Posts by Mike

it's a lie

he is just saying this so when all those embarrassing emails get leaked he can claim they must be fake because everyone knows he doesn't email

referal

for those claiming you can't block by referrals because of programs that remove them (also bookmarks won't have one) - you of course allow links with no referral

yes this means that users with such software can still access the content from other sites, however the vast majority of users will get tubgirl/goatse/whatever, which will get the link changes pretty quickly! (of course if it's a business website then an error page is an almost as good alternative)

if i go to a friend and ask them where the best place is to get my car fixed and they suggest a certain garage then i go there, the car repair has bugger all to do with my friend - i have gone to the garage and asked for my car fixed and they have said yes, i might also tell them my friend sent me (referrer header) in which case they may well decide "oh, you're one of his friends? sorry, go somewhere else", but if they fixed my car then tried to sue my friend for referring me there then the judge would rightly laugh at them

what is the difference here? my friend Jennifer Reisinger suggested that I might want to have a look at the Sheboygan police station, i walked in there and said "hey, my friend Jennifer Reisinger said I might want to have a look around, is that OK?" (Referral header tells them who sent me) and they said "Yes that's fine" (by sending back the page) and let me walk around, then the next day turned around and tried to force Jennifer to stop telling her friends about them? If they dislike Jennifer's friends looking around then the correct thing to do is say "sorry, we don't want you here" and that's the end of it. (Of course if it's a public part of a government building they refused me access to then that wouldn't be the end of it, but that's a different matter)

details

isn't that why you're meant to either use licensed bands with a license (so it's yours, and nobody else can use it), or use unlicensed and expect interference?

there are no details in the article about the license state of the spectrum, but one can assume if the police set up their system then it's a licensed band and they hold the license for it, so then why were the plant watering systems set up on a licensed band without getting a license? sounds like the last thing they should be doing is going to the regulator shouting about how they've been illegally using that frequency for years!

For the environment

They were using recycled cardboard, so the more they use the less of an environmental impact there is, they are aiming at sending out so many boxes that they can call themselves "carbon neutral" without planting a single tree or reducing their carbon emissions at all.

not to worry

they have 2 options:

1. have a requirement that it actually be proved, leaving us in the current situation of not having to worry about it (as they can't prove anything, which is why they insist on never going to court, courts need this "proof" thing)

2. they say any copyright holder sends 3 complaints they cut them off for a year, meaning every single customer online at a certain time gets cut off for a year after an automated script sends out 3 emails for every IP Address the ISP has assigned, quickly bankrupting that ISP (or they could chose to pay me huge amounts of money for refusing my demand to disconnect everyone)

Nice

Looks like a nice project, i will be looking in to it - think of how useful a 3D printer could be, and at that cost it could be affordable... just hard to tell exactly what is involved in building one to see if it's viable for me to make one! if it is then i'm in...

Might be interesting to have multiple nozzles, stick some dye in with the plastic for the rods, real 3D printing :)

what's the problem?

they are already running beta software anyway, so it's not like they have any problem with a beta patch

@You couldn't pay me trust them with a fucking toaster.

actually, you pay them (indirectly) to keep your toaster running!

or not running as the case may be...

problem

if indeed it automatically uses voip whenever it can, what happens when you're walking down the street and make a call, and as you dial you just happen to briefly walk past an open access point? call drops as soon as you walk out of range...

for it to work properly you would need to be able to roam between the 2, and that is where it gets tricky

dvorak

I assume those suggesting dvorak have never looked at the list of keyboard layouts included with the OS (every OS i've looked on) or they would see that dvorak is not really too practical for anyone except yanks, as there is no option for a dvorak keyboard with standard symbols, only USA symbols! (you need to make a custom keyboard layout file for it - including on vista and the few linux distros i've checked so it's not even a case of the OS being pre-dvorak)

the correct layout for the second to bottom row of a standard UK keyboard is:

Small Shift \zxcvbnm,./ Big Shift - lower case

Small Shift |ZXCVBNM<>? Big Shift - holding shift

however many laptops to save on costs use the US base with UK keytops on giving a bigger shift key on the left, in this case they move the \| key to a different location to avoid shifting the keys along (i have 4 laptops, each has it in a different location!) - this appears to be where dell have screwed up, in not moving that key when using a US base (and the fix is of course a quick move of the keys and update the key mapping, probably a firmware update)

just don't get me started on the | key which has ¦ printed on it, whilst the ¦ key has | printed on it! (for those who don't know how to type that symbol, AltGr, as with all symbols) however linux so helpfuly decides to make both of them in to | keys

also worth noting that the euro key is on AltGR+4, some keyboards have it printed on the key but some don't - not sure if it's just me but as far as i can tell at one point pre-euro they seemed to all have it on, these days with use of the euro symbol being common it seems to be 50/50 if it has it printed or not

for typing other european languages, for french accents you can hold AltGr and type the letter, for others i have no idea... (except Alt+number of course) anyone?

over complicate things...

why do yanks always insist on looking at what the rest of the world is doing, then doing it completely differently in a much worse way? (i'm not thinking of any specific standards where they have gone for the worst standard apparently just because the rest of the world went for the other one... because there are too many examples of that to start getting specific!)

here it's quite simple, you get paid your wages, your pay slip on it has how much was taken out and sent to the tax man - a simple calculation the company makes, and if there is a mistake and you over pay (normally due to a job change during a tax year) then the tax man automatically informs them/your a new employer how much to refund you (and they deduct that amount from the payment they send to the tax man)

then you take your wages and you go to the shop and you pay the price listed on the product, and if that shop is vat registered (only compulsory for a turnover of i think it's around £60,000 or above) then they take part of that final sale price and send it to the vat man, but you have no need to concern yourself with this unless you run a company with that much turnover (in which case it's mostly a simple 17.5% of final sales price, unless you're dealing in excluded/discounted categories)

and for international sales the companies just handle the vat in the same way as normal, they charge their local vat which is then passed on to their vat man as usual, just with a note of how much should be forwarded to the relevant governments - however i'm not sure if this is actually down to this being how it's meant to be done or just that nobody actually has a clue including the various vat men (seems to be the indication i get) so they just went with collecting vat the normal way and that has become standard practise (some companies do charge your local vat after getting your address, however they tend to be international companies with offices in the countries they sell to so could be treating them as sales from that office in your country just to be on the safe side)

compare that with the US, where the last time i went there (in 2001) i tried to buy something from the macdonalds "99cents menu" only to be told that the $1 i went to pay with wasn't enough!

damn

New contracts only? damn

I just signed up for a new contract on monday... guess i'll have to make use of the right to send the phone back and cancel the contract within 7 business days, then i can buy it again the next day and get 500MB/month data added in for free! (at least it means i can check my email from the road - although not too sure about reading the pdf files some companies insist on using for all correspondence!)

RE:Sounds like a pretext

Sounds perfectly reasonable to me, after all as far as the law of every other nation is concerned the brazilian authorities are just foreign civilians, they have no special status that would allow you to exchange such material with them any more than anyone else.

Most distribution laws etc tend to have an exception which excludes sending it to the police for evidence purposes, however sending it to anyone else would still be illegal.

If the images are stored in their US based datacentres then US laws would apply which apparently (going by their statement) the US laws allow for distribution only if you are sending it to the national centre for missing and exploited children - therefore if they were to send the images from their US datacentre to some brazilian user they would be committing an offence (even if that brazilian user happens to have the status of police officer within brazil under brazilian law, outside brazil they do not)

@stationary in one place for more than 10 minutes !!

you mean 2 minutes right? we all know the police are useless at *everything*

most police vehicles are already tracked so they can get them to serious incidents (by which i mean speeders, not rape and murder) faster - however there didn't seem to be a problem the other day when 4 police cars (the entire police force?) all pulled in to the same service station at the same time to take a break - so i don't think they have to worry about micromanagers telling them off for investigating suspects at the local burger van, or telling them to get out of that toilet with their fellow WPC

and regarding most companies tracking their vehicles, for the paranoid among you: this includes rental companies, remember that next time you get a company car from a rental firm (that'd be most company cars then - and i'm sure most companies owning their own cars fit them with trackers too)

what i am surprised about is that when someone is suspected of committing a crime, it is extremely rare for the police to go to the vehicle tracking company (or mobile phone company) and ask for the tracking data for that person at the time of the offence - although any police reading this please don't get any ideas

secure system

how about a simple device with a radio in it, we'll call it a "BankSafe" to please the marketing guys

when you log in to your bank account you just enter your username/accounts number then get a (constantly refreshing) "Please use your BankSafe to verify your identity" page. you pick up your "BankSafe" device, on the screen is a message "Are you trying to log on to online banking using <your ISP>?" you enter a PIN and "confirm". you want to transfer your life savings to someone you get a message "Please use your BankSafe to verify this transaction", you pick it up, on the screen is "Do you wish to transfer £50,000,000 to John Smith?", you enter your PIN and press "confirm". Of course an extendable system would be open to currently unknown future uses (allow the bank to specify custom messages for confirmation).

This could then be extended to your debit card transactions, the delay need not be more than a couple of seconds, so you put your card in like you currently do, wait 2 seconds, then instead of entering your PIN in to the shops machine you enter it in to the "BankSafe" device, press confirm, 2 seconds later the cashier gets a "payment confirmed" back from the bank and trasaction is complete, the same as the current system - with the difference that you enter your PIN in to your own machine, rather than having to trust the machines in every single shop (it's also not fixed in to a location on the checkout where the people around you can see you entering it!). of course you could use RFID as well then so no need to put a card in to the machine, merely take the device out of your pocket, enter PIN, payment made.

The only issue with this system would be radio coverage, however the bandwidth requirement is rather low and would mostly consist of encryption overhead, a low data rate network would be fine for this so would not need more than a few dozen masts to provide acceptable coverage of peoples homes, and for in-shop coverage, the shop has a low power transmitter in it (a small change to the hardware of the credit card machines in use today, to include the RFID reader and the "BankSafe" transmitter - it is already linked to the bank for transactions anyway)

Naturally communications are done using a secure form of encryption, bank sends messages encrypted with your public key and its private key (so you can verify its identity from its public key, and only you can decode it with your private key) and the same in reverse.

The only potential problem I can think of with such a system is online banking from a house outside of the coverage area, but it could have a failure mode that is less convenient but where you can enter a code given by the banks website and it will then give you the relevant confirmation code to give to the banks website.

The inconvenience of carrying the device around would not be a problem if it became universally adopted, as you would soon find mobile phones including "built in BankSafe support" so you can give your bank your phones certificate and you can then authenticate transactions using your phone which most carry with them anyway. and a standard fitting on the top of the checkout machines that you can rest the device in to power it would sort out flat battery problems (battery flat, just plug in to their machine for power, authenticate the transaction, then remove).

Such a system would of course work with multiple bank accounts with a single device, assuming they all used the same standard compatible system and allowed you to register your own device, rather than each sending you a separate device and insisting you use that.

Anyone see any problems with such a system?

"idiot excuse"

"i set up a wireless access point that they could use, set to give everyone permission to use it, but arrest them anyway because i'm an idiot" - hardly a good argument

if a person puts all their belongings out in the street and sticks a sign on them saying "Take whatever you want" and hires a bloke to walk around the streets shouting to everyone "FREE STUFF, YOU CAN TAKE ANYTHING YOU WANT" then you go and accept their invitation and take some of the property they gave to you, you are a thief? "i did give you it, but at the time i didn't know it was worth money so you're a thief for taking something i gave to you"

if you are granted permission, you are granted permission - they set the thing up to give you access, they chose the option of granting you explicit permission, coming out with "well when i gave you permission i didn't know what i was doing" does not change the fact that they gave that permission and therefore you did not do anything wrong, as using it with the owners permission is clearly not wrong! (this is going on the assumption they were able to either disable the wifi, or enable some form of encryption)

now if they had enabled WEP and you had gone and broken the WEP key, then this is a different matter - because although it is not secure, it is also not an open invitation granting you access, and you only got access using forged credentials

it is a clear thing, access points have a way of indicating if they are public open networks that you are allowed to use, if the owner uses that system to inform me that it is indeed such a network, then i have the owners permission to connect - if i did not have permission then i would not be receiving broadcasts from the thing telling me that i do have permission, and additionally i would not be receiving replies to my connection requests confirming that yes, I "MAC Address xyz" do in fact have permission to connect and use it

of course things like an access point broadcasting it is a public open access point, then using MAC Filtering to only respond to certain MAC Addresses is another issue and is not clear cut as it is a muddled mix of both things - thankfully i have only seen a few such networks (I assume that one of the devices using it has problems with WEP/WPA? only reason I can think of...) - in that case I think it should be considered that as it is being broadcast as public and open it is free to use, as a private network would have such public broadcasting disabled at the very least, and a network which does not broadcast that it is open to all, and which only responds to connection requests for selected devices, is not an open access point (even if no encryption is used)

equipment costs

ok, so for around "$3,000" in equipment (what's that in real money? probably down to £50 by now?) you can have an attack that lets you sit around some types of vehicle, wait for someone to open their car, then do some analysis of the data, and then next time they leave their car there you can come back and get in, sounds like a good investment

however personally i would go for the even smarter investment, around £5 can get you a hammer, which can gain you instant access to any type of vehicle, no waiting around, no wondering if that vehicle is vulnerable to your snooping or not, you just walk up to the car, use your vehicle entry device, and get instant access - as an added bonus the hammer can also be used as a weapon if the vehicles owner should catch you in the act - and that's not all, buy now and your hammer comes complete with the ability to control construction equipment such as "the nail", this is a limited time offer so buy now to avoid being disappointed

you know where the smart money is...

"Assuming 66 per cent of that is spam"

I guess you're either referring to what comes out after being run through a spam filter, or you're very lucky

@James Henstridge

yes, apparently it does... which means they were being serious with the "this is not an april fool" comment on that phorm article! personally i had that pegged as a definite april fool - even that comment wasn't enough to convince me it was real

ofcom take action!

great! now that pirate radio stations are dealt with, i guess that lets you free up some more resources for dealing with ISPs with *unlimited **8Mbit internet ***access

* subject to staying below the limits

** if you live inside the exchange

*** providing you only access the parts we permit using the protocols we permit

yeh right

"If the US wants to beat the Taliban in Afghanistan, it first has to curb its own desire for the principle product of the region. While US dollars are pouring into the country in the form of drug money, US soldiers will continue to be killed by weapons and explosives stamped 'Made in the U.S.A'"

surely you mean "Made in China"?

the US gives a lot of money to china, some people had a problem with this so they instead decided to give it to terrorists, who would then forward it on to china in arms sales - a great way to mess up the statistics for funds being sent to china

of course we won't mention the IRA collection tins in "irish bars" in the US several years ago when i was there, because of course it wouldn't be politically correct to point out who funds these terrorists that get used as an excuse to take away peoples rights

my experience

I've had 2 dedicated servers with 1and1 before

the first one i got was reliable and i had it running for a good 18 months without a single outage (only downtime was caused by me rebooting it setting something up or doing updates etc)

then i got a second for a different purpose, this one i needed plesk on it for a convenient control panel for customer access and this is where the problems began. the plesk image they used to install the servers was broken and installed a broken system that didn't work. I asked for the plesk keys so i could use the "clean system" image then install plesk myself and nothing, phoned them and "you must select plesk from the control panel, then it works" so i used the plesk image and phoned the "first level support" again "it's not working".. "it looks like it is working from my system" - of course after i had to talk him through how to log in to plesk (wtf was he looking at to claim it was working without error??) he finally admitted a problem, after several hours on the phone they finally agreed to a refund and cancellation. of course i did check the server logs to see where he had logged in to the server from (after I had had to tell him how to use plesk, great support!) and i'm sure you wouldn't be suprised at the fact that it was an ADSL connection in south america (i guess someone said indian call centers were a bad idea, so they went for somewhere just as bad that wasn't called india?)

that's when i moved the other server away from them as well!

shared hosting accounts you can't rely on, there will always be problems with reliability with other customers etc unless you are paying extremely highly for it, in fact i'd say i doubt you can find a low cost shared host that can handle a busy website (even just a few hundred thousand users a day busy) that uses mysql (servage seem good for static files unlike many, however their mysql is just as bad as the others)

for dedicated hosting 1and1 were very reliable and have a decent network, however the problem is their support, or should i say the problem is there isn't support.

of course if you do have serious reliability requirements then the best solution is geographically diverse servers with different providers, 2 cheap "budget" dedicated servers with everything mirrored and load balanced between them would give better reliability than a typical "high availability" host, but cost not much more than budget hosting (of course for small sites it's likely budget hosting can be much cheaper, but then that sort of site wouldn't have the same reliability requirements)

I currently run one site with high availability requirements (relatively low traffic, around 100,000 hits/day) from a pair of really cheap VPS accounts (£5/month and £6/month), i get the prices of budget hosting but i've yet to have an outage! (the only problem with such a setup is synchronizing dynamic content, which often means custom made scripts, not a problem for me as it's all custom made anyway but some people like to just click the "install an ecommerce site" button)

you'd be suprised

i used to run a site where someone complained "someone is using your forum to harass me" etc, so i not only pointed out that you can block someone from sending you messages, but i even went and modified both of their accounts settings to block the other one

a couple of days later threats to sue me for allowing the harassment, so i had a look, both had gone in and changed their account settings to allow messages again - while i was there i also looked at the messages and they were both as bad as each other by the looks of it - so i just banned the pair of them

my guess is they were having an argument, both as at fault as the other, but one had the great idea of complaining and getting the other one banned from the site... guess he didn't realise the site owner can read any messages sent through the site to see for themselves who needs banning

get it yourself?

all that has done is made it more likely that someone will start an "openmasts" project

look at some of the open street map projects, they aren't exactly complete enough to use for, well, anything - however with mobile phone masts all you need to do is have data from a location *near* to the mast (anywhere in range, which does not only include areas where it is providing coverage, but as far as the signal carries) so while these projects don't have data from enough locations to get accurate maps, with few resources they have got data for "close to" most parts of the country - if they had added a GSM receiver and done the same then with less effort (no need to cover an area in anywhere near as much detail) they could have a map of the entire country

hell, thinking about it what is this data worth to license out to various websites etc? enough to pay 1 or 2 peoples wages (and fuel money) to make a living out of just driving around the country? (mobile phone masts don't exactly move every few hours, so you only really need to cover the country once every month or so for accurate data - probably say drive around every city once a month and drive around the countryside once every 2-3 months, countryside may be bigger but the masts have a greater range so you don't need to cover it in anywhere near as much detail)

reward?

"Here at El Reg if you last three hours without skiving off down the pub you're rewarded with a trip to the local. ®"

2 questions:

1. where do apply?

2. what are your contingency pans for the extremely unlikely event that someone actually manages it and you are forced to give them the promised reward? do you have insurance to cover that eventuality?

legal tender

they do in fact have to accept legal tender to settle a debt, however they are under no obligation to provide a service for legal tender - you can walk in to a shop and they can refuse to sell you anything (there is no debt so legal tender is irrelevant), however if you have a meal in a restaurant and get the bill at the end then they have to accept legal tender (interesting bit of information: in scotland this means coins, there is no legal tender bank note of any kind and they can damand the payment in coin form)

you'll notice that with most telcos they send the bill out in advance (a bill received at the end of janurary is for febuarys service) - if you fail to pay then they generally don't cut you off until after

however if you do fail to pay what happens is they just terminate service, and then will refuse to sell you service again until the original debt is payed (i've never heard of someone being taken to court), therefore legal tender still does not apply as legally they are merely stating for the second connection that they are adding £<outstanding debt> to the charge for connection, if you don't want to pay it then they won't provide service

the legal tender argument then only works for something like paying off a credit card bill etc if you can find a card issuer that doesn't accept cash (if they refuse the cash payment then they can not legally collect the debt, however they can revoke your card and refuse to provide further service etc - not sure about being allowed to pass the non-payment on to collection agencies though)

regarding unlimited, this is in fact illegal (under the Unfair Terms in Consumer Contract Regulations 1999 mentioned in the article) - this is also the same regulation that makes bank charges illegal (at their current levels) and unenforceable, however they still make the charges because they know that the ignorant masses just pay them and don't argue (example: Lee Saxton above who it sounds like has made many payments and done nothing about it)

the same is true of the "unlimited" claims, if the ignorant masses just accept it they carry on doing it - although with the "unlimited" claims as far as i know this is even worse as nobody has ever actually taken their ISP to court for it (they are being allowed to get away with it) unlike the banks who just consider that acceptable losses (the less than 1% who have taken them to court cost much less than what they made from the other 99%, so they break the law knowing the end result after punishment is a net profit - another example of the courts letting us down)

but regarding the original article, all i can say is: are they fucking kidding? of all the things they could use our tax money for they chose that! we'll ignore rogue premium rate operators, we'll ignore outright lying and failure to provide the unlimited service sold to customers, but giving people an option of paying different amounts for different payment methods - what a major problem! i wouldn't be surprised if the person who decided ofcoms priorities was the same person who told the police that they should stop concentrating on those little murders and start tackling that major problem of people doing 35mph in a 30 limit