Posts by simpfeld

Re: Still Waiting to See Evidence

Ermm, a third party security researcher could easily show evidence of Huawei backdoors, this hasn't happened! But it has happened with numerous US originated equipment.

Re: Quick Question regaring Fibre

I wonder why it would be asymmetric, I can understand why on DSL (limited frequency range so optimised to use for each direction), but on fibre. Sounds like an artificial scarcity situation again so people still have to pay for business class leased line. There isn't so much asymmetric network gear!

Re: Help me understand

Yes, I'd like to know what is so wrong with Basic over TLS (IMAPS on a dedicated port). I guess starttls has had issues with "Man in the Middle" with not passing the starttls to the real server, so being able to intercept. But I don't see any difference between IMAPS vs an HTTPS based authenticator. A genuine question from me too!

Re: Welcome to the new mainframe.

So true. Then we are going to hit what I have heard people call "Cloudshock", when people suddenly realise how much cloud is costing and pull some things back in house (test environments being an obvious choice). I have heard stories of cloud companies that managed to very quickly spin up due to cloud but suddenly find 40% of their turnover was going straight to AWS.

People are quite naive about the cloud. I have heard a senior exec say in a meeting with all this competitions (between AWS, Azure and Google) things will just keep getting cheaper...Wow.

And an accountant saying to me, will the cloud deployment be always cheaper than our present On Prem one...We are simply swapping CAPEX for OPEX really was my answer.

This is just the latest version of what the Jargon Dictionary used to call the "The Cycle of Reincarnation". Their example was

"function in a computing system family is migrated out to special-purpose peripheral hardware for speed, then the peripheral evolves toward more computing power as it does its job, then somebody notices that it is inefficient to support two asymmetrical processors in the architecture and folds the function back into the main CPU, at which point the cycle begins again.".

This is just a new cycle of the mainframe -> distributed systems -> cloud (mainframe), with a different hat on.

Re: Lies, damned lies, and statistics that don't lie.

"Any idea why the IPv6 traffic has a 5% difference during the week versus the weekends"

It's thought this is due to corporates having lower IPv6 adoption than domestic ISPs.

Re: IT Screwed over by Microsoft

"In my opinion (constantly being criticized for it) the cloud is not a good solution"

It's remarkably hard to find any critical analysis or comment of cloud solutions from a brief internet search. Seems to largely be treated as a "you just don't get it Grandad", if you ask for any analysis of the approach vs on prem.

One of the biggest issues I see are backups. Seems like even telling people that this cloud solution esp SaaS, will not really be able to be backed up by us (even if we have the data we probably won't have the software to run the backup against, if vendor goes tits up etc), is just being old fashioned.

Re: "experiencing intermittent service"

Strange, the downdetector seems to suggest it's countrywide.

Re: Neoliberalism SUCKS

"PRECAUTIONARY PRINCIPLE", sounds like you are asking to prove a negative.

To say otherwise you'd have to show some evidence of risk.

Re: Not again!

Yup it's working brilliantly, IT costs were reduced so some exec got a bonus for that and if problems result in executive heads having to roll, no problem, the golden parachute can be deployed.

Re: $106k over three years

I guess the main thing is at some level you are swapping capex for opex. A lot of accountants/companies like this. And okay you can do leasing deals on hardware, but often this is seen as borrowing on the companies books and even if can be tuned (financially) to be pure opex, you cannot turn up and down costs as easily as Cloud/SaaS.

Not saying this is right, but some companies run on thinking it's being better to own nothing. And probably think they don't need as many IT staff to run this.

Will cost more in the long run, but doesn't matter as they didn't get a big bill upfront and have to get that approved (maybe by the board).

I have heard the phrase "Cloud Shock", when an accountant wakes up and suddenly sees how much all these cloud things are costing. I have heard of cloud companies who suddenly find they are sending 25% of turnover to Amazon, as it was so easy to spin up things.

We are just in a new Cycle of Reincarnation, mainframe -> Client Server -> Cloud (mainframe again really) --Probably--> in house some things (when people start seeing the costs of all this)

Re: How many home users *need* the admin password anyway ?

Sadly its getting very hard to buy a camera that doesn't need a cloud service to work. The best now are some cheap Chinese ones that can have it turned off.

I bought a Tenvis HD 720 for 20 quid. It works, but you either need to use an Android app to fully configure it (which I had little luck with) or an ActiveX IE (yes really!). But once setup it can be viewed with VLC , and can have the cloud service disabled.

My cheap web camera from 8 years ago let me configure most things and view it from Firefox. Why did they remove that and leave ActiveX!

Sadly most people just don't care!

Are there any cheap cloud free webcams anymore fully configurable from a modern browser? Anyone know?

Re: a critical application like Google Play Services

On my new phone (a PocoF1 if that matters) I decided to go cold turkey with LineageOS and not install any Google Apps or Google Play services. Most things are absolutely fine. A few things complain about lack of Google Play Service but continue to work (if you click through the warnings). These include the "National Rail" app, Hive and surprisingly Nest. For mapping I have use HereWeGo which is okay.

Everything else seems fine. The only completely broken thing for me is RingGo which starts but just blows away. I can use their mobile website for that. I guess it would probably work if I took a microG version of LineageOS but as I'm mostly there I have resisted. (microG being an open source reimplementation of the Google Play Services, not everything is there )

Re: PuTTY's days are numbered

I had (admittedly quick) look at this and can't see a way to make it do GSSAPI/Kerberos, which PuTTY does well (i.e. no password when going from AD joined Windows to Linux).

Does this feature work?

Re: Gonna ask what may be a stoopid question here...

Probably nothing and probably not thought of by some Eurocrat.

This could make Raspberry Pi (and their ilk) devices illegal (if taken to absurd conclusions) or even laptops with wifi/bluetooth.

Re: Don't worry 7,

I don't think cygwin uses the POSIX in the NT kernel. They are like the opposite of Wine convert POSIX calls to Win32. The POSIX in most Windows releases is dreadful and not really used and barely worth talking about. Only recent developments with "Linux" on Windows 10 have improved matters.

Re: Follow the $

Yeah that is really annoying. There is really no excuse not to statically allocate IPv6 prefixes to home users.

A quarter star to Sky and BT that at least to sticky allocation, you will always get the same one if you don't release it.

This is just ISP's desperate to hold onto the static allocation extra cash of IPv4 they have got used to with their small business/enterprise products.

Sadly the protocol designers in their ivory towers mostly seemed to assume getting static allocation. It does all work just isn't very clean if it changes. They obviously didn't see how money grabbing some ISP's can be.

An example of the hassle with this is for LAN servers that you'd like to be static. Even if you use private addresses (ULA) internally, I don't know of any host (OS) that you can say I want to statically allocate my ULA prefix but my global (Internet addresses) prefixes should be got from NDP (as it has to be as it can change, see money grabbing ISP). This means that my server coming up is now dependant on my NDP server(router) being up, not so great for reliability (or rebooting things when your router is down, or when everything is rebooting (after a power outage)).

Re: IPv6 in the DMZ

One of the big drivers has been US mobile companies. They run out of private 10.x space quickly, as 19 odd million isn't large in mobile subscriber numbers.

Re: "I'm not sure anyone can realistically replace the Linux kernel"

Your joking. In 2008 the Linux Foundation estimated (using other people's tool) the following "Additionally, it would take $1.4 billion to develop the Linux kernel alone. This paper outlines our technique and highlights the latest costs of developing Linux.".

The kernel at it's very basic isn't over hard (task switching, memory management etc). Making these efficient and reliable plus adding thousands of drivers is really hard.

Nothing lasts forever, But replacing a fully open project like Linux with a closed tossed over the wall Kernel isn't a big win surely!

"Encryption eats a lot of CPU cycles, which have become a concern after Spectre/Meltdown, and the stability of sw based encryption is shaky at best."

With LUKS on most CPU's the encryption has very little overhead at it uses the AES instructions in the CPU (so basically it is done in hardware).

One set of benchmarks I saw has the encrypted disks as faster than non-encrypted. Last time I read it it was thought this might just be to do with newer more optimal code in the LUKS code...but I'll take that with a pinch of salt.

http://dentarg.it64.com/content/luks-and-intel-aes-ni-performance-part-2

I think realistically it is likely in the 5% region of CPU overhead.

And given TalkTalk still can't even do IPv6, should we trust them to deliver 1Gb without CGNAT!

Re: Exchange-only lines?

"Why they couldn't just put a rack in the exchange, and call it a cabinet, and mount the equipment there, I don't know. However, I did end up with 70Mbs actually delivered, so happy enough with the solution."

I wondered this and looked it up. It took me a while to find the answer. Apparently they aren't allowed to, as they think VDSL in the Exchange would interfere with the in Exchange plain old ADSL (RF leakage etc).

Makes you think the better solution would just be to get everyone over VDSL and ditch old ADSL completely (certainly for that Exchange) and if people don't want VDSL speeds just put them on a slower contract at the same price.

Re: Also

And also. I worry more about UK (through the US too) government spying on me then kicking my door in for a thought crime e.g. porn age verification, looking into restricting encryption on the road to building our Orwellian society.

The Chinese government can't kick my door in!

To be honest the Kaspersky, are probably suffering from the same protectionism in the US.

There is a good video the Open Rights Group have from a conference.

https://www.youtube.com/watch?v=I48g35KNfk8&t=1115s

At 14:12 and 16:20 even more so show there is virtually no research been done on this at all! So not an evidence based policy at all.

I always think this is being done to placate the blue rinse brigade in the Tory party that find this new newfangled Internet a scary place.

This video also talks about how bad the schemes being prepared really are.

"$MFT requires SYSTEM level access", no it works with an unprivileged user.