Posts by SImon Hobson

Re: Mainly a public sector issue

> Goodbye office 365

Actually, that is probably one thing you can use ! Read up on the Microsoft vs DoJ case. If MS have done things properly then the US company won't be able to hand over the data - one of two things will happen :

1) They win, and the DoJ is told to FOAD

2) They lose, the US officers instruct the Ireland officer to hand over the data. The officers in Irelnd tell them to FOAD as it would be illegal. The US officers return to court, and point out that they cannot obtain the information.

I really hope option 1 happens. Option 2 would open so many more cans of worms than today's ruling - not least would be the farcical situation where US officers of the company would be unwise to set foot in Europe, and European officers of the company would be lunatics to set foot anywhere under US control !

If option 1 does happen, then it'll demonstrate that given the right structure it is possible for a US based company to comply with both US and EU law. The key is that Microsoft Ireland is a separate legal entity to Microsoft US, and Microsoft US have no access to data held by Microsoft Ireland. At least, that's what they are claiming.

> The cleanup costs of Sellafield could have paid a massive workforce to externally insulate every 100 year old property in the UK

I haven't looked at the figures - it might, but I also suspect it might not.

> and cut the need for future energy by some significant stretch, not to mention helping to lift people out of fuel poverty.

Except that it wouldn't. At it's peak, nuclear represented a huge proportion of our base load - vastly reducing the amount of coal, gas, and oil burned. Even with good insulation, I very much doubt that insulating all homes would reduce energy consumption by that amount - thus without nuclear we'd be burning even more coal, oil, and gas.

Now refer to previous articles (not just by LP !) about the cost to society, and in particular the poorest, of our irrational push for reduced carbon dioxide emissions regardless of cost. Without the contribution of nuclear, our emissions would be higher, and the demand for cuts in CO2 emissions louder, and the costs of such reductions even more severe.

Now, bear in mind that "modern nuclear" if we started from a "if we knew then what we know now" basis would be a fraction of what Sellafield is costing. I'll be perfectly honest, I'm pro-nuclear and some of what went on I find hard to discuss without a "what were they thinking of" attitude.

But a lot of what went on at Sellafield wasn't to do with civil nuclear power. Yes a lot of research led to technology & knowledge for civil power - but there was some which was purely for weapons.

The same applies to de-commissioning costs. New reactor designs actually consider how to take the things apart - which wasn't the case with the older designs ("what were they thinking of" !)

And the current appproach to "waste" is along the lines of extracting oil, pulling out the petrol and diesel, then calling what's left (a large proportion of it) waste and insisting that it be disposed of at great expense. AIUI, most of the high level waste would be classified as fuel if the hippies weren't even more rabidly against the types of reactor that could use it than they are against "conventional" reactors.

Re: A question

> So why are they so fucking expensive?

Ah, that was democratise as in ... make accessible to mere users, not just the nerds. And at the time, other computers (of decent spec) weren't exactly cheap !.

The vision (and as pointed out, it was Jobs, not Wozniac) was to make a computer that was easy enough to use that anyone could use it - that's the democracy bit. Instead of having to learn loads of nerdy crap to do anything, you just had this simple visual desktop metaphor that just about anyone could get to grips with.

Alongside that was possibly the most important feature - a printed 3 volume set of developer info, Inside Macintosh, one whole volume of which was on how to "do the right thing" with the interface. Most developers followed this and so their programs were easy to pick up and use. For the few that ignored it, the users generally told them where to stick their crap UI and the developer either fell into line or the program flopped.

There was much detail in the dev books (I had a set). Even the mundane things like "though shalt have an Apple menu, and it shall contain ...", and "the next menu will be File, and it will contain ...", and so on.

For those too young to remember, this really was a major milestone. Even without the graphic interface, just the user interface consistency was a major thing - back then every (almost all text based) program "did it's own thing", so having learned one program was naff all help in using another because every developer had their own idea of how it should be done.

And the general lack of modality was another breakthrough. At around this time, in ${dayjob} the standard word processor was IBM's Displaywrite. This was highly model - you went into one menu from where you could edit a program, if you wanted to print you had to save the job, exit that menu, go into the printing menu, print the file, and then go back to the edit menu to continue editing. I don't recall if it had background printing or whether you had to wait for printing to finish before doing something else.

On the Mac it was all event driven - and that challenged some developers who were used to letting the user do half the work. So in a word processor, you could be typing away, and without a thought just whizz up to the File menu, select Print, and the program had to cater for that.

I never got into "classic" programming on the Mac, but I did get to do a fair bit in Hypercard. For it's day that too was a real breakthrough, with fairly simple (but capable) programming, object oriented, and with rudimentary database capability. I know a lot of stuff was built with that !

Re: The fix is obvious and elegant

> Include a stagefright exploit in the daily Google Doodle

One teensy little problem there - it would be criminal (not just "not lawful", but explicitly prohibited) in quite a few countries (Computer Misuse Act in the UK). I know this is Google who seem to have a different idea of what should be legal, but I think even they'd find this hard to defend.

> Everyone goes to Google's home page once in a while

Err, I don't !

OK, I tell a lie - I've been there a couple of times this year when I've been told there's an interesting doodle.

Put the exploit on every page and that's a different matter.

Re: Implications

> Will VW also have to pay UK government the difference in road tax based on emissions?

No, because what is paid is determined exclusively by performance in the laid down tests. In the tests determined by the authorities, the cars produced what they did.

It's arguable that no criminal act was performed. If the rules is that "the vehicle must produce less than <some measure or other> when tested in accordance with <some specification>", then it's arguable that the car passed that test. That the test is not representative of real driving conditions, and is easily "cheated", is a problem with the definition of the test.

It's been "well known" for some time that all cars are "tuned" to meet the standard tests. OK, this revelation is rather extreme "tuning", but it's really not much different. It will be interesting to find out just how much the other manufacturers have been "cheating" - because if "tuning to meet the test parameters" is cheating then I think you find that every manufacturer "cheats" with every model.

Re: I still can't work it out...

> Are Corbynites actually so ignorant that they don't recognise Corbyn's policies, or are they all winking at each other about the camouflage?

It is interesting that a few weeks ago, the One Show sent Giles Brandreth out on the streets. He stopped random passers by and asked "are you in favour of <something or other> ?" The various things included such things as "a fully funded NHS" IIRC.

Of course, if you just ask people "do you support a fully funded NHS ?" then the answer is probably yes - as long as you don't prompt them to think about where the money comes from.

Needless to say, most people were in favour of the "policies" being asked about - and so were shocked to be labelled as a "closet socialist".

But that's the problem. Few think it's a bad idea to have a well funded NHS. But rather more will have doubts once the "and are you prepared to pay for it ?' bit comes along. We'd all like well funded local services, a fully funded NHS, massive pay rises, a posh car on the drive (and another one for SWMBO), and of course the big house with a big enough drive for multiple cars, and ...

But, once you ask someone "are you prpared to pay for it ?" then suddenly I think you'll find the answers change. It seems to be standard Labour policy to promise all sorts of stuff, and also promise that "the rich" will pay for it through punitive taxation.

I think this latter method has been seen to be crap before (hasn't Tim Worstall covered it ?) because if you try and screw the rich too much - then they'll just up and leave and you'll find out that you're worse off !

Or you keep screwing around with the hidden taxes (as Gordon Brown was a master) until the "middle classes" suddenly realise they've been screwed over - inheritance tax on a far from lavish "middle England" family home anyone ?

Not that Labour are the only ones doing crass things. The last budget saw an attack on private landlords that will put rents up for tenants - and that's supposed to be a benefit for people who rent ?

Re: Yawn...

> At this time in our technological cycle, we should be getting ... and far more open

Did you miss the memo ? Open is so 20th Century, these days it's all about closed systems and walled gardens.

> They're just another walled garden manufacturer ...

But like the others, they are vying to be THE walled garden !

All these companies are doing their best to make it so that the user experience is great if you use nothing but their kit, and horrible if you try and introduce anything "not theirs" into the mix.

Google is all about getting you locked into their walled garden. Amazon is all about getting you locked into their walled garden. Apple is all about getting you locked into their walled garden. And so on.

If anyone of them looks like they are doing something open and/or altruistic ... then look for the knife in the other hand :-(

Re: What would happen if

I was musing along similar lines just yesterday - what if everyone took their toys home and left ICANN to play with themselves (make of that last bit what you will ;-) ) ?

The answer of course is that "no-one will" - for the very reasons outlined in another article just last week.

If any small group wanted to break away, then in practical terms they'd be well and truly stuffed as they'd then be in their own little bit of isolated internet - their users would not be able to access the majority of the internet, and whoever stuck their neck out and tried it would find that their users would very quickly cut it off.

Only if you got enough people together - and in particular, all the registries involved - then you could possibly try a break away and "take the internet with you". But again, speaking practically - unless the "new root" and the "ICANN root" are the same, then there would be mass confusion which would be bad for everyone.

A breakaway group could declare it's new root as "THE" root - but until all DNS operators worldwide update their hints files then the "old root" would still be active. Get millions of admins worldwide to agree on changing their root hints ? Good game, good game !

You might possibly get by with just taking "most" of the root servers with you - then you could update the records they publish to exclude the ones still controlled by ICANN. But that's still a bit hit and miss and DNS servers around the world would then suffer "indeterminate" data depending on which root server they happened to query when updating. Registries would need to ensure that they kept the records up to date at both the new and ICANN roots - lest the TLDs they operate should become "flaky" (only resolvable if the DNS server doing the resolution has the "right" root server list).

So while it would seem an attractive thought - just tell ICANN where to stuff it's root - in practical terms it just can't happen.

Re: Fantastic engineering

We had an evening talk about the project only a few weeks ago, given by one of their senior PR bods. It was a very interesting hour or so, and better than half filled the local theatre (I'd guess about 400 people came to see the talk).

> In that case why not lock it onto rails?

That was covered, and he said there is in fact a rule book for this. There aren't that many rules, but it must have 4 wheels, and it cannot be on rails. The other detail is that it must make a run one way, turn around, and complete a run the other way within one hours of passing the start gate on the first run.

That means, after the first run, the car has to stop, and they have to reload everything - new parachute, new rocket, refuel the jet and fuel pump, etc. One thing the driver has to do is watch the speed as it's really deceptive - remember James May saying he almost opened the door while still doing 70mph after his max-speed attempt in the Maybach ? Yeah, don't try doing the U-turn at the end while still doing 200mph+ !

They may also have to inspect the wheels, as they haven't run the car at speed yet, they don't know how much damage will be inflicted by the tiny stones when hit by a solid aluminium wheel doing 1000mph.

As an aside, they reckon the project has brought big benefits to the area where they are testing - forget where it is now. The government there has built a road (on the "if we get round to it" list, but actually done to get the project there) which has improved transport links to the area. The water system got upgraded (again on the "if we get round to it list) - so the locals now get piped water rather than relying on the wells they used to have to use. And hundreds (or even thousands) have been employed by the government to "pick stones" for several years - clearing an area the equivalent of a motorway from London to Moscow IIRC !

On the latter, big deal you might say. But it's given employment (well paid by local standards) to many, and thus boosted the local business infrastructure. The only reservation I have is, what happens when they've finished and the work is gone ?

> What are your extra costs?

DMF

I don't know how many still use them, but a lot of owners found out the hard way that when the Dual Mass Flywheel fails, it puts the cost of a clutch replacement up somewhat.

DPF

This is the one that gets low milage drivers. The way modern diesel get low particulate emissions is to filter them out - with a filter. Needless to say this clogs up, and the solution is a "good blast" so that the engine management can tweak the operating conditions to heat the DPF up until the carbon burns off. If you don't do regular longish runs, then the opportunity to "regenerate" the DPF doesn't happen, they clog up, and have to be replaced at great expense.

And if you mis-fuel a modern diesel, well ... You can either cross your fingers and hope that nothing has need badly damaged, or pay several grand in replacement high pressure parts. If you are "unclever" enough to let on to the manufacturer or dealer that you've done it (such as by calling the manufacturers custoemr service line for assistance, doh) - your warranty is void unless you do have all the expensive high pressure bits replaced.

Re: I thought the difference

> "If the infrastructure exists" Issue, if electric vehicles do take, it wont be hard to implement it at all garages its not like they have been fleecing us for years so they can't afford it, ok maybe no quick charge at home though ...

Ooooh, so wrong on so many levels.

Some chains may have money, but you may have noticed that there aren't that many independents about now. I had a friend in the business and they struggled - retail price is dictated by what the supermarkets charge, wholesale is dictated by the wholesale market. If they were lucky there may be a positive profit margin in-between (1% would be considered an exceedingly good day). On fuel sales alone, they don't pay - it needs the convenience shop to actually make a profit.

Now, as to the practicalities assuming there wasn't any financial constraint. A typical commercial power supply to a garage site will not run a big fast charger (note the singular). If you look at the recent story on the EV and Hybrids at Salon Prive you'd have seen mention of a 120kW charger from one manufacturer - you will not power one of those from a typical garage forecourt supply.

So you're not going to get a "5 minute quick charge" - for even one car.

Really handy if you take (say) 20-30 minutes to charge, and there's a queue of 10 more vehicles in front of you for the charger !

Now look at a typical forecourt - my local supermarkets have between 8 and 12 pumps. I can't be arsed looking for it, but I'm sure someone has done the maths for what the effective energy flow rate is when dispensing liquid fuels, quickly, in parallel to multiple vehicles. IIRC you're getting into megawatt territory. Go along to your local Distribution Network Operator (DNO) and ask for a megawatt supply and you will be "unpleasantly surprised" by the quote (if you get one at all). The quote will involve upgrading the local infrastructure (the local transformer and cabling probably won't have the spare capacity), and possibly upgrading right back to the high voltage grid (assuming the local 132/33 and 33/11kV systems have the spare capacity (I believe in my local town, they might not have).

Of course, that's just to supply one forecourt - there's (if I've remembered them all) 5 sizeable forecourts in the town where i work, and 3 in the smaller town where I live. From the limited knowledge of the local network, neither town has huge amounts of spare capacity available.

So no, if we all went electric, it would NOT be a simple matter of installing fast chargers willy nilly - they only work now because there aren't all that many of them and not many leccy cars. We do not have the generating capacity or distribution infrastructure to support a massive switch to leccy transport.

Re: only for stupid users?

> The installation instructions are quite clear ...

Then the design is FAIL. Even if the first user reads the instructions on opening the box, there is no way that they won't get separated from the unit fairly shortly afterwards - lets face it, most of us are used to keeping anything on the shelf that finds itself free and using it when the need arises.

I can't say I've ever taken something off the shelf and thought ... "Hmm, must search for the instructions in case some designer fooked it up and made it dangerous if I don't use specific screws". No, if it needs mounting, I'll look at the mountings and see what I've got that'll fit - if the design doesn't cope with that safely then the designer is 100% to blame. It's not like this is rocket science.

Thinking back to something less dangerous, I recall many many years ago when we got a new DAT drive for the unix box - back when 2G DAT was "huge". Some fecking idiot put a ribbon cable right behind a mounting screw hole and they "covered their arses" by specifying the maximum screw length to be used (it was really short !). FAIL, it should accept any "reasonable" length screw without damage.

Re: Paving Slab Construction

I see your tar and fur (we've had one like that in at work, my advice was to refuse to touch it), and raise you ...

...

... wait for it ...

... hydrogen sulphide

Highly corrosive and highly toxic, but present in the atmosphere at the (now long gone) local cellophane factory - if the wind was in the right direction, you could smell it from 10 miles away !. They had some Apple II systems in there doing some mundane monitoring of something - they'd run for years and then stop. No point trying to repair them as the legs of the chips corroded away - by the time one was gone completely through (hence the machine stopping), the rest of the legs had naff all left either (not enough to pull them out of what was left of the sockets).

Re: Austin Powers

And ditto Frank Drebin's comedic outpouring.

Re: Smarthost likely required

Personally I explicitly do not use my ISPs mailers (inbound or outbound) as that removes a bit reason for running my own mail servers - visibility.

By delivering directly, I can see if a message has been delivered - if it isn't then I get notified. I can grep the logs and keep the lines showing a message was handed off to the recipients MX - which as far as I'm concerned (and probably for legal purposes) means it's been delivered. If the recipient MX has accepted it but doesn't deliver it, then that's "not my problem" - they should run a mail system that isn't fundamentally broken.

I'm waiting to see if Nigel makes this classic mistake in the next installment.

Basically, I take the attitude that having delivery notification is like sending snail mail by recorded delivery. I can't prove the message made it to anyone's desk, but in either case it reached their designated office address. I have had a few instances where I've been able to point out "I send you a message and it was accepted by your MX at ${timestamp}, see this excerpt from my mail server logs" - and that's put the other side on the defensive as it's now down to them to prove otherwise (hard to do when, by definition, they run a broken setup)..

I'm on a fixed IP, and I don't find the "IP in the wrong neighbourhood" to be very significant - in fact I can't remember a single example in the last few years where it has been. YMMV, and of course the "quality" or otherwise of your IP neighbourhood will be a factor. The biggest problem by far has been AOL who have always been a law unto themselves and have always been a complete and utter PITA. But I did find they have a page on their site where you can tell them effectively "yes I'm on a residential ISP, but I'm on a fixed IP and I run my own mail server" - once I found that, the problem went away.

As to spam, well I get a bit, but it just "isn't a problem" - it's little enough that I don't care. Greylisting is by far the biggest spam killer - along with a few Postfix protocol enforcements.

Re: RICO's excessively broad

> I don't think it's reasonable to think that unlimited amounts of CO2 can be pumped into the air and nothing will ever happen

I think there are very very very few people believe that.

> the climate change deniers are jokers

But we're mostly not talking about "deniers", there's a difference between "sceptic" and "denier". Yes, there are a small number of people with heads in sand trying to claim that "nothing is happening" - and then there are the bulk of us looking at the increasingly "unscientific" methods being applied (spurred on by the ever increasing green money train) and thinking "this just doesn't add up".

As other have said, it's one of the tactics to label all the "other side" as some sort of nutters (or in the latest revelations, criminals) so as to stifle informed debate. I have no doubt that pumping lots of CO2 into the atmosphere will have an effect - but I am "far from convinced" by the warmist propaganda as to the extent of that effect.

What I do see is a lot of hot air, and a lot of money dependent on "proving" the imminent armageddon. When non-scientists (I'll include genuine statisticians in that group) are used to pack out panels and speak for AGW that should raise alarm bells. If I needed surgery, then I'd expect the person doing that surgery to have qualifications in medicine - not someone with an honorary "doctor" title because they did meeja studies and made a load of money at something.

In the same way, I'd put more weight on the warmist propaganda if there were less "not a real scientist" people involved, and a lot less evidence of being warmist being a requirement to put food on the table*.

* There appears to be plenty of evidence of funding being conditional on the project having the right desired outcome. And of course, the old joke about any project being able to get funding if you tack "... and it's effect on climate change" to the end of it's title :-)

Re: I P v 6. . . i s. . . d i g i t a l l y. . . *s i g n e d*. . . e v i d e n c e

Except that all major OSs now support privacy extensions - I can't remember whether they have to be turned on or are the default. With them, the device will use varying addresses not tied to the MAC address.

But even without that, since the IPv6 address is a) easily manually set, and b) the MAC address can normally be changed anyway, while the IPv6 address does in theory uniquely identify a device - it's not reliable enough to be used as evidence.

Re: As I understand it

> ... spend a moment contemplating 'Fibre broadband'.

Yay, I'm not alone. It's not fibre, never has been. It's no more "fibre" than ADSL - well OK, it's a little more fibre and a little less copper.

Interestingly, and I could be wrong, didn't Virgin get pulled up on that and have to stop calling their high speed service "fibre" on the grounds that it's copper from the cabinet in the street to the customer ?

Re: I am just amazed by the original "IT contractor" doing that.

Where better to put the coats ? We sometimes hang our coats in the hot side of the server room - it's running external air cooling so the humidity goes goes straight out the outlet, but the warm blast from the back fo the servers does wonders for drying time.

@ Andrew Martin 1

> I have to say that I've been with them for something like 14 years. Problems are seldom - I've never seriously considered switching providers.

Me too (12 years in my case, since ADSL arrived at my exchange), not only have I stayed with them, but now I've moved out I'm planning on going with them again.

@ Warm Braw

> Without moving to a "business" service, I'm not sure any of their competitors are any better, though.

INdeed, although they have been chipping away at some of the "bundled bits" - mail, web hosting, VoIP phone, etc - I still think they offer a reasonable value. Yes, there are plenty cheaper, but having dealt with various ISPs at work, they are very very much not the worst for customer service.

Example: Went out to customer site - internet not working. They'd already called the ISP and been assured (during a 1 hour call) there's not problem with the service - it must be the customer's equipment and they should get their IT people to look at that. I get there, and there is definitely a problem - but it's not "no service" as I can send/receive personal email (SMTP/IMAP) and use SSH. But port 80 and 443 (ie web browsing) are just completely blocked. I ran tests with various permutations to be sure, and then called the ISP back.

Again, they were completely insistent that there was no problem, and unless the customer used the provided router then they wouldn't do any more. I asked about the filtering - no we don't filter. I was insistent, increasingly so. *eventually* I got through to the droid that there was a problem, and it was on their end, and guess what - there was a problem at their end.

Customer had paid the bill online, in-time, but the ISPs internal systems hadn't registered it properly. So customer was on credit hold - but the systems didn't redirect to the usual "please pay the bill" page. I suspect the customer never recovered what we billed them for dealing with this.

"It's good to talk" (showing my age ?) - like heck it is !

Re: Don't be naive

> There needs to be a bit of precision about exactly which laws are the subject of such statements. In the context of the article and this comment, US laws probably are being observed ...

But not EU law - and it really looks like they (the NSA) weren't (and still aren't) observing US law either.

EU data protection law is fairly clear - (to over simplify somewhat) your personal data cannot be "exported" anywhere where it would be subject to less protection than if it remained on European soil. Up until now, the "Safe Harbour" agreement has held that US companies using it can be classed as "equivalent to being in Europe" for this purpose - but now it's been shown to be a complete and utter lie (as many suspected, but no-one could prove).

I really hope (and have high expectations) that the ruling will be that Safe Harbour isn't fit for purpose, and that will really stir up the brown stuff as it will make it illegal for the likes of Facebook, Google, etc to export your data without proper informed consent. It will really put a crimp on their operations and it will hurt the USA - to the extent that their government will actually have some serious impetus to address the problem. If Apple, Facebook, Google, Microsoft, and a few others suddenly turn on their paid for puppets politicians and demand something be done - I think we may see some action.

At the very least, it is bringing more and more out into the open - which is a very good thing.

Re: I'm sure...

> Tim Worstall will tell them that these companies did no wrong

Technically, no they didn't do anything wrong.

Remember that (IIRC) well over a decade ago, a senior judge in an English tax case made that famous statement that no man is required to arrange his affairs so as to allow the revenue to put a larger shovel into his money. If the rules allow what they did, then it is not wrong of a company to take advantage of that.

Put another way, before you criticise anyone or any company for a tax avoidance scheme - just check that you aren't using one yourself. Got a pension ? Got an ISA ? If the answer to either of those is yes then you are almost certainly using a tax avoidance scheme.

Yes I agree that it's "not right" that (taking one example) Amazon can exploit the tax rules to the disadvantage of pretty well all other sellers of books and the like. But the target of any anger over that should be the people that made the rules that allow it, not those working to those rules.

As for any of them pulling out of Europe, not a chance. Microsoft won't because it would then be leaving a huge market (bigger than it's own home market) ripe for exploitation by all and sundry - and it would just destroy the advantage (shear scale of it's dominance on the desktop and server) it's spent decades building by fair means and foul. Google won't for pretty much the same reason.

They may huff and beat their chests a bit - but any threats would be empty.

Re: "Hello can I speak to Mr A Coward, please?"

HSBC used to do that with me. I made "something of a nuisance" over it and they agreed it was "rather a silly thing to be doing".

It didn't stop them doing it though - all they did was flag my account for "no sales calls". AFAIK they still use the same "forget all about good security practice" technique with others.

The one exception to that is when there was some suspicious activity with my card. The lady that called had no problem with me not answering any security questions, now calling back at the number she started to rattle off. The only problem was that she wasn't allowed to give me any information whatsoever, so when I did call back on the bank's published number, it took a while to get through to the right department.

And of course, you get that certain "looks like a bank but isn't so you don't get those protections" PayPal that keeps sending out their spam about checking your account and stuff. Doing exactly what all good advice says not to do - providing a link in the email for you to click to access your account.

No PayPal, just including my real name does NOT prove that you sent the message, nor does it prove that the link you included is to your official site.

I've come to the conclusion that the marketing cretins have more clout than the security people at pretty well all the financial institutions I've dealt with over the years.

> They must be REALLY competent to do MITM attacks on HTTPS

No, they just need to be competent enough to locally generate a server key and associated certificate for "*" (that's "everything"). Install the certificate on the clients, and they'll trust your proxy box for absolutely everything without any warnings whatsoever. The only user visible difference is that they won't get the "green bar" or whatever their browser normally gives for EV certificated sites.

Given that this is work equipment being talked about, installing the client "root" certificate is trivial as well.

It is neither hard nor time consuming to do. Doing so will also mean that anyone bringing in "non company" equipment and connecting to your network will gets loads of certificate errors (namely, every ssl enabled site will throw an error) which ought to frighten most people off.

> No? All you can do is turn on the oven?

Have an upvote from me.

And I'll add to that list of things to be done to something that needs cooking - and take out whatever was last left in the oven because we've a small kitchen and that was the easiest place to leave it ! So not only did it not get the chicken out of the freezer, defrost it, prepare it, and shove it in the oven - it fails to remove the frying pan and plastic spatula. The former item no longer has a usable handle; the latter item is now a burned, stinky mess on the bottom of the oven - and also set off the smoke alarms in the course of it's obliteration.

Remember that old mainstay of automation from years ago - the Teasmaid ? They were really common weren't they ? Oh no, they weren't. Perhaps people figured that by the time they'd made sure the water and tea were provided, and cleaned it afterwards, that it was just as easy to boil the kettle and make the tea yourself.

Now I'm not completely against all this technology. I rather fancy some intelligent radiator valves. But they'll talk only to an internal controller and be 100% firewalled off from the outside world. I can then experiment with different operating regimes. Got to be better than the current setup where, in a passing not to rules, the boiler installer put a thermostat next to a draughty back door in an unheated room with single glazing and somehow expects it to proxy for the temperature of the rest of the house ?

Re: Yet again.

I disagree, the best penalty in these sorts of cases would be a requirement to run a series of adverts with the same conspicuity* stating that their previous advert was held to be false (ie a lie).

* That means, if it was on TV then the apology must be on TV (same channels, similar timeslots); if it was on the front of a paper then the apology must be on the front of the same paper. None of this retraction in small print in the corner of page 42 that's normally covered by the reader's thumb, or on a channel no-one watches at 3am.

I liked the one where Apple had to apologise to Samsung on it's UK website, the judge dismissed their initial "non-apology" and told them to do it properly, and then the judge dismissed their blatant attempts to make sure no-one saw it - on pain of issuing a bench warrant for the arrest of senior UK execs !

Now that's how a retraction should be done.

Re: Just another attempt

> I have lived in a country where the telephone monopoly deliberately downgraded skype traffic so that you would have to use their higher-priced phone service.

That doesn't narrow down the list of countries much !

I have been procuring and using WAN/Internet connections for probably around 1/4 century. One thing I have observed is that whenever a new technology comes along, the incumbent (BT in this case) will do all in it's power to hang on to it's cash cows.

With ISDN they crippled certain functions to protect their leased lines cash cow. With ADSL they "held back" on deployment to protect their leased lines cash cow. When FTTC came along, they 'held back" enabling cabs in primarily business areas to protect their leased lines cash cow.

In some places they have announced "non availability" of (eg) FTTC to an area (typically, but not exclusively, rural villages) - only to have a change of heart when someone comes along and offers something else. In some of these cases, the "imminent" arrival of FTTC quite coincidentally fails to materialise once the alternative offering is off the table (typically because the competitor withdraws or goes bust when enough customers decide to "wait for the BT option") !

That is what monopoly or quasi monopoly business do if they are not controlled by regulators. It's why we have regulators.

Re: Dearest Reg,

> Next they will want to ban the odometers from cars as the maker of the car will know how far you have drive the machine.

Not a good analogy.

A good analogy would be the car maker installing tech so he knows in fine detail when you started it, stopped it, changed gear, where you went and when, how fast you drove, what you listened to on the radio, and even what the occupants discussed.

Yes you can turn some of it off if you even know it's being done and can find all the settings - some of then apparently requireing the equivalent of getting the toolbox out and lifting the bonnet to change. And lets face it the Win10 installer does NOT actually tell you what it's doing. The default is the express install which is the only clearly visible button on the installer screen - the customise option is done is such a way as to make it very very very easy to miss. So most people will get the default settings.

And you, like me, might be one of the few who actually go and read what we're signing - but you have lead a very sheltered life if you don't know anyone in the vast majority who go "can't be reading all that, don't understand it anyway". It's not even there on screen to read - there's a link there (does it work before the OS is installed ?), which in turn takes you to a page with (IIRC) 11 different links to the various policies. Yes, each one is actually surprisingly easy to read, but I suggest you sit down and try reading them all through in one sitting - then have someone test you straight afterwards and see how much you can remember !

So for the vast majority of users, this data collection is not actually done with their consent. It's consent only as much as someone standing behind you in a noisy bar, while you are in conversation with friends, and whispering "my mate is punching everyone in the face as they leave, would you like to opt out of that ?" is you giving consent for that punching should you fail to hear and opt out.

Also, since some of the data collected is pretty well guaranteed to be "sensitive personal information", under UK law (enacting EU directives so it should apply in the whole of the EU) that can only be collected with express consent. I.e. the user must be given sensible information, and freely give their informed consent. Failing to opt out is not giving informed consent.

Re: Stalking horse

> Shortly after, BT decided to run fibre to all the villages.

Anecdotally, that seems to be BT's main MO - priority is given to where there is a potential competitor to be squeezed out. This appears to have been the case for a few places in B4RN's patch - places that were "not on the list at all" suddenly appeared to gain priority status as the B4RN network came into view.

https://br0kent3l3ph0n3.wordpress.com/2014/05/07/dolphinholme-overcomes-fud-to-light-up-on-b4rns-1gbps-fibre/

If only the B4RN or B4YS network (or something like it) passed my house :-(

Re: Just ignore them?

> Is there a valid reason why a wifi network would be sending out deauth frames?

Yes, there may be any number of reasons for asking a client to leave a network.

> Why does an access point accept deauth frames from some random device anyway?

Well technically it's not - it's accepting it from an authenticated client; or in the other direction, the client is accepting it from the AP. The problem is that the packet isn't encrypted or protected and so it's easy to spoof the MAC address(s) involved.

I think it comes down to the old "security wasn't the problem it is now back then" problem, plus the "it's not practical to make a change that would break every existing device". One more example of "if we knew then what we know now then ..."

More info :

https://en.wikipedia.org/wiki/Wi-Fi_deauthentication_attack

Re: Why not issue a kill command?

> I wonder why they can't ...

Well yes, they can - but they have to want to. It's not as simple as going along to (say) a few dozen ISPs and problem solved - there will be thousands if not millions of organisations involved.

For each IP address, you need to track down the administrative contact for that IP range. For some it's easy as whois will give you the details, for others it's "opaque". And then whoever is responsible has to actually take action, and that means actually taking the issue seriously.

Just intercepting the traffic and redirecting it is not on - and still has to be done at a level fairly close to the IP, specifically that organisation or their connectivity provider. But if our connectivity provider started with a redirection then we'd be "livid doesn't start to describe it" with them and legal action for losses would follow. So you have to have notified the end customer and given them a chance to sort out the mess before you disrupt their business - and that's a lot of hassle for which you'll get little thanks.

For most ISPs, the effort isn't worth it relative to the relatively small cost of the bandwidth consumed.

So if the ISP closest to the user isn't going to do it, then what ? Go to their upstream provider ? Same issues apply really, a lot of hassle for little benefit.

You could try co-ercing them by (for example) dropping their routes from the global routing table - but that can only really be done by any peers/providers they use. Again, a drastic measure with little business justification.

Re: "OBD-II port is mandatory on all cars sold since 1995"

My guess would be that it applied to all new models from that date, with an exemption for some period for models already on sale - that how a lot of regs like that tend to be.

As to why it needs OBD ...

Best guess would be for speed, steering information if available, and compass heading if available. GPS can be "somewhat tetchy" in some types of built up area, so the best systems augment the raw GPS location with other data to maintain more accurate positioning. The simplest of these additions is "distance travelled", and if you add turn/steering information and a good road map then you can apply logic like "well the GPS could put us on this road or that road, the vehicle has just turned right, there's no right turn off that road so we must be on this road" to increase quality/accuracy of positioning.

My standalone Garmin 7200 has an optional input for the speedo signal - specifically to keep tracking going during momentary loss of signal (in amongst tall buildings, under bridges, etc) - the alternative is to just assume that the vehicle is still travelling at the same speed until the signal comes back.

Re: I am happy with it

> I hope by that you mean at least once a month

He doesn't have to - gone are the days of not rebooting as it now does that all by itself regardless of whether it's convenient or not.

Re: Ah, spirit copiers.

Roneo and spirit copiers https://en.wikipedia.org/wiki/Spirit_duplicator (aka the Banda machine) were different things.

As a young lad, I recall my parents getting an electric spirit copier - just the same but it had a motor to do the hard work. Still needed the spirit tank filling, then the little lever pumping to wet the pad or roller, then leave it to soak, and then start up. The first few copies were feint until enough spirit had transferred to soften the ink on the master.

Where I used to work they had a Roneo type machine. They did several catalogues a year, and since this was pre-Euro, in quite a few currencies. The UK catalogue was priced, the rest came with a separate price list - done on the Roneo.

This one was an automatic model - looked like a copier, and *in theory* did all it's one master handling. Set the mode to "make master", it would scan the original (just like a copier) and then spit out one copy. Assuming that was OK, you then went into print mode, dialled in the quantity and set it off - at up to 130 copies/minute.

It had several issues - most of which relate to Tim W's argument about the benefits of advances.

The first and most obvious is that handling paper at 130 sheets a minute is not a trivial task. This was not a "set and forget" operation - someone had to supervise it so they could hit the stop button when (not if) the paper stopped piling up in the out tray. Once a single sheet failed to land properly, the whole thing just went into "fill the room" mode.

The second is the process doesn't make collated copies like modern digital copiers. You had to do a stack of page 1s, turn that stack over and do page 2 onto the page, then repeat with pages 3 & 4, and eventually end up with (say) 10 piles of paper. The whole sales dept would then collate these by hand - and it took all week to do several thousand copies of various lists.

The third issue was a matter of "something didn't work properly". I said that *in theory* it handled it's own masters. That meant unwrapping the old sticky inky one off the drum, making a new one, and wrapping the new one on the drum. It could make the new one OK, but if you didn't manually remove the old one (which was easy and clean as long as you just held the non-inky end) then it just ended up in a horrible sticky inky mess of shredded and jammed master - and no amount of "but I specifically told you to ..." would stop it being *my* fault and *my* problem to deal with.

Then the machine broke down, and this was in the early days of digital copiers. We got a shiny new digital copier, which also happened to be the printer nearest my desk - nice printer, A4, A3, duplex, folding, stapling, punching, and above all, collating. At first they'd use it as a copier, but I did a little bit of database work so they could select the catalogue & currency, hit print, set the right options and it would just spit out as many copies as they wanted - it just needed feeding with paper, staples, and from time to time, toner.

It cost more - each price list probably cost around 50p-£1p vs 10p - but it saved hundred of man-hours a year while also producing a better quality. It was also quicker because, while the copier was at first sight half the speed of the old machine - it did all the collating and stapling so the first copy was ready to use as soon as it came out without having to wait for it all to be printed and then collated.

Re: The other way around?

Well you could simply make a "man in the middle" box that all the canbus messages have to go through, and edit them while doing so.

So receive road speed status from the vehicle canbus, apply a formula to the speed, and transmit the edited speed message to the add-on unit. You'd probably want something formula that starts off more or less accurate (multiplier of 1) and gradually reduces the multiplier as speed rises. Of course, that in itself could trigger other issues - what if you've apparently driven for an hour at "50" miles per hour, but the GPS says you've travelled 70 miles ?

Re: Frozen A/C, hot room

> A common mistake is to get the aircon spec for a server room wrong

Yes, but an "on/off" unit can cope with variable loads - it just doesn't run the compressor all the time. That is in fact how pretty well all systems worked until relatively recently when the power electronics to do variable load working because "cheap". Alternatively, if you correctly design the system, the compressor works full time sucking but can only suck down to a specific pressures, which sets a specific evaporator temperature. On part load, the compressor starts with it's cylinder partly evacuated - and the effective load on it reduces. In extreme, the vacuum at the inlet is such that at full compression it doesn't expel any gas - and the actual load on the motor is low.

A much much bigger problem is speccing the wrong sort of unit - typically one with too cold an evaporator. An AC unit intended for "comfort cooling" will expect a certain amount of the heat removed to be due to condensing water - and as long as there is enough of this heat then it doesn't freeze the condensate which then runs off the evaporator. If the air is "too dry", then it cools the air much cooler, the evaporator fins get very cold, and what moisture there is will freeze - blocking the airflow and allowing that part of the evaporator to get even colder and thus ensuring that the ice cannot melt.

So you need a unit designed for dry air - it'll have a larger evaporator so as to compensate for the higher evaporator temperature, and a different refrigerant cycle designed to work at a higher temperature so as not to freeze the condensate.

Well that's the over-simplified version at least !