* Posts by Alan Brown

15029 publicly visible posts • joined 8 Feb 2008

Did last night's US presidential debate Wi-Fi rip-off break the law?

Alan Brown Silver badge

Re: Mr

"You, however, may experience interference including being removed from the premises. That's not considered "harmful interference" by any definition that the FCC has been known to use."

Wandering around with a "wifi detector" is likely to end up being classed as "technical means"

Alan Brown Silver badge

Re: Mr

"What grants the venue owner the sole arbiter of who gets to use the unlicensed spectrum in that area?"

Nothing, as it's not the venue owner's to arbite.

This will get interesting but in the longer term expect that outfits which want to hold you to ransom over connectivity will shield their premises. That way they can block 4G access too.

Crims set up fake companies to hoard and sell IPv4 addresses

Alan Brown Silver badge

"Do ISP IPv6 implementations support NAT?"

Unequivocally: NO.

You don't need NAT with IPv6. It (and dynamic address allocations) is a kludge that was hacked up for IPv4.

Alan Brown Silver badge

"ARIN could identify the 'dark' IP ranges themselves and allocate them legitimately "

No, ARIN can't. It doesn't own them. Jon Postel handed them out and he's dead, so unless you're a medium it's hard to unilaterally cancel the allocation.

ARIN only owns the ranges it inherited when it was setup. Everything else (which is the first 64 class A ranges at least) it can only take if freely given.

US govt pleads: What's it gonna take to get you people using IPv6?

Alan Brown Silver badge

Re: It's been too long

"Yet IPv6 essentially eliminates NAT, which is the #1 Internet security device in use today"

NAT == "security by obscurity"

Decent firewalling rules aren't hard. NAT protects devices behind the router by good fortune rather than good design (and uPNP blows that all apart anyway)

Alan Brown Silver badge

Re: I'd move to it in a heart beat

"I ended up getting my IPs removed from 105 different blacklists over that time, and most of them were awesome people, some were actively hostile"

That was predicted when the early ones got stomped on by spam-friendly ISPs.

The flipside is that the more hostile ones aren't used much and you're probably better off worrying about the tens of thousands of privately operated blacklists running on individual mailservers which you'll never get out of.

You could resort to taking legal action against your ISP for supplying IP addresses which were unfit for purpose due to past customer misuse. Or you could take the easier option and take your business elsewhere, instead of staying with a spam-friendly ISP (which is one of the goals of a lot of the blacklists. Hurting spam-supporters economically is the only way to make a point)

Alan Brown Silver badge

Re: Heres a suggestion

"How about forcing ISP's to issue them.."

At some threshold point, Ofcom have a plan to forbid ISPs without IPv6 from selling their service as "Internet" (That was their response to a complaint that not selling IPv6 isn't full Internet, therefore misleading)

They won't say what the threshold is.

Perhaps it's time to start lobbying Ofcom and the ASA.

Alan Brown Silver badge

Re: we are forced to have ipv6 internally so we have it 'on'

"I tend to be more specific and just block the ports I don't EVAR want accessed, like internal network sshd ports, Samba, X11, VNC, and anything "listening" on a windows box."

It's important to block traffic OUT from your network too.

Boxes which don't need external access shouldn't be given access to it. In particular webservers (which should be treated as disposable) shouldn't be allowed to initiate connections to virtually anything on the outside world. That way when they get compromised they can't be used as staging posts to attacks elsewhere.

Alan Brown Silver badge

Re: Article needs puppy dog face

"I'm assuming that wasn't the case in the US"

Yes and no. The USA has legislated local monopolies. It's supposedly open to competition, but the major telcos got monopoly concessions from the state PUCs in exchange for promises to invest in infrastructure.

The investments never actually happened, but when the telcos went back to get more concessions (such as baby Bells remerging) in exchange for more investment, the PUCs didn't ask any questions. The end result is that the investment never happened and AT&T (Ma Bell) has been reassembled into 2 pieces (to avoid any antitrust action) and is no longer subject to the "universal service" obligations from its 1935 antitrust settlement.

This is known as the "ten trillion dollar swindle".

Alan Brown Silver badge

Re: Article needs puppy dog face

"generally you find that your ISP choices are a either a crappy expensive ISP or a half-arsed, very expensive ISP. "

That's the Free Market(*) for you.

(*) Where the major players are free to pay the PUC to ensure they're the only company in the market.

Alan Brown Silver badge

"Because backwards compatibility is such a success."

In the case of IPv6, you CAN'T make it backwards compatible.

The actual TCP/IP side is pretty much the same (16bit port addressing), but no v4 device can talk to a v6 one without some form of NAT entering the game and the sheer numbers make it impractical. (FWIW tunnelbrokers usually embed the public IPv4 address as the first part of the IPv6 anyway)

Alan Brown Silver badge

"Much better to have it supercharged.

(yes yes there are ways to mitigate turbo lag, but never mind that)"

Ever seen a turbo supercharger with a one-way clutch to allow mechanical drive at low throttle settings? (No, not a twincharger, this is a single unit driven both mechanically AND by exhaust gas). They were and are a "thing" on 2-stroke railway locomotives.

Back on topic, what we need is IPvInfinittyAndBeyond. :)

Alan Brown Silver badge

Re: the Register ... no IPv6

"there are loads of applications merrily passing host addresses around as 32-bit integers that cannot as they stand deal with IPv6."

A bunch of them happen to be P2P filesharing protocols. The main reason given for not bothering is "no need, noone uses IPv6"

Alan Brown Silver badge

Re: the Register ... no IPv6

"I can’t go IP6 because my Internet Provider hasn’t heard of it. Yet."

My ISP hasn't but I still have IPv6. He.net offer a free tunnelbroking service.

Alan Brown Silver badge

Re: Pot / Kettle

"eventually your provider will start doing NAT and your own router won't even have a public IP address unless you pay a premium"

It's been like that for years in SE Asia and sometimes multiple layers of NAT before the enduser gets a connection.

On the other hand it's frequently impossible to get IPv6 from the ISPs

Wi-Fi baby heart monitor may have the worst IoT security of 2016

Alan Brown Silver badge

"regardless of any large-type disclaimer of responsibility."

Such disclaimers tend to fall foul of the unfair contracts laws that exist in the EU - something else that Teresa's acolytes want to remove.

Coders crack Oculus DRM in 24 hours, open door to mass piracy

Alan Brown Silver badge

Re: Why would they?

"Oculus is being bolted down so it cannot be used for porn."

I'll be returning the groinal attachment then, Kryten.

Oracle DB admins urged to swap their gas guzzler for an electric car

Alan Brown Silver badge

Re: It's a brand problem not a technical problem

"2. Postgres is a stupid name"

Only if you're a young whipper-snapper who doesn't remember ingres.

When postgres was created, Oracle was a small also-ran in the business.

Alan Brown Silver badge

"Much the same is true of the small DB vendors, OK for some light & nippy apps, but not to run a huge company."

This is particularly true of MySQL...

Alan Brown Silver badge

Re: Oracle's databases don't pollute

There are a couple of PG wrappers to provide Oracle compatibility. Orafce and EnterpriseDB spring to mind

I feel your pain on risk aversion. It's often easier to simply go ahead and build a demonstrator than to try and argue that case.

BT will HATE us for this one weird 5G trick

Alan Brown Silver badge

Re: Sodium Lights

"As a cyclist in Birmingham, all I really want is for the council to fix the sodding pot holes: serving round them puts me in the way of things and they're easily big enough to have me off my bike"

A few substantial damages/injury claims tend to make councils revise their liabilities. One Yorkshire council ended up paying out in excess of £30k to a cyclist who broke his arm and unsurprisingly the roads there are now very good.

Vodafone UK blocks bulk nuisance calls. Hurrah!

Alan Brown Silver badge

Re: Nuisance calls are a plague

> "!ve set the answering machine to automatically answer all calls on two rings saying "Hello, all calls are screened for nuisance callers....."

> ... Most telephone sales people hang up as soon as they hear the answering machine

Most autodiallers will determine it's an answering machine (humans say "hello" or other greeting, then wait), so the odds are pretty good that the telesales dweebs never heard your message.

If you'd like to waste their time a little, make the start of the message sound like a human answering and leave the message part 10-15 seconds into the call.

The interesting thing (for me) is that when I moved away from BT to TT, I dumped the old number, made sure it was ex-directory and registered it with TPS. It only started getting calls after Experian got hold of it and started selling it.

Because TT wouldn't change the number because of nusiance calls, I dumped _that_ number when I changed provider again (people do it on mobiles. i don't see why we get so attached to landline numbers) and did the same again. I _also_ picked up a 070 number for £12/year (the last 5 digits spell FUCK-U as a clue to anyone with half a brain) and give that to businesses or anyone else untrustworthy.

If they want to pay £1.50 to call me then they're welcome to do so (I don't get any revenue and when I explained to the telco why I wanted them to charge the max rate anyway, they went along with it) So far that number's had a few sales calls. I had one guy talking for 15 minutes before letting slip how much the call was costing him..... <mwa ha haaaa>

Smell burning? Samsung’s 'Death Note 7' could still cause a contagion

Alan Brown Silver badge

Re: Disagree with general consensus here...

"Seriously, I really don't understand it."

The lifespan of a LiIon battery in these things is about a year. Being able to change it out is advantageous

Intel is shipping an ARM-based FPGA. Repeat, Intel is shipping an ARM-based FPGA

Alan Brown Silver badge

Re: offload the StrongARM/XScale division

"Though I don't think they gave up ARM licence and I think they did keep at least one communications controller with an ARM core."

The management engine in Intel vPRO boards is ARM. They've used it for decades in controllers but that's all they've used it in.... up to now.

Hungarian bug-hunters spot 130,000 vulnerable Avtech vid systems on Shodan

Alan Brown Silver badge

"shouldn't we stop calling them "closed circuit" cameras"

Much of the world has called this stuff "surveillance cameras" or "video survellance" for decades.

"CCTV" is a particularly british term.

When I was a nipper one SF story I read had a world full of cameras where covert survellance _wasn't_ the issue, because every publicly placed camera was required to be publicly accessable. The scenario was that if you were wondering if the streets ahead were safe you could dial up the cameras along the way to see who was hanging around nearby.

It's going to be interesting to see how Avtech handle this. Judging by what I can see on Aliexpress there are a lot more knock-off devices on the market than genuine ones.

Sckipio touts fibre-like symmetrical G.fast kit

Alan Brown Silver badge

Re: Pitfalls of G.fast

"Can't they just stick a fuse in the master socket?"

Fuses are ONLY there for fire protection. By the time they blow the electronics is already toast - and the amount of current it takes to kill someone is so low that even the smallest fuses would remain intact.

Alan Brown Silver badge

Re: Pitfalls of G.fast

"It's not a cheap alternative to real Fibre"

It's not cheap at all.

The advantage from BT's point of view is that they can charge you 250% of the cost of the terminating equipment upfront and still get to keep it. if they run fibre there's a much longer payback period.

The flipside is that most copper in the Uk is so rotten that they'll need to run new stuff anyway. At that point it makes long-term sense to run fibre, but BT is so pathologically hidebound that they'll insist on running copper anyway even if it costs several times as much to do so.

Majority of underage sexting suspects turn out to be underage too

Alan Brown Silver badge

Re: So now if Mr Saville [deceased]

"Take teen pregnancy, for example, what do the graphs show? "

It's lower than it's ever been in history. Bear in mind that 150 years ago kids used to get married at 13(*) and accurate reporting has really only existed since the 1960s

(*) Yes, really and 11-13 was the common age for losing one's virginity unless you were upper class.

. When the UK introduced consent laws, 16 was rather arbitrarily chosen - and not on maturity grounds (people arguing for that were shooting for 21). It was set to try and stem trade in child prostitution.

Alan Brown Silver badge

Re: So now if Mr Saville

"Even the Barclays advert showing how they regretted the online name they chose when younger should make it clear, you chose wrong and will be punished for it."

'tis better to have a stupid online name as a kid, which you can change later than post in your own one and have it linked to your adult profile forevermore.

Alan Brown Silver badge

Re: If the law isn't enforced, it shouldn't exist

"As it stands, guidelines or not, it is possible for a 15-year-old to be imprisoned for having pictures of their 15-year-old girlfriend, obtained with their consent. They have committed a crime. Just because the guidelines state they shouldn't be prosecuted for it doesn't mean that they never will."

I can think of exactly such a case from when I were a lad and reading court transcripts in the local paper for part of my homework.

A 15yo boy was in court on charges of underage sex with his 15yo gf.

The judge, courts and police didn't want to deal with it, but the girl's father had taken legal action to _force_ the criminal case to go ahead.

The boy was convicted, discharged and given absolute name suppression. The judge did NOT have kind words to say about the girl's father or the stupidity of a law which allowed such a case to proceed when it was not in the interests of natural justice.

One-quarter of UK police websites lack a secure connection

Alan Brown Silver badge

Re: Large quality variations

It's not just police with this problem.

There are as many fire services and school departments, with wildly varying degrees of funding and managment ability

Which leads to wildly varying degrees of quality on a county-by-county basis.

The idea of regionalising/nationalising these is nice, but the problem is that it's extremely likely that those who end up running the show will be the incompetent trough-snufflers rather than the ones with decent ability.

Alan Brown Silver badge

All the https in the world won't help

Https is just a transport layer.

The website itself needs to be securely setup and the vast majority are trivially subvertable.

The problem with pointing _that_ out is that you end up ruffling the feathers of some self-declared expert who in this case has the power to give you a bad day, instead of being forced to fix it.

Roboats hunt 'mines' and 'submarines' on Ex Unmanned Warrior

Alan Brown Silver badge

Re: "The bad guys will have 1000's of automated sub killers"

"North Korea ain't gonna be automating anything any time soon"

Be that as it may, North Korea has demonstrated its ability to sink ships and submarines.

The problem with high tech anything is that the means to take it down is quite frequently low tech and low cost.

The winning formula for high tech _must_ be low enough cost to allow it to be cheaply deployed, or you have yet more F35s.

Don't panic, but a 'computer error' cut the brakes on a San Francisco bus this week

Alan Brown Silver badge

"Yet more accidents keep occurring,"

And that word - "accident" is half the problem.

If it was predictable, it wasn't an accident, it was inevitable and the only question was "when".

With modern safety systems in place there are very few wrecks/crashes/etc that are actually attributable to mechanical or electronic failures - and when they are we seldom allow such failings to remain unremediated.

As with industrial "accidents" where operators are found to have bypassed safety interlocks or procedures for speed, many of the rail industry's problems have similar causes. Similar observations apply for road crashes. The screamingly vast majority are caused by multiple levels of operator error on multiple parts.

The aviation industry noticed this decades ago and that's why human factors is a mandatory study subject for pilots. All the safety precautions in the world are no use if the monkey in control decides they're too much nuisance and deliberately breaks them - and that's why the safest course of all is to eliminate the monkey whenever possible.

Alan Brown Silver badge

Re: Whaaat?

"The general power for systems is supplied by batteries, charged by wheel generators that only work when the vehicle is moving. "

Wellington's ones had a small motor-generator onboard for charging the batteries (old electromechanical systems means it was easier to use a small 400V motor to drive a generator and keep them charged that way.)

They also had a small onboard diesel generator (about 5kW) which was there specifically to allow the bus to be pulled to the side of the road if the power went out so it wouldn't obstruct traffic. (I only ever experienced this being used twice in the time I lived there)

Most importantly of all, they had a button beside the driver marked "emergency power cut off", which did exactly what it said. It would be "unusual" if it was absent on a Muni trolleybus or any other kind of heavy electric traction vehicle.

Without knowing the full investigation and noting the statements about thyristors, my pick is that the brakes worked but the motors weren't cut off (or possibly went to full power even before he hit the brakes), so the bus didn't stop in the distance the driver was expecting to and he didn't hit the emergency shutoff quickly enough to recover in the remaining space (or at all).

The "traction motor overspeed condition" is a good indicator it went to full power. The report states that there's an emergency power off as well as a "poles down" switch and a couple of other options.

It doesn't take much of a shunt to hurt people if they're not strapped in and anyone who's not driven a EV shouldn't underestimate their acceleration (I was surprised even in a Leaf, They get off the line and up to 30mph faster than any muscle car), so a "failure to full power" at switchon in the morning might easily result in the bus lurching forward and hitting the one parked in front of it at enough speed to hurt the driver.

Alan Brown Silver badge

> I believe the air brakes operate on positive pressure to disengage

Correct and I can tell you from experience that one of the more amusing ways to annoy a trucker is to discharge his air tank. It takes quite a while to be refilled (whilst the engine's running to drive the teeny pump that does it) before he can drive off.

Alan Brown Silver badge

Re: Whaaat?

"including electric busses that use overhead wires to get power."

aka "trolley bus" - which is what was specifically mentioned in the story.

Electric motors have substantial torque and having the controllers fail to switch out drive current when the brakes are operated (or accelerator lifted) is going to result in the vehicle taking a _lot_ longer to slow down than normal even with full braking applied.

Good luck in the average driver thinking about other available methods of turning off the juice when this happens. Even someone with some instruction is going to have a moment's panic before they react (A relative drove trolleybusses in Wellington, NZ in the 1980s. Even those old electromechanical control systems would fail in interesting ways from time to time)

The story says only the driver was injured. Did this happen in the marshalling yard/bus garage?

Robots blamed for wiping 10 per cent off the value of sterling

Alan Brown Silver badge

"My company imports - though it seems not for much longer. When we stop importing that will have consequences for those who export to us."

Losing the UK is a tiny drop in the market.

And my experience with UK-based companies which set themselves up as EMEA agencies is that they rip the hell out of everyone in the entire EU (EG: serverlifts - $13k in the USA and £15k here) whilst their dutch/german counterparts have more reasonable markup policies. I think it will be very good for a lot of companies if they have to find new EMEA partners outside the UK and even better for UK customers if the UK ones lose that agency status entirely.

Alan Brown Silver badge

Re: We have got our country back!

"every time the £ drops and foreigners go on a stock buying frenzy..."

At some point someone will buy up Sunderland and revive the tradition of land clearance.

Alan Brown Silver badge

"The Tory party conference has given the currency markets plenty to worry about: "

Exactly that, and currencies are only worth what the market confidence in them is. It didn't matter that the new Roman coins had more silver in them around 440AD than previous issues. People took one look at them, then at the old ones and within 18 months roman currency was valueless as no-one would accept it.

Flash crashes happen because people game algorithms to try and gain an advantage (the algorithms are in turn setup by people who might be good at statistical analysis, but they don't know all the inputs, and the people using the algorithms know just enough about them to clock-n'drool), OR because something is genuinely overvalued and once the bubble starts to burst the automated activity rapidly drives the trade values back down to "actual" levels.

After WW2, "British made" became a codeword for "shonky designs-by-committee using the cheapest possible supplies regardless of quality and put together by badly treated workforces using century old production tools" (literally that old in many cases) - the epitome of this being British Leyland. That's why people of the "empire" stopped 'buying british' unless forced to by their governments. Even though the quality has changed, memories are very long - as GM found when it tried to resurrect the Vauxhall brand in Australia/New Zealand.

The only thing that's been keeping the value of the pound high over the last 4 decades is the financial services industry. When that industry lost confidence in its home base - it has, and all the orgs are already moving their bases out of the UK - the pound lost a vital support base. Its remaining value comes from exports by its manufacturers - who mostly happen to be the car industry and also spooked into moving out. Commissar May could stand up tomorrow and say that Brexit is cancelled but it's already too late.

But never mind. At least we got that £350million to spend on the NHS, didn't we?

Ofcom finds 'reasonable grounds' that KCOM failed to maintain 999 services

Alan Brown Silver badge

Re: 112?

"The pan-European emergency number"

It's also the hardcoded emergency number in all GSM phones.

You're fired (into space)! Trump tops Martian ejaculation poll

Alan Brown Silver badge

Re: that 546km trip

If you saved some weight by not including life support (or enough fuel to circularise the orbit) you could launch them all and have a nice lightshow afterwards.

Crooks and kids (not scary spies paid by govt overlords) are behind most breaches

Alan Brown Silver badge

Re: Targeting

"If you collect enough account details then you are in a position to paint a good picture of individual users"

This is exactly why Bletchley Park kept everything - and the intelligence they deduced from this stuff was often more useful than directly decoded strategic commands (much of the more sensitive stuff wasn't able to be intercepted because it was on landlines or face-to-face meetings, but could be deduced from intercepts showing ABC person ordered to XYZ site, based on known past activity, locations and affiliations)

That's why this kind of activity is still done, but it's worrying on several levels that intelligence agencies are hoovering up every possible bit of information about everyone they can, "just in case", instead of concentrating on known problems and the circles they move in.

Alan Brown Silver badge

Re: If it was about paying

"Problems in IT security don't happen because of a lack of money, but because people decide to do incredibly stupid things."

Actually they DO happen because of a lack of money.

The discussion usually goes along the lines of management asking how much it will cost and what's the benefit - then deciding they won't fund it.

When the benefit is described as "you don't get to go to jail if we get hacked" they tend to perk up their ears a bit. Keep the interest personal and companies will do the right thing (and if you're ever refused permission to do somehting critical on cost or other grounds, keep the email and reasoning behind it in a safe place where it can't be deleted/removed. It's called covering your arse. Bear in mind that management like this are sociopaths who will happily throw you under a bus to save their own skin.)

A long time ago in a different country, laws were passed which made management personally culpable for certain activities in addition to criminalising them. The day after, the CEO of the company I worked for circulated a memo which started "Because I have no desire to go to jail because of the actions of an employee, these activities are utterly prohibited..."

Breaking compression, one year at a time

Alan Brown Silver badge

refresh cycles

"but when pressed most will admit that refreshes of that nature are exceptionally rare."

However when it comes to storage and related stuff, once it gets to 5 years, support contracts get ruinously expensive (eg: £10k/year for our tape library vs £1500/year for years 1-5)

This has resulted in a whole industry springing up soley dedicated to providing support for 5-10year old kit and that's proving quite profitable.

Police raid India call centre, detain 500 in fraud probe

Alan Brown Silver badge

Re: This has almost become a contest in my house

> For future reference I'm going to ask my Indian coworker how to say "fuck you".

A far better insult in Hindi translates to "I hope you have many children - all of them girls"

Alan Brown Silver badge

Re: Mainly the guilty-minded were scammed?

"Most people would smell a rat as soon as someone told them to pay money that they had no reason to believe they owed. "

In this particular case the scammers were working a published list of IRS defaulters, so yes they DID owe money

It's much easier to scam someone if they're already semi-expecting a call.

Alan Brown Silver badge

Re: bad

"I said that was OK by me and hung up."

It's a pity you didn't keep her on the line and wind her up a little. These scammers tend to be rather short fused (which is entertaining) and it stops them bothering other people (which reduces their productivity)

Alan Brown Silver badge

Re: Bah!

"but has solid (ie arsebook says) evidence the World Trade Towers were sabotaged from inside."

If you know how the buildings were designed the amazing thing is that they stood for so long after the impacts.

The design goal was for them to collapse pretty much immediately if hit by a fully fuelled 707 taking off from one of the nearby airports(*) but confine the collapse within the tower structure (pancaking, not toppling.). Burning jet fuel didn't even enter the architects' minds - the structure's fireproofing was intended for conventional fires.

(*) The Empire State Building was hit by a B29 in heavy fog, so there was precedent for this concern.

That said: There was a 9/11 conspiracy alright but it didn't start until _after_ the events. These kinds of conspiracies are aimed at covering up how badly things were handled so that people in high places can keep their jobs.

Alan Brown Silver badge

"They were told the toll would end when the bridge was paid for in the 70's and to this day are still paying tolls for that fucking bridge."

No need to go to Cleveland. The Dartford crossing is the exact same scenario.