* Posts by Lee D

1767 posts • joined 14 Feb 2013

Virgin broadband latency probs still not fixed 6 months on

Lee D
Silver badge

Re: Wheres offcom?

Why the hell are you spending £150 a month on an Internet connection? That's some stupendous leisure fund, there. Downgrade, buy a decent router, stick the Virgin stuff in modem mode, and make the decent router QoS prioritise your gaming traffic over the kid's YouTube.

Everyone's always amazed on my game servers because I have lower ping than them, even when the server is in their country and not mine. It's got nothing to do with speed (I'm only on the "basic" 75Mb package that they forcibly upgraded me to from the "basic" 30Mb, that they forcibly upgraded me to from the "basic" 10Mb), but making better use of the connection.

If you're stressing a £150 a month fibre connection, you really should invest in a better router (one month's subscription at that price!) that can take all that load away from a crappy piece of ISP-supplied junk and just turn their hub into a glorified media converter instead.

1
1
Lee D
Silver badge

Re: Bye bye Virgin

If I have to fight and go out of my way for a reasonable price, that's probably a reason I wouldn't want to be a customer any more too.

You know who gets my business? Businesses who give a toss about their customers rather than penny-pinch from them all. They are quite literally deliberately giving old grannies, happy customers, etc. a duff deal in order to make more money, if you think about that kind of sales tactic.

That said, do you know the suppliers that I hang on to for dear life? The guys who say "Well... we *can* do that for you, but it's not really our area of expertise. Let me give you the details of a company we sometimes work with who can do that better.", or even "Look, I'm not going to lie to you, you probably can get the kit cheaper on Amazon, but we have to earn a living".

As I tell all the companies that visit me at my workplace SPECIFICALLY to get a slice of the pie that I manage, I don't care about cheapest, and neither does my workplace. That's secondary to you being around next year, and doing me favours if I need them. If you're going to be around next year, I need you to make sufficient profit. If you're going to go above and beyond when it's an emergency for us, you need to make that back the rest of the year. We will PAY for that kind of service.

I am positively amazed at how many companies then continue with their "we'll undercut everyone" sales spiel for - sometimes - hours afterwards.

There's a reason that - in certain areas, like AV, etc. - I have one preferred supplier, use them exclusively and don't even bother to compare quotes or even go so far as have someone quote against them. We literally would not change them if someone was going to quote half the price. Because I *know* they will do us proud, and be there for us, whereas any fly-by-night can do a one-off cheap deal and then I'm stuck without support, with whatever they've left me with, and no-one will want to touch that stuff afterwards.

Virgin, to me, have good service. A lot of places don't have good service with them, but I can't replicate that my end. In over 6 years, my Internet cut out once because the kids pulled the cables from the street cabinet. It was back on in an hour. I get the speeds I'm promised, I have no latency issues (actually ALWAYS have the lowest ping on games), and it just does what I want. So I don't personally begrudge them the money I pay. But if you have to negotiate a 50% drop in cost every single time, rather than them just sending you a letter and dropping 10% off "for a good customer", then I would worry about who they are screwing over to do that. It's not me. But the day it is, I'll be gone.

Did it before with PlusNet - they were FABULOUS and technical and right on the ball, and even had a "Yeah, you know what you're talking about, let me put you through to tech" system that worked (e.g. changing ADSL interleaving settings because of latency on an SSH connection, that solved the problem in FIVE MINUTES from me phoning up with none of the scripted shite). The second BT took them over, they lost all that goodwill in minutes and I've never used or recommended them since.

Look after your existing customers.

2
0

Moneysupermarket fined £80,000 for spamming seven million customers

Lee D
Silver badge

Re: Personally speaking,

Which is why you generate unique email addresses at a cheap domain host, with forwarding to your "real" account.

Then when this happens, not only do you know WHO gave away your email address, but you can then just permanently blacklist any emails that arrive for it, thus saving you from all those marketing things they'd like to have from their partners.

I once had to ring up an educational computer furniture supplier, who somehow managed to get hold of the email that I'd ONLY given their rival. They basically admitted that they'd started the company from a stolen copy of the other company's database, helpfully brought in by a former member of staff.

It's more common than you think. I have several dozens websites where I *GUARANTEE* I never signed up to anything, but the email I gave for things like order notifications suddenly gets spammed by rivals or ends up on general spam lists. Therefore I have several dozen blacklisted email addresses (that still receive quite a bit of email, but it's refused with a snarky SMTP message) and companies to go with them.

E-Frag is one that springs to mind. I rented a game server from them once, about 10 years ago, and spam still comes in for that address I used, from all kinds of places.

For the cost of a £1 domain, it certainly cuts out a lot of spam. And if I wanted to, I could just not have the mailbox it delivers to be addressable directly (i.e. only accept the forwarded emails). Then I'd have basically zero spam, I think.

7
0

Let's harden Internet crypto so quantum computers can't crack it

Lee D
Silver badge

Re: Possible deadly flaw - compromised software

The "random noise file" doesn't defend against the attack described - just deliberately not using the full random capabilities available.

Closed source security software is a misnomer. You have no way to analyse what a program is doing, or whether it's not waiting for some flag in the code to be activated (haven't NSA-named variables been found in Windows before now?). Until that point, it just does thing normally, afterwards it does what it likes and isn't being watched.

If you want any semblance of security, you must encrypt yourself using software you trust. Then you can send the resulting message over any computer, connection or service that you want, because only the intended recipients will be able to read it.

But relying on the OS for security is probably not a good idea at all. However, it also has access to all of memory for the entirety of a program's runtime. That means it's game over anyway.

If you want to be "secure" against a well-funded hostile adversary, securing information that that adversary wants (e.g. terrorist-related info etc.), you can't do things on a general purpose, closed-source OS. That's just ridiculous to even suggest.

And more and more stuff is being done in hardware - from AES acceleration and beyond, even on the Z14 mainframe that had an article yesterday. You have *no idea* if that's being done properly. You don't even know if it's using random numbers at all.

And for a long while, Debian was using certificates with both very limited Diffie-Hellman parameters and low value exponents in the keys chosen. So even open-source isn't safe, because nobody is really looking for such things.

And at the end of the day, your data needs to be accessible and you don't memorise 4096-bit keys. Your encryption strength is then only as secure as your access to the machine anyway and most hacks occur through privilege escalation of a process already allowed access to the encrypted data (e.g. database interfaces!).

This kind of encryption really secures only communication in transit, but we confuse it for encryption of all kinds of things. And I don't really believe there are many casual hackers out there sniffing raw packets off the Internet and then breaking the AES streams, even in government. Still our biggest problem is the software used to secure the system, by far. Because while you still have websites that don't hash and salt your password with a decent algorithm, and then never store your original password, and then run off-the-shelf webstores or CMS software, your data always going to be at risk.

It's much easier to compromise one of the endpoints that to bother to try to break an encrypted communication. And any encrypted data saved to disk is only as secure as the weakest credential used to access it (e.g. your network token, your fingerprint - STUPID! -, your memorisable boot password, etc.).

7
0

Linus Torvalds may have damned systemd with faint praise

Lee D
Silver badge

Poettering works for RedHat.

Everyone followed suit despite protests. In fact, since day one people were saying it was a bad idea.

But it's hard to gain traction against a Red Hat pet project that's well-funded, that once it's your init system is hard to revert, especially when other core functionality begins to depend on it.

And alternatives were made, there were three or four at the time systemd came out, none of them ideal, most of them developed or sponsored by distros.

People did speak up, but I think they were hoping it would get supplanted before it took over the world. And, let's be honest, who knows enough to change their init system? Most people still think that distros only have one set window manager, because nobody gets the option any more.

47
0
Lee D
Silver badge

systemd was a good idea.

Well, part of it.

Replace the init system with something sane, that allows all kinds of extra features, automated startup dependencies, etc. Hell, even replacing scripts with a real program isn't actually that insane in the modern world.

But replacing it with a big, black box that basically replaces lots and lots of core functionality with its own ridiculous idea of a service in so many areas (DNS, etc.) just destroyed the concept for me.

Even the bits that people tout - cgroup isolation for services, etc. - could have been done with a bit of scripting with no extraneous dependencies. What people did was take a system with some small issues, replace the entire bootup sequence and all of ITS dependencies wholesale, and basically create "systemdOS" which does everything completely independently of both other programs and common sense in many instances.

It wasn't necessary to do that to fix the problem and now people are realising that. Funnily, part of the subconscious justification that people used with me was that "there have been no security problems with it, so it must be more secure". I always take that to mean that not enough people have dug into it, not that some programmer is magically capable of never making a mistake. Strangely, now that mistakes have been found (not made, that was inevitable), people are suddenly turning against it.

But I have problems with not just the execution but the whole design. As soon as we moved away from small, single-purpose, auditable bits of code (e.g. individual daemons, scripts, etc.) we moved towards the black-box model where even if there are people capable of tinkering with it, it's all far too large and ugly to play with and far too steep a learning curve, which leads to nobody playing with it, nobody trying to break it or do funny things with it (e.g. try a username with a number at the start) and hence everybody falling into a false sense of security over it "always working as intended".

Now that we're THIS far down the line, we suddenly discover that their assumptions are no longer true, but it's now a humongous mess of code that's integrated or taken over with everything it touches, and it becomes unauditable.

I'm not one to think that "the old ways are always the best". I resist change, until it's clearly for the better, which I think it quite sensible. But systemd was always a bad idea precisely because it took away the modularisation, reinvented the wheel, and had to do it in a way that's almost impossible for an ordinary "power user" to debug. At least with a script, you stood half a chance of working out what was going wrong (and, yes, I have had to hand edit boot-time scripts, especially when doing things like upgrading a distro).

Systemd was -and I speak in past tense optimistically - a heap of junk that nobody's ever really designed with a goal in mind, hence it rapidly expands to try to take over everything. There was no reason it couldn't be a bunch of scripts, a small collection of individual binaries with clearly defined purposes, or even still supported backwards compatibility with older init systems. If it had been, most of the objections to it would immediately be quelled.

But replacing nameservers, ntpd and even functionality like logins and filesystem mounts was never going to end well, and I doubt this will be the last problem we see with this software.

PoetteringOS needs to die. But that doesn't mean, by a long shot, that we should lose the purpose of why it was created or the things it *could* bring us. Init needed a reinvention, but systemd was never it for me.

119
0

Burglary in mind? Easy, just pwn the home alarm

Lee D
Silver badge

Re: This is California. In July.

In the modern age, everyone has shit worth stealing.

You'd be hard pushed, as a burglar, to break into somewhere and not find enough there to make it worth your while.

Burglar alarms, however, notify someone that something's not right. People miss the point that your neighbours really couldn't care, especially if it's often wrong. The *alarm* part is poorly designed nowadays.

However, the problem is that you just need to alarm the RIGHT people. The owners of the car/house/garage whatever. That needs some kind of integration, but in most circumstances a GSM alarm sending a text to the owner is a million times more useful and effective than something going off in the middle of the night while you're on holiday and just annoying your neighbours.

Because the person it alarms is then YOU, and the person who cares about the false positives is then YOU, and the person who knows they need to fix their stuff is then YOU.

But you don't need IoT to do that. In fact, that's layers of complication that you don't want. A GSM alarm is a plugin box, with a single off-the-shelf chip, tiny as anything, that texts a set number when a wire is activated. It's simple, works, cheap, and will send the text as soon as reception returns if it's dropped. It's also easy enough to hide anywhere, so blocking it is a pain in the butt.

IoT stuff, you have to hope has even booted properly, can get on the wireless, has a firmware update, the service is up the other end, they tell you if the service is ever down, etc.etc.etc.

I've never wired an alarm into my house. It's pointless. The only people who care are the people who live there. So my alarms all notify *me*. Even my car. And I can check CCTV from work and ring the police is anything is untoward.

So, actually, the people with stuff worth nicking are probably not the people with an alarm nowadays. Everything is hidden, silent, high-tech, integrated, remotely-visible. If my kit is, and I'm just a nerd with off-the-shelf kit, you can be sure as anything that those people with the million-pound houses (a much better indicator of the contents) have got a similar system too nowadays.

But it doesn't need IoT shite to do it. Unless you expand IoT to include "stuff that comes with an Ethernet socket or a SIM slot", like a CCTV NVR, car GPS tracker, house GSM module, etc. I wouldn't class them as IoT, but they can make your day very bad if you're a burglar (or - much more common in my case - you lob my fragile parcel over my garden fence, leave the recycling bin smack-bang in the middle of my drive after spilling all its contents while supposedly collecting it, or just plain park across my driveway and then walk off).

10
4

Sleuths unearth 'Panic Mode' in Android, set off by mashing back button

Lee D
Silver badge

I was once reading a discussion, many years ago, about Linux UI's and process priority. It might even have been Torvalds himself. Something was mentioned and I couldn't refute it, yet it really surprised me and has stuck with me.

When a user moves or clicks the mouse... that should be the top priority action. It provides instant feedback. You don't get slow-cursor-syndrome just because something is churning to disk. The mouse-click is the action you want to do something (which may be "stop doing all those other things!"), so nothing else matters. Delaying a background task by hundreds of a second at that point is what the user WANTS. If they wanted the long, background process to continue as top priority, they wouldn't be wiggling the mouse around clicking on things. And nothing should be that critical that it can't wait for a mouse move.

I thought it was surprising, and I thought it was correct, and I thought it was genius. And still, to this day, it's not how it's implemented in any OS - we still do junk like busy-loops listening for input and handling mouse movements in screen-refresh loops, etc.. The computer in front of me likes to run off on a pause-venture every few days (I think it's Outlook doing something but I'm not sure because you can't do anything like get task manager up, I'd have to leave it running all day and hope it did it and it's too rare to bother). It'll only take 20 or so seconds but in that time, I can't do anything and the mouse jerks and stutters. I've even seen - on brand new PC's - the "I'm going to pause until the speakers start to thrrrpp / beep because you're doing things I can't keep up with or the keyboard buffer is full"

Why? Why is the user's input not top priority, even if it means an extra half-second of churning to allow that? Why does clicking-the-cross not terminate that app and push it to the back of the priority queue while it clears itself up? Why does drawing the mouse cursor not get top priority over drawing the Chrome window that's under the mouse which is struggling to draw that web page?

Even in a multi-user system, the user LOGGED INTO THE GUI should be the one with priority, surely? It changed the way I think about process priority and human interfaces. One simple change would make the PC more responsive, more useful, even if it's all an act and it can't actually move any faster.

I don't think there's an OS in the world that actually works like that. My Android phone regularly shows high CPU and takes several seconds to switch to the home screen if some crappy app is trying to load.

Why? Why is that base human interaction not the thing taking priority over some app that's churning up memory in the background? Pressing the "kill all apps" button restores it to working order in seconds, which makes me wonder why it can't just throttle them itself so the user can still interact. Don't even get me started on smartphones - including iOS - where you're in an app and everything comes to a grinding halt because of a phone call, which you can't properly answer of deal with anyway because of all the other stuff trying to get out of the way.

User input should be a unmaskable interrupt, running in top-priority processes, which then determines what in the rest of the system gets priority (e.g. old Unix windowing concept of "GUI process which is underneath the mouse cursor has focus" - it shouldn't have FOCUS, but it should have higher priority, surely, as that's what the user is about to interact with?), to get to a result for the user ASAP.

If I click 20 apps from the task bar, why do they not all start and take 1/20th CPU but the 20th responds and starts loading just as quickly as the first when I click its icon? Surely that's the way to MAKE a system seem fast and doing what the user wants.

It blew my mind and still, to this day, I've never seen it implemented properly.

37
0

What did OVH learn from 24-hour outage? Water and servers do not mix

Lee D
Silver badge

Re: Pure water isn't so bad...

1) That's not pure water.

2) If it was pure water, the fish would die.

3) The fish dying would make it not-pure water.

16
0

Ofcom creates watchdog specifically to make sure Openreach is behaving

Lee D
Silver badge

In other news:

- 3 years waiting for a BT/Openreach leased line to a school. In the end we cancelled. At the point we cancelled, there was a plastic tube in four parts laid in different parts of the school, none of it joined together (most of it different sizes and types because of four separate abandoned - NOT failed - installs where the engineers did one job and then walked off-site for "parts" and never came back), none of it had - or could have had - blown fibre in it, all of it was installed in the last month after multiple threats of cancellation. Reason given for delays: None. Until the last month. When there "is no more room at the exchange". Contract cancelled. Engineers still tried to access site to "finish install" a month after cancellation and were shown the door.

I think BT / Openreach thought we couldn't possibly do anything else so we'd have to come back to them, because all the postcode checkers said nobody else covered us. But Virgin Media installed a fibre in 3 months and that's worked for over 2 years, and we cut all our BT ties because of it (e.g. phone lines, VDSL backup, etc.) - so that's cost them a fortune.

- Same school, half a mile down the road, bought a new site. Want a line to join the sites. BT/Openreach only company with cabling in the town. We informed them we wouldn't tolerate the same messing about, relayed the entire previous debacle. Ordered in January. Was promised a May install. It's July and they still have not even cleared a route (supposedly the duct in the road is full of "silt") to run the fibre yet, and nobody will be able to clear it before August. I have just sent the email this morning to threaten cancellation of this install too, and booked in a company to provide a microwave link instead, it's apparently being escalated to the director at Openreach.

Honestly, guys, you have one job, six months warning / three year's warning, and can't do the ONLY THING you need to do to get a decade's worth of leased-line rentals. Just the monthly rental for those missing months would have paid for the entire installation cost. And they are like this BECAUSE the ombudsman / oversight etc. are useless, they think we won't go elsewhere, and so they can screw people over for years and years. Turns out they're wrong, but if businesses are suffering this sort of rubbish, imagine what's happening with all those residential lines and backhaul.

15
1

NAO: Customs union IT system may not be ready before Brexit

Lee D
Silver badge

Re: Wishful Oxford PPE & Classics + Crapita thinking

It's a government IT project.

They never finish.

They never work.

They are just an ongoing way to provide money to private contractors "recommended" by various politicians.

You don't think that anything would ever have been ready by December 2020 do you?

9
0

AI vans are real – but they'll make us suck at driving, warn boffins

Lee D
Silver badge

Re: The future:

Purchase price - automated cars still have this.

Fuel - automated cars still need to buy this.

Tax - automated cars enjoy a discount now, sure. But it's £10 a month or thereabouts to me.

Insurance - automated cars still need this, and will always need it (probably larger public liability, in fact)

Maintenance - automated cars still need this.

In fact, all cars, including automated, have pretty much these same costs.

What you're arguing against is "a car", not "an automated car".

And what you're doing is suggesting we outsource to a third party to manage our fleet for us, add 50% profit, and sell the same thing we could have bought ourselves back to us? With summoning apps and driving AI and fleet management logistics to always be ready for peak periods in the right places, etc. And that that will somehow be magically be less?

I've done 12,000 miles in the last two years alone, most of it for work. If you factor in that it's a brand-new car, that's about £2 a mile. Sounds expensive, I grant you. But it'll pay for itself next year and then that drops drastically - then it's just the fuel, tax, insurance and maintenance. Do I work 500 miles from home? No. Ten. 10 x 2 (back and forth) x 5 day x 48 weeks = 4800 miles a year, just for basic commuting.

If it's more than 50p a mile, I'll be amazed. Let's do the maths. 45mpg. £1.10 a litre. 4.5 litres in the gallon. That's 11p a mile in fuel. 3p a mile (at most) for my car tax. 18p for insurance, the biggest ongoing cost. That's 32p, plus maintenance (first three years, no MOT required, one tyre costing £100). It's due an oil change, sure, but that's lost in the noise like the tyre.

Even assuming I've vastly under-estimated, and call it 60p per mile to recoup costs over a reasonable liftime - it's still within what my work would pay for travel expenses if I needed to claim for it. They know how much it costs to run such things, because they run their own fleet too.

I defy you to find a taxi or car share or car rental service that averages to less than 50p a mile, or even less than £2 a mile if you're include paying off the car to own it outright at the end. Zip is £3 per hour plus 29p per mile plus £6 per month (they have a deal at the moment, though) for the cheapest car they have, if they have one in your area, at the time you need it, that's not being used. Weekends, evenings, larger cars, longer periods, etc. mean it costs a lot more. I couldn't afford it for my usual commute, I know that, let alone the hassle of trying to get home if they don't have a car available (or paying to guarantee the car is mine for the day).

Sorry, but the reason people use cars rather than public transport, hiring taxis, or automated vehicles, is because they are a cheaper option, and infinitely more flexible. So long as you don't work in a completely car-averse area (e.g. congestion zone), they are a no-brainer. Automating them and charging profit won't change that - the same costs apply, if not more. People will still use them as taxis, etc. same as taxis have a place now. But they aren't going to be the every-person, every-journey vehicle for a long time.

4
1

Microsoft drops Office 365 for biz. Now it's just Microsoft 365. Word

Lee D
Silver badge

Maybe if they weren't paying reps 10%+ of everything in perpetuity in order to push products that... pretty much... everyone knows what they're buying when they ask for it, they might be able to avoid such subscription nonsense.

Maybe they could reduce the prices of those ridiculous Datacenter licenses, for instance, or change the stupendous licensing for remote workers, SQL and Exchange to be something a bit more sensible. Because, to be honest, even working for a school, I do everything possible to avoid having to pay Microsoft for things like that (no, schools do not "get it free").

If the MS licensing was more free and easy, and not "per user, per year" even on your own hardware, I'd make a lot more use of it. As it is, even with some reduced licensing on user-numbers (charged per full time teaching employee), and quite lax installation restrictions for windows / office numbers on clients, I still don't think I'm getting value. Include the Azure / 365 shite and it quickly becomes ridiculous.

If MS want to make one licence, include server stuff in it too. Every 50 users you pay for, you get a free single set of Exchange/SQL/Server licences, or similar. Then I would consider it worthwhile, and licensing becomes much easier overnight.

As it is, I do everything in my power to avoid having to pay any more than I already do. Down to literally choosing processors carefully because of stupid software licensing rules.

1
0

Former GCHQ boss backs end-to-end encryption

Lee D
Silver badge

And whichever option you follow, any terrorist with half a brain will be completely unaffected anyway, as they will use their own end-to-end encryption over whatever public service they want. We used to call them codewords, but nowadays there's no reason they can't be PGP-encrypted short messages converted to a textable alphabet.

The ones you "catch" with laws like this are the ones you could have caught anyway if you were even half-listening.

39
1

Virgin Media admits it 'fell short' in broadband speeds ahead of lashing from BBC's Watchdog

Lee D
Silver badge

Re: Virgin Media customer here.

How do you measure the minimum?

The sync speed? The line speed? The real-world download speed?

All have problems, that make them subject to tampering. E.g. a user could just measure sync speed after chomping on the cable for a bit and then claim they didn't meet the minimum, so they have to give him cheaper bills. People will run speedtest.net and assume that's definitive (rather than affected by local wireless and other users on the same network, etc.).

I have a SamKnows box. It reports back average speeds throughout the day, and is used as one of those consumer metrics that people quote when they say Virgin are the fastest or whatever. Pretty much, I get what I pay for. Sometimes it drops. Then it comes back. And that box goes through a router of my own which goes through the SuperHub in modem mode. Pretty much I could tamper that to report what I like too, I just apply QoS to it.

There is no reliable way to measure it that isn't subject to user - or even ISP - tampering. What should happen, though? You pay for the portion of the connection available to you. If you only used an average of 30Mbps over peak periods, on a 100Mbps package, you only pay one third of the price. Don't even bother to measure on off-peak periods because it's rarely an issue that affects an ISP as the bandwidth is already there but not being used. That way you're still paying for what you get, slowing yourself down doesn't gain you any advantage, and you could even "volunteer" to have a 30Mbps day if you're short on cash, which will reduce the demand on the ISP. Or pay extra to get a 200Mbps day.

The problem is not "some people have crap connections". It's literally "you pay more per byte than other people elsewhere". You shouldn't be paying more per byte. But you can't magically give everyone a 200Mbps connection just because they want one.

There will come a time when ISP usage will be billed like all the other utilities. By the unit, and more expensive at peak periods. Then it doesn't hurt the people who WANT to download tons of shite, teaches people not to download tons of shite unnecessarily, and also allows those who get a crap connection to only pay a pittance to stay online because of that.

1
4

Ker-ching! NotPetya hackers cash out, demand 100 BTC for master decrypt key

Lee D
Silver badge

Re: Can't anything be done??

Bitcoins are just a numbered account.

And most bitcoin accepters won't know to block that particular account.

And the holder of that account can generate effectively infinitely many new accounts, break the funds up, redistribute them, and pay from those other accounts in seconds. Although technically traceable to an extent, they would have already received their goods/services by the time anyone can correlate them properly, and the more they break them up, the harder it becomes.

Bitcoins can literally be broken into billions of pieces. And who knows whether someone who receives or acts as an intermediary for any of those pieces are an innocent party (e.g. been paid in Bitcoin and know nothing about the origin of the funds), related to the scam, or the scammer themselves? It could be the scammers setting up a billion laundering accounts, but each one is indistinguishable from an account that someone else has had for years but never used and who happened to get a donation on their website (e.g. I have a button on my website to donate Bitcoin to me in such a fashion, people use it to donate to me for running a gameserver).

And though Bitcoin is "traceable", it's far from easy, and only gives you and enpdoint (i.e. someone paid the ransom into the ransom account, which was ultimately spent in these several billions different pieces at any number of end-points which are places like shops, service accounts, Internet hosts, pastebin, etc.

Even ordinary stores are starting to take Bitcoin now, and vending machines, and places like the Humble Bundles. Though you can say the ultimate destination, and know the path it took, why it took that path and whether that was money laundering or innocent transactions in the interim is impossible to determine.

These guys spent it all without breaking it up much. But that still doesn't help. Sure, pastebin would probably know the associated account and may terminate now that it's in the news, but they aren't obliged to check EVERY origin of EVERY payment they ever receive for EVERY type of currency.

12
0

Brit prosecutors ask IT suppliers to fight over £3 USB cable tender

Lee D
Silver badge

I work in schools.

I am SO MUCH HAPPIER in independent (private) schools, because they don't have this kind of mass procurement nonsense. State schools used to insist on three identical quotes, which obviously has any number of ways to fudge at extreme lengths of effort to attempt to do, resulting in a lot of wasted time to end up with the answer I would have given anyway.

And not everything is about cost... in fact most things AREN'T about cost. I reject companies or change to their rivals more often because of poor service or unreliability, not cost. Service, reliability, and assuredness of future business is reliance on a certain cost.

Nowadays, I find a link on Amazon, send it to a bursar, if it's not stupendously expensive, it gets clicked and ordered and arrives the next day. Hundreds of thousands of pounds of business every year happens like that on Amazon only, let alone the myriad other websites where you find a product that no-one else sells, etc.

But in terms of procurement - long-term suppliers, that the business relies on, cost is secondary to "are you going to be around next year and give us the same service".

Sorry, but if it's under £100, it's basically automatic approval so long as there's two names on the sheet (so you don't just walk off with it). If it's under £1000, sure, look around and try to make sure it's comparable pricing, but order from the place that handles your business the best. If it's larger than that, you're into requests for quotes and sign-offs but it doesn't need to be some huge big deal involving a dozen people.

This is the problem with the NHS too - they are locked into procurement processes that are ridiculous, AA batteries costing £10 each because of procurement rules, that turn up as single Duracell batteries you could buy for 50p each on your lunch hour. But, of course, you're not allowed to do that as that would not be recompensed on expenses because it cuts out their minister-approved middle-man.

I ordered something like 200 iPads on Amazon once. It was barely questioned, on unit price, because it was just the no-brainer for a product that's never discounted and identical from everywhere you buy it. It arrived with 24 hours, returns were piss-easy, and we never had a comeback.

They say Amazon is killing the high street? It's because the service is second-to-none and they sell everything you might want. Suppliers can't compete on either factor, and I've gone through 3-4 major equipment suppliers in terms of network procurement and ongoing support because they all turn useless in a year. But for just *buying* stuff? Go to the most sensible place.

My bursar actually tells me off for wasting his time if it's under £50 and obviously required.

15
0

Bonkers call to boycott Raspberry Pi Foundation over 'gay agenda'

Lee D
Silver badge

"They want to tell your children it is 'ok to be gay' even if you as a parent work diligently and carefully to put your child on a hetrosexual path."

So... you're saying you want to tell my children that it's NOT okay to be gay?

Way to win over the audience. You can discount my support for such stupid nonsense.

If they were INSTRUCTING your kids to be gay (they're not, the operative word here is 'support' - I 'support' all manner of groups and causes, none of which demand I live their certain lifestyle), then maybe you'd have a case. But they're not.

P.S. I suggest you look into what your school teaches your child. Because I guarantee they WOULD NOT tolerate any speaker, guest, staff or other child telling someone that it wasn't okay to be gay.

17
3

GnuPG crypto library cracked, look for patches

Lee D
Silver badge

Re: It's important that it's been fixed..

In which case we're all dead, because HTML is just the same - any website is potentially complete compromise by that reasoning.

However, in practical terms, WebAssembly is low down on the list of possible avenues, as is modern Javascript (however it's scripting of ActiveX etc. was always it's main problem, not the Javascript itself). Just above HTML, and probably just below Javascript.

And it's REALLY difficult to execute any kind of local attack utilitising local C-written shared libraries that are nothing to do with the browser by any of those. Honestly, those are not the issues to worry about.

You'd be measurably safer if all your application writers recompiled their apps to WebAssembly and you only accessed them via a browser. However, you'd also lose a lot of functionality in the process - e.g. opening local files, network communication etc. - because of the browser security model that would be imposed on them by doing so.

5
2
Lee D
Silver badge

Re: It's important that it's been fixed..

Why would WebAssembly be any different to anything else? Do you even understand what it is and does?

WebAssembly is nothing more than a cut-down interpreted VM, like Java used for decades, in a very limited scope, executing only with the privileges given to a normal HTML page. Just because it has the word "Assembly" in there, don't fool yourself into thinking that it's actually executing anything. It's still just a compressed version of a very limited instruction set subject to the browser security controls (which are a lot stricter now than they were in the days of plugins - Java plugins were basically given full run of the machine, WebAssembly can't even open a network socket as you would expect - it gets encapsulated as a WebSocket that will only communicate on web ports).

You need to run software. In the absence of direct execution, that means running an interpreted restricted-instruction-set language. Whether or not you want to run software from a particular website? Well, that's a browser control. But WebAssembly has NOTHING to do with executing code on your processor, certainly not one that interacts in any way with local shared libraries, and certainly not one that can just execute routines and pass stuff off to your OS.

9
10

Android 'forensic' app pulled from Google Play after vulnerability report

Lee D
Silver badge

Re: app stores ungovernable

Because auditing even the tiniest of programs is almost impossible, don't believe the rubbish about places like Apple checking every app for everything. It's been proved not true on countless occasions and rogue apps slip through any vetting process.

Literally, the ONLY way to stop apps like this from downloading external code and executing it is to not allow those actions in any way, which is almost impossible if you want an app to connect to the Internet in any way, shape or form.

Permissions are the saviour here, NOT vetting. It can take years to audit a program that you have the source to and that still doesn't take account of things that download extra modules, plus new updates, etc. If you don't have the source (e.g. most app submission processes), it's even more difficult. And that's without app creators even bothered to obfuscate things anyway.

And you have to do that audit for every update, of every app on the store. That's just impossible, in practical terms.

Relying on anything even approaching an app store (even a Linux distribution's app mechanism) to protect you is ridiculous and impossible. One tiny section of otherwise-obvious code hidden in billions upon billions of instructions will compromise you. You can't rely on that. You have to rely on the permissions that you assign to such things, and restricting them.

But even then, any app that has "send/receive data from the Internet" basically has a way to execute arbitrary code. It doesn't even need storage access or anything.

9
2

Students smash competitive clustering LINPACK world record

Lee D
Silver badge

Are you really just students who "guess" that the bus is overloaded?

And am I reading this right, in that it's just a competition to slap a machine together without such knowledge and put as much stuff in as you can until you find the sweet spot?

I find nothing technically interesting in either.

3
1

Dead serious: How to haunt people after you've gone... using your smartphone

Lee D
Silver badge

Re: You surely must have forgotten

"The wonks who call you to sell you a better tech solution than you already have, but don't know either what you have or what they are selling."

Almost as bad as those SIP trunk providers who call you from a line that sounds like it's being fed over the deep space network in real-time, and someone is multiplexing it over "morse code in silence".

They always try and claim that it's "at my end", but it's only EVER SIP trunk providers that I have the issue with, whether they come in over my otherwise perfectly-working analogue, ISDN or SIP lines.

3
0

Not that scary or that hard: Two decades of VLANS

Lee D
Silver badge

Re: First two things...?

I find, if taking over a particularly bad place, that the backups are rarely backing up the CONFIGURATION, i.e. the server, server state, application configuration, etc, properly. Or if they are, it's been cherry-picked to the bare minimum and then never updated as new things are added.

One of my prime reasons for converting to VM is that you can then backup the entire VM image + snapshots beforehand, and as you make changes, and ensure that you have a way to get back to where you started and a FULL backup (and hence even keep the original server and/or the original server disk image to do a full revert if there's a problem, even back to the original hardware).

Part of that, yes, I agree, would be the backup of storage too.

0
0
Lee D
Silver badge

I find it unbelievable that people setting up switches don't know what a VLAN is, or don't use them. I've dealt with a number of IT managers and IT contractors who literally have no idea what a VLAN even is.

I've heard all sorts of rubbish reasoning, but never a reason to NOT deploy VLAN's on almost every network by default, the second you take it over.

And if you're worried about adding them to a "legacy" network, just do it. Put anything new on the "new" VLAN's, and access to them, and leave everything on the "default / untagged" VLAN until you can start moving it over.

With server VM's (also a no-brainer that should be your FIRST job if you're taking over a non-virtualised network), it's literally just adding another interface on the necessary VLANs and off you go.

You should be isolated as much as possible.

- Make the default VLAN as boring and empty as possible.

- Separate off wireless, guest wireless, access control, CCTV, telephony (probably job #1!), printers, inter-server traffic, etc. into their own VLAN. Put the necessary VLAN interfaces on the VM's that need it (e.g. telephony integration servers).

Then you can separate and monitor traffic (e.g. CCTV VLAN using much more traffic than telephony VLAN, etc. rather than have to do protocol analysis to find that out), remove any opportunity for browsing and bypassing stuff, and apply completely separate settings to entire VLANs (e.g. QoS on the entire telephony VLAN, rather than on individual endpoints, or DSCP tagging, or port-detection or whatever).

Personally, I think even printers should be on their own VLAN (hint; They don't even need VLAN support for you to do this! Just keep your wiring sensible so that they don't piggyback/share with other devices). That way nobody can "browse" for printers to exploit / prank, and have to go through - say - a Papercut server that's the only "computer" on the printer VLAN, and has a public web interface on the client VLAN. You're also separating out thee broadcast traffic to only those devices that actually need to be listening in on it (not everything does multicast properly) - no more dozens of printers constantly advertising their wares to every port on your network.

And though it might allow you to run two identical IP ranges over two different VLANs on the same cable, I think that's stupid. Just renumber. Internal ranges are plentiful. In fact, I tend to number ranges to mirror the VLAN number - e.g. 192.168.10.x - 192.168.19.x to be on VLAN 1, 192.168.20.x - 192.168.29.x to be on VLAN 2, etc.). Because then you can spot your mistakes so much more easily and someone "just browsing" has much more work to do.

VLANs are a no-brainer. I work for schools and for years, stupid educational companies ingrained the concept of separating wiring for "admin" and "curriculum" networks. When all the kit could have just supported VLANs (and proper damn permissioning / authentication would solve the problem anyway). I still walk into schools wired that way, where a bursar cannot log in in a meeting room, etc. because he's "on a different network" that's physically separated so even domain trusts aren't possible.

VLAN. VM. First two jobs to solve in every workplace that doesn't already have them. Anything else is just madness.

6
0

Virgin Media cuts 250 jobs amid £3bn Project Lightning cockup fallout

Lee D
Silver badge

Re: Oh Good grief!

Buy yourself a decent router, which Ethernet, VDSL, ADSL, 4G, etc..

Put the VM Ethernet cable from the hub (in modem mode) in one port.

Put an RJ11 ADSL/VDSL connection in the other.

Put a 4G stick / SIM in for emergencies.

Configure the routing/failover options on it.

Pay for two "less speedy" connections without all the associated gumph, so that when one falls over you don't even notice except for the email from the router saying that it's fallen back to something else. If you buy a decent enough router, it'll even load-balance over them without you knowing the difference (I set this up on an ancient PC once with Linux, over two really-flaky ADSL lines, and every webpage you accessed or port you opened could have gone over either connection and you'd never know any difference).

Literally, a couple-of-hundred-quid investment that will last for years and solve all the problems for you by doing what people in IT do (always have a backup, redundant systems, etc.). And there are many advantages ("Oh well, it's your connection!", really? Because I have three!), you can always move it anywhere, to any ISP, at any moment. Hell, I can even run the whole home network run off my phone's 4G offered over wireless as a "WAN" connection if I like.

If you have a number of fluctuating qualities of service, take steps to reduce your dependency on any one of them and cover your bases. 200Mbps costs what?

I'd rather have two independent 50Mbps services than even a 200Mbps SPOF.

2
3

Rackspace goes TITSUP in global outage outrage

Lee D
Silver badge

Ah, cloud provision.

And DRM / licensing.

Who'd have thunk they could be problematic in a large enterprise?

What gets me - why the hell is the ticket system behind the same thing, making it inaccessible if it screws up?

6
0

The bloke behind Star Fox is building a blockchain based casino. No, really

Lee D
Silver badge

Re: But...

Poker is very different to other games, being a game requiring perfect play in order to achieve the stated odds.

Roulette, craps, fruit machines, etc. do not.

If you're playing poker online, you need to know that you're playing perfectly in order to avoid bots, etc., in which case there are much easier ways of winning a poker game (e.g. play against random people in real life).

In almost all other games, there's no point in playing as you have no contorl over the situation and you may as well just be putting "£5 at 0.3 probability" - it's essentially the same and the "game" has no effect on the outcome. With poker, it's actually worse. You play perfectly and you might get those odds in the long-run. You don't, and your odds are indeterminably lower.

2
0
Lee D
Silver badge

Re: http://provablyfair.org/

Was going to say exactly the same.

0
0

Hot news! Combustible Galaxy Note 7 to return as 'Galaxy Note FE'

Lee D
Silver badge

Fire Extinguisher.

Fire Extinguisher

0
0

Linus Torvalds slams 'pure garbage' from 'clowns' at grsecurity

Lee D
Silver badge

Re: Ego Overload

The Brad guy manages a set of security patches.

Patches that he has questionably licensed (it's GOT to be GPLv2 because they are kernel patches, but now you only get them if you are part of his little clan, and if you distribute them, he threatens to never supply you another patch again).

Patches that he has zero interest in submitting through the proper channels. He regularly claims to have done so but it's mainly just dumps of the entire thing with no breaking down to individual patches. Not even an idiot is going to apply megabytes of patches to the Linux kernel overnight.

Patches that are based on the Linux kernel which is a damn sight harder to manage than just his security patches, but he won't co-operate with anyone, and - as with the licensing - he somehow thinks he should be treated better than anyone else.

I've had a couple of run-ins with him on other forums, nothing to do with the code (I'm happy to assume his stuff works and is worthwhile, technically he's quite clever) but about the attitude. He just expects everyone else to do the work to integrate, because his code is so fabulous, while at the same time refusing to make any effort that way himself and questionably mis-licensing and threatening people. Then he complains about how Linux doesn't have all this stuff.

Instead, BECAUSE of his attitude, the kernel maintainers are reinventing the wheel without bothering to look at his code in case it somehow taints them and causes trouble. You can just imagine the attitude of the above guy if they start just pulling in his code anyway, or copying it wholesale. This completely hinders any integration of his patches. NO ONE will volunteer to pull his stuff across piecemeal (as EVERY OTHER major patch to Linux was handled) because of this attitude. If you speak to the guy, you'll see why.

It seems to me that we have another "BitKeeper" debacle, that's going to end with his patches becoming obsolete, while someone else does the hard work again in another way to do what he could just do overnight.

To be honest, I can even understand his point of view. He knows his stuff. But equally, I can quite understand why no-one will deal with him. And should anyone go to the effort of doing this integration, his patch-set is dead overnight. Nobody will ever remember him. Perhaps that's why he actively hinders efforts.

I've never seen another major kernel patch set where NOBODY will step up to help them integrate any more (it's been tried several times), and where people would rather re-invent the wheel rather than deal with the personality.

TBH: I'm with Linus here.

58
4

It's 2017, and UPnP is helping black-hats run banking malware

Lee D
Silver badge

1) Rubbish.

2) One XBox will get Open NAT, the other will get Strict NAT, and that only if you have them both working simultaneously.

3) Because it *wants* to forward the following to your console:

Port 88 (UDP)

Port 3074 (UDP & TCP)

Port 53 (UDP & TCP)

Port 80 (TCP)

Port 500 (UDP)

Port 3544 (UDP)

Port 4500 (UDP)

You are opening up your DNS, HTTP ports and numerous others (including targets ripe for brute-forcing and automated HTTP scraping / metasploiting) to a fecking console.

4) Damn niche problem.

4
0
Lee D
Silver badge

SWITCH IT OFF.

UPnP = automatic, unauthenticated port-forwarding of any external port to any internal machine port.

If you don't know this already, and you work in IT, you've not looked into it at all.

If you do know it, and left it enabled, more fool you.

Literally, any user - even in internal VLANs in some cases - can send a UPnP request to port-forward your external port number 7483 (or whatever) to internal client SERVER1 port 139. Game over. Even if you disable SMB or have internal firewalls, there'll be SOMETHING you don't want exposed that they can expose (and even a port 139 that refused traffic could be used for damage as WannaCry showed!).

Authentication modules were never really used for UPnP and finding compliant software/router combinations for such is rare. Add to that that ANY PROGRAM running as ANY USER on ANY LOCAL MACHINE can request the router to forward any arbitrary external port to any arbitrary internal port.

If that doesn't scream "stupid design", I don't know what does.

Additionally, to counter the usual argument, there are ZERO modern services that do not operate when you disable UPnP. Same as anything - if you're running a server you should be the one opening the port, not having it happen automagically without your knowledge. If you're not, then everything works just fine without port-forwarding, UPnP or anything else.

1000 Steam games, Skype, Torrents, Bitcoin, everything I have ever installed works fine. At absolute worst if you're HOSTING a server (not just connecting to matchmaking servers which have open ports for just this reason) you put in a port-forward entry.

Anyone who has not had UPnP disabled from day one on their network gateways deserves a slap. Even a cheapy Draytek will let you provide "Internet Connection Status" over UPnP while denying the "magic port-forward" stuff, but there's no reason for UPnP at all in that case anyway.

11
1

Microsoft's new Surface laptop defeats teardown – with glue

Lee D
Silver badge

Quite.

I'd rather have two £500 laptops and stick one on a shelf. At least then you stand a chance at longevity, spare parts usage, etc.

The non-replaceable items get no love from me whatsoever. And, to be honest, I hate having to take things apart. I lose at least one screw every time I do so. But at least I have a choice between "£10 keyboard replacement done by myself even if I have to take the whole thing apart" and £1000 replacement.

9
0
Lee D
Silver badge

Re: What happened to screwing?

Do you not know how to tease things open gently? Carefully probing and fondling with little tiny skillful movements to elicit the opening piecemeal, savouring the anticipation?

All so eager to get at what's inside, you don't appreciate the packaging.

13
0

Brit uni blabs students' confidential information to 298 undergrads

Lee D
Silver badge

- Poor data storage (spreadsheet for potentially medical information? No password? No encryption? Just one big spreadsheet for everyone? Hope it doesn't have macros neither!)

- Poor data management (people just picking the document up and attaching to emails, no control or confirmation of outgoing attachment, no data control intercepts to spot multiple personal information leaving the site, no limit control on emails going out to 290+ students with an attachment?)

- Poor permissions management (can just email out to groups of students with attachments? No having to post to internal services and link instead: "the document is available under your online account", etc.? )

And all for what? A spreadsheet of their reasons for failling exams. Why is that even a spreadsheet? Why is it not contained in the MIS? Why is it not in the privileged area of the MIS? What service requires you to generate a list of every students extenuating circumstances in one place in plain-text, and why would you keep that around past submission over a secure channel?

I'm guessing - based on working in schools for decades - that it's someone's pet project which they use and store separately because they can't work the MIS system, which they then email out to other people rather than them have to work out how to use the MIS. And they mis-hit and sent it to the group of affected students rather than the person they meant to inform of those students.

There's really no excuse, and it's sloppy data management in human terms, which is indicative of much larger problems in terms of handling data. The fact that someone could generate such a list from, presumably, confidential form returns is just damning. Either those returns should be electronic and straight into the database and thus this was a specific "pull out everyone with this field because I want to read them all in one go" action, or they were collating them from some other service or typing-in which shouldn't be done with confidential records.

I would expect fines on the order of 100's of thousands of pounds in such an instance. They are issued on that scale to schools and hospitals all the time, even if there's no proof that anyone else actually read them (e.g. missing encrypted CD's that you can't prove were encrypted in some cases).

And that's a whole lot more expensive than teaching Joan in the office not to do that, or replacing her entirely (now an option) and getting an MIS that handles this stuff in a way that mass-queries are held securely rather than can be Excelled out of the organisation.

6
0

Samsung releases 49-inch desktop monitor with 32:9 aspect ratio

Lee D
Silver badge

Re: code word

Do what you like as a hobby.

But wasting money on snake-oil products vaguely related to said hobby? That's the silly part.

I'm a gamer. I operate gaming servers too. I don't have any of that "gaming" junk (Amazon today has a "gaming" sale, consisting of little routers with about 12 antennae on them and light-up keyboards - and yet my ping is lower than anyone else's because I just have proper QoS on the connection, local network, etc.). My mouse is a TeckNet cheapy. But I'll still kick your backside at Counterstrike with it, though.

I'm an astronomer. I have telescopes, mounts, camera bodies, image-stacking software, None of it cost very much at all, and all of it produces results that even a guy in the street would go "Oh, wow, yeah, that makes a big difference". You could spend £1000 on a filter. Or £10k on a massive Schmidt-Cassegrain. I don't. Because other factors - not least the expertise to use it, clear skies to make it worthwhile, or limited value of the difference I'd get from using it - mean it's not worth it.

There's a case of choosing the right tool, and it improving the output of someone skilled in the use of it. But being skilled in the use of it is more important no matter what tool.

Buying snake-oil products like Killer Ethernet cards, or super-duper-carbon-fibre fishing rods, or some professional set of £2k golf clubs when your handicap is still in the double-digits, or some special spark plug doesn't magically make things better than you could have got anyway, and rarely provides any kind of return-on-investment, especially for a hobbyist.

In fact, the more you avoid that snake-oil junk, the more you can get out of your hobby, the more hobbies you can have, and the more drinks you can have down the pub with your mates afterwards. It's the people who bore you to tears about some thousand-pound snooker cue and its manufacturing process when they can barely hit the ball, that then try to justify it, and never have any money left for anything else that I would feel sorry for.

8
0
Lee D
Silver badge

Re: code word

No different to audiophiles, motor enthusiasts, or any other sector where people consider themselves to have an expertise that few others have.

They all buy expensive toys that they think professionals use to make themselves seem "more" professional, whether or not they can even use them effectively.

I look at my Facebook and I see people with fishing gear costing thousands, which they then use in reservoirs where there are no fish. I see car nuts buying bits for their cars that are totally worthless and unnecessary and the cost of which would cover buying a better car. It's the same for all sorts.

My technician was telling me only yesterday that he was in a store and a guy was buying a "gold-plated optical audio cable". I can't even fathom how that works. But the guy paid a fortune for it because "it'll make it sound better".

Everything from the guy with the large 4K TV, to the bloke with go-faster stripes and under-car lighting, to the gamer with the 48-button, 10Mdpi mouse, they're all the same.

And they all whine like hell with excuses when your run-of-the-mill, bog-standard, but you spent a tiny bit more than the minimum and actually researched, purchase beats their super-duper kit into a cocked hat. They all then pull out the "Yeah, but that's just electronic timing / digital audio / carbon fibre / whatever, it's not as good as my ancient mechanics / dust-strewn LP's / stick of wood even if you think it is".

17
0

Ofcom fines Three £1.9m over vulnerability in emergency call handling

Lee D
Silver badge

"However, this vulnerability has not had any impact on our customers and only relates to a potential point of failure in Three's network."

Translation: We only NEARLY killed people.

3
3

Fighter pilot shot down laptops with a flick of his copper-plated wrist

Lee D
Silver badge

^ someone with experience.

9
0
Lee D
Silver badge

School office.

Noticed the office staff layering plain paper and cheque paper alternately. For hundreds of cheques.

Queried why: "It's always been like that".

The printer always churned out two copies of the cheques, so you had to sacrifice a bit of plain paper to avoid printing out double-cheques.

Borough support had "looked at it dozens of times" over the years. This person had been in the same school for 20+ years, so she could tell you names, dates and what they did.

They'd reinstalled the software, reinstalled the machine, changed all the server settings, deployed print group policies, tweaked every option, and after years of callbacks given up and told the staff to put blank paper every second sheet.

It was a HP Laserjet, the ones with the old "cold blue" LCD displays. They only ever used it for cheques because it was the only printer on site that didn't jam when it printed them (cheque + sticky seal + plastic address window in one A4 sheet).

I tapped a few buttons.

Found the option that said "Copies; 2". Changed it to "Copies: 1"

Worked perfectly for years after that. I think she would have kissed me if she could. Years of "paper, cheque, paper, cheque, paper, cheque" for thousands of cheques before she printed every time...

(Yes, Borough support was in bed with RM so the system/support was basically entirely RM and HP. The same school sent back three machines five times because they "never worked". The problem? CMOS Checksum Error. I got the job there by sending a member of staff down to the watch store for 3 x CR2032 batteries. They worked fine for years after that)

92
0

When we said don't link to the article, Google, we meant DON'T LINK TO THE ARTICLE!

Lee D
Silver badge

"For the sake of ensuring compliance, we've removed every mention of your company from the entire search database, including your website, articles, links, adverts, reviews, map location, stock ticker, etc."

16
5

Sorry to burst your bubble, but Microsoft's 'Ms Pac-Man beating AI' is more Automatic Idiot

Lee D
Silver badge

Re: Problem?

"work out the rules of chess and the relative values of the pieces by itself"

Rules, maybe. But they can learn that by making random moves and some control somewhere says "Invalid move, you lose". That's INFINITELY better than "you can only make moves from the restricted subset we offer you that you never have to consider" in terms of learning.

And, similarly, value is a heuristic. The value of a piece is nonsense compared to whether you win. You can sacrifice every piece on the board so long as you end up checkmating. That "value" could be learned or hard-coded. Learned value - when it decides itself "Actually, my queen is probably worth more than that" rather than adds up some metric - is what you're after if you're claiming "AI" and "machine learning".

It's about what you test on. Are you testing "can this machine learn to play the game by itself" or are you testing "Can this machine find what we would call an optimal play in this heavily-prescribed world". They are claiming the former, but actually it's the latter.

You have to consider this: If your machine is "learning" then you could throw it at Ms Pac Man and train it. You would then be able to move THE EXACT SAME PROGRAM to, say Pac Man 2000, not tell it what the difference is, and train itself towards optimal play for that WITHOUT TWEAKING.

This program couldn't. It's been told what the value is and what to do, in limited means but it's been instructed. That's not "learning", that's some kind of "organic growth programming from seed". And the whole point of "learning" is not to make a Ms Pac Man player. Any idiot can do that. It's to make a machine that learns. If it only "learns" Ms Pac Man when it is hand-led, then it will forever need to be hand-led on every task it does.

To be machine learning, it would have to arrive at that itself, naturally. Even if you start from zero knowledge, or from knowledge of ENTIRELY THE WRONG GAME. It should learn enough that it realises that.

Otherwise, all you've made is a very expensive computer player, and nobody is going to care about your research, licensing your patents, etc.. Although we might call them "AI" players, they aren't. What people are after, the value we seek, the thing that makes money, the thing we don't have, the useful feature... is learning.

And learning shouldn't need to be hand-held. Stick a new-born animal in a room and it will learn when/how it gets fed without any extra tuition. If you make a change to that, it will adapt to it. The "seed" is sown before it ever knew what task it was up against. And it learns and adapts to the tasks given from then on.

10
0
Lee D
Silver badge

Re: It's not very good AI

Humans read rules, interpret them and voluntarily stick to them.

Machines operate in an environment where the rules prevent them ever doing anything else, so it literally bounds their possible actions.

Morpheus knew this: You will always be faster... because they live in a world built on rules.

11
0
Lee D
Silver badge

Virtually nothing that says AI or "learning" actually is.

It's all heuristics, instructions from programmers on "how to learn", in effect. And not at some basic coding level, but quite literally specified explicitly for the task at hand.

AI, to me, is still interpreted in the same way as the old gaming adverts: "destructible environments" (so long as you don't go out of bounds, go too deep, shoot the critical plot structures, or actually expect it to turn to rubble), "realistic physics" (which is why you can make the enemy bounce a thousand metres in the air by getting him stuck on a door), "open-world" (so long as you don't try to go the opposite direction to your objective or mind being herded back in if you stray too far, and by the way, for mission 2 you have to go see John or you'll never get a mission 3 until you do).

It's all rule-based and targetted. Google's AlphaGo strayed into something different, which is why it's newsworthy and pretty astounding. But you have to understand the game and the rules of the game to make those sub-agents do what you want in order to come to a decent play. And I guarantee you that the "master agent" isn't culling off useless sub-agents and creating unique ones of its own to try to fathom out the game.

It's all hard-coded rules, left to run for a long time with an aim in mind. That's not AI or "learning", no matter how long you leave it running. Unfortunately, any sufficiently-advanced technology is indistinguishable from magic, so people do think that Siri is actually understanding them rather than some speech recognition that hasn't improved in decades (per cpu cycle), shoved into a search engine which returns colloquially-worded results.

33
0

Labour says it will vote against DUP's proposed TV Licence reforms

Lee D
Silver badge

Re: Give it to us

No.

Taxes are just as often a penalty on an action to discourage use of it.

- Buying luxuries.

- Running a car that slowly damages roads and air quality, charged on a sliding scale of damage caused.

- Offshoring assets / jobs (tax on them so you can penalise that action and encourage local job use, etc.)

- Tax on unnecessary personal habits that damage your health incur costs for everyone (e.g. smoking, alcohol).

- Tax on selling houses

- Tax on international profit-moving and intellectual property usage (e.g. Starbuck's taxes being mulled).

- Tax on betting and gambling

In this case, the tax was on people who want to watch TV live as broadcast, contributing to peak power usage and trash-entertainment.

That's shifted slightly since (the way things do when there's profit to be made) but generally speaking tax is not a insurance that everyone pays into and everyone gets back from, in any way.

It's just as often a penalty on actions that are in the nations interest to discourage, and/or to profit from.

2
1
Lee D
Silver badge

Re: The BBC: Crown Jewels of UK Broadcasting

My BBC iPlayer list has:

Mock the Week

Have I Got News For You

QI

Room 101

Sorry, but though I'd happily pay for the just-released box set of all the seasons of QI, I can't even do that as it's not available online, only on DVD. The rest... though great fun, I wouldn't pay a lot for it.

The BBC is no better than any other producer, and quite a lot of their formats are bought in from companies that make such things (e.g. Graham Norton moved from Channel 4, for a while they had a comedy show that was EXACTLY Whose Line Is It Anyway, made by the producers of... Whose Line Is It Anyway, Bake-off has gone, etc.).

They have just shut their online streaming shop too. So, despite a commenter on here assuring me not so long ago that I can buy old TV series from them - everyone who did just got chucked off and a refund cheque and no more access:

"BBC Store no longer offers programmes to buy. Purchases will not play in iPlayer."

They have a massive archive of content that's already digitised that they can't sell.

They have major influence over technology products for video streaming, etc. (everything has an iPlayer app).

They have the TV license fee income.

And still I can't actually give them money.

And still I'm not sure I'd bother if they can't sort themselves out after all this time.

8
0
Lee D
Silver badge

I know I'd be happy just paying, say, £10 for permanent online access to a season of my favourite programs. Or even a Netflix-y deal of say £30 a year for everything.

And then, literally, forget the rest of the TV licence.

I could buy FOURTEEN seasons a year for that. And I probably would, if not more. And not be subject to scheduling, watersheds, or waiting for days for the next episode, or the other dross that I honestly couldn't care about but have to sort through to find the one program I want.

That said, there's no way I'd vote for a party just because they have proposed one vaguely-decent, non-binding idea.

5
4
Lee D
Silver badge

Give me a call when any of it is legally binding with a forfeit of removal from their seat if they fail to deliver adequate progress towards it, measured at least annually by an independent party, and able to be triggered by public pressure if they look like they're not delivering.

Until then, they can promise to give me the world on a stick and it makes absolutely no difference.

No other job in the world can you get away with saying you'll do something, not do it for four years, and then get re-hired on the basis of promising to do it "this time around".

36
1

PC, Ethernet and tablet computer pioneer 'Chuck' Thacker passes

Lee D
Silver badge

"Why don't we corrupt a memorial article with a mention of Steve Jobs for no particular reason?"

(No, Apple did not have first tablet, not even first touchscreen mobile device, nor first GUI).

2
2

Forums

Biting the hand that feeds IT © 1998–2017