hugely complicated by a myriad other factors (e.g. multi-processing, throttling, etc.).

"How well does it run...(insert top-end stress-testing commercial software here)". In the PC world, that's whatever new game gets lowest FPS on everyone else's card. On a mobile? No reason you couldn't do a benchmark via something like Chrome / WebGL rendering, popular gaming apps, etc.

It's like "fancy" interview questions. All you're doing is hiring people good at answering "fancy" questions.

Rely on fabricated benchmarks and all you're doing is buying phones good at winning fabricated benchmark tests.

But buy a phone that plays the equivalent of GTA V at 120fps on Ultra (or whatever), and you get... a phone that'll play that game like that. And it's hard to cheat that *AND* the next game in the series *AND* that other demanding game *AND* the game from 10 years ago without... making a phone that's generally good all round at that kind of activity.

Benchmarks never meant anything back in the Dhrystone/Whetstone days, they don't mean anything now.

35
2

Microsoft Germany emerging from behind Deutsche Telekom cloud

Lee D
Silver badge

Re: Not just GDPR

And Microsoft Eire disagreed and it would take an EU court ordering them to do anything to make it legal.

Microsoft US might even *go to jail* for not complying with the US order. But it's an order that's impossible to fulfill for them. Literally, any employee of Microsoft Eire who allowed, facilitated, permitted, assisted or even provided an avenue for Microsoft US to get such data is breaking the law in the country they live in. Whether before, during or after that court case. And as they are separate legal entities, they would not be able to actually co-operate to do anything anyway. No more than Microsoft could ask Google to "just give us your data".

The US court could rule that Microsoft Eire is now a badger and the property of the US. Nothing would or could happen about that. The legal jurisdiction for such actions always did, still does, and probably always will end at the border of the US. If they want data from an EU company, they can write to the EU court. Or make ridiculous, unenforceable orders to their heart's content.

And if Microsoft US could obtain the data with a warrant, for damn sure the FBI could apply for the same warrant and get it themselves (which is an argument you could use in court... why am I being required to act as your policeman over a third-party that you could serve yourself?).

It always was a nonsense case. The Cloud Act doesn't change that in any way - in fact it recognises that position, gives such companies the right of appeal on that basis, and was the reason that the original case was shut down... because the Cloud Act existed to basically say "No, that's not how it works".

2
0
Lee D
Silver badge

Re: Not just GDPR

It doesn't matter.

US courts can order people to break EU law to their heart's content.

It still means that ANYONE complicit with that action is chargeable under EU law. Hence nobody stupid enough in the EU with access to such data would ever risk prison just to please their boss.

Additionally, it's LITERALLY no different to saying "Microsoft US must produce Google South Africa's data". It's a nonsense, it's impossible, it can't be done, and nobody at Google South Africa, or Microsoft EU, could ever or would ever comply.

It's like drafting a US law saying "It's fine, you can fly over to France and mug Europeans". Maybe the law could make that fine for US people in the US. But the second you go and do that in another jurisdiction, the French are going to have something to say about that, and your US court isn't going to be able to help you with the consequences.

0
0

TSB goes TITSUP: Total Inability To Surprise Users, Probably

Lee D
Silver badge

Re: How long...

Personally, I'm quite happy with not being able to get a better deal than others.

It makes the process so much easier, because NOBODY has any choice, and it's not worth the faff.

That doesn't mean "we should all pay inflated prices", but "normal customers get the same deals as those who are just more diligent" isn't a bad thing.

As you hint: People don't move until there is sufficient gradient difference to overcome friction. My times costs money and saving £10 a year on electric isn't worth any amount of the most minor research and clicking buttons and tracking who I need to pay now. But when there is a differential, I invest time and effort to get a better deal.

Not having those deals means that the differential becomes zero. So we all get a decent deal. I don't spend time faffing. And electric "just costs that much". If it's too much, I'll find another utility. Same way that when phone+broadband+TV cost too much, I just bought a 4G Wifi box.

But it's a nonsense to suggest that screwing over little old grannies whose son set them up on the deal 10 years ago (and who might not be around any more!) when they don't know they could save hundreds is a good thing for any one involved. Price controls exist to protect the vulnerable like that.

Personally, I think the whole thing would be a damn sight easier if we all just paid one rate for electric from one supplier. Average it out over the country, make it so that companies make decent profit (or else they won't want to take part), everyone gets the same deal, sorted.

The time, effort and faffing saved if we did that for all such utilities would translate to everyone having more time/money.

As someone who cut £300 off my car insurance this year (literally an annual "GoCompare" so I did nothing fancy), doesn't have gas, a phone, landline broadband, a TV, etc. I assure you that I know how to save money. But for the most part it just isn't worth the time and effort, and when it is, it's for unfathomable and unrealistic reasons (e.g. my car insurance is still BISL... I just changed the company that administers on the front end with the EXACT SAME details... saved £300... there's no sense in that whatsoever... Halifax lost a customer for nearly £800, rather than lose £300, and their rival RAC picked up £500 for doing nothing but running a front-end on an existing insurer with the same details. The real irony is that the RAC included breakdown cover which I was paying for as an extra with Halifax... from the RAC...).

I wanted an electricity supplier change, but they would need to call someone out to do it because of the archaic meter. Turns out that just one day spent home waiting for them is about 3 times the cost of anything I'll save in the first year. And I might not be here in 3 year's time. And that's assuming the company I go to don't raise their prices in the future.

It's a false economy to suggest that having these companies "play off against each other" is doing anything to lower prices at all, even for the deal-seekers.

The government fixing the prices kills the commercial market overnight and customers pay what they would have paid anyway, without the faffing and advertising and paperwork and admin and duplication of effort that all those companies are doing to "win" customers, not to mention shareholder deals etc. It also means we can all just get on with our lives and not have to waste time changing suppliers and checking prices in the first place. Hell, it would kill all the price comparison sites overnight too. What's to compare?

I think it's just a placebo, "getting the best prices". If you fail to do it, sure you will lose out. But doing it doesn't mean you'll get something any better than what you'd get with just blanket regulation and fixed prices. Just the sheer removal of so many private-owned, shareholder-paying, corporate middle-men should remove enough to get you a better price that ever. The trick is to "nationalise" without letting government cronies get their 10% either. You can only do that with transparency and calling them out, and yet no-one cares that most ministers are profiting from exactly the industries they are supposed to be regulating because there's a bit of paper somewhere that says that.

1
0

Forums

Biting the hand that feeds IT © 1998–2018