* Posts by Lee D

4232 publicly visible posts • joined 14 Feb 2013

Micron wheels out 'highest density' SATA SSD on the market

Lee D Silver badge

Tell me again - why is anyone bothering to make hard drives any more?

Plastic fiver: 28 years' work, saves acres of cotton... may have killed less than ONE cow*

Lee D Silver badge

Re: Not much of a chemist then?

But would then make the UK use a different criteria / formulation to ALL THE OTHER 23 COUNTRIES which haven't had a problem.

That costs. Because it costs the company to refine, eliminate and test without that element which they haven't needed to for everyone else.

Lee D Silver badge

Re: Not much of a chemist then?

Sure. we can find a substitute.

You want to be responsible for doing all the materials tests all over again, taking months if not years, and pay for it from your tax?

You want to be responsible if the fivers start falling apart after "only" five years?

You want to be responsible for whatever media comeback when THAT material is less environmentally friendly than even the cow-notes?

You want to be responsible for the price difference in materials (tallow is basically a waste product, isn't it, and 23kg for ALL the notes isn't going to cost you much)?

You want to be responsible for when the dye or security feature has to be changed because it's not compatible with whatever substitute, and so on?

It's not just a case of "use something else", such things are planned years in advance because that money has to last 20-30 years in the field without any kind of maintenance.

Hackers waste Xbox One, PS4, MacBook, Pixel, with USB zapper

Lee D Silver badge

Re: Based on related experience...

And I think you need to read the article again.

It's EXTREMELY well-worded and selective in its quotes but at no point has anyone said that you can touch, interfere, modify or access the critical systems at all. Sure, you can take out the in-flight movie and maybe get "admin" access to it. But you still can't modify the autopilot or anything else.

And to do so, required a special filing from Boeing which was subject to scrutiny of a kind approaching "Sure, but only if it's impossible to interfere with the flight systems" at which point it was abandoned.

It's extreme hyperbole, but it still boils down to "Roberts and other researchers have demonstrated methods for hacking into onboard computer networks used to operate in-flight entertainment systems.", The biggest risk there is that you might miss out on seeing Snakes On A Plane.

Lee D Silver badge

Ridiculous

I don't think I've ever seen a port technology which is entirely optically isolated on a common device. For some things, I doubt it's even possible given their speed.

But seriously:

- Serial ports. Okay, I've seen optically isolated, but never on a PC or home device, only on geek interfacing kits.

- Parallel ports. Same.

- VGA. Nope.

- DVI. Nope.

- HDMI. Nope.

- PS/2. Nope.

- SD card. Nope.

- SATA / eSATA. Nope.

- Docking stations. Nope.

- Firewire. Nope.

- DisplayPort. Nope.

- Ethernet. Nope (and that often carries PoE!).

- Headphone / audio sockets. Nope.

- Phone handset curly-cords. Nope.

- Telephone lines. Nope.

About the only one is TOSLink and that's because it's an optical connection.

You can't just go around putting humongous voltages down copper pins and then be surprised when things blow up. Sure, you can fuse it, reduce the damage, etc. but you'll still kill devices before the fuse goes, especially if you're being just-that-silly with trying to deliberately damage things.

It's ridiculous to suggest these should all be optically isolated. Public kiosks / airplanes? Yes, if you offer ports they should be locally fused and they WILL be on separate circuits anyway (otherwise you have a flight-control / in-cabin wiring violation immediately - even fusing the entire cabin should not affect anything to do with the safety of the plane). But opto-isolating every seat? No.

I bet almost all my home appliances can't suffer the same - GAS BOILERS DANGEROUS BECAUSE IF YOU PUT 20kV DOWN THE THERMOSTAT CABLE, THINGS COULD GO WRONG.

No shit, Sherlock. Don't do that.

Brexit means Brexit: What the heck does that mean...

Lee D Silver badge

Re: And there's also the Snooper's Charter

What foreign country would want to keep their data in a country that might well remove the current EU-overseen data protection regulation / compatibility at any point?

We're going to lose a lot of data business, I think, just by creating yet-another-jurisdiction to deal with, even if we abide by almost all the current EU law (because it won't be "all").

Windows 10 market share growth just barely has a pulse

Lee D Silver badge

I put my workplace on 8.1. Every machine. There were a few 7's still lying around but we got rid of them as soon as I could get to them. We network-boot to re-image machines, and it takes 20 minutes. Any time there's a problem with the hardware, we fix it, ore replace it, press F12 in BIOS and 20 minutes later our machine is working, available to the user, on the domain. So we built the 8.0 image, every time a machine needed wiping or I had 20 minutes spare, we'd F12 another one. When 8.1 came out, we just upgraded the image and carried on that same way until they were all 8.1.

So, we also have Windows 10 "for free" with our licensing. I can upgrade at any time. All my images are 8.1 and I can build a 10 image from that no problem with identical settings and software. It'd take a day even if I had to start from scratch.

My question: What's the impetus?

At home, it's to remove the nags. But 10 does nothing for me that 8.1 doesn't, and 8.1's supported for YEARS yet. I'm not saying I'll take it down to the wire, but apart from saying "We're on 10", I obviously don't NEED anything that it offers.

And when I tested 10, half our banking stuff fell over or wasn't compatible which meant we didn't bother to test further until that was sorted.

But... as a commercial entity... what do I get back for deploying 10 on my next re-image of a machine rather than 8.1?

When you could upgrade for free, today, deploy site-wide casually by the end of the week, and still can't find a reason to do so beyond the version number itself, adoption is going to be slow.

Lenovo: If you value your server, block Microsoft's November security update

Lee D Silver badge

Re: Go ahead

Sure, what's the Windows equivalent to systemd?

Sound stupid? That's because it is.

Horses for courses, and I've not worked in a workplace that uses Lync and I've been doing IT and network management for 20 years.

In fact, even Exchange is rare in some industries, even in Windows-only environments.

Hedging your bets on a product that only works on Windows is a dumb business decision, even if "everyone else does it". We found that out in the 90's but some of us never learn.

And with virtualisation, it really doesn't matter what OS the server runs any more, so long as the individual VM's (which is where the Lync Server would sit) have the right OS.

In this case, what we're questioning is why you'd run a Windows hypervisor, not a Windows server serving a Windows-only application that you've decided to standardise on. Plenty of places survive just fine without ever having had, used, or afforded Lync.

Not that that makes Linux any better or worse, to be honest. But at least it's not Mac.

(P.S. 30+ virtual servers, about 60% Windows, 30% Linux).

With cloud services, virtualisation and modern systems, you're an idiot to put all your eggs in one basket. For instance, here, if you had all Lenovo servers with all Windows Server and had - as recommended - auto-update turned on, you would have taken all EVERYTHING in one fell swoop. That's just stupid.

And how long, honestly, before Lync / Skype is "just another cloud-service"? Not long, it's already here:

https://technet.microsoft.com/en-us/cloud/gg671923.aspx

Virgin Media is so rustic and artisan you get to hand-sort your own spam

Lee D Silver badge

You have absolutely no knowledge, way to check, or guarantee that EVERY EMAIL YOU SEND isn't already doing that anyway.

Literally, none. If you check DKIM and SFP and connect to advertised MX records, you have no guarantee of confidentiality whatsoever.

And they all transit in plain-text at some point in their route, or can do, and you can NEVER know anyway. It's SMTP, you have precisely ZERO guarantees about the confidentiality of any email you ever send, ever, anywhere using it.

That's why, if you WANT to send a "secret" email, you have to encrypt, and you can NEVER hide the metadata about the endpoints (time sent, date received, intended email address, source IP etc.)

Though I would be the first to agree this is the world's largest remaining Internet protocol that drastically needs a long-overdue redesign from the ground up, paranoia's nice, thanks, but I have a life.

You have literally zero guarantee whether none, one or all of your friends are actually doing just that kind of forwarding - or worse - anyway. None. Whatsoever. So you can either bitch about it on forums, fix it, or accept it.

P.S. You would need to be the first to propose a system that is "secure" yet permanently stops me ever forwarding any email you've addressed to me, onto anyone, or anywhere, that I like. Stop trying to apply DRM to email, it can't work.

Lee D Silver badge

Buy the very cheapest of cheap .co.uk domains for yourself (or even .me.uk)

Advertise it to all your friends as the last time you'll ever change your email address.

Activate the free email forwarding to that same GMail account. Or Hotmail. Or whatever. Whenever and however you like.

If something goes wrong, you change the forwarding, but your email is still just the same.

You have a legal "ownership" of the domain and can move it to any provider, put a website on it, etc., usually for free or for an absolute pittance.

If you get the right service, you can even do things like have it forward emails to BOTH a GMail and a POP3/IMAP account so you can be sure to never lose an email while also using your favourite service.

Then, question why you didn't do this decades ago like everyone else did, and why you frequent an IT site and this didn't occur to you in all that time.

Literally, a .co.uk is 99p a year on some places, with free email and web forwarding to the addresses of your choice.

Lee D Silver badge

Re: F-me is this a wind-up???

Nothing wrong with using Virgin Media Business... but why on earth would you rely on their freebie email/webmail services?

1) Surely, that means your email isn't @ your domain?

2) It's an ISP so likely it'll be junk and subject to things like this

3) The news about VM using GMail and then not using it, etc. are all over the net for the last few years

4) Anything company of any particularly useful size (i.e. not two guys in a back alley) surely has a server that does their IT/email if they are in any way relying on it for business. I mean, not a plumber with a van, but then they could just change their email without any problems.

Chernobyl cover-up: Giant shield rolled over nuclear reactor remains

Lee D Silver badge

Re: If I had lived in Russia in that time..

Marie Curie.

She studied the stuff for years, playing with uranium ore in a shed, and carrying vials of radium in her shirt pocket, not to mention taking X-ray images unprotected, and went on to live for another 30 years before she eventually died

Sure, it wasn't healthy for her, but it's not instantaneous death.

And her lab / papers are STILL radioactive 100 years later.

Radiation, really, is much safer than most people make out. Unless you deliberately make it into a weapon, it's probably safer than TNT.

Lee D Silver badge

Radiation is not instant death.

If you're working on a reactor, you're going to get a hit, which is why you carry badges which monitor it, etc.

Working near Chernobyl is the same - fine so long as you monitor and don't do over-long shifts near it.

For reference, Chernobyl was detected by people outside the Ukraine / Russia - in a nuclear plant. Finnish workers at a nuclear plant were all setting off warning alarms because of the radiation that had spread that far.

Did everybody on that path die? Not even close.

Did the equipment at a nuclear power plant detect a leak originating from thousands of miles away? Yes.

Did the workers obey the usual nuclear safety procedures and limits / levels? Yes.

People drive into Pripyat on a regular basis - look for the photographs of the abandoned places. You just can't stay there for long periods.

Similarly, the workers who put the rails right up to the door of the blown reactor only the other week - fine so long as you don't stick around longer than necessary.

Radiation is scary not because it's instant death (yes, it can be, if you're quite literally in front of the reactor) but because of the cumulative effect. So long as you don't let it build too high in your body, too often, it's fine.

And even then, an exposure to a single radioactive atom could give you cancer, in theory. It's incredibly unlikely because of the body's DNA repair processes and the chance of it causing a mutation, but in theory you can even be born with cancer caused by radiation despite living in perfectly ordinary places.

It's just sensible to avoid unnecessary exposure.

Hell, the wildlife are thriving since all the humans moved out.

UK National Lottery data breach: Fingers crossed – it might not be you

Lee D Silver badge

Re: Credit where it's due

I still think we need to get everyone there round a table...

UK.gov was warned of smart meter debacle by Cabinet Office in 2012

Lee D Silver badge

Re: Nope

Remember the ID cards that were going to be compulsory, but after a year or two they flopped and even the issued cards were "no longer valid for ID" and everyone who paid for one had basically wasted their money?

Lee D Silver badge

Smart energy meters that can only tell me what I'm using? I have no interest as I could pay £100, have no inconvenience, not have to modify my internal wiring, and get the same effect - except that only I would have access to the data.

Smart energy meters that can cut me off at the will / mistake of a third party? The day you make me use one of those, I ask you to remove all your meters, cables and equipment instead and I put a solar installation on the roof and feed down into MY consumer unit. You'll never see another penny from me again, even if it's at great expense to myself.

There's a reason that we're stuck in the limbo between those two - no way will energy companies force the "cut back service" when they are profiting from providing you with electricity. And no way will they do anything more useful than put in a smart meter to save their guys having to come out to read your meter.

At the moment, even the meter-reading is so infrequent, it's barely worth the price of a single always-on data connection to your meter, for any individual customer. Seriously, what does it cost a minimum-wage employee to knock on your door of an evening and take 2 minutes to read your meter, when you divide his hourly wage by even 10 minutes per household?

The problem is the grand energy saving plans inspire NOBODY who wasn't already doing so (and why should electricity companies help save you electricity? That's like Google being asked to help you cut down on performing Internet searches), the next stage (cut-off / brown-out / separate circuits) is practically impossible to implement and counter to the whole purpose of supplying electricity, and there's nothing in between that anyone actually wants.

Gimme a £100 voucher towards a clamp meter with smartphone app and we can skip stage 1 entirely. Try to implement stage 2 and watch my custom disappear from you forever, while ALSO massively increasing the green credentials of what I do.

Sorry, but whether it's a lightbulb, heater, washing machine or computer, you're aren't going to turn my stuff off if I'm paying for it, proportional to its energy usage. Which leaves you stuffed in territory where you're just wasting money doing things I could have done for myself cheaper.

Oh no, software has bugs, we need antivirus. Oh no, bug-squasher has bugs, we need ...

Lee D Silver badge

Correct.

Please tell me why the part of the OS that draws on the screen ever needs a promiscuous sniffing connection to the network? Or the filesystem handler needs to have access to the USB subsystem (there should be a subsystem to connect the two, but that surely only needs access to USB devices and an internal filesystem daemon interface).

This is why you modularise, compartmentalise, permission and break off rather than still sitting with a superuser tucked away capable of doing EVERYTHING.

Even in an OS, you shouldn't have one part of it be able to access everything if you're at all concerned about security. (Performance is an entirely different issue).

Lee D Silver badge

I do always find it ironic that most people place the utmost faith in the only piece of software that:

- Runs as admin or SYSTEM

- Runs while any and all users are logging in or working

- Can access and write to every file accessible on the filesystem

- Can intercept every read and write and replace with content of its own or remove file entirely

- Can consume as much CPU as it likes

- Can read and intercept every email and modify it in transit

- Can intercept every network packet, modify and remove them

- Receives daily updates with unspecified changes that are basically unauditable (e.g. AV updates).

- Is usually the only decent protection they have from the net

And that they think this is a "good idea" for security.

Personally, I'm looking towards the day when such a program isn't actually technically possible anyway, let alone a staple piece of software.

Ofcom to force a legal separation of Openreach

Lee D Silver badge

Re: Probably not good enough

To be honest, when you include union labour and health and safety, that's how much it all costs.

Two guys for the day will cost you nearly a grand.

Equipment to dig a hole, probably a grand again to hire.

Wayleave etc. paperwork will cost you.

Then you have safety equipment, a van to take them to site in, the digging itself, the ductwork, the cable, etc.

Not saying you can't do it cheaper, but you won't find another COMPANY that will do it cheaper, officially.

I work at a school that was going to be charged £20k+ to dig a trench the same. We got a local farmer to help do his half, and did the on-site stuff ourselves, and it wasn't cheap (we weren't doing it to save money, but to speed things up) for our part, and we still had to pay a load for their part, and that wasn't BT-related at all.

As soon as you get into liability for the works, it gets incredibly expensive as everything has to be done by the book where you or I would just get a shovel and start digging until our backs hurt.

That said, if it's only one pole away, I'd be paying a neighbour to stick a box on the side of their house and pay 50% of their monthly Internet bill for them, so they could upgrade it. Unlicensed spectrum is relatively cheap for Internet-access kind of speeds now, especially if you can have a directional antennae bolted to it.

Lee D Silver badge

At bloody last.

Seriously, why has it taken so long to notice this blatant conflict of interest.

There's a reason that we lag behind so many other countries who don't have this problem.

Break them up and then tell OpenReach that they have to supply every house in the country, and charge the same for all lines, to everyone who asks.

Then watch as BT die a death except with granny who wouldn't know who else to use, and has to start competing properly again, and lower their stupendous prices for what they offer.

Then, you might even be able to charge bloke-in-London an extra quid a month over what he'd have paid before to give bloke-in-the-middle-of-nowhere some kind of usable connection for the same price.

New Euro-net will let you stream Snakes on a Plane on a *!#@ plane

Lee D Silver badge

On a flight WORKING?

No. If you have a laptop or tablet and you're on a flight, why would you WANT the ability to work. Relax, play a game, watch a movie, listen to some music.

Take a few hours off, ffs.

Lee D Silver badge

Charge for Wifi on top of your plane ticket? Yeah right.

Add 20p to everyone's ticket and give it away, or don't bother at all.

And 75Mbps (presuming asymmetric) shared between 200 passengers, their phones (whether active or not), tablets and laptops is basically pointless. It's like 200 people sitting in your living room trying to all connect at the same time.

No way would you ever get a stream going. And that's even more reason for people to NEVER pay for it.

Seriously, people, this is 20 years overdue and still naff.

Jingle bells, RM tells, some staff to go away... via Skype

Lee D Silver badge

Re: Viglen

Viglen do more than just schools, or they'd be dead in the water. Their ClassLink junk isn't worth the paper, honestly. I've specced school networks with Viglen hardware (server + client, actually rebranded Dell at the time), but never used their software.

However, I just heard that either Viglen took over XMA, or XMA took over VIglen (I think the former). XMA were quite big but they, too, were useless.

Three months after asking XMA to big for a complete print solution for a private school, they phoned me up to tell me they'd go us confused with a similar named school at the other end of the country and "thought it was being dealt with". After losing out on a £50k contract, I gave them another chance and asked for some Chromebooks - this time they couldn't get the management licences sorted in the WEEKS it took to organise, so we told them to forget that too. They still keep phoning me up and, especially recently since they were taken over, are desperate for business and bugging the life out of me. Basically, guys... no.

Seems like XMA and Viglen will be perfect together...

Lee D Silver badge

Re: Profit of £7.7m => 70 people are to lose their jobs

Profit of £7.7m with 1600 staff = £4812.50 profit, per staff member, per year.

It's barely worth bothering with those sorts of figures. That's like a software sale or two per year per person. Obviously sales people generate most of the income and the others provide the capability, but averaged out, that's a crap number.

For a huge, national educational supplier, that's a ridiculous number.

Net profit per employee is a great indicator of how well a company is doing.

Lee D Silver badge

Hear that? It's the sound of the world's tiniest violin.

Google's Chromecast Audio busted BT home routers – now it has a fix

Lee D Silver badge

"Chromecast Audio devices were eventually fingered as the culprit, and after disconnecting the devices, the BT routers operated as normal."

Sorry, but the Chromecast isn't then the culprit.

What kind of junky router falls over on ANY user traffic from the internal network?

Answer: A BT junky router.

Seriously, people, throw the router, and your ISP with it, and stop blaming ChromeCast.

A Rowhammer ban-hammer for all, and it's all in software

Lee D Silver badge

Re: Memory controller feature

I am, in fact, quite surprised that there is a low-enough level of control to exhaust a particular capacitor, certainly in any controlled way whatsoever.

Software shouldn't have to deal with stuff like this as anything more than a stopgap. Like DEP etc. it should be using the hardware's inherent capabilities to manage this kind of thing, not doing the software "bouncer pushing certain groups back" method.

100k+ petition: MPs must consider debating Snoopers' Charter again

Lee D Silver badge

Er... what's "sic" about:

" free reign [sic]"

That's correct, isn't it?

Sysadmin denies boss's request to whitelist smut talk site of which he was a very happy member

Lee D Silver badge

No.

This was definitely, absolutely 100% more in the "meet young Russian guys online via your webcam, just send a kinky selfie to sign up" kind of site.

Lee D Silver badge

Re: “That won't be necessary,” was the manager's response.

I have every email I've ever sent or received, going back to 1999.

There's a reason for that.

On day one at a new workplace, I insist on installing helpdesk software if they don't have it. There's a reason for that.

IT is one of the few professions that records, monitors, analyses and stores EVERYTHING they do, as a matter of course.

And I can't tell you how many times that's come back to bite people on the backside - and only EVER when they lie, cheat or try to tell things other than how they actually happened. You can't hide from the truth.

Never been fired. But have reported a number of people to various regulatory bodies.

And, yes, the "Can I have that in writing?" phrase is often the death-knell of any number of daft, illegal, or dishonest ideas that I'm asked to participate in. Don't ask me to do things you don't want recorded, because a lawsuit often offends.

I have actually said to a top-bod, "No. Not going to happen. I refuse to do that." and kept the job. Because they knew they couldn't force me to do it without getting themselves into a heap more trouble.

Do not meddle in the affairs of sysadmins, for they are subtle, and quick to dig out logs.

(Have just dealt with a problem where it was OBVIOUSLY IT's fault that their software wasn't up to date and we should update it immediately and just make everything work, and they'd get us into big trouble if we didn't just do as they commanded.

Two months on, they snuck into the finance office, paid for the software updates that they'd NEVER PAID FOR, which is why we couldn't download them or update them or anything and we weren't going to buy them on anyone's budget but their own, and then sent us the new account details "because the download is working all of a sudden".... Shame that I kept all my emails, including the first one that said "Have you paid for this?" and they said "Yes, of course!", two months earlier.

Without proper data retention, that could easily have come back as an "IT are just being obstructive" to senior management)

Lee D Silver badge

Re: Everyone here is wondering

If it was technically possible to take a flamethrower and burn the laptop to ash and then hand it back to her working, I would have done.

Usually, such schools are filled with 19-25 year old trainee teachers.

This was not one of those cases.

Hell, it gave me the heebie-jeebies just in case I clicked something and ended up finding out what was in those files...

Lee D Silver badge

Should have just had this in the main lobby:

http://www.ex-parrot.com/~chris/driftnet/

Lee D Silver badge

I work in schools.

I once had a teacher who came to me with their personal laptop. "It's been hacked", she told me.

After a lot of gentle interrogation, I managed to get to the bottom of why she was so sheepish and reluctant to reveal the source of the hacking or, indeed, how she knew it had been hacked. (In the past, I've had people tell me they were being hacked because they had Christmas decorations on their Smartboard which made the mouse jump all over the screen whenever they used the PC....)

Turns out that she was a fan of certain Russian dating sites, and one of the fellows on there had been more than normally convincing. After a few back and forth conversations, he somehow managed to get her to click something, which then whipped all the OTHER personal photos she had that she hadn't already sent him... and then he sent a nasty little email threatening to reveal them all.

It then turned into a much more open conversation involving phrases like "That's the folder but please don't go in there!", and so on, Eventually we cleaned what we had to and made sure there wasn't anything on the laptop that shouldn't be there but there would be nothing I could do about clawing back anything he did manage to access.

Of course, it would be the ageing, near-pension, teacher for whom you REALLY don't want the associated mental image, too.

SQL Server on Linux: Runs well in spite of internal quirks. Why?

Lee D Silver badge

Re: Interesting

I think it's more likely that they are reducing virtualisation costs.

Nobody can afford Datacentre, so you're paying for every VM, in effect, which means that converting your stuff to cloudy virtualised things means yet-more-Windows-licences.

Given that they want you to pay for Server, Server CAL's, SQL, SQL CAL's, this is a way to make the obvious "virtualise everything" progress cheaper for businesses. Just SQL and SQL CAL's to buy, in effect.

Windows is basically being given away.

Office isn't far behind (£5.99 a month for personal users, far from the £200-300 each year that it used to cost)

But they can do that because everything's ending up on the cloud for most users, and IT departments are doing that by virtualising what they already have, or buying in SaaS. Both of which benefit from not having to pay for a Windows licences for a virtual machine for every database server you want to run. And, let's face it, if the choice is more Server licenses and SQL on top, you're more likely to swallow the one-off transition costs for something major like a cloud-move and go elsewhere.

Offering SQL on Linux takes the sting out of that while still netting annual renewals.

(P.S. Running five instances of Datacenter in a school - we pay a pittance in comparison to full retail prices for the same. And on each of those we can run the entire school, in a pinch, by moving the VM's around. But we only have a single SQL server VM because of the extra cost).

How to confuse a Euro-cop: Survey reveals the crypto they love to hate

Lee D Silver badge

So, surely it IS working exactly as described.

One of the roles of encrypted streams is to be indistinguishable from random noise. As more people use encryption - as they should - the more those using encryption slip into unrecognisable random noise.

P.S. likely for the last ten years, your email, banking, shopping, logins, software updates, and just about everything else have been encrypted. Quite how much do you think one encrypted stream is going to stand out.

And what you're suggesting is that encryption itself is not breakable, hence not useful to try to break, and so they rely on other metadata. The encryption did its job. You still don't know what was said. If you posted the encrypted message on a forum, you still don't know how the intended recipient was and only the recipient can understand the message. The encryption is doing everything it's designed to do.

The NSA are also presumably doing everything they were designed to do. But that should mean a lot more than "let's try to break encryption".

Encryption works exactly as intended as it's NOT designed to stop people knowing some data travelled from A to B. It's designed to make sure that data can never be accessed by unauthorised people and that the encryption data itself (not the format, carrier, connection, etc.) is indistinguishable from random noise. Job done.

That they did the equivalent of sending an encrypted message to "terrorist_cell_B@hotmail.com" is their own stupidity. The encryption still did its job, exactly as designed.

"We know this terrorist sent a message to this other terrorist at 9:26am".

"Okay. What was in the message?"

"No idea".

"So, absent any other significant correlation, it could have been a recipe for cookies?"

"Er..."

"And how 'rare' are encrypted messages nowadays, Mr Spy?"

"Well, we've been arguing for years that we can't crack people's Tesco's shopping..."

"Oh. Interesting. I move to dismiss, your honour."

Lee D Silver badge

Purpose of encryption: To stop people - other than those intended - being able to see, or infer, the contents of a message.

Sorry, but it's working exactly as designed.

"Weakening" it or "backdooring" it makes it stop being encryption.

And unless you can stop everyone, everywhere, across the planet having access to ... gosh... mathematics... you're not going to stop it.

Sure, you can ask Skype for a backdoor but you could do that legally anyway without any need to break encryption whatsoever as Skype are part of the "intended recipients" for most things. But if people are using an OTR plugin or similar to communicate USING Skype, there's nothing you can do.

And guess what the terrorists are doing, as compared to Granny who just wants to talk to Fred in Australia?

It's like saying "Oh, yes, we'd really like a way that no bullets in the world would ever fire in any gun, anywhere, except our own". Although "true", it makes you sound just as stupid.

You had your chance when PKE was declared a weapon and that all got invalidated, and only ever really took effect in one country. You can't hide "maths" any more than you can uninvent "chemistry" to get rid of bombs.

Rather than chase encrypted messages, put a few more people on the ground, in airports, and do a few more checks on people at the borders.

P.S. Though I would never suggest anyone - even a mathematician - does so, it's possible to encrypt using nothing more than pen and paper, and it's possible to extend existing source code to use unbelievable complex keys that take 20+ minutes to sign a single message. Even when "weakened" by using all the known flaws in the algorithm, that means it's still not going to be cracked this side of armageddon.

Rather than chase the dream of an encryption scheme you can crack every time, acknowledge that you are no more likely to crack the encryption than infiltrate the groups in question, or get a bug onto their PC directly, or work it out by other means. Just like foreign militaries.

Sorry, iPhone fans – only Fandroids get Barclays' tap-to-withdraw

Lee D Silver badge

Re: How is this progress?

FINGERPRINT SCANNERS ARE NOT FOR AUTHENTICATION.

How many times do you have to tell people this? You're leaving your fingerprint "password" ALL OVER your phone every time you use it.

Lee D Silver badge

Because Apple refuse to let anyone else touch the parts that can do wireless payments.

Game over.

Comcast is the honey badger of ISPs – injects pop-ups into browsers, doesn't give a fsck

Lee D Silver badge

PlusNet used to block all your web access if it noticed port 139 unsecured.

That's much more reasonable and much more an impetus to action.

However, with SSL etc. all that happens is sites like Google (many people's home page) will just fail to load with a security error if tampered with in that way.

How about ringing your damn customers or sending them an email?

Stay out of my server room!

Lee D Silver badge

And now you know that they've entered the space they weren't allowed to, and you invalidate all the passwords in that room...

Physical access is compromise.

Lee D Silver badge

IT are generally in charge of the access control, too.

A 500kg holding force maglock with battery backup costs a pittance and can be fitted by anyone.

If you can't have people in your room, don't let them.

Working in a school, the IT Office is access controlled (only IT can open the door, otherwise we have to buzz them in), and the server rooms are inside that room and access-controlled again (physical key).

Best bit - not only can you decide who gets access, you can monitor who tries too, and whether that site-manager who absolute must have access to every cupboard that he never goes in is sneaking in at night to have a gander round.

At that point, you fit a PoE CCTV camera tied to your smartphone in that cupboard too.

"But what if they won't install it?" Buy it, put it in. It's access controlled, right, so nobody should be able to get in there to see you even have it...

Microsoft still working to fix Outlook sync issues

Lee D Silver badge

I paid for Hotmail.

I paid for Opera (back in the day).

I paid for WinZIP.

I pay for any service I deem good.

When Hotmail went to Outlook, I stopped paying and threw it away. GMail was the answer, combined with my own server to manage email. Email actually comes to my GMail and my personal account at the same time. Downtime in the last 10 years? Zero, except scheduled reboots for kernel upgrades.

Yet, my workplaces (one of which was entirely Google Apps, another on-site Exchange AND Google) get downtime all the time. Literally, today, Google Drive threw a wobbly for a long time.

Cloud providers are third-parties. There's nothing wrong with remote servers. There's nothing wrong with hosting multiple servers in disparate geographic locations. There's nothing wrong with having virtualised servers or containers running on other's hardware.

But RELYING on them to always be up - as in this instance - is a nonsense. Deploy Outlook in-house AND in the cloud. And then at very least you can send / receive internal email and use your backup mail servers to send/receive email if you need to.

But putting your eggs into the hands of Microsoft, Google, Amazon or any other single entity to which you represent 0.00000000001% of their annual income is a stupid idea.

Oh, and for four years you couldn't log into Hotmail with a standards-compliant browser (Opera) when it was in its prime of development and had full support for all relevant standards. And the downtime on Hotmail once hit 20 days in one year. And I've seen Google downtimes in the days-per-year category too.

With those kinds of numbers, you're an idiot to rely on cloud alone without your backup MX / database replica being held in-house too. Because, you know what, my last workplace got 99.99% uptime. And we weren't even trying.

Lee D Silver badge

Cool.

So all those IT issues that are common to random sysadmins hit cloud services just as much, but with impacts for millions of customers rather than just a few dozen.

Glad to see that the change management at Microsoft is just as effective...

Lee D Silver badge

Cloud service provider.

Say no more.

Allow us to sum this up: UK ISP Plusnet minus net for nine-plus hours

Lee D Silver badge

Re: Meanwhile, on BT Infinitesimal

+1 for Draytek. My three-year-old 2860VN+ is still getting firmware updates with major feature upgrades (they just added DNSSEC checking for the ISP DNS servers, for instance).

And if you buy the Vigor AP900 range of wireless points, it can be centrally managed from the Draytek router.

Never had a problem, upgrade it regularly with new stuff, handles all kind of stuff and has features that I've never seen on other routers in its price-class.

Lee D Silver badge

Re: Working fine for me

My ex-wife (who kept my PlusNet account from the days when it wasn't owned by BT and was actually one of the best) in Cornwall had no end of problems.

She's considering cancelling the contract, it's been that bad for her.

And she lives right in the middle of one of the largest towns, so it's hardly out in the sticks.

It's time: Patch Network Time Protocol before it loses track of time

Lee D Silver badge

Only affects Windows, and looks like you have to have yet another of those "if you opened up your NTPd to allow remote people to do things they shouldn't be doing" options - mrulist.

At this point, if you haven't bothered to "restrict" and "noquery" the options on ntpd as suggested in all the documentation, you probably shouldn't be operating servers in the first place.

Donald Trump confirms TPP to be dumped, visa program probed

Lee D Silver badge

Have you ever tried to apply for a visa?

Last time I tried (for Australia, not the US), I had to be accredited, skills-tested (yes, Australia operate IT skills test in foreign territories), prove that my job involved the kinds of things they were looking for, and I had to be working in a profession which fitted their definition of an acceptable job for visa approval - which were all high-skill or high-level-of-management jobs.

In the end I applied for a Working Holiday visa instead, which was much less strict but only lasted a year and the idea was you could use that to later form the basis for a real visa.

I can't imagine that Australia has more tech people in the US such that their criteria have to be so much stricter. I imagine, in comparison, they are crying out for skilled people. But the fact is that the application process itself involves things akin to a CCNA / A+ (but industry certs don't directly qualify you for their test) as a base level of acceptable skill tells you just who they are interested in having and who they are not.

UK.gov flings £400m at gold standard, ‘full-fibre' b*&%*%£$%. Yep. Broadband

Lee D Silver badge

Re: Shonky speed illustrations

Gigabit network here - I could shift 7Gb in under a minute.

Admittedly, it's an internal network with well-specified hardware, but that's do-able.

Also, patch download times and Google load times? I question your network setup. INSTALLATION time is an entirely different matter and nothing to do with the Internet line, but download should be at line-speed from any Microsoft update server. And Google used to tell you the page generation times, but if it's not an instant-return, you need to fix your connection.

Although I agree in principle, a Gigabit line is enough to run a HUGE workplace from quite happily, and everyone to get something they consider blazing fast in terms of Internet. I'm in a school with a 100Mbps leased line (symmetric, but I'm automatically removing symmetric scenarios like uploading), and with proper management it's instant and fast and the only delay is actually our web filter (which downloads, interrogates, then relays, so it adds latency - but speed tests still return near-line-speed once the connection is downloading).

And although it's different on the ISP line, we've been handling Gigabit connections connected to a central location with hundreds of such connections for years. Admittedly it's Ethernet-backend but those kinds of connections are far from unusual and Gigabit-to-the-desktop has been my minimum spec for nearly a decade now. If a £20 switch from Amazon can handle it, I'm sure the expensive telco equipment can do too.

Now they have to push it through to a series of peering points, sure, and those are large, sure, but that's always been the case and it's basically the POINT of an ISP or telco to have that expensive gear and push it down to us. We've gone from 56K to 10Mbps being standard in a matter of two decades, and that's a 182-fold increase. In that time, the ISP backend must have increased at least 182-fold as well, and that's not something that's ever going to stop until we hit technical barriers (given that sub-ocean cables are capable of taking much more with no visible upper limit yet, we shouldn't need to worry about getting from BT headquarters to Telehouse Docklands, for example, for a long time yet).

Cost? Of course it's not going to be cheap. But that's the point - ISPs buy the big expensive pipes, and squeeze all their customers down it, and charge them a percentage. And I guarantee they still have plenty of room for profit, other services, installations, equipment upgrades, etc. by doing just that.

But Gigabit to the home is a reality in many countries, with comparable distances to cover and comparable peering arrangements, and they can even do it cheaper than BT can.

Past gigabit hasn't really been necessary or properly standardised yet, mostly because even most PC's can't do more than gigabit themselves, let alone home networking gear, but it's nowhere near being unachievable.

That it HASN'T been done in the UK is more a sign of profit-over-investment, and an incumbent telco, rather than physical capability.

Lee D Silver badge

Re: What are people doing that needs fibre?

A family of four will swamp a 40Mbps line just with base level streaming, background browsing software updates, etc.