* Posts by Lee D

2392 posts • joined 14 Feb 2013

Two's company, Three's unbowed: You Brits will pay more for MMS snaps

Lee D
Silver badge

Find the 100Gb Mifi offer on Three. It used to be available, but it's not been around for ages.

40Gb is the most they do for anything in terms of HomeFi, MiFi or tethering.

0
0
Lee D
Silver badge

For mobile broadband, correct. For phones? There are plenty of "unlimited" deals.

http://www.three.co.uk/Store/SIM/Plans_for_phones

"1 month Advanced plan

All-you-can-eat minutes

All-you-can-eat texts

30GB Personal Hotspot"

https://www.giffgaff.com/sim-only-plans/

£20 goodybag

Always On*

Unlimited

Unlimited

What they all have, though is tethering limits (e.g. the 30Gb hotspot thing above). But on a phone, it's easy to get an "unlimited*" setup. That unlimited* isn't actually unlimited is a minor point in comparison to not being able to go over 50Gb on ANY 4G PROVIDER for mobile broadband no matter how much you're willing to pay.

1
1
Lee D
Silver badge

Good.

The only thing I have Three for is data, as the only other people who do a decent mobile broadband allowance are Vodafone and they're too stupid to post me a SIM when I ask for it, but then won't let me sign up with my details again to request another.

And every time Three adds incentives to stop people using traditional services and "use your data instead", it suggests that they need to increase their data allowances even further.

But then, I only ever do month-to-month contracts, because I can then just swap out the SIM any time I like without arguing over what is a "material change to the contract".

Honestly, though... if someone sells a 100Gb 4G SIM on pay-monthly that allows tethering for that full amount... someone shout, because I haven't found one. The 100Gb packages on Virgin don't say they allow tethering and their own "mobile broadband" SIMs only go up to 10Gb. Vodafone does a 50Gb one but are incompetent. Three do 40Gb. Everyone else (Giffgaff, O2, EE, etc.) has silly "unlimited (***********)" clauses or don't allow the full amount of data for tethering (which is what mobile broadband is considered as).

13
1

Time to ditch the front door key? Nest's new wireless smart lock is surprisingly convenient

Lee D
Silver badge

If keys are a problem, buy an electronic door lock.

RFID/Mifare fobs are dirt-cheap nowadays.

The real problem is - house insurance. If you are broken into, you have to show that they forced entry. If your lock can be opened without showing signs of forced entry, your house insurance won't cover you. Even if it did, they require it to be up to a stated British Standard.

If you're prepared for your house insurance to be invalid (or do without entirely), sure, change your locks. It's really easy. But not for some cloud-connected shite. GSM-controlled and RFID-controlled locks are everywhere in business, they are bog-standard access control items. They also do everything this thing could possibly do, without all the hassle and expense.

And then if you want all that stupid integration stuff (When lock opens, alarm turns off? Really?), you can easily get a home controller that does that. But I wouldn't touch Nest for it.

5
0

There is no perceived IT generation gap: Young people really are thick

Lee D
Silver badge

Re: "It’s about pressing a button on your keyfob to find out where you parked your car"

I find it much easier to just text my car, and it gives me a GPS link, which I load into a GPS radar app, which walks me to within feet of it.

Not a fancy car. Just a £20 GPS tracker box off Amazon tied to the radio circuits and a £5 / month giffgaff SIM and some free apps.

Also, it was great for knowing when my other half was coming back from her evening courses... I would activate the "text on motion" function once she was there, and when she moved it on her way back it would text me and I knew to get the plates ready for the KFC she would get on her way back.

2
0
Lee D
Silver badge

You mean the re-sample of Under Pressure by Queen / Bowie?

5
1
Lee D
Silver badge

"I stopped watching commercial TV before 1990. An advertising impact study once asked me about a TV advert. I could remember the rather wooden public figure delivering the product endorsement - but couldn't remember which company it was for."

They stopped running the "easily-turn-off-and-on-able" ads because everyone thought they were for British Gas, I think.

0
0
Lee D
Silver badge

Re: Swearing in the South

My era is defined by:

"Re-record, not fade away, re-record, not fade away"

"I'll be your dog!".

"There's somebody at the door!"

"Happiness... is a cigar called..."

14
0

Creaky NHS digital infrastructure risks holding back gene boffinry, say MPs

Lee D
Silver badge

Re: 200GB to store a genome? Surely not!

What happens if you PKZIP it?

1
0

Planned European death ray may not need Brit boffinry brain-picking

Lee D
Silver badge

Re: Coherent beam combining

Hard to do.

Certainly difficult to make battlefield-resilient.

Throw a stone at it, make a small dent and the beams would no longer be coherent.

2
0
Lee D
Silver badge

I think that the next time you have an infantry-vs-infantry battle, it's probably already game over anyway.

WW3 will be fought from a computer desk. Actual people on the ground is reserved for "peace-keeping" (i.e. making sure those people without the expensive weaponry don't get hold of it).

The days of even things like tanks, etc. are numbered.

To be honest, nobody is going to pitch professional-army against professional-army again without things getting very bad very quickly. Which is why it's a bit pointless and alarming to teach people that armed forces like that are good careers to go into. Anything serious happens, you're laser/chemical/nuke fodder. Anything non-serious and you're just going to be asked to fight against a bunch of people that last year you armed to help them fight against a different bunch of unarmed people.

If a major first-world power ever declares war on another first-world country again (not just a concept or easy-pickings or the Middle East, etc.), then we have precisely zero chance of things like chemical usage restrictions actually being abided by. People can't even abide by them now - everything from Russian spies to chemical weapons in Syria.

One of the reasons that we really should be just bringing the military home, using them for defence (lovely how they use that word but never "offence" when describing it officially), and absorbing their ENORMOUS cost into something a bit more useful.

10
9

Samsung-backed gizmo may soon juice up your smartphone over the air

Lee D
Silver badge

I'm not sure that you want to have a beam of anything pointing at you to charge your phone.

Anything directional (i.e. not really subject to the inverse square law) and of sufficient power is going to interfere with things. Everything from inducing a current in your credit cards in your wallet to generating all kinds of RF or reflections.

Basically, this is achievable today. Get a large directional antenna and just point it at the "magic charging spot" by some magic dot-tracking method. But putting, say, even 10W down it is going to attract the attention of radio licensing agencies before long. Anything non-directional is subject to inverse-square law (so something 40cm away would need to be 1,600 times the power of something 1cm away). There's a reason that even directional antenna use - though it might come under power limits measured in Watts - isn't allowed if it allows a certain gain overall.

To then harvest it without anything else in the path inducting a current from it is going to be really tricky. And you don't want to have the e-cig in your pocket ignite because you walked between a guy and his phone charger.

The energies we're talking about, really the only viable method is very-close-contact induction and acceptance that there'll be some loss, or a conductive cable to "channel" it down so it's not going through the very insulating free-air.

Inductance works great for electric toothbrushes, maybe a very low power phone, etc. Everything else, you really don't want to be inducing even targeted, directional beams of EM power towards. Especially when a 50p cable does the job at stupendous efficiency without side-effects.

The low-power, harness-what's-there is more viable but you should be able to tell that even that's a bit of a cop-out. Sure, it'll keep, say, a wireless sensor blipping once a second, or find your lost car keys by having them suck up wifi energy and send out a short burst of data, but that's about it.

Honestly, you may as well just point a laser at the center of a QR code using a movable arm. That's basically what you're doing, but with RF, but at least a laser beam doesn't spread out, induce currents, etc. in surrounding materials. And you would have a chance of cutting out instantly if the laser detects that it's reflecting back or lost the QR code because something's got in the way.

Basically charge-by-high-power-laser is more viable and I could probably make you one today. 10W would be quite dangerous, though, and a bit naff for charging.

9
1

BT pushes ahead with plans to switch off telephone network

Lee D
Silver badge

Re: Voice quality

VoIP sounds shite only if you don't bother to QoS.

A VoIP channel is TINY in terms of bits-per-second. Sure latency will delay things. Jitter will make it wobble. But those don't tend to matter for a... what? 64Kbps stream over a 10Mbps channel? That's a HUGE amount of loss before you're affected. Latencies of 100ms on voice traffic are not noticeable and if you have more than 100ms ping to even the other side of the planet, you have bigger problems on your connection.

But what matters is that your phone call doesn't get superseded by Fred over in the office loading his Facebook. His packets can wait, and he'll never notice. Yours can't.

It's very easy to demonstrate. When a workplace first gets a VoIP phone in-house, warn them that it will happen. You can put in the most expensive switches in the world and massive redundant fibre connections and all sorts, and even on switchboard-only calls, it'll work. For one phone. Two phones. Three phones. But before you even get into silly numbers (say a dozen), or if there's a particular time when everyone logs in... the phones will start to distort and cut out. It doesn't matter how much money you throw at it at that point.

At that point, everyone starts getting rubbish service and it sounds bad. So you VLAN off the voice traffic, and apply QoS to it. Now watch as you can go to 100, 200, 300 handsets and no problems. On the same networking, the same expensive (or cheap!) switch. The same Internet line.

The problem with telesales people on VoIP is either that they don't have the IT people to know this, or they are all working from home over their home ADSL router (more common than you might think... lots of people do telesales jobs from home, dial into the switchboard from a phone they are given to plug into their router, and off they go). Nobody sets QoS properly. And it affects NOTHING else when you do it right, while making the phones all "just work". I've demonstrated this phenomenon on everything from the cheapest Netgear to the most expensive Cisco, with less than a dozen phones each time. Works fine at first, then ordinary network usage interrupts it and it fails. Apply QoS on the same switch and then you can expand enormously without issue.

I've seen contractors who carry around Ethernet IP phones and just plug them into people's networks expecting it all to magically work... and invariably they say it works where the IT is well-managed and doesn't anywhere else they try it - even if they're the only person on the network. Because the QoS isn't automatic.

And QoS applies not just to the local network, but to your wireless ("Airtime Fair Sharing") and outgoing packets too. Your router has to know to deal with the voice packets FIRST before it worries about your Counterstrike game. It has to respect QoS and pass it on (it'll likely be ignored by the ISP, but you never know) just the same as the switches. Your Whatsapp traffic isn't QoS'd because I think it goes out over untagged encrypted protocol which your smartphone / wireless / router doesn't understand or respect. That's why it does that.

The number of times I've had calls FROM people selling me VoIP where I literally can't hear their call (and it's not us... at various places and times I've had analog, ISDN and SIP so we know our calls were clear).

When we started buying local IP handsets, the problem came within a dozen and I QoS'd and four years and a hundred handsets later we're fine. When we started going down the line of SIP trunking, I did the same - made sure the traffic was VLANned, that entire VLAN was QoS'd on the switches, prioritised on the router, firewall and wireless points. Made sure that the outgoing SIP ports were forced to max priority so they retained that QoS when they went out to our ISP, etc. Literally never had a problem, even with user's maxing out the connection on an hourly basis.

Voice traffic doesn't care about bandwidth and retransmission, like other technologies. TCP will just "try again" so fast that you'll never notice a problem. But VoIP needs to be jumping the queue for every tiny little packet it sends because it NEVER tries to send it again, it's already too late by then. If it can't jump the queue - from the phone to the network to the switch to the firewall to the router to the Internet - then it will be bad. If it can jump the queue, it's literally so miniscule that nothing else will notice or care. The actual bandwidth it consumes is pathetic.

To be honest, even "wireless" IP phones have more problems than cabled ones. Because you can't stop someone on the same channel but another SSID or just plain interference from "jumping the queue" and holding up the voice traffic.

If you are expecting VoIP and you're not in control of QoS... you're on your own. It might work, it might not. If you are MANAGING VoIP - apply QoS from day one on everything in the path. Then, quite literally, you can run a entire company switchboard from a dodgy old ADSL line.

As an aside, we abandoned all our analog and ISDN lines last year, after many years of waiting for approval to do so. They were more likely to provide poor performance (everything from rain affecting the cables, to things literally falling off the telegraph poles) and we had more faults on ISDN than I care to remember. We retain one emergency line only so we can dial 999 if the system goes off. But everything else is entirely SIP. I haven't had a complaint about call quality for a year.

3
0
Lee D
Silver badge

Re: Oh well

Same way as it does now?

Battery-backed units in the cabinets/exchanges which provide service for a limited time? We tend to call them UPS in the IT trade. If only someone had come up with a way to UPS IP-based technology, eh?

To be honest, though, I manage a school's IT and our procedures just say "call 999". But in all the meetings we have, we are quite aware that we're much more likely to be able to do that safely from out on the playing field with a mobile phone than trying to call from a landline.

Despite the fact that we have leased lines, SIP trunks, analog and ISDN backups (for emergency calls only), we recognise that we're actually much more likely to want to be OUT of the building before we worry about that. And then if O2, EE, Vodafone and whoever else are ALL down, and we can't pick up the Wifi to SIP-dial, that that's a scenario that may call for extreme action like - going to the nearest house and borrowing their phone and hoping that's not affected.

999 call handling won't change, because the other end is almost certainly IP-based by now, at some point anyway. The call handling centre MUST be IP in this day and age, surely? With analog backups, sure, but it must be IP for the first-hop and local devices?

But to be honest, 999 calls must be literally THOUSANDS OF TIMES more likely to come from a mobile handset nowadays. Because you can flee AND call, rather than have to stay in the emergency area. Sure, for an injury, you could call on a landline but then you're tied between the landline and your patient unless he happened to collapse in a very convenient location.

I think we're being spoiled nowadays, given that only a generation ago, it could have to be a run to the local phonebox (Remember those? Remember the years of being taught how to use them to dial 999?).

I'm not saying they shouldn't provide 999 services and backups and everything else, but surely nowadays calling 999 can be done by one of DOZENS of methods. Hell, Skype even lets you dial 999. I don't see that IP conversion would inherently degrade or change the system for doing so.

18
17
Lee D
Silver badge

Seems to be the obvious thing to do and has been for decades.

I'm almost at the point of suggesting that 999 call-handling should have some rule-changing, to be honest.

Everything in my workplace is IP - from the phones on the desk, to the fax machine, to the GSM alarm systems to the SIP trunk. There are no longer any analog or ISDN lines or anything of the sort still active, because there's no need for them to be and they have disadvantages despite being actually on-the-premises still.

Its seems only logical to plan for an IP-only future in terms of telecoms, even things like video, mobile telephony (all modern handsets do SIP, so the 4G etc. network is really only providing a data backend), etc.

I imagine it means a lot of clutter removed from exchanges and only legacy lines having a kind of conversion equipment, which can be phased out by moving everyone to "proper" fibre connections as necessary.

It just makes much more sense.

The get-out-clause also disappears from BT's books - they can't just blame demand for not having cabled your area properly yet. If you have all-IP exchanges and all-IP cabinets, there's no reason that some manky old line can't support stupendous speeds even if it's shared with the rest of the village once it gets to the exchange. That won't stop them trying, though.

I can quite easily believe now that there are households and businesses all over the country that are pretty much IP-only, internally and externally, for everything from telephony to CCTV.

4
13

OK, this time it's for real: The last available IPv4 address block has gone

Lee D
Silver badge

Transition.

You've gone from "Just add an IPv6 address to the device already running NAT on the front-end of your Internet connection" which is centralised, easy to diagnose and easy to revert to "set up IPv6 local DHCP which could interfere with local services if they aren't already set up for IPv6, while making sure that all your internal access lists, subnets, etc. are also configured for IPv6, etc. etc. etc." not to mention "now you have to consider that every machine has a globally routable IP", so your firewall config just expanded from securing ONE IP to an entire subnet on a protocol you aren't familiar with.

Worrying about NAT literally held everyone back. NAT isn't broken. It works for the vast majority of the world. You know how we know? Because the vast majority of the world has a NAT router on their DSL connection. And the solution to "poor" IPv6 deployment is now likely to be carrier-grade NAT on IPv4. Ironically, the "problem" cited by everyone like yourself - spewing NAT-hate - actually CAUSES PEOPLE to stay on IPv4, which means ISPs are forced to NAT them as they can't get any more public routable IPv4 addresses.

Nobody is saying "stay like that forever", but the initial transition is literally an hour of work, for a site with an unlimited number of existing machines, with no changes to internal services whatsoever. But NAT-fear stopped people doing that, because "with IPv6 you should ditch NAT too", etc. etc. Which turns it into a 6-12 month project of testing and reconfiguration.

Your post is the epitome of demonstrating my explanation. NAT or not-NAT has nothing to do with security either. I'm not even claiming that. NAT is a "sensible default" applied to the technology that happens to translate to a "block all incoming" as the final rule by the way it works, and that should be your default rule anyway.

What you did was tell people: You're an idiot to use NAT, turn it off. When everyone is using NAT and there are no inherent problems with a proven technology that serves a practical purpose. And because you conflated that with "here, have a bunch of new-style IP addresses", nobody moved to new-style IP addresses because they were afraid they'd also have to change EVERYTHING about a technology they've been using successfully for decades.

P.S. Your IPv6 router/firewall, no matter how basic it is, still has to keep track of connections. Stateful firewall is the norm. If it's not, you should worry. And though connection tracking on IPv6 does technically take up slightly more memory... there's no way you should be hitting limits on any router advertising itself as IPv6-capable.

P.P.S. I've run Bittorrent on NAT'd connections, like I imagine the majority of the world has. It's never dropped unrelated connections. That's a factor of "crappy router" not NAT. I've literally never witnessed the symptoms you describe (but sheer bandwidth can fill up your outgoing line, which knocks your users for six if you have asymmetric connections and they can't get TCP request and acknowledgements etc. back out. Solution: QoS, not removing NAT.)

1
1
Lee D
Silver badge

I lied:

https://www.google.com/intl/en/ipv6/statistics.html

21%

2
0
Lee D
Silver badge

IPv6 is present in all modern smartphones - it's a requirement of the protocols involved.

IPv6 is present in all modern communication protocols - including DOCSIS.

IPv6 is present in all modern operating systems. It took decades to get it in there.

IPv6 is present in all modern switching/routing hardware. It took decades to get it in there.

Nobody is going to supplant IPv6.

You know what hindered it? That NONSENSE about it meaning that every device had to have a globally addressable address. That was the problem. Nobody wants their local devices to have an address like that. NAT is perfectly fine. And converting a NAT network to IPv6 consists of this... add IPv6 to the gateway device. Done. Everything else can be done at leisure, or stay IPv4 into perpetuity - nobody would ever care.

That nonsense literally held back adoption, because who the hell wants to go through every switch, router, server, client, phone, printer, etc. and give them all IPv6 addresses and then address them only by that? Nobody. Internal networks, it does not matter how they operate. That's why they're internal.

But the anti-NAT brigade set us back 10 years on IPv6 because of that.

You are not going to get anything but IPv6 for the next 20 years. Deal with it. Activating it, using it testing it, and understanding it takes about an hour tops for any IT professional, with a deployment plan then going into normal change management.

Sorry, but you can make all the excuses you like, like The Reg does. All my servers, domains, etc. are IPv6 capable and have been for years. It really doesn't take much and things like log-file analysers and custom-made sticking-plaster scripts are the things that need time to be converted. The protocol support? It's just there. In your device, in your OS, in all the things you use that OS on.

And deploying it affects nothing IPv4-wise, so there's no reason not to. Do it using ipv6.yourdomain.com and say it's a test. Google report that something approaching 10% of their traffic is IPv6 now. It's not going anywhere.

5
3
Lee D
Silver badge

Re: It's bad to say....

I always use a subnet calculator (http://jodies.de/ipcalc). Anything else is just going to introduce errors, because a lot of things WILL still work with an incorrect subnet.

For instance, the range I inherited was 48.0/22 (255.255.252.0) - that's a really odd range.

They were using the 48's for client DHCP initially (again - NO IDEA WHY, it's within a local range!). Then they needed more addresses, so some fool decided to do the above (which gives you the 48.49.50 and 51's). But they didn't update the subnet everywhere. So what you get are a lot of computers that can get an IP, log on, talk to the gateway, connect to the Internet, etc.

But when you try to talk to printers or, say, anything broadcast - DLNA, Chromecasts, Airplay, etc. then it doesn't work properly.

And you get things like... the 48's are filtered for web, but the rest aren't. All kinds of issues. And I guarantee you that the CCTV, access control, etc. guys will just read it as their bog-standard, "we-don't-know-why-just-type-it" 255.255.255.0 no matter how much you highlight the fact because they don't understand what a subnet is (or a VLAN or VPN or STP or anything, for that matter).

The solution, of course, is to stop faffing about and use well-known subnets. Very few places have IT big enough to worry about broadcast floods, etc. and hence want to limit their subnets down to the bare minimum necessary, but no IT department that understands the issue... just use the whole damn range and a bog-standard subnet and be done with it.

Then you have the numbering issues? Then don't. Nobody needs to care about IP addresses any more. I wouldn't be able to tell you the IP address of any of the 1000+ devices on my networks except for a) the gateway, b) the primary and secondary DNS, c) the main DC (which is actually the primary DNS anyway, but I don't actually NEED to know that, I could just use it's name!).

At home is the same. My router gives everything a name. Sure, at one point you have the IP there but it's DHCP and then you "reserve" the lease and it's permanently on that address but... more importantly... you then just give it a name. Anything that doesn't have a name will autodiscover, I assure you (e.g. Chromecasts by using the broadcast address).

And it's a damn sight easier for grandpa to remember to type in "backup" into his browser than "192.168.0.182" for his backup NAS, or cctv, or printer whatever else.

As far as I'm concerned, if I don't need to know anything more than gateway and DNS (the two things you really CAN'T refer to by a DNS name), then nobody else does either. I've memorised my VLANs and subnets on each VLAN, though. That matters. But the IP of individual machines? Nope.

And, to be honest, it REALLY shouldn't matter. Anything that needs to talk to a server should be using the name. Because then transition and retirement is much easier because you just change what the name resolves to without having to have two machines with the same IP trying to failover to each other etc. as you make the switch. Anything else should be picking up a random from DHCP, or literally a "fill-in-the-gap" on your static lists as necessary.

Too many simple problems are caused by referring to machines DIRECTLY by IP or MAC. Whereas we solved that problem for the Internet by making them all invisible behind a chosen nomenclature.

Do you know, I don't even know my outside static IP. Because it literally doesn't matter as NOWHERE is it referred to, except the DNS records of my domain. And yet I have a dozen or more outside services for hundreds of users.

Make your life simple. Choose simple, well-known subnets (the entire 10.0 range is perfectly fine for a local network, nobody will ever have that many devices that it will matter, without having a switch capable of handling such things). Name everything. Use the .1 and .2 as gateway, DNS, etc. done.

3
0
Lee D
Silver badge

I'm implementing my rule again, Reg.

When YOU BOTHER to put an IPv6 address on your website, as already supported by your browsers, DNS host, webserver, content delivery network, and everything in between... THEN you can be sarcastic about a poor IPv6 deployment statistic.

It's companies like you that are precisely the problem. "We've got our IPv4, and it would 'take effort' to make everything work for IPv6, so why bother?" is the attitude you've given for... what... 8 years? Maybe more. I'll check my comment history where I have about half-a-dozen annual "Yeah, we're going to look into that next year" things.

I mean, at least you did eventually get around to SSL. But, honestly, you should restrain yourself from sarcastic IPv6 comments until you at least have an AAAA record on a beta-domain:

https://mxtoolbox.com/SuperTool.aspx?action=a%3atheregister.co.uk&run=toolpage#

Your DNS hosting provider is "Cloudflare"

For anyone else, it would just be annoying but for a TECH SITE it's downright rude. It's like writing articles dissing Windows 10 for not keeping up to date while running XP in all your offices.

19
6

CEO insisted his email was on server that had been offline for years

Lee D
Silver badge

Re: Deleting emails

I have every email I've ever sent or received, ever, back to... pre-2000 certainly, probably a few years before that if I dig around in my old Hotmail archives.

Because... well, email is so small compared to everything else that there's no reason to delete them. Additionally, having a HUGE stock of source data means that an email from an old friend won't be put into spam by my Bayesian-filtering mail client. Plus... wow, I mean, does it save your backside. "That's NOT what we agreed, and I can prove it", say I, with instant narrow-down searches of nearly two decades of email in fractions of a second.

In work, I make things work the same way. People tell me they are deleting their old email. Why? What are you hiding? Did you get the "you're running low on space" email? No? You know why? Because it's set ludicrously high - the point at which our 1000+ users would start to fill up the server's storage - and nobody ever reaches it despite having well-advertised, public addresses that thousands of customers and suppliers use to contact us all the time. I think in 4 years, that email went out twice, and both times it was "Yeah, you have a lot of email, but it's nothing in server terms. Don't worry about it." and I doubled their warning threshold.

Because literally "server storage for email" divided by "number of users" gives me a potential average mailbox size in the 10's or 100's or gigabytes. And pretty much Exchange says that the average mailbox is less than 2Gb. So I can afford for some heavy users because almost nobody else is using the storage available. Their roaming profile, however, could well be in the 10-50Gb size, even WITHOUT the documents folder (which is redirected to a network share).

My email retention policy? Don't delete email. No point. You're going out of your way to permanently remove data that might be useful to you for no real reason... And sucking down even a 10Gb mailbox to a new machine is going to take... hold on... 1Gbps network... 8Gbits in a Gbyte... 80 seconds? That's just not worth worrying about for a one-off only on the machines that you've NEVER used before.

And I don't worry about how users organise their own inbox. Why worry? It's up to them, hinders only them, and I have Powershell search tools that basically ignore folder structure anyway if I need to find something in them.

To be honest, I have EVERY mailbox ever made on my system still present too. 4 years, and I have 80+ users come and go every year. Why do I keep them? Because that involves zero effort and provides safety (users do sometimes return, sometimes we need to pull things from old mailboxes, etc.) and costs nothing. If I was getting tight on space, I'd just archive the oldest of them off the live systems. I still wouldn't delete them, though, just put them somewhere else. And we have backups and archives and retention policies and all the normal so even users deleting every email (rather than just throwing it into a folder to get it out of the root inbox) makes no practical difference to the size of the storage required for the mailboxes.

IT people whose systems are so underspecced, and who have so much time on their hands that they worry about a handful of old email for a few dozen users who keep everything? They really need to re-evaluate their systems and working practices. If you're on a budget, just archive mailboxes once a year and throw them on a cheap NAS, who cares? At least you'll still have everything.

But literally my users are instructed "Don't delete anything, there's no point. And especially not email, which is so tiny as to be pointless". You desperately need storage (unlikely, we don't quota either)? Then a video is the size of a thousand photos, which are each the size of a thousand documents. So long as you're not emailling around video directly (you idiots), don't worry about it.

63
10

Motorola Z2 Force: This one's for the butterfingered Android lovers

Lee D
Silver badge

Re: At £500 it would be a steal

Most I've ever paid for a phone is £200.

Sorry, but these people are living in la-la land.

I'll happily pay £30 a month for a BUCKET load of data.

I'll happily pay £200 for a device.

But not £60 a month for a device with a pittance of allowance on credit, and not £500-1000 for a device on its own.

Sorry, literally all the "new" phones are out of my price range, mainly because they do a TON of things that I just don't want/need them to do.

8
2

SpaceX finally Falcon flings NASA's TESS into orbit

Lee D
Silver badge

I did actually research THIS LAUNCH specifically before writing this post(*)... and they just pushed the second-stage out of orbit. Apologies will be accepted in the form of cash, credit card, Bitcoin or Paypal... no cheques please.

Same as the Tesla-in-orbit. Great gimmick. Now where's it going to end up. It's hard enough to launch through the space junk now without encountering 100-year-old space junk returning on a huge chaotic orbit because a private firm just shoved it away from Earth with no way to tell where it would end up.

(*) The reason... because ALMOST EVERY LAUNCH they do that claims to "land back" in some fashion actually fails - even if it's only one rocket, one stage, or that they have to abort the landing, the "we re-use rockets" thing is only technically correct.

More often than you might think they destroy the drone-ships that they are landing on. They don't publicise it much because they can just say "Hey, we re-used a booster from flight A" and everyone just goes "cool" without checking facts... *cough*.

4
26
Lee D
Silver badge

Except for the second-stage of the rocket, which they now just fire out of orbit, apparently.

Nice to know that we're not just littering our planet but the rest of the solar system too.

3
48

Cutting custody snaps too costly for cash-strapped cops – UK.gov

Lee D
Silver badge

Re: They know, you know

That's part of the problem, but the real problem is that nobody is BOTHERING. If you delete at the police station those systems inform the central police computer. But if you delete from the central computer, it just lets all the copies of that data (why are there copies anyway?) linger around and orphan themselves with no central control.

The problem is not "we don't know how". The problem is "we put in too many different systems that it's a hassle to do".

To be honest - my brother got into his 40's without a passport or driving licence or any other formal photo ID. He has bank accounts and everything normal, but he only has a birth certificate and a range of information to provide as identity.

He certainly has a national insurance number but that's hardly ID (take note America, SSN's are NOT ID!). But can you really imagine someone being briefly arrested and then immediately being able to provide national insurance numbers etc.? I can't. I can't even imagine that such an ID is even useful - if I give you my NI number, would you be able to tell me where I'm living? Not with certainty. I don't inform ANYONE at NI when I move house, unlike DVLA, etc. Do I have to login to some portal and provide NI to actually do anything? Not really.

The closest we have to actual ID is the government gateway (which used to issue individual client certificates but is now just username/password). That lets me renew driving licence, passport (even change the photo), file tax returns, etc. so it's pretty central and integrated. But we don't use that for anything like that - the closest is when you have to get one of those codes from it where the DVLA certify who you are so that you can hire a car.

And I think we're now scrapping GG, aren't we? I know there's been talk of it. The ID card debacle basically put the nail in the coffin of central integrated services.

2
0
Lee D
Silver badge

And I'd have to dig out the line I used for everything from telemarketers to complaints departments:

I don't care what your SYSTEM is capable of. That's not my problem. Your poor implementation is your own fault.

I'm asking you to remove me from the database / not call me again / delete my record / whatever. How you do that is up to you to sort out and having inadequate processes doesn't excuse you that obligation.

THIS is your formal notification that I've given notice / asked you to remove me / informed you of your error / cancelled your direct debit / whatever. If I still continue to be present on your database / get phone calls / be charged for that good/service / etc. then this will come up in court.

P.S. I've recorded this message / put it in writing / copied in your head office / whatever for a reason. I will present this evidence in court if you fail to deal with the situation.

Otherwise, literally, every company would just put in a convoluted process that says "Oh, well, we can't remove you from our mailing list because our data manager requires the blood of a virgin, a form filled out in triplicate and a holiday in the bahamas as part of his process, and then he has to go through and tippex out your name from a million pieces of paper" and use it as an excuse not to follow the law.

17
0

Jeff Bezos purple prose reveals Amazon Prime's passed 100m customers

Lee D
Silver badge

Re: 99m, 999 thousand, 999 now

I'm sure you've had a bad experience but, for the majority of people I speak to, they have Prime because it's just that good.

My employer uses Amazon for Business... we order everything from pens and paper through to hundreds of iPads via it. It's basically our biggest supplier. Everyone I speak to about the customer service, the delivery, etc. is over the moon with it and believes they've transformed shopping.

Hell, I could order random computer parts and have them within 2 hours as we're part of a Prime Now area. And I've done that and it works.

Our employer actually has an "Amazon cupboard" where staff can order all their stuff to the work address (because there's always someone there), and it gets put into the cupboard and at the end of the day someone delivers it to people's offices if they haven't come to collect it (personally, I get a message on my phone saying it's here AS THE GUY presses the button with the receptionist to say he's put the parcel in there, and then I wander up there).

If your post office is terrible, though, they don't have much recourse. They'll never know that unless everyone tells them, and there might be nothing they can do about it. Prime for me means next-day, every time (unless I decide to get a £1 credit on the video store and have it delivered whenever, when it generally arrives... the next day). If anything, I only ever seem to get notifications that my delivery will come EARLIER than the delivery estimate, especially for non-Prime items.

I don't see how "stuff supposed to be delivered by the postie" really translates into how Amazon "should employ more staff", though. Sounds like your post office need to pull their finger out.

To be honest, I can't fault Amazon on much at all. They didn't have a business account, and all my former employers have used them for lots of things. Now they do. Their customer service was absolutely faultless every time I used it. The returns procedure is wonderful (I've received replacements BEFORE I could even box up the faulty item to take back).

About the only thing I think they don't have up to the normal standard: The food delivery thing is just mediocre. I think that's because of their partnered supermarket in the UK (Morrisons?). It was okay but Asda/Tesco/Sainsburys do a much better job. Oh, and if we could cut out the ChromeCast/Firestick rivalry and just let all the apps work on both devices seamlessly, that would be great. I'm not going to buy a Firestick just to watch a free movie, Amazon, when I already have a Chromecast, so give it up.

Yes, I have Prime. I use Prime Video (and bought videos too). I've tried Prime Fresh. I've tried Prime Music (but it's not a big product for me, but it does just work). No, I don't have an Echo or any other surveillance device. I don't use Prime Photos. I had a Kindle but I gave it to someone and just read my books on my phone now. I don't have any of the bolt-on subscriptions like Family, Music, Reading, Twitch, etc.

But I absolutely would struggle to fault the "I want that, click button, oh look it's arrived" part of the service. I literally spend enough online - mostly through Amazon - that £79 for a year's worth of postage is actually money-saving. Everything else is just a bonus. And, to be honest, if I click the "No Rush Delivery" button for things, I can buy enough movies over the course of a year with the savings to build up a video library worth £79.

8
3

Oracle demands dev tear down iOS app that has 'JavaScript' in its name

Lee D
Silver badge

What a brilliant way to ensure that nobody ever talks about your product ever again.

And the "trademark enforcement" nonsense? Just rubbish. You can use trademarks so long as you're not passing off. Otherwise every product called "... for Windows" would be in breach of trademark (yes, Microsoft tried it, they failed). And you'd be able to sue someone for saying, say, "DVD Collection Organiser".

Sorry, but Oracle are just setting out to destroy every possible reason to ever go near one of their properties, and I can't fathom why. Everything they touch dies, forks, or is something everyone runs from. The whole Java/Dalvik thing, MySQL/MariaDB, OpenOffice, the whole Sun brand, etc. etc. etc.

33
2

Elon Musk's latest Tesla Model 3 delivery promise: 6,000... a week

Lee D
Silver badge

That graph just makes me piss myself.

That's quite literally an "Elon Musk Self-Appreciation Fund", because that's huge amounts of money to piss away and never make a profit, and not fulfill even a quite rubbish production level promise. Ford are pushing out ORDERS OF MAGNITUDE more cars for not much more money ($7bn income in 2017, selling 5-7 MILLION cars worldwide every year - that's 1000 times as many cars for only 10 times the income!).

I honestly don't get why Tesla get any publicity at all. They make fairly basic cars, from fairly basic components (nothing special, just the bog-standard tech in terms of motor, battery etc.), sell next-to-nothing, exist only because of a sugardaddy pumping money into them, can't even get a factory working, miss every target, automate-everything only to then claim humans-do-it-better, skirt bankruptcy constantly, and still can't do basic things like stop the automated stuff killing people by forcing drivers to drive still.

5
5

Chrome 66: Get into the bin, auto-playing vids and Symantec certs!

Lee D
Silver badge

Re: Googe and your data

"That's all gone up in smoke now that the US Congress Critters have decreed that your data wherever in the world it is held is fair game. If the Feds decided that your cat video is really a call to arms for ISIS, they can get it from Google. No ifs, no buts and poof, it is gone to DC"

Not true.

They try. Of course they do. And they decree things. And they have absolutely zero power of enforcement in doing so.

Because compliance with the US law AUTOMATICALLY means deliberate non-compliance with the EU law.

The only exception being carved out (by Microsoft, who like Google have a US and EU subsidiaries that are completely different entitiies) is data on US citizens stored on EU servers (because US data law is so lax that can happen).

But the US can demand, decree, order, cite and write what they like. Nobody at Google (EU) can *allow* even the *potential* for an entity outside EU to access that data (even the US Privacy Shield stuff is a load of nonsense and not really at all EU-compliant, hence is only relevant if you're in a US jurisdiction anyway), or co-operate with such, without being collectively AND personally sued into oblivion.

Same way that the US can decree they own all of the North Pole, or space. They can say what they like. It doesn't mean it's true.

Especially when, if they REALLY wanted the data, they could just file a request to an EU court which is quite capable of granting it legally given due cause. They don't because they know it would be refused.

But the "US can get all your data" is still nonsense and hyperbole.

It's like me being a magistrate and ordering the coffee shop down the road to provide the full names and addresses of every employee of the franchise they are under who live in Outer Mongolia. 1) They are unrelated entities, 2) they don't have access to it, 3) Outer Monogolia would beg to differ about whether you're allowed it or not, even if someone DID want to risk imprisonment.

Literally, someone in Google or Microsoft's EU headquarters can go to jail for ALLOWING a way for anyone at Microsoft (US) access to "personal data" that's stored on or on behalf of EU citizens within the EU. Despite Microsoft probably having less of a business relationship with Microsoft (EU) than they do with Google (US).

1
0
Lee D
Silver badge

Re: Ok, so you have fixed some bugs

Google has one of the most compliant data protection policies I know, for the UK/EU at least. iCloud/Apple has literally NEVER issued a data-protection compliant policy. They still have a line that basically says (paraphrasing but the brevity and gist is correct) "we can send all your data anywhere any time we like". How they've got away with it, especially pushing iPads in schools, I can't imagine and with GDPR it's a death-sentence.

But Google have always guaranteed EU- or UK-only data storage and never to move your data out and done it on day one of new legislation every time.

By comparison, you should be berating Apple, not Google.

And Google banned ad-blockers because IT LETS A PIECE OF SOFTWARE READ EVERY PAGE AND SEND IT TO A REMOTE SERVER, including secure pages. But, hey, keep bashing them on their privacy too and use your ultra-safe Safari "we can do what we like, up yours EU law" instead...

4
7
Lee D
Silver badge

Re: Security Certificates

Not if you have any kind of certificate pinning. Welcome to several years ago.

And I don't care that they were sold to Digicert. Digicert picked them up and they were signed by the same certs, and I'm being forced to renew them earlier because the signing company has had all its certificates removed from browsers. Game over. I don't care who owns them now, before or since, they're dead to me as they required an out-of-band re-signing because of the incompetence of one of their signing parties... and that's just not compatible with my use of SSL.

To be honest, with LetsEncrypt wildcard certificates now valid in the wild, who cares about any of the CA's at all any more?

3
1
Lee D
Silver badge

Re: Security Certificates

Oh, I just stopped using them.

I don't see why any reputable security company would want to be associated with renewing certificates with the name of someone guilty of complete ineptitude with regards security certificates.

RapidSSL have been bugging me for weeks, but I have no intention to renew with them.

3
0

Guess who's still most moaned about UK ISP... Rhymes with BorkBork

Lee D
Silver badge

Er... what's happening with broadband prices lately? The lowest is ~£20 a month and Zen is:

Unlimited Broadband (12 Month Contract)

Up to 17Mbps Download Speed

Up to 1Mbps Upload Speed

For the first 12 months £28.00/mth

Then £32.99 per month

Sorry, but that's quite high for the cost of their most basic bog-standard, at-the-end-of-the-day BT-provided line. And their fibre offerings are more expensive still (£46.99 per month? That's almost SkyTV territory, and certainly on a par with A&A ISP, who have a vastly better service and reputation all round).

4
4

Cisco backs test to help classical crypto outlive quantum computers

Lee D
Silver badge

Re: Encryption is complicated enough already

I don't think AES is at all safe in a post-quantum world, no matter what keys you choose.

A comment I found from 2013: "The best known theoretical attack is Grover's quantum search algorithm... this allows us to search an unsorted database of n entries in √n operations. As such, AES-256 is medium term secure against a quantum attack, however AES-128 is broken, and AES-192 isn't looking too good. With the advances in computational power (doubling every 18 months, etc.), no set keysize is safe indefinitely."

And that's the worst-case example of just using a QC as nothing more than brute-force on the keys, not even taking advantage of any particular exposed weakness, etc.

A QC will radically change the landscape of encryption forever, because it just works in a very different way. It's not a case of "just increase the keysize" any longer. The solution is IMMEDIATE. The keysize barely matters, it affects only the size of the QC that you need build, not the time to solution. Once someone starts building decent-sized QCs and joining them together you won't be able to make the key large enough to be practical for you to use, while impractical for them to build a machine capable of breaking it instantaneously.

AES is dead in such circumstances. As is pretty much every conventional encryption algorithm. That's why post-quantum cryptography is an entire area of research and relies on things which we have but which we DO NOT yet use in the ways we'd need to to make them post-Q safe. Even ECC cannot escape this and requires reinvention to be valid post-Q.

Think about how it works - it's no longer a case of just "making things laborious" in terms of brute-force. That's gone, in a post-Q world. No amount of brute-force can withstand instantaneous calculation. What works is literally: you get billions of possible answers (hashes used on an enormous scale as an integral part of the basic encryption system which they currently aren't), or you have to build a quantum computer so huge that your adversary can't afford it.

The latter is literally just a matter of time and effort again, though.

Post-Q instantly invalidates all currently deployed encryption methods overnight. They all become nothing more than plaintext, in effect. Now matter how carefully you chose your keys, how big they were, how well you secured them, or what flaws may exist in the algorithm, etc.

Post-Q cryptography has to be a reinvention from first principles, which is why things like SPHINCS just don't have any resemblance to a current encryption system. Currently we USE encryption to build hashes. Post-Q we'll use hashes to build encryption.

1
0
Lee D
Silver badge

Re: Encryption is complicated enough already

Sourcing 4TB of truly random data is probably harder than just stopping a quantum computing attack.

2
1
Lee D
Silver badge

Re: Encryption is complicated enough already

Yeah, I'm a mathematician.

I just tried to read the paper on SPHINCS, written by that Dan J Bernstein guy. I can't see the reasoning for something to be post-quantum-safe, to be honest. It's all described as being so, there's lots of proofs and algorithms written around it, but the actual reasoning for why it's post-quantum safe is dubiously obscured or absent.

It seems to hinge on hash-algorithms not being quantum-attackable but I can't see why that's a valid assumption if someone can build a large enough quantum computer. Presumably the number of items that COULD hash down to a tiny single hash are huge, so you don't know what was actually hashed to get that result.** ("A recent result by Song shows that these proofs are still valid for quantum adversaries")

The rest is about eliminating mid-states of the hash calculations - most hashes started with a number, and then each byte of data you incorporate gives you a new hash. You then use that hash to mix in with the next byte, and so on. Presumably "stateless" hashes don't have those intermediary hashes available, but it's not clear how. (I could be really wrong here, but it suggests that you compute a tree of keys for the size of the message you want to encrypt BEFORE you start, and each key is basically a one-time key used only for that particular part of that message. Then you encrypt each byte/word/whatever individually? It kinda makes sense, but I can't see what it adds, so long as the states are kept secret).

Basically, we just need one bad assumption ("Hashes are safe against quantum, while nothing else is") and the whole thing falls apart.

** This is how I analogise quantum computing, it's vastly inaccurate but it gives you the idea. If you are after, say, two large prime numbers that multiply out to a known number (the basis of public-key cryptography), then in traditional computing you have to basically try all the reasonable combinations until you hit the right one, which can take longer than the age of the universe.

In a quantum computer, you build the machine backwards. Here is a machine that multiplies two numbers, you design it to do so. Then you plug in the ANSWER you want. The magic of quantum effects then automatically provides you with the only state that could have possibly resulted in your desired state given the "circuits" you build and the condition you placed on the answer. Instantaneously.

Presumably a quantum computer, because there is only one right answer, is very good at breaking traditional prime-based public-key cryptography, but when it comes to hashes - well, an entire infinity of data sets could hash to the same value (just not EVERY data set), so just working from the hash backwards doesn't work - you don't gain any knowledge about the actual data that was hashed in the first place.

Thus building the core of encryption on thousands and thousands of tiny such hashes, it's possible that it makes the number of possibilities so vast, even with instantaneous discovery of every single one, that it becomes infeasible.

To me, though, if you had a large enough quantum computer, you could easily get those infinities of answer, and perform a known-plain-text attack and similar by pre-loading the circuits to take account of that as well. Much harder, but still theoretically breakable. I wouldn't know how much more complex, but maybe it does make it complex enough that it's infeasible. There's also talk of time-based hashed and other factors, which might well make it more difficult.

Note that all good encryption methods are immune to known-plaintext attacks.

Could be absolute tosh from a physics point of view, but it's an analogy that appears to work.

2
1

Router ravaging, crippling code, and why not to p*ss off IT staff

Lee D
Silver badge

"In all, Akamai estimated that around five million routers could be vulnerable to hijacking via UPnP exploits: miscreants can use the flaws to rewrite networking tables, and turn devices into proxy servers. "

Yep. If you didn't know this, you didn't do your research and turned on UPnP because it was "convenient". UPnP is an unauthenticated protocol that allows ANY LOCAL USER to open ANY PORT to the world and direct it to ANY internal machine. Yes, your kids clicking one thing doesn't just break the computer they are on, it can put a permanent port forward of your CIFS/SMB port out to the public Internet for all the see, if it wants.

Most routers have terrible UPnP implementations too, so that it's not just local users, so that settings can persist, so that the user is never aware they're being accessed, etc.

UPnP is, was, and always will be a ridiculous idea for "convenience" when 99.9% of the world doesn't need to open any incoming ports anyway, no, not even for gaming. Only if YOU are hosting the server do you need to do that, and even then with an intermediary server on the Internet, you can still host games with ZERO open ports. Companies are just lazy and ask UPnP to open up port X to the world while you're playing your game rather than deploy even a single intermediary server.

And if you have UPnP on... tell me how the average user is supposed to know what's open, why and when it opens up? Because I've never seen a router that had that level of detail outside of big commercial things. Literally, UPnP is just a trojan horse that can unlock all your network firewall protections in seconds because ANY user asked it to, even unwittingly, from a games console, mobile phone or PC.

3
3

Donkey Wrong: Arcade legend Billy Mitchell booted from record books amid MAME row

Lee D
Silver badge

Re: Original Hardware?

The original boards are dying.

There is no modern equivalent chip for most things.

It's hard to even READ the old memory chips, let alone have them work in a game.

CRTs are hard to buy.

Anything to do with preserving an arcade machine in its original state is difficult, very technical, expensive, and ultimately will be useless as they will become harder and harder to get as time goes by.

I'm not saying "don't do it", but be aware. And most people honestly don't have the time, money or resources to pull it off. It's £1000 for a basic cab with a working board in it, before you even start. A CRT can cost you an absolute fortune and very soon won't even be made any more. With suicide-chips and dying memory etc. it can be difficult to even get an old board working. And even making a cabinet that could house an old machine would still cost hundreds.

It's a niche, specialist, collector sport that most people will have absolutely no interest in. I'd love to re-live the 80's. I sit there reading disassemblies of 80's Spectrum games. I can program in the Z80 assembly language. I love the nostalgia. But there's no way that I could justify maintaining an old arcade board against replacing the innards. I'd keep them. Of course, I would. But I wouldn't even try down the path of getting them working if they didn't turn on.

It's not lazy and pig ignorant to understand all that technology and, given unlimited funds and time, being able to covet it and restore it. But that's not what even the geekiest of geeks can manage, afford or dedicate themselves to. There's a reason MAME exists. It's to preserve the originals as best we can before they all die. Because they will all die. And it's not even going to be possible to get hold of one in another 20-30 years, because arcades are very different places now (and I can't see the kids now wanting to get one of those modern ticket-spewing things working in 30-years time for their nostalgia).

But I can get Pac Man working on something that looks and feels like an old arcade, which everyone will enjoy playing on and my daughter could get a feel of how it used to be. It would take all my spare time to build such a cabinet from parts and get it all working. That's not lazy or pig-ignorant. It's just reality.

I have three ZX Spectrums upstairs that I have 1) kept from the 80's, 2) repaired from a boot sale job, 3) sent off for specialist restoration and RAM/ULA replacement. Guess what? None of them work anymore, even though they all did at some point. But Spectaculator? It plays all the games I remember, how I remember, on a big-screen TV for people to enjoy.

2
0
Lee D
Silver badge

Re: Original Hardware?

You just have to hope you can cobble together enough. Like old cars, some boards will survive and some will be junk fit only for certain spare parts. Given that arcade cabinets generally sold in only a thousand or so units, and they cost £1000 each at the time, it can easily be true that no working cabinets exist for lots of things except the most popular of games, and the ones that do have had a hard life. There are entire markets for it, but they tend to be global and, hence, expensive for rare items. But Pac-man, Donkey Kong, anything you've heard of, you probably just need to drop a few grand to the right people and they'll have dozens of them.

To be honest, I wouldn't bother to try though. Another 10 years and even if you look after it, the situation will only get worse. There's a reason that people just buy any cabinet, rip out the innards, replace the screen and stick either a generic PC or a bunch of JAMMA adaptors for modern hardware into it.

The ZX Spectrum, for example, is not easy to get a fully working memory set nowadays. The chips fail and there's no direct plug-in replacement for them (but, obviously you can wire in a daughterboard quite easily). And the ULA was basically custom-made so it's replacement-only territory - either from other working models or a complete modern custom replacement.

I would like to build a MAME cabinet one day, and then I'll buy some old boards for the games I actually want to play on it (for licensing, because I'm honest like that), but getting those boards to actually work again if you have limited electronics knowledge? No chance.

But a RPi 3, RetroPie and a £25 arcade joystick set off Amazon? That'll fit in a home-built cab nicely with tons of room to spare.

2
0
Lee D
Silver badge

Sorry, if you DO want to do this, you need to do this live and on boards that independent people have verified or (better) supplied, in a public venue.

It's like saying I scored a billion at keepie-uppies. It means nothing if it can't be verified, and some old VHS of the screen alone isn't enough.

Side-note:

What is it with YouTube videos narrated by a monotonic, nasal, young American male?

Is this really the broadcast voice of this century?

22
0

Whois is dead as Europe hands DNS overlord ICANN its arse

Lee D
Silver badge

Re: I think its fine to not have details public

"And important part of malware email handling consists in finding out who they are from, or who they are redirecting you to."

And you rely on the domain names given to be definitive, do you?

If you want to handle malware, you go for the IP "whois" (e.g. AS lookup), which is an entirely different kettle of fish. But domain names resolve to IPs. What makes you think they can't just change the domain they are using in seconds?

There's no practical reason to have publicly visible names and addresses (except of abuse contacts at the ISP in question) for anything any more. It used to be there so you COULD call up John Bloggs who worked at X University and talk about a problem with his system. Nowadays, that's just not feasible.

And a vast, vast, vast portion of domains are now owned by private individuals. It's like requiring me to put my name, home address and phone number inside the front cover of every book I write, song I record, game I create, etc. which is just silly.

It's outdated. It's illegal (always has been in the EU, which is why Nominet gave the whois opt-out for personal information - the GDPR is nothing more than ratification of DPA case law into written statute). It's stupid. And it's useless, because of the sheer number of ways to put fake information there because it has way less verification than even an SSL certificate. It should have died decades ago.

25
0

Small UK firms laying fibre put BT's Openreach to shame – report

Lee D
Silver badge

Re: Virgin

Does it really matter? Most people then use a fibre-to-copper convertor called a "router" to then put it into their other devices anyway.

Copper can do ridiculous speeds if you are only doing short runs on uncontested connections (which is what these local fibre->copper convertors will have on them - it's the fibre that's contested, not the coax that is shared).

People fuss too much about this, sure selling it as "fibre" is not particularly honest but I think that nobody cares as in the same way that "broadband / DSL" (meaning everything from ADSL to VDSL) is a certain class of speeds, "fibre" (meaning everything from VDSL, FTTC, FTTP, DOCSIS, etc.) is a better class of speeds. It's like 3G/4G/5G.

I honestly couldn't care what they know it as colloquially, so long as they're honest about the technology used (small print is fine) and the speed.

To be honest, I'd be glad of even 10Mbit where I live (inside the M25!), so I couldn't care less what it's called or where the fibre ends. I use a 4G wifi router, because it literally gives me three times anything else that enters my road, and there's no "fibre" of any description at all (and would need my landlord/building management agent/etc. permission to install that anyway).

8
1

Samsung Galaxy S9: Still the Lord of All Droids

Lee D
Silver badge

S5 Mini here.

Call me when I can get:

- tons of internal storage.

- microSD of any size I like

- replaceable battery

- latest Android

- screen that isn't stupendously fragile, large, odd-shaped or expensive to replace.

For about £300 or thereabouts, unlocked, brand new.

Because the only thing I'm really missing at the moment is USB host, OTG etc. (not supported on the Mini), I would lose my IR blaster (not even present on the normal S5), and the internal storage is a bit limited.

I would literally PAY EXTRA to get things like - no bundled apps forced on me (just pure Android), dual-SIM, headphone socket back again, more USB OTG ports on it so my phone can connect to more stuff, a physical keyboard (like the old Nokia thing that flipped the entire size of the phone out to give a keyboard), a hardware flashlight button.

I would also happily trade in these to help make the device I want for the price I want - waterproof crap, curved edges, sliver-thin shite, everything beyond basic camera functionality (not even sure I care about two-cameras, to be honest).

The ruggedised XCovers go some way towards what I want, but not nearly far enough.

6
0

HTC Vive Pro virtually stripped. OK, we mean actually stripped. (It’s a VR headset, geddit?)

Lee D
Silver badge

Re: Why all the flash?

So, that's £230 for a console, £280 for a piece of hardware.

That's £510. Against an HTC Vive (£499 + PC) / Oculus Rift (£399 + PC)). Not including the addons, etc. that comes with the latter two, the games (console games were ridiculously expensive last I looked, as I haven't owned one in about 15 years), and the actual difference in capabilities.

Sorry, but £500+ is too expensive for this stuff. Even adjusting for inflation, that's more than the console, every controller and every game I've bought for a console, for every console I did ever own in my life.

Especially if you then only get the one. That's a damn-expensive single-player game.

£500 for a complete TWO player kit. Yeah, then you could be in people's homes rather than an expensive status symbol. But it's twice the price it needs to be. It wouldn't even be so bad if there was a standard and PSVR, Rift and HTC could all play each others games seamlessly across all the platforms (we have USB everywhere now, right?). But that's not true either, so every penny sunk is potentially lost if you chose the Betamax of VR.

I'd happily pay £200 for PSVR if it worked on my PC. The lower res of the screen would actually HELP, I wouldn't need anywhere near as beefy a PC. But the only option to do that is unofficial software that you have no guarantees will work on any particular game.

Whereas if someone had made a proper VR console, with two VR headsets, with the Nintendo name on it, for £500, people WOULD buy it, and it would establish a standard overnight in terms of programming API as well as hardware connection (Wiimotes are just Bluetooth and have drivers for everything now).

1
0
Lee D
Silver badge

Re: Why all the flash?

Costing £799, that's what.

I was always hoping for the Nintendo Switch to be a "cut-down" VR console, such that we could start getting the components relatively cheap and mass market and gauge usage. But years down the line, the Vive and any other decent VR headset is just far too expensive, and still needs a damn-expensive PC to run it.

VR really suits the kind of grandma-playing-casual-games ethic and I really think they missed the boat. They could have owned the console market for several years just on that alone, and it would have brought VR to the fore as something people start buying to play at parties.

As it is, I host games parties and I seriously cannot justify even the computer capable of running a VR headset, let alone the headset itself, let alone a bunch of them for people to play against each other.

I find it disappointing that 30-years after VRML and those early protoypes, Lawnmower Man, and whatever else has come and gone, we still don't have anything practical in terms of VR at all. What did the guys in all those "hey, look, we have a 3D walkthrough of our new building using this new system" news pieces have on their head 30-years-ago that we don't have the capability to replicate cheaply now?

6
0

'Dear Mr F*ckingjoking': UK PM Theresa May's mass marketing missive misses mark

Lee D
Silver badge

I have dealt with your blinkered approach to voting more times in my adult life than I care to mention, and thus have prepared answers for all the usual stock rubbish that people spout at me for it. It's a pity such time and effort isn't put into putting forward worthy candidates rather than attacking those that won't vote for unworthy ones.

If your idea of democracy is "lesser of only two/three evils", then you really need to go back and look up the definition. Especially when those people are ALL you have available, and you can't even vote for yourself, a friend, a celebrity, a scientist, whoever the hell you want.

"People are sent to die in order to protect your ability to vote so you should at least honour that. Doesn't matter who for."

a) No, they died to protect my freedom of speech, expression, decision and life. Including that of people they disagree with, don't understand, don't share a culture or attitude, or people whom they find unbearable, uncivilised or even downright nasty.

b) Yes it does matter. I will not vote in someone that I deem inadequate for the job. Present a worthy candidate and I'll vote for them.

Force me to vote by all means, as a civic duty. But give me a "none of the above" or even "Other (complete details) ________" box in which I can enter anyone that I like, including nobody. No, the "vote for one guy one year and the other the next to 'cancel' it out" system isn't right either. And maybe if you forced everyone to vote, you'd be able to tell that despite party X winning over party Y, that actually party Z (the "we don't want either of them" clan) outclasses them in every election.

P.S. I did technically vote once, not for a person or party but to answer a question. To change the way that we vote. Because the way that we vote sucks, but the way we were proposing we could vote sucked less and therefore was a clear and progressive step towards improving not just my outlook but everyone else's. As a mathematician, I can say that neither system was ideal, but one was mathematically "fairer". It didn't matter, because most of the other 20m people didn't agree, so nothing changed.

However, voting for one person over the other does not allow for such "less ideal" candidates to significantly improve the outcome for everyone. For instance, Clinton vs Trump.

"Pick the person who APPEARS to be slightly less stupid, obnoxious, corrupt, inept and cringe-worthy from a group of three/four that you have no say in" isn't democracy. I don't know those people. "Pick the person you'd like to run the country" is a democratic question. The answer for which would be "Me", "My mate Jim", or failing that, someone like Stephen Hawking. I want a scientist in charge for once, like a meritocracy. Someone logical who spends their life cutting through the bias and getting to the issues and actually determining the improvement made in a repeatable manner, who could drastically alter the way we live and can distance themselves from rubbish like sex-scandals and stupid things people say about foreigners. Someone who hires people best for the job. Rather than someone who was education minister than prison minister then minister for Brexit then minister for agriculture and then....

Absent that, I'd really rather not vote at all. Take the consequences of your own decision. I'll abstain. If my abstaining doesn't register at all, so be it. But think to yourself why you would tolerate ministers and diplomats abstaining from a crucial political question, but not someone who has no knowledge of the situation deliberately abstaining until a worthy candidate(s) appears.

15
3
Lee D
Silver badge

I have to say - I moved house recently and do what I always do, went mad with a rubber stamp that says "Not at this address" and then re-posted anything that came through the door for previous residents.

In the space of 2 months I was down to zero rogue mail, and because of the wonders of electronic banking and billing, I only really get letters about council tax now.

But... the exception... fecking political marketing. I hate it. Not only did every political party send me crap as soon as I was on the electoral register (despite opting out of the public version), but obviously a previous resident was a donor to one and they sent no end of letters to them. Then they sent someone to my door to "check" - a lady literally holding a list of all the known donors in the area that hadn't responded by the looks of it... Then they started with the same gumpfh but with my name (presumably from the register again, because I never gave it). And I'm still getting crap about local elections now.

I wouldn't mind, but I've never voted, and am of the belief that if a leaflet through your door changes your political allegiance, or provides you with some critical fact that affects your voting but that you never bothered to find out for yourself, then you probably shouldn't be voting at all anyway.

Honestly, apart from a council tax summary and crap from local electoral candidates, I get no post whatsoever. Everything else is letterbox-spam and unaddressed (including the local council "newspaper" -two pages, hand-delivered...). This week alone - no less than 8 pieces of paper from various candidates. Stop it. Honestly, just stop. Because you're just giving me more reason NOT to vote for you.

13
18

Linux Beep bug joke backfires as branded fix falls short

Lee D
Silver badge

Re: A stand-alone program to ...

I used to use it all the time (I know the jonath domain by heart).

It was a great tool for PC systems that weren't full desktops for everything from identifying machines to indicating problems via a series of tones. Not always was a ^G able to be sent, or sufficient, for such purposes. It's much easier to break out to shell and run a specific program, if for no other reason than echoing scripts that do the same will also beep even though you're only viewing the script, not to mention what's the controlling terminal nowadays with everything from virtual terminals to SSH, containers to virtual machines, etc. - where does the ^G actually play the sound? Beep played out of the hardware of the physical machine you were executing on (hence why it liked to have root).

For instance, a home machine that controlled the Internet connection has no screen or speakers except the internal speaker and used to have a set of rising or falling tones if the Internet came up or went down. I literally never had a graphics card in that machine, so it was very handy, and just a ^G is insufficient to convey that.

However, to tell you how long ago that was, it was a 386 running Freesco on a 2.0.38 kernel, and the Internet was a modem connection which I used to have to turn-off to let my dad make a phone call and it was useful to know that the modem was stopped from dialling out (the falling tones) and when it had managed to restart the PPP session after resuming (the rising tones). If you kept hearing both, it was still trying to dial out.

I know that a lot of embedded hardware still has the same kind of things in them - everything from firewalls to NVR servers - to let you know when they've completed booting. Not to mention that I don't think I've ever owned a computer that WOULDN'T output the sound from beep if you installed it. It might be a PC speaker passthrough header on a sound-card or motherboard, but it usually still works, I believe.

That said, it's probably a long-abandoned bit of software given that it's been 20 years since then, and all it does it beep, and that's pretty much everything you wanted it to do even 20 years ago. It should have been audited, it should have been caught, and being setuid (or suggesting so), it should have been subject to a higher level of scrutiny.

I bet there are a million machines out there with it on, just for those rising-tone power-up notifications in embedded devices, if they're not using some busybox equivalent.

0
1

Boffins pull off quantum leap in true random number generation

Lee D
Silver badge

Now consider a determined state-level attacker such who might be interested in intercepting encrypted communications on a targeted and international level.

Now he just needs a satellite picture of the sky over your head at the time they took the photo to stand a good chance of knowing enough to predict some of your "random" numbers to a certain extent.

Not all use-cases are as simple to combat as you think, when you're talking encryption that you expect one day a government or military might use itself and/or might not want you to use.

Random numbers are hard. Much harder than you might think. And tiny deliberate influences can drastically alter the security of them. There's a reason that there are entire books on the subject, and where most of the current traditional techniques - even on input data we're convinced is pretty random to start - revolve around hashing, mixing, eliminating higher-order bits, melding into existing pools, preserving historical pools to use for future mixing, selecting, analysing viability of and plucking numbers from random pools, etc.

Your "random input" might well be considered untrusted external data, in effect. Someone who really wants to corrupt that pool could do so quite easily if they were determined. Hell, just by cutting your CCD and hoping you weren't checking the image wasn't all-black. 90% of handling random numbers (and 90% of coding errors where they are mishandled resulting in a security problem) is about taking only selected parts that are more likely to be random and incorporating them in such a way that their randomness leaks through but not any determined pattern or bias that may be present. The other 10% is actually getting something that looks random enough to use as source data and could probably be trusted.

Hint: The Debian versions of OpenSSL software generated millions of certificates signed on such systems with atrociously insecure keys by failing to use proper random input and nobody noticing (they seeded from process ID, not an RNG, which varied but not truly randomly). For years. Once discovered, almost every key ever made on those systems was compromisable. Because all the fancy techniques in the world are for naught if your input isn't truly random or trusted.

Just the JPG-artifacts in an image could give a serious attacker enough bias to compromise your RNG. Or the resolution of a particular camera. Or the post-processing algorithms in the camera biasing pixels to generate a more natural image. Or the fact that someone knows the seed picture is of the sky might well give them enough.

As a mathematician, I have advice for people who aren't: Never think you understand randomness, encryption, statistics or probability. Just don't. Don't write code for them. Don't apply them to work things out. Don't dabble and think you understand everything. You'll make things weaker or more incorrect a billion times over before you make it stronger, no matter how clever or well-intentioned you are.

I'm fairly certain I could sit and derive a public-key encryption/decryption algorithm, a random number generator, etc. from first-principles given enough time and a programming language. I'm also 100% certain it would be useless to the point of utter compromise upon the first serious analysis by someone who understands those fields.

If you haven't read Numerical Recipes, go do so. It's got a maths-and-C-code heavy description of everything RNG, encryption, probability, etc. And that book is approaching 30-something years old and was never designed to cover hostile intent. It's currently holding up my coffee table, because it's thicker than my phone is wide.

5
0

Forums

Biting the hand that feeds IT © 1998–2018