* Posts by Lee D

2225 posts • joined 14 Feb 2013

UK's BT: Ofcom's wholesale superfast broadband price slash will hurt bottom line

Lee D
Silver badge

Re: Bad move

My new place near a large city inside the M25... I get 3Mbps on standard ADSL2, "up to" 10Mbps if I go VDSL. And because nothing else covers my cul-de-sac, there's nothing I can do about it. Sorry, but BT's network is a mess. I use 4G and get 35+Mbps instead.

And BT will just have to provide for people to use their facilities... if they break it, you charge them for it and fix it. That's how it works already. Because aren't Openreach mostly subcontractors anyway?

P.S. Last time I asked for a leased line from BT, they took FOUR YEARS and did nothing. After the last six months of constant yelling, we ended up with three empty, incomplete, different and not-joined bits of empty plastic tubing, and then we were told there was "no room at the exchange". Not one fibre every made it even to the site, let alone just jointed together.

This is the same site that gets 25Mbps "at the boundary" on two seperate VDSL lines, which drops to less than 1 if it rains (and our analogue phone lines all cut out). The six ISDN lines regularly failed (to the point of cables dangling in the street despite no hurricane, etc.).

But once Virgin put in a proper fibre line, we moved all the ISDN and analogue lines to SIP, all the ADSL/VDSL to the leased line, and have not had a single outage in three years.

Sorry, BT, but if you want the custom and you're forced to "allow subcontractors" by the people controlling you, that can ONLY be an improvement. It might mean more outages, but I can't imagine it, and at least then there will be a backup of some kind when you don't ever resolve the issues. I'd rather than 20 lines from different companies, one of whom might hire dodgy subcontractors who somehow damage all the other lines occasionally and have to pay to fix it, than being stuck with BT / Openreach as the only (atrocious) option where they don't care if it's broken for years, nothing happens to fix it.

5
1

Perusing pr0nz at work? Here's a protip: Save it in a file marked 'private'

Lee D
Silver badge

But... even putting it in a folder still gives them the right to view it.

They would have just had to have had in the room when they did so.

They'd STILL have sacked it for what was there, and therefore what was being done presumably on work-time.

That kind of law is for things like "I booked a flight and needed the details to call during my lunch hour, so I saved it" and stop the employing snooping into that, not "I put my porn stash on the work machine so now I'm immune and able to watch them in work".

0
0

Worldwide smartphone shipments DOWN for first time ever

Lee D
Silver badge

Re: As predicted ...

Yup.

Pretty much when even the most luddite of people probably has a smartphone with camera, internet, games, movies, tv, music, satnav, compass, torch, spirit level, etc.etc.etc. then there's nowhere else to go and they aren't going to upgrade "just because" especially if all those things weren't what made them upgrade to a smartphone (which is most likely to be "to use WhatsApp to call people for free", "to check email", "to go on Facebook" and "because it's just as cheap to do all that as buy a normal phone", according to a brief survey of the people who come to me in that position).

Gimme something new and I'll think about it. And a removable battery. And a headphone socket. The Samsung "this phone can also be an Ubuntu Linux desktop" is intriguing to me, but niche. Hell, stick a fold out joystick on it and licence a bunch of retro games and the kids would probably be all over it. But without something new, it's just a case of "I'll buy when mine is bad enough for me to notice", whether that's because it's broken, slow, can't do something I need, etc.

24
0

Bright idea: Make H when the Sun shines, and H when it doesn't

Lee D
Silver badge

Re: Molten salt ?

They tried, but then all the chips disappeared.

34
0

Farewell, Android Pay. We hardly tapped you

Lee D
Silver badge

Re: What could possibly...?

Keep your debit card in an RFID blocking wallet or sleeve.

I like to demo to people the "Credit Card Reader" app which can pull off their card number and expiry date by just tapping an NFC phone against their card (or, in theory, from across the room) without them even knowing.

Sure, it's not every detail and not the same as performing a proper doink transcation, but it's enough. But put it in a sleeve / wallet with foil insert and you can't read the card at all.

The other app I like is "Passport Image Decoder". Worrying that such access is available passively without your knowledge, even if the most vital data is encrypted

16
8

Crunch time: Maplin in talks to sell the business

Lee D
Silver badge

Re: Remnant of the 1980s

"My PSU too, just after Xmas. Only place for a *now* replacement at a half reasonable price."

Amazon Prime Now:

Corsair CP-9020097-UK VS Series ATX/EPS 80 PLUS Power Supply Unit, 550 W,Black

(They had loads of other choices, I just picked one)

£38.52

Sold by Amazon EU S.a.r.L. Remove

Check out now with 2-hour delivery for £0.00

I could have it before I got home tonight, if I wanted,

Welcome to the 21st Century.

5
10

iPhone X 'slump' is real, whisper supply chain moles

Lee D
Silver badge

Don't think numbers. Think percentages.

That's a 1/3rd drop in expected sales. That's quite a hefty hit for any company. Changing your plans for your new product to only sell 2/3rds of what you expected? That's gonna hurt any company and Apple are fortunate enough to be able to absorb a $10bn loss without flinching.

(By overcharging for every product they've ever made, and stashing their money abroad outside of the reach of taxation authorities, but hey... I'm not judging... no, wait, yes I am).

11
0
Lee D
Silver badge

Re: So Someone Learn me....

Profit.

The iPhone has one of the highest mark-ups of any phone.

Apple sell only 1/3rd to 1/2th the amount of phones as their next nearest rival (Samsung and Huawei actually own the market in terms of unit numbers).

However, they make MORE PROFIT from selling that lesser amount of than anyone else (Samsung and Huawei make much less money than Apple).

I would assume, however, that Samsung make a tidy profit on NOT making screens up to the expected order numbers. You can't just order 30 million and then only buy 20 million, so presumably they've made some money from Apple by doing nothing.

13
0

Teensy plastic shields are the big new thing in 2018's laptop crop

Lee D
Silver badge

Re: @Lee D

Nothing to do with that.

Did you know games are 64-bit only and demanding 16Gb+ RAM nowadays? That's not the top-end gamers only, but just to RUN the game on Steam.

As you can see from my post, I deploy 8Gb by default to ALL USERS, and I work in a prep school. That means primary-aged children, and staff who run nothing more demanding that Word, Outlook and Chrome. Because 4Gb vastly increases their performance (and coupled with an SSD for some staff makes ancient Lenovo desktop machines that they don't make any more FLY). I'm sitting on a ThinkCenter E72 in work, it's hardly a power-user machine.

As people have noted above, a browser can suck up Gigabytes (and, sure, some of that is page caching, but by far not all). The latest series of phones have 3Gb or more, what makes you think that they are doing more than people's desktops?

Yes, I have VMWare. But none of my client computers in work do (or HyperV, that's for servers). Chrome tabs? Gosh, why would any unexperienced user open 30 tabs at the time (something I could do back in the Opera 3.6 days without ANY HASSLE AT ALL on a machine with way less RAM)... because they're users who click everything and don't even realise they have other tabs open half the time. Windows 7, 8 and 10 all RUN with 4Gb. Fine? I wouldn't say that. That's WHY I upgraded... when I started at this workplace that's what they had (P.S. that was 5 years ago, and it was considered a "cheap" solution even then). User's complained that the machines were slow. So the upgradeable ones got 8Gb, the others got SSDs (note: All machine running 64-bit Windows, but some motherboards aren't built to cope with >4Gb RAM but some of these clients are models that are 10 years old, so hardly surprising). Both provide an ENORMOUS boost to the system.

It's about being sensible... the cost of 4Gb extra RAM is pitiful for the performance improvement. It also drastically reduces swapping, especially important if you are using an SSD. I have actually seen 4Gb machines with no swap just run out of memory (hint: I have Outlook and Vivaldi loaded, with Sophos and some TINY utilities in the background, on the WORST machine in my worklpace - always eat your own dogfood. It's left running all the time. Once a week, I get a "we've closed this program because we were running out of memory"... and that's on a machine with 4Gb and swapfile on SSD [which is slowly killing the drive but it's surviving nicely]).

I'm not just making this stuff up. Go buy a cheap laptop and put an extra 4Gb in it. The value is way above a more expensive laptop with only 4Gb.

Your disk must be swapping all day long with only 4Gb on a modern OS running even basic Office and Chrome for any significant working day.

8
28
Lee D
Silver badge

"On the storage front, magnetic-media hard disk drives are now the exception to the rule and even when they are an option aren't exciting anyone."

About time.

"All three companies have also made 8GB of RAM their floor this year, other than in budget models."

What the hell? I feel like I've gone back a decade.

My 8-year-old laptop has 12Gb in it, from the day it was purchased, and it wasn't a ludicrously expensive top-of-the-line thing even back then.

4Gb lets you boot.

8Gb is the minimum I specify in work (where we buy the cheapest desktops we can find because our users just run Word, etc.)

16Gb is my preferred.

Are you telling me people still aren't on 64-bit yet? The last processor that wasn't 64-bit-capable (not counting the cheapy Atom range) is way over a decade old. We're talking Pentium 4.

That we're STILL selling laptops with only 4Gb is ludicrous, budget-range or not. And I damn well hope they're upgradeable to at least 64/128Gb just by putting new chips in.

15
60

When Samsung reveals the S9 at MWC, at least try to act surprised

Lee D
Silver badge

Apple has expressed in a court of law that it only designs/expects the iPhone to last one year at most.

That's actually the argument they presented, on record, to try to avoid offering the statutory 2-year European warranty.

Why people do business with them, I still can't fathom.

15
0
Lee D
Silver badge

Can I take the battery out?

11
2

Judges dismisses majority of Cisco's 'insane' IP defence against Arista

Lee D
Silver badge

Re: Sounds like a classic "Big US Corp" Defense.

"well enough to call "Bu***t" on that."

bucket, budget, budlet, budrot, budzat, buffet, buglet, bugout, bulent, bullet, bullit, burbot, burget, buriat, burket, burlet, burnet, burnut, buryat, buryst, bushet, busket, buyout

Nope.... I'm lost...

5
1

Helicopter crashes after manoeuvres to 'avoid... DJI Phantom drone'

Lee D
Silver badge

Re: It's time...

Not the OP but he may be right:

https://www.standard.co.uk/news/london/pilots-welcome-government-crackdown-on-drones-after-spike-in-near-misses-at-heathrow-and-gatwick-a3594886.html

"The number of drone incidents involving Heathrow planes nearly quadrupled from seven in 2015 to 26 last year (Note: The article date means this refers to 2016!), according to reports by the UK Airprox Board."

That's one every two weeks at Heathrow alone just 2 years ago, after previously quadrupling. Nothing to suggest that the trend can't have extended to one every week at Heathrow alone.

43
3

UK mobile customers face inflation-busting price hike

Lee D
Silver badge

One of the many reasons I don't do contracts on phones.

Month-to-month contract, bye-bye if you raise the price on me too much. Plenty of other providers out there.

And never buy a phone on contract/credit. Pointless exercise. "Hey, I get a new phone every year"... cool. And to do that, and profit, you've got to be paying more than it costs to buy a new phone every year.

They can no longer hold your number ransom and most of the time that's the most valuable component of the whole deal to people.

If you want loyalty, stop raising prices or give me a better deal than being a new customer at a rival. Because though I'm sure the RETAIL PRICE of things has gone up, and maybe inflation has risen as little, I don't believe that your costs as a telecommunications operator with forward-planning and investment has changed at all, in any way.

(Interesting tidbit: Everyone from the manager of the Bank of England to all kinds of economics say the RPI is bunk and shouldn't be used).

8
0

Apple Macs, iThings, smart watches choke on tiny Indian delicacy

Lee D
Silver badge

Re: OK it complex to render

I don't know about the OP but what I'm asking for is for a font renderer to be able to either render a glyph or error out sensibly, not just crash. A crash means you didn't isolate your memory etc. from each other and you end up in a combination which causes things like divide by zeroes or out-of-range memory accesses or pointer confusion.

Which, sorry, but shouldn't happen in production code that goes out to positively millions of devices. I can quite understand "this glyph is unrenderable, or something went wrong, or I got an error, so I caught that exception that the underlying code threw and returned NULL glyph in that one's place, rendered the rest of the string and then returned the whole - valid and renderable, just not correct - string to the underlying process without the potential for code execution or further errors propagating down".

Seriously, people, this is what EXCEPTIONS and error-handlers are for. It means that even if the glyph-renderer throws an exception, the string renderer that called it should do something about that beyond just throwing that hot potato all the way back up the chain to the UI framework and then to an app that can't handle it causing the OS to kill the app. It should be replaced with a safe glyph, the string should be caught and marked as erroneous by the string rendering routines (and replaced with, say, XXXXXX), the UI framework should catch it, and app should BE ABLE to catch it if it propagates that far (but I don't expect it to).

If you have not designed your UI framework to safely handle and isolate calling processes from errors in glyph rendering (which could be caused by a corrupt font, or an illegal combination of glyphs and modifiers, or a missing glyph from the font entirely etc.) then you shouldn't be writing one and FORCING people to use it (notice how ALL those apps are from different people, including the lockscreen, but they all are subject to the same textual API...).

Throw... catch... it's not hard. And catch should never be "oh, just catch everything I might have forgotten and throw it back up the chain where nobody can do any better than I can anyway". That's the last resort.

7
0

If this laptop is so portable, where's the keyboard, huh? HUH?

Lee D
Silver badge

Conversely, I basically issue no laptops.

Sorry, but I don't see how you can say both "I need dual monitors to do my job" and then "I need a laptop". They are both just a status symbol and mutually exclusive.

To be honest, I can't justify a laptop for anyone, but I get overruled (always for the most senior staff, always for the ones who use the computers least, always for the ones who conveniently don't have a PC of their own at home...).

At home, I have a gaming laptop because it's a monster and does everything - it's a luxury I couldn't afford for many years and is now getting on to 8 years old. I get my money's worth out of it, and it's portable because it comes on holiday with me, goes round mate's houses, etc. all the time. It's the "best compromise" between a powerful PC, a portable device and something to watch a movie on on a plane and load up to quickly check Facebook. But in work, I only ever use a real PC, or a remote session to a real PC inside the network from such a device.

For work, I can't justify the expense, the fragility, the cost of repair, the potential of theft, the performance hit or the screen-size/docking station/extra mouse/extra screen on top of the cost of the laptop itself. I'm sure there are jobs where portability is required, and I tend to find they are issued Toughbooks etc. for a reason - 1) they look undesirable so there's no status symbol to having one, 2) nobody's going to bother to nick them, 3) when they drop, they usually survive and they are out in the harshest environments where you wouldn't want a flimsy tablet etc. But most office jobs aren't one that needs such access.

You want a laptop? Fine. You get the cheapest junk possible and then in via RD to a real machine inside the isolated network. It's literally an access terminal. Because when you get into encryption, VPN, file sync, offline device/file protection (e.g. people sticking in USB sticks into it) etc. then an offline, disconnected machine is the worst possible thing to try to manage over just "load up the RD app on your iPad/tablet/laptop/PC/Mac/smartphone and go here".

In a lawyer's office, especially, I would not want to manage the logistics of issuing a laptop that goes home with them with all kinds of stuff on it. With DPA case law, you have to be able to PROVE that it was encrypted if it's ever lost, you know - the NHS has been fined for being UNABLE to prove that a disk it sent through the post and lost was encrypted when it left the sender. That's easier said than done especially if some information leak happens in a serious case and the judge is breathing down your neck about it. I'm sure a lawyer understands that. And they use stuff like LexisNexus etc. all the time so they're used to using cloud and website services to get their job done.

Sorry, but if I was a billionaire and owned a company just for fun and gave everyone a staff Lamborghini... you're still not getting a laptop for taking stuff home. I'll give you a way to access work if you need it - a cheap tablet with remote access. But a laptop that travels is the worst idea imaginable. "I want to take all the network home with me on a battery powered device and have it work like I never left the office". Nope. You'll take a screen home with you and look at your computer on your office desk instead.

9
47

Apple to devs: Code for the iPhone X or nothing from April onwards

Lee D
Silver badge

"Apple wouldn't issue such an edict if the X was on the chopping block. "

Quite the contrary. If one of your smartphones is flagging, make almost every large dev team buy one to test compatibility and ensure it has a base of apps.

To be honest, I would HATE to be dictated to in such a manner as a developer.

26
0

Arrrgh! Put down the crisps! 'Ultra-processed' foods linked to cancer!

Lee D
Silver badge

If you want to change things then tax processed foods and give subsidies to farmers and others making and selling fresh local produce. It costs LUDICROUSLY more to buy, say, a few veggies than to pick up a huge bag of frozen veg and a whole chicken, or a ready-meal.

But the science behind this is bunk as everything's so broad, and we really shouldn't be reporting it. There are so many assumptions in that paper's opening data collection description that it's unbelievable. Hell, it's all based on a web-survey anyway and "photos of usual food containers" to judge weight/size of the meals!

23
6

BBC presenter loses appeal, must pay £420k in IR35 crackdown

Lee D
Silver badge

If you're freelance and you aren't being paid enough to pay full tax like an employee would, when effectively working as an employee, then that's cheating. Either on the employer's side or the freelancer's side.

If you're a freelancer using such arrangements to avoid tax... pay your tax.

If you're not able to pay that tax from your earnings, then demand more money or move on. If you're claiming to be freelance, this basically means "increase your prices".

If you demand more money and they need you, they'll pay you.

Though it's an upheaval, it's been long-coming and I don't get the fuss any more.

28
9

Home fibre in the UK sucks so much it doesn't even rank in Euro study

Lee D
Silver badge

Re: *Shrug*

I think you underestimate people.

A 10Mbps connection is no good for an average household... look at the numbers of phones, consoles, computers, laptops, tablets, etc. and it's quickly apparent you can kill someone's Netflix just by clicking a big web page.

And along those lines, you have to think - those smartphones are probably on 4G, almost certainly get 25-30Mbps themselves, just as part of a data allowance. When the phone in your pocket can service wifi to the whole house quicker and cheaper than the actual broadband connection, you have a problem.

And the phones have 25-30Mbps because they can utilise it easily. Multiply by, what, 8-10 devices in the average family household and you need 250-300Mbps to match the performance of a smartphone.

As time goes by those numbers aren't going to get any better and what's going to happen is consoles, tablets, laptops and smartTV's coming with 5G SIMs in them by default. At that point, broadband is useless unless it can deliver Gbps to the house in order to compete.

Fixed line broadband needs to buck its ideas up or people are just going to move to mobile telephony, and maybe in the most rural of regions too (two articles in the last week about 4G-to-the-sticks projects).

I run my whole house from a 4G Wifi router including Chromecast, TV streaming (no TV, just TVPlayer.com, Netflix and Amazon Prime), console, tablet, laptop with Steam games, etc. I'm not the only one in my area as the Wifi network names show that everyone is doing it. Mainly because BT can only promise 3-5Mbps to the center of a large town inside the M25, and Virgin have no infrastructure nearby.

They need to wake up and start competing (in the serviced areas, as well as the "why the hell is it not serviced" areas, not just the rural difficult places) or they are going to lose all their custom to people just using their smartphones. The younger generation are already wise to this - they YouTube and Netflix on their phones by choice (because then they can each watch something different in the same room, and individual 4G doesn't buffer anywhere near as bad as a home wifi with a load of people on it), they have "unlimited" data allowances, and they can take that wherever they go (even to a mate's house).

Asking your mates for their Wifi password is a thing of the past now. People just whip out their own smartphone and Google away. Wifi is actually generally WORSE than whatever you'll get on 4G in London.

For me to part with £50+ a month just for a broadband connection, you'd have to be offering me 200-300Mbps or more at minimum, with a generous data allowance and no bundled shite (I don't even have a TV, or a landline phone... why would I need one when I have a projector and a smartphone?)

21
11

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits

Lee D
Silver badge

Re: Just kill ALL code in a browser.

No, I think the lesson is "don't try to get clever for the sake of performance".

Meltdown was caused by lack of security checks on speculatively executed instructions. If you're going to speculatively execute, why would you handle the instruction any different to when you normally execute it? That's a disaster waiting to happen and people knew it.

Spectre is the same except instructions are executed that give away information to the process about what happened. Again... this shouldn't be possible. To any process running, why is it ever made aware of the results of a speculative execution? By definition, that execution shouldn't be detectable or it's not "speculative", it's literally execution and rollback.

The latter is more subtle, but both are the product of not executing speculatively at all... but actually just executing. And in the former case, executing without the same security boundaries.

They were also known about for quite a long time, people have been saying it's ripe for attack for years along exactly these kinds of lines (I think people actually expected Spectre more than Meltdown, to be honest - a side-channel attack on such a process is much more easily predicted than an abject failure to apply memory protection).

If you can't execute arbitrary code as an ordinary user without compromise, your system is flawed as a general purpose operating system running on a general purpose computer. That's not to say that you let your users do what they like - appropriate security controls should ensure they can only interfere and trash their own stuff, not anything else, however. But we still live in an age where thousands of users sharing a machine aren't contained, isolated, bottled, virtualised and removed from the hardware such that it doesn't matter what they do. This is something we learned in the early mainframe days.

Sure, it costs on performance to do things properly. But in the days of 2GHz processors being "the norm" despite much faster processors existing, performance isn't actually our top concern any more. But billions of machines in the hands of idiots who'll click anything is. Rather than say "Ah, well,t hey shouldn't have clicked that", it's time to make a processor, architecture and OS where it DOESN'T MATTER that they clicked something... it can't break out of its process, memory space, virtualised filesystem (with no user files by default until the user puts them in that program), etc.

We're designing systems on the basis that every user is a computer expert who religiously verifies every code source they ever see, while putting a smartphone in everyone's pocket for £20.

4
1

You're decorating it wrong: Apple HomePod gives wood ring of death

Lee D
Silver badge

Design should include product testing.

Sure, you may not immediately realise that a material you're using stains wood, but surely that product's been in testing in some people's homes for at least, say, a year? And using materials that have data sheets and which the engineers are familiar with and have used before, or tested thoroughly.

Apple's "design" for just about everything they do just means "designer" (i.e. we had some arty-farty bloke approve it and slapped $500 on the price). Every product they've ever had that I've come across has design problems... starting with the boxes that this stuff comes in (opened an iPhone 6 box today... same problem as the iPad Mini boxes... no fingerholes, internal vacuum on opening, bare glass-up iPhone floating on a tiny sliver of insert right at the top of the box, the first thing to smash if pressure is put on the large flat surface of the box, the first thing to fall out when you have to do the inevitable hard-pull-which-then-gives or slight-shake-to-coax-bottom-of-the-box-away - even nestled barely inside a rounded-corner depression only half the depth of the phone so it slides out perfectly the second you open the box and onto the floor. And then two inches of NOTHING underneath which could happily cushion the expensive product inside and/or something to hold it in place a bit better) and it continues through their product ranges, their accessories, their website, their OS, their GUI.

Everything I touch that has Apple on it... I have a WTF moment within a minute, tops. "Hey, let's put a flat, flush-fitting, non-textured power button on the rear of a large screen that doesn't rotate, so you can't feel it without knowing precisely where it is, and make it so it's in the most inconvenient place possible to actually TURN ON or OFF the machine when you're sitting in front of it."

The epitome of this - their "design" book, where they show off all their amazing "design". Which has a white spine with white text on it that you can't see from any kind of distance, because the indent is so subtle that it's lost in any kind of normal lighting. (Following another Apple trend, the book is £170, which It works out to 50p per page, by the way, or 37p per photo. I can only imagine they printed it out on the most expensive inkjet printer known to man. I don't even pay that for processing my own photos!)

22
0

Rogue IT admin goes off the rails, shuts down Canadian train switches

Lee D
Silver badge

Re: When I was let go

*cough* This. *cough*

I've done exactly the same (note: it was a sinking ship, and I was quite late to be picked on after all those above me had left and warned me of what was to come, I was picked up by word-of-mouth by a new employer before I'd even gone so I didn't even need their reference, but I DELIBERATELY worked through a critical point of the year so they couldn't blame things not working on me, informed them that I'd had enough for a long time prior, they failed to accede to simple requests, so the foretold consequence was I would leave if it wasn't done by a certain date... and it wasn't).

So the upshot was: I'm going at the end of the day. Here's your handover. Please witness me disabling my account / changing my password to something of your choosing / handing back all your keys and cards / disabling my swipe card from access control / etc. If I ever access anything ever again, it's complete and utter deception on my part, not just a slip of a saved credential.

By the way... here's the "big book" of passwords, you have everything you need in there, right? Right? You don't know? Then you need someone to check because once I have gone a reasonable amount of time I won't have those details because I've removed all my access for my email from every device. If you don't ask me for a detail in the next week, and it's not already in the book, you are out of luck for anyone using that service, understood?

Followed by some guy they knew coming in, them paying for me one extra day to "handover" to someone "who knew IT better" (I have no problem with that). The guy was useless, I handed over in a matter of minutes because he didn't know what to ask, how to takeover, what to check, etc. and they just furnished him with the complete "big-book" without question. As you say... tag... you're it! (And you can deal with the guy who's been convinced for years that having the domain administrator password would somehow magically make his WMA-only voice recorders load into the MP3-only software he bought without conversion).

Got him to sign-off on my leaving and that I no longer had any access. Said bye forever.

Never heard from them again, except via whispers from people who similarly fled. Soon after, almost all the main staff changed, the IT changed entirely, even their website changed. I can't believe that was coincidence rather than someone just not knowing how to takeover and messing up.

But, no way would I leave them with an opportunity to pin things on me past that point (Hey, up until then? Blame me if you like but it'll require proof), even if they went to the extreme of fabricating evidence. Exhibit A: a signed piece of paper from an "independent" witness that he'd watched me disable and closed off all avenues of entry and he'd changed all the master passwords and removed all my access.

I don't WANT to be responsible for your systems. Or else I'd still be working there. And though I could cause untold damage if I had malicious intent, I'm not sure they got away with things that easy by me doing things exactly by the book either.

5
0

From tomorrow, Google Chrome will block crud ads. Here's how it'll work

Lee D
Silver badge

I don't care about ads. I have no reason to allow them to be viewed. Nope, not even on The Reg.

I tolerate their presence if they are tolerable, much like I used to tolerate newspaper ads (don't read newspapers any more, but same principle).

However, distinguish ad controls from "unwanted shite" controls is the path to madness. Do I want things to be able to make sounds on a page? No. I don't care if it's an "ad" or not. Whether it came from another domain or not. Whether it's a certain size or not.

Do I want things to create popups, open tabs, be layered over the top of content I want to read, etc. No. I don't care whether it's an ad or not.

If I want those things on some sites, I want controls and questions to enable them, not disable them. I want click-to-play for ANYTHING that makes a sound or animates. No click, no sound. I want NOTHING to open new tabs or windows. Nothing at all. There's no need for that in this day and age. Nothing. If I want to do that, I'll middle-click the link/button/image and ASK for that specifically.

Opera understood this, and enforced it. But Chrome and Vivaldi don't. Stuff still pops up in a new tab, and even switches to that tab without me asking for that. Stuff plays sounds WITHOUT me asking it to. That shouldn't be happening. VIDEO AUTOPLAY SHOULD BE BANNED, for every movie and animated GIF out there, unless I make an exception.

Sure, it's slightly more tricky with HTML5 and dealing with things layered on top using CSS but I can't fathom why it's still that difficult.

But the point is... every one of those things stops me visiting your site. Whether it's an ad or not. Do it often enough and I'll just go away and not come back which will hurt your ad revenue harder than showing me a plain boring ad rather than a flashy video one.

But it's nothing to do with ads, and everything to do with browser security controls and user interaction applicable to ALL content shown. The fact that things can STILL pop up in a background tab (usually a click loads a second tab, tab 2 loads the original page, tab 1 then redirects itself to some other random ad/page/site, but the page my mouse is on ends up going to something not reflected in the original link) on the most up-to-date Chrome/Vivaldi really annoys me.

19
0

Six things I learned from using the iPad Pro for Real Work™

Lee D
Silver badge

"Overall, despite much carping over details here, I found the iPad surprisingly usable and likeable."

Details like... you can't drag-drop nicely, manage files, save a JPEG... god.

"After almost a decade, it's still early days."

And there's the problem. Give it another decade it might be usable.

Hell, they ONLY JUST figured out multitasking and can't even get the gestures right for that.

Something tells me that The Reg is still trying to find a way back into Apple's good books (though I can't imagine why they'd want to for a second).

I can't imagine anything worse than using ANY kind of iPad for serious work.

Pretty much the only contender in that kind of arena isn't even a tablet - it'll be one of those convertible laptops that has a "proper" copy of Windows.

We have iPads and Windows Surface in work... the iPads are just toys and the Surface has LITERALLY done the rounds of all the senior staff and nobody can find a use for it despite everyone clamouring to have it. It's been sitting on a shelf for I-don't-know-how-long now. People literally choose NOT to use it and ask for anything else rather than struggle with it.

I imagine the iPad Pro is the same. And, though not necessarily solely the iPad's fault, non-compatible Office is game over before you start. I mean... really.. there's no excuse there.

If you want to do "proper" work, you need Windows (I hate to say it), proper Windows, not half-baked Metro-eqsue Windows CE equivalents, in at least a VM (so has to be fully virtualisible if not actually a Windows machine as sold), with a decent keyboard (things that are attached but flimsy will break the first time you grab it quickly and they swing into the edge of the table, if they don't flex out of shape/break before then (Though I don't use Apple products where possible, I'd much prefer them to be slightly thicker if it means they could be even a BIT more sturdy), and something which doesn't rely at all on gestures (cute for killing apps, useless for just about everything else).

Gimme one of those Yoga things, made properly, with Windows and VMWare. I'll make it out-do anything that any tablet, Pro or not, can do. Even MacOS (inside a VM).

29
23

Hyperoptic's overkill 10Gbps fibre trial 'more than a clever PR stunt'

Lee D
Silver badge

Re: Wow

For £25k you could do it yourself. Just about any leased line company will install one for that price. A mile isn't much if you can run to nearby road-side services and pull through.

To be honest, you'll likely be better off with 4G, as a number of recent articles here are showing as the alternative when you can't get decent copper.

0
3
Lee D
Silver badge

"For the trial it used a single thread of single mode fibre with a bidirectional 10G SFP+ transceiver."

You mean... they bought a switch off Amazon, stuck an off-the-shelf SFP in it, and plugged it into some compatible fibre which ran down the road?

Oh, wow.

And, I'll flood 1Gbps in a household connection in no time. Just a matter of having the right kind of task at hand (e.g. a large flat uncached download), a decent router and a couple of computers connected to it. Hell, I could grab any huge, popular torrent and hit max speed in a matter of seconds, so long as there was a decent upload on the same pipe.

But I don't think this is anything surprising or special. And every computer has 1Gbps Ethernet and probably 300-400 Mbps on the wireless. It just needs a box capable of taking 10-or-so of those and combining them to flood a 10Gbps fibre, let alone anything smaller.

3
1

Yes, Assange, we'll still nick you for skipping bail, rules court

Lee D
Silver badge

Re: Sheltering Criminals.

I think you'll find that it's more akin to conspiracy to obstruct justice, maybe even contempt of court, yes, but pretty much the same question applies.

8
2
Lee D
Silver badge

Re: What would happen if Assange stepped out ?

Fact is, that will all happen anyway.

Hiding away isn't going to change ANY PART of that. The Swedes already dropped the (immediate) charges. There's nowhere else to go from here.

So whether he came out the day they did that, whether he gets charged and spend a day or a year in UK prison (inevitable anyway, I would guess), or whether he stays in there for another 70 years... the day he steps out, all the same actions occur in pretty much the same order.

- Arrested by UK police

- Charged by UK charge

- Serves UK sentence / pays fine / whatever.

- Then whatever would have always happened anyway.

He thinks that hiding there 6 years instead of 5 will make everyone involved give up and go away and I don't buy that for a second. Certainly the UK courts won't give up. And it's costing no-one else but the UK (and the Ecuadorians) anything to just hang back and wait to see.

Pretty much, I would also suspect that the last five years of trade with the Ecuadorians reflects the increased cost of having their embassy in the UK, by some roundabout negotiating and accounting methods. So it's probably only the Ecuadorians (who seem to have stopped defending him, so much as tolerating his presence) who really care about changing the situation - which is great because they are the only ones able or likely to change anything at this moment anyway.

And when they get sick of him and eject him, guess what... THE SAME THINGS HAPPEN ANYWAY.

All he's done is served 5 years in a self-imposed prison annoying people on top of whatever would have happened anyway.

19
1
Lee D
Silver badge

So you want to have potential, unknown, theoretically possible actions, which could or could not occur, with no hint of any such request, and may or may not be in accordance with UK law to be taken into account when discussing whenever he should be nicked for deliberately, definitely, absolutely, categorically, provably, self-confessedly skipping bail?

The Chinese could send a hit-squad of crack ninjas in tutus to capture him. It doesn't mean that it gets any more consideration by the court on a basically unrelated matter.

And the answer basically is: If the US want him, they need only ask. They don't have to do anything illegitimately, they could just ask for him when the time comes, dot the i's, cross the t's and they'll likely get him. Not arresting him on an unrelated matter IN CASE that times comes is a nonsense.

I don't think you understand jurisdiction, charges vs arrest, the charges in question, the arrest warrants in question, international due process, extradition procedure, or how a court is obliged to operate within the rule of existing law (i.e. not on the basis of "this random illegal thing that has almost no precedent - note how we mention other cases where they didn't get their way - could happen by one of our legal allies who could just request him, which may be harmful to him").

Spend a day in a court and you'll see much more difficult decisions being made inside laid-down legal frameworks. This is basically a rubber-stamping exercise of the only result that could have come out of such appeals etc. There's almost ZERO interpretation available to the court here. Maybe on the issue of "amount of sunlight", that's about it. And that's just common sense, not even requiring a court to make that decision but just about anyone with eyes or - worst case - a doctor.

Sorry, but I feel the one who's missed the point is yourself.

He'll be arrested for bail, no matter what, probably charged, probably sentenced (I think they'll probably go for the maximum which is, what? A year in "real" prison?). Then after that, the SAME REQUESTS that would be made if he were freely released, or escaped back into the public domain, or whatever else happened will play out from whatever countries want him anyway.

I'd actually go for "US makes token effort to obtain him, gets bored and silently gives up". But that won't even start until he's in a UK jail, most likely. And then we'll be asking for him to serve his full UK sentence first.

34
3

It's official: .corp, .home, .mail will never be top-level domains on the 'net

Lee D
Silver badge

"My last job used $companyname.co.uk as the internal AD domain name."

There's nothing wrong with that, so long as you own that domain. In fact, that's why it's called a domain name in AD and in DNS (and AD is DNS based).

The "hack" to make it work internally? Set your external DNS resolvers to reply with your external IP and your internal ones to reply with your internal IP? Same config I have here.

"helpdesk.companyname.com" resolves to a 192.168. if you're querying our internal nameservers and to our external IP if you're querying our "real" DNS servers visible to the outside world. Works fine.

In fact, the gateway is smart enough to redirect and port-forward even internal access just using the external IP from inside (i.e. no DNS changes required) but I don't like that... I like a clear separation.

That's not a facepalm - that's how you should be configuring it. In fact, I'd query how you'd migrate smoothly to Azure etc. in the future if you're not already doing this (https://support.office.com/en-gb/article/how-to-prepare-a-non-routable-domain-such-as-local-domain-for-directory-synchronization-e7968303-c234-46c4-b8b0-b5c93c6d57a7)

3
0
Lee D
Silver badge

My workplace has the ".int" set as the AD domain... shame we don't own that and probably never can.

I assume they though it meant "internal", but obviously they haven't heard of .local or even using the main domain name that we DO own...

Luckily it doesn't cause many problems, but it's an annoyance I hope to one day purge.

0
0

Brit regulator pats self on back over nuisance call reduction: It's just 4 billion now!

Lee D
Silver badge

Oh, no voicemail either.

As far as they're concerned my line just rings forever until they give up or I cut them off.

0
0
Lee D
Silver badge

I found an easier way.

Ditched the landline.

Registered with TPS years ago.

Don't give out my number unnecessarily.

Always utilised the follow procedure on mobile:

- If caller known, answer.

- If number withheld, refuse call.

- If caller unknown, Google them or look them up in an app.

- If no relation or no business relationship, block it permanently on the phone (e.g. by adding to a "fake" contact called Spam with no ringtone suffices even if your phone is out of the Ark).

- Anything important, they'll text, email, ring back, write or call you from a proper number.

Number of spam calls since September: 0

Number of spam texts since September: 0

While all around me people are often answering their mobile phones in work or at leisure and dealing with insurance claim guys, I get basically nothing and even when I do, I just let it ring out and then see if the number was spam.

I've had the same number for nearly 15 years. I've changed providers many times. I've got all my services tied to that number, all the SMS confirmations, 2FA, etc. so it's in quite a few places. I moved flat recently and don't have a landline so all my utilities etc. are registered on that number too.

But if you just never answer unless you already know who it is, they all die off or get nowhere. Hell, just set your normal ringtone to silence / no vibration, and then set your contact's ringtone to something actually audible. No bother at all and no hi-tech required.

If I was really bothered, I'd get a SIP line or a Skype number and just forward it to a mobile that accepted nothing else, and then change it whenever it got spammed.

P.S. Reporting spam texts is a waste of time - it doesn't forward the originator's details, and when the place you report it to reply and want that you have to send another text with "the number it appeared to come from" (which is always faked anyway), and then literally nothing happens.

4
0

Remember the Yorkie pizza horror? Here's who won our exclusive Reg merch...

Lee D
Silver badge

Re: Northerners...

To paraphrase Joey from Friends:

"What's not to love? Pepperoni? Good. Pizza? Good. Tortilla? Good. Gravy? Good."

3
0

EE unveils shoebox-sized router to boost Brit bumpkin broadband

Lee D
Silver badge

Re: To be honest no worse than the 1mb I get at the moment

Um... let's say you get 25Mbps each.

That's a 100 * 25 * some factor (probably 1/10 for standard contention). That's a 250Mbps leased line. They don't really do those so realisitically you're looking at a 1Gbps leased line, instead of a 100Mbps leased line.

That, on it's own, would cost more than £24000 to install if it involves digging up even one road. And then something like £1000 a month ongoing.

Not all 100 people would sign up.

The people installing it (Openreach as opposed to BT) would see much less than £20 of it.

Likely you'll give them £5-6000 a year. They wouldn't be able to afford to keep a leased line up.

On top of that, they'd have to provide you all with service from that cabinet, which means VDSL etc. modems in it, which means an upgrade costing probably about £10k or more again. Then they'd have to handle the other end of the leased line to give you several hundred megs of extra capacity.

And that's assuming they don't have to:

- Dig over a lot of other people's land, run a new cable ANYWHERE back to an exchange with gigabit+ connectivity, rent other people's ducting or install any new capacity.

- Rent out that pipe to another company on a fair an reasonable basis on demand from any of their customers.

- Pay anything at all for ongoing ground rent for the cabinets, ongoing maintenance, equipment, cables, ducts or access routes.

I despite BT/Openreach and have done my utmost to make them lose every piece of custom I can (including leased lines and dozens of telephone lines in a multitude of schools). But I can't say that it's at all cost-effective to give people the Internet service they desire as a private corporation. There's a reason they used to be nationalised and the costs amortized over decades and over the entire nation. Because that's what is required to do it.

And you're not even CLOSE to being "out in the sticks" where there may be no line at all, no cabinet at all, no existing ductwork at all (for kilometeres!), and no well-served exchange nearby (again, for kilometers).

The numbers don't add up. What we should have is a broadband tax that pays for kitting up locations once and for all. Literally FTTC / FTTH, with capacity (if not equipment) enough to go to 100's of Gbit in the future, that everyone pays for, which funds the rural installs that are otherwise completely non-viable.

Because at the moment, you'd be lucky to convince BT to throw you a leased line to your house for £24k and a couple of grand a month in most places that have inadequate broadband.

Case in point: A school just a few miles from Watford... £12k install costs + £10k own costs (we dug our own trenches across farmer's land and sunk fibre ducts of our own in co-operation to reduce their install costs) and £1k a month ongoing. For a 100Mbps leased line which wouldn't serve a street of people on VDSL let alone a town. Total distance - about 500 yards to connect to a cabinet that already existed on a major road with major links back to a central exchange.

The numbers rarely add up. But that doesn't mean we shouldn't be making them happen anyway, once, well and for a long time, much like we did copper telephone lines at one time. The cost reductions of then everyone have VoIP capability, online government services, reduced reliance on broadcast TV/radio, etc. etc. would pay for itself eventually. But nobody is going to stump up billions to wire in people who have 1Mbps already, and go bankrupt in the process. That's how NTL's cables all ended up forming Virgin Media's cable network - the costs were already sunk into a bankrupt business.

4
4
Lee D
Silver badge

As someone who just gave up on trying to get a landline with a decent speed broadband without paying the earth*... why not just do it yourself?

If you have 4G on your phone outside your house, you can just buy a tiny Wifi 4G router, and stick an antenna on it (alright, it might be wise to ask someone what antenna as you can exceed transmit limits if you're not careful, but places like Solwise sell off-the-shelf kit to do this).

Then buy any SIM from any provider and off you go.

I bought an Huawei thing. Pocket-sized. Takes any SIM. Provides Wifi to the whole house (2.4 or 5GHz). App controlled so you can block heavy users. Even has a microSD so you can offer centralised storage. Operates as a home router (so my Chromecast is on it and I can do full speed client-to-client traffic, etc.). Battery powered (but can be always-charging quite nicely). 6 hours on battery. Plugs into an antenna that cost me £20 which I stuck in a window (didn't need to, but noticeably makes things more reliable and faster).

I get 30Mbps at worst down now. People don't even realise it's 4G... ten people round the house playing online games / browsing and you wouldn't know. Plus things like TVPlayer, Netflix et al can be included in your data allowance with some people (Vodafone lets you pay £15 a month extra on top of a basic allowance for EVERYTHING - Amazon, Netflix, Google Play, Facebook, Youtube, etc. are all then excluded from data-allowances, Three do the same but for Netflix/TV Player, I'm sure most places have something similar).

And I can stick it in my pocket and take it on holiday to Europe with me, in the car, a friend's house, etc. without having to do anything special (roaming data included in my SIM deal). Month-to-month contract (could be cheaper if I signed up to 2 years, etc.). I can change the SIM at any time. I can even run up one SIM's data, switch SIMs and carry on with all my usual devices without touching anything but the Huawei box itself.

Basically this box is the "mobile hotspot" option of your smartphone, miniaturised. (In fact, my particular one is Android based, but you can't tell that because it has only a tiny little information display, no touch-screen, no buttons, etc. but it's basically "slap a cheap old smartphone into a box, put some custom software on it, sell it as a router".)

*BT's checker says I could get 3-4Mbps on ADSL and 5-10 on VDSL... bugger off, especially given the line's rental etc. Yep, I'm inside the M25 near a large town that's otherwise well serviced for Tube, rail, road, power, etc.

18
0

Bruce Perens wants to anti-SLAPP Grsecurity's Brad Spengler with $670,000 in legal bills

Lee D
Silver badge

Re: You mess with the GNU ...

The licence clearly says:

"You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License."

If he's considered to be "sublicencing" the kernel GPLv2 code that he based his work on (by charging a subscription for a GPLv2-based work and cutting people's subscription to that if they exercise their given rights under the GPLv2 granted to them by the Linux kernel licence AND his modifications that must be GPLv2 too), or distributing it under some other scheme, then he's in breach of the licence.

It would be up to a court of law, but it's quite clear that he'd lose. You can sell it. You can't stop people who buy it from giving the source code away. And by imposing an outside restriction on a future subscription service based on you NOT being able to legally exercise the rights under GPLv2, then you are clearly modifying a contract with an external factor... which could be considered sublicencing by imposing foreign clauses not written in the GPLv2.

He wouldn't win.

P.S. you can't relicence the kernel. Hundreds of former contributors are dead and you'd need to trace every line of code they ever wrote and replace it with similar code under the proper licence. Additionally, there is absolutely no desire within the core kernel community to do so, there's a reason that "V2-only" was specifically chosen, they could have just used v2 which would allow a free "upgrade" to V3 at any point, but they specifically and categorically chose not to.

Plus, there's no need to. Nobody has ever proven a GPL weakness in any court in the world, and places like Microsoft, Google, IBM, etc. run in fear of the damn licence if they might be found to be on the wrong side of it. That tells you all you need to know.

7
0
Lee D
Silver badge

Couldn't happen to a nicer company.

And if I remember, there was a psuedo-statement from Bruce/his lawyers that if GRSec stopped doing what they're doing, they wouldn't bother to chase the anti-SLAPP stuff and would just let it go. Specifically dropping the libel claims, not even having to actually fix the stupid licence/contract conflict.

17
0
Lee D
Silver badge

The IBM vs SCO tactic.

Don't just win. Invalidate their patents. Bankrupt the company. Destroy all their claims. Get their copyrights invalidated. Chase the lawyers.

Sure, it cost IBM 10 times as much as it could have, but you can be sure that nobody else is going to try that tactic (though SCO are still going, somehow... but at this point there's nothing left and everything they do is costing the lawyers money because of their earlier fixed-price deal).

12
0

Jack in black: 12 years on, Twitter finally makes a profit from its firehose of memes and misery

Lee D
Silver badge

When announcing a company "finally making a profit", I think it should be compulsory to tell us where that money's coming from.

I certainly don't pay Twitter anything.

Looking at my Twitter account, I see a tiny advert for Belvita biscuits, disguised as a twitter post, which I wouldn't click on in a billion years. That ad is a 1 minute streamed video which must take some production and backend infrastructure to serve to millions of users. Are Belvita really paying that much?

And I can scroll down for years, post tweets, view others, etc. without seeing many further ads (certainly no more than one tiny one a page, but like I say... I can scroll forever and zip between many pages without seeing anything else).

So... where are these mysterious millions/billions coming from? Who's paying that much to encourage me to buy a breakfast biscuit that I probably couldn't buy online without going to Tesco's or similar anyway?

It's no surprise that they are just haemorrhaging money.

4
0

Apple's top-secret iBoot firmware source code spills onto GitHub for some insane reason

Lee D
Silver badge

Re: The dangers of a monoculture ..

Put a hardware switch on - great, now you can NEVER fix a bug in the bootloader.

Encrypt everything with a unique key? You still need to store the key somewhere and then decrypt and execute pretty much the same code for everything. The key being different doesn't help. Pretty much this is the TPM solution. It doesn't stop things being hacked, it just makes support, troubleshooting and repairs/replacement almost impossible (there's a reason that your Apple store will tend to bin your phone and just give you another of the same model).

None of that stops people finding flaws in the bootloader, attacking it, thereby getting access to things they shouldn't and using that to subvert the computer.

1
0
Lee D
Silver badge

Cool.

I work in a school and we have a bunch of old manky iPad Mini's and the old iPad 2's that nobody would touch with a bargepole nowadays. Would be nice if I could convert them to run Android or something more useful now that they've been pushed onto an unsuitably high iOS version that slows them to a crawl (even pre- the battery life etc. issues that are now common knowledge).

I mean... I wouldn't pay for them, but I have a bunch of them that are going to go in the bin otherwise (literally not worth enough to bother selling them) and if I could turn them into digital-signage or a CCTV monitor, at least they would have got to do something useful for once in their life.

12
2

From July, Chrome will name and shame insecure HTTP websites

Lee D
Silver badge

Re: Meh

Man-in-the-middle malware attacks.

ISPs have been caught modifying and injecting ads.

You can't do that on HTTPS. Not without flagging a bunch of warnings.

However, it does remove/destroy all the capacity of centralised caching (e.g. in workplaces) for simple things like images and static pages. But I can't say that's a bad part of the trade-off... pretty much the cacheability of websites has plummeted in recent years because of video, CDN, advertising, etc. anyway.

There's no reason NOT to encrypt. And a hundred TO encrypt.

Now if we could just worry about end-to-end encryption for all email, then we might actually be living in the 21st century a bit.

28
3

Beware the looming Google Chrome HTTPS certificate apocalypse!

Lee D
Silver badge

Re: Class Libel Suit anyone ?

"Most websites aren't businesses, and don't store customer data. Fuck Google."

What's that got to do with Chrome revoking Symantec certs?

If you had a cert, you were securing something.

If you didn't, you weren't.

Nobody is (yet) outlawing plain HTTP websites.

But with LetsEncrypt and things like auto-support in Apache, it'll only be a few years before HTTPS is the only accepted communication - which is no bad thing even for a personal website that most people have no idea of the hosting details of anyway. It means your website content can't be subverted by ISPs fiddling with your content/ads mid-transmission, as some have been caught doing.

With HTTP, literally any idiot along the route can slip some nasty Javascript or tracking code in that your visitors will be exposed to without your knowledge. With HTTPS, it takes something actually on their computer to do the same.

14
1
Lee D
Silver badge

Re: Class Libel Suit anyone ?

I've yet to see anyone even know how to add a certificate exception to Chrome... pretty much you can't do it as a limited user, and people don't know how. We have (finally) reached the point where people can't just click "Accept All" and then carry on spewing their details.

Hell... try replacing Google's certificate with anything else, most browsers will throw a fit because of certificate pinning, HSTS, etc. So, no, a broken cert is a broken website nowadays and people won't be putting their cards into it because it'll come up with dire warnings in any vaguely modern browser.

And nobody needs pay anything. LetsEncrypt lets you have free certificates accepted by any browser. But I'd be wary of a business that DIDN'T want to pay the pittance that SSL certificates cost in order to secure their customer data.

It's not Google that enforces this... it's any browser.

15
5
Lee D
Silver badge

Re: Class Libel Suit anyone ?

Given that the inclusion of a certain CA into a certain browser is almost entirely voluntary on the part of the browser itself, there's not much you can really do about it. They could decide not to include a CA "because they're a bit smelly" and there's little to no legal recourse. Stating an opinion on the security of a CA that issues mega-wildcard-certificates is something that anyone is quite able to do... and is ALWAYS going to be negative as they simply shouldn't be doing that if they want to be a respected and trusted CA.

The industry is about trust, not legal agreements. You don't want to use a CA that just has "a special deal" with Chrome to be included in their browser by default, I assure you. Lose the trust and you lose business. Because I bet a ton of people now won't touch Symantec or subsidiaries for a long time to come for their certificates.

If you don't like that, don't abuse the certificate processes. It's like a baker who's been snotting into the bread complaining that someone told on him and now nobody buys his bread.

47
0

Indiegogo to ailing ZX Spectrum reboot firm: End of May... or we call the debt collector

Lee D
Silver badge

“Firstly, we have decided we will no longer be silenced by the people who have orchestrated a campaign of harassment and credible threats against us."

Were you ever silenced? It's all I hear him whine about. P.S. Call the police in the case of a credible threat, or a solicitor. What that's got to do with customers, bailiffs and IndieGoGo (unless said threats were made on their forums, in which case why are you not saying they aren't dealing with them?) I can't fathom.

"The BBC report from yesterday is completely misleading. We have not been issued with an ultimatum by Indiegogo, in fact, we have been in dialogue with them for some time to discuss the harassment and serious threats, and they are very understanding of our situation.”

Correct - they haven't issued an ultimatum. They don't say that. They say they WILL. And I should hope you're in dialogue. Again, what that's got to do with product delivery or sending in the bailiffs, I can't fathom.

"She also alleged the Beeb had ignored an offer to interview 72-year-old David Levy"

And? So? What's that got to do with delivery of the product and/or sending in the bailiffs?

I'm not a backer, because I saw this one coming.

Try this:

Deliver the product. Or offer a refund.

Sue or have arrested people making credible threats. Or stop whining about them.

Deal with your customer's non-threatening complaints. Or stop whining about people complaining.

Dig out the paperwork that says that ex-director doesn't have any rights. Or pay him.

Oh, and file your returns.

It's really quite easy. Currently the only path I see is bankruptcy and you seem to have no care addressing that concern to your customers and would rather go bankrupt owing them all money than trying to give them something back.

I honestly don't care, I have no interest in the project and wouldn't touch it because I've learned to spot the slimy salespeople who do this (I skipped OpenPandora for the same reasons - I spotted that the guy in charge at the start wasn't ever intending to deliver, and then it turned into a shower of asking for more and more and more money and then delivering units only to whoever-paid-the-most instead of whoever-backed-from-the-start). I have no connection with ANY of the people mentioned. But you're running a slimeball business and using the same soundbites and distractions that I'd expect if you were one of those people who just runs the company into the ground, takes their percentage, runs, screws over all the customers (and most of your own staff), and then sets up elsewhere on something else to try it again.

If you want to combat that image, make the choices above. If you don't, but carry on with the "oh, we're being harassed", "it's all that guy's fault", etc. distractions/excuses, then you're quite possibly going to end up in court, maybe even jail, and I and many others certainly will have nothing to do with ANYONE so named as being on this project ever again.

If you had a shred of decency, the next blog update wouldn't be a rant. It would be a stating of the situation, a reasonable date by which you will guarantee delivery or refund, and an apology.

I don't see that happening, though.

26
0

Boffins crack smartphone location tracking – even if you've turned off the GPS

Lee D
Silver badge

Gosh, it's almost like if you let a piece of software collect lots of unnecessary data and then upload it to some random place on the Internet, that someone could use this against you in some way.

Seriously... fine-grained permission control. Why are air pressure and heading not protected by a permission? Because there's no "you must ask for permission" blanket default before a "you must grant permission" user-authorised exclusion when that data is requested.

And users are stupid and don't understand that a walking app doesn't need to know your air pressure.

Honestly, any combination of more than 2 or 3 permissions is a warning sign, and things like "requires Internet access" isn't fine-grained enough. MAKE APP MAKERS SPECIFY TARGET DOMAIN NAMES.

PC's are rapidly moving towards web-services contained within the browser DOM model on the local PC, apps are the equivalent of installing a Flash plugin. It's a backwards step.

Sorry, but you get the bare minimum of permissions to do the task at hand, the default should be "no" for everything, and users should be able to say "Pretend I've given it the permission, but just send it fake data" (e.g. The flashlight app wants webcam access? Sure. Send it some white noise.). But, to be honest, rather than propagate the Vista UAC debacle into every mobile phone on the planet, let's just stop making programs that require those permissions and refuse them at the app-store. Literally force the writers to publish something like an SELinux capability report, down to port numbers, domain names, and format of information sent, individual permissions for everything (there should be no "you need to ask for camera access to turn on the flashlight" as is/was common), which is then audited for necessity, and any warning that pops up EVER on any phone that it's breaching those capabilities result in its being blacklisted as an app.

Without it? You're in a blank sandbox filled with false info no matter what you request.

64
3

Forums

Biting the hand that feeds IT © 1998–2018