* Posts by Ben Tasker

2150 posts • joined 23 Oct 2007

84-year-old fined €250,000 for keeping Nazi war machines – including tank – in basement

Ben Tasker Silver badge

Getting a tank into a basement is easy - at worst you just put a big hole in the floor above.

Getting a tank *out* of a basement, on the other hand, is potentially much more challenging.

Occasionally you see a news story about a bloke that's built a car/bike from scratch, often where his kitchen table used to be. They tend to have lost their wife along the way, only to find they're going to have to knock at least one one wall out of the house to get their creation out.

Someone I know very briefly had a similar experience in his garage, but that's only because we spot welded the garage door shut to wind him up (he used to go in through a side door to work on it).

Ben Tasker Silver badge

Re: WTF?

> Is it a keyed start,

Asking the wrong question.

You want to know if it's a keyed start *and* if the keys are actually unique...

A decade old, but, it used to be an issue: https://www.bbc.co.uk/blogs/daveharvey/2010/05/one_key_fits_all_tractor_polic.html

In 2003, JCB were (one of?) the first in the industry to announce they'd be using unique keys, rather than a one-key-for-all.

I don't know about their dozers, but in 2019, Caterpillar were still selling common keyed padlocks. Amazon has this: https://www.amazon.co.uk/Replacement-SP8500-Key-Caterpillar-Excavators/dp/B0051OF2Y4 which suggests that there's some recent kit that uses a common key

Ben Tasker Silver badge

Re: though corroded with rust, could be cleaned and restored to working condition

> 2021 I'm not sure.

He was contacted by a paper sometimes after the event, said he'd done a lot of coke that day and "had no regrets"

The UK is running on empty when it comes to electric vehicle charging points

Ben Tasker Silver badge

Re: Perhaps a hybrid would be a better solution?

> a 5k EUR solar array can easily charge my electric car for daily needs. It's a 50k EUR car, so that's hardly a huge investment in comparison.

As an additional investment, it's another 10% on top - that's quite sizeable percentage increase. It just sounds like a small investment because one's in 10's the other's in units. If we normalise down - your car is 5000, and for solar you need to spend another 500, would you feel quite the same way?

If you got a 10% raise at work, you'd probably be delighted.

> If designed properly, these could be cheap, quiet, clear and reliable

Personally, I'm of the view that all new build developments should have on-street chargers, and a specific %age of area set aside for solar (whether that's solar on the houses, or a "communal" area feeding back into the grid, or both)

But, I also don't think it'd be cheap or reliable in practice.

> and the great thing about electric cars is they can store electricity so can be charged when it suits.

I'm not sure I follow here - my ICE car can also store energy. If I fill the tank, that fuel's still there when I come back to it.

Left long enough, petrol might go stale, but diesel doesn't *and* as far as I'm aware, you'll see a discharge rate from that leccy battery.

That's not to say there aren't other arguments for EV's, I just don't think this one is one

Audacity fork maintainer quits after alleged harassment by 4chan losers who took issue with 'Tenacity' name

Ben Tasker Silver badge

Re: physical harassment

Which is just as well.

If someones nutty enough to turn up with a knife over this, they'd likely just as happily turn up with a firearm if one were available.

Firearms _might_ be a deterrent for rational criminals (even that's debatable) but they do nothing for nutjobs other than to add a tool to their belt.

Nominet is back to 'the same old sh*t' says Public Benefit campaign chief as EGM actions grind to halt

Ben Tasker Silver badge

Re: Nominet's handing of EGM voting data to a market research agency, Savanta

> "We feel that the listening process (the project where we are seeking to get detailed feedback from members following the EGM) is a legitimate purpose for data protection law.

Data protection law also requires informed consent. It's rather hard to argue that that was obtained given that every communication from Nominet said votes were "confidential", and vote handling was out-sourced to a 3rd party (giving the impression of a secret ballot).

Containers have security problems and flexibility issues. VMs will make them viable

Ben Tasker Silver badge

Re: Vi or emacs?

We always took the approach that using containers (well, specifically Docker) was fine *if* you could provide a sane justification for it.

It makes deployment much easier, sure - but in a network where deployments are relatively rare, that's outweighed by having to get the support team/ops comfortable with managing and troubleshooting Docker.

The result is that (in terms of projects) VMs have tended to be more common than containers.

UK gains 'adequacy' status on data sharing with EU, but making that stick all depends on how much post-Brexit law diverges

Ben Tasker Silver badge

It's a feature not a bug

> they also mean that existing data cannot be reused for novel purposes

They really are mistaking a feature for a bug.... If data can arbitrarily be re-used for any old purpose without getting further consent, then it's not really protected is it?

Good news on the adequacy, but I'm sure we'll find some way to screw it up (followed by politicians blaming the EU for being overly purist about the law or something)

Gov.UK taskforce publishes post-Brexit wish-list: 'TIGRR' pounces on GDPR, metric measures

Ben Tasker Silver badge

Re: Erm


You seem to think that this suggested change in rules would result in no (meaningful) change in behaviour.

Assuming for a minute that you're right, my question would be - why waste taxpayers money drafting and enacting a bill to implement it then? If nothing changes, what exactly is the point?

FWIW, I disagree that nothing would change - it seems fairly evident that a certain category of seller would drop metric, leaving at least 2 generations of people looking at their pricing and not knowing how much they're going to end up paying.

> On who? How is it not simple to let people get on with their lives without telling them every minutia of how to interact with other people?

Entered into a computer, built on standards, submitted to a website via HTTP (also a standard) over TCP (also a standard) presumably using ethernet (wait... also a standard).

The world is built and operates on standards. When we had it, the empire enforced standards on the countries we'd stuck a flag in. Society generally works by following an agreed standard (even down to, when the light is red, don't drive your car past it).

What you actually mean, is you don't like *this rule* because you associate it with the EU, so lets get rid of it and fuck anyone that didn't grow up with pounds and ounces.

Ben Tasker Silver badge

Re: Erm

> This is in a country which uses a mix of imperial and metric and people dont fall over having a brain aneurysm for doing so. Its almost sounding like a fear of thinking for yourself or the ghastly effort to go look something up (or just ask) if you dont know the answer.

Because *no-one* would complain if we changed all the road signs to use KM instead of Miles? Or switched to them needing to ask for 568ml rather than a pint?

The rule you're talking about, btw, doesn't prevent imperial being used - it simply states that metric should be present too. So what the suggestion to remove that rule is saying, is that we should make it needlessly harder.

Ben Tasker Silver badge

Re: Brexit bollocks

> Being picky, but why concentrate on cookie consent with regard to any discussion on GDPR?

Because the people behind this report don't do _detail_

Just like they backed and pushed for an unspecified form of Brexit, handwaving away any forseeable headaches.

Ben Tasker Silver badge

Re: The UK political sphere has been so overtaken by Brexit

On the upside, at least we're not talking about measuring things in cups.

Ben Tasker Silver badge

Re: If you want a warehouse or office-space, chances are it is measured in imperial units.

Presumably because the first reference to size in your "evidence" says

> with its 21 metre high eaves and 574,258 sq ft (53,350 sq m) of floorspace,

Note that that the height is in metric, and although a square footage is given, the measurement is also given in metric.

If we pop over to right move to look for offices to rent, you'll also find that both are given.

Ben Tasker Silver badge

Re: The UK political sphere has been so overtaken by Brexit

> Unless it's an ounce of plant matter, then we can spot it from fourty yards, natch.

I'm told that sales of that's moved to more commonly using grams now too. Someone mentioned getting 7 grams a while back (a quarter to you and I)

Ben Tasker Silver badge

The UK political sphere has been so overtaken by Brexit

that sometimes you manage to forget just what an absolute weapon Ian Duncan Smith is. Leaving him in charge of opening a tin of tuna is presumably likely to result in disaster.

There're politician that go the other way too - David Davis being a particular one. He repeatedly made himself look a complete tool with various things Brexity, but in before-Brexit-was-a-thing times (and to some extent since) he does actually talk some sense on topics like Government accountability.

> Create the ‘smart’ energy grid of the future

I'm actually sort of OK with that, so long as the requirement for UK smart-meters to contain a contactor is removed. Other countries cope without the ability to remote disconnect, and UK suppliers aren't currently using it (and claim they won't) - so why not remove it from the spec sheet so that supplier screw ups can't cut peoples power off.

> Amend the Weights and Measures Act 1985 to allow traders to use imperial measurements without the equivalent metric measurement.

Curious to hear what, exactly, they think we gain from this. Either we're already using the imperial measurements (pint please mate) or there are a couple of generations in the world who have never used those imperial measurements. Seems like having to print both is a reasonable compromise.

Racist malware blocks The Pirate Bay by tampering with victims' Windows hosts file

Ben Tasker Silver badge

The default behaviour of Firefox when using a SOCKS proxy is to still use local DNS resolution - you have to specifically go and change network.proxy.socks_remote_dns to true if you want queries to go via your proxy.

So, this would still affect the majority of people.

Debian's Cinnamon desktop maintainer quits because he thinks KDE is better now

Ben Tasker Silver badge

Re: KDE = Kmail

> Fine as long as you remember to turn on your monitors first before waking up the computer from sleep, or your desktop orientation will randomly get borked

I don't have that, but I do have a similar annoyance.


- My laptop is plugged into a monitor via HDMI

- Screen locked before I wandered away (or auto locked)

- It's been left a while, so monitor has powered itself off

If I come back and waggle the mouse, then kscreenlock (or whatever it's called now) comes up prompting for my password. If I then power my monitor on, it too displays the password prompt.

Except, now, neither provides any visual feedback when I press keys to enter my password (whacking enter will unlock and everything unlocks - assuming the password's correct).

Thing is, my keyboard and mouse are plugged into a USB switch so I can switch them between machines - when it happens, I always get a hit of paranoia that I'm actually typing it into Slack/Skype on another machine

Ben Tasker Silver badge

Re: Now I know that Debian also packages Cinnamon

> One size fits all, conveniently dumbed down

Ahh, someone remembers Unity far too vividly

Ben Tasker Silver badge

Re: Now I know that Debian also packages Cinnamon

> or XFCE.

I miss XFCE...

But, I ditched it when I moved to using a laptop more frequently. Absolutely fine on the laptop, but their (continued) approach to multi-monitor is a royal pain in the arse.

There's an implicit assumption that the screen on the left is the "main" desktop - if space on the desk you're at means your laptop has to be on the left, then it's the main screen rather than the big monitor you've just plugged in.

Then, you go for lunch (or something) and your monitor goes into power-save. When you come back, you've got to set the monitor back up.

It's such a little thing, but if you're plugging/unplugging regularly it wears thin.

Say helloSystem: Mac-like FreeBSD project emits 0.5 release

Ben Tasker Silver badge

Re: “sudo su works now”

> when someone tried to install an EL7 RPM on an EL6 dev server, got a glibc error, copied over some glibc libs from elsewhere and then wondered why the server stopped working.

We had a fun one a while back - someone wanted Python 3, so forcible removed Python 2.7 (or was it 2.4)? Why, I dunno.

But, they were surprised to learn that yum relies on Python....

Ben Tasker Silver badge

Re: The UI

> Speaking for myself I appreciate being able to use a mouse as well a CLI.

One thing I'm finding increasingly annoying though, is CLI stuff that interacts with the mouse.

I use Terminator as my terminal, so will sometimes right-click and choose "Split pane" to split the window horizontally and give me another shell.

Except, if that terminal has htop open, it swallows the right click and doesn't display the menu, and god help you if you've got vim open or something.

I expect terminator (a GUI application) to interact with my mouse - I don't particularly want CLI programs doing so

Thailand bans joke cryptocurrencies and non-fungible tokens

Ben Tasker Silver badge

Re: Just ban all crypto currencies.

> as citizens no longer have to worry about how, when, why, nor even if to begin accepting crypto currencies

Personally, _if_ I was going to accept crypto I'd probably take an approach a bit like banks do during mortgage (re)valuations when there's a house price spike on.

Yes, the current "value" is $36K, but by the time I recoup there's a risk it'll be less (because the market's now not so hot), so you can buy with BTC at a rate of 1BTC = 25K.

We've been shown time and again that strong encryption puts crims behind bars, so why do politicos hate it?

Ben Tasker Silver badge

Re: Obvious solution

> The whole point of PK encryption is that it *doesn't matter* if the public key gets intercepted.

Ahh, but it does.

As with OP, you're thinking of the wrong end.

You're right in that them intercepting the public key doesn't now mean they can decrypt message encrypted with it. But, they can substitute your PK for their PK and the other end will now be sending messages that they _can_ decrypt (and can then re-encrypt with your key to send onto you).

> In fact the normal method is to post your public key to a public forum that everyone can see, which prevents your key being substituted by someone else's public key.

It does indeed, but it also provides another path of attribution that can lead back to you. Your interactions with that public forum have to be pristinely clean, otherwise anything that links you personally to the post also links you to the key that the authorities are interested in.

It also means that you're only really moving your point of trust - has the place you've published been compromised? You could post to two places instead, but you've just doubled your potential exposure.

This headache is part of why the web-of-trust was developed - Alice trusts Bob and sign's Bob's key, Carol doesn't know Bob, but trusts Alice, therefore trust's Bob's key - that (of course) has it's own set of issues.

Ben Tasker Silver badge

Re: Another Obvious Solution

> So the proposed "either...or" in the quote is a false dichotomy.

Fair point, but:

> Of course Diffie-Hellman is fiddly..........but secret key exchange IS possible!

It's all the more fiddly if you start adding in the air-gapped systems that OP was referring to.

Not impossible, but also enough effort that it's not really workable (complexity engenders risk and all that)

Ben Tasker Silver badge

Re: Obvious solution

> Things could be streamlined fairly simply too, such as using something akin to acoustic coupling to transfer messages, or a USB stick for heavy loads.

You've streamlined the wrong end.

Encrypted message transfer (the bit you've just done) is easy. The hard bit is they key exchange - the issue with using OTT PGP has always been that first bit: if the feds manage to give you their key in place of ShadyBryan's then you're fucked.

- Sure, you think, just post the key (or it's fingerprint) - except the mail gets intercepted.

- So you go for in-person exchanges, except you're now both in the same place... even if you don't get nicked, it's not terribly convenient

Essentially, either you have to expose yourself to risk of interception (by exchanging online, or in some other middle of the road way), or you have to have physical interactions with your, err, acquaintances. Either one is open to exploitation (in different ways) by the sort of people who might be interesting in your criminal mis-doings.

The more popular/convenient solutions all abstract key-exchange away from the user to some extent, which is nice and convenient but leave open the risk of it being quietly subverted. With something like OTR, you're supposed to verify fingerprints, but a lot of people don't bother. That complacency leads to mistakes, which is a prime opportunity for law enforcement (and much, much easier to achieve than breaking encryption).

FWIW I previously created a PGP encrypted chat protocol that uses DNS as a transport - it nicely mixes in with existing DNS traffic, making it hard to spot without prior knowledge. But, key exchange remains an issue.

Ireland warned it could face 'rolling blackouts' if it doesn't address data centres' demand for electricity

Ben Tasker Silver badge

> Planning permission for the power station takes 10 years, it takes 5 years to build and 15 years to pay back the construction costs - even if the market for its power hadn't closed a decade earlier.

There's another "gotcha" down the line too.

You've built a bunch of power-stations to provide extra power for those D/Cs (25% of your load).

The companies behind the DCs start making noise about taxes being too high (despite IE's already bargain-basement rates). Do you

- Let them leave and swallow the cost of now having that surplus generation capacity that you're never going to need

- Give them a tax-break to keep them here, effectively delaying ROI for the power station subsidies?

I guess, though, Ireland might have a third option - we're also fucking up our own power strategy in the UK, so they could do like the French and sell us power

Cloudflare network outage disrupts Discord, Shopify

Ben Tasker Silver badge

Re: CDN useless

Yes, even in AC's bizzare world where SSL connections are just passed through, CDN's would still offer protection against common DoS mechanisms (like SYN floods and other similar junk-at-TCP-level stuff).

What I can't work out, is why AC thinks a customer with that level of distrust would be using a CDN in the first place. Either you trust them to terminate your traffic, or you don't (and if you don't they can still do all kinds of nasty without needing your keymatter).

If you do, then you give them the means to terminate your traffic (SSL keymatter)/have them acquire their own (via LetsEncrypt or wherever). If you don't, then you shouldn't be using them.

TBH, I think AC may have confused a CDN with a router - his model seems to consist solely of forwarding packets on.

Ben Tasker Silver badge

Re: CDN useless

> 1) servers are becoming faster so they don't speed up delivery they add an extra unnecessary hop that slows things down.... or worse, a 5 seconds "checking your browser" delay.

Only in the event of a cache-miss - and it was never just about speed, it's also about capacity. Yes, you can scale your origins to handle massive spikes, but it might not be cost effective to maintain that scale

> 2) Traffic is becoming encrypted, and they often aren't trusted to see the encrypted traffic. So they cannot cache what they cannot read.

When was the last time you used a CDN or understood how it worked?

CDN's terminate the SSL connection, and (in the event of cache miss) establish a new SSL connection upstream

> Their core service is becoming redundant. So what service *do* they offer if their core service, caching and delivery, is useless?

Only in your mind. In the real world, the CDN market continues to see significant growth. They're a commodity rather than a specialist service nowadays, but uptake continues to be absolutely massive.

> Snake oil?

If any of what you had said was true, maybe, unfortunately there's less accuracy in your comment than in a Trump tweet.

UK launches consultation on forcing landlords to allow gigabit broadband upgrades

Ben Tasker Silver badge

Re: Leasehold, fleecehold

The flipside of that though, is if you have a bunch of neighbours who can't/won't pay for maintenance it puts you in a sticky situation.

Do you pay out the shortfall to fix the hallway? If not, when someone falls through the floor and sues you're going to be jointly liable.

Now think about how many people you know who are either tight-fisted, or struggling financially. Really think leaving it to neighbours to sort stuff out is going to work? Nearly every private road I've driven down has been a pothole nighmare, I'm not sure extended that level of care to buildings is a wise move.

Not that the current setup is any good either.

PrivacyMic looks to keep your home smart without Google, Alexa, Siri and pals listening in

Ben Tasker Silver badge

> So what exactly is the benefit to the purchaser of these devices?

Unlike Echo and Google Home, this product has "Privacy" in the name.

That's it, that's all I can really come up with - there's no inherent privacy improvement (in fact, I'd say this has the potential to be worse as it can tell more about what you're doing).

'Vast majority of people' are onside with a data grab they know next to nothing about, reckons UK health secretary

Ben Tasker Silver badge

Re: Theoretically...

> If most people were asked "do you support your data being held by an external contractor to the NHS, who only works office hours and therefore prevents the NHS from obtaining your medical data when you are in A&E in the evening or at a weekend" then the number of people in favour of retaining their information on paper with their GP would likely be less than if you listened to the concerns about data being able to be shared with other groups.

I agree with the first part, the problem is that for it to be an either-or there has to be trust.

Patients have to be able to trust that NHS Digital slurping the data will result in it being available to A&E, but going no further than that (i.e. no sharing with "other groups").

That trust has been seriously undermined by NHS Digital trying to roll out a system sharing data with "other groups" with no meaningful notice, announcement or simple way to opt-out of the slurp.

Hospitals having access is, undoubtedly, a good thing - the problem is for that to happen, NHS Digital need to have access, and it's currently impossible to trust that they won't later pass it on/sell it/leak it/otherwise screw the trust placed in them.

Admittedly, I am laying a lot of blame at NHS Digital's door here, when really there's no doubt in my mind that the Secretary of State doesn't have his fingers in this particular pie somewhere.

Global Fastly outage takes down many on the wibbly web – but El Reg remains standing

Ben Tasker Silver badge

Re: Yeah, came here to ask the same thing.

> I suspect their comms were aimed at the customer, who, when it comes down to it, probably just wants their website to work, not really caring about the details behind it.

Yup, it'll almost certainly be that.

Their update on the cause overnight was rather lacking in detail in my view - "it was a software bug" is very vague.

But... the average customer doesn't care that you accidentally introduced an off-by-one or something, so actually their update is probably just fine for the majority of their customers. Whereas I want to be sure it's not something we might accidentally do later, so want more technical details

Ben Tasker Silver badge

It does, but a smaller and less complex one.

Your CDN service has direct communication with end-users (because they connect in and request content) so:

- If something goes wrong, users are directly (and immediately) impacted

- It has to take a lot of load (obvs)

- Lots of load increases the chance you'll get either cascade failures, or a thundering herd leading to cascade failures

- The whole thing relies on TCP (HTTP/3/QUIC not withstanding)

- You (and maybe even your sales dept) make config changes semi-regularly

Things aren't quite the same for Cedexis:

- Users query their resolver, there's widespread downstream caching, so load is much, much lower

- That caching also means user visibility of issues is delayed (but, conversely, can be prolonged - it's a double edged sword)

- There's no TCP overhead, everything's UDP (unless you've fucked up)

- Config changes are likely to be quite rare

There's obviously some common scope for screw-ups - software releases are a potential bugbear for each.

But, CDNs also serve a wide variety of business - small file, VoD, linear video etc - it's all HTTP but optimal caching and delivery approaches (and often, desired reporting) differ greatly between them (even before we get onto built in optimisers and WAFs).

CDN switchers on the other hand have one main focus - DNS. Whilst the status checkers etc might have more complexity, if you've got a sane ruleset (i.e. some default fallback) the worst case scenario of an issue there _should_ be that you fall through and send all your traffic to the default - still not great, but at least there's some service.

So there's greater exposure to potential bugs on CDNs because they're more complex (software release improving performance for VoD customers just screwed your e-commerce site, sorry).

There is also the matter of trust - are you better moving from trusting Cloudflare to some CDN switcher run by a single guy out of his garage? Hell no. You're going to want a reputable org with established support lines - just as you'd do due diligence on your CDN provider, you'd do it on your switcher provider.

In the years I've been in CDN, I've only once seen a situation where the CDN switcher itself was an issue - https://www.bentasker.co.uk/blog/security/670-spamhaus-still-parties-like-it-s-1999 - even then it wasn't really an issue with the switcher so much as a 3rd party's understanding of modern flows.

Ben Tasker Silver badge

> except all this does is to shift the SPOF from CDN to CDN selector so doesn't solve the problem.

True, except we've just moved the SPOF from a complex TCP stack (your HTTP(s) service) receiving direct user-connections, to a much less complex UDP stack that benefits from widespread downstream caching.

Is it still a SPOF? Yes. But it's also one that is much less complex, and less likely to go wrong.

> Larger sites need to consider for example test coverage, troubleshooting, logging etc. which are all far more complex on multi-CDN.

They are more complex, they are not "far" more complex.

There might, of course, be an engineering cost in getting to the point that you can do multi-CDN properly, safely, but ultimately your tests should be CDN agnostic, and you should have well-defined troubleshooting workflows that minimise/mitigate the complexity there.

Logging - if pulling logs from different sources is an issue for you, then it's not multi-CDN you've screwed up, it's your logging pipeline. If you can find a CDN provider that doesn't expose an API for you to pull logs via, then you've just found a CDN provider that you shouldn't be using.

> Thinking you can just re-point a CNAME is, well, wishful thinking.

Now you're misstating what I said

'With a *good* CDN switcher, you essentially just have another CNAME in the DNS chain - all CDNs respond to the same host header, and your switcher just routes traffic to different CDNs based on observed/learned status as well as your preconfigured ruleset.'

That's not saying "you can just repoint a CNAME".

> And that's not even touching on large services that need to do capacity planning with the CDNs and take selector decisions based on load.

That ability to configure that is built into pretty much every good CDN switcher.

Yes, you need to do some planning with the CDNs themselves to discuss what load you're going to send, as well as getting details of how they expose metrics for your switcher to consume. If you're big enough to need a switcher though, then you're more than big enough to be having those conversations.

This stuff _really_ isn't as complicated as you seem to think - it just needs a bit of planning and forethought.

Ben Tasker Silver badge

> It's really quite difficult and expensive to build your own multi-CDN system

It is - at least if you want a sufficiently functional one.

Which is why, just as you'd buy turnkey CDN services, you'd buy a turnkey multi-CDN setup (Cedexis being the obvious example, but far from the only one).

With a *good* CDN switcher, you essentially just have another CNAME in the DNS chain - all CDNs respond to the same host header, and your switcher just routes traffic to different CDNs based on observed/learned status as well as your preconfigured ruleset.

The cost of those switchers is far, far less than the cost you'd incur self-implementing.

There is, though, still a cost associated with that - at a certain point it becomes a business decision: do we spend $xxx, or accept that $edge_case might occur?

> that configuration issues become increasingly likely to be the SPOF

They are, but your CDN switching config shouldn't be changing anywhere nearly as regularly as your edge config (which itself probably isn't changing as regularly as the stack below it, etc).

Ben Tasker Silver badge

AFAIK, Fastly don't offer a white label service (the thing that allows other businesses to present it as their "own" CDN), so from a delivery point of view it shouldn't be any.

But, anyone sane should be serving things like status pages through a seperate route, so it's quite possible that some others served theirs via Fastly, and the status page went down while service continued. Fairly small impact.

But, those small impacts can get quite fun once you start thinking about the spread of lots of them - how many companies build/test pipelines failed because they rely on assets that get pulled down from a site/service that's fronted by Fastly's CDN?

Ben Tasker Silver badge

> It's only people who want access to all those services at once that experience it as a single point of failure.

No, that's not really accurate.

Even if you're only focused on Reddit (to pick one), Reddit is(was) down - the reason? They built a single point of failure into their setup by using a single CDN vendor rather than a multi-CDN setup (or, alternatively, have just realised some metrics their multi-CDN status checker should have been considering).

What you're talking about - the fact that it broke a wide range of services is a *common* SPOF.

Fastly is still a SPOF for each of these services, regardless of whether any other service was using them. That a large proportion of the internet seems to be down to users is because there's a common SPOF that's just failed.

It's not reddit's job to avoid common SPOFs, but it is reddit's job (if they care about service availability) to avoid/mitigate SPOFs in the first place (though, really, cost comes into it too - you can mitigate most things, but it may not be worth the cost to mitigate the edge-cases)

DoS vulns in 3 open-source MQTT message brokers could leave users literally locked out of their homes or offices

Ben Tasker Silver badge

Re: Patch a key


Imagine explaining that to the insurance companies' risk adjuster - "There was glue in the lock, so I put in a new door"

Didn't it occur to you to get a locksmith out sir?

Ben Tasker Silver badge

Re: Patch a key

A DoS is easily fixed by spinning up more capacity etc.

It only needs to be a temporary inconvenience, not a permanent one.

Also, if you've got a uPVC door you might want to be a little careful putting acetone anywhere near it (though nail varnish remover is sufficiently dilute it shouldn't be an issue)

Ben Tasker Silver badge

Re: Patch a key

Or, given that a DoS is normally an attack (self-inflicted accidents not withstanding) - superglue in the lock.

Google, Facebook, Chaos Computer Club join forces to oppose German state spyware

Ben Tasker Silver badge

Re: Stasi

> we do have a few politicians that are in favor of all the insane crap like forbidding (or at least back-dooring) encryption.

Back in... fuck, 2009, they also had the "brilliant" idea of it being a crime to have "hacker tools" without an appropriate license, and proceeded to implement a definition so broad that it included.... Perl and Python.

El Reg wrote about it at the time https://www.theregister.com/2009/06/07/germany_hacker_tool_law/

So, yeah, no real surprise in this latest one

UK's Labour Party calls for delay to NHS Digital's GP data slurp until patients can be properly informed

Ben Tasker Silver badge

Re: They don't make it easy.

> GP practices are funded by the NHS, which is in turn funded from the public purse. That's a very strange definition of a private company!

GP practices are private businesses funded via a public org - what's so hard to understand about that?

> Let's not forget the world beating Track and Trace system as well! IT is certainly not their forte.

You mean the one that was developed by... checks.... not the NHS, but a private consortium?

> Let's not forget the world beating Track and Trace system as well! IT is certainly not their forte.

You mean the website developed by..... drum roll... NHS Digital (a non-departmental executive body)

The NHS is not without it's issues, but we need to be careful not to conflate the failings of private with those of the public body. A cynic might suggest that that conflation is exactly why the "NHS" brand is getting tacked onto so many of these doomed projects.

US slaps tariffs on countries that hit Big Tech with digital services taxes ... then pauses them immediately

Ben Tasker Silver badge

Re: About bl**dy time

> A wealth tax, yes. As usual, it's a ridiculously terrible idea. We tax flows, not stocks in very nearly every case.

That's the point you seem to have missed in his reply though.

He was suggesting a means (good or otherwise) by which you could change that approach. Your reply was "but we have capital gains", which is completely ineffective at changing the approach because it taxes flows.

Why does LDS want to change approach? Because further up the chain you're replying to, it was discussed how certain shareholders "always" find away to avoid taxable flows - the example here being sitting on (and presumably leveraging) shares rather than liquidating them.

Your replies could be much shorter if you just wrote "that's not how it is now", which'd still miss the point he's talking about a change from the status quo.

> It is an increase in investment in productivity, and one that doesn't cost the recipient country anything.

No, you're taking an extremely blinkered view.

- UK Company B sells widgets to UK customers, and pays $x corporation tax

- US Company A acquires Company B

- US Company A licenses Company B it's original IP from it's Virgin Islands subsidiary

- UK Company B pays licensing fee to Virgin Islands sub and makes no profit in the UK

Company B is employing exactly the same number of people as before that "investment", the customers served are in the same location, but the UK taxpayer is now seeing less revenue.

I'll accept that that involves an acquisition though, so lets go for a simpler example with a real foreign investment

- US company A buckstars opens branches over here selling hot beverages

- As a result, creates 10,000 jobs (Woot!)

- UK subsiduary licenses the logo from US company (or one of it's subsiduaries)

- UK sub has low profits

Now, at step 2 we've had your investment, we've added jobs to the economy, which is good. But the money that UK consumers are spending is mostly going offshore rather than recirculating into the economy (via treasury, or employee's wages) - the company, after all, takes more than they pay their employees otherwise the business won't be viable.

> It is wholly good; end of story

You _should_ be hearing warning bells - you're talking in absolutes, which almost certainly means you're wrong.

> I'll give you the benefit of the doubt and assume there's some meaning you didn't manage to put into words. I have literally no idea what you were trying to say there. I assume it's wrong, given how you started, but really I can't tell. I'm somewhat amused by the concept that people sending you money means 'your' funds being offshored. It's the exact opposite, obviously.

I've read it again, and can only conclude that the issue is with either your comprehension or your ability to look at anything but a narrow scope.

A foreign company does not operate over here in order to send money here - there's an expectation that (at some point) returns will be larger than investment. When those returns materialise, that's money being taken out of the national economy and sent off-shore.

> You appear to be labouring under the misapprehension that exports are good. They aren't. The benefits of trade are imports, not exports. This has been well-known for over three centuries.

It depends on your business (or more precisely the size of the business). Imports enable you to acquire materials more cheaply, increasing profit margins etc. That, of course, is only advantageous to us if taxes are then paid here.

Exports, however, bring money in from other countries, so they shouldn't be overlooked.

I'm writing this from the UK, which is primarily a service economy: it's all about exports, so yeah, you'll forgive me if I'm focusing on the bit that actually makes us money (or did, pre B word).

> Please, if we're going to try and talk economics, can't you at least learn the basics? It's like discussing maths with someone who argues about whether addition is commutative.

There's no need to be a prick just because you disagree - your misplaced sense of superiority says far more about you than it does me

> Ultimately, I think you're basing your ideas on the notion that the tax system is supposed to be fair in some way or other.

Actually, that's your misapprehension.

I entered the thread to point out that you were wrong for suggesting CGT achieved what LDS was aiming for, and to point out that your statements in general were fallacious.

At no point have I argued in favour of any of the changes, I've simply pointed out that what you are saying is *wrong*.

Ben Tasker Silver badge

Re: About bl**dy time

CGT only triggers when you liquidate assets, so you can't use that instead.

LDS seems to be suggesting something more akin to Council Tax than Stamp Duty - i.e. you've got 1000 shares worth £1m, so you need to pay £10k/yr tax on those shares for as long as you hold them. I'm not sure it's a serious suggestion.

> Because foreign people investing in our economy benefits us.

It's not nearly that simple.

It can be beneficial, but isn't automatically so - especially if that "investment" is of a form that means an increasing proportion of "our" funds are funnelled offshore. Trade complicates things significantly. Foreign investment into stuff we can export benefits us (as it effectively moves money into the country, despite some them moving out). Foreign investment that drives up imports though, isn't nearly as clear cut.

> People sending money to your country don't 'owe' you anything.

As above, it's not nearly that simple.

You're a US company, and you've recently set up a warehouse in the UK, and are making a mint shipping widgets around the country, and into the EU (or wherever).

Your business is benefiting from a whole bunch of publicly funded assets:

- Parts coming in are using publicly funded roads, railways etc

- Your lorries are going over publicly funded roads, railways

- Your exports are transiting publicly subsidised ports

- Your workers are being kept healthy/available for work by a publicly funded healthcare system (yes, even in the US)

- Your skilled workers are skilled because of publicly funded education

Your *future* business may also be impacted by how well funded those are - failure to maintain the roads leads to shrinkage because widgets break en-route due to a rough ridge, hiring suitable staff becomes harder because the education system was underfunded, or you can't hire anyone who doesn't break because we've all got scurvy*

*or something

Ben Tasker Silver badge

Re: About bl**dy time

> Out of curiosity, do you pay your pension contributions after tax?

You do know that pensions are taxed when you draw them?

If you pay your pension contribution after being taxed, then your provider claims basic rate relief for you and adds that into the pot. If you pay via salary sacrifice, then it goes in before tax.

Either way, when you come to draw down your pension, it'll be taxed as income.

It's a complete tangent, but either you don't understand pensions, or it's not clear what point you were trying to make here?

> So you want the right to determine the tax rates of other countries, which have many legitimate residents?

I'm not sure that's what his complaint was. I think it was more a comment on the habit of people turning out to be a tax non-dom if called upon to pay - i.e. the original suggestion of just taxing shareholders and getting rid of corporation tax wouldn't be any better than the system we have now

Stack Overflow acquired for $1.8bn by Prosus (no, me neither)

Ben Tasker Silver badge

Re: there is an upside

Why do you need CSS when you can just do it on the fly with jQuery?

European Parliament's data adequacy objection: Doubts cast on UK's commitment to privacy protection

Ben Tasker Silver badge

Re: Just

> And you? If UK is stripped of its status, then it won't be getting EU data and EU won't be getting UK data. You're pretending to be about "data protection" right? So that's a good thing right? No spewing private UK data to the EU is *good* right?

You seem to have ignored quite an important bit here in your hope to make a point.

Weakened protections in the UK likely also mean that our (i.e. those of us in the UK) data is being spewed somewhere else. It might not be going to the EU - with their *good* protections - anymore, but if it's instead going to the US (where their approach to data protection is to laugh, say fuck off and carry on) or somewhere else, then it's not really an improvement is it?

The other thing you're ignoring, in the typical euro-sceptic manner, is the impact that the loss of adequacy may have on UK businesses (and by extension those employed by them). If there's no adequacy, then a whole load of data-processing businesses end up far less viable.

The problem with you lot, is it's always about scoring one over the EU, rather than taking anything approaching an objective view on cost/benefit.

EDIT: Just to add

> GDPR does not grant the same rights to those subject to an immigration procedure" are just thinly disguised attempts to cast immigration policy as data protection policy

If you'd bothered to read the linked article, you'd know this view is umitigated bollocks.

The exemption is something they tried to squeeze into the DPA twice before GDPR was even a thing, and failed, precisely because it was so roundly condemned - Our own politicians wouldn't accept it when first mooted, it's hardly a EU specific thing to be opposed to the idea of denying immigrants something viewed as a fundamental right.

VC's paper claims cost of cloud is twice as much as running on-premises. Let's have a look at that

Ben Tasker Silver badge

Re: Cloud benefits

> So yes, on-prem is cheaper but only attractive to managers in a large company if that company is excellent at capacity planning and has streamlined approval processes that are reasonable.

There are, though, those companies that choose to have the worst of both worlds.

You get the "flexibility" of cloud, but the purse strings are being held extremely tight, and you need to go through rounds of approval for any new instance/cost.

NHS GP data grab: Royal College of General Practitioners urges health body to communicate better

Ben Tasker Silver badge

Re: Opt out here

> There are two ways to opt out, apparently:

No, they're two different things.

- The type 1 stops the slurp - your data doesn't leave your GP.

- The national data optout still allows the central slurp, but prevents it being provided - in a non-anonymised form - to third parties.

Really, you probably want to do both. If you only do the National Data opt-out, then NHS Digital will still slurp and hold your data.

Ben Tasker Silver badge

Re: Right to opt out

> This is personal data of the most delicate kind which is supposedly "anonymised".

It's worse than even that.

They intend to psuedonymise it, not anonymise. Your data will be allocated an identifier.

Under certain circumstances they may reverse this and link back to you. For example, if researchers are looking for people with "x" in order to ask them to participate in a clinical trial.

So, it's being shipped *explicitly* with the ability to be re-associated, all but guaranteeing that at some point they'll fuck up and it'll all get reassociated by accident.


Biting the hand that feeds IT © 1998–2021