Posts by SImon Hobson

Re: Mine vs Yours

If, for instance, Ford decided ...

That is a very good thing to mention, because some years ago the EU looked at the situation with cars - where manufacturers did in fact run a closed system, with approved dealerships (which had to be exclusive), it was a condition of the warranty that you had the car services at an approved dealership, and so on. The manufacturers of the cars made all teh same arguments we here these days - for the protection of the users from fake parts, to ensure updates get applied, and so on.

The EU decided firmly that this was a load of male bovine manure and banned the practice. Manufacturers were no longer allowed to have exclusive dealerships, were no longer allowed to control sale of genuine parts, no longer able to make warranties dependent on servicing at approved dealerships, and so on.

I think it was a separate ruling where they said that the manufacturers had to come up with a common and open diagnostics interface - and could no longer have proprietary interfaces and refuse to provide protocol/message details to third parties.

Ethernet ran over coax! are you comparing coax to twisted pair perchance ?

Eh ?

Yes, ethernet originally ran ONLY on coax cable (firstly the thick stuff, later the thin stuff), twisted pair only came "quite a few years" later. I realise that some youngsters might find it hard to believe that there was ever anything other than twisted pair, but it really is true !

One of my regrets is not keeping hold of samples of various bits and pieces over the years, partly for "now grandchildren, this os what I used to work with", and partly to use in talks.

I no longer have a Facebook account,... So therefore their is clearly some tracking going on based on my device profile, IP address or some other data they are able to slurp without my knowledge to track what I have been looking at on the internet.

Having no FB account doesn't stop them ILLEGALLY profiling them. To start with, they won't have deleted anything when you deleted your account - your data is too valuable to them for them ever delete anything !

It is clear (look up some of the details in the Max Schrems case) that they keep a very detailed profile on people - and if you think about it, some of it isn't hard to do. One of the things they do is to nag users to "just upload your contacts so we can invite them" - and people are daft enough to do it (also illegal). Say one person uploads you home phone/email and another uploads your work details - FB can now tie your personal and work details together.

But the online tracking is also intrusive, pervasive, and sneaky. Ever noticed all those sites with a little "f" logo on them ? When those icons, as well as doing something related to FB, hide tracking code that allows FB to harvest a lot of information about your browsing habits. Very similar approach to the tracking Google does via it's tracking code disguised as statistics gathering for the site owner.

Re: Idiocracy

Seems very much like the "target the Sun and Daily Wail reader" demographic approach - but updated for the online age.

Re: @LDS - no there will be no hints and statistical techniques

The big downside to this proposal is it'll steer traffic towards the usual suspects, ie Google, MS etc who'll still be able to monetise the requests.

Indeed, it only improves privacy if you trust the single entity you use for your DNS to not treat this new goldmine of information as something valuable to be sold to the highest bidder.

As I read the RFC, you (or your provider) configures one or more DoH servers and use only those one or two servers for all your requests. In practical terms, that means one server has a complete record of all your DNS activity - so they better be trustworthy. Particularly if you run your own resolver, that information can only be obtained from sniffing the wire (which in practical terms means within your ISP for it to be complete) since your DNS requests get distributed across many authoritative servers.

I can see authoritarian countries simply blocking all access to an IP that hosts such a DNS server. It'll be easy to check - just analyse https traffic and if anything looks like it might be DoH then test that address with a DoH client. If it responds, then just block the IP - and if that breaks other stuff sharing the IP then tough, the provider shouldn't have shared an IP between DoH and other https traffic.

Depends on where the alternative supply is from. If it's from outside the EU then there are plenty of cases where the manufacturer has used trademark law to block what they consider "illegal" imports. When I first came across that, it was a real WFT moment.

How on earth can it be valid to say that a pair of (eg) Levi jeans, made by a factory under a contract from Levi, be a "counterfeit" product for no reason other than Levi didn't intend for that specific pair of jeans to be sold in the EU ? Yet, that's exactly what's happened on more than one occasion - allowing the manufacturer to apply differential pricing, screwing customers in countries where it thinks it can get away with it, and using bogus trademark infringerment claims to block imports from countries where it can't gouge the customers.

Re: Sticky disc

I vaguely recall a batch of Rodime 40M disks with the same problem.

Re: Ignore and continue as usual

they'll just find a way to hide the amount that calculates the percentage

Which is why GDPR, and I think fines for things like the subject of this story, can be based on global turnover - not profits, not profits in a specific subsidiary, but global turnover of the group.

While it's easy to move money around (the typical trick being to pay "brand licence fees" to a parent so that you make no profits) - it's impossible to hide turnover.

Re: Easy option

Was that the same Azure that's recently had a huge outage - where it was found that a failure in one datacentre had knock on effects across many services that shouldn't have been affected.

Re: common place

I gave up on Which? a long time ago ... I felt, if I couldn't trust them for products that I know something about, how can I trust them on subjects I know nothing about?

Ditto. I recall a review of either ISPs or email providers and stated that spam wasn't a problem - when the only reason they didn't get spam was starting with a fresh address and making conclusions after just a week !

But yeah, in several areas where I had some knowledge, I couldn't help but call "bulls*t" to some of their statements.

In which case the lock is not binding, regardless of any attempt to claim to the contrary.

I wasn't party to the conversation, but they probably have a carefully prepared script, read out quickly, so that they will have complied with the requirements - but in a way that the typical non-savvy user will not realise the significance (SWMBO doesn't read contracts and turns off when read anything sounding like one - so she would be unaware and it wouldn't be the company's fault).

Anyway, I got away from them, and apart from them trying to claim for the 18months charges for early cancellation (the bit about them being "difficult to deal with") haven't looked back.

Re: Cui bono

I really wonder what's to gain from industrial espionage on companies like Amazon or Apple

It's hinted at in the article - its not Apple or AWS they are targeting, but the end users of those systems. Compromising the manufacturing of their systems means you can get compromised machines into places that would otherwise be hard to get compromises into - and thus give you another attack vector into some "quite well defended" territory.

Also, as to the "why not just adapt another chip". Well if the manufacturer sticks a JTAG clip onto the flash ROM to put new firmware into it, your separate chip can sit there all safe and sound - and un-noticed. And don't forget that if true, this was done by people with access to the skills and technology to make it happen - it's not like you or me "hacking" a built board, it's the people who make the boards using a slightly modified design. A chip buried in the layers would be invisible, and if buried underneath an existing chip would even be (more or less) invisible to x-rays.

Re: And then billed 3 extra hours?

Why not just offer the 100MHz version only?

That's marketing for you. If they ony sold the 100MHz version then they'd probably have to sell it for about the cost of the 50MHz version. But doing it like that, they might have to sell the 50MHz version for alittle less, they can price the 100MHz version significantly higher - thus increasing profit margins.

51.89% vs 48.11% is not a resounding victory

Actually, it's not really 48%, in actual fact only 34.7% of eligible voters voted to remain, with about 27.8% not voting and who have to be assumed to be happy with "whatever the outcome is". So there's an argument that around 65% were happy to leave - 65-35 is a somewhat higher margin !

But, the remoaners say, "that's not valid". When you can argue that, but if someone really did want to stay, they should have cast their vote - if they didn't then they should be assumed to be happy with the outcome of the vote by those that did actually vote. I think we can be sure that had the vote been similarly tight the other way, remoaners would be quick to point out that less than 35% of voters actually voted to leave.

That won't change until there is a credible deterrent

Which is why GDPR allows fines of up to 4% of GLOBAL turnover (of the group where it's a subsiduary and so on) - so no fudging things to make profits appear negative, or putting turnover through the books of a partner company, or other tricks.

So Equifax UK could be fined up to 4% of turnover of the whole group, not just of the UK company. What's more, it can continue (daily fines) indefinitely if the company refuses to fix the problem.

If that's not a deterrent, I don't know what is.

Re: "the standard is for devices to generate (multiple) random addresses"

If you have, for example, a NAS, it can't really generate random addresses and change them over time, because how would you be able to access it?

mDNS ? Also, a device can have many addresses - indeed it is set out in the specs that devices MUST support multiple addresses. So it's quite easy for a device to have static addresses on which it serves up services, and multiple dynamic addresses it uses for outbound connections.

does Android support DHCPv6 now?

No, and it probably never will. Politics (as well as technical issues) has resulted in overlap between protocols. DHCP cannot (by design) provide router/routing info to hosts - they have to get that from routers via RAs. The official line is to separate addressing/host management from routing/network management because these are often managed by different groups in large organisation. My feeling is that even where that is the case, the two teams CANNOT work in isolation.

But the technical reason why Google won't support DHCPv6 in Android is that it doesn't provide a fast method for revoking leases when the network changes. For a mobile device, the network can change rapidly as a device moves around (handoff between cells, switching between mobile and WiFi. With RAs, the network can be quickly reconfigured by sending RAs for the disconnected addresses with a lifetime of zero - with DHCPv6 there's no such easy mechanism. There is a DHCP6 client for Android - but not from Google.

Re: States' rights! States' rights!

The end result is that everyone ends up having the same mediocre level of service, despite what you can afford to get.

I think you have the wrong end of the stick.

Under Pai's view of things, your ISP is free to throttle traffic from a competing service - for example, they might throttle Netflix to make it rubbish compared to their own video streaming service. So effectively, the "internet" you get starts looking more like the walled gardens epitomised by the AOL of the olden days - where what you get to see is only what the provider wants you to see, and that is driven by what the providers are prepared to pay. An obvious danger there is that if some small startup comes up with a great new idea, the ISPs are in a position to kill it by simply throttling it's traffic so users will find that it's crap.

Under the Californian rules, your ISP cannot screw around with what you get to use - if you want to use (for example) Neflix rather than the ISP's service, then you can. And the startup with the great idea is free to get it going without being nobbled by vested interests.

None of this is about limiting what YOU can pay for. If you want a little pipe for little money then that's your choice, if you want a bigger pipe for more money then you can. But if the ISP simply doesn't deploy enough bandwidth within it's own networks, then that's a different issue - in a healthy market* you'd simply choose a different (better) ISP.

* Which it seems doesn't exist for many users in the US.

Re: Official language(s)

Scotland will be back in asap

That would need such a fudge and bending of the rules that even the most staunch pro-EU people would find it unpalatable - especially after having seen the effects of doing it for other countries that have joined (relatively) recently. There is absolutely no way that Scotland would qualify for membership.

Re: It's simple, really

And what about those items that are expensive bricks without internet access ? Or where a significant part of their function requires external communication ?

Invoking "personal privacy" is complete nonsense. They're an organisation, not an individual.

It's not for their protection, it's for ours. While most of us live on homes where we don't really have any embarrassing secrets, I'm sure there will be many where that isn't the case - and especially where the call is to a mobile where it could be a colleague that sees the call from a number the phone labels as (to pick an embarrassing example) the STD clinic.

Our local NHS trust no uses a presentation number from a local town for all the appointment related calls - so someone could infer that you had some interaction with the NHS, but have no idea what part (or at least, no idea which part of the local trust which is most things except the GPs' surgeries).

Re: Noisy phone lines in building

One of our worker bees came to me with 60Hz interference on his CRT monitor

Had a couple of those (albeit 50Hz in the UK).

First was most of the CRT terminals (Wyse 60) in the accounts dept with shimmering screens that all came/went at random times. I guessed magnetic field and asked the sparkies if they'd been doing anything recently. Turns out they'd been working on the sockets ring in the shop downstairs and a wire has slipped out of one of the terminals. Result was that when the electric heater came on, the live current went two ways round the ring, but the neutral current went one way - creating enough field to affect the CRTs. Finding the loose wire and fixing it banished the problem.

More entertaining was when they were extending the offices - steel frame that was bolted and welded together, and I bet some of you are ahead of me already. They'd just stuck the welding earth clamp where it was handy and were roaming around welding the joints - thus creating a rather large and complicated network of steelwork carrying heavy duty welding currents and thus creating magnetic fields. The effect on the CRTs (still Wyse 60s mostly) was "quite interesting" to say the least - enough "shimmer" to take the image completely off the side of the screen !

Re: @ SImon Hobson

I was with you up to the point where you started appologising for the gouging of the telecom monoply, outside of cities there is zero choice and the price to the customer is the maximium they can get and still profit from BTinternet as well as openreach.

Where was I apologising for it ?

Also, you do realise that compared to many markets, in the UK we do have a relatively highly competitive market even in the sticks - as in you can go and get an internet connection from many providers who will compete on factors such as speed, actual throughput, reliability, customer service, etc. Yes, they will all be reselling BTOR connections - but you don't seem to realise that these connections are NOT "as much as they can get away with". The wholesale prices are set by the regulator, not BTOR - we can argue as to whether the rates set are the right ones, but they are not set by BT or BTOR, and they have been coming down over the years.

Like I say, while in some places they get better connections for much less - you only have to read the articles about the US market to see the difference. Over there you find users who really do face buying from a monopoly, with no regulated prices, and who really can charge as much as they can get away with. And more importantly, impose whatever restrictions they can get away with (like actively throttling Netflix to benefit their own streaming services) - there's a reason the cable industry was so against neutrality rules !

So I repeat. Yes I'd love to get (symmetric) gigabit over fibre and get it for less than I pay now. But knowing what we used to pay at work for direct fibre connections (some of them NOT involving BT anywhere) I reckon that the "up to" 80/20 (actually about 50/16 IIRC) FTTC connection I do get is not bad value.

Re: Millenium Bug 2?

like there was never “a switch” from IPX/SPX to TCP/IP

And add AppleTalk to that list. For some of us, that was the first networking we encountered, and Apple managed the transition through dual stack (AppleTalk +IP) and eventually dropped AppleTalk altogether from the OS. Most users never noticed - it was just a bit of a PITA for those of us who (at the time) had some expensive but old colour laser printer that didn't do IP without a custom memory upgrade that I couldn't find.

Re: Phones too

where all our sales dept kept breaking their phones, and getting new ones on the insurance

Many years ago, I recall a visiting sales person telling me how his company had slashed the company car accident rate - they bought an old (IIRC) Skoda and the rule became :

Anyone having an accident gets the Skoda for a month. Since their street cred was in jeopardy, no salesman wants to be seen in a Skoda, so they took a lot more care with their cars.

Re: Spying on everybody but your own is Okay ?

but what about other people's right to privacy ?

We don't count, and as furriners don't have any rights whatsoever as far as the USA is concerned. Basically, the USA attitude is "our laws apply everywhere when it's in our own interests (eg the right to order the handover of any data held anywhere, c.f the CLOUD act); but not if it's not in our interests (eg the right to privacy)"

Re: Cost does not justifiy Value

The value of a service is what people are ready to pay for

That is true in a competitive marketplace. But this is not.

As already mentioned, for the vast majority of Android users, if it isn't in Google's store then it doesn't exist. For Apple it's virtually all users since Apple don't allow any sideloading and go to great lengths to prevent users breaking the locks so they can use the hardware they bought as they wish. So as a developer (unless you are big enough to run your own store, which is not the case for most devs) it's not a case of whether you think it's a reasonable price to pay, it's a question of "do I want to sell this ?" - if the answer to that is yes, then they have no choice but to pay whatever Google "asks" for.

Ie, it's not a choice between 30% or some other cut a different store will charge - it's a choice between 30% or no business.

I'm playing my tiny violin right now.

Well OK, you're posting on TheReg and (I assume since they don't have the option) not paying them a penny for the articles you read or the ability to engage in the comments. The reason you can do that for "free" is because they sell advertising space on the site.

This is more or less the same process that allows most print magazines, newspapers, journals, etc to survive. It's certainly the way the "free" papers survive.

Too many people forget this simple fact - the internet is only "free" if someone is paying for it for you. I have a small information site/blog which is free to users and has no adverts or tracking features - it is free to users because I pay for hosting it myself just because it's a topic I have an interest in.