* Posts by Lee D

4232 publicly visible posts • joined 14 Feb 2013

Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold

Lee D Silver badge

"Windows 8.1 is supposed to receive monthly security fixes until January 10, 2023, and for Windows 7, January 14, 2020."

Great. I shall set my deployment plan for Windows 10 into motion in January 2022.

Four-and-a-bit more years of bliss before I have to deal with that heap of junk. That's an entire hardware/software cycle to me anyway.

I mean, making 8.1 work like 7 was bad enough, but pretty much you could get there and not have people notice.

SCARY SPICE: Pumpkin air freshener sparks school evacuation

Lee D Silver badge

"After the break, we'll be bringing you the story of the Lush store that was shut down as a chemical health hazard. Keep watching."

Dumb bug of the week: Apple's macOS reveals your encrypted drive's password in the hint box

Lee D Silver badge

Re: To be fair

AND THE HINT IS COPY/PASTE OF A PASSWORD FIELD THAT SHOULDN'T BE ANYWHERE IN PLAIN TEXT.

Literally, they have two variables;

Password

Password Hint.

They have taken plain text from the user, put it into password and that's ended up in password hint by mistake.

But EVEN PASSWORD shouldn't be like that. It should be opening keychain, or it should be hashed and stored and the original immediately disposed of, and it certainly shouldn't be accessible to the disk encryption program. That the password and the hint are handled anywhere near the same way tells you that they're doing it wrong.

The entire PROCESS is wrong, such that a simple error reveals the password. That password shouldn't be sitting in a plain-text field to begin with, such that it can be confused and accidentally written somewhere else.

(Hell, I'd argue the password shouldn't be in memory as a string anywhere... I would code it so that the password box was really just a keyboard-event receiver and for each key hit I would throw the received key straight into the hash function and store only that in RAM. Store the last 50 hash functions to let people backspace (and, yes, stop, them clicking into the middle of the password and typing extra chars, etc.) - show it as a password box with X amount of *'s in it, but only store it as a hash)

Lee D Silver badge

Re: To be fair

It's more worrying than that.

Plain-text copies of your password are being used and stored. That's just not how you do it. You take the password, hash it like mad - including salting it - and then encrypt using the hash.

If you have half-a-brain, you then use that only to encrypt the REAL key that unlocks the drive, rather than the data itself.

In this way, the password is not stored anywhere. You have to match the salt and hash (which can only come from the password the user types in), to unlock the real encryption key (which can be many times stronger). Nowhere on the disk is stored "My Key Is: ...", only users who know the password can log in, anyone can steal the drive and NOT be able to unlock the key, because the drive isn't unlocked until you've typed in the password, there's no chance of there being remnants of the key stored on that same drive, and you can back up the critical headers which store the real key (and the initial password they were created with) and so recover the drive later if something goes drastically wrong or the user forgets the password they changed it to.

There's a reason that TrueCrypt and all its descendents work like that, as well as any sensible commercial encryption software. Because anything else is snakeoil.

The Disk Manager app should have PRECISELY zero access to the actual password, it should be hashed and salted immediately on entry and only THAT passed to the processes that need it. That fact that there's even a bit of code that resembles "put plain-text password into this structure" means that they did not design the encryption properly, whether or not they slipped up between "password box" and "password hint" box.

Support team discovers 'official' vendor paper doesn't rob you blind

Lee D Silver badge

What a stupid failure mode and assumption that is, then.

Hell, put a barcode at the BACK of the empty slot and if you read that barcode - yeah, it's fair to assume it's empty. Or a 20p micro-switch testing for physical presence per slot to distinguish "no tape / physical obstruction" from "tape has a slightly smudged barcode".

But tapes get handled and modified, and it must have read it once to put it in that location. It's bad design to not distinguish between a bad barcode, and one that doesn't even exist.

Lee D Silver badge

Coupled with the usual "Oh, no, we haven't changed anything" syndrome from the customer, most likely.

Yeah, it's odd that in a device costing quite a lot of money, nobody bothered to put in a routine that said "Hold on, I can't read that barcode, better alert the user in an obvious and sensible fashion".

HPE server firmware update permanently bricks network adapters

Lee D Silver badge

This.

But more precisely - why does a driver let you update it except against known-good firmware?

Quite literally "Sorry, you have to update driver firmware to continue, to at least X.X.X which has been tested with this driver".

If the ***only*** official way to do it is to update the firmware and then the driver, the driver should be checking that the firmware is up-to-date and refusing to continue.

And I'll tell you the answer - because they will break as many systems that way as any other. People will be stuck on old firmware/drivers because of a bug in or one or the other that they know hits them elsewhere, so they don't upgrade at all, rather than risk having to do both.

But, honestly, with this kind of kit - you literally say "Not a supported configuration" in your update tool, and then offer the path to get a support configuration (i.e. update the firmware first, then the driver). At this level, if it's not been tested, it shouldn't be possible.

Microsoft Edge shock: Browser opts for Apple WebKit, Google Blink

Lee D Silver badge

"On iOS, we are using the WebKit engine, as provided by iOS in the WKWebView control. "

Because Apple will literally not allow anything else.

Chrome is the same on iPad, just a wrapper around the same controls.

ALL IOS BROWSERS ARE THE SAME ENGINE. Hence, there is literally no point, as you can't change or improve anything to do with the rendering whatsoever.

Been telling people this for years, but nobody listens and they still install "another browser" on iOS.

P.S. Also bad from security perspective - one flaw, hits all iOS users no matter what they use.

Toshiba, you can't have 14TB served on a platter. It'll take eight, at least

Lee D Silver badge

I'd still much rather have an affordable 2Tb SSD.

As in MUCH rather.

That's the second article today on hard drives (Seagate, Toshiba) and I actually question why anyone is still pumping money into them, except to get the "last run" of hard disks out the door.

I do hope that these companies aren't spending all their time and money faffing about with helium.

Is it the right time to virtualize?

Lee D Silver badge

Re: Not always

VM's migrate. Physical servers don't. You can send them to another datacentre, onto a server you've never touched before and it'll work and keep running like you'd never switched it off. That's a real bonus that you hope you'll never have to utilise.

VM's make better use of server resources. All those "spare" VM's that aren't actually doing anything can sit idle on servers that ARE doing lots of other things. That stupid VM sucking up Gbs of RAM for no real purpose or usage can be pushed back to swap while the ones that need it can use the hypervisor's real RAM. Few things use a lot of CPU - Exchange uses almost nothing, so it can co-exist with VM's that are CPU-heavy, but IO-light.

Additionally, yes, VM backups are SO MUCH NICER. No more faffing by cherry-picking system state items and hoping that you can replicate the config should that fancy network card blow up and you need to put it on something else. Just backup "the machine", with every configuration on it and every setting and snapshots of the historical settings. Done.

VM's also snapshot and replicate: snapshot the live server, spin up the replica in a test environment, play with ALL the settings and break things, and know you can roll-back to known-good instantly even if you made a mistake. Sometimes in seconds. And being able to "splice and test" like that is invaluable. "What WOULD happen if we upgraded that primary server to the next version of Windows?" - don't guess... do it... see what happens, just by branching from a snapshot of that EXACT server. Delete it when you're done, or push it back into production.

And redundancy costs twice the resources (or more) because it's redundant. That's the ENTIRE POINT.

VM's are the only thing I'll use now. The only blockers are those stupid things that DEMAND a certain piece of hardware (e.g. dongles, etc.). Everything else, you get a VM. I run CCTV NVRs from inside VMs and they work perfectly. And it's cheap to spin up a VM every time someone says "the guy is here to install the software for X". Don't faff - just give them an entire VM to do whatever they want in, and then put that VM on your network. They can have no argument then about "Oh, well, it's not compatible" or "it's because you have X installed", etc. Most of my vendors are offering their appliances (e.g. webfilters, firewalls, etc.) as VM images now.

VMs and VLANs are the best thing to happen to in-house IT in decades. It's literally makes your network portable, to the extent that there's one backup device in my pool which is just a cheap NAS, large enough to hold and offer every VM out over iSCSI.

I could take that box. Find ANY decent server hardware. Load those VM's. Boot them up. Have EVERYTHING running as it was in under a day. Literally my entire network in a box. And - in theory -the only thing I'd need to get running on new physical hardware is a way to load up the one VM that's the hypervisor to all the other VM's. Nested hypervisors are cool.

Lee D Silver badge

Re: Has a Blog Bot kicked in?.....

Glad it's not just me.

"Is it the right time to virtualize?" - er... no... that time was about 10 years ago, mate.

To me that's at least three hardware cycles, servers and clients.

Sure, network virtualisation is still a bit "what's that?" to most places, so I can understand not touching it. But servers - yes. Storage? Depends. Most people don't do a lot of storage, but the article is aimed at datacentre (or so it says).

But "should you be virtualising your old crusty servers?" Hell yes. Unless you are in HPC or similar, of course you should. You should have been doing it for YEARS already.

Web uni says it will get you a tech job or your money back. So our man Kieren signed up...

Lee D Silver badge

Re: "...a good percentage of the population is not suited to programming..."

Damn right.

I could write any program someone wanted (if it was a program that could be written). Pretty much, I could write it in any language (those esoteric non-traditional ones would be a real struggle but I'd pick them up). I can't guarantee a timescale at all, but I'd be able to do it. I've programmed in everything from BASIC to x86 assembler, Pascal, FORTRAN. C. Java, hand-crafted Z80 opcodes electronically zapped direct into a memory chip. I've ported software between platforms, ripped-out-and-re-done entire codebases, patched my own code onto the Linux kernel and other people's projects, and been doing it all for years. I sat through years of courses on coding theory, compiler design, etc.

But for sure, I'm not a coder. Doing it professionally? Pfft. No thanks.

I'm sure I could write any program I needed, and I'm often really frustrated by the tools I'm forced to use and know they could be made better. In some cases I've actually done just that, where it was an option. But coding is a skill that is rare indeed.

Instead I work IT management in schools. Let me tell you, thousands and thousands of children from a range of abilities and ages have passed through my systems. I help out in coding clubs and we build and fly drones and all sorts of things. Independent (private) or state, primary or secondary, etc. Would you like to know how many of them there are that I believe could, one day, go on to be a full-time software developer? Maybe one or two. How many could knock up a quick script or program or even a complex macro in their adult years, or become a hobbyist programmer, without having to literally be taught how to do so from scratch? Probably a few dozen. Maybe slightly more.

As a percentage, we're really talking less than 1% for most of these things. Which is right. Less than 1% of them will become aeronautical engineers, or explosives experts, or forensic scientists. But for some reason people assume that "everyone can code if you just teach them". That's true right up to a point. And that point is where "computing" (using a computer) becomes "computer science" (understanding how they work). That's where almost everyone who uses a computer gets stuck. In the same way that we can't all be car mechanics, we can't all be programmers. We all need to use the tool, we don't all need to understand every intricate detail of it.

We've lost sight of that, though. Especially in education. Programming is really something that you either have a knack for (I would say I do) or not. You can nurture an existing natural predilection to being able to think like a programmer, but you can't instill it if it's not there.

The other day, I glanced out of the corner of my eye at some code a 9-year-old had written in Python (which is pretty cool, don't get me wrong, but if it's just taught by rote it tends to be forgotten REALLY quickly). My brain picked up on four syntax errors, a couple of potential integer range situations, several comparison errors, mis-typed and mis-scoped variables, and all kinds of other things. I didn't even need to analyse line-by-line. I don't even program in Python. My brain did it without my intervention.

I'm not sure that's something you can teach that easily, and certainly it's not something possessed by many of the teaching staff, including those in ICT. In 20 years of working in schools, I've met three teachers that I think could write a program. One a Maths teacher, one a former COBOL programmer of old, and one who worked in industrial control before going into teaching. The ICT teachers get most aggrieved if I mention that. But they absolutely cannot program (they might be able to TEACH it, but they can't do it - that's quite common in all subjects of teaching). I mean... it's not unfair - I couldn't teach kids, even the simplest of things. That's why we have the jobs that we have. But people who can code, even in the IT industry as a whole, are few and far between.

Mozilla extends, and ends, Firefox support for Windows XP and Vista

Lee D Silver badge

Re: Here lies Firefox ESR 52.x.x: Sep 2002-Jun 2018

I want to see what a number of the major banks and card services companies are going to do when ESR doesn't work on a machine any more.

Because they all like to use NSAPI, etc. and can't hide behind "just run Internet Explorer" any more.

I'm not sure there are even drivers for most things I use that work with any APIs in place to use things like smartcard readers on modern browsers, which points to major hardware replacements to compatible models or an awful lot of new software to cope.

European Commission refers Ireland to court over failure to collect €13bn in tax from Apple

Lee D Silver badge

Re: Debt Collectors

A court order is a court order. You comply or go to jail. It's quite simple.

E.g. your child is removed from your care. You can appeal against it. Does the child stay with you while the appeal goes on?

E.g. A million pound judgement is made against you for a public liability (i.e. you let someone kill themselves by not having adequate safeguards). The court orders safeguards and to pay the victim's family. Do you think you can string that out for a year and not do either?

E.g. You don't pay your tax bill. A court orders you to pay your tax bill. You dispute that X should be marked as an expense. You STILL have to pay the court, while your appeal is occurring.

Notice the word escrow in the article. i.e. we have the money from Apple, it's there, nobody can take it from us, but we won't budget it / use it / spend it until the appeal is actually finalised. And if we do need to give it back, we can do so quickly.

With a court, you comply. If you win the appeal, you'll get it all back. All you lose is the potential interest on it, but if you're dealing in figures of billions, the interest on that is really chicken feed still even if it sounds a big number when stated alone.

Feet-dragging in a case like that is really just politics, not law. Apple are REQUIRED to pay Ireland, who are REQUIRED to collect it. That it takes more than a day to organise is ridiculous, even if you have to shift it between accounts to make things tally. Ireland are dragging their feet not because lawyers are filing appeals - the escrow covers that and the court has ALREADY ordered Apple to pay - but because they don't want to lose Apple's business.

Personally, I'd be adding on interest for everyday it was overdue.

Hollywood has savaged enough sci-fi classics – let's hope Dick would dig Blade Runner 2049

Lee D Silver badge

Bladerunner isn't that great .. well, it's alright. But it set the aesthetic. In the same way that the book Lord of The Rings collated and set the aesthetic for lots of similar tales and settings. And how things like The Matrix set the aesthetic for many similar movies.

The problem - The Matrix was good because it wasn't trying to be too clever, it just introduced you to a well-thought-out universe with a unique aesthetic, You can drop in the deja-vu, and the "bound by rules" and all the other bits and it's all new, fresh, interesting and makes sense. The rest of The Matrix movies are trash. Literally just action films where he gets more and more ridiculously powerful. Boring. (God, just remember that final fight between Neo and Smith that just goes on forever while they destroy the world around them... you just think "You might as well just give up, because beating each other with lampposts etc. isn't working no matter how many times you do it"). I would hold that the thing that kills the Matrix sequels is, quite sadly, the whole human city thing. Too much time in caves and pipes and not enough inside the Matrix, and the time inside the Matrix is just never-ending fighting with someone who basically doesn't really get hurt.

The same happened with Alien / Aliens (both set their own kinds of aesthetic, I happen to think Aliens is much better in doing this). Everything past that was just "let's throw in something different at random" while pretending it was more of the same. It wasn't necessary, it didn't really work, and now the whole franchise is just trash. Alien 3 figuratively changes the colour of everything (and literally, too - think of Aliens, you think blacks and blues, think of Alien 3 and everything is brown, even the alien), even though the story has gone "unskilled crew vs alien in confined space ending with lone woman, over-equipped military against alien on huge planet, unskilled crew vs alien in confined space).

There are lots of movies that set their own aesthetic, most are not all that good. The early Star Wars movies, moves like The Thing (for zombie/alien like movies), etc. If you are setting the aesthetic for a genre that's not been seen before, it will become yours, and that movie will be used as the standard (I've heard many people see/read cyberpunk stuff and call it "Bladerunner-esque".

But the problem is that new storylines and new aesthetics are few and far between, and aesthetics are easily ruined. Those kinds of opportunities can be squandered. And sequels don't work too well once you've set the aesthetic as you're then competing against a movie with the same name and idea and aesthetic. Alien/Aliens is probably the only one I can think of that's really successful in that regard, almost because it's two different movies: "alien vs lone survivor" and "alien vs elite military unit packing state-of-the-art hardware".

It's not even about original actors, or same scriptwriters, or same directors, etc. Remember Highlander? First was great. Second was trash. The aesthetic change kills it.

Bladerunner set the aesthetic, but then was also overrun with re-interpretations. Sure, everyone probably likes a different one but it hit saturation really quickly. That's cost it dear in the sequel-viability stakes, as has the amount of time that has passed. Again, going back to Aliens, it had the Special Edition - people will prefer one or the other. [Special Edition is better than the original (if you exclude all the namby-pamby Ripley-famliy nonsense)]. It was a way to get "more" out of the original Aliens aesthetic.

But sequels don't cut it. They change too much, alter the aesthetic. The movie that makes a second aesthetic that's as good as the first, without just piggybacking or reinventing everything, is really rare. I foreesee any Bladerunner sequel trapped there - they can't abandon the aesthetic of Bladerunner, but they also can't add much to the story that will introduce new things to it without breaking into something else.

And because it's an undefineable quantity, it's almost impossible to promise or to prove, so any such attempt to follow it with even the smallest claim to being able to replicate (ha!) it is really quite dishonest. When film people say "We're going to move in a different direction", it's because they know they can't compete on an aesthetic level.

I think what Hollywood misses is that often we want more of the same, without having to put in "new" stuff too. We'd give our hind teeth to make the Aliens movie just 10 minutes longer, but we wouldn't want fleets of marines arriving to take out the mega-queen or whatever. I'd love to have had The Matrix play out to a movie twice as long with some of the elements of the later movies, but as soon as you shut the clapperboard for the last time and then try to resurrect it a year later, you lose it.

Aliens was so cool to me, that when the Colonial Marines video game came out, and it had original voice, sound effects, licence, etc. I was over the LV426. Now I could play IN THE MOVIE, as it happened, with the same aesthetic. But, no, it was just dire because it was all reinterpreted, and rushed. But I was more hyped about being able to BE Hicks, exactly as it was, exactly like an 80's movie, with motion trackers that now look out of the Ark, and original gun sounds, etc. than I was about any of the movies that followed.

You have to keep the aesthetic. Nowadays. I imagine any sequel would be destroyed by over-use of fancy special effects, rather than just keeping on par and inventing new twists rather than just "telling us more" about the story.

White House plan to nuke social security numbers is backed by Equifax's ex-top boss

Lee D Silver badge

Re: Confused identification with authentication.

At one point I was issued a Government Gateway ID.

It allows me to file tax returns, get a new passport, change the photo on my driver's license etc.

At the start it was a long random code and a key-pair.

Then it was just an identifier and a strong password.

Even businesses have such an ID to themselves, to file tax and various other information.

If the UK government has this kind of thing worked out for the last 10+ years, then I'm sure the US government can work it out, given our history of government IT projects.

The only thing is that we haven't rolled it out to ABSOLUTELY everyone (it's probably a bit early for that, while we still have pensioners that have never used a computer in their life), but it's there.

MH370 final report: Aussies still don’t know where it crashed or why

Lee D Silver badge

Re: planet is surrounded by spy satellites

Do you know how big the planet is?

And do you know how small the resolution required to see a plane is?

Hint: No, you can't see the Great Wall of China from space.

Sure, if you want to peak at a building in the Middle East, you can move the sat to look at it and take hi-res pictures, etc. But over 25,000km of empty ocean, not a chance that you'll see more than a dot, and that'll be hours stale, so you'll still have no idea where it went or what happened or even what direction is was actually flying in by the time you get the image back.

People forget that, tiny though the planet is, the world is HUGE and there are all kinds of humongous things that just aren't visible unless you're specifically looking for them, and that even when you're looking for them aren't easy to track - because we HAVEN'T turned thousands of miles of empty ocean into 1984-style surveilled territory for one-in-a-million plane flight that we had no idea was going awry until it was far too late anyway.

Seriously, go find a whale on Google Earth. I guarantee you that in the vast trackless ocean mapping there, there's a whale surfacing somewhere, because there are hundreds of thousands of the damn things and they're huge. Don't cheat. Start in the middle of the ocean, max-zoom, and go find one, just by looking and scrolling around.

Now guess what? Google Earth is updated once-in-a-blue-moon for most locations like that, and even if you saw the whale, could you tell where that whale was now? Absolutely not. That's pretty much the best spy-satellite you'll ever get to play with, and it's damn useless for that kind of task.

An MH370 plane has precisely 60.9m wingspan. Let's call that 60m. Let's pretend it's square and obvious, to make the maths easy, so call it a 60m x 60m sheet of metal. That's 3,600 square metres. The search area is 25,000 square kilometres. Which is 2.5 x 10^10 square metres. That means you could fit, in the search area alone, 6,944,444 planes. 7 million planes. You'd have to search 7 million plane-sized images to find it. If each image took 1 second to photograph and transmit, it would take 84 DAYS before the amazing-mega-spy-sat-2000 went back and took the next image at the first spot. If the plane WAS in the search area, and you stabbed at a point at random, you stand more chance of being struck by lightning than hitting the plane. And that's if it's fully visible and not submerged, broken up, confused with anything else (e.g. whales!), etc. AND that it's in the area you're looking at.

Add in the 3D of water and ocean and junk settling on something on the ocean floor and you stand slim chance of finding it even if you have a rough idea where it went down.

Despite what the movies might show you, satellites aren't that good (limited by the same stuff as telescopes on Earth spotting those satellites), nobody sits watching thousands of miles of empty ocean, and a plane going down is a tiny speck in the world.

BBC Telly Tax petition given new Parliament debate date

Lee D Silver badge

Why should you pay for the NHS if you haven't been to the doctor this year?

Why should you pay for subsidies for telecoms connections to poor rural households when you have plenty of money / don't use a phone / live in a city?

Why should you pay for pavement repairs when you drive everywhere?

Why should you pay for street lighting when you carry a torch if you go out at night.

Why should you pay for a police force if you don't commit crimes or get burgled?

Why should you pay for people to monitor riverwater when you don't even fish?

Why should you pay for schools if all your kids are grown up?

...

Taxes are paid, a small amount by all, to pay the large amounts for the few. That's how they work.

To be honest, I'd be quite happy to scrap TV licensing and actually just tax TV purchases. Literally put a 10% import / sales tax on new TV's. Problem solved. No complicated paperwork, no real evasion of it, easy to enforce (just tax the importers/manufacturers like you do for all kinds of things anyway), and then put the funds. Bigger, luxury TV's with all the knobs on would be charged more than tiny little screens, etc. Or even a tax on streaming services, there's no reason you couldn't tax Netflix/Amazon Prime/Google Play/etc. or subscription providers (Virgin, Sky, etc.) and make them increase their prices to reflect that.

The administration, legislation and enforcement of such licensing must cost me more than the BBC ever sees from my paying it. And I've lived without a TV for many years in the past, I didn't miss any of it. It's now literally the "something to watch while eating tea" phase of my life, and anything I do watch is purchased streams/DVDs of old shows and very, very rarely anything new.

When the tax rule is anything more complicated than "some percentage of an amount we collect anyway", without lots of disclaimers, exceptiosn and differences, the administrative costs just don't make it worthwhile. "10% on every new TV sold" is easy to implement, collect, enforce and prove evasion of. But they should have done it a year pre-digital, and THEN they could have raked in enough to keep the BBC going for 10 years on that.

Home Sec Amber Rudd: Yeah, I don't understand encryption. So what?

Lee D Silver badge

Gosh, maybe we shouldn't expect someone trying to draft laws about something to actually understand what they're drafting laws about and not make ridiculous claims?

Whether you're a techy or not, if you're drafting laws, you CALL IN EXPERTS. That's what you do. You don't just make up things that sound good. And if those experts are telling you that your plans are rubbish, untenable, have knock-on effects, etc. then maybe you should listen to them rather than put fingers in ears and go "La, la, la, can't hear you".

This is what annoys me most about modern so-called democracy. People without a single clue are just as likely to end up in a job as someone who actually knows what they're doing. I never get why ministers of various things have ZERO BACKGROUND in those industries/areas.

"We have consulted with experts, and they advise us that this isn't the best way to go about things, so we will look for other solutions". What the hell is negative about that sentence?

There's a way to dodge Fasthosts' up-to-160% domain renewal hike but you're not gonna like it

Lee D Silver badge

Re: Price gouging.

Defending your trademark does not mean you buy up everything with your trademark on it.

You literally just sue whoever put up that domain with the unauthorised usage of your trademark, and force ICANN/whoever to suspend the domain / remove it when that court case starts / finishes.

It's like saying "to defend the trademark Nike, we need to buy up anything that has the word Nike on it". It's just a nice way to go bankrupt fast.

That said, where there is fair usage (e.g. "nikesucks.com") then they'd rather pay the $50 to own it themselves than let someone else humiliate them in court by winning rights to such a name (which they often do). But then, surely, that person would just buy "nikeREALLYsucks.com" if they couldn't get the first one anyway?

It's all pointless and achieves nothing but some people have domain-name fever and throw their money at naming authorities, while everyone else just thinks up a name that nobody else is using or makes do.

I remember when novatech.com used to be a military equipment supplier. The number of times I landed on there by mistake when trying to get to novatech.co.uk was unbelievable. And then Google came along and it's quicker to Google "novatech". It seems that, in the intervening years, they obviously paid someone money for the .com too, though.

Lee D Silver badge

Personally, I use Tagadab:

.uk domains at £10.00 + VAT for 2 years

.com for £7.99 + VAT for 1 year

There was a time I used to use a much better niche company (justhename) but they got bought out and ended up being under the PlusNet brand when BT took over. Needless to say, they're just completely gone now. But they had cheap, simple, easy domain management and didn't try to faff with anything else, and they had one really cool feature they called "URL Masking" (which was actually an Apache reverse proxy set up at their end, so that you could forward the domain to, say, cheappwebhosting.com/~username/folderpath/, and it would retrieve all requested files from there and present them as youdomain.com/filename - it was a fabulous way to make your domain very portable (store the same files anyway, change the path), without anyone knowing where it was actually hosted).

If anyone knows a company with a feature like that, give me a shout, or I'm going to have to read up on the Apache docs and do it myself.

Lee D Silver badge

Re: Price gouging.

Simple. Non-standard domain names TLDs are the vanity plates of the Internet world.

You are paying for "ownership" of an arbitrary string. Certain strings are "worth more" because the people in charge of writing the strings down say so.

It's literally that simple.

Lee D Silver badge

Or... just take your domains elsewhere.

Man with 74 convictions refused permission to fling sueball at Google

Lee D Silver badge

Streisand Effect.

UK lotto players quids in: Website knocked offline by DDoS attack

Lee D Silver badge

Re: It would be interesting to know

The problem with DDoS is that you can only combat it from one step higher.

If you're DDoS'd, you need to implement a filter on the data coming in BEFORE it comes down the line. And with Distributed, those filters are more complex than you might think (i.e. millions of random web requests from random IPs would do it, but how do you distinguish real users?).

Pretty much, that's your first port-of-call, and the end of your worrying. The upstream then has to work out where it's coming from and try to filter from source, if that's possible, or just swallow the traffic for you. It matters not what YOU have in-house, that's always capable of being overwhelmed. It's what your upstream partners have, as they are the ones collating packets from millions of smaller connections into one big bundle for you, and they have to fix it there, not just blindly send it to you.

No amount of technology can really solve that issue, while it's still possible to generate a genuine web request from a genuine user's compromised PC, as that genuine user, it's impossible to distinguish no matter you put in the way of cookies, authentication, behaviour-tracking, etc.

It's cheap to tell 1,000,000 computers that you don't own, to all access a website at the same time. The people who own the computers are paying for the resources. It's not cheap to run a website capable of dealing with 1,000,000 extra visitors without noticing.

As time goes on, the problem isn't going to change much except in scope. We can only hope that backhaul transit increases in sizes proportional to the average home broadband user. While it takes, what? 10-30 compromised home fibre connections to flood a 1Gbit leased line now, if that scale doesn't increase at the same rate at both ends then it becomes even easier to swamp a connection.

(it's wishful thinking that larger connections would grow at a faster rate than home ones, however).

What happens when every user has uncontended gigabit? You better hope that every ISP becomes good at filtering, or that every backhaul and datacenter start offering 100Gbit as the basic business leased line / the interface to the cheapest server they rent out.

To be honest, servers in datacentres would be my worry. It's pretty standard to get only 100Mbit or 1Gbit networking. Most servers running in datacentres, therefore, could be taken down by a single fibre home-user with a grudge quite quickly if there was no mitigation. And paying to have every single blade / VM / whatever to have 100Gbit connectivity and necessary switching/upstream for that sounds expensive

Lee D Silver badge

I'm fairly sure that if there's one organisation with the money to buy enough bandwidth and filtering to handle a DDoS, then it's going to be Camelot Group. Especially as it would just be filed under "operational expenses".

Apple Mac fans told: Something smells EFI in your firmware

Lee D Silver badge

A cloud-managed network (e.g. Cisco Meraki) would be able to provide anonymised version information on all kinds of things without having to actually interfere with a customer's network.

It's a real FAQ to ex-EDS staffers: You'll do what with our pensions, DXC?

Lee D Silver badge

Final salary pensions are an unsustainable joke.

You spend your life from age 20 getting to a figure, slowly raising and raising from minimum-wage (or better) to the highest you're ever likely to earn. Then you retire at 65. That's 45 years of salary earned. And at that point you expect that probably-maximum salary to continue for free until you're... what... 90?

That's 25 years of full-salary paid back to you.

Then you need to pug away AT LEAST 56% of your earnings from 20-65 to sustain you in that amount from 65-90. And probably a whole lot more, if you ever earned less than the final salary at any point.

Even if you assume you'll only get to 75, that's 22%.

22% of EVERYTHING YOU EVER EARNED EVER (not even counting tax, interest rate rises, depreciation, etc.). Likely 30-40% by the time you take that into account, even for someone who is expected to die at 75. By the time you work out the odds, profit for the insurance company, sustaining those who live into their 100's on salaries much higher than yours but paid for out of the same pot... 40% seems positively generous.

40% of every you ever earned, from the time you started work / left uni. If you reach even the bare bottom of life expectancy. Hint: Those likely to be offering final salary pensions probably have good jobs, and therefore will have lived better and therefore for longer.

It's not sustainable. And it's being funded by screwing over the generation below (by the companies going bust, the pension offers being made worse, etc.).

There's a reason that state pensions are a pittance, aren't final-salary, and yet represent huge percentages of the total money paid out by government - more than healthcare or education and FOUR TIMES that of defence:

https://www.ukpublicspending.co.uk/chart_central.php?title=UK_government_expenditure&meta=government_expenditure

Final salary pensions are entirely unsustainable. And yet we offer them to VAST TRACTS of industry and civil servants.

iOS apps can read metadata revealing users' location histories

Lee D Silver badge

Feature-creep caused by overly-open permissions on basic apps.

No, the camera app doesn't need GPS or location permissions. If a user chooses to add it, they will add it to every photo, by default, forever. And there's no easy way to remove it from all those photos, or strip it when it gets uploaded to other apps / website that don't also have location permissions.

Sure, it's as much "the camera app put the location into the image file" as it is "apps given photo access can read the location", but the problem is still creeping into ever-more permissions for the most basic of apps.

There is no substitute for fine-grained access control permissions.

NatWest customer services: We're aware of security glitch

Lee D Silver badge

I abandoned NatWest in the 1990's when they were still insisting you needed to use IE with ActiveX controls to access online banking as other browsers "weren't secure".

To be honest, working in IT back then, I was hardly the front-runner of new technology in everyday life anyway, but I just moved to a bank that had a vague understanding of what SSL actually did.

Power meltdown 'fries' SourceForge, knocks site's servers titsup

Lee D Silver badge

"their redundancy failed us..."

Er... no... your COMPLETE LACK OF REDUNDANCY failed you.

EasyJet: We'll have electric airliners within the next decade

Lee D Silver badge

Re: Batteries?

You either need a highly-targeted and VERY dangerous beam with immense amounts of power, pointing towards an aircraft for the majority of its flight, covering pretty much the entire flightpath. fighting against the atmosphere which can block up anything if it's foggy, to a series of high-resilience devices capable of capturing and converting said energy with little to no loss, which need to weigh less than the battery to make it worthwhile, while also requiring all the same propulsion tech as these guys will need to develop anyway.

Or you could just stick a battery in a plane, refine the science, and hope that by the time you get anywhere close to success that just about ANY power transmission technology is viable. Hell, if you get that far, you'll plug it full of AA batteries if it works out cheaper and easier.

Dyson to build electric car that doesn't suck

Lee D Silver badge

Re: I can already see the styling.

And you have to press 14 hooks, buttons, levers and releases in the right order to open the bonnet.

Lee D Silver badge

Like all these kinds of announcements:

When I can buy it, actually buy it and get it delivered this week, then I'll worry about whether or not to choose yours or the others in the shop.

Until then, it's just hot air. If I'd laid money down on even 1% of the technologies that would "be available in X years", but then never materialised or were a complete waste of time, then I'd be bankrupt by now.

Until it's available to purchase, it really doesn't exist from a consumer point of view, and there's no point cooing over what it might/could/will do.

Helium's for balloons and squeaky voices, not this 10TB Toshiba beast

Lee D Silver badge

"Your correspondent has a 1TB iMac with a 1TB external disk drive and is now feeling severely undernourished capacity-wise"

Sell the Mac, buy a real machine, buy a handful of 1Tb SSDs with the price difference.

Smartphone SatNavs to get centimetre-perfect GNSS receivers in 2018

Lee D Silver badge

That's all well and good.

But does the mapping, and indeed the routing software, actually care about that level of accuracy.

Take driving off a motorway intersection. My sat-nav is always convinced I've continued onwards until, quite literally, I'm off the motorway by some tens of meters. The software cheats and just assumes you've followed course until you hit a big error margin at which point it's willing to accept defeat and recalculate.

How are you going to utilise cm-level accuracy without a) bugging the user because he drifted slightly left or b) having to "debounce" all the location logic so it doesn't make decisions based on tiny variations?

"Better signal" in difficult locations is great. But the accuracy thing is a bad sell.

Wanna get started with practical AI? Check out this chap's Rubik's Cube solving neural-net code

Lee D Silver badge

Chess has 9+ million positions after only three moves each (and the initial starting points are pretty restricted in movement, so it quickly becomes 34m+ for the same amount of moves mid-game).

It's still not very difficult to think three moves ahead, however. And it's much quicker for a COMPUTER to literally iterate 34 million moves than it is to "guess" at a 75% accuracy.

Lee D Silver badge

Everything wrong with AI / machine learning in a nutshell.

A simple task, that a child can do, constrained to the bare minimum of logical processes necessary (i.e. no actual movement required, just literally "rotate row A then column B", after immense training plateaus to the point of uselessness before you're six moves away.

Tell me... what does a Rubik's cube six moves from completion look like? I guarantee you that it looks "almost done".

And then it's not reliable (only 75% solution rate) and doesn't scale (or they'd run it for longer to improve that reliability / number of moves).

Pretty much this is where AI is. Let's throw data at something acting randomly, wait until we've culled anything not resulting in success, then claim it's "intelligent" even when it can't then do six moves to complete a cube.

Web devs griping about iPhone X notch: You're rendering it wrong

Lee D Silver badge

Waits for first website that pretends to be the wifi icon/menu, stealing your wifi passwords in the process.

This is just Apple all-over. "We did something unnecessary and stupid because it's 'designer', the world will just have to suck it up and change the way they work just for us."

Alexa and her kind let the disabled or illiterate make the web work

Lee D Silver badge

Does anyone else find it amazing that in 2017, there are still people who are illiterate?

The article doesn't mention it (Why? They couldn't read it!) but - unless you have a specific and recognised learning difficulty - why are there still people who avoid text?

I work with a guy who has LITERALLY (sic) never read a book in his life. That just shocks me.

However, though I'm sure Alexa/Siri/Cortana are useful, I'm always more concerned with - how does a person who relies on those kinds of technologies secure their account. Security and accessibility seem to be polar opposites.

Latest Linux kernel release candidate was a sticky mess

Lee D Silver badge

Re: Lights the touch paper and sits back!

(Pictures Apple guy in the next garden with a fabulously pretty fireworks display... shown as a webcam stream on a 200" screen in 4K).

Brit military wants a small-drone-killer system for £20m

Lee D Silver badge

There's only one man who would dare Raspberry me!

Lee D Silver badge

Why would you think they would be radio-controlled?

It wouldn't be infeasible, now, today, as an "art project", to spend £50k, get a warehouse full of them, strap something on the bottom, modify them to fly to preset locations and rip out their radios, drive 10,000 miles out of the way, wait three months to ensure you're home and dry and out of suspicion, and then dial the magic number or set the magic bit on an onion address, that causes them to be powered up, float off through the roof and all attack a different target, or all home in on the same target.

Taking them out would literally require an EMP that knocks out all kinds of things, and you'd never know if you got them all.

With a bit of onboard coding, a solar panel and an Arduino, you could program them to all run off, sit on a random roof for a few weeks and then form a co-ordinated attack at the same time anywhere in the world. Stopping, charging, and then carrying on if they get slowed up or take heavy losses early.

The danger in these things is actually predicted by the mischief that could be caused in the hands of a crop-circle-maker, protestor, artist, or even just kids playing games.

At no point, once powered up, do they need radio to do that job. Even with deliberate GPS takedown (in a matter of hours? Yeah, right), there's nothing stopping them triangulating from cheap 3G sticks which will give you position to a couple of hundred meters on their own, let alone in tandem.

To be honest, the threat of a hostile drone swarm, even from another country, is scary. They could be sitting for years, building up, lying in fields, flying off if anything comes near, and then making a coordinated and almost indefensible attack using any payload they can carry. Even the military were looking at drones that could sit on powerlines and charge up, etc. but a determined hacker with a thousand identical drones which can carry even the smallest of payloads could cause a nuisance and a news story at least, commit terrorism, or prompt a military response if they did it right.

Seriously, there are drones out there with ranges of 7km and flight times in the hours. They ain't cheap but a year ago they didn't exist. Next year, you'll hear of some enthusiast flying them near Heathrow, the year after that they will be in your toy shops.

And if ever there was a tool that it's difficult to determine the source of, especially if you don't use radio, surely that's gotta be one. How many people are arrested when their drones buzz Heathrow, football stadiums, even the Empire State Building? Almost none, because nobody knows who was flying them.

Sputnik-1 replica used to test the real thing goes under the hammer

Lee D Silver badge

"And while that history has its roots in conflict and space remains of enormous strategic significance, space programs from many nations now also conduct scientific endeavours that expand our knowledge of the universe while also showcasing human ingenuity."

Shame that if we'd just focused on the science instead of the in-fighting, and allocated the budgets accordingly, we could probably be 100 years or more ahead of where we are by now.

Red Hat pledges patent protection for 99 per cent of FOSS-ware

Lee D Silver badge

It says:

"We won't sue you".

It could not ever say:

"Nobody else will ever sue you."

What makes you think it could?

Literally, I could patent something tomorrow and sue you over it. It might be completely obvious and baseless but you'd have to go to court to prove that. Are you expecting Red Hat to somehow change the legal system so that that never happens to anyone, ever, anywhere in the world no matter how unscrupulous the company doing so (e.g. SCO)?

If you need to replace anything other than your iPhone 8's battery or display, good luck

Lee D Silver badge

Honestly don't get why people buy stuff that they don't stand a chance of even other people fixing.

I deliberately didn't buy certain models of cars because they are basically irreparable unless you're the manufacturer, and I don't want to pay those kinds of prices into perpetuity, thanks. I never liked Monopoly.

Why you'd buy a phone that (last time I looked) cost £70 for a screen that wasn't even a proper Apple replacement part and voided all warranties, I'm not even sure. Especially when those kinds of damages were frequent (never met anyone with an iPhone over 2 years old that's not smashed on the screen at least), and often took out touchscreen / buttons / cameras too.

Have literally dropped my phone down concrete steps, out of windows, etc. and never had a problem even without any kind of case. However, have sent one guy's iPhone off for repair for broken screens no less than 7 times, each time the repair is more dodgy because you just can't repair it properly. And that's from a company with an exclusive deal with us for repairing 100's of iPads too.

If you can't google a replacement part, slap it on yourself, then I don't see why you'd want it. You might as well drive a Peugeot or something where you have to dismantle the rear axle to change the front headlight bulb, or things equally as ridiculous.

I honestly don't get how this rates even a 4, let alone a 6, on any kind of repairability scale, and I don't get why people continue to buy those phones, whine about the repair costs, then expect me to somehow magically fix them for free when I told them not to buy them.

You've been baffled by its smart thermostat. Now strap in for Nest's IoT doorbell, alarm gear

Lee D Silver badge

£20 box off Amazon (GPS tracker/vehicle locator/auto-fuel-cut-off/etc. box - basically GPS + relays connected to GSM).

One giffgaff SIM card on minimum payment (£5/month) so they don't shut it off.

Wire into existing doorbell.

Done.

Sure, not a "commercial" product, but are you honestly telling me that it costs thousands of dollars to package that up in a neat box that just plugs in?

Kebab and pizza shop owner jailed for hiding £179k from the taxman

Lee D Silver badge

Few companies ever break tax law.

The problem you're referring to is actually "There is a law that let's us do this" or more commonly: "There is no law that stops us doing this".

When VAT law on products from Guernsey changed, Amazon were pretty quick to pay their bills and get out of there.

The problem is a taxation / benefits system that allows such things, which is the fault of supposedly intelligent people working for government, not the people who find the loophole (who are merely morally corrupt).

Lee D Silver badge

I should think nowadays that it's just:

"Compare personal bank account income to business income and VAT paid" on a computer.

They do that for benefits already, they can literally look up all kinds of things about your income, outgoings, accounts, contracts, loans, etc. and spot discrepancies.

Obviously, they have to have a reason to look, so something obviously flagged on the system as suspicious or an anonymous report, etc., but they have it to look at and that's done long before they go see if the premises.

Hell, if you have a bill arrive in a new name at a premises where someone is claiming benefits, they can be informed and query whether you "live alone", etc. - my ex and I had that happen in the past.

As soon as they get a sniff, or a report, it's quite easy to prove things like this nowadays. It's hard to deal in or hide cash, even.

It might not be immediate and they rarely act straight away or tell you what's happened, but they can gather evidence enough in seconds.

Lee D Silver badge

Not being funny, but this is the low-hanging fruit, surely?

A kebab shop only making £9k a year, are you kidding me? How do you even begin to claim that, you'd be out of business in a year easily when you were basically a one-man band making only £9k for yourself after a year's worth of work (i.e. not even minimum wage for YOU, let alone anyone else).

And if you were on HungryHouse / JustEat (which it sounds like), then they have records you can't hide. You put it in your bank, who would also give up that information. You claimed benefits (and they check all the above too).

Sure, maybe you got away with it for a while, but how can you think that being so blatant would work for any length of time? Literally ORDERS OF MAGNITUDE more money passing through your accounts than you were declaring.

I bet they've had you on their list for years, but just waited for a quiet day. "Oh, well, lads, we didn't get the mastermind criminal. I still wanna send SOMEONE down though. Let's go do that kebab shop, it's long overdue..."