Posts by Alan Brown 15087 publicly visible posts • joined 8 Feb 2008
"But actually you are wasting yours."
As we've seen with the call centre hacks, the scammers are mules working for a handler - and they're expected to take in X amount of money per day, of which they get about 5% - if they don't being in the money, the handler gets shitty with them.
The longer you keep them busy with nothing to show for it, the harder life gets for them at the end of the day. These are hoodlums they're working for, not reasonable employers.
"I think I should mention that after a few years the department is going back to it rightful owner, the original company... "
The original company, minus the people they couldn't get rid of in any other way.
That's the REAL reason for outsourcing in a lot of cases.
"Currently on the hunt for what would be best for this house (five bedrooms/three levels)"
Wifi penetrates lousily through modern walls (foil lined) and brick (high iron oxide content)
It goes pretty well through ceilings and floors unless they've been foil lined as above. Some older buildings have _sand filled_ ceiling/floor voids for noise control and this tends to be iron sand or other high metal content sand - at which point all bets are off
One of the best ways of solving this kind of issue (as a STARTING point) is to put the primary AP more or less in the middle of the middle floor and set the antennas to fire "up and down" rather than sideways.
Meaning if it has "dipole" like antennas, lay them horizontal instead of vertical and if it's a wall mount type AP, lay it flat. Make absolutely sure there's no metallised/metallic surfaces above or below the AP
(Yes, I know RF propagation is more complex than this and I'm oversimplifying. It's a starting point for improivinmg household coverage)
"With enough discs I don't see how the claim isn't reasonable "
WIfi is half duplex. Each time you bounce through a repeater you're going to take a performance and latency hit
Getting wifi _coverage_ and maintaining _speeds_ in such a setup is difficult-to-impossible unless you're bandswapping or using other multi-radio techniques (latencies will still suffer)
Plus, this is a solution which suffers the "tragedy of the commons" - if every Tom, Dick and Harriet along your street does it the WiFi fog is going to become a peasouper with most of these devices cranking out the legal maximum power
"WiFi would have sounded like black magic back then."
I actually INSTALLED a number of 1.6Mb/s (what would become 802.11 - not 802.11b) rangelan devices - did you ever wonder where the channeling came from - they wouldn't interfere with each other.
You really don't want to know how much they cost (For that matter my first 14k4 modem's price was 4 figures...)
"Unfortunately, the National Enterprise Board invested its money in companies like Sinclair and Inmos, which didn't do a lot for Britain's technology base"
There's little point ragging on government about lack of foresight in these areas, business is AT LEAST as bad.
About the only policy which seems to work is throw everything at the wall and see what sticks in the long term.
"We bought a several million pound MRI machine from tone of the larGEr medical device manufacturers last year and that was still running XP embeded"
And who, exactly, didn't specify that the OS/firmware within this piece of hardware MUST be secure, and able to remain securable for the projected 15-20 year life of the device, including against any exploits which may show up in future
That's the person in YOUR organisation you send the bill to.
"Especially when it comes to medical equipment like imaging devices, which often come with legally-mandated compliance requirements which mean to upgrade the OS you have to upgrade the whole machine: a six- to seven-figure prospect."
There's usually no technical reason why you'd need to replace the entire machine if you replace the control system - but it happens to be a great way of forcing sale of hew hardware (== "PROFITS!")
The EU and others need to look into this stuff and start mandating legal liability on the suppliers and $stonkinglylarge fines targetting the C-level staff if they're not dealt with. It's not just medical equipment either. There's a lot of SCADA stuff out there which has no business being connected to the Internet which has vendors insisting on network connectivity
"removing and inserting bearings in zinc castings can be very difficult if they have been designed for once only insertion."
Understatement of the year - but in that case you step up a level and look for the generic part or a reasonable replacement. It used to be you could go to a scrapyard for washing machine parts but those days are long-gone
IME (for washing machines and suchlike) repairable bearing failures happen in motors because they're built to a price. If a bearing fails in another area then there's an underlaying cause that needs to be addressed and which will probably write the machine off
(eg: has the machine been dropped, is the casting suffering deformation due to stress cracking, has the thing been regularly abused by the operator(overloading), was there local overheating?, etc etc etc - and you shouldn't be surprised to find how many "warped chassis" there are out there.)
"I've got three of those, thrown out, which just need an unlocked version of the software so they can be used on Freeview or Free sat etc"
Hand a couple over to some determined geeks with experience getting at JTAG ports.
They'll likely determine that there are GPL violations going on too.
"PCB had failed. Could I buy a replacement? Nope"
Of course not, they want to sell you a new fridge, however the board COMPONENTS can usually be repaired if you have a circuit diagram (or can work it out)
"Try getting a bearing for your Bosch washing machine? "
Ever tried BearingBoys?
$HINT: Bosch don't MAKE bearings, they buy them from the likes of SKF
What they won't tell you is what bearings they use, but that's easy enough to determine once you have one in your hand - and you would probably replace it with a part of 10 times better quality than if you COULD get it from Bosch, because the difference in cost is far less than the labour cost of tearing the motor down again.
$HINT2: most of this stuff uses one of about 5 different sizes of bearing, and unless it's going into a specialist application a reasonable quality "generic" will outlast the rest of the unit - the others will be lower duty bearings - and cheaper, but for repair use it's cheaper to hold a tube (10-20 bearings) in stock of the more expensive bearing type than waste time ordering 1-2 cheap ones as you need them.
Of course "Taking back control" means that consumers will end up shafted and this stuff will be EVEN HARDER to repair - Back in my technical/engineering days one of the hardest things we found was dealing with UK companies which refused point blank to be cooperative, and with importers who'd play "secret squirrel" on EVERYTHING because there's more profit in new devices - the rise of the Internet made it easier to go around them and also find out that "exclusive distributors" were frequently charging 2500% markup on software over going direct (or other shenanigans) - the worst offenders for this were subsidiaries of UK outfits, whereas other nationalities were far more cooperative for servicing and supply in the first place (as well as not tending to ship Heath-Robinson designs in the first place)
"It's not like the US, China or India are likely to insist on EU-level of standards any time soon"
For the USA, there's UL certification (you don't HAVE to use it, but you won't get insurance if you don't comply) - the 'Underwriters' in the laboratory are the insurance industry and they've established offices in China to go after counterfeiters
For China, there's the cCc - whose standards are similar to EU ones (enforcement is spotty, but cCc labels on non-compliant objects is gone after with a vengeance
CE is a _self-certification_ system and a lot of 'CE' stuff produced by EUROPEAN companies is substandard.
Interestingly, the USA has also established a specific diplomatic mission in China to cover consumer protection, trying to go after dangerous items (and suceeding) - they work with the cCc amongst others. Because electrical safety is a core of so much stuff, that mission invited the UK's standards groups, etc to join in regarding stamping out dangerous BS1363 mains plugs - and were turned down flat.
The reason? "We can only work in the UK, not outside" - even after it was pointed out that registering the design of the BS1363 UK mains plug in China (as a legacy holder, this is done on request) would make all substandard copies instantly illegal to _make_ in China and allow the authorities there to start going after the production facilities...
As I've mentioned before, there's a reason "Made in the UK" and "British design" became warning label and bywords for "shoddy" across the commonwealth and this kind of parochialist belief that it can be policed by filtering imports (which clearly ISN'T working) really exemplifies it
'Remind me how "taking back control" works ?'
Corporatists and mercantilsts get control back of the government and walk back all the laws that have been introduced to protect consumers + environment.
You know, laws that prohibit putting pet(*) horses(with various drugs attached) into the food chain, sawdust in sausages, melamine in milk or sewage on Blackpool beach, that kind of thing.
Oh wait, you thought this was about the people?
"As far as I know there is only one European company that has researched the recycling of lithium based batteries "
Tesla (at least) are heavily investing in the recycling/reuse chain.
Current batteries are very recyclable - lead-acid is up around 98%.
The big waste is in primary cells, not rechargeables and the problem with older rechargables is pollution from things like cadmium when they're NOT recycled.
"Although outbreaks of infections such as COVID-19 might not be an everyday occurrence the SARS epidemic of the early 2000s should have been warning enough about what could happen in the event of a repeat performance, perhaps involving something worse."
The Chinese _central_ government took the warning from SARS very seriously indeed.
The problem has been regional and local government trying to cover things up and pretend the issue doesn't exist (remember one local government literally tried to bury an entire crashed high speed trainset before investigators could arrive to find out how it had happened - during the SARS outbreak one mayor is reputed to have stated "there will be no SARS cases in my city!" - and indeed none were _reported_, but the death toll was quite high there)
China may well be planned and governed at the centre by engineers, but the edges are far more nepotistic and jobsworthian than the USA is (although unlike the USA, they're working on eliminating that)
"That is a mortality rate of 3.6%."
Putting THAT in context - it's slightly higher than the mortality rate of the "Spanish Flu" pandemic that devastated the world at the end of WW1
HOWEVER: Spanish flu tended to kill the healthiest individuals in populations by triggering Cytokine Storms in their immune systems(*). _So far_ Coronavirus is reportedly hitting the elderly and those with underlaying medical conditions but even so the caution is justified (But not the mass panic buying of TP - are people mutating into Cornholio? - and as for hand sanitiser, stopping viral spread relies on OTHER people being able to wash their hands too!)
What really irks me is that the "surgical masks" being flogged are utterly useless for virus control (or smog filtering, which is what they're usually worn for) as air simply goes around the side of them and they primarily achieve provision of a false sense of security.
(*) This brings up why the vaccine path is slow - back in the early-mid 2000s around 25 healthy volunteers in the UK had cytokine storms triggered by whatever was being tested at the time - several died and NONE of the rest regained full health - they all had extensive, permanent lung damage that's effectively made them "disabled".
" this is why we have the Internet of Turds"
FWIW: a _LARGE_ part of the reason we have the Internet of turds is NAT and the continued use of IPv4
Tunnelling out your devices to some (vulnerable) website so you can remotely view security cams wouldn't be necessary in a IPv6 environment - and blocking those tunnels takes away a huge chunk of the attack face.
if you have to implement a kludge (that kind of shit) on top of a kludge (32 bit addressing - there's history on that, it was only intended to be in service for 5 years) then expect the authors to be careless.
I'm not saying that IPv6 cures all ills - but not behaving like the old lady who swallowed a fly goes a long way towards not having as many issues in the first place
"I keep pushing the view that technology didn't really bring us any new scams. It only changed the delivery methods for scams"
Yup. I saw my first 419 missive in the requisite ALL CAPS coming off a telex machine in 1989 - and of course THAT'S just a variant on the "Spanish Prisoner" letters selling treasure maps with 'X marks the spot' that inspired Robert Louis Stephenson
"It was the standard Dyno (aka Test) mode for the Bosch ECUs. "
Yup, and Bosch had already warned VW (and other makers) to STOP using abusing the test mode.
WRT the USA cars: the cheat was to allow them to pass tests _without_ needing to have adblue in the vehicle and this was the USP of the cars at the time (no messy/expensive additives needed, etc) - this backfired as the only way they could reasonably meet standards without heavily impacting milage is with adblue fitted and it's not something you can plumb into the vehicle after it leaves the factory
Of course they're not exactly the first company to pull something like this. Ford got caught dropping their vehicle ECUs into test mode when the onboard GPS noted it was at the programmed location of emissions testing centres.
"If the post office managers were aware of problems with the horizons system in that suddenly 550 people appeared to be on the fiddle, and they went "Must be the sub-postmasters" then that would seem to leave them open to criminal responsibilty as innocent people went bust, lost jobs and even went to jail for those decisions."
it's worse than that: Innocent people _died_ - there were a number of suicides due to the actions of Post Office Management.
In some cases, accepting criminal responsibility and going to jail is a _safer_ option than continuing to deny everything and walking around in public with what's effectively a very large target painted on one's back.
As she put it; "I could believe that one or two drivers were on the fiddle, but two dozen? That just didn't make sense."
I've seen it happen - but as another poster noted - if they're all in on it sooner or later someone gets greedy and makes it blindingly obvious, so this kind of rort doesn't stay hidden for long.
Once detected, junior staff (apprentices) were interviewed to see what they knew and it turned out that the process was so entrenched that they thought it was a part of the employment conditions - this is what they'd been told by their supervisors, etc.
On a similar note we recently got a complaint that people didn't like being issued desktops instead of laptops because they had to leave them behind when they moved on - someone on the ball pricked up his ears and checked into that, plugging a large financial leak in the process.
" whilst managers at the top go off with golden handshakes and great salaries "
At some point someone will snap and then those managers will start popping up (literally) from river bottoms.
The amount of damage and destruction to people's lives that's been done means that a fair number of them feel like they've already had their lives so utterly ruined so they can't lose anything more - and then there's the issue of the subpostmasters driven to suicide by the harrassment - this SHOULD be treated as corporate manslaughter
"I find it odd how users could magically retrain themselves when it comes to Facebook/Instagram/Twitter/$ANTISOCIAL_APP/$PHONE_OS updates"
Do they?
back in the 1990s I had librarians rebelling because they had to switch from Netscape on Macs to IE on PCs - because horror of horrors they couldn't cope with the UI changes....
Bear in mind that actual qualified LIbrarians (which these were) generally pride themselves on being well-educated and flexible - but the thought of a slight change in the way they interfaced with computers really was "too hard to deal with"
> there was always a Vicky Pollard saying "because corporate policy" or Carol Beer saying "Computer says no"
The response to that is easy: "Please sign here to say that you understand and accept full legal, financial and potential criminal liabliity for your decision, are ordering the situation to continue as is and understand this this liability might follow you even if you leave the organisation. If you refuse to sign it, then I will note that you have refused to do so but are still giving the orders and my colleagues will witness that notation."
You can of course put it less confrontationally but putting the jobsworths in a position where THEY are in the firing line usually has the desired effect.
"As a case in point a lot of intranet applications used by the NHS were developed to work in IE 6, on XP. "
Because apparently NOBODY had heard of w3c standards and why they might actually be a good idea
(The number of times I heard "IE6 _IS_ a standard!!" defies belief - the best way to respond to it was to ask which international standards organisation had documented it and then ask if the idiot making the statements would like to face discrimination complaints because partially sighted users couldn't use their websites - something best done in front of higher management because if the web dickheads didn't get it, upper manglement did)
"There's a group of people think this is a security risk because it's old. "
It's a security risk because it's likely to FAIL, there's always something critical on it and getting parts is _hard_ - we have this conundrum with our VMS systems
You don't need to be hacked if a burned out PSU makes the data inaccessible to to the formats being unreadable on anything else.
> When asked about upgrading the attached PC, the vendor says "Sure, that's another £250k for a replacement instrument."
We had the same response from Ericsson about a PBX - closer inspection revealed the attached PC was ONLY there to run Hypertrm. We couldn't "detach" it, but we could remove its power supply and plug the serial cable into something else, so that's exactly what happened.
"Also... Any new hardware they have would be win 10."
I get regular demands to install older software on newer hardware. We even have some crap running Win95, because it needs to (and no, I can't just run it up in a VM instead, it's controlling a lathe)
MS have "cleverly" circumvented this by ensuring the latest intel CPUs and chipsets don't have drivers for the older OSes, which is a good foil to those demands, but I can assure you that it's still possible to install older OSes on that newer hardware if people are really determined enough (or run up in a container inside WIn10)
IT security at the MoJ is one of the lesser ways that the plastic bag full of nails leaks. Nowhere near enough checks/bounds and the windows debacle is only the tip of it.
"Judging by the (unsolicited) phonecalls and visitors at the door who appear to take it for granted that I'll happily answer all sorts of questions without them really explaining (or proving) who they are or why they are asking. "
There are three ways to deal with this shit:
1: Answer them
2: Tell them to bog off
3: Deliberately feed them misinformation
If you do #2, they'll simply obtain the data other ways. I'm coming more and more around to the approach of choking them with a firehose of sewage
"I actually think that UK style trials (limited number of suspects, public places) are sensible to do and involve no more than a few minutes of time and an apology."
No, and that attitude is flat out _dangerous_
Without salting the trials using mugshots of people you KNOW are in the crowd, you're ignoring the possibility of false negatives, let alone quantifying any rates - lest you think that's unimportant, I refer you to a similar issue expressed in star ratings: https://xkcd.com/937/
Email list companies have known about this problem for decades. It's very hard to prove someone hasn't opted in, but actively salting spammer lists with canary traps PROVES that the company hiring your services is a spammer. I know of several companies which hold the first few mailings of any new customer to check the outbound queues AND look for obvious spoor before letting the stuff out - there's no indication of any such quality checking in any of these facial recognition systems being deployed and they're far more dangerous than a few billion pieces of email getting loose on 't intawebs.
Another indicator of the dangerousness of these systems: The ENTIRE european genome can be expressed in around 20,000 individuals. Chinese genome variation is a bit smaller. The east-asian genome in general is only 50-60,000 people wide and it gets smaller as you fan away from Formosa (The entire african one can be expressed across about 2 million individuals, whilst the entire East Polynesian genome comes down to less than 5000 individuals).
(*) Which makes it more obvious the ubiquitous chinese facial recognition system is less about tracking potential offenders and more about keeping an eye on people who aren't Han.
The TL;DR of this is that there are a LOT of people out there wearing similar-to-near-identical faces
As with fingerprinting, the premise of "uniqueness" is fatally flawed by samples having too small a dataset to validate that claim (unique amongst the pool of criminals known to scotland yard perhaps, but across the entire population? This is what agencies are finding out to their cost as they hoover up more data)
The same thing was found to apply to DNA fingerprinting as practiced in law enforcement
Ditto Iris matching. (retinal vein layouts are likely more unique, as are subdermal hand vein layouts - these vary wildly even between identical twins - a factor of genetics AND local conditions during gestation.
Facial recognition is likely to be another gallon of snake oil - great for proving someone's NOT who you're looking for but almost useless at showing they _are_ the droids you seek.
The problem - as always - is that there are a lot of people who stand to make out like bandits from selling snake oil and a lot of people who stand to make lots of political/power points by buying it.
"Although they'll probably be mysteriously nonfunctional when it comes to your turn."
Perhaps in the USA
European police are finding out to their great delight that the cameras invariably show what they said, happened, vs what the complainant said.
Something about honesty, integrity and not being an occupying paramilitary force. Police are merely civilians with a badge, some extra responsibilities and in the case of Europe - held to a MUCH higher standard than those who aren't sworn peace officers.
One of the most amusing things I ever saw on the UK version of motorway cops was the woman caught speeding who tried to get it brushed aside because she was an off duty officer - it went from getting ticketed for a minor offence (possibly even just a warning) to having the book thrown at her.
"The difference was they were at least following instructions from the chain of command"
Not in the case of leaping on the bonnet of a car stopped in a jam on the M3 near Heathrow and unloading several shots into the driver's face through the windscreen they weren't (1983 or thereabouts)
They hadn't even bothered to call it in before firing - it all went off on one of the squad members making a mistaken visual identification whilst on alert.
"I think people designing and implementing software are not making software (and HW) secure by default."
You can'r slap on security later as an afterthought, It has to be baked through the entire pie, not sprinkled on top.
And your first step in making that pie is complicated by the default underlaying OS having decades of legacy of not having ANY security in it whatsoever.
It's better than it was but most people will run it wide open by default or carve out holes everywhere because programmers and vendors insist that I compromise MY company's security for THEIR convenience - and C-level manglement (or worse still - SALES) demand that it be made so (in which case get the request in writing and an acknowledgement that the requestor takes responsibility for the consequences of any resulting breach in security - your personal liability insurer will love this when it's needed)
One example: Papercut - on linux demands that all security features be disabled to allow it to run - despite only actually needing about 3 SElinux tweaks.
"*The preceding program was brought to you by the finance department or, in the case of a small organization, the financials person."
If I ever saw arguments like that I'd be looking through the policy with a VERY fine tooth comb because I'll guarantee that the "financials" people/person hasn't, or the terms in it went whizzing over his/her head.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
