Posts by SImon Hobson

Re: Privacy Shield

U.S. law does not have to bow down to EU law

Very true, and actually no-one is saying that it should - it is entirely a choice for the US government to make as to how it handles things.

Basically it comes down to this :

If you are based in the EU and hold/process personal information on any EU citizen or any person resident in the EU, then you have to abide by certain regulations. What's more, those regulations aren't actually very complicated. But a key thing is that you cannot transfer/store/process that personal data to anywhere where it is not adequately protected - and that still says nothing about US laws.

What is does mean is that if the US decides not to create an environment compatible with EU GDPR, then that's fine - it's own choice - but the ramification is that it becomesstays illegal for any business with a presence in the EU to put such personal data anywhere "within reach" of any business with a US presence. It still does not say what the US must do about laws - just that if the US chooses not to be compatible then it cannot expect to get/retain the business.

In a way there is the usual (and usually broken) analogy with cars. A US manufacturer is free to decide whether to make cars that comply with EU regulations - no one is forcing them to. The flip side is that if they do not, then they cannot sell cars into the EU.

TL;DR - Basically, if you want to play in our playground then you have to play by our rules.

Re: well done

I've had meetings with BT's ...

I've had conversations with BT people adamant that the building we wanted lines installed into did not have any means of installing them. In the end I had to drive to site (again), climb up high enough to read the label on the JB on the back wall of the building, and then call back the local engineering manager to tell him that the building is served by DP nnn on the back wall of the building in xxx street ! Just telling him over the phone exactly where the DP was did not work - apparently it was too complicated for them to either look in their records, or have someone drop by (less than 1/2 mile from the exchange) and take a look.

Oh yes, and that's after BT foooked up the installs by sending all the paperwork (including the notification of the install dates) to empty shops and then had the OpenRetch engineers turn up, find no-one there, and just cancel the job without telling anyone - after being given explicit instructions what address to use for paperwork. Oh that was fun, we had site hooked up with 3G modems at one point - great for a new business (our customer) on the high street (not) !

Re: Mum

All my mobile phones will still ring if the power is out

Don't count on that !

They will still work IFF the outage is localised enough for there still to be a cell still powered up AND still have communications back to the network. That is most definitely not always the case !

Suddenly people realised that, without electricity, there is no internet, no mobile phones, no contactless payment, no lifts and no petrol pumps.

Most mobile phone coverage was lost within an hour

The biggest impact on most people was that few knew what was happening. By looking out of the window, it was obvious that there was a widespread power cut but none of the usual sources of information – TV, internet, text messages or social media – was working.

The point is, while this was an extraordinary event - I know from inside knowledge that there have been a few "near misses" in terms of substations being flooded, even after work to raise the level of flood protection at many. Lancaster was lucky in some ways - they were able to draft in generators to get supplies back on fairly quickly while sorting out the main substation. If two such events happened close together (far from inconceivable) then there may well not have been the numbers of large generators required.

And then we need to factor in "modern" supply management policy. Once upon a time, the electricity supply industry was run by engineers with a brief of "keep the lights on". Generator capacity was organised to have a diversity of fuelling, with spare capacity and some pumped storage to help manage the "half time tea break" surges and the like. That was abandoned under Thatcher, and centralised forward planning was replaced by "kick the can down the road" politics (no new nuclear for decades) plus free market "what can I make out of this" planning by multiple competing suppliers. They are now pushing so called "smart" meters for one primary function - what is euphemistically called "demand side load management". The combination of "tin kicking" and lack of planning now results in a supply system without enough spare to cope with forseeable peak demands - so "smart" meters are there to control demand, firstly by price rationing (if you want to cook dinner at dinner time, tough, it'll cost you 10x the normal rate), and if that fails by more fine grained rolling power cuts (many of us remember the 70s). Yes, remote disconnection is part of the spec, and therefore in EVERY "smart" meter for someone to, somewhere, to click a button and your power goes off.

Of course, we are promised that there are sufficient safeguards etc, etc - but I guess it's tough luck if your power is turned off and it's up to you to persuade your supplier that their billing system has got it wrong and you don't owe them £20,000 ! (sarcasm)Oh no, mistakes like that never ever happen do they. (super-sarcasm)And of course, we all believe that no-one will turn off the wrong meeting.

Re: "we are committed to GDPR compliance across our cloud services"

And the law doesn't say that you have to be objective and present all the arguments for/against, now does it ?

But if they present a very biased appearance - ie presenting all the reasons you should allow it but ignoring all the negatives - then that is not informed consent. That's the reason the regulations specify that consent must be informed - ie it's not OK to hide the real purpose behind a gazzillion pages of dense legalese while presenting a misleading summary that prompts the user to accept without knowing what they are accepting.

Re: Delay

All we have to do is delay this for 9 months ...

In about 9 months time it will become even more of a problem for the government. At present, while we are part of the EU then we are part of the EU for data protection purposes - and it's up to others to prove that we don't protect data/privacy enough (hence these cases).

Once we leave the EU then it's a lot harder. We have to demonstrate to the EU that we have sufficiently robust laws in place to have "equivalency" to EU regulations - which we clearly do not and given the way our current (and past) incumbents down in Whitehall and Westminster talk about it, never will. Without this EU declaration that we have equivalency in data protection laws, it will be ILLEGAL for anyone with a presence in the EU to deal with us.

Just stop and think for a moment what that means ...

For example, it would be ILLEGAL for anyone dealing in personal data of an EU citizen (or a non-citizen located in the EU) to use ANY service provider based in the UK - simply because under UK law, that provider will not be able to guarantee security/protection of that data to the level required by EU law. So suddenly, ALL UK based hosting providers will be locked out of EU business, UK banks would be locked out of EU business, etc, etc. Forget any issues around competitiveness, tariffs, etc - a whole swath of business currently carried on in the UK would become ILLEGAL under EU law and we would be locked out of that market.

For a parallel, look at the EU-US situation. We used to have Safe Harbour, which for many years provided the illusion that EU persons' data could be safely exported to the US. Everyone knew it was a pile of steaming manure, but there wasn't any proof prior to Ed Snowden's revelations - after which the authorities could no longer stick their fingers in their ears and shout "LA LA LA CAN'T HEAR YOU" any longer to protect the status quo. Max Shrems first legal case blew Safe Harbour out of the water - so TPTB hurriedly came up with Privacy ShieldFigleaf, which itself will be blown out of the water when Max Schrems' current case works it's way through the system.

The US likes to talk the talk and claim it's got measures in place - but in reality they don't and their law is fundamentally incompatible with EU law. Yes, their law is FUNDAMENTALLY INCOMPATIBLE (and getting made even more so, eg CLOUD act, over time) and no amount of whitewash paint will hide that any more.

So will be the case between the UK and EU. There is a big difference though between UK-EU and US-EU. With the US, there are powerful interests that want things to carry on - hence Privacy ShieldFigleaf being hurriedly put in place after Safe Harbour was blown away. But with the UK and the EU there are powerful forces that want to actively see us fail, so instead of there being active measures to lean a bit, squint a bit, put the telescope to the blind eye, and see no problem - here there are powerful forces that will want to actively sabotage any UK-EU data protection equivalency ruling because they want to see the UK hurting as much as possible.

You only have to look at statements made by the likes of Juncker - it's clear that they'd rather see the EU hurting than miss an opportunity to hurt the UK. It was a natural response of course - they NEED Brexit to be a failure for the UK because they know that if it isn't then there are several other countries lined up to follow suit.

Re: The resilient distributed nature of the Internet?

Maybe we should all take some responsibility for our own stuff.

And only one upvote allowed !

At my last place, we ran the DNS for around 600+ customer domains - and when I started it was hosted on two servers sat in the same rack and protected by the same dead UPS. One was on a different internet connection though.

When I left, we still hosted the master in our own server room, but employed a 3rd party to run secondaries for us - so an outage either at ourselves or at the 3rd party could not bring down the DNS for those domains.

But also when I left, manglement were busy getting rid of anything needing brain cells - and were transferring the DNS to a significantly inferior hosting service, with a PITA GUI, significantly reduced features, and most critically, all under one hosting provider who had already had more than one major outage in the couple of years we'd been using them.

For good measure, the main mangler decided to just rip out all the infrastructure (documented, reliable, worked flawlessly for many months after I'd left until it got mangled) - partly on the basis of "I don't understand it, so it's coming out". Had he asked anyone with a clue, he could have avoided taking out the master for 200 domains and having them die a week later as the secondaries expired their cached entries (fun when your VoIP phones go down due to a DNS issue). For starters, the 3rd party hosting had a neat feature that would have allowed promoting them to using a local database - so a few clicks per domain would have dealt with it. Instead they left it till it started taking customers offline and then went into panic mode.

Still, said manglement were well versed in outright lying to customers - no doubt they'll have blamed a 3rd party service for the outage.

I use OpenDNS instead of ISP's DNS service. I'm never affected by DNS outages as an errors just lead to the use of a cached entry.

Do you only use Open DNS ? If so then you're at the mercy of OpenDNS and if they have a major outage. Only if you use them PLUS another completely independent service do you get that degree of resilience talked about in this article.

Re: Still not understanding

Why it took so long to disable the failing switch once it was identified

As already said, the guys that wold have been able to diagnose this AND do something about it have all gone. The people running it now will probably be junior techs on a different continent with a) manglement imposed limits on authority and b) culture imposed limits.

The latter is important. For many of us in northern Europe it's seen as a good trait to be able to sit down, look at the evidence, and formulate a theory as to what is wrong - and formulate a plan for how to fix it. So as already said further up the comments, a good ops team would probably have had it fixed before many people realised there was a problem.

But AIUI, in many of the places such functions are offshored to, there is a different culture - where individualism is frowned upon, and the techs are supposed to "just follow the flowcharts". In such a culture, to get the offending switch powered off would require the problem passing up many manglement levels, endless meetings, and above all - discussion of who takes the blame.

A secondary factor is the modern disease of not supporting people to make decisions. So even if a techie did realise that "all it needs is to power cycle this switch" - it's a very secure person who can take on that decision and expect his manglement chain to support him in doing so. More normally, the "safe" option is to do nothing - it's not your fault the system failed. But go and do something that should fix it, but for some reason doesn't - well your head is on the block for doing it.

Go and read some of the "the day I ..." stories in ElReg - and in particular the comments. Some of the best ones involve the person "doing something" but being supported by their managers on the basis that "the only person who never made a mistake was the one who never did anything".

Re: A place in history

Pah, 25MHz, 20MHz, 2MHz - you youngsters today don't know you're born.

I raise you 1MHz and just 1kbyte (yes k, not M or G) of static RAM.

Obligatory Monty Python sketch :-)

Re: systemd-free?

It might help to understand that there is a difference between Debian where it might be possible to remove sysemd and Devuan where it is not present. If you do remove systemd from Debian then you are on your own - the only supported arrangement is with systemd.

So packagers are free to remove SysV init scripts - not insurmountable as you can provide your own, but still more work.

Packagers are free to remove (eg) calls to traditional syslog and only call systemd's ginger haired stepchild of syslog - so if you remove systemd then you will either have no logging or the package won't run at all. If you try raising this as a bug then you'll get a "wont fix" as you are running an unsupported setup.

This problem will only get worse and worse as systems continues to re-invent (often badly) more and more existing tools.

IF systemd had only been an init system as was originally claimed, then there wouldn't be the vitriol thrown it's way - it would be easy to toss it out and re-instate SysV init or put OpenRC in. But it is NOT an init system - it's a giant hairball of cruft that links far too much together in a non-modular way*. And for good measure, because it lumps so much into the hairball, then it vastly increases the attack surface for bugs. It's designed to encompass as much as they can borg into it - and many of the changes are explicitly designed (even if non-intentionally) to break compatibility and force an either/or choice on packagers (such as whether to use the new supported systemd logging or use the (eventually) non-supported syslog).

Had I still been working at my last place then I'd now be in the process of migrating quite a few systems from Debian to Devuan - all had been held at Wheezy as I wasn't prepared to allow systemd onto production servers.

* Don't let the pro-systemd camp confuse you. Just because code is in a number of modules does not mean that it is modular. Modular systems allow you to replace any module with a different one - such as replacing "syslog" with "syslog-ng" or "rsyslog". Systemd doesn't even provide a stable API between modules, so it just isn't possible to swap out a single module without a lot of work in reverse engineering an API and then watching for undocumented changes in it.

Re: Open Source Security Inc. Doesn't Make Open Source

You may use, copy, modify, and distribute any Linux kernel modified by combination with grsecurity patches under the terms of GPLv2.

What's the issue?

What about redistributing the source for that modified kernel ? GPLv2 says that if you modify and distribute a piece of GPLv2 code, then you are required to provide the source if asked for it.

AIUI, grsecurity also allow you to redistribute the patched source - but if you do will terminate your contract with them. That's not exactly allowing you to redistribute in accordance with GPL - it's basically saying that you can't redistribute if you want to carry on getting their patches in future. That's what Bruce Peren's opinion was about.

Re: Cashless society

If a piece of hardware can block some half a billion visa cards from working

That was my first thought when I heard about it on the radio - this was not caused by a hardware failure, this was caused by inadequate/faulty business continuity planning. If the BC plan had been adequate AND had been correctly implemented, then there would have been a minimal outage for a minimal period of time.

The scale of the outage (EU wide) and it's duration clearly shout that the BC plan was not adequate or was not correctly followed. So it was a preventable outage.

So what's that about having all your eggs in one basket ? Can't remember the last time I was offered the opportunity of having a Mastercard, it seemed everything was Visa these days.

Re: Personal vs business

I've seen other sites in the past though where not even the ToS mentioned any names beyond whatever the brand (site) itself was called

At a previous employer, they wanted to setup a web shop under a different brand name to the ones we were already using. Being in IT I got to see a draft of the website before it went live, and had to go to manglement and point out that "err, this website isn't legal" - and then had to point to the specific legislation (Company Names Act of some year or other IIRC) where it specified what information must be present on any communications. Grudgingly they put the company details buried somewhere on the T&C page where they wouldn't be found.

Re: @AC

Your HTML (or JavaScript or however you put adverts on there).

As I read it, his site does not put the adverts there - his hosting company does it when sending pages out. Ie it's the hosting company that is modifying his code before it gets sent to the client.

I would suggest that it's STILL the website owners problem - they have chosen to use that hosting outfit to serve their site, and they need to ensure that they have appropriate contractual clauses with the third party (the hosting company). In this case, the hosting company (or the ad companies they subcontract to) is going to be collecting data that is in excess of what they, and the website owner, needs to collect in order to perform the act of serving up the website. Thus the hosting company is in breach of GDPR, and the website owner is in breach because clearly they do not have contractual terms in place that would (or should) avoid this.

Re: @ Roland6

Unfortunately, for this to happen you tend to have to schmooze and not insult each other...

And unfortunately such schmoozing was never going to happen. It was clear from the outset that "the EU position"* was going to be "we'll do anything we can, even if it hurts us badly, to make it painful for the UK". Given that "the other side" has taken up a position of "we aren't interested in any agreement that doesn't punish you for leaving" - hard to see how any sensible agreement could be likely.

* Based on statements made by senior EU bods

Re: loads of email about GDPR asking me to sign up

If you already have suitable consent (a pre-ticked box or scraped data isn't consent, then the email is pointless, and might be illegal depending what it asks.

Not quite.

AIUI many data controllers do have consent - but might not have evidence to the standard required under GDPR, and might not have given clear enough information to the level required by GDPR. Because of this, AIUI the ICO is recommending that data controllers go back to the data subjects and get fresh consent - so they can show that they have obtained informed consent from each subject.

Re: I paid for it...

I paid for it too - great program, but with "some issues" (in particular it had some issues with IMAP accounts).

Someone mentioned supporters not providing a single point in it's favour - so I will. It had a good UI.

By good, I mean it showed different mailboxes in different windows - instead of this really stupid modern idea that everything has to be in one window where you switch mailboxes from the menu on the left. The Eudora way is just so much easier to work with.

I only stopped using it when a system upgrade stopped it working.

Re: So, can somebody clarify for me?

AIUI what they have done so far when doing "fibre only" connections is to terminate the fibre into an NTE (there needs to be something) which DOES include a terminal adpater to allow an analogue (POTS) phone to "just plug in". So customer gets to keep their existing phone (and internal wiring), all that is different (for the telephony) is that the master socket is bigger and needs a power supply (so an issue if there isn't a mains socket nearby as there often isn't).

The NTE also has a socket into which the router is connected (router, NOT modem+router) and the router just needs to talk IP over ethernet or PPP over ethernet depending on how the service is presented (I've not read anything saying much about that side).

At work, I've worked with a few services which were just presented as plain routable IP over an ethernet connection - the provider's NTE handling all the fibre-something conversions together with any protocol conversions that might be needed - so from the end user's PoV you just talk IP over an ethernet link. Makes it a doddle doing your own routing/firewalling/etc - especially in our own office where we had a whole /24 to play with :-)

Re: OTA Obsolesence

Not only that, but as mentioned above there is the EoL issue - how long does the manufacturer provide updates for. Not hard to see cars hitting EoL for software updates and the options being to scrap them or pay ever increasing contract prices for ongoing support. Think MS and Windoze XP extended support.

Add in the way that (for example) John Deere in the USA has used their DMCA laws to prevent third parties from repairing tractors and you can see the scope for shenanigans.

Facebook is an advertising platform so you expect new orgainisations like El Reg NOT to use it?

And THAT is the biggest part of the problem. FarceBork have become so ubiquitous that there's an element of "screwed if you do and screwed if you don't" about using it. For many people these days, "the internet" == ("facebook" OR "google") - if it isn't on farcebork or the first page of google's results then it doesn't exist.

So because "everyone is one farcebook", most people are pressured into being on farcebork or they'll miss out. There's a reason that they buy things like WhatsApp which allow people to communicate without using farcebork - by buying it, they bring it into their data mining business and so it doesn't matter which people use, farcebork still get your networking information.

I'd never seen a component physically blown off the motherboard before!

You'd never lived then lad !

My boss from a few jobs ago had worked at a local outfit that made specialist sonar equipment. One unit he described was a stack of circular boards that fitted into a cylindrical casing - with one board being the power supplies. As is normal, they'd done all they could to protect the unit from "accidents" ...

They got one returned as "not working", and when moved there was a rattling from inside.

Opening up the unit revealed the power supply board had zero components on it - many were rattling around the case sans-leads, some had just "vanished". Went back to the customer and asked "you didn't accidentally connect it to the 1000V supply did you ?" In that industry, they use many voltages and frequencies with the obvious scope for getting it wrong.

The customer was adamant that they hadn't, until said manufacturer suggested it would have to get legal and they'd be suing the manufacturer of the transorbs that had exploded - at which point they admitted their mistake.

For those that don't know, transorbs are a surge protection device that behaves a bit like back to back zener diodes - more or less open circuit up to some voltage, then they break down and become conductive thus allowing momentary over-voltages to be shunted away from the delicate electronics following down the line. But they have a limited power dissipation limit - so basically momentary spikes, not a full time over-voltage. When connected to 1000V instead of 400V - they literally exploded and the shock wave sheared all the component leads off flush with the board.

Re: GDPR

Where does it say that?

It doesn't explicitly say that - but the inconvenient fact is that under US law it is IMPOSSIBLE for a US based business to (truthfully) provide the assurances required. Given what we now know about how the US authorities can, and do, tell businesses to "hand over this data, and BTW you cannot tell anyone" with what appears to be no effective oversight/control - it's just no possible for those businesses to provide realistic assurances about where the data may end up or what it may be used for.

The fact that MS suddenly (as it seems) said "OK then, here's this data you wanted off our servers in Ireland" to the DoJ should be a big hint. They previously claimed that they could not physically access it - so were they lying about that ?

Re: Optional

Surely this is against some sort of data protection law?

Under current law, it's questionable at best.

From 25th May it will be expressly illegal - but that won't stop them doing it.

Re: RE: As a never-signed up non member....

It will take a damn sight longer to remove stuff from Facebook if you don't have an account, than if you do.

Well you very well illustrate a big part of the problem - many of the tools to "manage" your privacy require you to open an account with $provider, which requires you to accept their T&Cs. So in order to have $provider stop invading your privacy, you have to (taking typical T&C terms) give them permission to invade your privacy.

It will be interesting to see how this pans out when GDPR comes in. Given the story in ElReg about Ireland watering down privacy protections, I expect the first cases will be just tossed out, then there'll be an appeal to whichever EU body is responsible for complaince and the Irish government will be told in no uncertain terms that their law is illegal. There may be several rounds of this before Irish law correctly implements GDPR - and once that's in place then Farcebork are going to get well and truly reamed.

But like the OP, I know for a fact that Farcebork have personal information about me - thanks to "friends" and relatives who can't see what the fuss is about. At the moment I'm waiting for Max Schrems case to reach the point where (inevitably) Privacy SheildFigleaf gets struck down and then we can all start laying into them.

Re: With hindsight

I had a thought about this ...

They could have fiddled with the DNS to get a poor mans load balancer. Set the mx to (say) a.domain.tld with (say) a ttl of 3 hours. After (say) half an hour, change the mx to b.domain.tld, also with a tld of 3 hours. After another half hour, change to c.domain.tld. And so on. You could script the DNS updates to automate it.

Then each resolver would cache just one of a.domain.tld, b.domain.tld, etc and so (using the numbers originally given would try and contact only one of 5 different MXs. Different resolvers would cache different records depending on the timing of when they last fetched the records. That was definitely doable back then.

If they had geographically distributed servers then they could also have done some conditional DNS stuff to present different MXs to different area - can be done with BIND using views, but I don't know whether that feature was available then.

I always wonder what is the story with insurance if you and your car are an Uber "product"?

UK situation, other places may vary.

Since you are carrying people for money, then you need insurance that covers that - your normal policy absolutely does not cover it. There have been suggestions that Uber is not very diligent in checking that drivers do have the right insurance - and if so then they are complicit in putting paying passengers in uninsured (and therefore illegal) vehicles.

My ADSL would then be doing random lookups for everybody on the planet, as well as for me ...

Riiiggghhhtt. I've run resolvers before, and one thing I can recommend you don't have is an open resolver on your ADSL line ! We had to lock ours down to just IP ranges used by our clients - otherwise I will guarantee that it isn't long before you start getting used for DDoS attacks* and other dodgy practices.

The other issue is that in so many jurisdictions, plod tends to take the line that it happened on your connection so it must be you doing lookups for (eg) kiddy porn sites. In fact, some jurisdictions expressly make it your responsibility for whatever is done on your connection. Yeah, you might be able to prove your innocence ... eventually. But in the meantime, you'll have been branded a kiddy fiddler in all the local papers, had to manage without any of your IT stuff because the plods took it for examination (you'll get it back, maybe a year or two later - and it might even still work if you're lucky), locals will assume there's no smoke without fire, depending on what you do you could lose your job, the stress could cause your family to break up, and so on.

And when you do eventually prove that it wasn't you and you are totally clean, the papers will report on it in tiny print on the gazzilionth page that no-one reads - so no-one will know that you've been shown to be clean and you'll have this whiff of being a dodgy type following you around for evermore.

* Because DNS defaults to UDP first, there's no verification of client IP address - it can be spoofed. So the b'stard doing the DDoS attack searches for a query that returns a large response that still fits within one reply packet (if it's too big then the resolver tells the client to switch to TCP). So the attacker sends you requests for "foo.bar.com ANY" having found that foo.bar.com actually resolves to 20 cnames. Thus one small query resolves to a lot of data, the small packet is amplified, and the larger result is sent to the target of the attack. That way, a relatively small number of compromised machines can generate a lot of small packets which result in much bigger packets being sent to the target - way more data than the small number of compromised machines could manage on their own.

But throw the match into a half empty container of petrol and watch the flame front propagate a lot faster????

Provided the container has restricted ventilation, then the match will just go out - mixture too rich to burn. When a filling station closes, it is NOT allowed to empty the storage tanks, they must leave some fuel in to ensure the mixture stays rich. Then they have to pay eye watering amounts for a specialist contractor to clean the tanks and either remove them or fill them with concrete - I had a conversation with someone not long ago, and they told me that the difference between two quotes (not the quotes, just the different between them) was over £30k !