Posts by Lee D

Re: "the cost of which would be automatically taken from their wages"

What kind of jobs are you applying for?

I've literally never signed on the dotted line without a full and explicit contract, with working hours, pay, break entitlement, a job description, etc. often signed *months* before I actually ever start work for someone.

All the other fancy stuff confirmed orally is - to quote a famous person - "not worth the paper it's printed on". Until I sign, I'm not committed. Before I commit, I *must* know the hours, pay, holiday and every detail. To do otherwise basically makes the contract negotiable, I just say "Nope, sorry, that's not what you said, and my contract does not mention those hours, so no... we don't have a meeting of minds, so no full contract, so no notice required".

My current contract is no different (and I have an electronic copy sent to myself via a verification service in case they try to claim "their" copy is somehow different years down the line, which basically guarantees what the contract said and when that was evidenced by an independent third-party) - it explicitly lists working hours, venue, breaks, responsibilities, holiday, pension, pay, and all kinds of things. It was signed and dated by both parties before my notice was handed in at my previous place.

"Not required by law"... that part's just nonsense. You do not EVER sign a contract without those details specified explicitly.

And you don't EVER work for anyone that insists that you do.

There is absolute no reason for a website to hijack a back button. If they can't handle double-entry of forms by checking for a previous submission with a unique token, they are idiotic. Session control is not optional, especially when someone *actually* being able to use the back button can duplicate the form (i.e. your "protection" against such things is fake if you're just trying to fudge with the user's back button - a rogue party could easily resubmit their form another way and overwhelm your system with duplicate orders, etc.).

With HTML5 and modern scripting, there is absolutely no reason for it. Google Docs can save my form on the fly with no effort - to the standard of outperforming Office auto-save on a local machine. So can your form. Your poor design is no reason to ignore the user or fudge with their entries (because they may want to go back BEYOND your site to the search they had up before and messing with that just hinders the user.

Your poor session control is no excuse for breaking the user's browser functions.

Re: I have yet to see a Powerpoint of any worth.

A slideshow of images is a different thing altogether. The subject then *is* the image. Rather than repeating what the image clearly shows.

I found proper exceptions: Dave Gorman. And Prof. Brian Cox latest tour that I intended (purely because humungous 8K images of the deepest universe are pretty... but even he knows to just have them as background while talking about something that needs no informational slides for him to explain).

Re: The best RNG so far is

Clearly they were either so pressed for every single instruction, or someone couldn't be bothered to read Numerical Recipes and code up even a basic one.

This from the same brains that later used a wonderful mathematical optimisation (https://en.wikipedia.org/wiki/Fast_inverse_square_root) when they had buckets more processor power to use.

Re: Dolt

"If your company has produced software with a (for example) timing bug which can't be reproduced at will by the user, you're still responsible for fixing it. Just because you can't reproduce it doesn't mean it's not a major PITA for your customers."

And the first question they're going to ask me on the support line? Can you reproduce that for us, because we can't.

Again *I* cannot fix a problem that I cannot reproduce. Others may be able to - and if it's a supported piece of external software, that's up to them.

Yes, in my career, I have had to say "I'll call the company. You know their turnaround on things like this is about 10 weeks, don't you? No, I'm sorry, I can't recode their program for them. They have to fix it. That means we have to wait for them to fix it. I'll try to find you a workaround, but other than that, it's out of my hands." In fact I've said it on a regular basis.

Just because it's a major PITA for my customers doesn't mean I can reproduce it, and even if I can reproduce it, actually fixing it is often someone else's problem.

(Say Word crashed every time you opened a particular file - no matter what you do, that file never opens, even on a clean install, even on an up-to-date install, on every computer, every test, it crashes - do you think you can *do* anything about fixing that? I don't just mean "recreate that file" but actually fixing the problem? No. Only Microsoft can. And even if you recreate the file, what if it's what you want to do that causes the crash, i.e. it doesn't like the data pulled from the production database? IT are not programmers - actually some of us are - but we're certainly NOT programmers with full development environments, complete source code to every program we deploy, and the ability to create patches for every problem as part of our normal working day.

The reason we pay for support contracts is for others to fix the problems they cause. I currently have at least three support contracts and one of them has something like 20 outstanding and reported issues, one of them from 4 years ago, that has never been fixed. There's *nothing* I can do about that, while the company wants to continue to use that software. In this case, the upheaval of removing that software is orders-of-magnitude worse than the outstanding issues, and the outstanding issues I cannot fix - I even produced an Excel that, using the data in the associated database, and after much churning, produces the output we desire. They still haven't added that function into the database themselves, and they probably have no intention to. And, yes, we have threatened to leave. They do nothing.

Sometimes, all IT can do is say "That doesn't work, don't do that."

Re: Cant see

Cheaper to incarcerate than man a police operation to surveil him for seven years, you mean?

Re: Sweden

I'd like to know how you think they obtained a sample of his DNA to test if his DNA was on the items, as you've alleged.

I can find no reputable link that mentions any nonsense like that. In fact, they *think* they found his DNA on one of the condoms from the other women - but they can't confirm without a DNA test. Hell, the other one could have just been the wrong one pulled out of the bin.

If he's that innocent, it'll all come out in court, she'll be made a fool of, end of story. Hell, if it was *that* much a cover-up all that nonsense you spout wouldn't be out in the public domain, would it?

P.S. DNA is far from infallible.

Re: Subcontractor’s network compromised?

"the unnamed contractor"

Re: At home

I work at a school. I had been explaining the reasons behind having fibre between buildings, even if they were small local runs of only a few feet, especially if the electrical phases between those buildings could be different (now or in the future!). Pretty much, everyone ignored me because the cabling had been in place for years and they didn't see it was worth changing it.

One night, a *huge* tree that is on the site was hit by lightning. It coursed down the tree, found some aerial cables including the cable that ran between a wooden maintenance shed and a permanent building... blew the telephone in the shed into smithereens. The other way, it entered the building and damaged a 48-port switch (which I still have to this day... the middle 24 ports are absolutely dead, and some of the others won't give PoE but everything else works, including the cloud management... we swapped it out and it's now our "test bench" switch).

From the building, it also managed to find some random and exotic bits of hardware, another telephone line that went through the air to some staff accommodation a hundred metres away, blew that up, took out a DSL router and a computer connected to it (not just the PSU, but the whole machine).

However, that same switch also ran a fibre back to the next building where several dozen machines and other critical pieces of equipment were all copper-cabled, not to mention several dozen phone lines, connected to all kinds of electrical equipment, all underneath where the boarding pupils lived. Not a dicky-bird, because the power couldn't get down the fibre. Everything else just stayed up. Fortunately, that building was only fibre all the way out to any other building.

And, again fortunately, I had the sense to run not just fibre between buildings, but also fibre between distant buildings (so if A is connected to B is connected to C, via fibre and switches at each, then I also connected A directly to C with more fibre so that when B was offline A and C could still talk). And then also connecting C to D and D back to A so that STP could do its job and provide a redundant route.

Basically, the fried equipment was more than enough to potentially start a fire in three separate buildings, but luckily didn't. The network just saw a switch go partly offline and routed around everything else. And from then on, every connection that went through open-air or the ground was changed for fibre.

Re: Emperors new clothes and neural network humbug

ANN is just "a statistics based magic box".

You plug things in. It makes some kind of spurious and random correlation between what you're teaching it and the input data, which you can't really interrogate, understand, improve or modify.

If you plug enough things in, it might train itself enough to work a percentage of the time. Then untraining, retraining or anything else? It's pretty much throw it away and start again - it's existing "superstition-based" intuition will trip over every exception to the point that it becomes painful to make any significant change after the learning plateaus.

It's been an unsolved problem for decades, we just get to throw more and shinier hardware at the same problem.

You would otherwise notice, for instance, that Google searches would become personalised, almost-psychic, tailored to every user... Siri would know what you want before you ask it... because millions upon millions of users are training it daily and it doesn't sleep - it should be learning exponentially. It's not. And over time everything you interact with that has "AI" would get better and better... it doesn't. Improvements are microscopic at best after the initial plateau.

Literally Siri and Google should be Skynet by now. The reason they aren't... AI and ANN in particular just doesn't work like that.

What we need is a really, really radical re-think of the whole thing with something entirely different. Because genetic algorithms are the same, ANN, everything we try hits the same problem. And for every million images you train it on, it takes a significant percentage of those images again to retrain it for the ones it gets wrong. And again. And again. With diminishing returns.

That's what secondary DNS providers are for.

It's almost like what I say is applicable to everything AND can be done at the drop of a hat AND for minimal outlay, if a day's GMail outage has, say, more than a £10 a year importance for yourself.

If you're using it because it's free, you don't really have much weight complaining that it's down for less than 1/1000th of the year on one occasion.

Re: This could be interesting

I can't.

The guy writing the court summary can if you read the PDF:

"These factual allegations are corroborated by publicly-available evidence.

For instance, as shown in the screenshot below, the Personal Listening Information of

18,188,721 “iTunes and Pandora Music Purchasers,” residing across the United States

(including in Michigan and Rhode Island), is offered for sale on the website of Carney

Direct Marketing (“CDM”) – one of many traffickers of this type of Personal Listening

Information – at a base price of “$80/M [per thousand records]” (8 cents each): "

"SRDS, another list brokerage company, offers for sale the same or a

similar list as the one sold by CDM, at the same price, and additionally offers a finder’s

fee to brokers who are able to find purchasers of this Personal Listening Information

(offering “20% commission to brokers” and “15% commission to agencies”), as shown

in the screenshot below of a publicly-accessible webpage on SRDS’s website:"

And it doesn't matter if Apple *weren't given* your age, income, education, etc. - they correlate it from all kinds of other sources and link it against your iTunes account once they've identified you. Think "buy the same kind of data from Facebook, Google advertising, etc. and then correlate the IPs":

"First, Apple discloses its customers’ Personal Listening Information,

identifying the names and addresses of its customers and the particular genres of music

they have purchased from its iTunes Store, to data aggregators, data miners, data

brokers, data appenders, and other third parties, who then supplement that information

with additional sensitive personal information about each of Apple customers,

including their age, gender, purchasing habits, education, household income, and

(when applicable) the number, age, and gender of the subscriber’s children. "

Re: Crikey. Where has common sense gone...

I tried literally everything I could think of to make my electronic handbrake fail. It steadfastly refused to do so. It also deliberately failed to activate inadvertently no matter what I tried. Whoever designed the switch in the new Ford Mondeo's did their job - just a perfect amount of debouncing/whatever to mean that a snap of it doesn't do anything, but a press-and-hold causes you to beep the horn using your forehead and nose. Same for the anti-rollback / auto-hill-start functionality. I can only make it release by doing really stupid things.

By law, it has to have an entirely dependent activation path. Sometimes that's an entirely independent ECU just for braking, sometimes it's part of the main ECU. Sometimes there's an entirely independent emergency power supply or power reservoir of some kind just for the emergency brakes. There are a lot of ways to do it, and a lot of regulations around it.

Read this, looking for "parking" in the PDF:

http://www.unece.org/fileadmin/DAM/trans/main/wp29/wp29regs/R13hr2e.pdf

The paragraph you're probably looking for:

"In the event of a failure of the energy source of the electric control transmission, starting from the nominal value of the energy level, the full control range of the service braking system shall be guaranteed after twenty consecutive full stroke actuations of the service braking control. During the

test, the braking control shall be fully applied for 20 seconds and released for 5 seconds on each actuation. It should be understood that during the above test sufficient energy is available in the energy transmission to ensure full actuation of the service braking system."

What that means is, even in the case of total electrical failure, I should be able to put the brakes on at least 20 times from the handbrake. A large capacitor can do that. It's just a solenoid, after all.

Re: You mean, like, Caller ID?

I just whitelist.

Unless you present to me a known CLI that I have chosen to accept in the past, nothing gets through. You can't contact me? Shame. Maybe that's because I never gave you my number in the first place (or didn't want to but was forced to, or someone else gave it to you, etc.).

For personal use, I just mute the default ringtone and make known contacts have a ringtone that sounds.

For business use, I only bother with SIP and then it's just a matter of pushing them through a SIP-based menu if you don't recognise their number from your whitelist. They don't even connect to my site unless they can get past that menu (which has an option to leave me a voicemail, which I treat just like unknown spam email).

If you're hiding your CLI, I don't want to talk to you (the old joke: You want to hide your number, fine I'll 100% respect your privacy by not taking your call...). If you need to contact me, you'll be given an option to leave a voicemail. If you can only get through by calling from a proper CLI-number... oh what a shame... that's like only being able to send me an email if you come from a proper domain, with proper reverse DNS, that's not on a blacklist, etc. etc. etc. No different. At worst case, I google the CLI phone number and if nothing comes up, I assume you're a spammer.

And if it's anything even vaguely important, like an unpaid bill, a contract you need me to sign, or anything along those lines... you'll send me a letter. And I'll discuss it with you at my convenience.

I've cut the landline. I have a 4G box instead. The number of that is my "spam" number because... well... who cares, it can't even ring anyway. My mobile phone (20+ year old number) operates a whitelist like above. I get less spam on that than anyone else I know. My inconvenience factor of "someone couldn't get hold of me" is basically zero - people I know have no problem getting through. And my backup plan is that I have a Draytel SIP account in the background, connected to my router. If I need to, I'll move to that, and send you through a verification switchboard menu first.

Fact is, the last 10 years I've had that option and I've not been pushed to it yet.

I'm on the TPS, I don't sign up with my numbers to anything, and I get almost nothing anyway - maybe a number that people online say is a "have you had an accident" caller once every three months or so. I'm presuming they just try every possible 10-digit code or whatever and hang the TPS. They don't get through. 99% of the time they don't even get to a voicemail. I don't have the time to mess with them or play games or even answer them so I don't... if my phone is ringing from an unknown caller and I need to use the phone, I just press hang-up and dial the number I need.

I've not yet missed anything important in 10+ years. I don't see why others would suffer the way they do. A friend of mine just bought one of those services/phones that blocks so-many-CLIs and things... it's useless, and the blacklist fills up very quickly, and they have to PAY for it... to the same people who are delivering those calls and being paid to do so in the first place. Sod that.

If it ever really becomes an issue for me, I'm only about 2 days from getting a bunch of 07 numbers from a SIP provider, or something like Skype, and just let them get spammed to oblivion and never answer them to anyone I don't know. Cheaper all round. To be honest, I think I'd just do it through my router or a PC with a load of 3G dongles... and just load Asterisk, FreePBX or similar to send them in circles if they are unknown. It's not yet come to that, though.

Why a telco thinks they'll see anything of my money while this is happening and they aren't taking the simplest of actions against it, though, i can't fathom.

Re: First step, tell them to fire security

Much, much more valuable than any amount of "security" stopping people doing things is to *let the only person who cares* know that something's happening. If you got an alert the second a door was opened and shouldn't be, you can stop it in action, deter future attempts, etc.

The problem is that even most business have "an alarm" that doesn't actually alarm anyone - it annoys the neighbours and that's about it.

If you care about security - whether student flat, shop front, or large warehouse - you have to let the right people know. An alarm that's monitored and can invoke a police response is good, but if you were to text the guy who owns the company, they can do things like log into CCTV, check it's a crime in progress and ring 999.

Your "security" only needs to be a security canary - enough for something to fall over and trigger when something happens that shouldn't. (same goes for antivirus, by the way, which I refer to as the "virus canary" when users asks what one they should spend a fortune on, and why their expensive one didn't notice the quite-obvious virus on the machine... when it falls over, you have a virus, it's that simple, and that's its real job). Hence most big locks / systems are pointless.

A system that alerts the right people (which includes the burglars but notice that it *doesn't* include the neighbours as they are useless and will only be annoyed by any noise if it goes off), in good time. Everything beyond that is really pointless.

I watched a police programme the other day where a huge Mothercare was broken into. It was the *police* arriving, after a member of the public reported the shop being "left open", that called the keyholder to let them know they'd had their entire front glass door smashed in, and clothing nicked.

At that point, I really wondered what the point of them having an alarm at all was.

I'm still wondering what idiot named a network "3" thus making quite a lot of things un-google-able, not to mention look outdated the second 3G was superceded, making itself difficult to understand to the uninitiated ("Why would I want to use a free network?").

It certainly wasn't the person who named their customer app "Wuntu", but it might well have been the person who recently gutted it of pretty much all the useful benefits.

Re: Just change the filenames ?

To be honest, it takes seconds to run the "file" command against any file and it'll tell you what the real type was, whether the extension is correct or not. It'd certainly spot VM images.

Of course, all you need do is what you SHOULD BE DOING ANYWAY. Encrypting anything you "backup" to random third-party servers somewhere else in the world.

Proper encryption, resulting in a ".bak" or similar file, rather than just copy/paste your VMs as they are for anyone who works at that company to poke through.

Though the presumption of innocence is required in a court of law, it's not something that meshes well with fleeing from the law and breaching bail conditions. This guy ran away from a UK court's custody because he didn't want the possibility of having to stand before a Swedish court.

Sorry, I probably couldn't be impartial in that case. Same as when people resist arrest without good reason, or mouth off as they are being arrested for something (or, indeed, not being arrested at all until they start mouthing off and get themselves arrested).

There are certain things that innocent people just don't do. My sympathy plummeted to zero when he did that, and further down when he decided to hide in an embassy and preach from the balcony every week.

On another note, it's been the quietest I've seen in a long while for Assange-related tweets and soapbox moments. If I start a kickstarter, can we keep him banged up for the full 50 weeks instead of letting him out half-way?

Re: I'm boring

What tool are you using that allows remote reboot/shutdown as an option from the desktop screen without using a CLI to override?

Get a better tool. Even RDP just removes that option, and you have to "shutdown /r" in a console to make it do anything like that.

It's a technique I use - a nice red background for the admin users suffices to make things clear that there's danger ahead or you're in the wrong window. Because, obviously, you don't work day-to-day as an admin user, right?

If only people who worked as administrative users on server-grade hardware remotely (e.g. for customers) could take a second to, say, double-check before they press "Restart Now"...

Re: *COUGH* "Now if everyone would just move to IPv6... "

P.S. Any IP address of any kind is under no obligation to respond to ICMP anyway. It's nice, sure, but not necessary or required.

Google are telling people that over 25% of their accesses are coming in over IPv6... 1 in 4 people around the world are using it when they go on Google. Do you think they all sat there and deliberately configured it, or do you think it's just a base protocol that's part of the requirements of major technologies like 4G?

https://www.google.com/intl/en/ipv6/statistics.html

My story is not from the industries in question but:

- My car insurance came up for renewal.

- I got a renewal quote that was more than previous year (no idea why, clear licence, no complexities, lots of NCB, etc.!)

- I went on comparison sites. Got prices literally half of the renewal cost.

- Phoned up my insurance company and tried to negotiate a deal. Quoted the exact same cover, the costs, the companies that were offering cheaper (basically all of them!), etc.

- They literally said that they were unable to knock even £10 off the annual renewal cost. Nothing. Nada.

- So I went with the cheapest from the comparison site. Who use the exact same underwriters, the exact same insurance portal (you can see the design is identical and the URL goes via the same centralise provisioning with online insurance docs etc.), provided more benefits, did it all online, and cost me half the price.

We had a contracted printer services supplier for something like 15 years. They used to lease us the printers, support them, supply toner, etc. throughout the entire site.

- One year the renewal went up nearly 20%.

- We argued. No movement.

- We got quotes from dozens of other services. No movement.

- We showed them exactly what was quoted, which was better kit, for lower prices, on shorter contracts. No movement.

- We offered to take lower services / buy out some machines and put them on the support contract only. No movement.

- We told them "We don't want to go with an unknown. But if you go down this road, we won't renew, we'll just go elsewhere". No movement.

- We went elsewhere. We kept one printer (it was nearly "ours" so it was cheaper to keep it for a few months than pay it off) with them.

- They witnessed the new kit come in. They had to change their kit to be compatible (firmware upgrades for newer Papercut versions etc.) at their expense. The new kit from the other place was basically what these people had been trying to sell us to replace our kit for years. No movement.

- The final lease finished. We asked them to come collect the dregs of it, thus removing the very last reason for them to ever visit site. They took it away. We replaced it with another serviced model from the new company. No movement.

My experience is that even if you make a huge effort, and give them all the chances in the world, most places have absolutely no idea of customer loyalty whatsoever and are run by "computer says no", and that any threats or actions are useless unless - and this is important - they could and would have given you that discount at any time anyway. If you'd literally just asked your mate, who was on a cheaper deal, and queried it, they'd give it to you just for asking.

Generally speaking, if you want my custom, the price is only a single solitary factor in that decision. Knowingly screwing me over comes higher as a factor.

As even Del Boy says, "they may not be cheaper, but at least they smile when they take your money".

If I wanted the cheapest deal, I'd be on TalkTalk broadband, driving a Fiat Panda, and do all my shopping at Lidl. None of those are true, for the vast majority of the population.

Re: I don't get it...

It's easy to give away the farm and make a loss by supplying a decent product to people below the actual cost of production.

You just have to have a rich idiot bankrolling it... or pulling it out of bankruptcy a couple of times, or maybe a few investors convinced that "one day we'll be selling thousands upon thousands a day"...

No different to "Moviepass" in the US - that was a great deal for anyone who was a consumer. Pay a pittance, then watch as many movies in as many cinemas as you like! Wonderful! Doesn't mean it's a good business idea.

For centuries people have implemented business models that resulted in wonderful value for the consumer, and great product, but at a loss. It's nothing new. The whole dot-com boom was basically the same thing. Here, have everything, for free, because it's "online". Now... whoops... who's paying for that?

Musk bankrolls all his companies, he has legitimately insane amounts of money from his youth, most of his places have neared bankruptcy at least once, he's injected huge amounts of cash into them, because to him it's just a hobby / vision, not a business. Some of them "profit" in the short term (e.g. SpaceX) but most never see their full investment back ever. Even if they did, the investors would want their money back first before prices started to drop for the consumer.

There's a reason that the shareholders in Tesla aren't particularly sad to see him gone from the board, and why they immediately raised prices and/or cut costs once he'd gone.

Tesla, SpaceX, etc. are Musk's toy projects to spend his billions on. That's it. When the funding goes, the business underneath is basically unsustainable in the condition that it's currently run in. He's like the rich kid running a lemonade stand from his dad's Porsche and never making a cent. When he pulls out, and takes his funding with him, all that's left is a vastly unprofitable business. But, sure, he makes good lemonade with only the most expensive and finest Sicilian lemons...