* Posts by Steve 53

105 publicly visible posts • joined 22 Jun 2009


Tesla batteries went from fully charged to fully disabled after botched patch, lawsuit claims

Steve 53

Re: Taxes

I think this was largely why the road charging scheme back 15 years ago didn't make it past debate. There is a natural aversion to having your car monitored in all locations, and it's not like they wouldn't hand the job over to Capita for them to leave it on an open S3 bucket...

Definitely no answer here which makes everybody happy, I'm just pointing out that retrofitting meters on every EV charger would be hard to do, and that Australia is already taxing EVs based on mileage (despite the obvious flaws, which would generally be less of an issue in the UK as it's unlikely this would be implemented in only a fraction of the country. Would make a European road trip a little less attractive, but edge case..)

Steve 53

Re: Taxes

>> Whilst you can trickle charge via a 13A outlet, all the new dedicated EV charging points are “intelligent”. Basically, they are controlled by a cloud service and an app. You register you car on the charging point, so it only charges registered EVs and the app and central server manage charging (both of EV and your bank account). As part of the smart grid, EV charging is treated differently to domestic usage, so can be separated. It is only a (intentional) small step to introduce differential pricing and taxation.

- Nothing stopping you having you having the mobile charger connected to a 32a IEC connector

- Some energy companies have offered discounts if you let them control your charging, but that's really up to you to agree

-- Generally the intent is to push charging away from peak times, which is good for the grid and bills overall

- They almost all use wifi, so change your wifi password and they're dumb chargers again

- The built in meters (Effectively embedded clamp meters) aren't calibrated, and you'd struggle to justify using them for billing

- The way a lot of chargers have been installed would make it physically difficult to retrofit a meter

- You can program them to connect to your own local control server if you wish

On the other hand, car odometers are recorded annually as part of an MOT. Thus far the Australian states which have implemented per mile tax have used this, with a few difficulties

- Can't differentiate in/out of state driving

- Clocking some cars is pretty trivial

Steve 53

Prices went up during the autumn energy prices, and haven't come back down. Either the charging companies hedged their electricity at a high price, or they're creaming off big profits (For re-investment I'm sure..)

The best priced "mainstream" charge provider is Gridserve at 69p/kWh. Nobody has blinked and cut their prices yet, but I suspect once one does, they'll all come tumbling down

Tesla superchargers today are are approximately 40p offpeak, 47p on peak (varies by location), most are still open only to Teslas, but other vehicles are welcome at a small portion for about 10p/kWh extra on the Tesla price, or £10/month. Telsa didn't hedge, and they've passed on a fair price to their customers. It's curious how they can do the decent thing in some scenarios, and yet in others royally screw over the customers

Military helicopter crash blamed on failure to apply software patch

Steve 53

We know from oh so many crash investigations that "normal procedure" can deviate from "documented procedure" over time.

No doubt the other chopper pilots are actually following the proper procedure now, and everybody is reminded regularly "Do this, and you might end up swimming", but it takes somebody experiencing the consequences to avoid little shortcuts. Hence the software patch was the best option, can't follow sloppy procedure if the system doesn't allow it

FYI: BMW puts heated seats, other features behind paywall

Steve 53

Re: "It is possible to pay a fixed, one-time fee to activate a monthly option permanently"

Devil's advocate, bear with me....

I get if they fit heated seats, and you have to carry those around with you then you should be able to use them. That's utter bullshit.

What's the difference between paying for GPS maps, and updated neural nets for Tesla Autopilot?

(On Telsa, map updates are free. Autopilot enhancements like lane change are the only real optional extra)

OK, you're paying data charges in the EU, but you can still roam free in, er, Iceland

Steve 53

Mobile reception is pretty good actually

Iceland is surprisingly good coverage. Even in the very underpopulated highlands we rarely lacked LTE

UK urged to choo-choo-choose hydrogen-powered trains in pursuit of carbon-neutral economic growth

Steve 53

Hydrogen is approximately 30% efficient, electricity in to electricity out, assuming no leakage or transport costs.

It's not a particularly efficient solution vs, say, lithium-ion batteries being swapped at stations with 80-90% efficiency.

That said, if we can generate it with offshore wind and avoid the significant costs of big fat electrical cables back from the wind farm, perhaps it can be made to make sense. "Off peak" nuclear, grid wind and soforth will likely eaten up to EV charging..

The question is how much can be economically produced, and if we need that for houses in urban areas with no room for ASHP/GSHP...

Tech contractor loses IR35 tribunal appeal: 'Right' to substitute didn't mean he could, say judges

Steve 53

Re: I'm going to go out on a limb...

Of course, as a full time employee I'd be getting notice / redundancy. As a contractor i would get very little. But other than that this seems reasonably balanced; you get a higher wage in exchange for limited job security, no pension contributions and no holiday, I don't see how this should affect the tax you pay.

Either contracting is made attractive to you because you're being paid more, and are in a financial position where you're comfortable with the risk of being let go at short notice / like the ability to leave a company at short notice, and the extra pay covers the perks you're not getting, OR you take paid employment, and the day rate for contractors go up due to supply and demand.

Yes, many large companies aren't paying their own share. Yes, that should be sorted. But that doesn't entitle you to argue you should pay less than the tax you owe.

The Wight stuff: Marconi and the island, when working remotely on wireless comms meant something very different

Steve 53

It's basically a crime to go in that direction and not visit the hovercraft museum at Lee-on-the-Solent, then take the IOW hovercraft over to Ryde...

Desperate Nominet chairman claims member vote to fire him would spark British government intervention

Steve 53

Re: I'm pondering how bad "government control" would really be

Such key national "assets" aren't for use on small things like Nominet, we need them on key national projects to make sure their "skills and wisdom" can affect the great british people on a national level

Steve 53

I'm pondering how bad "government control" would really be, assuming they wanted to run it as a simple non-profit registry...

Want your broadband fixed? Best write to your MP, UK's Zen Internet tells customer

Steve 53

Re: Clearly a maintenance schedule issue

As much as that "seems" to make sense, I suspect the failure rate is relatively low, and given there is a fibre rollout in progress it would probably involve replacing 10's of thousands of cabinets which are in reasonable condition and would remain so until the switchover.

Plus I suspect replacing a cab would be a substantial outage which would likely to result in residents with pitchforks in the current homeworking scenario.

The right thing to do here is be more ready to replace them once they start having issues...

Nominet claims effort to replace its board with 'safe hands' is invalid, refuses to put it to member vote

Steve 53

Re: a critical destabilising impact

I was also wondering how many techies would actually feel they need to down tools if their CEO was deposed. I very much doubt they're going to have a mass exodus....

LastPass to limit fans of free password manager to one device type only – computer or mobile – from next month

Steve 53

"The service is the best on the market for free users"

I would dispute that; Bitwarden has very few restrictions around free users, and charge much more reasonable annual fees for the limited premium features (Mostly advanced 2FA and TOTP). Some users sign up for premium just to support the developers.

While on a feature checkbox it's not quite got everything lastpass has, there are very few things missing. And generally, bitwarden executes the features it does have much better. When I left lasspass a few years ago, I didn't feel it had had any meaningful enhancements for years.

Lastpass is basically private equity trying to squeeze as much money as they can out of their users, hence price rises and policy changes...

Drone smashes through helicopter's windscreen and injures passenger

Steve 53

Based on the photo of the downed drone, It's a DJI Mavic Air 2 at 570g. Last I checked Chile require a parachute for anything over 700g but didn't have much by way of registration. Looks very similar to a Mavic 2, but the Mavic 2 has an upwards facing distance sensor on the back.

Surprised at the level of damage to the windscreen, less so at the general standard of drone photography. The Ocusync 2.0 on these drones allows control far beyond visual line of site, and once you're beyond VLOS you're only going to see a very limited forward view and no ability to hear a heli, so could easily be taken out by a heli from any direction other than the front.

Police drone plunged 70ft into pond after operator mashed pop-up that was actually the emergency cut-out button

Steve 53

I looked at the famous "Derby police peak district drone shaming" and cringed a bit after taking my A2 CofC, the shot taken above a car with people getting in and out made me wonder if there is an Article 241 question there... Could easily have derisked the shot by taking it from a 60 degree angle rather than 90.

Doesn't feel like they're doing appropriate risk assessments

UK network Three hikes pay-as-you-go rates by 400% to push punters to buy 'bundles'

Steve 53

Unlikely, this sort of BS happens far less often at the MVNO end of the market.

Steve 53

Re: Time for a complaint to Ofcom

I think that's reasonable on contract, but I don't think that's really necessary for PAYG contracts. I'm on three PAYG as my work SIM does most of the heavy lifting, and I'm rather annoyed by the increases, but I'm free to go wherever I want.

I would prefer if they were obliged to refund any outstanding call credit though. That aspect does feel unreasonable, even if it's only a fiver

Brit registrar 123-Reg begins 2021 in much the same way it ended 2020 – with DNS issues

Steve 53

This is not K8s on Istio with Space Thrusters and AI.. It's DNS hosting, stable technology for decades. How do you fuck this up so regularly.

Recommendation for Mythic Beasts for better features and a quiet life at more or less the same price...

AWS is fed up with tech that wasn’t built for clouds because it has a big 'blast radius' when things go awry

Steve 53

We've seen many occasions when a large DC-scale UPS fails to live up to it's name, and downs a whole DC. Equinix, BA to name ones in my recent memory.

A few servers going down is a lot more tolerable than a whole AZ, and with a larger number of devices UPS failures become a routine problem - much better than a very large one-off problem.

So, plenty of merit, until one of them catches fire or somesuch anyway...

SpaceX’s Starlink finally reveals its satellite broadband pricing for rural America: At $99 a month, it’s a good deal

Steve 53

To be fair, that's a lot to do with your choice of ISP, some content more heavily than others...

Steve 53

Re: Outside America

Remember that the Satellites will go over LATAM, and are a "bent pipe" design. This isn't as simple as selling spare capacity, it's that they can *only* serve LATAM customers when they're going over LATAM. So either sell the service at a country appropriate cost, or have them sit idle for a sizeable portion of their orbit.

The biggest barrier is the cost of kit, because that's the only thing which isn't "Sell it cheap, or don't sell it at all"

Working from home on Virgin Media's broadband? Too bad. Outage hits English capital

Steve 53

While the outage is obviously badly timed, heavy penalties for service outages will have unexpected outcome.

The expected outcome, of course, is that they're willing to pay more to put more resilience into the system in order to avoid the fines. This will sort of work, although it's likely that you'll see such costs passed onto the consumer.

The unexpected outcome is that the management team will start of have an unhealthy relationship with risk, suddenly upgrades are too risky to do, they end up on old software upgrades. Capacity upgrades are also risky, so they hold off on the capacity upgrades because they don't have financial penalties for capacity problems, but they do for outages.

The other problem is expectation of uninterrupted service on a consumer line. It's just not realistic that consumer services have 100% uptime; get a backup (4G router is cheap enough)

It's a free market, and IMHO the best thing you can do is jump ship if you don't like it. Virgin have had poor reliability with opaque service status messages (Our engineers are working to fix the problem as soon as possible...) since before they were virgin...

We moved to AAISP and are happier for it. Yes, some outages, normally very quick to advise of issues and generally pretty transparent with what went wrong and what they're doing to fix it. (Except DDOS attacks, for obvious reasons)

Raspberry Pi Foundation serves up an 8GB slice of mini-computing goodness

Steve 53

Re: Further back than that....

£75 is about the sort of price you'll start to see second hand NUCs. You're probably looking at a 3rd or 4th gen celeron or i3 with 4gb of ram at that sort of money, possibly with an older 120gb SSD, but if you're usecase is a linux server or desktop, you don't mind a bit higher power consumption and don't need GPIO (Which is probably more useful on a Pi Zero) then it'll run rings around it.

Of course I'm comparing new with second hand, but RPi tends to be for pragmatists..

Rogue ADT tech spied on hundreds of customers in their homes via CCTV – including me, says teen girl

Steve 53

Re: Camera in bedroom?

I suspect the salesman was bonused on the number of cameras installed / size of deal, so if they can persuade them that cameras in the bedrooms are 1) Safe 2) A good idea then they'll sell more cameras and make more money.

Only way to stop that is ADP having a corporate "No cameras in bedrooms FFS" policy, and even then the sales people will be grumpy about getting in the way of their ability to sell...

Magecart malware merrily sipped card details, evaded security scans on UK e-tailer Páramo for almost 8 months

Steve 53

Re: Wait

To be fair, they're using Paypal, not processing their own cards. The expectation is that paypal will take care of the security / PCI-DSS as the retailer will never handle to card details. Frankly Paypal shouldn't be offering the option to load in an iFrame - ie an environment they don't control the Javascript for

Broken your new Surface Go 2 already? Looks like it's a bit more repairable this time

Steve 53

Microsoft's update has added some much-needed horsepower

The "standard" pentium offering is a very, very small speed bump a 1.7ghz Kaby Lake process vs 1.6ghz. It was a moderately old design when the Go 1 was released, it's a very elderly processor now, and one which is noticeably slow even when being used for general web browsing.

All they've offered is the opportunity to spend an extra 90 quid (Only on the high end 128gb model) on a processor which isn't crippled by disabled turbo.

The surface go is a lovely machine, but £629 is an awful lot to spend on a machine which is only going to have tolerable performance.

Royal Navy nuclear submarine captain rapped for letting crew throw shoreside BBQ party

Steve 53

For the purposes of the act, I think it's entirely reasonable to consider the sailers to be members of the same household, given they've been in a tin can for months as ordered.. Providing they're quarantined, frankly it's not an issue if they organise a mass orgy on the dockside, let alone have a BBQ...

We need to apply common sense and science...

UK big five carriers bin wired broadband download quotas for as long as we're all stuck indoors

Steve 53

Interestingly, A&A (one of the few premium ISPs who have download quotas) beat ofcom to the punch by about 3 weeks. They're keeping quotas, but topping people up as needed. Seems to strike a decent balance between helping people with unusual traffic patterns due to Covid and keeping people accountable for their usage.

One of the few providers who beat themselves up if they have any packet loss due to congestion... But of course it needs subscribers who are invested in that idea as well.

Steve 53

Re: Stupidest Idea EVER!!

Few packages are actually have download limits, and it's unlikely the tiny fraction of users who have these packages (We're talking tight budgets here) are the sort of users who will suddenly download tonnes. Hell, we're probably talking about people with just a bit of DAS.

Probably not a problem...

Brother, can you spare a dime: Flickr owner sends mass-email begging for subscriptions

Steve 53

Re: "Sure, but they're providing the content"

Just because there is 1TB of disk space doesn't mean that the average user is going to use 1TB of disk space - as I said earlier, my usage was close to 4gb, which leaves a very fat margin for them at $49/year

Steve 53

Re: The Rubicon has already been crossed

It depends how you use Flickr of course, but the way I used it was to showcase my best shots, generally not in full resolution. While I do have ~500gb of photos taken over the years, only a tiny fraction of that ever saw Flickr. Looking at what I downloaded from Flickr when I evacuated, it was about 4gb for 12 years as a fairly avid user.

$49 gets you about 177Gb of standard S3 storage, assuming you don't want to do any intelligent tiering, infrequent access, etc. At retail I would have been costing them about $1.104 in storage a year, although AWS will of course cut special prices for people moving entire farms of storage over...

Of course, others might chose to use it as a backup solution, but even then AWS Glacier Deep Achieve is a cheaper option for anything up to about 4tb...

Steve 53

The Rubicon has already been crossed

This time last year, they blackmailed their users into either paying for pro, or having the majority of their photos deleted. I decided that $49 a year with a 25% discount for the first year wasn't something I could justify in perpetuity, so I let them delete the photos (I have my own copy, of course).

You'll be surprised to know that after deleting the majority of my photos, I'm not going to pay the same to keep the very limited selection of photos left.

They took a very hard line attitude, it was a gamble, it didn't pay off. (And I have paid for pro in the past, btw)

The email generally irritated me; $9 / month for netflix or spotify? Sure, but they're providing the content. Why would I pay $49/year for them to provide me what amounts to a bit of web hosting?

Suggesting that the price will increase in future years makes me glad I bit the bullet there and then... It'll be a shame to see it go, but it's a shell of it's former self.

Log us out: Private equity snaffles Lastpass owner LogMeIn

Steve 53

Re: Bitwarden

I've moved from LastPass to Bitwarden. Lastpass have upped prices year after year and provided very little by way of enhanced user experience as a result - which might explain why they're making such substantial profit by revenue. It felt very dated when I moved in April.

Bitwarden is less than 1/3rd of the price for premium, offers a solid set of features and has a noticeably nicer UI (IMHO). Self hosting is obviously a bonus, but I'm happy to have them host for me.

I've suggested a number of friends (mostly technical) move from lastpass to bitwarden, and they've all been happy.

Uber JUMPs at chance to dump load of electric bikes across Islington

Steve 53

Re: Weird pricing model

I actually have a Brompton. They're not particularly heavy as folding bikes go, but the weight is still substantial.

It's not worth the faf of dragging it through Waterloo station and bank, then around with me for the evening. I'd rather just pay a couple of quid to rent an bike for the short section where it makes sense.

Steve 53

Re: Weird pricing model

Yes, but I have to wait for a bus, and on the route I regularly bike rent on there are no bus routes which take me all that close.

Bug-hunters punch huge holes in WPA3 standard for Wi-Fi security

Steve 53

Off by default? Have you met the general public?...

Uber driver drove sleeping woman miles away from home to 'up the fare'. Now he's facing years in the clink for kidnapping, fraud

Steve 53

... But John Worboys ...

Uber won't face criminal charges after its robo-car killed woman crossing street

Steve 53

Re: New???

Legally, yes. Practically people don't leave enough space for a completely unjustified emergency stop

Steve 53

Re: Safety driver?

Agreed. The wheels are by definition going to be low on the bike and you can see them quite some distance in advance. Reflective sidewalls / reflectors on spokes are a very good way to be seen from sideways, for example at a T junction - bikes don't tend to have sideways lights.

Unfortunately wearing dark clothes at night with no lights seems rather common around here, and the build in reflectors are normally pretty high up the bike or removed because they don't look cool :/ It's lead to a few "Where the hell did they come from" moments.

I do a 50/50 cycle/drive to work, but my bike has 5 lights (2 flash, 2 constant, 1 wheel light - n+1 redundancy!), 2 reflectors and spoke reflectors. You can pick up lights for a couple of quid from amazon, I don't understand why people are allowed to get away without them tbh. (Take the bikes and crush them)

Steve 53

Re: New???

Well, there is a clear reason for this. If you've not got your algorithm right yet and KNOW that it's skittish with the emergency breaking, then that IS a good reason to disable said system. If the system incorrectly performs emergency breaking then you're very likely to end up with a car in the back of you (Or I guess correctly - but at least then a car in the back of you is the lesser of two evils).

So you set it to log, you put cars on the road and you gather data. Once you have data you can refine your algorithm and get more data. Once you get it right you actually turn on the system.

The problem here is us meatbags - The safety drivers is there to deal with these situations, but if a machine only needs intervention on rare occasions then the job is boring as hell and you're likely to piss about with your phone. And of course the squashed meatbag put themselves in danger by crossing the road without checking said road was actually clear. I could do that the main road 200m away from my house and end up squashed even with no robodrivers involved.

If uber didn't tell the safety drivers quite how critical their role is, then that is of course an error on their part - but the safety drivers know they're ultimately responsible for the cars safety...

Good news! Only half of Internet of Crap apps fumble encryption

Steve 53

Re: New???

Wouldn't ROT-X be "Military Grade" at one point. That point being 2500 years ago?

The marketing dept just weren't specific on the timeframe!

Time for a cracker joke: What's got one ball and buttons in the wrong place?

Steve 53

Re: New???

I was thinking, that would be hard work.

That said, back in the day I spent quite some time diagnosing a network card issue before realising the user had plugged into an ISDN TA rather than the 10/100 NIC. (Both RJ45)

Vision Direct 'fesses up to hack that exposed customer names, payment cards

Steve 53

HSTS is highly desirable. The website itself might not have a HTTP binding, but MITM creating a HTTP binding is pretty trivial.

Re CSP domains - in this case it would have helped. For the BA hack it wouldn't have as the script host was compromised. Doesn't make it easy to implement of course.

Dutch cops hope to cuff 'hundreds' of suspects after snatching server, snooping on 250,000+ encrypted chat texts

Steve 53

Re: New???

Well, yes, but I'd say paying €1.5k for 6 months with a phone with "unbreakable encryption" and "a panic button if you get nabbed by the fuzz" is probably reasonably grounds to suspect it's not just a private conversation about what groceries to bring home.

Internet be nimble, internet be QUIC, Cloudflare shows off new networking shtick

Steve 53

Re: Shome mishtake shirley?

Yes, Jesus wept at this article... A cursory check of Wikipedia would have spotted half the issues.

It will also mean saying goodbye to the protocol that effectively made the internet possible: TCP.

TCP will continue to be a fallback, not least because there is no support for UDP tunnelling under a HTTP proxy

"And the reason is that TCP intrinsically assumes you will stay at the same address on the network while you are sending and receiving information. As soon as you starting moving around however, that address shifts. If you leave your house and your home Wi-Fi to join a 4G network, that's one shift."

Yes, that would be. At which point you'd have the break down the old TCP conneciton and build a new one. But UDP despite being stateless is likely still going through NAT / GiFW, so you'll still need to send packets to get traffic.

"If you get on a bus or a train to head to work in the morning, or if you stroll home at the end of the day, you will be constantly shifting your network address as you move from cell tower to cell tower."

Handoff between cells generally keep the same IP. Not all subscribers, but the vast vast majority

"This modern use of the internet has already led to plenty of other changes and improvements to existing internet protocols – for example, the shift from HTTP 1.1 to HTTP 2.0 was largely because people now use multiple applications at the same time and expect each to be able receive data."

Jesus wept. HTTP 2.0 allows multiple streams of data to a single service, not multiple services, not from multiple applications. With HTTP 2.0 you'll establish a new TCP connection for each app to each destination, or with QUIC UDP.

"What's more, if you are moving around from network address to network address, this UDP approach should end up much faster because it pulls out TCP's checking mechanism, speeding things up."

Checksums are offloaded to hardware, so the "Effort" is minimal. With UDP over IPv4 checksumming is technically optional, but if you skip it you have to zero pad the checksum field, so you don't reclaim bandwidth. Under IPv6 it's mandatory anyway, as skipping checksumming makes no sense. Besides, you need to hash for DTLS anyway.

What's faster is you have direct control of the congestion control algorithms, fewer roundtrips to bring up a "Connection", etc.

"And that's what first Google and now the IETF internet engineers have been working on: how to add TCP-style encryption and loss detection to UDP. It will also add in the latest standards like TLS 1.3."

TCP doesn't have encryption. TLS only runs over TCP, true, but DTLS (UDP transport) has been around for a very long time

"It will create problems for people using NAT routers as a way to handle the painfully slow move from IPv4 to IPv6. NAT routers track TCP connections to work seamlessly and since QUIC doesn't use TCP, its connections through such networks could well drop out."

Bollocks. NAT routers track UDP "Connections" in more or less the same way as TCP. Plus QUIC clients fall back to TCP in case of issues

"Likewise, if a network is using Anycast or ECMP routing – both used for load-balancing - the same problem will likely occur."

Anycast and ECMP break TCP too. And require more work to re-establish

Strewth! Aussie ISP gets eye-watering IPv4 bill, shifts to IPv6 addresses

Steve 53

Re: Has anyone truly made the switch?

Nail on the head, a huge portion of ISP traffic is to google, youtube, facebook, etc. The large services are IPv6 and therefore if you just implement CGN with IPv4 only, you're going to pay an awful lot of money for the kit and you're going to need to work out how you cleanly expand that over time. Implement IPv6 and >50% of your traffic zips straight past your CGN box.

So you've got a clear cost/benefit on the ISP side, either do a IPv6 project or pay way more than you need for your CGN solution.

On the content provider side, things are a lot less clear. Unless you're hyperscale like facebook, you don't need IPv6 for any particular reason, and don't care much than the users might need to be go via CGN and incur a bit of cost for their ISP and maybe an extra couple ms latency. It's just extra complexity, which means extra cost. Hence el reg is V4 only.

Steve 53

Re: Another IPV6 article which exposes issues with IPV6

Typically PBA or DNAT will be used, whereby a subscriber is given a source port range on a particular public IP (EG ->, -> Saves a lot of logging, but then you've got extra fun with the likes of SIP which need a lot of TLC to run through the solution.

Steve 53

Re: Finally?

AAISP use TalkTalk as one of their two backhaul carriers, and the customers get an uncontended low latency service. Just because their consumer service is rancid doesn't mean their wholesale offering is.

Plusnet customers peeped others' deets during system upgrade

Steve 53

Re: New???

Somehow I see them more likely to move to a BT "Standard", eg a 25 year old mainframe based system, perhaps with a front end GUI added to make sure the pig has a little lipstick