nav search
Data Center Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes Lectures BOFH

* Posts by Lee D

2142 posts • joined 14 Feb 2013

Linux's Grsecurity dev team takes blog 'libel' fight to higher court

Lee D
Silver badge

It seems incredibly like imposing further conditions on the distribution, which is prohibited under the GPLv2: "You may not impose any further restrictions on the recipients' exercise of the rights granted herein."

It seems quite clear to me that making people pay for the software, and then denying them future updates in perpetuity should they EVER exercise any of their distribution rights under the GPLv2, is quite a bit more than "imposing further restrictions".

That's pretty moot, however, because you'd have to be an idiot to want to do business with this guy at all anyway.

0
0
Lee D
Silver badge

GRSecurity / Brad Spengler

This couldn't happen to a nicer fella.

Finally his big-headedness has caught up to him.

And, never forget, he has to publicly declare certain things to work on tiny little government contracts:

https://www.collierreporting.com/company/open-source-security-inc-lancaster-pa

Quote: "Estimated Number of Employees: 1

Estimated Annual Receipts: $140,000

Business Start Date: 2015"

No matter what he says, he's been a tiny one-man operation for years. How he can afford a lawsuit, I can't fathom.

1
0
Lee D
Silver badge

Re: Lawyers and Catfish

The judge said that the current case can't proceed as is without being amended.

They don't want to amend.

So what they are saying is "the judge made the wrong decision" and appealing the case. Which first requires the case to be dismissed.

It's pretty much certain they're on to a loser at this point, as they're literally saying "NO! YOU'RE WRONG!" to the judge, who was quite clear and didn't have to do much interpretation to come to the conclusion they did (i.e. it is an opinion, and you can't be libellous unless what you're saying is provably false). They can't prove the statements false, hence they can't continue with the libel claim, but they want some "different" answer.

The best bit is at the bottom, though... no matter whether the case is dismissed or the complaint amended, there is a court-sanctioned avenue of suing them back under an anti-harassment law, with positive encouragement from the judge as to the likely success of such an action.

Not only are they onto a loser with their original suit, they're onto a loser with the appeal, and in the process they can be counter-sued almost automatically no matter what. This is not just losing... this is M&S losing...

2
0

Scumbag who tweeted vulnerable adults' details is hauled into court

Lee D
Silver badge

Re: Threatened the ICO ?

You need to read up on the DPA and, especially, GDPR (which is really just a formalisation of what the DPA case law already establishes).

If you have personally-identifiable information on a machine (or now even on paper), it's subject to the DPA and is most definitely an IT and HR issue. As in... she shouldn't be allowed to use a USB stick, shouldn't need to write up notes at home, certainly shouldn't be doing so except on encrypted and controlled devices via encrypted and secured channels (e.g. remote desktops over VPN).

It is most definitely an IT issue for there to be an unencrypted USB stick wandering around with any kind of information gathered as part of someone's job. Whether you like it or not.

P.S. DPA has always had, and is now formally codified as having, personal liability. Not only her, but YOU as the IT guy can get fined, as well as the company, for not knowing this.

6
3

NHS: Thanks for the free work, Linux nerds, now face our trademark cops

Lee D
Silver badge

Re: I always thought Microsoft would be the one to get them...

I used to work for a school that was taken over to become an academy.

In the process, they wanted to merge sites, ditch half the IT staff, etc. But not before they'd forced us into IT service agreements that would benefit the "superhead" and his golf-chums into perpetuity, by selling us everything from cabling and networking to software and hardware.

One of the products they wanted to push was LightApp (I believe it's dead now). They exhibited us at BETT using it, but actually we already vetoed it and refused to touch it. It was a thin-client solution based on pushing X-Windows sessions into thin-clients, and then replacing everything on the backend (i.e. the IT team) with a remote server managed by the company in some god-forsaken third-world country. We vetoed it on many grounds, everything from "no local support" to "we don't have an internet connection reliable enough" to "data protection issues" to "security issues". Bear in mind they wanted hundreds of students to use those thin-client / remote-sessions for EVERYTHING they did, plus all the school admin, etc. It was just laughable.

They allowed me to trial it as a pupil so that I could voice concerns and they could answer them. So I logged in via their thin-client, got full root access in a matter of seconds (no security at all, they just assumed you'd never look in their chmod 777'd folders for all the admin users), and left a document on their desktop detailing my objections.

One* of those was: They sucked out the icons from MS Office and used them as icons for OpenOffice/Libreoffice (I think it was OO at the time, I can't remember), with Word, Excel etc. as the names. Prima facie trademark infringement.

Needless to say, at the time it was the least of my worries, and the least of theirs trying to sell us such a junk piece of system, and they never saw a penny of it. I left soon after and I've never heard of them since.

(*) Best one, though, was that they promised us it would "run any Windows program". I don't think they knew that I was a Linux programmer and so could understand what garbage that was - at the time, WINE was barely viable for an old version of Office, let alone anything else, and virtual machines weren't heard of in Windows circles.

As part of this, we had "Ranger Suite" (since bought up by RM, so that's dead too), which is a Windows GPO deployment / user control program that shuts down rogue processes, forces the desktop settings, reports violations, allows screen-based remote control, etc. etc. and creates and manages users in AD. It was basically THE front-end security on a Windows machine. They said it would run under WINE and do everything it always did. I nearly died with laughter at the suggestion, and the salesman ran from the room and ran crying to the head saying I was being unprofessional. My boss then countered saying that the salesman is the one talking rubbish and didn't have an answer when proven that it would NEVER work (I doubt you could run that software now under WINE, it's so heavily AD/GPO/Registry/task-hook based), so nothing happened and we never saw him again.

Two weeks later, the guys in charge of trying to move us to this setup offered me £600 a day to go around their other schools and help them sell it, on the basis of "he's smart, but lots of money should be enough to let us use that smartness against our other clients", I think. As my boss correctly predicted I would tell them at the time, and how I re-iterated when asked, "there wasn't enough money in the world that would make me lie and con schools out of money for a living".

But it's funny that 15+ years later, people are still pulling the same tricks with no knowledge of how to do business.

17
0
Lee D
Silver badge

I bought a Windows tablet on Amazon for £100 that included Windows 10 and a year's worth of Office 365 (which has since only cost, what? About £5 a month to renew?).

Though I have done any number of conversions in the past, and used Linux exclusively while managing Windows networks for at least 5 years, and even used open-source as part of business deployments, I don't think that the cost should really factor in at all. The price to most people to bother their friends enough to sort this lot out for them, plus the ongoing hassle, plus that they feel they "need" a new machine anyway, it just isn't worth the effort.

Now consider how much he's going to run into stuff that he can't fix himself but would need to bother you for, plus things like compatibility (Outlook is just the start of it... I used Outlook for the first time in my life three years ago, and I've been doing IT support for nearly 20 years).

LibreOffice is a viable alternative to Office. The browser wars came in and - pretty much - open source won them, even if Chrome is just a commercialised Chromium, there's still the option there. There are open OS and VM hypervisors if you want to maintain compatibility. Nobody dual-boots any more. If someone doesn't have money or needs something quick, I recommend open-source and even just freeware. Classic Shell is one of the best things I've used in years. But if they don't have the nous to cope with any idiosyncrasies that arise from its use, though? Chances are they're better off with an Office licence or whatever.

Paying for software that does stuff that you could do for free is no different to paying someone to do DIY tasks that you could do yourself. Some people love the challenge and the learning and saving money. Other people just want the damn shelf to not fall down on their heads, it's not really their cup of tea, their time is more valuable, or they need it yesterday.

I've come to accept that, in the end, the people who want to use free / open stuff naturally will when introduced to it anyway. Everyone else can pay. There's no need for hand-holding.

(I'm an open-source programmer in my spare time, I patch my own kernels, I code my own utilities, I run 50% Linux servers in my day job, I run Linux servers and desktops in my personal life... I'm hardly biased here. Hell, I have a Crossover Office licence still).

In my mind, we won on web browsers. We compete in home-office. We have a viable alternative in terms of operating systems (which, when you consider areas other than home PC, actually wins hands-down in terms of unit-sales). And everything has moved from "Win32 application" to "WebGL / HTML5 that runs anywhere" anyway. Even Office (+ Google Docs, etc.). We don't have any points left to prove. But we still won't convert everyone.

The reasons for that are easy to see: Businesses can't sell you open-source, and so they never recommend it. People are happier to pay to have a company they can yell at, and pretty much I only know of Red Hat in terms of "open-source you can yell at" (who are both incredibly expensive, and won't do anything about your LibreOffice problems). People's time is often more expensive than a licence price.

5
5

Make Apple, er, America Great Again: iGiant to bring home profits, pay $38bn in repatriation tax

Lee D
Silver badge

Re: Shame they pay no tax elsewhere

America has always double-taxed things. They basically don't care what the outside world taxed you, they will tax you too.

Many dual-citizenship people find this out - pay US taxes while living abroad, or give up the US status. It's a very common dilemma. Even if you use certain credits to not have to pay the US tax, you still have to fill out all the US tax forms to claim that even if you haven't lived there for decades. I don't know of another country that does that.

25
0

Today in bullsh*t AI PR: Computers learn to read as well as humans (no)

Lee D
Silver badge

If is was "just a matter of feeding in more data", Google would have the world's best AI running across their datacenter already.

Sadly, it's not that simple. "AI" as you know it at the moment is just the same as it ever was... progress in the field is limited and has been allowed mainly because of commodity hardware but what they've found is that - though they can throw much more parallel, much faster, much more powerful, much more prevelant, much cheaper hardware at it - it doesn't change the fundamental nature of what it is: A statistical model.

Statistical models are not "intelligent", they don't "learn" as you expect. Quite often 99% of the gain is in the first 10% of the training and then very little else changes and it takes much longer to "untrain" it in order to show it exceptions that it had never seen before. And, at the end of the day, nobody is quite sure what it's trained itself to at all. It might be statistically correct most of the time, but it's not trained.

If it were just a case of throwing more hardware and time at it (time being much more important, I would posit, literally just training it 24/7 for decades), then we would have a Bitcoin-like economy where companies were fighting to throw as much time and power at a basic AI as they could to be the one with the most well-trained AI. Amazon and Google would lead the entire scientific field. Places like CERN would exist just to train AI en-masse.

But that's not how it works. Or how the technology works. Or how we even believe it could work. All the "AI" you know isn't... it's closer to a heuristically-determined expert system. We've had those since the 1960's, and though computing power has increased by factors of BILLIONS in some circumstances since then, not to mention that's just a single computer and the ability to scale the AI to billions of computers exists, it hasn't really got much better at all.

IT's like saying that the way to train a child is to throw as many books as possible in its direction. Literally bury the poor sod under literature and expect him to be an expert in everything from Shakespeare to quantum mechanics. Kid not smart enough? MORE BOOKS! Kid can't read yet? MORE BOOKS! Kid gets something wrong? MORE BOOKS! Kid biases towards a certain answer? MORE BOOKS!

That's not how it works with real intelligence, and it's certainly not how it works with what passes for AI.

Everything "AI" you ever seen, from Alexa and Siri to artwork-creating robots, Google image detection, whatever you've seen at CES or any other show: It's the same thing. A statistical model, trained on a data stream that, after a very short period of time, has increasingly poor gains for the time/effort/resource/training it requires to add on criteria or more data. Literally they plateau very quickly after becoming vaguely useful, and then progress drops to nothing.

And without the human-led training, they are even worse. I can knock up some Java code - like many of my peers from CS courses did in the 90's - to show you neural nets, genetic algorithms, all kinds of stuff that will demonstrate "learning" behaviour. Right up to the point where you need it to do something slightly complicated. At which point the returns diminish to nothing.

There's a reason that most of the AI in the field lasts precisely the length of a PhD research project and then dies a death - do it, get results, realise that's the best you're ever going to get, write a paper, run away from the entire field.

17
0

OK, Google: Why does Chromecast clobber Wi-Fi connections?

Lee D
Silver badge

Re: when in tandem...

Draytek Vigor routers are fabulous. I have the 2860 - firmware updates all the time (with new features as well as bug fixes), certified compatible with BT fibre offerings (and ADSL2, and Ethernet, and 4G). Failover, IPv6, all kinds of internal options including web filters and DNS filters and LDAP authentication and AP isolation and dual-frequency radios (including handover between frequencies for compatible hardware), proper QoS, SIP handling (including analog ports that run over SIP on board), VLANs, and every option under the Sun.

I run my house and a work site off them, they are just solid, fast and so featureful you'll spend your life reading the manual and going "I didn't realise I could do that!"

4
0
Lee D
Silver badge

Mine is powered off the projector that it displays on (literally the USB plugs into the projector).

I have a remote for the projector on my smartphone, so even if I desperately need it in a hurry, press button to turn on projector, by the time I get into a Cast-capable app, it's up and showing on the screen.

5
0
Lee D
Silver badge

Chromecast announces its presence on the LAN at regular intervals so that devices that want to Cast know there's a Cast-compatible device.

No different to Airplay, DLNA, or any similar technology.

The stupidity is in sending a packet for every announcement "missed" because it was asleep, all lumped together the second it wakes up. That's just dumb.

69
0

Hawaiian fake nukes alert caused by fat-fingered fumble of garbage GUI

Lee D
Silver badge

Re: Confirmation checkbox needed

But... like the infamous "four minute warning", it's 100% completely useless anyway.

By the time that alert was cancelled, any missile would have hit and done whatever damage it couldand basically no-one would have had a chance to do anything about it. Hell, that's assuming they could even get the alert out in time, let alone people actually receiving it, reading it and running immediately for shelter (where?).

A second person isn't exactly difficult to come by if you're working on a missile alert system. I presume that second person's function of late has been to slap the first person who fat-fingered it..

17
0

Ecuador tried to make Julian Assange a diplomat

Lee D
Silver badge

Re: Obvious ploy but...

Strange, then, that they haven't done that for 5 years when it would solve the problem overnight, isn't it?

Article 9 of exactly the convention you state, look at my highlights:

1.The receiving State may at any time and without having to explain its decision, notify the sending State that the head of the mission or any member of the diplomatic staff of the mission is persona non grata or that any other member of the staff of the mission is not acceptable. In any such case, the sending State shall, as appropriate, either recall the person concerned or terminate his functions with the mission. ****A person may be declared non grata or not acceptable before arriving in the territory of the receiving State****.

2.****If the sending State refuses or fails within a reasonable period to carry out its obligations under paragraph 1 of this article, the receiving State may refuse to recognize the person concerned as a member of the mission.****

So long as we declared him persona non grata at some point between then and now he is not, cannot and never will be able to be classed as a diplomatic member who enjoys those rights. No matter what Ecuador says.

7
0
Lee D
Silver badge

Re: Smuggle him out in the Diplomatic Bag

It has to contain articles for official use, specifically documentation written for the purpose of the diplomatic mission. I don't think he comes under that.

Though it's a "nice idea", in that you could in theory use a shipping container as a diplomatic bag and hope they recognise it as such, it doesn't give you rights to just put anything you like in there - and it's been tried (and failed) in the past. Everything from space shuttle components to heroine to bombs.

And the knock-on diplomatic effects even if successful could cost them billions in trade, just for a prat they don't want any more.

7
1
Lee D
Silver badge

Why... we're not paying for him, Ecuador are.

Let them get bored of it, maybe they'll learn not to jump on political bandwagons next time (I bet it's hurt their political negotiating power with the UK since day one).

When they're bored of it, we have to start paying the same amount anyway to imprison him. Let them fund their own stupidity, and take out the difference (e.g. policing) from their next trade agreement with us.

They were hoping to use him as leverage but that obviously doesn't work out unless we actually want to deal with him.

11
1
Lee D
Silver badge

https://en.wikipedia.org/wiki/Diplomatic_bag

Read the Noteworthy Shipments.

Basically, if you're taking the mick, no it's not covered. And sending a human inside it has been done before (as has drugs, bombs and just about everything else), but is still taking the mick.

Thus still liable to seizure, arrest, etc.

"The packages constituting the diplomatic bag must bear visible external marks of their character

and may contain only diplomatic documents or articles intended for official use"

Given that the purpose of the bag is to move "The official correspondence of the mission", unless they'd tattooed their visa lists on him, I don't think you could class him as correspondence, hence you wouldn't be able to get away with just stuffing him in the bag.

9
0
Lee D
Silver badge

Re: It's a weird world...

Don't actually see that the UK is anything but a middle man.

"Please arrest him, here's all the paperwork"

"That paperwork isn't right."

"Oh, sorry, here."

"Nope, still not right."

"Oh, for feck's sake... HERE"

"Okay, we'll do that now that you've done it properly. Mr Assange... Hold on, he's skipped bail."

"Oh, well, forget it."

"Er... no... we're having him for skipping bail because we can't just have everyone do that. What comes after may be a matter of protocol, but we can't have people just think they can skip UK bail by running to an embassy and that's that."

I honestly think it will at this point be a million times more likely and a thousand times more embarrassing for him to come out, be arrested, sent to jail for skipping bail, six months without press, gets out of that and... literally nothing happens. Nobody cares enough to bother to chase him any more. A couple of press conferences and then fades into obscurity.

Pretty much the only reason we're still talking about him is that he's an outlaw. As it is, he's spent years in a self-imposed prison, will spend more in a proper prison, and then... well... pretty much whatever was going to happen will happen anyway - prosecution, extradition or nothing at all.

38
3

Brit transport pundit Christian Wolmar on why the driverless car is on a 'road to nowhere'

Lee D
Silver badge

Problems with automated cars:

1) Denial of service attacks. Though possible with traditional cars, they can call for help. Imagine being asleep for the journey to Scotland only to find the car stuck 100 yards down the road because it couldn't progress? Everything from painting extra white lines on the road (there's a guy who puts salt-lines on roads as an art-project to mess with the car's heads), to playing games with the sensors (stick some clear tape on the LIDAR, watch as your neighbour's self-driving car won't move because it thinks it's touching an object).

2) Technology immaturity. We just don't have cars that don't plough into the side of trucks - the stated Tesla case is proof in point... the car still hit the truck. An ENORMOUS truck. HUGE. At speed. Killing the driver. Whether or not the driver was dead in the passenger seat, it shouldn't have mattered. It shouldn't have been possible.

3) Liability. Because of the above, nobody has yet agreed whose fault they are if they go wrong. It's a bit I-Robot-esque to me. Either we have control AND responsibility, or neither. And that means ceding control to the car company. This could impact on everything from finance agreements (sorry, your payment is late, we won't take your wife to hospital) to social enforcement (sorry, you're all under 21, I detect three people in the car and it's past 10pm... you're not going anywhere pal). Also... who has liability for the loading of the car? If someone doesn't put their kid in the child-seat properly, how is the car going to know? But you'll still sue them to oblivion if it crashes. Presumably child-seats would still be legally required, or are we claiming they're so safe we never need to use them?

4) Mixing of autonomous and manual traffic - it's stupid, liable to danger, the biggest programming hazard, the cause of the Tesla accident, and easily solved by just... well, having a special lane, almost like a straight line between destinations, that only authorised cars can drive on, where the hazards are lessened and decisions and marking are clear-cut rather than negotiating the rush hour traffic at the Hangar Lane Gyratory. (P.S. we have that, it's called a railway).

I'd be quite happy with a special segregated lane, just for autonomous traffic, that is the only part they're allowed to drive on, and has all the special gear in the road to signal junctions, other traffic, etc. Put the safety in the infrastructure, not the vehicle. Literally, a personal train. And then roll that out bit by bit until all roads are like that and we can get rid of humans (50 years +). The suggestion to just have these things co-exist is a nonsense.

5) Over-trust in humans. If you don't need a driving licence to drive, then you will see them abused by people who aren't subject to bans etc. People will overload their autonomous car, let it pile through tiny backstreets late at night, leave them in the middle of nowhere like an abandoned shopping trolley, etc. And if the people who drove them can't be traced / stopped / banned, what can you do about it? It needs a kind of registration system at minimum. You'll see them used as drug-runners, porn-peddlers, even automated motorway adverts, getaway vehicles, whatever they can be misused to do. People will be loading drunk friends into them and programming it for Glasgow, etc. Wanna have a laugh? Summon 1000 automated Uber's to your mate's house and block the road. Who's responsible, the companies involved who made cars that block up the roads for hours for everyone else, or the guy who paid them them to do it?

But the biggest deal... we just don't have automated cars. They don't exist. We have software junk in a normal car with a couple of sensors. They aren't fit for purpose. Test them as people-less cargo deliverers for 5 years before you licence them to carry humans (thereby halving potential casualties). But we seem to be skipping that bit.

3
5

Stop us if you've heard this one: Apple's password protection in macOS can be thwarted

Lee D
Silver badge

It is a bug.

It just might not be a security-critical one.

There's no point having a dialog asking for a password that literally doesn't care what password you put in, whoever you are. Either the dialog shouldn't be appearing, or it should be refusing bad passwords.

This is not "a problem" in this particular context. But it's incredibly telling of the laxity of testing and the code-paths in the secure sections of code that Apple uses - not unlike the bug a few months ago that allowed anyone to get admin by.... doing exactly this... typing in any nonsense twice into a password dialog would let them log in.

What's wrong here is the process... quite what is popping up that password prompt and why does it accept the wrong password WITHOUT showing an error at all? And how many other places / weird combinations allow the same. If this was the only bug, sure, you could chalk it up to some form of coding accident. But this is only another in a worrying trend of "You must authenticate" "Gah, just have admin rights anyway" issues that MacOS has had.

Think not about what the bug is, but what it represents. Somewhere there's a piece of code that literally says "Even if that password fails, carry on regardless, using the admin rights, and don't tell the user". That's not a situation that you want to propogate throughout your OS code.

23
1

Apple agrees to pay £136m in back idiot taxes to UK taxman

Lee D
Silver badge

What we should do:

Make any company that pays less than 10% (or whatever) of its revenue as tax affix a mandatory sticker to every product they sell saying just that.

"Designed by Apple.

THIS PRODUCT WAS PRODUCED BY A COMPANY WHICH PAID LESS THAN 10% TAX LAST YEAR".

7
6

Russia claims it repelled home-grown drone swarm in Syria

Lee D
Silver badge

Nailed it.

Been waiting for this to happen for ages.

Now, when they say that they took some out with an AA missile, how many missiles for how many drones? I'm guessing that it's a lot cheaper and more practical to launch 1000 drones than 1000 missiles, especially if you only need one to get through and your target doesn't HAVE 1000 missiles.

This is basically what first popped into my head when GPS + load-bearing drones became a possibility. Not even a professional attack, either. Amateur terrorism. Coming soon to a city centre near you. It's scary stuff.

Maybe then these things will get some regulation (but that won't stop them either).

Literally nothing stopping someone making an "art project" of 1000 drones in a warehouse, and then making them fly out... over thousands of kms if necessary, by all kinds of random routes. Landing on a building should they be low on battery, solar panel on the back and off you go again (maybe even with a little fuel for an "emergency" launch if it detects someone approaching / touching it while it's charging back up).

Program in the same target location to them all, their origin will basically be impossible to ascertain (quite why these one's origin was isn't explained), they would come at you from all angles, over the course of many hours (or could be synchronised to the second but likely to generate attention while they wait around) and you'll never be quite sure if the attack is over.

It only needs one to get through to cause havoc, it'll generate scary headlines IMMEDIATELY and have a massive knock-on effect, it won't need a ton of funding, or for them even to be carrying anything necessarily, and it'll be hard as hell to knock out 1000 drones all in a little flock that you can't just get with one missile.

I would also think that rather than bombs, gas would be more effective - much more scary, basically only needs some scary-looking green fogging gas to be heated up to prove proof of concept and scare the life out of everyone, lighter, controllable, doesn't make you explode while you're setting it up, etc. and yet still a viable attack method if you did have some dangerous gas.

6
5

Parliamentary 'puters made 30k tries to procure pr0nz last year

Lee D
Silver badge

Re: Is that not a challenge?

You can't work for schools without being vetted. Even our access control guys / telephone guys / hole-diggers are required to be. The only exception is completely contracted-out staff under the strict supervision of already-vetted staff (e.g. Virgin Media cable pullers, etc.), which is why such work is often done when no children are present or someone literally has to stand with them at all times.

That doesn't mean they don't have a phone full of porn, though.

1
0
Lee D
Silver badge

Re: Is that not a challenge?

To be honest, there's not much you can do about it anyway. No filter will ever be perfect.

But the alternative is "no internet access at all" which is then a problem for everything from visitors to contractors to just general contingency if the computers go down.

As someone who does operate a workplace wifi network, including guest access, I can also tell you - it means nothing. The system is for a school and it blocks ALL access to dodgy stuff, everything from Facebook to porn (kids definitely shouldn't be trying to get the latter, but also they shouldn't be able to just join the guest network and bypass our Facebook blocks!).

You know what flags the most? Contractor's mobile phones during the holidays (contractors are rarely allowed on-site in term-time, and certainly not allowed to use their mobiles when they do because of the basic child protection rules). They come on-site, can't get 4G, they need to send an invoice, check a spec, download a manual, access their corporate intranet, etc. So they ask to join the guest wifi, and bam... all their background stuff hits the filter and sets off alerts. It's not at all unusual for someone to instantly be blocked because of the number of alerts, the maintenance team bring them to the IT office, they show us their phone and the second we unlock it there's a browser with a dozen porn tabs in the background and significant history.

Sure, it shouldn't be there. Sure, you can't block everything. But it's also not necessarily the best thing in the world to just block all wifi access (they'll just do it via 4G anyway... at least going via the Wifi you can make them accountable for it if it's something really dodgy).

To be honest, with something like Parliament, I imagine there are a thousand reporters who "just want to submit their story" but aren't able to just connect to 4G from inside the massive stone walls, so they give them a guest wifi. And I don't imagine the average tabloid journalist is averse to having a phone full of porn.

Fact is - there's a block in place. This lets you record traffic, see trends, get alerts. This lets you detect and investigate the illegal stuff immediately (I should hope!). While providing a useful function to guests, and not being a way to "bypass" restrictions on the normal network (because then you'll just have everyone join the guest wifi to do their "classified" work).

8
0

UK exam chiefs: About the compsci coursework you've been working on. It means diddly-squat

Lee D
Silver badge

Re: Numpties

You can spot a learner a mile off.

You won't care about their qualifications, as such, you'll notice the other stuff they've done. Seriously, do you employ someone in IT because they have GCSE Computer Science? No. You employ them because they have X number of GCSEs plus they've done this and this and this, and have this hobby, and built this, and this is their YouTube maker channel, and "Cool, how does that work?" when you show them around.

The only people who give any kinds of credence to GCSEs / A-Levels are: Teachers (because of school league tables), HR people hiring positions they have NO idea what they involve.

Industry certs are the same. I'm much more interested that someone actually managed a live network for X years than that they have the last X years of Microsoft certs.

Degrees are different - that's an optional 3/4 years of studying that they CHOOSE to do, at an advanced level, with almost no help from others. It doesn't even matter what they do it in - it means they're a learner by choice. But, like I say, you can spot the learners.

GCSEs are to get you into college for A-Levels,

A-Levels are to get you into university for degrees.

Nobody pays any real heed to GCSE/A-Level outside of that. Sure, it's often a "Must have basic GCSE in English or Maths" line in there somewhere, but HR write that, not the people who will be working with the guy. And there's some justification in there that you'd expect someone able to count/write properly to have passed through the joke-which-is-GCSE nowadays without any trouble at all.

Other than that, if you want to hire a kid you look for a learner. They can be a complete school dropout, you can still spot a learner ("I dropped out to start my own business doing... and I was successful for X years... and as part of that I did Y and Z...").

I have hired from the Apprentice programs. The guy had previously qualified / worked as a chef and a jeweller's sales assistant. He's now, two years down the line, an IT Tech for a large company with a career path and a work history in IT, beating all his "mates" who only have GCSEs or A-Levels (and, in a few years, degrees) in Computer Science.

Especially nowadays, all the kids have a big list of weird qualifications because that's what the schools push them towards if they don't get GCSEs. Hairdressing. Catering qualifications. Customer service. Etc. You can't really pay heed to them as EVERYONE has them, or could get them.

I have a degree. In maths. It proves I can learn.

I started an IT business out of university. It proved I am skilled enough to make a living and juggle my own staff / business / accounts.

My first "real" job, and everyone since, they couldn't care less about my GCSEs, ALevels or what my degree is in (three times I've had it stated that HAVING a degree is what they look for... lots of the people in high-power jobs have degrees like Art History or Geography etc.). They look for "what else has he done", "what has he done that proves he can do the job" and "what has he done that proves he can tackle something he's never seen before".

Sure, if you want a career in McDonald's, I'm sure GCSE's or "food safety" courses will help.

But if you're hiring personnel for ANY job, ignore the Qualifications page unless it's literally blank. Even being full of junk every year is suspicious (how do you find the time/money to do all those courses? Oh, your employer MADE you do them...).

But scoot down to the "what other transferable skills" bit and/or have a chat with them. They don't need a massive industry experience to stand out from the others.

9
0

With WPA3, Wi-Fi will be secure this time, really, wireless bods promise

Lee D
Silver badge

"WPA2 has some problems. It allows anyone with a bit of software to boot people off a Wi-Fi network with a DEAUTH attack. And it's not particularly secure."

I was a little surprised to find that the Cisco Meraki wireless kit in work takes advantage of this. Pretty much, you get a list of every wireless network "nearby" yours, with the option to "quarantine" it. If you do that, your own kit performs de-auth against any nearby clients trying to join those networks, which results in only "your" networks working and everything else literally disconnecting for everyone within seconds.

Obviously, being an unlicensed channel, this is possible but I was more than a little concerned about the legal consequences of such things. Being a large school, our site is in the middle of acres of fields, so we only ever see our own network and "rogue" networks trying to pretend to be ours (usually the kids trying to fool their friends) or things like public wifi from nearby coaches. But I was quite shocked that not only is it possible to easily block foreign SSIDs from even operating, but that this is sold as a feature (Air Marshal) that you can apply to ANY SSID you don't like, rather than just those trying to masquerade as your own.

It is, however, quite effective... if you set up an Android phone as a hotspot on the site, you'll find that no device is able to connect to it for more than a second without getting kicked off by the site-wide wireless. And, yes, the logs literally tell you that it basically performs a de-auth attack to do that.

If WPA3 does indeed find a way to stop this, I imagine that they'll find some other way to do the same, but still... it's a scary thing to have as just an advertised feature on a common managed wireless product. If someone did want to be malicious you could easily kill the wifi to an entire swathe of offices, houses, etc. in minutes.

35
0

WD My Cloud NAS devices have hard-wired backdoor

Lee D
Silver badge

Re: I assume that....

1) They probably have UPnP (read: Automated, unauthenticated system to instruct your router to port-forward any given port externally to any given IP/port internally. In case you didn't know that).

2) Talking out is enough to cause issues like this to be worrying as you can then use apps to connect back to the drive. Presumably they are now blocking that username combination but who knows?

3) It doesn't matter... it's much more of a risk INTERNALLY. People are suggesting using these as iSCSI devices, which means they are acting as backing stores and live storage for VM's for servers, etc. That's just dumb to have a pre-fab password. This time next year, every virus will have those passwords included and will probe the local network so that that tiny local infection can - if you don't have full isolation - turn into direct access to all your iSCSI storage, etc.

10
0

Skynet it ain't: Deep learning will not evolve into true AI, says boffin

Lee D
Silver badge

Re: Seems clear, refuse to use it if that's what you believe

Would I take the advice of an AI over a doctor's interpretation of the same result?

No.

P.S. For many years I was living with a geneticist who worked in a famous London children's hospital but has also handled vast portions of London's cancer and genetic disease lab-work. Pretty much, if you've had a cancer diagnosis (positive or negative) or a genetic test, there's a good chance the sample passed through her lab and/or she's the one who signed the result and gave it back to the doctor / surgeon to act upon. Doctors DEFER to her for the correct result.

Genetics is one of those things that's increasingly automated, machinified, AI pattern-recognition, etc. nowadays. Many of her friends worked in that field for PhDs in medical imaging, etc. It takes an expert to spot an out-of-place chromosome, or even identify them properly. Those pretty sheets you see of little lines lined up aren't the full story you think they are. She has papers published in her name about a particular technique for doing exactly that kind of thing.

The machines that are starting to appear in less-fortunate areas to do that same job (i.e. where they can't source the expertise, let alone afford it)? All have their results verified by the human capable of doing the same job. The machines are often wrong. They are used to save time preparing the samples etc. rather than actually determining the diagnosis (i.e. cancerous cell or not, inherent genetic defect or not, etc.) and you can't just pluck the result out of the machine and believe it to be true, you would literally kill people by doing that. Pretty much the machine that could in theory "replace" her costs several million pounds plus ongoing maintenance, isn't as reliable and needs to be human-verified anyway.

So...er... no. A diagnostic tool is great. But there's not a chance in hell that I'd let an AI make any kind of medical diagnosis or decision that wasn't verified by an expert familiar with the field, techniques, shortcomings and able to manually perform the same procedure if in doubt (hint: Yes, often she just runs the tests herself again manually to confirm, especially if they are borderline, rare or unusual).

If one of London's biggest hospitals, serving lab-work for millions of patients, with one of the country's best-funded charities behind it still employs a person to double-check the machine, you can be sure it's not as simple as you make out.

Last time they looked at "upgrading", it was literally in the millions of pounds for a unit that couldn't run as many tests, as quickly, as accurately, wasn't able to actually sign off on anything with any certainty, was inherently fragile and expensive to repair, and included so many powerful computers inside it I could run a large business from it. You can put all the AI into it that you want. It's still just a diagnostic tool. The day my doctor just says "Ah, well, the lab computer says you'll be fine" is the day I start paying for private healthcare.

Computers are tools. AI is an unreliable tool.

2
2
Lee D
Silver badge

What I've been saying for ages.

What we have is complex expert models built by simple heuristics on large data sets providing statistical tricks which... sure, they have a use and a purpose, but it's not AI in any way, shape or form.

Specifically, they lack insight into what the data means, any rationale for their decision, or any way to determine what the decision was even based on. If identifying images of bananas, it could just as easily be looking for >50% yellow pixels as it is for a curved line somewhere in the image. Until you know what it saw, why it thought it was a banana, and what assumptions it was making about the image and bananas in general (i.e. they're always yellow and unpeeled), you have no idea what it's going to continue doing with random input and no reasonable way to adjust it's input (e.g. teach a chess AI to play Go, etc.).

This isn't intelligence, artificial or otherwise. It's just statistics. Any sufficiently advanced technology is indistinguishable from both magic and bull. In this case it's bull.

The scary thing: People are building a certifying cars to run on the roads around small children using these things and yet we don't have a data set that we can give them (unless someone has a pile of "child run under car" sensor data from millions of such real incidents), nor do we have any idea what they are actually reacting to in any data set that we do give them. For all we know, it could just be blindly following the white line and would be happy to veer off Road-Runner style if Wile E Coyote was to draw a white line into a sheer cliff in a certain way.

We don't have AI. We're decades away from AI. And this intermediate stuff is dangerous because we're assuming it is actually intelligent rather than just "what we already had, with some faster, more parallel computers under it".

31
0

Proposed Brit law to ban b**tards brandishing bots to bulk-buy tickets

Lee D
Silver badge

1) So kids will have to have a member card to let them pick up the tickets. Not hard. You could even link them so your kids can use any ticket in your name, if you really want to.

2) Buying tickets that haven't been confirmed? Sorry, no sympathy at all. That's probably why there ARE so many resold tickets in the first place, and not enough for the people who want to actually go see. Speculative booking is at least partly the cause of shortages, and shortages the cause of speculative booking ("Quick, just order 2 while they have them, we'll see if Jeff can come later").

Compared to the sheer volume of tickets that are touted for every possible concert, such concerns are a drop in the ocean. And those other reasons are why the tickets are so hard to come by / so expensive in the first place anyway.

1
0
Lee D
Silver badge

I just think you'd find an awful lot of John Smith's by that method.

Better... "Your ticket is confirmed, Sir. You just need to swipe the credit card that you booked with to release your tickets at the box office."

In fact, I'm pretty sure that an awful lot of London theatres that I've been to operate on that exact principle, just not for every single ticket. There's no reason you couldn't demand card-only booking in this day and age, though (hell, it's already almost "book online in the first ten minutes" if you want tickets to anything popular anyway). The Olympics basically did that and few complained even if it was only one particular type of card, too! Or even a "member's card" (with photo) that you have to sign up for and which is disabled if it's used for touting.

There're all kinds of ways to stop touting or make it so difficult that you could crush the industry overnight. The fact that they're not used tell me that someone gets a backhander or that it works to the artist's (or their management's) advantage to allow touting even if they can't admit that because it's screwing over their own customers to get more money.

If you compare touting to eBay bidding, that's what I think happens. 10% of the tickets aren't sold until the last minute when those people so desperate to go are willing to pay so much more just for the chance, so the total income rises dramatically just by holding onto 10% of the tickets until later on and selling them via "other" sites (often related, as mentioned above). You still only sell 10,000 tickets, but the last 1000 get you 10 times more money ("because they were sold out, but look what I got!").

I can't believe it's not an industry set-up, rather then thousands of independent people all looking to make a quick buck and hang around outside venues carrying lots of cash.

They don't want a "fair" system - of 10,000 tickets being available for the published ticket-price. They'd make less money, and it would also cost administratively to run. They'd then have to put up the face-price of the ticket to compensate, and fans would revolt.

While it still says £30 (or whatever) on the ticket, the artists etc. aren't the bad guys. And while someone is still willing to pay £3000 for a "rare last minute" £30 ticket, even the touts are the good guys. Win-win and the only person screwed over is the guy who can only afford the £30 ticket but never gets one because he can't book in the first nanosecond. You can make more profit out of a touted ticket than 100 of those people, so who cares?

That said, I haven't been to a live gig in my entire life. Nearest I get is classical music, West End shows, or a stand-up comedian. Biggest piss-take I've had? Russell Howard at Wembley Arena. Someone bought the tickets for me at great expense, we were so far away the guy was a tiny dot even on the big screens, and it was basically his normal TV stand-up, with almost no ad-libbing or interaction with the audience. Paying a fortune to stand in a sweaty pushing crowd for hours to listen to a bad ad-libbed and interrupted rendition of a handful of songs you've heard a thousand times, and a thousand songs nobody would ever choose to listen to? More fool you.

4
1

ICO slammed for 'unfair' approach to FoI appeal by UK judges

Lee D
Silver badge

"Can't. Security, mate."

Now replacing "Can't. Data protection, mate" (which I've heard in the most LAUGHABLE of circumstances by people who haven't even read the DPA, nor have any idea what it's talking about).

[[I was once cited "data protection" by a bed company for sending out a free pack of missing parts to the shipping address that they'd shipped the bed to earlier that same day. Apparently, they could only send to the billing address (several miles away and not conducive to delivery of a bed in our new house) because of "data protection". P.S. Yes, they ended up shipping the parts to the right place after lots of yelling... sending a lorry out after-hours just to hand me a small bag of missing dowels and screws, so it never worked to their advantage to be obstructive and cost them a lot more than just the cost of the screws, including all future custom.]]

Sorry, but unless you can prove that releasing the entirety of the information requested somehow actually impacts national security in front of a court of law, I see no reason that you can't just be sanctioned into oblivion. Fine if you say "We can tell you this, but we've had to redact these parts", but to refuse the entire request? Nah.

You can't hide behind "national security" for everything vaguely military, because that's how you end up spending billions with golf-buddies because nobody was ever allowed to find out about it.

8
4

Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesign

Lee D
Silver badge

Re: Unusual stock trades

Correlation is not causation.

3
0

Shopped in Forever 21? There was bank-card-slurping malware in it for, like, forever

Lee D
Silver badge

Re: Question

Why were they downvoted?

"physical access to a terminal" - okay, fair enough.

"back office server" - storing plain-text credit card records? Strike one.

"head office PC" - storing plain-text credit card records? Strike two.

"plugging their own lappy into a live LAN socket in store"? No VLAN? No traffic encryption? No port-isolation? Strike three.

" (or weakly password-protected in-store Wi-Fi)" Strike four.

"infected website payload downloaded on the back office PC by staff at lunchtime etc" (See above)

None of those but literally access to a terminal should mean compromise. And even that means compromise of the terminal, no compromise of the entire system. Anything else is not only poorly-designed but not PCI-DSS compliant at all.

NOBODY - at any kind of office or otherwise - should be able to see the plain-text credit card data on their PC. From merchants to a central secured network with full encryption, which then submits to the bank over a similar encrypted channel, sure. But nobody should be using the credit card data itself (sales records and APPROVED/REFUSED are another matter entirely and should be on an entirely different system) at all except the bank. Hell, most of the retail-store systems you see just talk straight out to the bank over secured channels that the company has no control over.

That you can put ANYTHING on a POS network and have it sniff traffic, or compromise other ports, or do anything but talk over an encrypted channel to a bank is ridiculous. And certainly there should be no bog-standard office PC which has access to that data, even in theory for a large retail chain. Maybe a mom-and-pop shop, but they talk to the bank direct and the attack vectors are elsewhere in that case.

Honestly... just shouldn't be happening. And certainly shouldn't be CLOSE to a network that allows any kind of software update / attack / compromise of the system by a third-party. Their bank will have their ass on their PCI-DSS disclosures if that's even possible.

0
0

SuperFish cram scandal: Lenovo must now ask nicely before stuffing new PCs with crapware

Lee D
Silver badge

Buy it.

Wipe it.

Reinstall it.

Best way to find out:

1) That you have the necessary disks, drivers and software to do so in the future.

2) That it's standard stuff and not proprietary "Lenovo-only" hardware with tweaked drivers that's impossible to source, replace or upgrade with anything else.

3) That there's nothing on there that shouldn't be.

4) That you "activate" on a version of software that you're able to reinstall yourself, rather than some pre-fab activation that might fail in the future.

If you're doing this on a corporate-level, there's no excuse. You should have pre-fab images, software installs and policies to go from bare metal to fully-working and secured client, no matter what model you choose. In my place, we literally have ONE image that everyone uses on every machine. It doesn't matter what hardware we throw it on, worst we have to do is slipstream a network driver into the boot, add an MSI package, or tweak a setting somewhere for them all the work the same. Literally 20 minutes and whether it was fresh out of the box, or an existing client, and you are back on the domain with everything you ever had.

Malware re-introducing itself via updates? Well, you were managing updates, weren't you?

At home, sure, bit different because of what's available but the principle is the same. And it's a lot easier to take a laptop back the day after Christmas and say "Look, it doesn't even turn on" and get your money back / choose a different model should your reinstall not go to plan, than it would be a year down the line when you need to use the restore disk.

To be honest, post-Christmas I refuse technical support requests because it ALWAYS turns out to be thousands of preloaded bits of junk on new machines that people aren't familiar with and so it panics them. Sure, most of the time you just uninstall and put the Windows image viewer back on or whatever, but it can take hours per machine. And smartphones are doing the same nowadays. I always recommend people get their shiny new smartphone, reset it before they start (especially if it's second-hand, you have no idea what's actually lurking back there), and set it up from scratch. But even then you end up with a load of bundled junk that you don't want and/or services you don't need (No, Samsung, I don't want to enable all your proprietary link-sharing junk, thanks).

I would actually pay £5 on the price to get a phone which doesn't have that junk. An official option from the manufacturer (not some random guy). "We can install our value pack of common apps, and save you £5, or you can have a plain Android install". I'd pay that. And for sure that's got to be more than you'll ever get from those ad-ware pushers to forcibly install an app on my phone, no?

3
0

Brazil says it has bagged Royal Navy flagship HMS Ocean for £84m

Lee D
Silver badge

Re: Whats in a name

"We'd have to have loads of identical ships named Badger though..."

Great... stealth naming! Nobody on the enemy side would be able to determine which ship we were discussing! It would also help in obscuring financial package details for the ships, as nobody which know which was which!

"I'm afraid to report, Sir, that HMS Boat has sunk. But HMS Boat will be picking up the survivors along with an escort of HMS Boat and HMS Boat. The investigators are already loaded on HMS Boat and headed to recover HMS Boat now".

12
0

Now that's sticker shock: Sticky labels make image-recog AI go bananas for toasters

Lee D
Silver badge

There's a difference there...

That's quite a reasonable mistake to make. Thinking any silver blob next to a banana turns the banana into a toaster is not.

The human will apply the categories learned, and adjust if you say "no it's not". The AI can't without expensive retraining from scratch, and such retraining is liable to taint existing detection too. The human learns, the machine doesn't (despite the moniker "machine learning").

Everywhere I see computers replacing humans they are incredibly dumbed down and not applying intelligence at all. Supermarket checkouts... are they "guessing" user's ages like humans do? No. They need a human. You use computers and machines where you can describe the task required exactly. If you can't it has unreliable and unpredictable results. Anywhere it matters, you have a human. Anywhere it doesn't matter (e.g. a banana factory), well, it doesn't matter. Human or computer are on a par because the computer might be quicker but it's dumber too.

The car park wouldn't let me out last night as it read my number plate (beginning with LL) as something else for the ticket (beginning with CL). I had to actually put the ticket into the machine.

Pretty much this is what AI / ML / recognition has always been... works okay, but far from infallible, and only utilised where it doesn't matter about being wrong. Voice recognition literally cannot understand my voice, but all humans who speak my language can. Image recognition is essentially atrocious and easy to mislead without extra controls. Text recognition is the entire basis of using CAPTCHAs... computers are so bad at it and always have been (who actually OCRs nowadays?). Anything requiring interpretation of complex data... don't give it to a machine unless the machine is told exactly what to do.

This is precisely why you don't want a "self-driving" car, by the way. Not that you can't make a self-driving car. But one that tries to be human to self-drive is a dangerous and unreliable beast.

We are literally DECADES at least from any decent amount of AI, I would actually posit that we DON'T have it, in any substantial form, today. Precisely because you cannot tell what it's doing, therefore cannot control it sufficiently, therefore cannot fix it when it's wrong.

3
0
Lee D
Silver badge

This is why you can't have an automated adult-image filter of any worth.

The second someone can just put something small onto an image and radically change its categorisation without actually changing the overall nature of the image, you know it's going to end up in things like that to stop unwanted categorisation.

And vice-versa... some poor guy with a hacker's conference sticker on his backpack gets scanned by an automated system as having a rifle as he transits an airport, for example.

Until we understand what the "AI" (pfft) is actually doing to categorise, which criteria it's using, we can't make any comment on its accuracy or otherwise. Train a human to recognise something like a banana and they can tell you they are looking for a particular shape, size, colouration, orientation and apply those criteria using their learned knowledge of the object to identify zipped, unzipped, facing the camera or away, broken, twisted, ripe, unripe, etc. bananas. Train an AI and you literally have no idea whether or not it's just decided "if the center pixel is yellow, call it a banana" or some other random criteria that happens to fit "most" images of bananas but also a huge variety of other images and which can be turned to false detection by anyone willing to experiment.

This kind of "throw data at something AI" stuff is really doomed to failure, except where it really doesn't matter at all and where a human would be cheaper to employ anyway (e.g. a banana factory).

6
0

Judge rm -rf Grsecurity's defamation sue-ball against Bruce Perens

Lee D
Silver badge

"Peugeot cars are rubbish".

That may be an opinion. It may be said by me, Jeremy Clarkson, or just about anyone else. It's not provably false. Peugeot can't "prove" that their cars aren't rubbish, any more than they can prove that green is the best colour.

But no matter WHO says it, it's not going to damage Peugeot's business to any significant extent. Now, if someone said "Peugeot cars are dangerous, the seatbelts are non-standard, the engine's explode, etc." then that's a potential provably-false statement (simple statistics) and which could impact on the business of Peugeot if enough people see it, read it and believe it to be true.

In this case, however, someone has expressed an opinion on a legal interpretation that nobody has ever yet ruled on. So it's still opinion at this point. Additionally, no matter how influential Mr Perens might be - ala Jeremy Clarkson - in and of itself it's not wrong enough to warrant charges, nor is it damaging enough to warrant business interference claims. If it was, you would be able to subpoena the business records of said business and see the downward drop in sales immediately the words were uttered (P.S. last time I looked up grsecurity, I found a single entry for the american naval contracts which lists their TOTAL company value, it was a pittance much less than I have invested in a house before now).

Grsecurity is, essentially, one man. Who's a bit of a pillock. I've had regular run-ins with him on LWN.net and mailing lists. The reason he can't sell what he's selling is not that Perens is disparaging him (he's not... he's questioning the legality of a tactic used to sell GPL-licenced software in a way that essentially "revokes" the GPL of future versions should you give it away... an action which you're perfectly entitled to do with GPL software, which means it's legally dubious at best), but because he's rubbish at business - which includes an element of treating your customers fairly and respectfully, selling something they can't get elsewhere, putting value into that thing you sell, and not being hostile towards your necessary suppliers (in this case, the entirety of the GPLv2-only Linux kernel).

I'm sure the patch set is really cool, but that he's never been able to break it down to get through the kernel submission process (and even refuses to try, he just wants people to pick up a multi-megabyte patch and throw it into the kernel on his sole say-so, without review, and take no consequences for the results either) tells me a lot. Go wander through his comments online on the mailling lists and LWN.net. The guy is obnoxious and over-bearing and thinks he rules the world.

To be honest, given the legally-required business declarations to get the entry on the public naval contracts database I mention above, I'm amazed he has the money to even initiate a lawsuit.

32
0

A million UK homes still get crappy broadband speeds, groans Ofcom

Lee D
Silver badge

Vodafone do if you buy the "video package" (a few quid more a month, and then none of the popular sites count towards your traffic).

Three do for Netflix/TVPlayer. Can vouch for that first-hand, we use Netflix a LOT and none of it counts towards our traffic, and we have no TV so we use TVPlayer for anything live (yes, I do have a TV licence for the rare occasion I bother to watch anything live or on iPlayer!).

0
0
Lee D
Silver badge

Moved into a flat recently.

In a MAJOR town inside the M25.

Smack bang in the middle of several major roads, including the M25. You don't have to drive more than 2 minutes to be on dual-carriageways.

The default rental agreement includes some middle-man company taking over your electric, broadband, etc. and then you get your service from them ("you can change it later" - still not sure that's legal, but whatever). Didn't matter as the lady who phoned up asking when I wanted the broadband was disappointed.

I'd checked on the BT speed checker, the property gets 3Mbps on ADSL max, 5Mbps on ADSL2/VDSL max. Neighbours say the same. I'm not paying full-price for that! I wouldn't even pay TalkTalk rates for that. They can get stuffed. It's not like the line is a hundred years old or shared with a thousand flats.

"But, oh, you have to have broadband nowadays".

I agree. So I bought a £70 Huawei 4G box from Amazon (same one as Three and Vodafone sell for £60 but on 2-year contracts!). Then I bought a giffgaff SIM to test it and then, later, a Three SIM to actually get a decent amount of traffic on it (I don't hit 40Gb a month but it's nice not to have to worry). I was going to get a Vodafone SIM as for the same price, they do Netflix/Amazon Video/YouTube/etc. which doesn't count towards your traffic, whereas Three only do Netflix/TV Player on the same kind of deal, but Vodafone were stupid enough to send an email saying quite clearly "DO NOT GO TO THE STORE UNTIL YOU RECEIVE CONFIRMATION" but too stupid to actually confirm, so they lost out.

PING 29ms

DOWNLOAD 29.14Mbps

UPLOAD 18.63Mbps

That's at peak time. BT can't even guarantee me a 10th of that.

I can't say that I even care to notice the difference between 4G and broadband now. Slightly higher ping on a game, but I drifted from serious online live play a long time ago. Everything else - speed, bandwidth, etc. just seems to work like being connected to broadband, even a PS4 and Steam, and myself and my friends just connect to a wireless network to use it (and I can kick them off it, etc.). If I go over on traffic, I phone the telco or change the SIM for another temporarily.

And it's a tiny box, smaller than my phone, does 8 hours on an internal battery too, has wifi strength enough to cover the house, gets full 4G signal, is unlocked, and I can stick it in the car / take it to the pub / take it on holiday if I so wish, it just works the same. Even joined my Chromecast and local CCTV to it and it works perfectly - it can literally run the whole house and join it to 4G for internet stuff (port-forwards, UPnP, all the usual options that I immediately turn off). Hell, it can even piggy-back on another Wifi network if you run out of data, so I can run the house from my phone without having to change a single setting on the other devices.

Quite literally, when a guest asks for the password, I tap the (one) button it, throw them the box itself and they type the code in off the screen on it (WPS etc.), or even scan a QR code that it can display. Standard micro-USB charger too.

I can't say, with that little gadget, that I have any need for BT, a phone line or broadband. It's cheaper than buying a router, and cheaper per month than a BT package + phone line (would be even cheaper but I kept it on a 1-month rolling contract because I hate tie-in), and faster, and "just works" and even follows me if I move house.

Broadband's days are numbered if 5G is any better. 4G can run a house of people's devices (we all played Jackbox Party Pack over it with god-knows-how-many phones connected to it) and I'm purely limited by monthly data allowance (I just need to pay more or commit to a contract if I ever need more, however).

And it's gotta be most cost-effective and easier to find a business case for pushing 5G towers out into the sticks (one per town or whatever) than upheaving all the landworks for some ancient copper to get a pittance pushed down it and having to do that to every cabinet / house.

Sorry, ISPs, I tried. Virgin don't cover me. All the BT-based providers have the same useless guaranteed speed (which is just an absolute joke, sorry). The 4G box covered my "moving in" stage and doesn't look like it's going anywhere, and friends thinks it's great. And when my "ISP" can't fix my problems, I just grab a SIM from another company and carry on. I'm told it even works abroad nowadays, because of the EU roaming things.

Hell, I haven't even needed to buy the extra antennae to point towards wherever the phone mast is (god-knows... can't even see it).

6
1

Pickaxe chops cable, KOs UKFast data centre

Lee D
Silver badge

No UPS can be guaranteed to function through a short-circuit or other dangerous situation (e.g. phase crossing).

However, a datacentre uses UPS only as a brief stopgap, and the slightest delay in starting up the generators will mean dead batteries and a power blip inside.

But "UPS" don't provide "uninterruptible" power. They just provide a backup, like any other. When a dangerous situation exists, even a high-end UPS will cut out for safety. Yes, I've seen them do it. In one case, a phase-crossing accident would literally hard-power-off the UPS instantly without warning or beeping or anything - just a single red light. Just bang, down, wait for power to return to normal. UPS was doing its job, before, during and after.

A pickaxe through a cable is exactly the kind of thing that can bridge the live and earth, or multiple phases for instance, and UPS can't completely isolate the inside from the outside.

13
15

YouTuber cements head inside microwave oven

Lee D
Silver badge

Re: Average IQ

"I had a conversation with a friend recently who stated that she was sure that a larger percentage of the population had a below-average IQ now than 10 years ago."

Though completely misunderstanding the concept of an IQ, you can understand what she means, though! That's quite a good line.

8
0

Sky regulators brace for millions of Xmas toy drone sales

Lee D
Silver badge

Re: One law for the plebs...

Not to mention the animal cruelty.

9
0

Brit bank Barclays' Kaspersky Lab diss: It's cyber balkanisation, hiss infosec bods

Lee D
Silver badge

Re: ???

That's their business banking for small-medium businesses.

You know, those that have multiple-person sign-off on hundreds of direct debits / payments each month.

Pretty standard business setup, but why it has to be IE-only? The only explanation is basically the same old "Because we can only secure it by running ActiveX plugins capable of arbitrary code execution, connecting to the smartcards and transmitting to an IE/IIS-based website which has been put in every exclusion category possible to bring it outside the scope of all the browser security anyway".

0
0
Lee D
Silver badge

Great.

Would they like to advise me about what to do with a site that demands Internet Explorer only to transfer potentially millions of pounds on a website that forces us to use out-of-date Gemalto smartcard signing software (which we can't upgrade without it being unsupported) via ActiveX and which doesn't work any other way?

I'll be sure to leap right on their security advice after they sort that out, as well as that the BACS people demand we use the up-to-date version or THEY won't support us either. Oh, and this is some six months down the line of trying to get the right readers, smartcards and software to do what we've always previously done before.

Because sure as hell that doesn't sound like they have our security at the forefront of their minds to me.

10
1

Vivaldi Arms onto Raspberry Pi

Lee D
Silver badge

Re: So long... full screen...

Indeed... it took them ages to solve the "new windows open at random places/sizes" bug, and this time round they "solved" it by just opening everything fullscreen. What's wrong with a) an option and b) using the current window settings to spawn a similar window?

But they've taken so long to do anything vaguely useful, and there ARE password bugs (my work copy of Vivaldi has a password auto-plugged into the browser on a certain admin page, but there's no way to change it / delete it in the settings and I had to SQLite into the browser config itself to actually rid myself of it... but still it TRIES to auto-complete (but at least now it has the wrong password in its stead), that I've basically given up on it.

You can't even drag a bookmark into a subfolder on the bookmark bar. You have to lob it at the bookmark bar, go find it in the bookmark manager and try to slot it where you would like. After several YEARS of development on what is basically the Chrome backend doing all the hard work, that's atrocious.

But they changed the application icon three times!

Sorry, but Vivaldi is dead. Even a mail client is years too late for me. I only cling to Opera because it's got all my old email but now it's been two years since I've needed to query it, so I could use anything (and an owncloud-style webmail sounds so much better nowadays and would be like my own personal GMail from anywhere).

0
0
Lee D
Silver badge

Re: So long...

Vivaldi is Chrome.

Apart from some menu changes on a tiny bit of the UI, it does nothing different.

Basically my biggest complaint against it, because all that "we're going to re-make Opera" stuff was just hyperbole and it does nothing new or different compared to Chrome, and doesn't begin to approach even the ancient versions of Opera (despite all the rendering engine being written for them), let alone put in the features they promised or actually push any boundaries.

In fact, it's worse than that, because it's Chrome but when you use it on some websites, the Vivaldi identifier throws it and makes it say it's not compatible. For example, TVPlayer.com.

I had big hopes of it, and still run Opera 12.15 as my email and RSS client, but to be honest, the difference between using Vivaldi or Chrome is so miniscule I barely bother to look at which one I actually hit any more.

3
4

Damian Green: Not only my workstation – mystery pr0n all over Parliamentary PCs

Lee D
Silver badge

Okay, you wish to have an example?

I work in a school. I determine the IT policy in co-operation with the school. I do this using sources such as other school's policies, previous school's policies, current legislation, employer's desires, employee's legal rights and surrounding legal frameworks. Hence, I'm not just "making it up to be obstructive" but writing a real-world policy that isn't going to get me sacked by my own words for checking my GMail briefly in my lunch hour.

Are staff allowed to carry around home laptops and plug them into the network or chat home on Skype? No. Not even during their lunch hour. If they want to do that, they take a phone and go and do that on the phone. Anything else is an unauthorised device. In school that has the connotation of people plugging in unsafe devices, or accidentally capturing images of children in a playground (let's be honest... not the most serious of things you can do in and of itself, and anything "worse" should raise child protection concerns almost immediately in such an environment, e.g. taking a phone into the changing rooms, but still an issue you need to counter) but in Parliament I imagine there are lots and lots of other things you don't want visible on a webcam, leaking out of the organisation, plugged into the wireless, etc. etc..

But... Oh... wait... the phone policy in school is such that they can't use them during working hours within sight of the children or parents. So they'll have to leave work and GO OUTSIDE to have that call anyway. On their lunch hour. And they can't just answer the phone for random personal calls or talk to their mates while wandering the grounds even as a member of non-teaching staff (e.g. the IT guy...). Gosh.. it's almost like a policy that every workplace in existence has in some form or another that DOESN'T allow you to wander off and not-work for hours and hours and hours and hours on end, watching porn, while being paid by your employers to be doing a job.

My next questions would be "Why are they doing that?", "Why would they need a laptop to do that?" and "Why would that not come under "reasonable" non-work-related use of facilities?" Seriously, you have to video-call your kids every lunch hour and can't just use a phone or go a few hours during the working day? Sure, if they're ill at home and you have a babysitter. I think that gets classed under my exceptions as stated. Why does that need Skype, or a laptop, especially a personal one?

Does that mean they can have permission to just install Skype (which includes remote-desktop functionality and may require admin rights)? No.

Does that mean they can spend hours on it? No. (They should just go home, if it's affecting their work that much... hey, I'm more than happy to allow that for all my staff and have said to my boss "Oh, I sent X home, they were upset and in no fit state to work" and the response was "Okay". End of. Hell, I didn't even have to sign a form or anything, no wages were docked, etc.)

Does that mean that it's a sensible thing to do while they should be working unless it's NECESSARY? No.

Does that mean you can abuse such a privilege if it's been granted once in extenuating circumstances? No.

Does that mean I'm calling for a sacking offence for something taking their hands briefly from the keyboard home keys while they should be working? No.

(and I'm very reasonable in terms of family-work-life balance here, so I have no problems with such things in principle, I have a problem with you thinking that the same exceptions mean you can also surf porn for hours on end or that you HAVE to video-conference on an unauthorised device in a secure location including transmitting audio and video around the globe via third-party companies rather than just walk outside and make a phone call on what is quite clearly your own time).

To be honest, I'd much rather we had politicians who worked for a living like everyone else, didn't try to use the excuse that they have to personally entertain themselves at work just to "concentrate" (hey, I wonder if teachers should get that same exception... or the guy who makes your lunchtime sandwich... or that guy who works in the lingerie department.... does that just seem weird and creepy now, rather than something a human should be overcoming... 'scuse pun?).

A politician who can't concentrate on an important vote because he's insufficiently sexually stimulated should excuse themselves from the vote entirely because they're an adult, and if they're unable to cope with that they should do another job and let someone with an ounce of self-control do theirs.

Browsing porn on a work computer is a sackable offence in basically every job imaginable (maybe not being website developer for certain sites... but I bet even there you could get the sack for doing it too much unnecessarily!) precisely because it's unnecessary, unrelated, unauthorised, and you're being paid to be doing something else. No different to a postman who decides to spend an hour in the pub because he was a bit thirsty. Fine if that's YOUR hour, fine if you're not doing anything illegal (e.g. driving while drunk), fine if there's an extenuating circumstance (your van hit the van of the guy in the pub), etc.

Otherwise, no, you'd be sacked in almost ANY job known to man for doing so. Unless you're a politician, apparently.

2
1
Lee D
Silver badge

Problems I have:

- Tax-payer-funded machines used for non-work purposes.

- Tax-payer-funded people not working on work-purposes while in tax-payer-funded place of work (beyond what I'd consider reasonable, e.g. emailing their child's nursery, googling a flight number, etc.).

- Stupendous levels of idiocy regarding login sharing.

- Accusation that "anyone" could have got onto a machine to load it up with dirty pictures... which suggests poor system security, auditing and control as well as poor physical security.

Problems I don't have:

- That the allegation involves legal dirty pictures, in general.

I'd be just as mad that they were playing video games on it, or browsing dating sites, or spending an hour doing their online Christmas shopping.

However, this is the FIRST instance I've seen where people are starting to say "WHAT he was doing doesn't matter - so long as it's legal - as much as WHY he was doing it at that point, on that computer, and if he should have been doing something else". Maybe people are finally beginning to ignore the "political sex scandal" nonsense. But just a year or so ago, an MP popping out on their lunch hour to meet another consenting adult to have sex in a car in a secluded area with no money changing hands and no crime committed? Somehow THAT turned into a front-page scandal, which I don't understand at all.

Are you honestly telling me that the user agreement for parliamentary computers doesn't include a line that says "the systems should be used for parliamentary and directly-related usage only"? Because if they don't, my policy-writing service is available for what would be a PITTANCE compared to what the parllament IT director must be getting per hour. And breach of the usage agreement would result in suspension of the account and reporting to superiors until resolved.

Even in that case, though, sharing passwords would result in immediate account suspension and be dealt with much more harshly... that's literally breaking the law if there's a single piece of personal information contained on said systems/computers (e.g. a single constituent's email address).

7
3

From the graaaaaave! WileyFox's Windows 10 phone delayed again

Lee D
Silver badge

My place has Blackberries, Winphones, iPhones and ruggedised Samsungs.

Guess which ones give us no problems, everyone can use, never break/smash/crack, are easy to manage and lockdown, are cheap, modern, able to run most things, and which almost everyone is immediately familiar with the interface of even if they've never used one before (hint: No, not the iPhone, by a LONG shot).

Guess which ones are in my bin of replacements? Guess which ones we're retiring as fast as we can? Guess which ones get no signal at all? Guess which ones I have a box of that we basically can't get rid of? Guess what overpriced-famous-brand-of-tablet/PC-hybrid they're sitting on top of that we also couldn't palm off on anyone once they actually started trying to use it?

I can't figure out what people ever saw in Winphones or Surfaces, I honestly could not use them and noticed so many problems with them on day one, let alone after a year of testing, and yet people still bought them. I'd be quite glad to just throw the lot in the bin and only keep the Samsungs.

9
7

The Register - Independent news and views for the tech community. Part of Situation Publishing