nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by Number6

2137 posts • joined 10 Jun 2009

By Jove! Astroboffins spot 12 new spanking moons around Jupiter

Number6

It sounds like they need to adopt a Plutonian solution and declare that any moon smaller than a certain percentage of the largest one should be declared to be a Jovian Pet Rock and have its moon status revoked.

15
1

ICANN't get no respect: Europe throws Whois privacy plan in the trash

Number6

Re: SImples

That's sort of what has happened. Have you tried a whois query recently? The generic one gives a lot less information than it used to, and if you go to a registrar's site you get this in the notes:

IMPORTANT: Port43 will provide the ICANN-required minimum data set per

ICANN Temporary Specification, adopted 17 May 2018.

Visit https://whois.godaddy.com to look up contact data for domains

not covered by GDPR policy.

Of course, if you're happy to go to their website then all is revealed if it's not a registration covered by GDPR because they have better control over it. Hopefully they'll add California residents to the same list as those covered by GDPR.

3
0
Number6

Re: Slippery slope

I see you've been influenced by the BRexit bullshit.

The "EU bureaucrats" are no more unlecected as they are in any government.

I thought he was talking about the ICANN board. In this instance the EU are the good guys.

5
0

Google weeps as its home state of California passes its own GDPR

Number6

Re: Legitimate business interests

Although it's very much worth bearing in mind that the whole point of pushing it through was specifically to make it easier to change later, unlike a ballot version which, as the article states, would be much harder to change once passed. That should be concerning to everyone. If the politicians were really up for this type of privacy legislation, why didn't they just let it go to a ballot? Let's hope that Mactaggart & co are keeping a close eye on the legislation as written and any future modifications (which may be hidden in other bills as riders etc.) and are ready to act again.

I can see some merit in having it easily changed in case there is an issue where someone got something wrong. If the only way to fix it was another ballot initiative then fixing errors might turn out to be hard. On the whole though, I'd prefer the ballot version because it's harder to subvert as I see that as more likely than incremental improvements through the normal legislative process. I agree, I hope that they keep the ballot stuff in a safe place, ready to haul it out if someone offers the legislators enough money to change the existing version to something weaker.

1
0

No one wants new phones – it's chips that keep Samsung chugging

Number6

I had an S4, which I've just retired, but looking at the latest Samsung offerings, they're too big, cost too much and have way too much bloat on them. I went for something lower down the market, which is more than enough for what I want. I get to fill it with things I want, rather than figure out which of the pre-installed crap I can safely disable. My new phone lasts several days on a single charge, to the point where I can keep it topped up merely by having it charge on my daily commute. All at less than a third of the price of the latest flagship thousand dollar (or equivalent in local currency) phones.

I would like a dual-SIM phone though, or a way to allow two phone numbers on the same SIM with the ability to disable/mute/divert one of them during evenings and weekends.

3
0

GDPR forgive us, it's been one month since you were enforced…

Number6

Re: How difficult is it to disable slurp?

I'm not sure how I've done it but I have a browser config set up so I don't see ads on Forbes and it still lets me in. Not that I go there that often but occasionally I click on something that turns out to be one of their links.

1
0

US Supreme Court blocks internet's escape from state sales taxes

Number6

Re: Yo! Yank ... Er ....

The only way you can accurately determine the proper tax jurisdiction is by geolocation using the street address. This assumes the address used is the location of the buyer. Another wrinkle is if one buys something online while away from home, what is the taxing jurisdiction and how is it determined? Depending on how it is done, a VPN service might cause all sorts of fun (honest I was in Finland when placed the order).

The address to which the product is shipped determines the taxes. If you're a hundred feet the wrong side of a tax boundary and you've got a friendly neighbour the other side, see if they'll accept delivery of your packages.

This is where the UK VAT (admittedly with a simpler system) and South Dakota have it right - if you're under a financial limit then you don't have to pay but you can't reclaim anything either. Otherwise a retailer is going to require you to have a shipping address in their state so they can ship to that, and then it's your problem moving it from there to your home state.

Another option would be for the retailer to state at time of sale that the buyer is responsible for paying the sales tax direct to their state and that details of the transaction amount would be forwarded to the state to assist them in recovering it. That way, a small retailer could send a data dump every month or quarter to each state with all the transactions and then the state could ask people for their money. I think the California income tax forms already have a section where you can declare stuff where you should pay tax but haven't.

3
0

First A380 flown in anger to be broken up for parts

Number6

This is nonsense, according to the Boeing website the 777x has a two seat configuration capacity of 375 whereas Emirates run the A380 with a two class capacity of 615. Nowhere near comparable.

They are comparable if you figure it as passengers per engine. In fact, the 777x comes out better.

1
10
Number6

The big reason no one wants it is because the first few A380s built are less fuel-efficient than later ones, as various tweaks and improvements have occurred.

Think how many soft drink cans it'll make.

6
0

IPv6 growth is slowing and no one knows why. Let's see if El Reg can address what's going on

Number6

Re: Software

In theory it shouldn't need anything in the router apart from understanding IPv6, broadcasting the relevant magic to the local network and establishing a default route to the outside. The equivalent of the NAT 'firewall' that you get for free with IPv4 is the fact that the router firewall should be configured to drop any packets not associated with a connection set up by the local network. That stops all bad stuff coming in unless the user explicitly configures a rule. It's on a par with doing port forwarding under NAT with no other restrictions in place (so internal users can talk to any external address and port).

I find OpenWRT to be just fine for this stuff, although admittedly it's not consumer software (but that style of port-opening interface could be).

9
0
Number6

I run a few low-traffic sites and find that the bots that visit are invariably IPv4. I do get traffic from what appears to be phones on IPv6, and a sprinkling of others. Because I have IPv6 set up on the home network here, I find that it will often access the rest of the world using IPv6 if the far end offers it.

That's the other side of the coin of course, your average punter just connects his router to the cable modem (or uses a smart cable modem that does both jobs). If that magically broadcasts the IPv6 magic on the local network then most modern devices will set up and use it and said punter will be none the wiser for it. If he's got to go into a configuration menu and tick a box somewhere then all bets are off.

13
0

The Rocky Planet Picture Show: NASA Mars InSight ready for launch

Number6

Re: Return ticket?

Ask YouTube about the NASA Sample Recovery Robot Challenge. Some of us had fun trying to do phase 2 a couple of years ago. It's surprisingly difficult, although I think technology will make great leaps before they have to do it for real.

2
0
Number6

It was indeed shrouded in fog. We heard it at the official viewing site but not a glimmer of light. It was as cold as a British Bank Holiday at 4am in Lompoc.

3
0

The best outsourcers fire themselves

Number6

Re: Citation needed....

Outsourcing works well when you've got a well-defined package of work that needs doing, you haven't got internal staff available to do it and you won't need those staff once the work is done. Or it's a longer-term thing but only for a day or so a week and it's easier than trying to recruit a part-time employee to fill the gap.

Most of the horror stories are missing one of those requirements, usually the 'well-defined package of work'.

1
0

Windows 10 to force you to use Edge, even if it isn't default browser

Number6

Saved by the mail app

I'm not sure I've ever fired up the Windows mail app, so I guess it's a change I wouldn't even be aware of if not for articles such as this. I locked down Windows apps by default, restricting what they could do on the machine in an attempt to impose some level of security.

6
2

Shock poll finds £999 X too expensive for happy iPhone owners

Number6

I had a Galaxy 4, I just bought a Moto E4+ for work use and it's a step-up after four years for less money. It's also a bit too big but I'm getting used to the bulk. I don't use the fingerprint sensor, I much prefer a password even if it's a bit less convenient because it's more secure and more immune to US law enforcement. I don't know of anything on the newer Galaxy or iPhones that would tempt me to part with $1000 instead of $129.

4
0
Number6

Re: Poor decisions

My cattle class seats tend to take about a week to wear off, especially if it's long-haul.

4
0

Billionaire's Babylon beach ban battle barrels toward Supreme Court

Number6

How many people know how long a chain is though? It's a bit like an acre, a unit often used but ask people how big it is and most won't know (my answer is 'one chain by one furlong'). Perhaps the good citizens of New Zealand are more clued up about old imperial units than others.

1
0

Iran: We have defeated evil nuclear-sensing Western lizards!

Number6

Re: Chameleons ?

I've heard that there's a chamelephant in the room but I can't see it and people are reluctant to talk about it.

6
0

UK ICO, USCourts.gov... Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned

Number6

Another good demonstration of why ad blockers and script blockers are essential.

I see the ICO site is down for maintenance at the moment, I guess someone's pulled the plug on it until they can fix it properly.

43
3

BOFH: We want you to know you have our full support

Number6

Website Guide to IVR

What would be ideal is for companies to have a web page with the entire script to their IVR on it, so you could go browse it in advance and then when you hit the voice prompt just key 14235 and get immediately to your chosen point. If there wasn't a suitable endpoint for your query then you'd know in advance and instead of wasting time on the phone, could try writing a letter, wrapping it round a brick and delivering it to their offices in person via a suitable window.

13
0
Number6

Re: Simon will look back on this

He doesn't usually retaliate in the next episode. Revenge is a dish best served cold.

3
0

Bruce Perens wants to anti-SLAPP Grsecurity's Brad Spengler with $670,000 in legal bills

Number6

Re: You mess with the GNU ...

Look at it this way. I downloaded the source code. I've made changes, and given them to my mate Bill. I've now made more changes, but I don't want to give those to Bill. Bill is asking for them, wondering why I've now spurned him, but I'm not going to give them to him and I'm keeping my reasons to myself (basically, I think Bill is a plonker, and I don't want to hurt his feelings). Instead I've given these new changes to Alice. Where's the GPL2 breach in that?

If you've given Bill the binaries then he's entitled to the source required to build those binaries. GPL2 does not require you to give him updates to what he's already got. If you gave the updated source and binaries to Alice then she is within her rights to give the binaries to Bill, and if he asks, the source code too. Yes there was a high degree of daftness in putting stuff in writing.

2
0

US politicos wake up to danger of black-box algorithms shaping all corners of American life

Number6
Big Brother

The US credit scoring system is not fit for purpose anyway. I don't care what algorithms they're using, I consider them to be wrong because they fail to account for all relevant factors. Worse, the credit system has wormed its way into almost everything - want a phone contract? Unless you're paying up-front they'll go check your credit score. Want a job? Yes, some employers want to know too.

They seem to give greater weight to short-term things such as your current credit card balance, yet ignore the fact that this is a cyclical thing and that it's paid off in full every month, so you get a better rating just after you've paid off the card than just before, even though your overall spending/paying behaviour is the same (obviously if you don't pay it off then that's a different matter).

Minority Report, anyone?

29
0

China plots new Great Leap Forward: to IPv6

Number6

El Reg is still IPv4 only. As is the BBC. Perhaps it's all a plot by the Chinese to prevent their people from accessing such subversive media.

2
0
Number6

Prior Art

The IPv6 network, first developed in the 1990s in China

Was that before or after Al Gore invented the internet?

0
0

Cops jam a warrant into Apple to make it cough up Texas mass killer's iPhone, iCloud files

Number6

That's what I was thinking too. Apple can point out that it's not a good use of taxpayers' money wasting it on lawyers when the government clearly has a way of achieving what they want without needing Apple to help.

7
0

Donald, YOU'RE FIRED: Rogue Twitter worker quits, deletes President Trump's account

Number6

Re: Fake news

Why is it fake news when a lot of people seem to have seen it happen (not me - see below)?

5
24
Number6

Damn! I missed it. For the good of the US (and the world) someone ought to set up a cron job to deactivate it overnight, although if he's off in Asia then perhaps 'overnight' needs to be a bit flexible.

13
13

Official: Perl the most hated programming language, say devs

Number6

I did an exercise once, I took an existing C# app that read from a USB dongle and updated a screen and ported it to C++ with the assistance of Qt. The original motivation was to be able to get the same functionality on Linux and the original, not exactly greased lightning on a Windows machine, was like cold treacle when run under Mono on Linux. Then I ported the C++ thing back to Windows (as in tweaked the HW-specific bits and recompiled it) and it was easily way more responsive than the original. C# is OK for slow-and-dirty hacks but a real pain otherwise. Yes, Perl is probably preferable.

0
0
Number6

That's not a proper perl script, it's almost readable.

13
0

You're designing an internet fridge. Should you go for fat HTML or a Qt-pie for your UI?

Number6

Besides, internet fridge developers seem to have forgotten that not everything you buy from Tesco goes in the fridge, or even in the kitchen.

Oh, they have. You can have another box for the bathroom, one for each bedroom, one for the cleaning supplies cupboard. All interlinked so they can compile a master shopping list for everything.

0
0

'There has never been a right to absolute privacy' – US Deputy AG slams 'warrant-proof' crypto

Number6

@Jamie Jones

It depends on how you're doing it. Older manual methods wouldn't have used xor, more likely it was a book of numbers, to determine which letter to substitute for the one in question.

0
0
Number6

Re: "unlike public key encryption, which has easier key distribution but is less secure "

@Adam 1

Once upon a time DES was good enough, now it can be cracked quite quickly, almost real-time. If computing power continues to increase at the same rate, today's stuff will one day suffer the same fate. We're already recommended to use larger key sizes because 1024 bits can be brute forced. the information being protected may not be relevant by the time it's easy to crack - a bit like the old Playfair cipher used a hundred years ago - it could be cracked in a few hours, but if the message was "attack in 15 minutes" then it would be somewhat out of date by the time it was cracked.

0
0
Number6

Uncrackable encryption has existed for ages, it's known as the one-time pad. Unless you have access to the key then you stand no chance of reading the original plain text. Its big weakness is key generation and distribution, which has to be done via secure channels in advance, unlike public key encryption, which has easier key distribution but is less secure (depending on the amount of compute power available). Of course, one advantage of the one-time-pad is that in theory it is possible to easily create a spoof key to produce a harmless plain text.

29
0

US Homeland Security Dept to collect immigrants' social media handles and more

Number6

I'm glad you qualified that with a 'yet'.

I'm wondering how they'll extract the information from those who are naturalised citizens, unless the starting plan is just to give themselves permission to hold the information without any specific plan to actively acquire it. I can't quite see USCIS doing a mailshot to people with a form asking them to fill it in. Or rather, that's what I'd like to see them try because that's the quickest route to court. More likely is that they'll pick off individuals at airports as they enter the country, which is the time when you're most vulnerable and surrounded by enforcement goons with limited access to a lawyer.

0
0

HP users moaning over 10-minute login lag during 'Win 10 update'

Number6

Normal?

I thought that was normal behaviour for Windows 10. For reasons beyond my control I have to run a Win10 machine and if I have to reboot it then it takes 20 minutes before it's usable again. On the plus side, I do have a Linux VM installed and do as much as I can in that.

0
0

BOFH: We're only here because they said there would be biscuits

Number6

Re: More spying?

I'm a bit more careful with mine. A small square of cardboard behind a piece of black tape so I don't get glue all over the lens. Standard fitment for laptops in my possession. Even the desktop webcam spends most of its time hanging from its cord, pointing at the base of the monitor stand where it can record the steady accumulation of dust particles.

6
0

Sacre bleu! Apple's high price, marginal gain iPhone strategy leaves it stuck in the mud

Number6

Re: Samsung Galaxy Note 8 is $929

My cheaper option is currently to keep using the phone I bought three years ago. It does what I want, and while the battery holds out I don't see the need to upgrade to something that expensive.

0
0
Number6

I'd like something with the feature set of a Galaxy 4 only with a modern CPU and memory capacity. A lot of the newer ones are too big - the 4 fits in my pocket nicely and the screen is a reasonable compromise between portability and readability. None of this face or fingerprint crap for unlocking either. Dual-SIM would be nice, unless one of the carriers is prepared to offer me two numbers on a single SIM.

1
0

F-35 firmware patches to be rolled out 'like iPhone updates'

Number6

Update Process

The only way updates should be applied to this sort of stuff is by user intervention. Someone needs to have physical access to the aircraft and flip a switch, insert a key or other positive action that allows the upgrade to occur, in conjunction with detecting that the aircraft is on the ground and otherwise powered down. IT should only accept a signed image, and also inhibit all functions related to movement until the upgrade interlock is removed.

The same is true for cars, too (especially the 'on the ground' bit).

3
0
Number6

Re: Error 0x00000245

ENOTTY - Not a typewriter.

Except it wouldn't be an error i this case but an accurate statement of fact.

4
0

Equifax mega-leak: Security wonks smack firm over breach notification plan

Number6

Re: They're part of the problem

The US credit scoring system is not fit for purpose anyway. What you get is a snapshot, so the day before I pay off a credit card bill my score can be noticeably lower than the day after. It fails to note that this is a repeating pattern and actually represents a sensible and responsible use of credit.

As for paying interest, if you're doing that on a credit card then you're using it wrong.

5
0

UK not as keen on mobile wallets as mainland Europe and US

Number6

Re: So?

As the credit card is linked directly to the bank account and automatically debits 100% of the balance at the end of the month, credit cards have little value over debit cards, currently.

To me, the big difference between a credit and debit card is who is liable in the event of fraud or failure to perform. There are more consumer protections when using a credit card than a debit card, and I suspect that both have way more in the way of legal protection than using your phone. I don't have any mobile banking apps on my phone and prefer to keep it that way. But then, like may Reg Commentards, I like to think I'm a bit more aware of the security risks involved and have a lack of faith in bank and phone security.

5
0

How the CIA, Comcast can snoop on your sleep patterns, sex toy usage

Number6

Re: Lose the Unsecured IOT Device

There is no excuse for leaving an unsecured device connected to the net these days. I wonder how many bot-nets it participates in already.

If that was aimed at me, it's secure in that it only talks to their server. Internal to my network it's on a VLAN of its own and I've sat there and watched what it does using tcpdump on the router so I don't think it's participating in anything. That's how I know it uses http clear text to communicate.

0
0
Number6

Re: Apart from smartphones

I normally put my phone into flight mode overnight, I guess that's a usage pattern they can spot. In theory it stops it transmitting, but given that it's a software switch, no doubt someone can override that. Sometimes I forget to restore it to normal and about noon the following day I decide that things have been a bit quiet and realise why.

2
0
Number6

I'm glad my home is dumb. Apart from smartphones, I have one IoT device on the system and that mostly operates on a fixed timetable, I only talk to it to change the schedule. It's also hideously insecure, using http with no encryption in sight, and the server out in the cloud is slower than a snail on valium. A real POS of design. One day I'll hack the protocol and set up my own equivalent so it need not talk outside the firewall.

My router runs OpenWRT, so hopefully less likely to have dodgy firmware.

16
0

Hate it when your apartment block is locked to Comcast etc? Small ISPs fight back

Number6

Isn't it cheaper to do the last mile wireless...

Yes, if you're the only one using it. Otherwise it's shared bandwidth with everyone else, whereas wired bandwidth is, to a first approximation, all yours (assuming your ISP has properly sized the pipes).

If you've got 100Mbit/s then you lose some of that because radio is half-duplex compared to the full-duplex of a wired system that can (in theory) stream 100MBit to you while taking the return traffic. Radio has to stop sending so you can send the acknowledgements. Then there's the overhead needed for each radio burst so the RX is in sync with the TX before the real data starts. Then there's all the neighbours also wanting some of that airtime.

Point to point wireless is possible, but costs a lot more and may exceed the cost of installing a wired channel.

1
0

Did ROPEMAKER just unravel email security? Nah, it's likely a feature

Number6

Re: Old school

Cost of wasted space is less than the cost of dealing with it.

I always used to swear mightily at the dodgy attachments when it was still dial-up, noticeable pause as the crap was squeezed down the phone line only to be deleted. It's interesting how things have scaled, back then when it was still small hard disks, an offensively large attachment might have been 100k in size and hold up a V.34 modem link for some time. Now it's all scaled a few orders of magnitude bigger.

1
0
Number6

Re: "E-Mail is a TEXT medium"

Then what happens when you're told you just lost a big deal because of your paranoia AND that your job is now at risk AND you risk getting blacklisted meaning you may not find a replacement job, either?

If you read my original comment I noted it was personal email, so the only person who could fire me from that is me. At work I use whatever system they have set up, although if I have enough configuration control on the email client I'll set it to favour plain text both ways. It's someone else's job to keep the system secure, my only obligation is to not do something stupid like click on the dodgy link or attachment should it make it as far as my inbox.

3
0

The Register - Independent news and views for the tech community. Part of Situation Publishing