Posts by SImon Hobson

Re: Self appointed Mythbuster to the rescue!

> You don't need a domain to mitigate this problem, as I pointed out in the original posting.

I think you completely missed my point. If this peer caching needs domain trust, then hardly anyone who could benefit from it will be able to use it. As you point out, a half-competent admin can install and use WSUS - but the vast majority of computers are on sites with no admin - no half competent one, not even a not competent one, but no admin at all.

If you are unaware of these sites then you need to get out more. These are the small offices, shops, larger homes, whatever where they buy computers ad-hoc, files tend to live on each users computer with no means of sharing them, printers are often USB connected because network connections to them are too complicated, ...

So for these sites, WSUS might was well be the sound someone makes when they sneeze.

Oh yes, and it looks like BITS has been subverted already :

http://www.theregister.co.uk/2016/06/09/bits_of_poison_downloading_malware/

Re: Lack of knowledge over ... signing

> ... in practice they're not going to read everything that passes over their desk

Indeed, and Yes [Prime] Minister had, as I recall, some very good examples of how the civil, service could manipulate an MP to sign whatever they wanted signed. By all accounts, it wasn't exactly fiction.

Re: stern words warranted

Indeed, SOP for people who work alone and/or are particularly vulnerable should be to have some sort of check system. Either you have to call in at set times (and if you don't they start looking for you), or you have people checking in on you periodically (there were guards at this place right ?).

In this case the site operator was criminally negligent and as above should have been reported for H&S breaches. At the very minimum, their security staff should have been checking on him at regular intervals.

I have to admit that I've often had situations where I find myself thinking "that wasn't too clever, what if ..." when I realise that the wife won't be home to find me for another 8 hours. And I know for certain that 8 hours is well past my "personal endurance" ;-)

Re: Effing "opposition"

> I see Labour are only objecting to the way the data is accessed, not that it is bulk collected and logged to a database in the first place!!

That's because they're upset that their attempt to get this into law didn't succeed ! Seems odd seeing Harpy criticising Treasonous for exactly what Harpy tried (but failed) to get through - but I guess that's politics for you !

> Oddly enough nobody ever managed to make PDAs sell as they only appealed to seriously anal business types (i.e. the ones who think having an MBA is actually cool) and geeks with absolutely no life whatsoever.

Actually Psion and Palm did a half decent stab at them. But you missed out a third category - those who need something to help with their crap memory (one of the common features that go with my condition). I had a Palm 3 which worked very well, lasted aaaaaaaaages on a charge (or was it set of batteries), was small and light, and was really easy to use. It took a lot of abuse before I broke it's digitiser ! Then I had a Treo650 (about the time they were being discounted to shift the stock to make room for a newer model) which had the advantage of not having to carry around two devices (phone and organiser). I used that for (I think) over a decade before I finally switched to a basic Android device.

OK - a phone will store phone numbers, but prior to the "smartphone" the functions were fiddly to use. A paper diary will keep track of what I;ve got on, but it's something else to carry - and big deal this, what's in there stays there unless I copy it by hand.

What's great about my current (Android) phone and the Treo and III is that I can keep my address book and diary synced between my phone, laptop, and tablet. It's one of those "so what" things that until you realise how useful it is, you don't realise how useful it is (I hope that comes across as it's meant).

There's also the issue that this allows me to backup the information - so I have no worries like those for whom losing the phone means "losing their life". I struggle to comprehend the mentality of those who keep their contacts, diary, photos, pretty well all their "life" on this small device - with no thought as to what happens when it gets lost or stolen, or simply breaks. I was at the photo counter in Asda a while back, and there was someone in there asking about bluetoothing their photos (hundreds of them) off the phone because the USB port was faulty and it was going back for "repair" (which usually means replacement with a blank device).

Re: I don't see any of this nonsense.

> I click the X ( which is blue, or grey and in a white box) and it goes away for a few days. Has ever been thus.

But if you follow what's going on, at some point an "update" will change the meaning of that X to "yes I actually want it". And if you get around that, then the next update (reported here) removed both the X and the "click here for other options" link.

So it will auto-install, and the only option will be to decline the licence agreement at which point it will attempt to roll back to where you were. Just the install, decline, rollback will make your computer unusable for several hours each time - assuming that the rollback actually works and you're not left with a doorstop.

Re: What's a couple of hundred meters between friends?

> I was also a bit curious why they didn't try to use this heat source...

It's only hot because it's insulated - by the "up to" 1 1/2 miles of rock above it. The amount of heat will probably be quite small and be removed fairly quickly.

That's the problem with geothermal energy - once you start taking heat out of rocks they get cooler. The rate you can take the heat out is limited by the rate at while the heat flows through the surrounding rocks to replenish what you've taken out - and that's generally relatively low for the same reason (that there's a large amount of rock between the heat source and where you are trying to take it out.

TL;DR version - there won't be enough heat to make it worth while.

Re: You don't need money to get into Oxford or Cambridge

> You don't need money to get into Oxford or Cambridge

Have another upvote from me.

Sure, there will be an element of "old boys club", but most (probably everyone) I knew enough about to form an opinion got in on their merits - I knew not a single person who had a bought place. I knew quite a few "interesting characters" - but being "interesting" doesn't really mean much.

This is from an engineer's POV - might be different with other subjects.

Might also vary with college - mine had a reputation for having one of the highest proportion of state school admissions. Luckily for me I was turned down by my first choice* college - that one wouldn't have suited me.

* When one is an innocent 6th former, with little idea about what they are like, how is one supposed to decide which colleges to apply to ? Choosing universities is bad enough (and yes, the admissions tutor who did turn me down was correct, there was an element of "the name" to it), but having to choose from dozens of colleges within that uni ?

As it is, our 6th form arranged a trip down for those of us applying, and during dinner some of the then current students were making recommendations. One of those turned out to be very good for me.

Re: (de-)Training ...

At least HSBC stopped calling me with sales calls after one of these "you called me, there's a fair chance that the person answering the number you dialled is me or at the very least someone with access to my phone, you could be calling from anywhere in the world, so I'm not giving you any information whatsoever until you prove who you are, and no I'm not calling you back on any number you give me - what sort of idiot do you take me for" exchanges.

I made a right fuss about it, and how it really just blew all their security out of the water. What's the point of telling customers to "be safe" when the banks themselves ignore all their own instructions. Ditto those who repeatedly send me emails which include "you can tell this email is genuine because ...".

The downside is that when they do actually phone you for a genuine reason (they'd detected fraudulent activity with my card), it can be hard when calling back through the contact centre number to find out who you need to speak to in order to find out what the issue is.

BTW - if anyone is under any doubt about the supposedly unbreakable security of Chip&PIN, head over to https://www.lightbluetouchpaper.org and see their blogs on the subject. They've comprehensively proved that there are multiple flaws in the system, which are design flaws, and about which the banks have full knowledge. So next time the bank tells you it's 100% secure, you can call them a liar and be right.

And for a bit more fun, see how easy (or otherwise) it is getting a non-contactless card next time they try and foist this on you. Responses I've had vary from "no problem" to "no way" (the latter getting a "in that case, your card doesn't get used" response).

> This morning I had the pleasure of hiding KB3035583 for the fourth time.

That's because, as found by someone else, that Microsoft keep changing the version number of it - so that Windows Update treats it as a new update. This is not the update you've hidden before !

MS are lucky I don't have the means to take them on, I am fairly certain that if someone could get them to court (in the UK) it would be game over with a criminal conviction (Computer Misuse Act). Telling Winblows Upbloat that "no I don't want this installing, and no I don't want to be shown it again" should be fairly indisputable as removing any assumed consent to installing this crap on the computer. That they go to such lengths to bypass such users stated intent is clear (IMO) premeditation for the criminal act of interfering with all these computers.

Winbloat 10 may or may not be the best thing since sliced bread (personally I struggle not to toss the darn thing out of the window when having to use that fscking stupid UI), but given all the security chasms (aka sending unspecified stuff to unspecified people in unspecified locations for unspecified reasons) built in by design - I have no intention of using it.

Re: Just for balance ...

> Assuming you use it on the road, won't the next MoT test demonstrate the engine chnage at no additional cost to you?

You'd think so, but they refused to accept the MoT clearly having had a petrol emissions test.

Re: Same problem as any helpdesk.

> Setting targets based on outcomes, which is what should be done, creates a very much more difficult measuring task.

When I was at university, I vaguely recall (it was a lot of years ago now) one of our lecturers warning us of the perils of designing a control system to control what we could easily measure, rather than measuring what we needed to measure in order to be able to control what we wanted to be able to control.

Unfortunately, TPTB don't seem to understand such simple things.

Re: Tried writing to my local MP (Gisela Stuart) about it.

> There really ought to be some way to force these b'stards to actually listen to the wishes of the people they allegedly represent - and if they don't know what those wishes are, then to take the trouble to find out.

Well for starters, you could go and see your MP in person at the surgery they are required to hold in their constituancy - much harder to ignore you and just forward boilerplate replies when it's a face-face discussion. Also, in a world where most "don't care", and most of the rest don't care beyond firing off an email, turning up ion person will have more impact on their view of the important of your views.

But, the big problem is who your MP is. For a long time our local MP was a "career politician" climbing the greasy pole (and is now a Lord). As such, he rarely if ever worked against the official line of his party (Labour). Since most of my letters to him were against the then Labour government position, I didn't tend to get any replies at all other than acknowledgements and standard replies forwarded from other departments that usually didn't address the question(s) I asked. As such, I did sometimes wonder what was the point of having an MP when they had no interest in views of their constituents unless those views were in line with the party policy.

My current MP ... not quite sure yet, but looks like being much the same.

Re: iFurniture next?

I thought they already did - p**stake on Youtube

Re: Stinks of corruption

> The woman provided the phone to the police and consented to its contents being copied

I would speculate that she consented to specific data only (the video) being copied. If anything else was copied then that would have been without consent and thus a criminal breach under the Computer Misuse Act. Passing that illegally copied data to a third party would be the offence we read about here under data protection laws.

The question then is whether the solicitor might reasonably have suspected that the data he was handed was not "legit" - and reading the report it sounds like he really should have had suspicions, and therefore could be argued to have also committed one or more offences (data protection, assisting an offender) as well as a serious breach of professional conduct.

Re: Making a non-pickable electronic lock is possible

Which is more or less the basis of modern car security - at least for some manufacturers/models. The key has a "chip" in it, and the security system in the car interrogates the chip when it's close to the ignition lock. So with some models it's possible to have a key which will unlock the steering wheel but won't allow the vehicle to be started - useful for those who tow a vehicle around (eg those small cars you see on tow behind a large motorhome).

> Provide data to companies from an untrustworthy nation? Nah - Europeans1.

> 1. Those who understand the issues and actually give a damn, anyway - which, sadly, is probably not enough to matter.

Ah, but in most cases it won't be just down to the users actually understanding. Take FarceBork for example - they have a big business in Europe. Unless they stop illegally slurping data then they can be up in court and fined worthwhile money - enough to actually hurt them. So what are their options :

1) They could pull out of Europe and have no presence here, none at all. But then they'd lose a heck of a lot of income from EU based advertisers and so on. But having no presence here would put them out of reach of EU authorities.

That raises a question, would it be illegal (or perhaps made illegal) for an EU based entity to trade with them ? That's what did for Radio Caroline - the authorities couldn't touch them while they were in international waters, but they did cut off the advertising income. Or could the EU authorities tackle the export by having the internet carries block FarceBork traffic ?

2) They could restructure their operations so as to keep EU data out of the reach of US authorities. That's what I think they'll do - it'll cost them in various ways (such as not being able to mine global data as one big resource), but it's completely doable.

Re: Google gives everything away for free, so how in heaven can EU extort google ?

You're probably (if you ever come back to look) wondering why you've been downvoted.

The problem you demonstrate so well is that Google have built this huge image of offering "free" services. They don't - nothing from Google is free, the cost may not be monetary, but there is a real cost.

There are several aspects to their behaviour that are worthy of note.

The main one is their ability to cross fund anything they like from their huge income - basically they can enter any market they choose and "buy share" in a way that no other company (not even Microsoft) can manage. Microsoft used to do that, and were found guilty of it in the US IIRC. Such behaviour is illegal both in the US and Europe because it allows a big player to increase it's dominance by targetting and eradicating smaller competitors - Google, Microsoft, IBM, Standard Oil, ... Google hasn't been found guilty (yet), IBM (if memory serves me right) got the case dropped after many years of preparation right after a new president was elected - one that IBM had provided much funds to during the election campaign. Hmm, IBM funding a president and getting a case dropped, Google funding a president ...

But in this case, it's the question of whether their action has harmed consumer choice. If every* Android device must come bundled with all the Google apps (which the user can't even remove) then that distorts competition. Firstly, it's hard to make money selling mousetraps if some b'stard is giving them away free (c.f. Microsoft and internet exploder which was also bundled, made non-removable, and given away free) - so other companies will struggle to sell enough of an app to cover the cost of development. That means there is less choice available.

Secondary to that, there is the issue that all these bundled apps aren't free - they all slurp your data so that Google can sell you to their real customers, the advertisers. It's really really really hard to prevent this leakage - and that's by design because the last thing Google wants is for users to actually have any privacy from them.

* Excluding the small number that come without any of the stuff

Re: My brilliant idea!!

> The movie should be paused every time someone is using its phone, people will take care of the offender in no time!

We have a wonderful and rather old fashioned cinema where I live - I was there only last night with my good lady. It's a shame that it often only has small numbers in while people go and pay more to use the faceless and dull multiplex in the next town. It has been known for the film to pause and a member of staff to tell a group of unruly kids to behave or leave.

But as pointed out above, they typically only have 2 members of staff - both multitasking. When it's time for the program to start, front of house drops to one person selling tickets and selling nibbles while the other person nips up to start the film. Then during the interval (something else the boring multiplex doesn't have) there's a delay while the projectionist gets downstairs to man the counter - the other person doing the traditional tray of icecreams bit.

They still had the old arc-lamp projector until not all that long ago - then one day I walked past and looked in the skip, and there it was in little bits.

Re: So, precedent set?

> Given that almost every contract has started to contain terms that purport to prevent or limit legal actions against the dominant partner in the contract, are these terms now looking to be invalid?

IANAL, AIUI in English law there is a concept of "meeting of minds". Where a contract was formed by a meeting of minds (ie both parties negotiated on equal terms and reached a mutually acceptable position) then most things go - but where one party is dominant then it can be argued that the contract wasn't formed by a meeting of minds, but imposed by the dominant party in the other and therefore clauses may be challenged.

IMO this is the sort of term that could be considered unreasonable, and if the US has a similar concept then that may well be grounds for having the clause declared unenforceable.

Re: I don't see how this would be a problem for Apple

> They are going to make it so it is impossible to get at the data under any circumstances. ... if presented with an iPhone running iOS 10 that includes the changes that make it impossible to Apple to help, the FBI will get the court order and Apple will say "what you are asking is impossible".

And that's where this law kicks in, such a phone would be illegal - it would be illegal for Apple to make it (or import it), illegal to sell it, and if Apple ever turned round and said "impossible" then that's a complete admission that they broke this new law banning unbreakable crypto.

In fact, their current models would be illegal under this law - and that's the problem.

"Anything" with crypto where TPTB can't be given the decrypted data on demand is basically illegal. So Apple must water down their protection to render it insecure - and so must anyone else making or importing anything in the US.

As pointed out, this would render the USA "out of bounds" for pretty much anything technology related. The current "discussions" regarding Privacy Shield would be moot - it would be illegal to provide proper security of any data held in the US even if the government completely backed down and accepted the principle of privacy.

What would happen is that a good chunk of US technology business would be very quickly offshored. There'd be (sticking with Apple for a moment) a "US iPhone" and a "rest of world" iPhone - the RoW version would have security, the US one wouldn't, and the security software would have to be developed outside of the US. A bit like certain encryption tools had to be developed outside the US to avoid their "encryption is a weapon of mass destruction" laws.

Apple, Microsoft, IBM, Cisco, Juniper, and a long long list of US tech companies would very soon be deciding that the rest of the world was a more important market than the domestic US one !

Re: Stallman can change the GPS as welll...

> Capricious and a bit of an arsehole, but did something good once and now he won’t let anyone forget it.

Actually, I think he still does good.

The first thing to remember is that no-one, and I mean no-one*, "has" to write code and release it under GPL. That many people have chosen to embrace the GPL indicates that a great many people think it's "a good thing". Many of the people arguing that it's a bad thing tend to be doing so because it gets in the way of them "ripping off" someone's work and not "sharing".

I've met him, and yes he does come across as a bit of a tit. But although I disagree on some point, I respect his point of view, and I respect his integrity with it.

I'm a pragmatist myself - I use both closed non-free and open free software, both personally and for work. A foot in both camps as it were, and I can see the pros and cons both ways.

But one thing I am certain of, if it weren't for the "hardline" purists, the computing landscape would be a lot different. Even if you never use a single piece of software written with his purist views in mind, and quite possibly released under GPL, the very fact of their existence creates competition that keeps all vendors in check to some extent or other.

I suspect a few people are "too young" to remember when Microsoft seemed to have a complete and total lock on the desktop, on servers, and even on the web browser. Back then the "easy" thing to do would be to just accept that "Exploder 6" is "the standard" and work with that - it's only because enough people pushed back with open and interoperable standards that such a dominance got broken. I suspect fewer people still remember the "Unix wars" that turned something that was largely open (though not on an open licence) into a minefield of competing proprietary standards - and which in part contributed to Microsoft's rise to dominance.

Now, what's that saying about those who forget history being prone to repeat it ? Says I looking at what Red Hat (and others) are trying to do these days ...

* OK, you might argue that some people get paid to do so, but then they still made a decision at some point to take that job.

Re: IoT?

> Pure BS. Using "networks" has nothing to do with the number of conductors.

I think you missed the point, he's talking about replacing the older hardwired control and monitoring systems using hundred of wires for all the discrete connections, with systems where the information is passed over a network connection with just a few wires.

For example, an electrical switchboard may contain many circuit breakers, and in a substation each of these breakers will have as a very minimum remote trip indication requiring a pair of wires back to a telemetry concentrator to feed the signal back to the control centre. These days they want to be able to monitor status (open/closed/tripped) and control it (open/close) - which would require something like 4 pairs per breaker all wired back to the concentrator.

By networking it, they can have one network connection to a breaker, it can provide much more information (eg reason for trip - short term fault or longer term overload), perhaps report the actual load, and they can program it remotely rather than an engineer having to visit site to manually twiddle some control or (with newer kit) hook a laptop up to it.

Large hardwired control and monitoring systems use a LOT of wires, and in a large plant they can be long ones at that. By adding networking, a lot (and in some cases, all) of that can be condensed down to one or two networks - though there are some functions (especially safety critical ones) that will probably remain hardwired for a very long time.

Re: Direct wiring

Have a downvote for missing the point of structured cabling. It's structured cabling, not network cabling. I'm guessing you must be one of those stupid people who put structured cabling in for the network, and then run separate cabling for the phones, fax, serial terminals, serial printers, ISDN-2, video, ... All things I've run over structured cabling over the years - never used token ring or twinax but I'm sure some here have. OK, I'll admit that most of these are on the decline, but defintely not completely dead yet.

Fine, if you really rally are never going to use any of those then go ahead and fully patch every port to a network switch, but ... It means you are either spending a lot more than you need on unused network ports, or it means you're one of those that ignored advice and only put in a fraction of the points that would be recommended by people with experience. And of course, with the rise of PoE, every port will need to be PoE enabled - otherwise you are back to having different types of port again, and PoE ports don't come cheap, especially on business class switches.

I have experience with manglement just absolutely refusing to pay for the points recommended and then finding a shortage (and hence switches under desks) on the day they moved in, but on the flipside having put in what I'd recommended but having points unused when one or more foreseeable layouts didn't get used.

Re: But, but

> The old thuppence and the new quid probably do have the same relative buying power ...

You beat me to it, it's probably a sign of the amount of inflation over those years. Thinking back at what I could buy with thruppence, it was less than I can buy with a quid now - so not quite equivalent, but also not that far off ! And at the local flicks, they are showing some retro adverts - the one relevant to this is for Fry's Chocolate Cream which was clearly "1/-" (ie 4 thruppences) on the paper sleeve in the ad, but's its less than 4 quid now.

Re: Ideal use for a 3D printer

> http://news.bbc.co.uk/1/hi/magazine/8529964.stm

Yay, so they actually made it into production then. I remember one being demoed on Tomorrow's World. For the readers under about 40, that was a popular science program on (BBC) TV many years ago that primarily reported on new technologies.

On our street a few years ago, it needed resurfacing. But there were one or two bits that weren't too bad. So they left the not too bad bits - with the result that now there are gaps and holes every few feet where the joins were left. Plus more holes all along the sides where they left a join with the old tarmac rather than work to the edge of the road which would have meant some manual work as it's a dry stone wall.

Re: Disabling an RFID card.

> Credit and Debit Cards don't have RFID chips in them.

What planet have you been hiding on for the last few years ?

In the UK at least, I think most (all ?) the banks have now taken to issuing RFID (aka contactless) cards - some of them several years ago. I know because I've had "discussions" with every bank I do business with regarding having a non-contactless card.

Some have been quite OK - just told them I wanted non-contactless and they obliged.

One was willing but it needed a bit of a workaround. The lass at the other end had to issue a new card (they've cancelled the old one as they'd detected fraud), then cancel that, and only then send a new non-contactless replacement !

And one point blank refused - so I told them "in that case your card won't be in my wallet".

And as to the outright lies they tell. The good old one is "you'd get your money back if it's fraud". Yeah right. I know someone who's been on the receiving end of that "guarantee". Like heck did he get his money back. He was unlucky enough to have his account emptied (well run up to it's overdraft) just after pay day. They sent a long list of transactions and he had to identify the ones that weren't his - but they wouldn't take his word for it, he had to "prove" that it wasn't him as the money was spent locally. Some he could prove from work timesheets - commercial driver so he could prove he was elsewhere. But for some he couldn't. The police were useless - well actively obstructive. He observed that significant amount had been spend on food and drink, so he asked the copper if he'd contacted the establishments to ask them to retain any CCTV that might show the criminal at work. The copper responded along the lines of "when I get round to it", but when my mate said he was going to go round and ask them, the copper threatened to arrest his for interfering with a police investigation !

And given that security researchers have proved (not suggested, but actually proved) that bank (and in particular, card) security has holes - yet the banks still persist in their 100% secure lie ...

Pop over to https://www.lightbluetouchpaper.org/ and you'll find some interesting and quite frankly frightening news.

Re: Something doesn't add up here...

> if you get pc world to do your IT then you are asking for it

But if you know nothing about IT yourself, how do you assess whether that big high street outfit that seems to know what it's doing is actually any good ?

In reality, she was one step better than a lot of people, at least she (thought she) had a backup of some sort - how many people have no backup whatsoever ?

Re: I'm shocked

> God help us all we really are just dollar signs to these type of people.

Got some bad news, we have been for a long time. There are no scruples in marketing - at least in certain areas of marketing. Basically to many it's simply a matter of whatever they can get away with - and as long as the "cost" is less than the profits then nothing is out of consideration.

Re: Can this be legal?

> ... question whether or not Microsoft's actions are actually legal in the first place?

In the UK I don't believe they are. I've commented earlier with respect to visually impaired users, and I believe they are probably committing an offence under the UK Computer Misuse Act for starters. It's clear that many of the people having this foisted on them do not want it, and would not authorise it if given a real choice. The fact that MS don't actually state what the update they are pushing on users actually does should pretty well remove any defence of "the user approved it by installing the update".

Then for those where it fails and causes them problems, there could be an argument of Criminal Damage - also a criminal offence.

As since the spyware is not laid out in a meaningfully clear way, and the user does not get to give informed consent (or in reality, even uninformed consent) - there is also the issue of Data Protection offences which unfortunately (see other stories on The Reg) a criminal activity I believe.

And to finish off, since we can probably assume some of this data goes outside the EU, and specifically to the USA, then there is another question to be asked under data protection laws.

EDIT:

And yes, you raise a good point about office documents. There isn't really anything to stop MS stuffing something into Office updates to also circumvent users attempting to avoid the upgrade. One thing I think we can probably look forward to is Office updates with a minimum OS requirement that excludes pre-10 users, and with format changes so users of earlier versions can't work with the documents. Ie if you don't run up to date office you can't work with documents people send you, and you can't run up to date office without running W10. It's something both MS and other vendors (Quark, you complete and utter b***ards) have used in the past to force upgrades.