Posts by SImon Hobson

Re: NI did it some time ago

... there were companies setting up wireless links to groups of houses

Meanwhile, over here the government in a dramatic show of joined up thinking (that's sarcasm BTW) more or less killed off the wireless internet (and alternative cable) industry by way of business rates. IIRC, basically, they decided that someone with a radio mast must pay business rates on what the tower could potentially make in revenue if fully utilised to the maximum the technology permits - while not similarly crippling BT OR for it's poles and ducts.

Around here, we had radio offerings (initially done under government financing) which in places meant several masts to repeat a signal to a small (or even, single) user. Turning round and charging business rates on the basis that the tower providing service to one user as though that tower was servicing hundreds of users is a sure fire way to kill off the service.

And the estate my work office is on has manholes labelled Norweb Telecom because they (I assume with grants) put in ducting when the former ironworks was redeveloped. Vodafone (the current owners via a chain of acquisitions, Norweb Telecom -> Yourcomms -> Thus -> Clueless & Witless -> Vodamoan) have decided to abandon all these ducts (and the ability to provide direct fibre services without involving BT OR) - officially because they are clearing out "legacy" products, but I can't help thinking that the rates on the ducts used to support a very small number of users just doesn't make it worthwhile.

Re: Is localhost even needed?

I can't think of a single use-case where we wouldn't be better off using the machines real name or IP

OK, for starters, how about where the machine doesn't have a properly configured name - and by properly configured, where all the right DNS stuff is in place etc. IME it is very common for this to be the case - in fact I'd go so far as to suggest that there are more devices where a name lookup will fail than there are were it won't (especially in home networks).

And then you have the problem of changing addresses - if you bind to an address and it changes, then what ?

And security wise, if you only need intra-device access, binding to localhost rather than an interface address instantly gives you a layer of security.

But what I don't get is why hardcoding localhost in the hosts file is a problem with IPv6 ? A quick look on my older GNU/Linux systems shows that both IPv4 and IPv6 entries have been there for ages.

This isn't accurate, to say the least.

GPL doesn't cover any future related works nor does it oblige the authors of the previous versions to release any further ones to the public, their clients or to anyone else.

You are correct that the GPL says nothing about anyone having to distribute to any particular person - so yes, GRS can pick and choose who they deal with.

But they are freely admitting that "we are selling you this GPL2 code, you have the right to redistribute it, but if you exercise that right then we'll do something to you (in this case, withhold future versions)". That IS putting a constraint on you exercising your rights under the GPL2.

Just like "free elections" where you can vote for anyone, but don't expect to find more than a pile of ash where your home was if you vote for anyone but "the official candidate", are not free elections. Just like all those business owners were quite free to accept or reject an offer of insurance from the local mafia/whatever.

Now, is this case about defamation or about the GPL ? Well the case depends on whether BP was correct in his assessment. If he's correct then the case should fail, if he's wrong then he could lose. So before the judge can decide how to rule, he can't avoid determining if BP is correct. SO I suspect that this will see the argument tested properly in court.

Delisting on Google does nothing to change that

Actually yes it does. For a very large proportion of internet users, Google results == the internet.

So what this means is that a user searching Google for the counterfeit products, they won't get any results linking to the vendor's sites. That means, to all intents, for a user searching on Google, those sites do not exist - and hence the products aren't available. Presumably if they already know the domain name then that's not a problem, but without finding them first, how will they know that they exist AND what the URL is ?

They could switch to another search engine, but many people don't know how to do that. Also, I assume that if Bing is still linking, then they will be next - or perhaps they voluntarily delisted the sites in the name of not supporting piracy ?

Re: A few suggestions from me

Sadly the Sellafield Visitor Centre is no more

I didn't realise it had gone, but I knew the whole "visit Sellafield, nuclear power is really quite friendly and nothing at all like those horror stories in the press" experience had been substantially watered down. At one time, you could (as a member of the public) go on a coach round the site, and at school (on a pre-arranged visit, presumably with some "soft" security screening) we got to walk across the pile cap on one of Calder Hall's reactors.

These days it's much higher fencing (complete with electricity and tamper detection) and "coppers" with sub machine guns. Security has even impacted steam train excursions as they used to use the turning facility at Sellafield to turn the engine round. As this involved the engine (with it's crew) entering the facility by a few yards, AIUI it got axed "because terrorism" - just think what two guys with a steam train restricted to a pair of steel rails could do !

Re: Local loop unbundling would of course mean the equivalnet of Openreach being formed.

The interesting part being that most of the world isn't in "the big cities". It only works in the big cities, and not even in all of them, and in all of each big city.

My nearest "big city" is 100 miles away, and I don't think much of that is serviced by multiple fibre networks.

if Poettering got it so obviously wrong, how come all the combined experience and wisdom of the contributors and developers of just about every major distribution out there went along with him?

AIUI, with Debian there was a lot of "discussion", and eventually some committee decided to bring an end to the "discussions" by calling a vote. The vote was cleverly worded with more options than just "yes, go with systemd" and "no, don't go with systemd". In the end, by cleverly including other options, it was made to look like there was overwhelming support for systemd and so it came to pass that Debian put the nails in it's own coffin.

In reality, the votes FOR systemd were a minority - but by including votes for "I've had enough with the discussions" etc, the result was rigged.

Of course, there were also the outright lies that I suspect led to more people voting for it than would have been the case had there been any honesty. Lies like "it's only an init" and "you can still use sysv init" - the first being an outright lie as we've since seen how far and wide it's tentacles have gone, the second is a lie by omission because while you can still use sysv int, you can't get rid of systemd entirely.

But prior to this vote, the issue was "how much effort to put into de-systemdising Gnome 3" given that RH has been heavily infecting it and it was getting harder and harder to disinfect it. I think there were even suggestions at one point that "we'll allow it for Jessie, and by the next release we'll have figured out how to remove it" !

Mebbe you need to look at the subject a bit more in depth?

Mebbe you need to read what people write.

No-where did I state that these were insurmountable problems.

I could host a site locally (I already do for one, and that's SSL enabled) - but that has it's own costs. Or I could pay to host the site with another host that does support SSL certs - but that has a cost, paying for the hosting that's currently 'free', and paying whatever the host charges for adding an SSL cert (some do it free, some charge £50/year !).

The point is that it's not a zero cost for many situations. And it's annoying to read time and time again this assumption that every site currently not SSL enabled can be enabled by simply getting a zero cost cert.

Re: What's the cost for just the Website Logo

Me too - went to their website to see what sort of doodle they'd paid out lots of money for, and at 13:35 it's still very much a BT logo on there. Given that the website is probably the easiest of the lot to update, it says a lot about their plans and processes !

Re: Lucky me

If it's built to regulations then (on the ground floor) there will be oodles of insulation either under the slab or between the slab and the floor base

Insulation will not make it warm. Basic school level physics will tell you that the concrete slab won't be warmer (on average) than the layer of air above it - ie the coldest air in the room. Therefore the slab will almost always be colder than the room, and cold to your feet.

We're not talking heated concrete slabs here (which I'd be happy with) - we're talking "as cheap as we can build it" unheated slabs. As I said, I could not write what I really think of these developers without the post getting taken down for bad language !

As it happens, we're just waiting for the vendors to agree (acrimonious separation, they are arguing between themselves) on our offer so we can move. I already have on my list of things to do ... rip up the kitchen floor and reconcrete it with heating pipes in it. As well as fix the other cheapskate bodges in the extension - like full cold bridging across the cavity because they couldn't be ****ed taking the original outer leaf off and doing it right.

Re: OMG!!! Colour me shocked

Indeed.

Head over to the ASA's website and submit a complaint - reference the article and say you are adding your support to the complaint these companies are making. The more people that complain to them, the harder it is for them to ignore it.

If you can reference actual instances of confusion with people you know then that ought to help.

Re: Random PC reboots

found a portable space heater plugged into the UPS

Ah yes, that old one. Had a customer at work phone up one day complaining that the UPS in their server room was beeping madly - so it was clearly faulty, why had we sold them such a pile of junk, and all the other sorts of "uncomplimentary" comments you might imagine. And this was escalated to their senior management.

Funnily enough, very little was said when we arrived on site to find a fan heater plugged into a socket clearly labelled "UPS circuit - computer equipment only". Yup, someone was cold (the server room was a partitioned off bit of the attic that will one day be office space) and just plugged in the heater in the nearest socket.

Re: Are there any legitimate uses for client side scripts on a banking website?

Isn't it obvious, all these scripts are to make the site "fresher and more responsive" - or at least, that's the sort of canned excuse I've had back from one bank that's recently "improved" it's site to be far slower and harder to use than it used to be !

Yes, that's a joke. You are right, there are very few legitimate uses - most of this crap is just that, crap. Just well polished crap designed to "look pretty and never mind the function" (or lack of function).

Re: Best quote

Ah, but with some expert editing, the tapes could have almost any plotline !

Re: Nothing to hide

Yes, it does seem like a flippin stupid idea doesn't it - leave the vehicle identity on full display for anyone to get with zero effort. Then add in basic mistakes by manufacturers using the VIN as the key to creating an online account to remotely control the vehicles ...

Re: Takes me back

"this cartridge will self destruct in 10 pages"

Ha, that reminds me of an OfficeJet 9100 I once had. Didn't print all that much (and yes, had problems with drired up nozzles) - and one day got a message on the display saying the cartridges had expired. Words to the general effect of "gosh, that's not cricket" were uttered when I looked it up and found that in fact, the chaps of questionable parentage at HP did in fact time-bomb the cartridges. IIRC, from the date the cartridges are put in the printer, they have just 18 months.

There was absolutely nothing whatsoever in the manuals, packaging, online warning of this limitation. I tried phoning (IIRC) Consumer Direct who handle interface between people and their Trading Standards departments and they seemed unable to see why this should be any problem at all.

Lets just say that after that I have never recommended an HP inkjet to anyone.

Re: Init freedom?

But yet again, we have to point out to those who swallowed the lied and misdirections from the systemd camp :

This isn't about init !

If all systemd was was an init system, that could be swapped out for a different one, then there'd be no complaints.

Systemd was sold as being an init system, it isn't. It's a whole furball of crap that doesn't belong as part of an init system, all tightly bound up in such a way that you basically need it all or none of it. And because they've been aggressive in what they borg into it, too much has now gained dependencies for it to be easy to remove. Yeah, you can (almost) run Debian Jessie without systemd - as long as you don't want to run many useful packages. But that will get harder and harder to do as more and more gratuitous dependencies get stuffed into everything.

The approach taken by the systemd camp is to borg more and more functions into systemd, changing the API in such a way that if you want your program to run on a systemd system then you need to link against their libraies and use their APIs. Once you do that then your program won't run if systemd isn't running - and so you end up having to maintain two variants of the program.

Re: Why is this so bad?

And other information.

Well as you ask, in reality it's not of any value to them. But flip it around, and ask why collect it in the first place ?

The first rule of data management is that if you don't collect data then it can't leak. If you do collect it, then you need to secure it. We can't trust Netgear to keep it secure (given their track record), and they've turned on this collection without asking the user first. It does NOT matter in the least if there is a way to turn it off, nor does it matter in the least if it's in the release notes - this was turned on without the users consent.

But the article says they collect more than just IP and MAC, and in reality we don't know what they collect. What if they decided it would be useful to collect DNS query information ? No problem ? Have a read of this article which might just change your mind.

So it's not really about WHAT they collect, it's about the fact that they collect anything at all, and without asking the user first.

Re: El Reg fail

The obvious solution is blacklisting certificate authorities supporting phishing sites

Yes, the obvious but wrong solution.

If you do that, then inherently you are saying that all certificates must be something above domain validated, but not necessarily fully EV. Once you go above domain validated (ie you have sufficient control to receive an email to the hostmaster, or create a specific TXT record, or put a file on the web server) then you cna kiss cheap or free certificates goodbye. And then you can kiss goodbye to "everything on SSL" since for probably the vast majority of people, the cost of an SSL cert is just something they can't be bothered with for their club blog that gets half a dozen hits a day.

But I suspect that will be the next target - the big guys like Google really don't understand or give a s**t about the little guys. They are quite happy to change the rules and the rest of the world has to tag along with them. Just look at how enthusiastic they (along with so many others are) for breaking email - demanding SPF even though it's known (and was known while still in incubation) to be fatally broken in several ways.

Re: It is the apps tied to ActiveX that cause the problems

... why do those machines even have access to anything on the Internet? ... Why not isolate those machines on a firewalled subnet or vlan, make sure they don't talk SMB1 and use them as before?

In many cases, the computers DO need some form of interaction with the rest of the business. Take the case of a precision CNC mill someone mentioned - it'll need to be on the office network so that the design engineers can upload the milling programs to it (what if one of those file transfers accidentally transfers something nasty from an infected desktop ?) In the case of (say) an MRI scanner machine, it will need to be on the network so that images can be exported from it.

The simple fact is that yes, these devices CAN be protected, more or less, one way or another - and the rest of the network protected from them. But it's not a trivial exercise to do.

Lets assume that for security reasons, the MRI scanner computer is party to the same security policies the rest fo the business has - that's going to mean authorised users (active directory) and the access controls that go with it. Have you tried doing the firewalling to allow AD to work across a "locked down more watertight than a duck's backside" firewall ? It's "interesting" the amount of network traffic needed for AD to work correctly.

That's not to say this can't be done, but each device will have different requirements, and it takes time to work through how to deal with each of them. So there you are, as others have pointed out, with an IT team, limited budget - and tasked with keeping everything running as well as doing new stuff. You're barely coping with the everyday - where is this time going to come from ?

So ultimately, it comes down to manglement (at whatever level) not providing the resources needed. And again, as someone else has already pointed out, when we are constantly told that the NHS has to save lots of money - who's going to stick their neck out and "waste" budget fixing something that "isn't broken yet" ? It's not an NHS thing - it's the same across all businesses.

Re: Streams is showing real patient benefits.

Google really are good at this stuff

And therein lies the heart of the problem - we know darn well what Google are good at. They are very good at ignoring the law and using their size to avoid the repercussions. They are very good at mining large volumes of data.

Thus, we can have little (or no) confidence that they won't take this data that should be kept in it's own secure silo, never leaving UK (or at least, EU) control and jurisdiction, and then mine it along with other data that would probably de-anonymise it.

So far, I have not read anything to suggest that Google has the corporate structures in place to respond as MS have done with the Irish emails case - ie tell the US authorities to sod off as the US company & staff don't physically have the access to provide them with the data which is held by a different legal entity on Irish soil.

But most of all, I have seen nothing (but plenty to the contrary) to suggest that Google wouldn't pause even a second to consider mining the data along with everything else it holds.

Re: If you cannot patch it quarantine it

They have enough time and budget to ...

You are assuming that "they" are in a position to choose what they do. In all the cases you've cited, some PHB, or committee, will have decided what projects are going on - the grunts at the coal face just get told what they are doing.

Besides, some of the projects you have mentioned are not related to the separate projects of running the various local networks. You have to remember that there isn't "the NHS" - there is a collection of hundreds of trusts, commissioning groups, blah, blah.

I assume by "entirely pointless £10bn IT project" you mean the national IT backbone and slurp everything project. That was a completely different group not connected to any of the trusts affected by the ransomware outbreak.

Re: 0.4p per call ?

how about using the proceeds of crime act ?

I was thinking about that, or similar. A director is legally responsible for what goes on in the company - and there is absolutely no way whatsoever that a director of a company like this could not know exactly what was going on. AIUI, "limited liability" stops when the company is acting illegally with the director's support.

All it needs is some creative use of existing law. This sounds like yet another case of "can't be ar**d using the laws we have, so lets have some new ones".

Re: Annoyed... The rather pathetic progress continues...

So why is it that now, in 2017 I/we are still moaning about this?

Because Government, Telco's, Offcom, Openreach dropped the ball and have been fumbling around ever since - each one passing the buck.

BT and OR didn't drop the ball. BT has, and always will be, on the side of what it thinks will make it the most profit - that's what businesses do. If you have a knowledge of telecoms history, it's easy to see a long line of decisions clearly made so as to protect their profits. For example :

When ISDN came along, in other countries (notably Germany) they supported some interesting and useful features - result was wide adoption of ISDN-2 even for home use. In the UK ? BT priced it artificially high, and restricted features - with want can only be interpreted as a means of preventing people dropping their expensive (=profitable) leased lines and replacing them with cheaper ISDN-2 setups.

Even now, we see BT controlling what OpenReach do in terms of what's best for BT - not what's best for OR or the country. To that end, the recently enforced separation between BT and OR doesn't (IMO) go far enough.

Maybe this whole mess needs to be Nationalised?

Good god, no. I can only assume you are relatively young - everything is relative. Those of us of a certain age remember what nationalised phones and railways (to pick just 2) were like. People complain about the state of our communications and transport now, but really, it's positive nirvana compared to a few decades ago.

When my parents moved back when I was still young, we couldn't have our "own" phone line. Apart from a "you get it when we can be arsed" approach to installation times, there wasn't enough copper into the village, so instead of actually pulling some more cable, they forced new users onto party lines. Yup, your phone line was shared with a neighbour ! I suspect few people younger than perhaps about 30-40 will have ever come across one of those.

And as for the railways, the BR of old would make Southern look like a slick operation !

It's nothing to do with it being sold off later, it's to do with the fact that government just can't do "services". If it's in public ownership, then every career politician wants to make a name for themselves for fiddling with it, and as with the Post Office, the treasury will see it as a money box to be raided as ofetn and as heavily as they can get away with. In part, that's what was wrong with the old Post Office when it ran the telephones - the government took all it's money and so it never had the cash to do things properly.

At least in private ownership, the business can go to the money markets to raise cash for investments. If the investment looks sound, then the money will be there. And where there's deemed to be a "public good" case for subsidy, then that can make money available as well - that's what happened with FTTC, even though BT did obviously game the system in it's favour.

As others have stated - politics and entanglement.

In the case of Debian, there was a long and "heated" discussion. In the end there was a vote which looks to have been designed to produce the desired answer rather than get an accurate count of opinions. If rationally analysed, it comes out with a clear majority (by a long way) of people not wanting systemd - but because of the way the options were chosen*, and some of those were interpreted*, the outcome was decided as being a majority in favour of systemd.

* Eg, "we don't want to debate it any more" was taken as "we want systemd".

But AIUI, part of this came about due to the ever greater effort needed to disinfect upstream packages - particularly desktop environments. As others have pointed out, systemd goes way way way beyond what it was originally sold as - and it appears to be a deliberate ploy to infect as much software as possible and thus make it ever harder to keep that software disinfected. Part of this is deliberately deprecating old but reliable and well known interfaces and replacing them with "new shiny" ones. Thus you get the problem that unless software has been written to use the new shiny (but really, in most cases no better) interfaces then it doesn't work well/at all on a systemd system - but if it is written to use those systemd interfaces, then it doesn't work well/at all on non-systemd systems.

KEY POINT systemd is incompatible by design. it is clearly a key design tenet that it must break as much compatibility as possible with "legacy" systems. That is a key driver to making it herder and harder to avoid it.

This last anti-choice point should alone be good enough reason to avoid it. We saw a decade or two ago what happens when one dominant group (in that case, Microsoft) is able to eliminate choice. Things stagnate, choices are made for the wrong reasons - ie if your only choice is Windows Server then you have to run Windows Server regardless of whether it's the right/best choice for your application. In the browser sphere, we saw how once they'd seen off the competition and eliminated choice, IE got stuck in a mire of mediocrity and dragged the whole web down with it for several years.

If systemd were so great, then people would adopt it by choice. With a few exceptions, most of the adopters have done so because they've given up fighting it (or at least, just run out of resources to fight it).

And I'll finish with :

PID 1 is (after the kernel) THE most critical component of your GNU/Linux system. It MUST be secure and stable. Basic software engineering principles dictate that it should be as small and simple as possible, with as few interfaces as possible, and basically minimise all avenues for bugs and vulnerabilities as is reasonably possible. systemd is the opposite of that - it may be multiple different binaries, but they are close coupled, with ill defined interfaces between them, and above all written by a team with (to be very polite) a less than impressive track record in producing "good" code.

Do you really want your system to be 100% reliant on software produced by people who deliberately break things and then leave others to clean up after them ? Do you really want your system to be reliant on people who re-create historical dangerous "features" and them blame the user when it hoses their system ? Do you really want your system to be reliant on people who's code is so "good" that they've been banned from contributing to the kernel ?

Part of the problem there are the modern discharge tube or LED strobe lights. With the old rotating mirror lights, it was easy to see on the photo if the lamp was on and hence the vehicle was exempt* from the normal rules. With the strobe or LED lights, what they were finding is that there's nothing to show during the "off" periods which are considerably longer than the "on" periods. Round this way, I;ve notticed that the ambulances now have static blue LEDs on their rear number plate lights - which means there's an indication on the photos that they are on a blue lights call.

* Technically not exempt, but subject to different rules.

Re: I don't understand the hype

You CANNOT fully remove SystemD from Debian - that is just a myth.

AT THE MOMENT it is near enough possible to get rid of all the functional bits of SystemD, but as time goes on, SystemD spreads it's tentacles into more and more packages.

Basically, SystemD re-implements many previously standard and well understood interfaces. Logging ? Syslog or one of it's modern replacements). Time ? NTP. And so it goes on.

The SystemD camp keep deprecating these standard interfaces - so that packages increasingly over time have to use the "new 'improved'" interfaces or they can't run properly on SystemD systems. Once they do that, then they won't run on systems without those interfaces - ie they won't run without SystemD.

And because Debian (through a very flawed vote process that actually didn't support it) chose to make SystemD the default - any bugs along the lines of "doesn't work properly without SystemD" are just closed as "won't fix".

What Devuan does is take all the Debian base stuff, and fix all those gratuitous dependencies on SystemD. The vast majority of packages are just taken direct from the Debian repositories - the Devuan specific ones are the ones with the crap removed. The expectation is that over time, unless Debian sees sense, that Debian will slowly diverge from Devuan as it allows the SystemD crap to spread.

Re: Autopilot

Not really comparable. Unless you have really top end flight management, you only use autopilot once away from the ground - and you generally only need to tell it to fly a heading (or course) and altitude (or climb/decent rate). In general, there aren't pedestrians, animals, other cars, lorries (trucks for our US friends), etc all doing unpredictable things in very close proximity - not to mention a requirement to stay within a narrow (10 feet or less) strip of tarmac with twists, turns and junctions.

So really, an aircraft autopilot is a totally different - and very very much simpler - thing.

Over the last few years we've seen a generation start to pass

It only seems that way. it's easy to see a list of "people we associate with our work/hobby" and think that "wow, we seem to be losing a lot". I think it's just a case of these are the people we recognise as having something to do with our interests - and tend not to remember the steady stream of "others". As that era was when so many of the fundamental developments happened, it's quite natural that those involved should be running out of time - lets face it, we're talking about stuff that happened half a century ago (give or take a decade).

Heck, a lot of us weren't even born when some of this was going on !

Re: I think bollocks...

So what exactly is stopping this detection system from ...

As I read the article, the entire article boils down to "security tools haven't been updated to handle IPv6 yet". No sh!t Sherlock !

Well guess what, go back a few years, and tools then didn't detect what we now consider to be "common" threats. Tools improved, tools will improve, what we need is for the vendors to extract digit from orifice and handle "modern" network traffic - where modern could be considered to include "been around for 2 decades".

Re: In parts of the UK even 2G is unavailable

I can assure you that you don't have to go "to the end of nowhere"* to have no signal, at all, form any network. Just try around the Lake District and you'll soon find a few notspots !

* Not that Skye is the end of nowhere, last time I was on Skye I was en-route to "even further away from anywhere", aka Lewis. I vaguely recall finding the coverage there wasn't bad.

One things I miss since I changed jobs is an industrial airline with "blow off gun" attachment, and somewhere outside to use it. Mind you, I don't miss the "everything covered in candle wax" aspect of the environment there !

Particularly useful for blowing out the fans which make a lovely whiiiizzzzzzzzzzzz when you get the blast just right.

Re: The "Serious Fraud Office"?

The word sexual came in my post you took offence to :

or the "serious sexual offence" of slapping your stroppy teenage daughter across the face when other methods of bringing the brat into line have failed

Yes, AIUI there is at least one father put on the sex offenders register for that. Perhaps you should try reading things properly before you start taking offence to them.