* Posts by Graham Cobb

608 posts • joined 13 May 2009


Cisco’s 'intuitive security' tool can’t handle MAC address randomization out-of-the-box

Graham Cobb Silver badge

Re: Yet another elastoplast with unexpected consequences?

There are several ways to use static MAC addresses to track.

One is that it allows the WiFi provider (hotel, store, shopping mall, local authority) to track your movement and usage and correlate it with what you did yesterday, and last week. If last week you accessed an Extinction Rebellion web page (or a protest app since made illegal in Hong Kong), they can make sure that this week you are not allowed into the mall (or arrested).

A second reason is that it provides a long term identifier available to applications, which they can use for gathering and correlating personally identifiable data. Apple have made it possible for users to change their marketing ID (and Android claim to have recently done the same, although I trust Google less than Apple), but the MAC address provides apps with an alternative long term identifier, particularly if they can get assistance from a device on the same LAN (for example an advertising hoarding, or an access point provided by the mall owner) which sees the MAC address used in traffic.

Sorry, but fixed MAC address are a personal tracking device.

Family wrongly accused of uploading pedo material to Facebook – after US-EU date confusion in IP address log

Graham Cobb Silver badge


this is the email address that you gave to the mail or mailx program

Yes. And the email address you gave to other people was something like {ucbvax,a-few-other-hosts}!decwrl!marvin!cobb, where you chose a list of well known, well-connected systems as the starting point because other users would know how to reach at least one of those from their own host and those hosts knew how to reach your external gateway (decwrl in this example).

Graham Cobb Silver badge


I remember following the Usenet (or was it a mailing list?) discussion of the early domain naming syntax in the 1980's (and a LOT of discussion about how it would work with email addressing, including lots of discussion before it was agreed that email to a.b.com would not need to actually flow to "com" then to "b.com" then to "a.b.com") and I do not remember a time when it had the most significant part of the domain first. Was that format a UK or JANET thing or was there really a time when a draft Internet RFC had that format?

Graham Cobb Silver badge

Re: Anyway in most contracts - at least here - the users accept full responsibility

I think you are mixing up criminal, administrative and contract liability.

Yes, contracts may mean that you are financially liable for many things, including the responsibility to pay your ISP bill even if your router was hacked.

However, in criminal cases, the responsibility is with the prosecution to prove it was you. Often that is not an issue because the person does not deny they were the one performing the act. However, if you claim your car was stolen or your WiFi was hacked, you do not have to prove it - the prosecution have to prove that it was you. Of course, in practice, they have to prove it to the satisfaction of the jury, and the jury may have a tendency to believe the prosecution unless you expand on why they are mistaken.

Administratively the line is blurred. For example, if a speed camera catches your car, the registered keeper has to provide the name of the person driving, or some other explanation, or else they will be held responsible. But if the issue ends up going to court, the usual legal burden of proof still applies and the prosecution will do things like produce the picture, explain that this is your usual route and time of going to work, etc to convince the judge/jury it was you.

In this particular case, of course, the problem is not prosecution - that seems not to have happened - it is all the disruption caused by the actions of the police and prosecutors who didn't clarify the ambiguous information they were given.

Worried about bootkits, rootkits, UEFI nasties? Have you tried turning on Secure Boot, asks the No Sh*! Agency

Graham Cobb Silver badge

Design and build your own chips.

More seriously, does anyone know if anyone has done any work to evaluate any of the RISC-V implementations to see how exposed they are to running pre-boot code not under the user's control?

Go Huawei, Android: Chinese telco biz claims it will spread Harmony OS for smartphone to devs come December

Graham Cobb Silver badge

Re: Android compatibility would be a mistake

I think they will acquire a commercial Dalvik to provide an Android app environment on their highest end Harmony devices, just to address the massive long tail of niche apps (for example for supply chain integration with millions of Western manufacturing companies).

However, unlike other alternative OS's like Sailfish, their massive home market means Chinese apps for Chinese consumers will be created directly in Harmony and available in Huawei's appstore. So, they won't bother to provide an Android environment on 80% of devices (not least because the existing commercial Dalviks are, as far as I know, designed for Linux environments and may be expensive to port to a "minimal" OS).

The interesting question is how many apps used by Western consumers will be available. Without their favourite apps (particularly games) sales will be low.

Zero. Zilch. Nada. That's how many signs of intelligent life astroboffins found in probe of TEN MILLION stars

Graham Cobb Silver badge

Re: Looking for signs of McDonald's on other planets?

I guess it is important that someone looks and checks the easy things and crosses them off the list - it would be embarrassing to discover in 100 years that aliens emit RF we could have found in 2020.

But it tells us virtually nothing about the likelihood of intelligent life.

China proposes ‘Global Initiative on Data Security’ forbidding stuff it and Huawei are accused of doing already

Graham Cobb Silver badge

Re: Judical assistance

The poor quality (as measured by things we consider important) of other legal systems (China and the US both are obvious examples) is exactly why that principle is important: all international law enforcement requests must be managed by judicial processes in both countries, under formal treaties, allowing challenge in courts on both sides. Not by, for example, laws from one country requiring companies in its jurisdiction to make available data about people in other countries and bypassing their own domestic courts.

Graham Cobb Silver badge

Re: Item 1?

I don't think that item has anything to do with courts. It is pretty clear what it means: as a principle, global supply chains shouldn't be dragged into arguments about security in an irrational way.

I assume it is one of the biggest wins China would like to see from this initiative: it wants to protect its economic position as the world's leading supplier of manufactured goods and reduce the disruption to that from politics. Especially, of course, from Trump.

Seems a fair point, although the rest of the world (as purchasers of these things from China) would certainly want to see some movement from China in return. That is probably why they had to introduce the rest of the points.

Intel, Apple, Cisco, Google sue US Patent Office – Tech police, open up!

Graham Cobb Silver badge

Re: How else is the IPR process supposed to happen?

In the current state of technology, there really are no "poorer creators".

Just having an idea isn't patentable. Patents should require that the inventor has done a lot of work to prove that their idea works and can be manufactured. Maybe a hundred years ago one guy could do that (although we all know the story that Edison had to spend many years, and employ many people, testing lots of ideas to find a workable light bulb). Now that is impossible.

The patents filed by "poor creators" today are small variants on prior art and/or vague and unimplementable. They are almost all crap.

It would be nice if that wasn't the case. It would be nice if one guy in a garage could come up with a valuable invention. But that time has passed.

That realisation, combined with the fact that almost all innovation today is in software, means to me that the patent system has outlived its usefulness and needs to be scrapped. At the very least, it needs to be very firmly restricted back to physical products and physical industrial processes: if you have expended over 100 person-years of effort on developing a new drug or a new manufacturing process then you should be considered for a patent.

Facebook rejects Australia's pay-for-news plan, proposes its own idea: How about no more articles at all, sunshine?

Graham Cobb Silver badge

Re: Klaatu Barata Nikto!

it was never possible to stop 'the internet' linking to and effectively copying your stories

FTFY... it was never possible to stop 'the internet' linking to and effectively copying promoting your stories

Google says Australian pay-for-news code means it can’t quit the country

Graham Cobb Silver badge

Re: Murdoch

Whilst not paying anything for the privilege.

Do you have any idea how much it costs to run a spider across the whole web and meaningfully index and access that information? In a better world they would be charging the newspapers to be in their index. It is very unfortunate for us that we have ended up paying for it (by becoming the product Google sells).

Graham Cobb Silver badge

Re: Google and Facebook need to up their bribery, sorry, funding.

Exactly. I don't want my news reporting to be limited to traditional news sources (on some establishment-approved list). I want organisations I support to be able to get their news out through channels not controlled by Murdoch!

Yes, a press is valuable. But if it needs financial support, make it very clear it is really coming from government (with all the issues that creates): feel free to tax search engines to get the money, but let's make sure there is an open discussion about which entities the government is choosing to subsidise, and how much.

Graham Cobb Silver badge

Re: 28 days ?

As far as I know (from the reporting - I haven't read the legislation) there is no option to object.

The notification is supposed to be to allow the websites to change the way they do their SEO to handle Google's changes. Why should they have that right?

Graham Cobb Silver badge

Re: 'changed its search Code more than 3,600 times last year alone'

How many developers do you think they have working on search code? Each one making largely independent changes for all sorts of reasons.

I am surprised it isn't higher,

The Viking Snowden: Denmark spy chief 'relieved of duty' after whistleblower reveals illegal snooping on citizens

Graham Cobb Silver badge

It is partly our fault -- and we need to fix it.

Our newspapers, and even our politicians, make a lot of noise about tiny acts of terrorism. Who can blame the security services for reacting by demanding more power, more people and more data?

In fact, we should be celebrating that terrorists are reduced to using cars and knives instead of bombs and automatic weapons. I want our security services to be preventing "spectaculars" and I don't worry if they miss a one or two person conspiracy even if "the perpetrator was known to the security services".

Of course the police should investigate and catch the perpetrators and their conspirators - but that shouldn't involve the security services.

Chinese State media uses new release of local Linux to troll Trump

Graham Cobb Silver badge

Re: Selfhosting a la Graham Cobb

Hmm... replying to AMFM1... not sure what that says about my sanity...

I am on plenty of mailing lists, use several fora to interact with others with similar interests, and even open-source the code I write, and publish it on GitHub. However, none of that is personal or private information.

However, it is true that I do not use social media -- I have never had a facebook or twitter account and will not be getting one.

Graham Cobb Silver badge


Upstream Linux, and major distributions, have explicit goals to be open and support privacy. Of course, it is always possible that various nation states have compromised parts, but at least I am confident that any compromises discovered will be openly announced, addressed and quickly removed.

I have no such confidence in cloud services. So I don't use cloud services for important personal data (such as email, contacts, calendar, personal files, etc). I selfhost such things (for example using Owncloud/Nextcloud and by running my own email server). And I only use cloud storage for encrypted data (such as backups) or non-confidential files (such as my media library).

Trucking hell: Kid leaves dad in monster debt after buying oversized vehicle on eBay

Graham Cobb Silver badge

Re: As far as eBay and PayPal are concerned

the purchase was made by dad, as it was him that was logged in.

No, the purchase was made by whoever made the purchase, not who was logged in.

If there is a dispute over the facts, that is something that (if it ended up in court) the court would have to determine who was telling the truth and who wasn't.

However, I would guess that the T's&C's make it clear that the account holder agrees to be held liable for any payment made while logged in.

Of course, IANAL -- this is just my understanding from reading the various financial agreements I have signed over many years.

US senators: WikiLeaks 'likely knew it was assisting Russian intelligence influence effort' in 2016 Dem email leak

Graham Cobb Silver badge

Re: Interestingly,

I don't think Boris has done a good job (on anything!), but you can't just compare death per population numbers, unfortunately.

I am no epidemiologist but it is obvious that population density distributions and variances make a massive impact, as do weather, poverty and societal culture. For example, the proportion of the population living in cities presumably has a much more than linear effect (I would guess about an N-squared impact, due to network effects) - and the UK has a higher proportion of people living in cities than Ireland or the US does, for example. On the other hand, I would expect Germany to be comparable to the UK.

Personally I find the "percentage increase in deaths" figures to be the most meaningful of the easy to calculate numbers. By that, I mean the "excess deaths" divided by the "normal expected deaths". That way countries which normally have higher levels of deaths (whether due to climate, poverty, way of life, population density or whatever) are recognised as expecting higher numbers of excess deaths.

Leaky AWS S3 buckets are so common, they're being found by the thousands now – with lots of buried secrets

Graham Cobb Silver badge

Re: And the corporate world ...

Finance Directors sometimes are.

In many companies IT reports into Finance. And Finance Directors are almost always fired after serious control problems in their domain -- that is, after all, their main job.

Of course, it is very, very hard to know, unless you are an executive or a board member of such a company, because listed companies very rarely say "we fired our FD" because they don't want anyone to know there has been any problem. But it might be interesting to see how many companies that have had an IT problem have had their FD decide (completely voluntarily, of course) to seek other challenges 6 months later.

Graham Cobb Silver badge

Re: And the corporate world ...

Of course this is an IT site so moaning about management priorities is to be expected :-) But I actually know many companies where IT is highly valued, by the board and the shareholders, as an important strength, differentiator and enabler for reducing cost. And even in those who haven't particularly valued IT in the past, the recent spate of ransomware and other attacks is a big focus for the board of all plcs.

For this issue, and security in general, I think the biggest problem is not cost reducing so much as timescale pressure causing a move to allowing unfinished projects to go into production. That allows things like "for the prototype I have put the key in the source directory - we need to remember to set up a secure way to distribute the keys before we go into production" to be forgotten.

I think it is less about cost, or even cloud as such, and more about a management misunderstanding of things like Agile and DevOps causing an attitude of "we should let people start using the prototype to see whether we are on the right lines - do whatever operational hacks you need to get that running and we will fix it later". Of course, once the prototype is in use there are many, many, many bugs and change requests coming in and the team can never prioritise removing the temporary hacks.

Infosec bod: I've found zero-day flaws in Tor's bridge relay defenses. Tor Project: Only the zero part is right

Graham Cobb Silver badge

Re: The problems continue

Yes and no. The current (limited) research suggests that private (unlisted) bridges are not being blocked by the GFW. Which means that the Chinese are not, at least, scanning and acting on these results to block the bridges.

They might be scanning and acting on the results to track down the activists but there has been no evidence of that, so far. My best guess is that they are not bothering: really determined activists will always work harder to hide - they just need to make sure they are blocking the 99.99 % who just install Tor and try to run it (without having a "partner" outside the firewall running an unlisted bridge).

But this is why it would be good to have ongoing research to help understand whether even stronger pluggable transports are necessary/useful.

Graham Cobb Silver badge

Re: The problems continue

Personally I find the comments from the Tor team persuasive: meek and obfs4 have well known detection weaknesses but the main aim is to provide Tor access behind the great firewall. As long as the GFW is not choosing to invest the level of resource that would be necessary to exploit those weaknesses to block Tor traffic, they are doing their job. So, the issue isn't whether the protocols have weaknesses, it is the need to conduct ongoing research to determine if private bridges continue to be accessible or not.

If you can get access to a bridge you can trust, then Tor continues to protect your actual communications.

The most significant research gap is to know whether the GFW could use these weaknesses to detect Tor use reliably enough that it could identify previously unknown activists. That would mean having a sufficiently low false positive rate that the authorities would find it worth deploying security investigators to determine if the person concerned is actually an activist.

First rule of Ransomware Club is do not pay the ransom, but it looks like Carlson Wagonlit Travel didn't get the memo

Graham Cobb Silver badge

Re: Crikey

The really interesting thing is that the recent attacks have gone after LARGE companies. Those companies almost certainly have good backups and maybe even reasonable disaster planning. However, it seems that if you choose a large enough company, they will be willing to pay a substantial sum just to minimise their downtime.

Restoring all backups, including all the employee desktops, will take a lot of time, and a lot of effort and cause massive business disruption. A few million to reduce that to (say) 24 hours to decrypt and restore operation probably looks like a good deal.

Of course, as well as the obvious problems of rewarding criminals, how do you know you really have a safe environment afterwards? All data correctly restored? No hidden infections waiting to hit you up for an ongoing "insurance fee" (protection money)?

Google allowed to remember search results to news articles it was asked to forget. Good

Graham Cobb Silver badge

Re: Why I love the Right to be Forgotten

Sorry, you are wrong, and Len is right.

The issue here is generating dossiers about people. It is illegal to generate a dossier of information about me that includes information covered by RTBF (you can argue about what should be covered by RTBF but that is a different question). That covers private investigators and other people who report information about individuals. That is the tradeoff society has decided to make: sure it means people can hide things but society has decided that is the tradeoff it wants to make - right or wrong.

Once you have that decision, it obviously covers search engines as well. If I type a question about a person into a search engine I am asking them to create an on-the-fly dossier about the person and answer my question. The fact that they do it by indexing web pages has nothing to do with it -- they cannot provide information subject to RTBF about people whether it comes from web pages or from photographs taken outside their house with a long lens.

The point is that (in these countries) information about people is special. It has to be handled very differently from other information and comes with a long list of legal requirements. That is what those societies have decided.

Chinese ambassador to UK threatens to withdraw Huawei, £3bn investment if comms giant banned from building 5G

Graham Cobb Silver badge

Re: Does the Chinese ambassador think ...

I suspect that message isn't intended for consumption in the UK. It is a warning to other countries. I could imagine somewhere like South Africa is under pressure to do the same thing but a cost of several billions of investment might cause them to think twice.

Amazon and Google: Trust us, our smart-speaker apps are carefully policed. Boffins: Yes, well, about that...

Graham Cobb Silver badge

My phone has microphones and I carry that around everywhere.

Yes. And it is an important issue. But, as with all security, a risk assessment (even informal) is probably more useful than a tin foil hat.

It is well understood that phone microphones are always compromised at a low level (often in hardware/ROM firmware) and are accessible over the air to network operators and law enforcement. That is why in very high security environments phones are banned and are even stored in Faraday cage bags at site reception.

However, if your threat concerns do not include nation states or law enforcement, phone microphones by themselves are not much of a problem: any phone company or operator routinely tapping all its customers mics would be noticed quite quickly.

However, it is clear that all "voice assistants" (whether from device manufacturers, operators, or 3rd party apps) are always listening and retaining data. Many people have noticed that adverts reflect recent conversations held near the phone, even when the assistant has not been asked a question. The only way to avoid that is to uninstall them. In the case of built-in assistants it should be enough to use their setting to disable them -- if they claim to be disabled but in fact are still recording then they are clearly committing an offence.

But if you leave it enabled (listening for its trigger word), it will be recording and sending information back to its masters.

USA seeks Moon and Mars nuke power plant designs ready to fly in 2027

Graham Cobb Silver badge

Re: What are they going to do with the heat?

I suspect the main reason enormous cooling towers aren't required is they are not producing enormous amounts ... of power

I suspect the main reason enormous cooling towers aren't required is that cooling towers don't work well with no atmosphere.

I don't think radiators would look anything like cooling towers, however much power you were generating.

Nominet shakes up system for expiring .uk domains, just happens to choose one that will make it £millions. Again

Graham Cobb Silver badge

Re: The real problem

Don't forget that there are many holders for the same or similar trademarks (I just took a look at "Jameson" -- there are 24 pages of holders of that or similar marks, including law firms, confectionery manufacturers, and many others as well as the famous Whiskey manufacturer). And, of course, anyone not using it for commerce is entitled to use it any way they want. As well as nominative uses like "ihatejameson.com" and "ihatejamesonwhiskey.com"

Trademarks don't prevent people using a word - they only stop people using it to misrepresent themselves. And given the fact that domain names are not aligned to any one industry, trademark use should be a tiny factor in domain name dispute resolution.

Seven 'no log' VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet

Graham Cobb Silver badge

Re: Building your own VPN

So anyone who can extract from whatever hosting provider is selling me B information about who is paying them for B knows who the traffic originating from B belongs to. Which kind of defeats at least some of the the point of a VPN.

Some, but not all. If you don't need to protect against legal threats then that VPN is still useful. In particular, if you are just using the VPN to appear to be located in another country, and it is unlikely anyone will take legal action against you, then paying for your endpoint works fine. In that case, the biggest problem is that the easily available paid-for endpoints (like AWS) are often blocked by the sites most often targetted for this (for example, BBC). But it is often still possible to find a smaller provider that is not blocked, And any foreign provider will do if you aren't violating copyright and just don't like allowing GCHQ to collect all your browsing data with no probable cause.

On the other hand, if you don't need to protect against legal threats, and you are just using it for something fairly innocuous, then you don't need a "nolog VPN provider" either - any VPN provider will do and they will probably handle getting around blocks better than you can because that is how they get you to pay.

The situation changes, of course, if you are doing something illegal, or likely to end up in court, or something blackmailable (in which case the VPN or hosting provider themselves may be your most serious threat).

Euro police forces infiltrated encrypted phone biz – and now 'criminal' EncroChat users are being rounded up

Graham Cobb Silver badge

Re: It's an interesting dichotomy

Which is why the answer is Open Source. While not perfect, it is likely a much better system than one you code yourself and you don't have to trust a small number of people.

The biggest downside is if there is a bug or a weakness, it is easier for your adversary to find. But there is also a large chance someone else will find it and it will be fixed.

Graham Cobb Silver badge

Re: Matters arising

I don't suppose many of the purchasers bothered to do network traffic inspection testing of the device in use: the captured data could be sent in an unencrypted http message to a police server without anyone likely to notice!

The crims who would notice (who are likely to be government-backed if they are really that sophisticated) will not be using commercially-available WhatsappForCrims services.

Graham Cobb Silver badge

Re: Honey pot

The problem with that, for many users, is the feasibility of doing so and (more importantly) the difficulty involved in securely exchanging keys.

Indeed, although replaced in this case with the difficulty of knowing whether the service you are using is actually under the control of law enforcement (and, of course, the difficulty the LE people have in using any information they can gather without blowing that they are reading the secret comms).

One assumes that if you are a serious criminal you mostly use services where many of the people at the provider can be physically accessed (i.e. killed or seriously injured) if it turns out they are giving away your secrets! The problem is presumably that in today's international crime scene you need tools that will be trusted by two criminal enterprises in different parts of the world.

If I were a criminal mastermind, I think I would prefer to use something that is open source and widely used and work on the key distribution and update problem instead -- that is much more likely to be amenable to traditional human-based solutions that these people have much experience of.

But maybe that is why I am not!

Brit police's use of facial-recognition tech is lawful, no need to question us, cops' lawyer tells Court of Appeal

Graham Cobb Silver badge

Re: Intrusive

In fact, it is clearly much more intrusive as fingerprints or DNA are mostly only left if you interact with some particular point - AFR identifies people walking down the street, interacting with nothing.

Graham Cobb Silver badge

Re: So now

And what if you happen to look a bit like someone on the wanted list? It would be unreasonable and unfair that everyone who looks like someone on the list is stopped all the time even if that is a tiny minority. We must require there has to be some additional justification which would protect these unfortunate individuals from turning their honest and ordinary life into a dystopian nightmare (additional reasons might include, for example, a crime has happened nearby, or there is intelligence suggesting the particular criminal is in that area at that time).

Graham Cobb Silver badge

Re: Keep a straight face.

It is obviously much more intrusive: CCTV does not (attempt to) identify people - it records images for use later if justified at THAT (later) time by reasons which are proportional, etc. For example, a crime has happened.

AFR (attempts to) identify everyone it captures - then, based on that identification, may apply some selection or proportionality requirement.

The act of trying to identify people is additional to the act of recording. The recording may be permitted under CCTV laws, but the additional act of identifying has nothing to do with the CCTV laws must require separate legal authorisation.

Former UK Labour deputy leader wants to know how the NHS's contact-tracing app will ensure user privacy

Graham Cobb Silver badge

Re: It will ensure user privacy

And this is something we need not only much more information on, but also laws to limit the data the businesses can ask for, who they can pass it to, and how long it can be retained.

In particular, they MUST NOT be permitted to ask for any sort of ID, - just a name and either a phone number or an email address is all that is needed to provide contact tracing. Also they must not be permitted to attempt or ask for verification of the details (for example calling the number or sending an email). Even if some people lie, the list will provide much more information than they have for other contact tracing scenarios.

In addition, the data MUST be destroyed after a few days (less than 14) when contact tracing will no longer be needed.

Lastly, data MUST ONLY be provided to the NHS contact tracing service and only for the purpose of tracing contacts of someone with the virus, Not for law enforcement or any other purpose. That is the only way to give people the confidence to be willing to provide true information while respecting their privacy.

For years, the internet giants have held on dear to their get-out-of-jail-free card. Here are those trying to take that away

Graham Cobb Silver badge

Re: Objectivity for optimal monitization

Nobody sues AT&T when someone makes threats over the phone. Facebook should be held to the same standard.

Graham Cobb Silver badge

There is no "privilege". All 230 does is stop the US court system being abused. It specifies two key things:

1) If you don't like something someone says on Twitter you have to sue that person, not Twitter. That seems obvious to us in the UK but is not what normally happens in the US: in the US you don't sue the person responsible, you sue the person with most money! As the US court system is so expensive and so unpredictable, everyone prefers to sue companies with deep pockets as they are more likely to just settle and there is a chance of getting a massive payout. 230 forces people to sue the person who wrote the tweet instead, meaning many, many fewer cases.

2) If Twitter moderates your tweet, they can't be sued for their decision. That is the only thing that keeps Twitter from being much, much, much worse. Without that protection, Twitter will have a moderation policy that just says something like "we take down tweets that are terrorist or child porn related and that is it" and will not be able to delete anything else.

Even worse, the very biggest social media companies can afford enough lawyers, and large enough moderation teams, to maybe handle life without Section 230. But there will never be a new social media company: no startup can live with these two changes.

With the current law, if you want to create a right wing or left wing social media company you can do it. And when it becomes big you can use it further your views. But with these changes, this is it. You can't grow a new social media company so we are all stuck with whatever the views are of Twitter, Google, Facebook.

In Hancock's half-hour, Dido Harding offers hollow laughs: Cake distracts test-and-trace boss at UK COVID-19 briefing

Graham Cobb Silver badge

Re: "......worst death toll in Europe"

I'm no defender of the government but a comparison with NZ is useless. We need to compare with countries of similar population densities, similar economies and similar ways of life.

That shows up plenty of concerns without bringing up ridiculous comparisons like NZ or Taiwan.

When open source isn't enough: Fancy a de-Googled Chromium? How about some Microsoft-free VS Code?

Graham Cobb Silver badge

Re: Things we turned off

If you want to browse safely, the three steps are:

1: Install NoScript

2: Turn off SafeBrowsing

3: Engage brain and think twice three times before telling NoScript to allow javascript on any site

Legal complaint lodged with UK data watchdog over claims coronavirus Test and Trace programme flouts GDPR

Graham Cobb Silver badge

Last month's solution?

Do epidemiologists even recommend Track and Trace apps any more? It feels like last month's solution. I am sure it would have been useful in the previous phase but it looks like Coronavirus is here for a long duration now. Tracing isn't a scalable solution for management of the virus for the next decade.

Assuming that society evolves to minimise airborne transmission (presumably masks), the primary vector is going to be either intimate personal contact or touching shared surfaces. Neither of which will have much use for a tracing app. It is looking like it is too late to be an effective tool, and is now just turning into a technological solution looking for a problem.

And the limited tracing resources that will be available are going to be overwhelmed for the next year by 1st workplace outbreaks, and 2nd crowd outbreaks (concerts, football matches, etc). It is clear the government cannot disallow either of those in the long term and neither is helped by an app.

Any epidemiologists here who can explain what I have missed?

Contact-tracer spoofing is already happening – and it's dangerously simple to do

Graham Cobb Silver badge

Re: Quid custodio ipso cutsodes?

He is responsible for the government "optics". He forced other advisors who broke lockdown rules to resign because it looked good. He then refuses to do the same thing himself.

Worse, Boris should have taken the strong line and forced him out - he could have continued to pay him as a party advisor in party HQ but Cumming should have been forced out of Downing Street very publicly for breaching lockdown rules.

Graham Cobb Silver badge

Re: Jumping the gun a bit, aren't they ?

Most contact tracing is nothing to do with the app and can begin as soon as the tracers are trained. Most of it will be contacting work colleagues.

Surely the app is only really relevant for finding contacts on public transport. Any other context you either know who your contacts are or you have not been in close proximity for any length of time (if you are following social distancing rules).

Tech set responds in wake of American protests, police violence and civil unrest

Graham Cobb Silver badge

Re: The next step...

Great idea: all the top US companies withhold 3 months of campaign contributions to all politicians as a protest. And warn that they will review again in 12 months time and unless bipartisan and effective progress has been made on the issue of institutional racism nationwide it will be 6 months contributions they withhold next year.

Linus Torvalds drops Intel and adopts 32-core AMD Ryzen Threadripper on personal PC

Graham Cobb Silver badge

Re: mythical Year Of Linux On the Desktop comes

Most of the apps are done: most users aren't using special software, they are using office apps, and they just about work in the cloud today, and will improve further as that is where Microsoft's office product investment is going.

My employer is a >100K people organisation and pays a lot of money to Microsoft. Our IT dept are pushing Microsoft hard to make "dumb PC working with cloud apps and data" work well enough that they can switch 90% of users to that (the remainder are developers who already use Linux). Mainly for two reasons: security (get all the corporate data of the user's device and strictly under their control), and cost of support (if something breaks - just give the user a new device and it immediately just works).

Today the biggest issues with this model are that the cloud version of the Office apps don't work quite well enough for the power users (cloud Excel is too slow for finance, cloud Powerpoint is too restrictive for marketing, etc). The other issue is that the model still doesn't work for power-travellers (sales people working from trains or planes, mom-and-pop hotels with crap internet or customer sites with no guest wifi) who need all their data and apps locally.

Once Microsoft fix those problems, our IT plan to stop supporting desktops/laptops except as cloud access devices. I am guessing 70% of users in our company will then move to a "chromebook" type of device, that is if they need a keyboard and mouse at all and can't just use a tablet.

They already offer a desktop build for that but not many depts will take it up yet.

Could it be? Really? The Year of Linux on the Desktop is almost here, and it's... Windows-shaped?

Graham Cobb Silver badge

Re: @jonha - Why do you believe this ?

Microsoft have made it clear that Cloud is their future concern. They are no longer at all interested in PCs except as access platforms to cloud-based services. If they could, tomorrow, kill the Windows desktop OS and switch to using something else which is (i) supported by someone else, and/or (ii) the same as they are using on their strategic platform (cloud) they would do it.

It looks like they are busy executing on a plan to replace all their important desktop apps with cloud software so that they can leave the "desktop" business to Apple/Google for mainstream users, Sony for gamers and Linux for developers/power users (and tiny markets like industrial control). The only value they see in the desktop market is enabling controls by IT (security, cost, etc) - if they could make those tools work on a linux kernel they would move off their historic platform asap.

Open letter from digital rights groups to UK health secretary questions big tech's role in NHS COVID-19 data store

Graham Cobb Silver badge

Privacy and data ownership are critical for wide support

As long as Palantir and Faculty are involved I will not be running the app. However useful (or even mandatory) it is. It is disgraceful that such privacy abusers are part of the project.

ALGOL 60 at 60: The greatest computer language you've never used and grandaddy of the programming family tree

Graham Cobb Silver badge

Re: .. never used .. ?

I was using APL at IBM: two or maybe three different versions on different systems. Mostly it was on a 5100 (which also ran BASIC but we only used the APL mode) and APL/SV on a timesharing system. I think I also used APL2 on a VM/360. But it was a long time ago!

Interestingly enough - this job was nothing to do with the academic and engineering computing APL excelled at (with the inbuilt matrix and vector operations). My job was as a programmer in a sales office selling typewriters and photocopiers. The products this office sold had nothing to do with APL or even computers at all - I was employed to write programs that could be used to analyse sales statistics, create reports and create letters to send to customers with special offers.

It would probably have been better to write most of these in PL/1 or RPG II. But learning and using APL was great fun. I even played with j (as a hobbyist) for a while later on to try to recreate that time.



Biting the hand that feeds IT © 1998–2020