nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

* Posts by Chris Fox

106 posts • joined 23 Jun 2007

Page:

Submarine cables at risk from sea water, boffins warn. Wait, what?

Chris Fox

Re: Not really a big issue

"Sea level rises slowly"

Yes, but the report states that much of the expected damage will occur within the next 15 years.

"there aren't a whole lot of these cables"

The report is about all kinds of network infrastructure including "1,100 Internet traffic hubs – data centres, Internet exchanges and the like", which "will be surrounded by water within 15 years." as well as regular underground cabling and fibre. It's not just about subsea-infrastructure; that is only a small part of a bigger problem.

Most likely the first time the problem will become apparent will be during a storm surge or hurricane, which may knock out comms and data processing for a hinterland that is many times larger than the area hit by any flooding. There is also the issue of salt water ingres into coastal groundwater, which can occur without any obvious signs of flooding as such.

It might seem a small problem compared to other issues related to global warming, but widespread loss of comms during a localised extreme weather event could be disastrous.

17
0

Not API: Third parties scrape your Gmail for marketing insights

Chris Fox

When did those who don't use Gmail grant permission?

If I don't use Gmail, and don't have an account with Google, at what point did I "opt-in" to (or more likely, fail to "opt-out" of) allowing Google and others to access the content of email that I have sent to individuals who happen to use Gmail? How do I find out what permissions others have granted to Google et al. to access and use *my* data? And how do I even know for certain whether a given recipient is actually a Gmail user, given that some corporate email addresses may be Gmail in disguise, and some individuals may use Gmail to aggregate email from non-Gmail accounts?

This looks like a clear breach of the GDPR. The only real question is, who is committing an offence: Google, for allowing access to my data; third-parties for using the data for purposes for which they haven't obtained specific consent; or Gmail users, for granting Google and others access to my data without my consent? I suspect Google has the greatest liability here, for running a data processing system that fails to have GDPR-compliant mechanisms in place for safe-guarding third-party data.

Google seem to be presupposing, incorrectly, that all data associated with a particular account is the account holder's data. This is the same error in reasoning that Facebook make in their justification for shadow profiles, i.e. unlawfully holding and processing personal data relating to individuals who are not users, and refusing to protect against abuse of such data, by claiming, obtusely, that the data and the right to consent both "belong" to the account-holder who provided the data to Facebook, rather than the person whose data it is under the law.

4
0

Pi-lovers? There are two fresh OSes for your tiny computers to gobble

Chris Fox

"OpenRC replacing systemd"

It shows how bad things have got when any choice of init system other than systemd is described as "replacing systemd". And this is for a distribution that has never supported systemd, does not have it in its repositories, and almost certainly cannot even compile it successfully, given that systemd assumes glibc, whereas Alpine is based on musl.

Although not mentioned in the article, Alpine's use of musl is a significant detail; it helps avoid bloat and in some cases improves performance (although it could cause difficulties for those wanting to run software that assumes glibc quirks and features). For those concerned about maintaining choice and diversity, and avoiding growing dependence on The Red Hat Monolithic Monopoly, supporting an alternative to glibc could be another 'good thing' to do (along with avoiding pulseaudio, systemd, and gnome).

Another systemd-free distribution that generally works well on Rpi is voidlinux, a rolling distribution which comes in both glibc and musl flavours, and which uses runit (the init system where start up scripts are usually only a couple of lines long). As usual, the choice of distribution in a given context may be constrained by the available packages.

1
0

Max Schrems is back: Facebook, Google hit with GDPR complaint

Chris Fox

Google Captchas = slavery

Those pervasive and invasive Google Captchas are even more annoying when you realise that you are providing Google with unpaid labour and intellectual property. Websites and CDNs that use them are essentially compelling users to supply Google with training data for their image classifiers, while also implicitly "consenting" to them using your personal data, both for corporate profit. There should be a law against such indentured servitude... for some reason Article 4 of the Universal Declaration of Human Rights springs to mind. There is more to all this than just the GDPR. How about some enforcement?

14
1
Chris Fox

Re: Oath Hell too please ... and worse

"I'm not sure how they would store your preference if they can't store cookies or include any sort of personal identifier."

If you don't have a cookie, e.g. because you block or delete cookies to prevent tracking, and for that reason they cannot link you to any record of consent, then the default assumption should be that you have not consented. To do what Oath, Facebook, Google et al do, and assume you have consented by default, and then require you to jump through hoops, and enable tracking in order to "withdraw" this "consent" that was never given is hardly in the spirit of what is meant by "freely given consent". And in some cases you are not even given an opportunity to withdraw consent for some non-essential-but-profitable uses of your data. Of course changing the defaults to make them comply with the law may have implications for some business models, but that is hardly news

Other US-centric companies operating in the EU seem to have been very poorly advised, even when compliance should be trivial. Some have "opt-ins" for non-essential sharing with third-parties being written into new, supposedly "GDPR-compliant" contracts, which have to be "agreed" to in order to continue using a service, and terms concerning jurisdiction that seem intended to prevent prosecution under GDPR legislation, despite having a physical presence in the EU. This would have been dodgy even under the pre-GDPR regime.

I'm having to deal with one hosting company that has required me to accept a new contract with terms that allow sharing of personal data with third-party marketing organisations, and "Modal Contract Clauses", in order to continue using an existing UK-based service. The only nod in the general direction of "freely given consent" in this case consists of the opportunity to write to their head office requesting that they do not share personal data with third-party marketing companies. And this for a company for whom GDPR compliance is actually in their interests if they want EU companies to continue using their EU-based hosting services without themselves falling foul of the regulations.

8
0

US government weighs in on GDPR-Whois debacle, orders ICANN to go probe GoDaddy

Chris Fox

Does NTIA (or CoCCA) really understand GDPR?

"... it is likely to represent a legal workaround that would allow IP lawyers direct access to Whois data by bypassing the legal obligations contained in the contract ICANN has with registrars."

So in other words, the NTIA is just pushing an approach that still seems at odds with the GDPR: it would give third parties access to personal information without consent, and without due legal process. Would this really satisfy the expectation of the Article 29 Working Party that there should be clear, legal reasons to grant someone access to the data? It seems doubtful that the say-so of an IP lawyer would count as a clear legal reason, unless backed up with a court order. But given that "the actions taken by GoDaddy last month... are of grave concern for NTIA given the US government's interest in maintaining a Whois service that is quickly accessible for legitimate purposes.", it seems that the NTIA is actually unhappy with the idea that a court order be required, and takes refuge in sophistry over what counts as a "legitimate" reason.

Simiilarly, CoCCA's approach of allowing access on payment of a fee, as well as to the Secure Domain Foundatin, a third party organisation, doesn't seem to be consistent with the expectations of the GDPR.

23
0

Google to 'forget me' man: Have you forgotten what you said earlier?

Chris Fox

Re: RE : Let's burn all the newspaper archives...

"Nobody (as far as I can tell) either prosecuting or defending this case is suggesting that the underlying archive or editorial material be deleted."

Not in this case. But there is another case where this is exactly what is being asked for, under the Data Protection Act. Max Mosley is seeking to have published articles erased or amended, including it would seem ones that merely report factual matters about the financing of Impress, as well as those relating to a certain party he attended. According to Private Eye he is also seeking damages for distress about publication of the fact that he funds Impress. And then there are other cases where complainants are claiming that they need to give consent for articles to be published about them in the first place, including, according to the Eye, a certain Prince Charles.

0
0
Chris Fox

New news

"How would the URL/news article be specified? If it's just existing material listed in the court case it wouldn't protect against someone rehashing the material and publishing a new article."

If you read the article carefully you may notice that a question relating to this particular point was raised in the hearing, and highlighted for its significance.

0
0

Oi, force Microsoft to cough up emails on Irish servers to the Feds, US states urge Supremes

Chris Fox

Re: UK not much better (in the quality of its arguments)

"But, in this case, we are talking about Irish servers, owned by an Irish company on Irish soil, which just happens to be owned by an American company."

Right, though I'm not sure why you say "but"; my observation was that the UK governement's view on extra-terratorial jurisdiction prima facie supports the US DoJ's position in this case. In fact it seems even broader/more extreme: according to UK government's reasoning the US DoJ should still legally be able to require data to be handed over even if Microsoft itself were registered in Ireland, Iceland or Switzerland etc., (regardless, it seems, of the views or laws of the countries in which the data were held, or the companies were registered).

Of course I am not saying that the UK government or US DoJ are right here (and my earlier comment alluldes to some sleight-of-hand in the UK government's amicus brief), just that the US DoJ is not unique in its attitude to extra-terratorial jurisdiction: other "civilised" countries make similar, or stronger, claims.

0
0
Chris Fox

UK not much better (in the quality of its arguments)

The UK takes a view similar to that advocated by the US DoJ in this case, under the UK's RIPA, DRIPA and IPA laws, which are taken to apply to companies operating in the UK, even if they are based elsewhere, and hold data elsewhere. Their arguments ignore some of the complexities of independent, extra-territorial subsidiaries (in a way that seems at odds with the tax-avoidance-friendly interpretation of the nature of "independent" corporate entities) and the interplay of the IPA with EU data protection rules (which mean that any entity storing data of EU citizens already has to comply with various obligations, which also include specific exemptions for law enforcement). Perhaps they wish to gloss over these subtleties and nuances in order to curry favourable treatment from the US DoJ when attempting to access data held in the US, just as the parliamentary "debates" about other aspects of the IPA effectively glossed over and ignored key aspects of critical ECJ rulings.

10
1

Java? Nah, I do JavaScript, man. Wise up, hipster, to the money

Chris Fox

Re: @wolfetone

"do you mean Java ME? At one point it was THE language for set top boxes ... just curious not being snarky."

I think this was a reference to the original purpose of what is now called Java, going back to 1991 when it was part of Sun's set-top box project, and went by the name "Oak". The name was changed to "Java" in 1994/5. Jave ME came later, originally as J2ME in around 1998/9

5
0

China's Great Firewall to crack down on unofficial VPNs – state-approved net connections only

Chris Fox

Re: SSL

"Genuinely curious as to what is stopping someone renting a VPS with an SSL VPN on it that's hosted outside Middle Kingdom? How would it be any different than a visitor from abroad using their corporate Juniper SSL VPN or DirectAccess tunnel?"

One difference might be that someone living in China could find they start facing problems when attempting to pay for or use a "banned" service provided from outside China. In practice the authorities only need to hint that using external "unauthorised" VPNs could get you into serious trouble for it to deter those who might otherwise be politically active. And this is probably one of the main goals.

8
0

UK Home Secretary signs off on Lauri Love's extradition to US

Chris Fox

Re: Extradition

"US citizens have been extradited to the UK."

But have any US citizens been extradited for crimes committed *while in the US*? The article quoted suggests not... I would also not rush to treat the Baker report, or the opinions and assertions of the Home Affairs Select Committee as "fact", e.g. regarding the controversial claim that "little or no distinction in practice between the 'probable cause' and 'reasonable suspicion' tests", which many consider to be one of the fundamental sources of asymmetry. It seems to be standard operating practice for such reports and committee hearings to endorse the status quo, covering over issues of legitimate concern with a thick layer of white-wash enriched with a dash of sophistry.

In this particular case there are further asymmetries; the available penalties are radically different, and the US Love would appear to face not one but three separate trials in three different jurisdictions, in a prosecution and "defence" culture that bullies individuals to plea bargain. There is a precedent for vulnerable individuals committing suicide in such circumstances, even when they are not also facing the additional problem of being stuck in the prisons, and legal systems of a foreign country.

This just looks like an extension of the rendition programme, given that the case could have been taken up by the CPS, rather than the police handing everything over to US law enforcement, seemingly to enable harsh treatment that would be considered unacceptable in the UK. This is not justice.

2
0

'Trust it': Results of Signal's first formal crypto analysis are in

Chris Fox

What about Conversations?

I won't use Signal due to its reliance on Google Play Services, which is disabled on my phone. The Convesations app seems a better choice for many reasons: it also has double-ratchet encryption with a published spec (OMEMO), as well as OTR and stream management, and complies with open standards, works on self-hosted infrastructure, and does not need Google Play service, while still having very low power requirements. The main thing that prevents Conversations being close to an ideal chat application is that many of the larger providers of XMPP-based services (e.g. Facebook) refuse to support XMPP peering, but then lack of meaningful peering is a problem faced by all chat applications except email and SMS.

3
0

Red Hat eye from the Ubuntu guy: Fedora – how you doin'?

Chris Fox

Better fit-and-finish vs vendor hijacking

"It's getting better as a distro, too, benefitting from the improving fit-and-finish of Linux and its manifold supporting components: desktops, applications and their less-obvious underpinnings."

Hm, improved "fit-and-finish"? That's one way of describing the beast that is SystemD, and the dysfunctional way in which Redhat has in effect "captured" key components, such as glib, gtk etc., so that what are supposed to be general purpose, standardised libraries are permitted to have odd, inconsistent, out-of-spec behaviour if it helps or is required by Gnome and SystemD, while happily breaking things for others, and failing to fix reported bugs if they arise outside Redhat's stack. It all seems so depressingly familiar...

3
1

The exploding Note 7 is no surprise – leaked Samsung doc highlights toxic internal culture

Chris Fox
Coat

Re: #nothingtodowithnote7

"clearly corners were skipped to beat the iphone7 to launch."

We already know corners were rounded to beat the iphone, at least according to one judgement.

What a sad world this is were a company can be fined hundreds of millions of dollars for the perceived abuse of daring to infringe spurious patent and design claims, yet can get away with murder when it comes to its treatment of human beings...

35
0

Ofcom finds 'reasonable grounds' that KCOM failed to maintain 999 services

Chris Fox

Re: 999 - not in Hull in the 1950s

Not just not in Hull, and not just the 1950s. This was true of a number of places more recently than that. Despite the number officially being "999", on some exchanges your call would be put through to emergency services on the second "9" if there was no ambiguity. This could catch you out. Many UK regions still supported non-area code trunk prefixes into the late 80s: you could hop exchanges using prefixes, many of which started with a "9". You could concatenate exchange prefixes to jump between town and rural exchanges, e.g. 993, where the first 9 set up a link to the local urban centre, then 93 took you to some other smaller town. (This was how it was supposed to work, although ... allegedly... you could abuse it by routing a long-distance call manually over long chains of local exchange links, and avoid paying the then much higher long-distance rates.) But if you used a payphone connected directly to the main urban exchange and forgot to drop the initial 9, then you could find yourself surprised as emergency services picked up the call the instant you finished dialling the second 9. No doubt this all came to an end with the rise of fixed-area codes, and the fall of the Strowger switch, that culminated in Phone Day in 1995.

2
0

Complaints against cops down 93% thanks to bodycams – study

Chris Fox

Re: Studying police officers improves their behaviour

"It shows that IF PEOPLE THINK you have a camera, they will behave better."

The "study" does not tell us what people were thinking -- I won't call it an experiment, as it was clearly not even double-blind -- but we do know it involved geographically distinct forces. We also know that apparent placebo effects (and increasingly, nocebo effects) are usually interpreted as bringing into question the experimental hypothesis.

In an experiment where the control shows the same result, that generally suggests any observed change in behaviour cannot be attributed to the controlled variable. Indeed this is the reason for having controls. But in this case it is being reported (with the active encouragement of those involved in the research) as showing that the effect is so powerful that it spreads. If this were an experiment on homeopathic treatment, then this type of sloppy post hoc analysis offered by the researchers would be equivalent to arguing that homeopathic treatment is so powerful it actually cures people in the control group --- perhaps it does, but that would be a very controversial analysis!

There are other aspects of the publicity behind this publication that are concerning, including the conflation of "the number of reports of attacks" with "the number of attacks" (which are *very* different things), and the glossing over of the apparent increase in force used by the police in the camera wearing group, with no analysis of whether this was justified. If this increase in force did not occur in the control group, then that would be the key finding, not the reduction in complaints across experimental and control groups.

As with many things, the impact of body cameras is not at all straightforward.

For another perspective: http://www.slate.com/articles/technology/future_tense/2014/09/ferguson_body_cams_myths_about_police_body_worn_recorders.html

4
0

Non-doms pay 10 times more in income tax than average taxpayer group

Chris Fox

There was no referendum on PR

"Sadly the UK voted against the transferable vote"

"Of all the possible PR voting systems, we got that single version offered to us in the full knowledge that it would not be chosen because everyone knew it was not the one that was wanted."

Indeed, the 2011 referendum was on the Alternative Vote (AV), which is not a proportional voting system. It seems bizarre that the referendum was about switching to a voting system that the Jenkins Commission had explicitly rejected, on the grounds that it could be even less proportional than FPTP.

The Commission actually recommended the rather different AV+ additional member system, which is more proportional than FPTP while preserving constituencies. Of course we never got to vote on that far more sensible compromise. The "choice" we ended up being offered was then to keep the flawed status quo, or replace it with something potentially worse (... sounds strangely familiar...).

2
0
Chris Fox

What price credibility?

Let me guess, Pinsent Masons is worried it will lose some of its regular non-dom clients, and shamelessly pushes its own agenda by producing a press-release disguised as a (syndicated) news article under the Out-Law brand, with one-sided quotations from its own staff, and not even a half-hearted attempt at balanced analysis. (E.g. how about comparing pennies-in-the-pound, and the break even point for tax income, comparing number of non-dom oligarchs vs oligarchs paying regular tax rates?) It would be difficult to find a better way of undermining the credibility of Out-Law articles. I wonder whether/why The Register was obliged to take this piece.

I guess this is "normal" behaviour for Pinsent Masons: even its WIkipedia entry looks like a self-penned puff piece.

20
0

Delete Google Maps? Go ahead, says Google, we'll still track you

Chris Fox

Google Play Services (GPS), the Trojan app

Isn't this the every growing closed "app" into which Google is embedding ever larger chunks of Android functionality, rather like a (closed) SystemD for Android? No doubt at some point it will grow to the point where it *is* effectively Android, at which point Google could dispense with the Linux kernel. (Last time I checked, manufacturers are required to include the app to as a condition of using the Android name.)

Ostensibly this use of the app was to allow patching of devices that were not receiving core Android updates. In practice numerous applications that refuse to run if GPS (the app) is not running, including many official apps such as Google's Gmail and Calendar apps, even though it is not clear why they should break (GMail actually displays emails etc. before popping up a dialogue insisting that the GPS app be re-enabled), or why they cannot fall back onto "open" Android APIs.

It's interesting that Google Maps runs fine without GPS (the app), even though it ostensibly provides supplementary high resolution location services. Looking at the services provided, it seems that GPS (the app) can provide location information even if GPS (the service) is disabled, using WiFi location data. Perhaps the name of the app is no coincidence if both it and Google Maps are phoning home with tracking information.

There are many alternative apps that don't rely on GPS (the app) such as K9, Etar, etc. (and you can use Osmand instead of Maps, and an app to update AGPS data, such as SatStat) but it is rather annoying, and troubling, that many do, including Signal (ironically in the interests of "security", and for push messaging, even though ChatSecure seems to function just fine without it, including deferred delivery for intermittent connections).

[You can run a phone without Google Play Services (for now), but fun may follow if you try to disable to the Google Search App: that breaks the default home screen, leaving you with what appears to be an unbootable brick, until you phone yourself, and re-enable the search app while answering the call (not the most obvious or easy-to-find solution), and then find a launcher that allows Google Search to be disabled.]

4
1

Brit spies and chums slurped 750k+ bits of info on you last year

Chris Fox

Re: 750,000 messages?

... and most people communicate with more than one other person. If a person of interest makes contact with a couple of dozen people using a targeted mechanism (i.e. "one item of data"), then "750k bits of information" could easily see the majority of the UK population under some form of "targeted" surveillance. And if US practice is anything to go by, the scope of some of these "pieces" of information no doubt include the communications of associates with others, perhaps several hops away.

It seems clear that the terminology and mode of counting is a smoke screen: the headline figure makes it seem that all the data collected is just 750k bits (96k bytes). Perhaps, for example, the proceeds of crime legislation could adopt a similar method of accounting, so the powers-that-be need only request one thing: everything that you, your family and all their relatives and friends own.

0
1

Man dies after UK police Taser shooting

Chris Fox

Training shots

According to an investigative reports from around the time they were first approved for use by firearms officers in the UK, the Taser shots used on police and others in training are usually at a considerably lower voltage/power than in regular service use against civilians. (This might be because TASER International wants to reduce the risk of catastrophically bad publicity in the event that someone is killed by a Taser during training; the company pushes its products using the "non-lethal" claims, but has had a reputation for being ... less than straightforward when it comes to the question of safety and the risk of fatalities). Unpleasant as they no doubt are, low-power training shots may give a misleading impression as to how bad it really feels in active use.

1
0

Bloke flogs $40 B&W printer on Craigslist, gets $12,000 legal bill

Chris Fox

Admitted admissions

"It isn't that he "admitted" anything - that is just bad reporting, something that has been repeated elsewhere in many articles about this case. It is more factually described as a default "Nolo Contendere" / "No Contest" plea."

It might be a little misleading to refer to this as bad reporting, given that the terms "admitted" and "admission" are used by the Indiana court itself in such cases. For example, in the court of appeals' judgement that threw out the case in question, "admitted" appears five times and "admission" fourteen times with regard to the interpretation of Costello's failure to respond, as in:

"When Costello learned that his failure to respond rendered the matters admitted under Rule 36(A), he hired an attorney and moved to withdraw the admissions under subsection (B) of the rule."

For once it is not simply sloppy reporting: the language of the court really is as bizarre as it seems.

4
0

Home Office declares: Detained immigrants shall have internet

Chris Fox

Magical thinking

"It is the responsibility of the centre suppliers to ensure that detainees electronic communications are monitored, and that any privileged material (such as legal correspondence) is excluded from all monitoring."

How's that supposed to work? Suppliers are required to monitor communications, but if it turns out to be legally privileged they have to go back in time and unmonitor it? And as for the downloading and uploading of *any* files being prohibited; by what other magical means is Internet access supposed to work?

Perhaps this comes from the same Home Office brains that gave us such great ideas as secure encryption with backdoors, or that argue bulk collection, storage, indexing and querying of all communications meta data somehow does not count as "mass surveillance".

5
0

The EU wants you to log into YouTube using your state-issued ID card

Chris Fox

No ID cards in the UK? Tried to get a job recently, or rent property?

It's a bit disengenious to maintain that we have no ID-cards in the UK. While No2ID and the like might have won the battle against UK ID cards as such, they lost the war. Essentially passports now play the role of "voluntary ID-cards" in all but name. Indeed it is becoming hard to argue that they are even voluntary.

If you want to work in the UK, or rent property, or open a bank account, as a UK citizen you will almost invariably be required to produce a valid UK passport. Other documents are not given the same status. Unless you happen to have your full, original, birth certificate, you will de facto find yourself having to fork out for a passport, and have your details and biometric photo lodged with the Passport Office, even if you have no intention of travelling.

Perhaps this was the real plan, and the scrapped scheme was just a decoy to distract attention away from the Passport Office, as it was effectively given a role that lies outside the remit of its Royal Perogative. It would also help to explain why the *ID-card* scheme was funded by an increase in the *passport* fee, and why the increased fees remained in place after the ID-card scheme was supposedly abandoned.

4
0

Ubuntu 16.04 LTS arrives today complete with forbidden ZFS

Chris Fox

Re: Priorities?

"By all means the init system can *start* ntpd, but it shouldn't *be* ntpd."

Reading through various threads and bug reports about ntpd and systemd, it seems that some people experience various cyclic dependencies and race conditions, the very issues that systemd was supposed to fix. Some fixes for such dependency hell involve adding hardcoded delays, the very kind of hacks that systemd was supposed to avoid. It seems the only way that systemd can live up to its hype is by taking over everything, and ceasing to be the very thing it was meant to be, an init system. It's adoption by Debian and its derivatives seems premature to say the least. And the every increasing frivolous dependencies on systemd and its libraries is most unfortunate (if you switch a Debian installation to another init sytem, why on earth does installing CUPS or, even more bizarre, GIMP *require* you to reinstate systemd?)

For those who want a clean, elegant init system, with scripts that are usually just a few lines long, I recommend runit (as used in Voidlinux). In my experience it has faster start up and much lower memory and CPU load than systemd (which is helpful on a constrained system like an Rpi), and, unlike systemd, it is relatively easy to debug if things do go wrong. Unfortunately it can be hard to switch to runit on Debian and Ubuntu etc., given all the wierd systemd dependencies. So much for "preserving init choice".

2
0

HTC 10: Is this the Droid you're looking for?

Chris Fox

Don't believe the (CD) hype (Re: HiRes)

"'The original sampling rate was effectively arbitrary anyway, being based on already available hardware capabilities rather than any reasoning.' Or on the limits of human hearing, and information theory"

The sample rate and method for CDs was chosen based on a number of factors, including availability and price of the technology, the recording density, the width of a standard car radio slot, and the desire to be able to have a squeeze recording of a particular piece of Beethoven on a single disc. Audio quality was a factor, but one that was subject to compromise. If they really had been interested in releasing recordings that equalled the known ability of human hearing, Philips should have followed the advice of its own experts on human hearing and recording technology, and gone with 24-bit linear encoding, or a logarithmic, rather than linear, 16-bit encoding to achieve the best perceived quality, exceeding high-quality vinyl playback. But the marketing people were in control, and decided that 24-bit encoding would have been expensive, and was at odds with their duration and size constraints, and logarithmic encoding would have taken more time to implement properly. Philips made many compromises in the CD format, and ultimate sound quality was one of them, despite the marketing hype from the very people that forced the compromise. Remember the first consumer CD players from Philips only had 14 bit linear DACs, and threw way the least significant bits, and yet were still marketed as having perfect sound quality.

0
0

China's Great Firewall inventor forced to use VPN live on stage to dodge his own creation

Chris Fox

Paranoia

Panama is just a state of heightened tax avoidance

11
0

BT dismisses MPs' calls to snap off Openreach as 'wrong-headed'

Chris Fox

Re: Privatisation

@veti

I believe this relates to the contracts for providing new local loop services in urban areas, which were offered to US cable companies to install coaxial (badly in many areas, requiring lots of remedial work to pavements etc.). This strange decision by Thatcher forced BT to abandon its cheaper and faster fibreoptic service, which was all ready to roll, and would have given us FTTH/P 25 years ago. The argument to go with an additional copper rather than fibre optic local loop was justified on the grounds of "competition". In retrospect it seems a strange competition when the winners were offering a poorer technology at a higher price, especially given that there are other mechanisms for allowing competition over local loop services. Compare and contrast with what other countries were doing at the time with their national telecoms companies.

http://www.techradar.com/news/world-of-tech/how-the-uk-lost-the-broadband-race-in-1990-1224784

Instead it looks like we will end up stuck with some Frankenstein's monster of power hungry technology that will spew ever increasing amounts of hash over the radio spectrum for many years to come (unnotched VDSL, and G.Fast, I'm looking at you).

5
0

GCHQ's SMURF ARMY can hack smartphones, says Snowden. Again.

Chris Fox

A weak programme, with poor journalistic standards

This was a very weak programme, with sub-tabloid quality journalism.

The Snowden involvement just seemed like bait to get people to watch a programme that was largely an uncritical platform for the usual pro-surveillance propaganda. Perhaps they were so pleased at securing an interview they forgot their journalistic principles.

There were numerous highly contentious comments made, particularly by Mark Giuliano (FBI Deputy Director), that were essentially unchallenged, e.g. encryption is fundamentally bad, and should only be available in a broken form; and that social media platforms should in effect be spying for the government. David Anderson did offer some dissent to the latter but offered the pearl that government agencies needed to collect all data even when the targets are known, which seemed to undermine his position on judicial warrants, something the programme failed to pick up on.

The BBC's narrow obsession with “balance” means it does not appreciate that merely including Eric King (PI) for “balance” is not the same as good journalism. At no point did the programme attempt even to suggest, let alone explore, the possibility that there might be legitimate uses for secure encryption. And it did not properly consider the question of balancing the interests of law-enforcement against a reasonable expectation of privacy, including from government agencies, for those who were not the subject of an investigation.

The fact that otherwise competent main-stream journalists fail to understand or convey some of these important issues — even in a programme that referred explicitly to surveillance proposals currently being considered by the UK government — means they are failing to inform, and failing to hold the government to account. Such failings allow democracy and the rights of the individual to be undermined.

Going by this programme, investigative journalism is dead at the BBC.

13
0

Ofcom: Ahem, about that 28GHz spectrum. Let's talk fees

Chris Fox

Re: Can someone explain

And presumably nobody is using any of the HF or VHF bands, given how Ofcom is happy to allow power line network adaptors to transmit hash over all these bands without any form of licence.

1
0

Vanished global warming may not return – UK Met Office

Chris Fox

Absence of significance is not absence

Scientists have a habit of saying things like "there was no significant rise in the given period". Unfortunately Lewis, and the Daily Mail etc. interpret this as "no rise in the given period". What it actually means is "there was a rise, but there is greater than 0.05 probability that this was due to random variation or measurement error over the (relatively brief) given period." For a journalist to misrepresent this suggests either incompetence, or dishonesty.

In the case of climate, mean temperatures are rising, and they are statistically significant increases over suitably long periods. If you measure the water depth on an incoming tide sufficiently frequently you will find numerous intervals where there is no statistically significant increase in the water level (and indeed periods over which the water level drops). Only a fool would belief this means the tide is not coming in, and only a quack scientist or click-bait journalist would argue that this disproves the existence of tides.

19
18

Vodafone: Dammit Britain, your emergency services need 4G!

Chris Fox

Bandwidth, just one small detail

Great, swap 99% coverage of the UK landmass for the ability to stream HD cat videos in parts of central London, provided nobody else is sucking up the bandwidth, and your not inside a building. What could possibly go wrong? It's not like anybody would expect to have to rely on this for nationwide emergency comms is it? Oh...

3
0

Exploding Power Bars: EE couldn't even get the CE safety mark right

Chris Fox

CE marking is a broken idea

“Similar issues can be found with power line communication (PLC) adapters, plasma tvs etc.”

The example of CE-marked PLC illustrates how broken the whole self-certification system is in the EU. Many (all?) PLC devices break rules on radio interference when used on standard domestic wiring, but all is supposedly well as the devices carry CE markings. This is despite the reality that self-certification that justifies the CE marking involved testing samples using “standards” that were never approved (because they were too lax), or measurements in an environment that did not replicate domestic wiring, or using interference thresholds intended for industrial, non-domestic use. It then seems that manufacturers are effectively allowed to “grandfather” the supposed CE compliance.

As I recall, a ruling in German appeared to suggest all was in order, so no other national authority is willing to do anything about these dodgy practices. In the UK, complaints about illegal PLC interference are dealt with using a crazy ad hoc procedure that involves the BBC (rather than relevant regulator, Ofcom), allowing Ofcom to report it has received no complaints, justifying its refusal to act. Even the IEEE is complicit in setting up standards for this crap without considering the wider issues.

The issue of CE marking is one where there is a clear case for EU reform, but unfortunately its this kind of “trust the manufacturers” crap that is supported by those who claim to be concerned about the EU.

3
1

FCC boss Wheeler: Shove off, big dogs – let the small telcos play

Chris Fox

The FCC can “create more frequences”?

“The FCC chairman said that the upcoming wireless spectrum auction, designed to create more frequencies for use by wireless broadband networks, would receive additional rules on eligibility should the FCC commissioners pass his recommendations at the July 16 open meeting.”

The FCC must be more powerful than anyone imagined if they create more frequencies just by holding an auction... oh wait, you mean “sell off rights to more spectrum...”. Is Stephen Fry now working for The Reg by any chance?

2
1

Microsoft makes Skype beach body ready with web browser beta release

Chris Fox

Re: Microsoft supports Linux better than Google

“Skype for Linux is top-notch for closed proprietary software. In a bizzaro twist, Microsoft is starting to provide better applications for Linux than Google.”

Of course, the cross-platform support from Skype pre-dates Microsoft's involvement. And “Top-notch” is not how I would describe Microsoft's support of the Linux version: there is still no 64-bit version, and, worse, support for ALSA has been removed under Microsoft's watch. On a typical 64-bit Linux installation, Skype requires a shed-load of multi-architecture support and duplicate 32-bit libraries to be installed, and various hoops to jump through if you don't want to be forced to switch your sound server over to Pulseaudio and allow Mr Pöttering to enter through the back-door.

1
0

What an eyeful: Apple's cut price 27in iMac with Retina Display

Chris Fox

*fewer* pixels

If only Robert Baker had made one fewer proscription, up with this shibboleth we would not have to put.

0
0

Relax, it's just Ubuntu 15.04. AARGH! IT'S FULL OF SYSTEMD!!!

Chris Fox

Re: systemd? Do not want. Try Voidlinux

I tried a number of systemd-free distributions on virtual machines and servers (including Gentoo, Funtoo, Slackware, Devuan alpha, Manjaro-openrc, Voidlinux). The smoothest so far has been Voidlinux, a rolling-release binary distribution, with XFCE 4.12 as the default desktop, which also works on a Pi2. Previously this distribution was an early adopter of SystemD, when it was just an init system. But it has switched to runit, which makes SystemD unit files look like a complicated tangled mess. Some things need a little bit of work, e.g. occasionally there may be bugs in some less commonly used packages, and you have to write your own init file if you use Openvpn, but with runit, that is just one line long...

If it really is about "fixing" init, then there are numerous excellent alternatives that aren't invading body-snatchers with half a millions of lines of undocumented and uncommented code, and no specification, maintained by a closed community for whom bug-fixing is seen as a pointless distraction that has to be sacrificed on the alter to the one true goal of never-ending function creep.

[Some Debian SystemD apologists keep saying SystemD is only a default in Debian Jessie, and other init systems can be used, but the debootstrap program has a trivial bug that means it fails to read the non-systemd options. The maintainer refuses to fix this obvious bug because "SystemD is the default". And then there are random programs and packages that are configured to pull in SystemD and related crap rather than treat them as optional dependencies (CUPS and XFCE spring to mind). Hopefully Devuan will fix this, at least for server-based installations, and Voidlinux makes a fine replacement for Wheezy on the desktop.]

3
0

High-speed powerline: Home connectivity without the cables

Chris Fox

Re: Noise!

Indeed, my heart sank seeing this puff piece for such HF and, increasingly, VHF noise generating crap which demonstrably fails QRM regs., with manufacturers abusing the self-certification process, and "regulators" who fail to act, and then mangle the reporting procedures so they can claim there are no complaints. The reg should know better.

19
2

America was founded on a dislike of taxes, so how did it get the IRS?

Chris Fox

IRS claims a global right to charge income tax on anyone

"Apparently the slightest association with the country can result in you being considered a tax payer even when you have moved back to your country?"

Indeed, no personal association at all is required: under rules that are supposed to stop global tax-avoidance schemes, IRS claims income tax on royalty payments made to you if routed through a US-registered part of an organisation, even if you are not registered with the IRS, have never visited the US, are not a US citizen, have had no dealings with the US-registered part of the organisation, have conducted all the relevant work outside the US, and pay all the income tax due in your own country.

You can avoid the IRS claiming this income tax... but only by first registering with the IRS... and that involves sending them your passport to them in the post for some unspecified period, assuming you even have one*... meanwhile the big players still avoid paying tax... It makes the injustice of that import duty on colonial tea seem like small beer...

* Anyone else noticed how No2ID won the battle against UK ID cards, yet lost the war, with biometric passports now being demanded for an ever increasing range of transactions with government, banks, and prospective employers, and with an ever decreasing choice of acceptable and viable alternatives? And now you need a biometric passport, with all the details logged in the US, just to avoid paying income tax to the IRS.

1
0
Chris Fox

Re: Speaking of myths

Concerning the issue of tea, the officially sanctioned imported tea, as offloaded in an unconventional fashion at that party in Boston, was actually cheaper, after tax, than the existing untaxed "imports". That particular storm appear to be brewed up those who, at the time, would have been officially classified as "smugglers", seeking to protect their financial interests after being undercut by "legitimate" imports.

According to contemporary statements, the dispute initially appears to have been motivated by the desire of a few "traders" to maintain profits by gaining control of trade, and assuming the right to break treaties to grab land and resources. Taxation was just a side show. The latter of course became an important hook on which to hang various justifications and explanations, given that the general populace might actually have preferred cheaper British imports to the expensive black-market goods.

2
1

Bulk interception is NOT mass surveillance, says parliamentary committee

Chris Fox

More sophistry: small percentage of bearers...

"GCHQ’s systems operate on a very small percentage of the bearers that make up the internet."

Right, more misdirection and sophistry..., I'm guessing that this "very small percentage of bearers" also just happens to carry most of the UK traffic (e.g. just targetting LINX gives access to the bulk of the traffic for the users of over 500 ISPs). Why waste time with the numerous minnows that carry a tiny fraction of the traffic, when a handful of bigger fish give you access to almost everything in the UK?

(And even if every UK ISP were being targetted directly, this would still be a "small percentage of the bearers that make up the [global] internet".)

If the committee actually understands this, then they are being duplicitous, if they don't, then they are incompetent. Neither is acceptable.

12
0

VMware sued, accused of ripping off Linux kernel source code

Chris Fox

Re: Brilliant Photo!

Hmm, not sure I like the implication that Linux kernel developers are an invading alien army of screaming body-snatching mimics trying to take over the world... perhaps the image would be more appropriate for a piece about Systemd developers?

21
0

Marconi: The West of England's very own Italian wireless pioneer

Chris Fox

Re: Marconi was a FRAUD and a PATENT THIEF

Indeed, the world of radio patents from 1890's onwards was as controversial as software patents today. Marconi was awarded a patent on his "black box", which turned out to contain the inventions of others. This was a major scandal at the time among those working on radio. And his patents on tuning were not novel; they just describe existing work of others. He was also supposed to be working for the GPO when he was making his refinements to radio, using public money and a team of GPO staff, but then refused to hand over the results of their work to the GPO, claiming it as his own. HIs first supposedly successful transatlantic transmission is also subject to serious doubt, and changes to make it work later (e.g. lowering the frequency) again appears to be based on the work of other. He ruthelesly expoited the Titanic disaster, claiming his radios had saved hundreds of lives (it is interesting that one of his associates at that time, Sarnoff -- who was embroilled in this story through some fiction about him somehow being involved as a telegraph operator -- was subsequently found to have misappropriated other inventions, including wideband FM, which ultimately lead to the sucide of the actual inventor).

Marconi is like Edison, Alexander Graham-Bell and other commercially successful "great inventors" who turned out not to have invented "their" inventions; he was very good at marketing, politicking, ruthlessly claiming the inventions of others, and gaming the patent system, and whose success seems to be based on lucky timing, combined with a complete absence of ethics or shame.

This is not to say we cannot acknowledge the achievements of Marconi and others for what they are; I just don't see why it is necessary to perpetuate these sanitised and fictionalised accounts, and continue to ignore or whitewash the more controversial aspects of their professional lifes. Doing so merely serves to belittle and ignore those who actually did the work on which the success of these "great inventors" was built.

4
0

EU parliament bans Outlook app over cloudy security: report

Chris Fox

The application is a problem (given EU data protection obligations)

This should be seen in the context of compliance with EU data protection regulations and legislation. It is relatively easy to ensure internal email systems comply with EU data protection requriements, assuming secure protocols and good password policies are adopted, and servers are physically secure. And Microsoft has gone to great lengths to provide legal cover for EU-based organisations to allow them to outsource internal corporate email to Office365 (although there may be questions about how robust these assurances are). Either way, this app makes the whole thing moot by operating in a way that clearly in breach of data protection regulations; any EU-based organisation that allows staff to use this app for corporate email will almost certainly be in breach of data protection legislation.

5
0

Sorry, Qualcomm, Apple – your patents don't scare us

Chris Fox

Not so safe after all

"At least many countries and regions have seen sense and declared that you cannot patent software, it is already covered by copyright."

Unfortunately things are not so simple as that. In many jurisdictions where "software as such" (i.e. the program text that you can copyright) is supposedly not patentable (as in, e.g., UK patent law and Article 52 of the EPC), it turns out that you *can* effectively patent software provided that you talk about (e.g.) the "technical effect" of executing the software.

In the UK and other European countries in which software is not supposed to be patentable there have been court rulings that uphold a bizarre interpretation of "software" and a "computer" where software ceases to be software when it is running, so is no longer excluded subject matter, and where, furthermore, a computer running a piece of software ceases to be a computer, but is instead a new technical artefact, which can be the subject matter of a patent.

As in the US, sophistry and reinterpretation often allow patents on software (and other abstract notions) in all but name, despite what at first appear to be clear and unambiguous prohibitions.

0
0

Demon Internet goes TITSUP: Outage borks ancient ISP

Chris Fox

Re: AFTER 13:45

There were actually updates at 12:23 and 13:10. The article itself is a bit misleading: it seems to suggest that the notice had been pushed back from 12:30 to 13:45, when in reality it was the "12:30" notice (actually posted at 12:23) that provided the information that there would be *another* update after 13.45. The 13:10 notice stating service had resumed also said there will be a further update at 16:00... so now I expect the reg article will be revised again to say that the update has now been pushed back to 16:00. Demon, with its gradually declining customer service, is already quite good at annoying users without the reg having to distort the facts.

1
0

DoJ's extra-territorial data demands: now Ireland is baulking

Chris Fox

A US DoJ shaped hole in MS's Office365 EU plans?

MS have been successful in touting for corporate Office365 business in the UK and elsewhere in the EU by claiming that locating servers in Ireland ensures that confidential and privileged information will be stored in compliance with EU Data Protection rules. They have been waving letters from the ICO to this effect. Even so, some law firms have expressed concerns about client confidentiality, and claim that they have official advice (also from the ICO) that data on MS servers in Ireland cannot consider to be safe. For those that have bought the MS line on data protection, their internal emails now cross national borders on undersea cables. MS claims the data is safe in transit as it is encrypted, but we know this does not necessarily follow. Of course, those keen to outsource and close down local facilities may not be that keen to look beneath the thin veneer of assurances, but MS might be panicking that its USP could be unravelling.

2
0

Doctors urged to adopt default opt-out approach to care.data scheme

Chris Fox

Topsy-Turvy interpretation of DPA

"However, the Data Protection Act would still require patients to be given a full explanation of the options open to them, and why the GP has chosen to opt them out."

This really is a looking-glass world. The most obvious interpretation of the DPA is one where sensitive personal data is in the control of the individual, and explicit informed consent has to be sought before that data is passed on. Normally default opt-in to sharing sensitive personal information is considered unlawful. It then seems odd then to say that if GPs try to follow the spirit of the law are they are obliged to give an explanation, and inform patients of their rights, while those that act in a way that is prima facie at odds with the spirit of the law are assumed not to have any such legal obligations.

12
1

Page:

The Register - Independent news and views for the tech community. Part of Situation Publishing