Posts by alain williams

A good excuse

to be able to track all payments.

Would this be a good 'phone to have ...

when crossing some international borders. "No, I can't login to social media from this 'phone."

But I don't know how long 2G will be enough everywhere.

My firewall - getting updated

iptables -A INPUT -i lo -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT

It seems that I was naive, I now only allow some connections. Its going to be a pain until I get the rules right.

Hong Kong

is the next place where they will want to roll this out. Very useful.

Security or politics or economic competition ?

Be slow to take the alleged reasons as being the true ones.

China has grown a lot in economic and political power, it is doing a lot of things that we do not like: interning Muslims, reducing freedom in Hong Kong, internal surveillance, ... and lastly threatening the West's world dominance.

You can either believe that international relationships should be warm & cuddly and all countries work to mutual benefit; or that it is dog eat dog and every country acts to achieve dominance. If you are weak (economically, militarily) then you try to cuddle. If you are strong then countries seem to try to dominate; the USA has done that for years (even before Trump's "America first" policy). China is increasingly trying to dominate.

So how should others react to China's bullying actions ? Do we let it continue and become ever stronger or do we clip its wings ?

It seems clear to me that the Huawei debacle is about clipping China's wings.

The USA cannot just do so, World Trade Organization rules prohibit discrimination between trading partners, but provides exceptions for environmental protection, national security, and other important goals. So a reason needs to be found: security is a good excuse.

If we ban Huawei then Western kit will be bought. This reduces the money that we send to China and benefits Western manufacturers - although, sadly, probably not any British ones -- although Brexit might (maybe) allow the UK government to help such initiatives -- if they can see that clearly.

I leave this to you to decide if stopping Chinese dominance and rebuilding domestic manufacturing (at a price) is a good thing or not.

Who do you want to hide from ?

DoH needs a server to answer DNS queries - that server gets to know a lot about you.

Use normal DNS and your ISP/company can see what you are trying to resolve. Even if you do not use its DNS servers it can sniff the packets as they go by.

If you live in a repressive regime (eg Egypt, China, ...) they can make your ISP hand over your DNS history or change stuff on the fly; so DoH might be good, although they can still see where your IP packets go to.

What about the DoH provider - what does it gain ? Knowledge of all the sites that you visit - good meat to the advertising machine for Google & pals - even when those sites do not run google analytics (or you have blocked the javascript). These DoH providers are subject to the Patriot Act or local equivalent - so, for some, the security is a fig leaf.

Oh - just because you do not think that your regime is repressive does not mean that your government is not snooping on you. DNS over TOR might be an interesting idea.

If you do run DoH then you might be visited by shady men and told to change your browser options - packet sniffing via your ISP will make it obvious if you have taken their 'advice'. So: will you make yourself a target for future visits ?

Should WPL exit the USA ?

If all of its income there is to be garnished by SAS there is little point in bothering.

It will be interesting to see what SAS does. It could go after the USA side of the banks and get an order there. The bank will then have to decide which jurisdiction to obey. Remember these cases where people who left the USA as infants were persued by the USA IRS which forced banks in England to close their accounts, if not the the banks risked penalties of huge fines. IMHO this is international terrorism.

What annoys me intensely ...

about this sort of error message is that it offers no clue as to what might be wrong.

Far too much software does this and it can take a long time to suss a simple problem due clueless messages like this.

Just as bad are the intensely precise messages that require deep understanding of some protocol & access to the source code to learn what is wrong.

I know that writing good error messages is hard & takes time; unfortunately the programmer will only be complained at if s/he does take the time, the cost of understanding is paid by the user, not the developer.

How much of this ends up in the advertising database ?

Is there something in the EULA that says that you agree to this or did MS forget to insert that paragraph ?

The 7 mists are really 7 veils

All will be revealed if we sit back and watch the dance.

1,000 light years away is a bit too far ...

for us to be able to chuck some of our more irritating politicians into it.

I'm hoping that they will spot a closer one.

HMRC's CEST is deliberately flakey

and gives different answers at different times to IR35 rules that are vague/hard-to-understand. The inevitable result of that is that companies will take the path of least risk to them: push people into IR35, even if said risk is very small. So: the winners get what they want, the winners being the large consultancies who get to push their underqualified staff at inflated prices.

One way of (partly) fixing this would be to force a company (if asked) to take someone 'found' to be within IR35 fully onto their payroll complete with holiday, etc, benefits. This might also benefit the lower paid gig workers such as Deliveroo riders.

The Brexit brigade will be up in arms!

A single space after a full stop is called French spacing. Farage will be apoplectic and wanting to know why Microsoft has sided with the EU!

13 staffers were 'let go'

No they were not - they were sacked. 'Let go' suggests that they wanted to leave and were forgiven a minimum notice period, or something.

Please can we not have the corporate euphemisms that suggest that they always smell of roses. In this case I understand why they were sacked, but they were not 'let go'.

El Reg - please say it as it is.

Never trust a data store that you can't touch

always keep a local backup. Yes: it is more work and management but anything that you do not possess can be taken away by whoever does own it.

It is not just unexpected policy changes, like with this story, but also a technical issue. Your data is worth much more to you than the company that has it, so they will not put much effort in to recovering it after some error.

Another issue: who can read your data when it is in someone else's cloud ?

And how long will Google maintain/update versions ?

Hopefully more than the normal pathetic 'product lifetime' which is basically until 6 months after the next model is on the market.

I would be more impressed ...

if he paid himself the furlough maximum of £2,500 per month. 80% of his annual £850,000 is £56,666 per month - about 22 times the furlough maximum.

The ranking algorithms should be disclosed full stop

Given how important they are, how much they affect how web sites are seen, how much they affect what you see, it is not right that these are secret. The broad specifications should be known to all. Not disclosing it is like an airline not giving its precise route between London and New York.

OK: the details might not be put on the google web site but they should be audited at random, but frequent, intervals to keep google honest.

The same goes for Bing, DuckDuckGo, StartPage, etc.

Will this increase gaming of google's algorithms ? A bit: but it will hopefully level the playing field.

We should all help here

Tell, show, remind, nag our friends to backup their systems. We are IT literate, we understand the issues, so help those who do not and those who just cannot be bothered. Also: point out that cloudy storage cannot be relied on: if you can't touch it you don't control it. Oh, you might also accidentally delete stuff - stupid, but we all are sometimes.

I give friends memory sticks, but have to remind them to use them.

It is not just ransomware & machine failure or loss: my sister lost a bunch of photographs on her laptop when she was given a new iPhone and set it up.

Error or malicious act

Organisations need people to do things. Some of these things can be delicate. The best that an organisation can do is to train people so that they know what they must & must not do and to make it technically hard for them to do the wrong thing.

But there are limits on what can be done to stop an insider, who needs access to sensitive data to do his job, from abusing the trust that they have been given.

This is cold comfort to those who's data was spaffed around the place, but they are victims of Sketon not Morrisons. It is right that Skelton is now eating porridge.

"two metres (six and a half feet)"

Two meters might be 6.5 feet (well, 6.5616798 feet) but I would assert that "six feet" is a better convertion as it is simpler thus easier to remember/understand.

The point is that the recommendation of "two meters" is a guideline, it is not a matter of scientific accuracy such as "2 meters and you are safe, 1.85 meters and you are at much greater risk of catching it".

https://jitsi.org/

I have been playing with Jitsi - free, open source, trusted -- Skype goes via Microsoft servers. No special software needed - just a web browser; most devices have camera & microphone these days.

HMCS should set up something like this.

This is what the vendors want ...

something to fall out of support so that the user feels pushed to have to buy a new one.

They should be forced to support them for a least 5 years after the last one is sold - not from when it is first released.

They hate people like me: my 'phone runs Android 4.3 (released July 2013). It would be nice to have an update, but I don't really care as I use it as a 'phone, so: voice, text, address book is what I use most. I do sometimes use it as a modem (tether my Linux laptop) and maybe once a month use the web browser. No apps other than what it came with, no Google account.

I don't use its email client (I don't trust the 'phone enough), I don't do facebook or twitter.

Most of the time: Internet, GPS, ... switched off so the battery can last a week.