Posts by Alan Brown

"The flight was tracked "live" by 2 transponders which were deliberately turned off."

Turning everything off is SOP in the event of a fire that you can't trace, then turn things back on one at a time until you do.

"There was no mayday, no reported malfunction."

Aviate, navigate, communicate.

"The plane did not hit the ocean, the debris field would have been massive and identifiable chunks of the flight would have washed up on beeches around the world. Everything on a plane is designed to float."

By the time anyone thought to look in the Indian ocean any debris field would have dispersed. Most things sink and when Swissair 111 went down off St Johns there wasn't much left larger than 10cm across. Would you recognise a 1cm lump of seat foam for part of an aircraft?

No matter how much people WANT this to be a conspiracy theory the reality is that the number of people needing to be involved across the number of governments needing to be involved would make keeping it secret virtually impossible. Sooner or later someone would blab.

Re: The saddest thing

"there were some very shady people on board that flight"

There are shady people on most flights. Put 300 in a single tin sausage and one or 2 will turn out to be.

I still subscribe to the theory that the pilots turned back due to some major problem such as a fire (it made a beeline for the longest runway in the area) but were overcome by smoke not long after that, before they could restore avionics power and make a call (or the avionics was burnt out). Cockpit and cabin oxygen only lasts a few minutes at most and if the cockpit oxygen system caught fire (it's happened on the ground) then it's game over.

MAS was in incredibly bad shape at the time and had a series of safety incidents on aircraft in the months leading up to the disaster and some extremely serious safety shit go down in the heavy maintenance area (major fire caused by a cigarette in a bin in a no-smoking area which destroyed a hell of a lot of documentation)

Most crash investigations find a long chain of events which culminate in the crash. I think this was just one of those perfect storm scenarios.

Re: 30 second ipv4 redesign?

"IPv6 address space is stupidly large"

The idea being that having to do it again will be a very long time in the future.

When IPv4 was created., 4 billion addresses was stupidly large space for the few hundred (possibly a few thousand) machines on the 'net and clearly not enough if the net went large (noone was sure how large it'd grow, or if it'd grow at all) - but that didn't matter as it was a hacky kludge only intended to last 4-6 years until the "real" internet protocol was finalised (which would have been IPv5). Original allocations were /8s and it was only when it became clear that IPv4 would have to stick around longer than expected that it downshifted to /16s

What happened to IPv5? It's still around. We know it as IPX (Internet protocol exchange), but it was impossible to route efficiently with it, so nobody bothered adopting it.

Re: 30 second ipv4 redesign?

" I've spent no more than 30 seconds thinking about that so sorry if I'm oversimplifying it."

You are.

With ipv6 overland on ipv4, you'd have the situation of IPv6 hosts being able to send packets to IPv4 hosts but a very slim chance of IPv4 hosts being able to return them without some kind of translation in the middle.

There has to be a gateway (or gateways) somewhere, which means you may as well just make it dual stack, transition to IPv6 and then discard IPv4

There's more IPv6 traffic now than there was IPv4 a decade ago and the majority of the traffic in/out of my home network is now IPv6. We're pretty much at tipping point and all those valuable IPv4 addresses will be useless eventually.

"UN has pretty much been crippled by politics and made meaningless for a long time."

I prefer that country reps bang gavels with their shoes and rave on endlessly in a debating chamber than get into shooting wars with each other over a perceived insult over aunt esmerelda's waist size.

At that (as with the EU), the UN has been a qualified success - yes there are still conflicts but the number of them is lower and they tend to be resolved quicker than in centuries gone by.

Re: Mapping plan

"You may have missed the bit about developing countries..."

I didn't, and experience in actually being in places like outer bumfuckistan shows that the telcos have just as new shiny shiny kit as anyone else.

The developing countries are actually the perfect fit for large scale deployment of IPv6, but there's more money to be made selling them huge CGNAT systems and management defer to furren conslutants with shiny websites instead of actual engineers.

Re: "How will any other network make money without charging the end user?"

"Used to be the case that WhatsApp did something similar."

And if FB hadn't hoovered the up, they would have croaked within 12 months of that point.

Re: Being honest about data-collection isn't an option anymore is it ?

"So whilst I agree that the US attack on the company was completely unreasonable so is Kaspersky's stealth policy on total activations as a way to collect personal information."

If they don't have a EU office (and therefore EU regulators to whap them for this), then surely at that point you can invoke "unfit for the purpose that it was sold for" and go for a refund from the retailer?

Enough of those and Kaspersky will wish it was only the regulator spanking them.

Re: Being honest about data-collection isn't an option anymore is it ?

Unlike EU banks holding USA bank accounts being susceptable to large fines, USA entities holding any data about EU individuals _or preventing them from checking up on what data is held_ are susceptable for fines.

Unless the ChiTrib and friends have wholesale dumped all their EU data then blocking access at this point is an admission they've been breaching the law and they're now preventing EU citizens exercising their rights to verify data and demand deletion. (Hint: they haven't)

Re: Being honest about data-collection isn't an option anymore is it ?

"I have sent many delete requests to many recruitment agencies who have absolutely no reason to hold my data."

They've had 2 years to delete it. At what point will the small claims tsunami against offenders start?

Re: Being honest about data-collection isn't an option anymore is it ?

"only to send out their GDPR email and receive a flurry of unsubscribe requests instead."

If they don't have your explicit consent already, then you don't NEED to send an unsubscribe.

This makes law what was ASA policy anyway - and the reason it's been made law is because industry self-regulation (and the ASA as self-proclaimed "regulator") has utterly failed.

Re: deliberate attempt at irony

not exactly the first time this has happened.

However, this time around - given the GDPR and the content of the website - perhaps the takedown should come from the ICO (yeah right)

Re: probably be replaced by something else

"it was USA arrogance that DNS, IP assignments and Domain registration wasn't ITU from the beginning. "

Huh?

The ITU didn't _want_ to be involved in any of this stuff until relatively recently.

In any case, ICANN has exactly as much power as people choose to give it. There have been alternative DNS systems and roots setup but they've all fallen over - largely due to ICANN being the monopoly, but secondarily due to ICANN playing 9000 pound gorilla and deliberately rolling out TLDs which conflicted with those of the alternates (they could and should have been charged with anti-competitive behaviour over that one and the decision to do it was _very_ deliberate)

Re: Merica f*ck yeah

"The defendants might well point it out to the courts and the court would then note it in the judgement."

Yup - and from that point forward, even if ICANN tried to bring cases in non-GDPR jurisdictions they'd fail.

You're absolutely right that contracts can't trump law and that would be the first plank of any defence, however pointing out that ICANN haven't historically been bothered about enforcing accuracy makes a mockery of their demands now - and that's a pretty good supporting plank.

Re: ICANN not understand how you wrote this article !!!???

"BBC are reporting on ICANN and their problems with an article that completely misses the issues and frames them as the victims !!!!"

That looks like a lightly regurgitated press release, not actual journalism.

Re: Should result in summary judgement...

"If ICANN are pressing ahead with this challenge then one of two things has happened."

Past experience of dealing with the people involved is that they make up facts to suit themselves as they go along and don't take kindly to 3rd parties showing evidence that they were saying the exact opposite some months back (or made the exact statements they denied knowledge of, etc)

Trump may be a sociopathic delusional con artist but the reason he's managed to get to that position is that this kind of personality has managed to find itself in charge of increasingly large tracts of business during the last 40 years.

I wouldn't be at all surprised if their plan is to bring up the Chewbacca defense.

Re: Should result in summary judgement...

"if I apply to a bank for credit they can acquire, store and retain data necessary for the provision of that credit. If that bank has a separate contract with an advertiser to provide email addresses of anyone applying for credit then the necessity exception doesn't apply there."

Which is what Experian and friends have been hoping you wouldn't notice for a long time.

Up until GDPR the only way to stop them selling your data to advertisers was an explicit DPA section 11 notice and they used all kinds of scare tactics to dissuade those including "this may affect your credit rating" (which they also used to frighten people into not being on the closed electoral register)

These "credit rating agencies" actually make more money selling your data to marketers than they do from their supposed core business, so it's going to be interesting to see how many prosecutions result from GDPR breaches as they scramble to make up lost income by ignoring the laws.

Re: Merica f*ck yeah

" Publishing it without explicit opt in permission isn't."

ITYM Publishing personal data

A lot of registrations use role accounts and those aren't personal data.

The problem is that domain registrations (and WHOIS) requires actual legally serviceable registrant addresses (ie, ones that can be served with legal paperwork in the event of shit hitting fan) and the tech contacts are supposed to be there to ensure that someone can be contacted to try and shut the mess down if something goes nuts.

ICANN hasn't been adequately enforcing accuracy requirements for 15-20 years (meaning that scammers have registered bogus addresses for kid porn domains that have had the wrong doors kicked in, etc etc) and scammers have spammed the living hell out of published email addresses, rendering the tech addresses useless/encouraging people to obfuscate or remove contact details.

At this point, trying to argue that collecting the data is necessary falls flat on its face over the kerbstone of historic indifference to its accuracy and I'm fairly sure that german courts will point that out.

Harder lines taken against network abuse and prioritising that over gross revenue maximisation would have prevented a lot of the issues that's got ICANN in court today. As it is, IMHO their actions have pretty much ensured that they won't prevail. (IANAL, YMMV, HAND)

Re: Hmm

"unless credible proof to the contrary exists not a single one of them ever happened"

Look up "apocryphal" - there's a reason I used that word.

That said, I've been a passenger in cars where the driver is clearly _NOT_ paying attention to the road ahead whilst on cruise control (rummaging around on the back seat, etc) and that was well before the advent of collision avoidance systems. On one occasion I needed to grab the wheel to prevent the car crashing off the road because the driver had apparently drifted off to sleep.

The reason stories like the Winnebago are believeable is because there really are people like that and everyone knows at least one person who would do it.

Re: Hmm

"To add to the already extensive research done on aircraft pilot"

Studying human factors has done more to reduce aircraft crash rates since the early 1970s than all other changes combined. It's one of the reasons why most airlines no longer directly recruit ex-military pilots (wrong mindset for safe bus driving - a military pilot will push on regardless in marginal conditions instead of diverting. There might be a 90% success rate when doing so, but that 10% is a bitch - and there are far too many cases of "hero pilot abilities saved the day" when "hero pilot's" lack of judgement and fixation on target was directly responsible for putting the flight in danger in the first place.)

Google is absolutely right to be studying human factors and the NTSB's crash studies always find a chain of events. Human factors start right back at the level of road design/layout and ensuring that markings are done sensibly.

The problem is that the vast majority of "road engineers" have no actual training in road safety other than the mechanical stuff and a huge number of "no brainer" assumptions(*) about what's safe or not safe result in decisions being made which actually make roads _less_ safe.

In particular there's a major tendency to look at XYZ "problem" on a road and not realise that it's a symptom of a larger problem. You see this in towns, where panic about people being able to cross the road safely results in extra pedestrian crossings, lights, parking restrictions and fencing being installed, which perversely have the opposite result to what's intended(**). The REAL problem is usually "why is there so much traffic on _this_ road, why is it travelling so fast and why aren't drivers paying attention to conditions?" and the proper answers are usually "Find a better route for that traffic/encourage use of XYZ existing better route and/or slow it down dramatically along with making sure drivers are paying attention to surroundings instead of focussing on the traffic light ahead"

(*) Assumption is the mother of all fuck ups.

(**) to wit:

Crossings usually result in slightly higher levels of car vs pedestrian incidents and they cluster around the crossings.

Fences, parking restrictions, lights, etc _ALL_ result in traffic going faster and drivers getting tunnel vision (ie, paying LESS attention to what's on the footpath, etc) - and fences are particularly lethal if a cyclist/motorcyclist/pedestrian is pinned between it and a car - which usually results in victim blaming by people who think that fences are there for safety (they're not, they're there to guide pedestrians to a "safer" crossing point and if they're being jumped or bypassed, or a documented hazard to other road users they must be removed immediately - almost all of the 2000-2016 "HGV vs bike" deaths in London were a direct result of cyclists being crushed against fencing as an example, vs being able to fall/escape onto the footpath when the HGV turned across their path.)

Re: Hmm

"expecting the driver to look up from their phone"

What part of "the driver isn't supposed to be looking at their fucking phone in the first place" isn't sinking in?

I'm quite glad that the UK prosecuted a Tesla owner for dangerous driving. He wasn't "in control" of his vehicle and the passenger in an adjacent car was correct to film the antics.

In the UK the problem with people doing "other things" whilst driving is bad enough that are dedicated motorway/highway patrols which specifically look into cabins to find that kind of dangerous activity - and the problem isn't new - it existed long before the rise of computer-augmented driving aids and thankfully the incidence of this kind of sociopathic behaviour doesn't seem to be rising.

When I was much younger, court reports used to regularly feature judgements requiring that driving offenders resit their license tests for offences that didn't result in actual bans - particularly for older (as in more than 10 years licensed) drivers. Perhaps this should be a more common occurrence.

Re: Drugs

"There are pedestrians and jaywalkers everywhere"

In other words it's just like a normal road in most parts of the world.

"Jaywalking" is a uniquely american concept, from a universe where a century of lobbying by GM and friends has resulted in a situation where cars have been legislated to have more rights on the road than people and pedestrians are legally only allowed to cross at designated points, when signalled to do so.

It's programming assumptions derived from those road rules (UBER!) that result in pedestrians crossing the road being run over by mechanised killing machines - but the same laws also result in USA drivers running over pedestrians at an alarming rate and frequently treating any on the road as "targets"

Re: @Corporate scum - I think your on the right track

"Here in Canada you have several months when road markings are indistinguishable and we still don't hit firetrucks or police cars."

That's because you have training in such driving conditions.

It's extremely likely that the kinds of people who let their automated car drive into a parked car would probably be playing road pinball if exposed to them and forced to drive manually.

Re: Hmm - Autopilot

"I ride a motorcycle, and a self driving Tesla of this generation is probably less likely to kill me than it's owner. "

This, in spades. In the wake of Joshua Brown's death the USA's NTSB stated that according to their stats Teslas are 40% less likely to be involved in a crash vs any comparable vehicle. The system isn't perfect by a long shot, but it's clearly already better than a lot of human drivers.

'Speed humps are put on our roads primarily to try and prevent children walking to school from being killed by vehicles containing those being driven to school'

Re: Hmm

"Ford had the good sense not to give the impression that these things make the car self-driving."

There's the apocryphal story of the Winnebago driver who engaged the vehicle's "autopilot" back in the 1970s on some dead straight road in Kansas and went aft to make coffee. You can guess what happened next.

The problem is partly that Tesla calls it autopilot and mostly that humans do really stupid things.

One of the more interesting thing I learned watching one of the endless "motorway cops" repeats is that when attending anything by the roadside on a motorway, it's common practice to have someone stationed on lookout at oncoming traffic, because some drivers get fixated on the flashing lights and unconciously drive directly towards them.

Re: Hmm - Autopilot

"A modern autopilot can be set to do an entire flight from takeoff to landing"

Some modern autopilots. The one on the Cessna 302 I used to fly was a "straight and level" jobbie - and it wasn't that straight, thanks to gyro precession. There are a lot like this still in service.

Re: Yellow vs Orange hi-vis

"Apparently the orange is less attractive to insects"

That's a big apparently - but it depends where you are and what the work type is.

In daylight, HiViz yellow blends into green backgrounds. This is doubleplusplus ungood if you happen to be working in an area with a lot of greenery - such as outdoors on the side of a road, or amongst trees or on a railway line (which tend to be lined by trees) - in a lot of cases you may as well be wearing camoulflage.

It also disappears on very light/white backgrounds - such as when you're up a mountain, or on a polar icecap or even when sitting on the surface of the sea. This is why SAR and polar transport aircraft are painted orange - it makes crashed ones much easier to see (and why liferafts are orange, not yellow)

On the other hand. HiViz yellow works best at night (headlights) and indoors (low light levels)

Of course if you're the PFY, any colour can be camoulflage if you want it to be.

Re: problem is not IoT, it's no "home (as in private) networks".

"Turning security over to the end user doesn't mean much if they're the LEAST competent people at the job."

They can't be any worse than the average UK ISP installer.

Re: problem is not IoT, it's no "home (as in private) networks".

"All my home devices are on a closed network and would have to, at least, go out through a proxy,"

until they open ports on the firewall using uPNP

IoT devices are being used quite successfully as DDOS vectors because home networks _don't_ firewall output traffic. If you're fingered as part of a DDoS botnet and you haven't secured your devices, what will your insurer do with your public liability insurance (hint: wilful negligence clauses)

And there's the issue that if something gets cracked on your network and commands the (unsecured) toaster to fire up, how long will it take before your house burns down - and will the insurance company payout on that?

"This steaming pile is apparently being sold and used."

Myriad experiences dealing with Japanese companies in the 1990s tells me that IOActive's report was buried by the people responsible for reporting upstream to management about such things (to save face) and steps may have been taken to obfuscate the vulnerabilities (changing the IP, or port, or attempting ti firewall out IOActive),

The same thing will happen for this report.

No actual securing would take place until there is a report on a few japanese news networks about the vulnerabilities, which will be the first inkling that Softbank's board of directors will have at _all_ of any problems with their fantastically wonderful Pepper bot, which their underlings have been reporting nothing but good things about.

At that point a large amount of fecal matter will fall upon the heads of the juniors who've been covering things up and what doesn't land on them will instead hit a few air movement devices spinning at 15,000rpm

Why does this keep happening? It's all part of The Plan: https://funnyshit.com.au/the_plan.html

Re: So what is the deal with behaviour tracking

> What they could not, for example, do is have something like "I consent you to passing my details to the card company for payment, to the delivery company for delivery and to behaviour tracking" . That would not be acceptable.

And yet this is exactly what many of them are doing.

I foresee much gnashing of teeth in the next few months.

Re: Yahoo! Did! it! All! Wrong!

"... who still operate under the default opt-in box basis on their web forms."

I brought this very subject up with the ICO a few weeks ago.

The response was that they regard this behaviour as perfectly fine - it gives you an opportunity to opt out before you click through.

I await the first legal challenge to that determination.

Re: And it's down!

" like the rest of us, they've had two years to prepare"

Yup - according to several ex-staffers I've spoken to that meant slashing salaries and cuttting staffing numbers.

The ICO has always been the UK's smoke-and-mirrors version of compliance with EU requirements. Underfunding it and restricting its powers were deliberate acts to prevent it actually being useful.

One of the more ironic results of Brexit is that the government will be _forced_ to properly fund and support the ICO in order to maintain trading relations with the EU.

Re: I think I understand why some US news sites blocked the EU

"I mean, if they don't know you are in the EU, and take active measures to block use in the EU, they can hardly be held to account for violating the GDPR!"

Actually it means that they're blocking EU data subjects' attempts to find out how much information is being held about them - which is a criminal matter. The only safe way to proceed would be to purge the marketing databases and start over.

Re: CGTrader.com

"Of course the 'Unsubcribe-URL' is broken."

They've admitted they don't have your explicit consent, therefore the only thing they can offer is a "subscribe me" function, and if that's broken they've just shot themselves in the foot if they send you anything more.

A broken unsubscribe is serious in its own way (can't remove previously given consent)

Make sure you _keep_ all those GDPR missives as they're effective admissions that the outfits in question been ignoring marketing laws and ASA rules for the last however long. The laws just got teeth and such emails are "evidence" in a court case.