* Posts by pmb00cs

111 publicly visible posts • joined 18 Aug 2011

Page:

BT's emergency call handlers will join pay strikes

pmb00cs

Re: Good..BT Management are bloody awful

Years back I was a contractor for BT.

Our job was highly technical, and it was decided, in order to get the staff they needed, that the job would be a "management" grade job.

This meant the formerly "technical" grade full time employees working along side us got quite large pay rises.

However when BT decided to shed their contractors to reduce staff on what they called "the bench" (full time employees whose job no longer existed that BT couldn't fire so spent their working time applying for internal jobs) we had a problem.

None of the technical staff, who we needed, could get through the application process as they weren't a high enough grade, and all of the managers who applied were useless.

I lost that position without BT finding a suitable full time employee to replace me.

I learnt some time later it did not go well.

Tells you all you need to know about management culture in BT, totally divorced from reality.

When management went nuclear on an innocent software engineer

pmb00cs

Re: nice story

"coal slag isn't so toxic but builds up on the side of hills"

And sometimes runs down them too.

https://en.wikipedia.org/wiki/Aberfan_disaster

Beanstalk loses $182m in huge flash-loan crypto heist

pmb00cs

No, he's trying to tell you that the total value of all the £s in circulation now is worth what the total value of all the £s in circulation 100 years ago were worth 100 years ago. He is of course wrong, because the total value of all the £s in circulation now is actually worth considerably more, not because they are worth less.

Inflation has many causes, some external, but some internal, and it serves a useful purpose. Too much inflation is a bad thing, it causes real hardship. But too little inflation is also a bad thing, deflation is worse. All crypto-currencies are inherently deflationary by design. This makes them, on it's own, ignoring everything else wrong with them, unsuitable to be used as a functional currency. Currencies need to be used to be functional, and one of the effects of inflation is to stimulate the use of the currency, so one of the ways the government guarantees the value of it's fiat currency is by guaranteeing that inflation will be kept somewhat under control, and as close as is feasible given outside factors, to a small positive number.

Economics is complicated, crypto-bros don't appear to understand this, either through ignorance, or deliberate obtuseness. But when the value of their crypto-investment depends on other people not understanding how economics works I suppose it's not in their interests to display astute awareness of how economics actually works.

Akamai's Linode buy: Good for enterprise, risky for others

pmb00cs

Bang on!

At work I work with Akamai. I can't say too much about their services, or how my employer uses them. But I am impressed with their products and services professionally. Outside of work I use Linode, and am very happy with the price, and service that I get. This article hits the nail on the head when it comes to how I personally feel about this acquisition.

Beware the techie who takes things literally

pmb00cs

Yes, that may have been my point.

I did work for a guy doing support for small businesses. One of his clients did not like having to pay for windows licences, as evidenced by all the warnings and black desktops around the office he ran. He found an excuse for not paying for my first visit. He refused to pay for my second visit until the "issue" from the first visit was resolved. I was not surprised to discover he didn't pay for my third visit, or that he eventually went out of business due to the amount of people chasing him for money owed.

I warned my boss after the first visit about the dodgy windows installs. I refused to implement a workaround for the constantly rebooting windows file server on my third visit on the grounds it would make me complicit in software piracy. I was a Microsoft Certified Desktop Support Technician (for windows xp, and this was in the days of windows vista and windows 7 but even so) and used that as part of my justification. I don't think the client bought it, but I don't care.

I still don't know why my boss sent me back the second and third time, it's not like we were short of work at the time. That said I left that job because of cash flow issues.

pmb00cs

My Grandparents had a term for a boss like that. Penny wise, pound foolish. He "saved" £10 for the shareware, at the cost of having to shut down a demo during a trade fair. I bet that was good advertising.

That said I don't think the Techie is necessarily completely in the clear, unless he explained to the boss the self destruct, and the scope of the destruction. If he did do that though, fair play to him.

I find it a bit uncomfortable working for people I know are ripping off software, after all if they're willing to rip off software (especially affordable software) what else are they willing to rip off?

Pop quiz: The network team didn't make your change. The server is in a locked room. What do you do?

pmb00cs

Re: Out of date building plans

In a previous job I underwent "Working at height" training that was identical to the training people that went up very tall ladders, or were hoisted up in cherry pickers, did because some of my colleagues needed to go three full steps up a step ladder. I however am moderately tall, so could reach without said step ladder. So I did the training for not needing a step ladder.

I wish I was making it up.

I did go up in a cherry picker in a different job, but that was working for a small business so no training was provided. So I suppose the training wasn't a total waste of time.

Log4j RCE: Emergency patch issued to plug critical auth-free code execution hole in widely used logging utility

pmb00cs

Re: Log4J 1.x not vulnerable

Lunasec haven't checked log4j versions below 2.0 as it isn't supported software, and hasn't been for a long time. As I understand it log4j versions below 2.0 might be vulnerable to this, but even if they're not vulnerable to this they're vulnerable to plenty of other things, and they're not getting fixed.

What came first? The chicken, the egg, or the bodge to make everything work?

pmb00cs

Re: The chicken or the egg?

It depends how you define "the egg" if it is "an egg laid by a chicken", then obviously the chicken came first, however if it is "an egg that if fertilised would hatch a chicken" then it is obviously the egg. If your definition is anything other than those two options, and covers what is recognisable as a shelled, egg shaped, object for a biological method of external reproduction, then the answer is not immediately obvious from the definition alone, but is the egg.

This House believes: A unified, agnostic software environment can be achieved

pmb00cs

It is probably possible but is it desirable?

There is no technical reason the computing world can't produce a functional, hardware agnostic, software environment. And such a thing on the face of it makes logical sense. However this ignores the human factor, and I'm not just talking about the "not invented here" syndrome the author of the article rallies against. Humans have preferences, and different ways of working/thinking. Forcing everyone to use the same tools for "common sense" reasons, isn't actually terribly sensible, if doing so limits the effectiveness of the people building things with those tools.

Yeah, I think it's possible. I just don't think I want to live in a world where it's done.

BT's Plusnet shows Google how it's done as email woes enter their third day

pmb00cs

Re: Stuck with it

They added their Static IP address blocks to an internet block list for IP addresses that shouldn't be hosting email some time back. I was a customer of plusnet at the time, and moved to hosting my emails on linode hosted VMs. Based on the blog post I made at the time it would have been around 2017.

I am no longer a plusnet customer. I now use Zen as my ISP. Although that move had nothing to do with email blocking.

I'm diabetic. I'd rather risk my shared health data being stolen than a double amputation

pmb00cs

I feel for the author of this article. And he makes a sound, if somewhat emotionally charged, point that research done for the public benefit by universities needs access to data. But this debate isn't about just giving data to university departments, and I contend that the solution to this specific use case isn't selling all our medical records down the river to anyone, but to properly fund University research teams. So yes, the author's risk is greater from his condition, than their individual risk from their medical data getting out, but what about my individual risk? What about the individual risk of every single person in the country? What about the risk to society of weakening data protection laws to allow the sort of wholesale access to medical records that is implied by the idea of "implied consent"?

I do not think selling the medical records of everyone who hasn't been given a realistic opportunity to ask what the data will be used for simply because they haven't objected yet is a public good. I do not think "implied consent" is consent. And this is before you get to the problems of trust, that result in people failing to seek required medical attention because they cannot trust what will be done with the data the medics will need to treat them.

I personally am very much against this motion.

Fake 'BT' caller fleeces elderly victim of £30k in APP app scam

pmb00cs

Re: then transferred to the 'safekeeping' account, which was the offender's

I have three current accounts. The oldest required the least documentation, as you might expect, being opened with cash, in branch, in the 90s. The one that required the most documentation however was not the newest, which was opened online, fairly easily, with only scanned documents and photos uploaded. Nothing that couldn't be relatively easily faked if you know what you are doing. I'm sure there were other verification processes going on in the background.

As technology makes life easier for the honest, it also makes it easier for the dishonest.

Of course this assumes the fraudster opens a new bank account for committing fraud, and doesn't hi-jack someone else's account, or make use of an unsuspecting money mule (or even willing money mule). They're committing fraud, so they're probably not too fussed about being honest with the people they do business with.

Malware and Trojans, but there's only one horse the boss man wants to hear about

pmb00cs

Re: Horses? Ruud?

Having appeared in one of these stories (or at least a story very similar to mine was published) without my name attached to it, I can attest to the utility of the regomizer.

It was not this story.

No I'm not going to tell you which story it was, that would defeat the point of the regomizer.

What is your greatest weakness? The definitive list of the many kinds of interviewer you will meet in Hell

pmb00cs

I was once turned down for a job because the interviewer didn't feel I wanted the job enough.

A recruiter contacted me on linkedin, asked if I would like a good job, I said that I would be a fool not to consider the right offer, but I was happy in my current job. I went through a phone interview, then the face to face interview. I don't think the face to face interviewer got the memo that they were selling me the job, not that I was selling them my skills. So I didn't get an offer, instead I got a polite "thanks but no thanks" response.

Two weeks later they got back in touch and asked if I was still interested. I wasn't. I guess no one else was either.

Tax check tool CEST is the pits, say UK contractor consultancies as latest HMRC usage stats are published

pmb00cs

Re: HMRC is getting a bigger slice of the pie, but has made the pie smaller.

IR35 is actually quite an old rule. It's just that HMRC have changed who is liable to pay the tax owed on people found to be operating inside the IR35 rules recently.

It was, since the inception of IR35 till recently, that the employee/contractor was liable for the taxes, and the employer/client was not. Given that when the rules were introduced they were ostensibly to root out "hidden employment" where a person was doing the work of an employee without paying the right taxes, or getting the right benefits, this was the wrong way round (in my head anyway) but companies with large contractor bases objected to being held liable for the dodgy tax practices of their contractors, and as the rules are entirely about tax (and NI I know, but that is essentially a form of tax) and not about employment rules in general it made sense to HMRC to apply it that way.

HMRC have recently changed the rules to make the employer/client jointly liable for the taxes owed, largely because they weren't collecting enough taxes, unscrupulous contractors built up all sorts of dodges for the IR35 rules, some legal, some less so, but chasing all the contractors individually wasn't scalable.

Part of the issue is that if you are found to be within IR35 HMRC expects tax to be paid as if you are an employee, a lot of tax deductible expenses (that may be genuine expenses) are not allowable under IR35 but, crucially, IR35 *ONLY* covers tax rules, and says nothing else about the workers employment status.

IR35 has, for decades, failed to deal with the problem of hidden employment, because it is built only to deal with the harms of hidden employment to the exchequer. It is now targeting the pockets of companies that may be inclined to take advantage of hidden employment, but in doing so it is harming people who may already be being harmed by being forced into hidden employment, and also people who are genuinely trying to work more flexibly. It is a blunt instrument by design, and it has been misapplied for so long that just turning the screws tighter, as HMRC are trying to do, is doing more harm than good.

For context, I am a full time employee, in part because early on in my career IR35 was simply too onerous to contemplate risking being a contractor, quite apart from the financial risks that are inherent to insecure work from contracting.

Cloudflare network outage disrupts Discord, Shopify

pmb00cs

Re: CDN useless

That's a nieve view of how networking attacks work in the real world. A CDN that doesn't handle TLS termination can prevent, or aliviate, a number of low level DoS attacks.

Such a CDN wouldn't be able to protect against higher level attacks, but allowing a CDN to handle TLS termination is reasonably standard practice (as has already been pointed out).

Debian devs decide best response to Richard Stallman controversy is … nothing

pmb00cs

Re: Not very accurate

"I look forward to reading your definition of decency which clears up when people can and can not hook up without needing your special permission."

They don't need my permission. That's why I characterised it as "questionable" instead of "wrong". However the society in which I have been brought up does look unfavourably upon extreme age difference between sexual partners. Denying that this is the case doesn't change the way society views these things, and attempting to attack me for a minor part of my larger point doesn't change my larger point. Stallman isn't being victimised for defending an innocent man, he is being attacked for airing several questionable opinions and for displaying a pattern of behaviour that many deem to be unacceptable.

"I've yet to see any substantial accusation from a woman about Stallman that doesn't amount to "he had the temerity to ask me out even though he has a beard", despite a great deal of effort going into whipping this storm up as far as humanly possible."

And that would go some way to explaining why you feel that Stallman is being unfairly victimised. I however have seen accusations that I feel, if true, would justify the removal of Stallman from public positions of influence.

Is Stallman suffering from an unjustified witch hunt? Possibly, I'm not personally in possession of all the evidence.

Has Stallman publicly expressed opinions I personally find abhorrent and unforgivable? Yes. Absolutely. To his credit he has renounced some of the worst of those opinions, but not all of them.

Are the attacks on Stallman's character all based on his defence of Minsky? No, and trying to defend him by acting as if they are is disingenuous.

pmb00cs

Re: Not very accurate

But Stallman didn't defend Minsky by pointing out Minsky did not in fact have sex with Giuffre. Which would, under the circumstances, have been the best defence. He defended Minsky by saying Minsky would have done nothing wrong if he had had sex with Giuffre. An opinion that based on their age difference at the time would be questionable, and under the circumstances (Giuffe was being coerced, even though not by Minsky) is even more questionable.

This "Defence" of Minsky drew attention to a number of other questionable opinions that Stallman published on his personal website.

That attention resulted in a number of women coming forward to make accusations against Stallman of inappropriate behaviour over most of his career.

The characterisation of this as "Stallman defended an innocent man, and is being hounded because of it" is a massive injustice to those people who he has behaved inappropriately toward, and misses a number of opinions Stallman has aired that are at best deeply questionable, some of which he has since renounced, but not all.

Yes, there's nothing quite like braving the M4 into London on the eve of a bank holiday just to eject a non-bootable floppy

pmb00cs

Re: HR's Disappearing Data

There's no I in team, but there are four in "platitude quoting idiot"

Doesn't normally go down well when said to someone important, so use with caution.

EncroChat hack case: RAM, bam... what? Data in transit is data at rest, rules UK Court of Appeal

pmb00cs

Re: Filth

Except the envelope in this instance is the encryption. So the message has been read outside the envelope.

The question here is did the message get read before it went in the envelope, after the recipient opened the envelope (both perfectly legal under the warrant obtained), or was the envelope opened en-route by the authorities (illegal under the warrant obtained).

The court has ruled that as the authorities are incapable of opening the envelope en-route arguing over the nature of the information storage mechanism used prior to the message being put in the envelope is moot, and the message isn't in transit until it is in the envelope.

The defence position appears to be akin to the sender didn't put the message in the envelope until they were stood at the postbox, and the recipient took the envelope off the postie outside their home, therefore there is a period where the message is both outside the envelope, and still in transit. If this were the case it would be possible for the interception to be illegal under the warrant used and thus they need to know exactly how the message was intercepted so they can know if it was intercepted legally or not. The court has ruled this is not a valid analogy of E2E encrypted services, so they don't need to dig any further, thus the warrant was appropriate.

Parler games: Social network for internet rejects sues Amazon Web Services for pulling plug on hosting

pmb00cs

I was not pro the shutting down of Parler previously. I am however enjoying their misfortune immensely.

Do I know what free speech is, and why it matters? Why yes I do. But do Parler's defenders understand what consequences are?

I strongly believe that you should be able to say what you like. But when you say something abhorrent I'm not going to have much sympathy when you get hurt by those you've pissed off. The same applies here, Parler's users said some abhorrent things, and AWS was unwilling to continue to host that content, so turned their services off. Freedom of speech does not mean freedom from consequences.

Windows might have frozen – but at least my feet are toasty

pmb00cs

Re: Reminds me of my college days

Same thing that happened to the very expensive Cisco Catalyst 6509 Chassis' at the end of a row of newly built out data hall where the installers of the racks couldn't be bothered to fit the dividing panels between the racks as it clearly wasn't important. Most rack mount servers, and top of rack switches, of the time took cold air in the front, and output the now rather warmer air out the back. The larger switches however, were designed to fit in wider racks to accommodate the cabling and thus were designed to take cold air in one side, and exhaust it out the other (the rack was meant to have baffles to direct the air up from underneath to the intake side, and up out the top from the exhaust side, but these were also not fitted).

But that one wasn't my fault.

Court orders encrypted email biz Tutanota to build a backdoor in user's mailbox, founder says 'this is absurd'

pmb00cs

Re: Dear Courts. No. Go away.

The problem with that legal defence is that it requires you to prove a negative. Now I'm not a laywer, but in the real world proving a negative is *very* difficult.

pmb00cs

Re: Dear Courts. No. Go away.

You failed to provide the key on being lawfully asked for it.

You may not be able to do so, but that just means it sucks to be you right now.

I don't agree with this particular law, but you were in possession of the key, and the unencrypted message, upon being lawfully asked for the unencrypted message you are required to provide it. The cutout would at least have the defence that they never had access to the key or unencrypted message.

Pure frustration: What happens when someone uses your email address to sign up for PayPal, car hire, doctors, security systems and more

pmb00cs

Re: Accounts with HSBC

I believe this is because under UK law your name is whatever you say it is. Yes there are official documents, and getting the name on those changed requires things like deed polls and other official looking documents. But actually they do not represent your name, only your official identity as recognised by some government department or other. So If I said my name was Eclectic Man, then my name is legally Eclectic Man, as long as I am not doing so to defraud someone (fraud is definitely a crime) then I have done nothing illegal.

But not being a lawyer this is not sound legal advice on the matter, and before you do anything with this that may need legal advice do consult a proper legal representative!

When even a power-cycle fandango cannot save your Windows desktop

pmb00cs

Was once called to help recover a failed server from backup. Asked the receptionist who had been tasked with maintaining the backup tape rotation to fetch in the previous nights backup tape. The tape was there on my arrival, still in the cellophane wrapper in it's carry box. A label with the previous day had been stuck on the box, but the tape had clearly never seen the inside of a tape drive.

The poor woman had been taking a tape offsite everyday, and bringing that day's tape from the previous week back into the office for the better part of two years. Ten mint condition tapes with labels stuck on the carry boxes. Clearly no one had properly explained the relationship between the tapes and the tape drive to her, to start the backup she had been pushing the same demonstration tape back into the tape drive each morning, where the backup routine was happily overwriting the previous days backup, until the tape had completely worn out. Fortunately the hard drive wasn't completely fried, and I managed to recover most of their data.

Tax working from home, says Deutsche Bank, because the economy needs that lunch money you’re not spending

pmb00cs

Re: Tax failure to consume

There is also the fact (which I skated over) that National Insurance contributions are a regressive tax with the highest marginal rates at lower incomes, and lower marginal rates at higher incomes.

Tax is complicated.

pmb00cs

Re: Tax failure to consume

You have consistently used the argument to absurdity against me, and continued to do so even after I have pointed out that this is what you are doing. You have done so again. You are either not entering into this debate in good faith, or are so heavily indoctrinated into a toxic philosophy that does not accept the reality of the value or affordability of taxation that I cannot change your mind. In either case there is little point in trying to discuss this further with you.

One minor point however that I would like to make, we do not now in the UK have the highest Income tax rate since the 70s, and this is before you account for the fact that Margaret Thatcher's Government reduced income tax rates by a significant margin during the 70s.

pmb00cs

Re: Tax failure to consume

1. Above what figure should be taxed extremely high?

This is the misrepresentation of my argument. I said more, I said nothing about "extremely high". You are using my argument "more" and misrepresenting it to an extreme to suggest "more" is also invalid. That is a logical fallacy. Stop trying to twist my argument.

You talk of taking the money but why? Is it to punish the success (remove what they dont need) or for a purpose?

All I talk of is the affordability of taxes. I personally have made no representation as to what I think should be done about that fact. That was an argument made earlier. However, yes the money should be taken for a purpose, that purpose being to support the needs of society. Funding things society deems nessacary. Health care, education, law enforcement, etc. The things that the very wealthy will absolutely HAVE to pay for one way or another. Either we have a society that imposes taxes, or society does not and the very wealthy have to fund these things in order to avoid full scale revolt, as used to be the case under feudalism. Either way the Rich are paying something. I find taxes to be more amicable than feudalism. How about you?

I am not invalidating your point, as I keep saying I look forward to you guys giving away voluntarily such amounts to the governments of poor people globally. That you think it absurd that you are the rich is stunning as either blind unwillingness to accept the fact or you wish to redefine rich to people other than you.

This is extending my argument far beyond itself to a fundamentally absurd place. It's a logical fallacy. I never argued everything should be redistributed from rich to poor, on any scale. Stop trying to suggest that is the only possible conclusion from my argument. It is not, and it doesn't invalidate my argument.

Actually poorer not poor (in absolute terms. Relatively they could be made poor). You cannot take what people earn without making them poorer.

Yes taxes make people poorer than they would be without taxes, if you entirely ignore the benefits those taxes fund. But you are suggesting that my argument isn't just that the rich should be made poorer than they would otherwise be without taxes, but that they would be reduced to the same level as the poorest in society. That is again, not my argument.

And why would we want to dumb everyone down to low pay in the name of equality instead of having everyones wages rising?

I don't argue to dumb everyone down to low pay. This is a misrepresentation of my argument. I don't argue everyone should be equal. That is also a misrepresentation of my argument.

The outcome of that being more tax money collected from actual growth instead of robbery.

Except if we refuse to take tax from those that can afford to pay it we either have to tax those who can't afford to pay it, or the exchequer gets no tax. So which do you prefer? Taxing those who can't afford the tax burden (in the name of fairness of course), or not taxing anyone?

Sorry if you feel that way, it was not my intention. You talk about people having more than they need (from your perspective) should be taxed more because they can afford it.

They can afford it. I can afford it. It is a fact. It may not be a nice fact, it may not be fair, but it remains a fact.

You might think it is misrepresenting your argument to point out that you are that very person and if we are to tax highly the top wealthiest then we in the developed world would be made poor to do so.

I Never said "highly". I said "more". I also never said how much more. I haven't expressed an opinion on if the current system is too onerous on the wealthy, or not onerous enough. I have simply stated the fact that the wealthy can afford more taxes than the less wealthy. I have certainly never argued that taxes should make the taxed poor.

You may wish to keep your view to only a national limit, but by applying it globally I am pointing out the problems in your argument-

> Your perspective of wealthy is different to others (as we are all different in our view of wealthy)

My perspective of wealthy is, in my opinion, quite healthy. I know how lucky I am simply to live in a first world country, with a system of social welfare, universal healthcare, law enforcement, and justice, among other things I get that are unavailable in poorer countries.

> You cannot tax the more off people without making them poorer

True, but "poorer" does not mean "poor" as you have consistently represented my position to be.

> Disposable income isnt money doing nothing, but in fact what makes everyones lives better (globally)

I never said it was doing nothing. My initial argument includes the point that survival without any luxuries is undesirable. And I have never said that all disposable income should be forfeit, I have simply stated that those with more of it can afford to give more of it away while still having more left over than those with less of it

> Taking that money and giving it to government doesnt improve lives

Yes, it demonstrably does, at the very least in more developed countries with advanced systems of government, in more corrupt regimes certainly less so, but that is a problem that is far more complex than taxation.

> The way out of poverty (globally and nationally) is for people to earn more not less

I have never suggested otherwise.

> What you see as a national problem has global impact

I don't deny it's a global problem. But international politics are outside the scope of my argument, and far more complex than simple taxation, and still don't change the relative affordability of taxation in relation to relative income.

pmb00cs

Re: Tax failure to consume

You ARE misrepresenting my argument and you know it. My argument doesn't apply internationally on the scale you suggest, and even if it did my argument isn't that the rich should be brought low to make us all equal. My argument is that people who earn more can afford higher taxes. That you choose to make an argument to absurdity (a logical fallacy I pointed out elsewhere) doesn't make my argument suddenly invalid.

Yes the world would be a better one if our standards of welfare support were exported to the poorer nations of the world, but that is a problem that is far more complex than deciding how progressive a tax system should be.

I have never stated where I think that balance should lay, you (and one other in this topic) have suggested that I want the rich made poor in the name of equality, which is absolutely not my argument. All I have said is those with more money can afford to pay more taxes than those with less money.

And having grossly misrepresented my arguments you have now also suggested I don't know my place in the world. I assure you that I know how wealthy I am. I can afford to pay more taxes than many. I'm under no illusions as to how lucky I am.

pmb00cs

Re: Tax failure to consume

If you're going to extremes.

Shanks's pony for travel

Sorry that's a capital holding. You either have to rent it (a cost) or do with out.

cobbled together mud and mess for a home

Also a capital holding, rent or do with out

food grown in the field

That field is a capital holding too, can you see where this is going yet?

Yes there are parts of the world that still largely live like this. We don't currently live there, we all live somewhere that has at least developed to the point of having an internet connection.

So tax the education and health system hard

I didn't say that education or health care are luxuries. Indeed for a functional modern society they are essential. That's why they're paid for out of taxation (for most of us anyway).

Its amazing how low this bar can be set too!

Yes the "essential to survival" bar can be set extremely low. In fact there is already a school of thought that suggests it is already set too low for many. But that doesn't change the fact that people who earn more can afford to pay more tax, and still live more comfortably than those who pay less tax.

Your entire argument here is misrepresenting my argument. I'm not proposing taxing the rich into oblivion, but the argument that the rich can't pay more tax unless we're all made destitute through taxation is entirely absurd.

pmb00cs

Re: Tax failure to consume

Entirely true, and largely how the system works, but still doesn't answer the question. If I have twice as much disposable income as you then it's reasonable that I pay twice the tax. Why should I be expected to pay more than twice the tax just because I can afford to do so?

Because that's how the system works now in the UK. If you earn up to £12500 in England or Wales you pay no income tax (you still pay NI contributions that are essentially a tax now, and this complicates things, but for illustrative purposes I'm glossing over that). If you earn twice that figure you would therefore pay more than twice the income tax. Indeed you'd pay £2500 in income tax. Earn £50000 (four times the initial earnings, twice the amount paying £2500 in income tax) and you would pay $7500, three times what the previous example paid.

Our income tax system is a progressive tax system. It is fairer to charge those who are better able to bare the cost more than those who can't. There are debates to be had about where those thresholds should be, and how progressive the tax system should be. But the idea that tax rates should be even for all is daft, and contrary to the system we have. Earn more and you can afford to support society to a higher level than those who earn less.

Take that to its logical conclusion and everybody should be taxed to the point where they all end up with the same disposable income after essentials.

That's the logical fallacy of "Argument to Absurdity" https://en.wikipedia.org/wiki/Reductio_ad_absurdum at no point did I suggest that those who earn more should have everything extra that they earn taxed to the point that all people have the same post tax income. I simply pointed out the undeniable fact that those with more disposable income have more that they can afford to lose. They is still plenty of room for a debate about where the balance should lie.

pmb00cs

Re: Tax failure to consume

Because you can afford too.

There exists a basic subsistence cost to survival, typically rent (or mortgage), a minimum on food, basic necessary clothing, and transport. Each of these factors has some variance, and some of them can be effected by capital holdings. However there is still a minimum cost to survival in a modern capitalist society. Everything you earn over this amount affords you luxuries. Basic survival is unpalatable, so basic luxuries are desirable, but they are still luxuries. The more you earn the more you can afford to spend on these luxuries (including for example spending on capital holdings that may reduce your basic cost of survival). This is called disposable income, because you can dispose of it and still survive. Earn more, get more disposable income, and you can afford higher taxes and still live with more disposable income than someone who earns less than you.

Also who says you work twice as hard as people who earn half as much as you? I earn a lot more now than I did working behind the bar, and bar work is hard work. My skills are more in demand now, so I command a higher salary, but that doesn't mean I work harder.

QUIC! IETF sets November deadline for last comments on TCP-killer spawned by Google and Cloudflare

pmb00cs

Another solution to a problem that shouldn't exist.

As I understand it QUIC uses TLS over UDP so that the TCP overheads can be reduced to speed up the delivery of web pages. But that is only part of the story, because by using UDP you can send data in any order, ignoring the ordered nature of TCP, and have the application re-request any missing data, rather than having to wait for TCP stalling all data in the connection while it waits for the retransmission of a missing packet. Why is this an issue on the modern web? Because HTTP/2 multiplexes data streams within a single TCP connection, to speed up the sending of loads of separate files that are "needed" to make a modern web page. Why was that needed? Because some web pages are constructed using so many different js, css, html, and other files to construct that browsers were starting to hit limits in terms of the maximum number of TCP connections they could have open at a time in order to show one website. And after all this, the fastest websites to load, are still the ones that loaded fastest over HTTP/1.1, that consist of a html file and css file, maybe a small js file, and a handful of embedded images if necessary. We've managed to turn a method of sharing predominantly text into such a bloated mess, that it not only needs fixing, but the fix needs fixing.

Five Eyes nations plus Japan, India call for Big Tech to bake backdoors into everything

pmb00cs

Re: It's not so easy...

Except, the Governments haven't had the access they are asking for for that long. Phone Lines used to be analogue, to tap a line you needed to tap that line, and get someone to listen to the call in real time, or record it and play it back. Text was by post, and you needed to intercept the individual letters, and read them. The process of "intelligence" gathering was personnel intensive, and expensive. This led to it's use being targeted by necessity. As more and more communication became digital it became easier to gather vast amounts of communications data without really having to commit personnel to reviewing it. This made the "intelligence" gathering cheap and easy. The "intelligence" processing however was still expensive and personnel intensive, but as long as they have the "intelligence" they can do that processing at their leisure. This has only really been the case with the internet, and only then with the increase in the popularity and utility of the internet. It is a myth that these agencies are only asking to maintain capabilities that they have always had, they haven't. It is also a myth that they would only use these capabilities in responsible ways, unfortunately for them that myth was blown wide open by Snowden, and other whistle blowers. These agencies are adicted to gathering ALL the information they can, but are unable to point to any substantive reasons why them having voyeuristic access to the entire world's communications is of any value to them. Let them do the hard work of actually doing targeted intelligence gathering again. That actually works.

Aussie telco Telstra says soz after accidentally diverting traffic meant for encrypted email biz through its servers

pmb00cs

Re: It's an encrypted email service

Having run my own email servers, with opportunistic encryption enabled for both sending and receiving, you appear to have more faith in the state of the global email system than I.

Apple to Epic: Sue me? No, sue you, pal!

pmb00cs

Re: Anti-Trust

The available evidence would suggest that Epic can claim that iOS is a specific market. The fact that they appear to be doing just that would support the idea that they can make that claim. The claim has yet to be fully tested in court. The claim may fail, or it may succeed. I don't know, I'm not a legal expert.

And your analogy is pretty close, but it's more like the owner of a large chain of popular malls putting up those restrictions and McDonalds crying foul, than one single mall. But otherwise it holds rather well. And until a Court decides the issue either side may prevail.

It is worth noting that although Epic is making the headlines they are not the only entity upset with Apple's practices regarding the iOS app store. If the decision goes against Apple they stand to lose a lot of control. If the decision goes against Epic they stand to lose access to iOS users. Apple have more to lose in this case, but neither side can be complacent.

I can still see this issue going either way, neither side's argument is particularly concrete to my mind.

pmb00cs

Re: Anti-Trust

It's an argument, and one that Apple themselves have made, that the market is "smartphones". However epic don't make smartphones, they make apps. So the market is "apps for $thing". Now Apple will certainly argue that $thing is "smartphones" and therefore the market is "apps for smartphones". But this argument, as strong as it may be, ignores a couple of important points.

First: The apps for Android and iOS are mutually incompatible. There are frameworks and languages that allow you to write once and compile for either, but that compilation step results in different apps for each OS. This may constrain the market, it may not, I don't know.

Second: Few users move between iOS and Android, sure some do, but as both are closed ecosystems users invest in one or the other and switching becomes a significant investment, in time effort, and money. Again this may constrain the market or it may not.

Now if I were fighting an antitrust case against a highly litigious company with very deep pockets I'd want to get some very good legal advice first. As these points haven't yet, to my knowledge, been tested in US courts I reckon it could go either way. But epic are presumably confident enough in their case to not only sue Apple, but to goad Apple into triggering that case by flagrantly breaching their contract. I suspect Apple will want to settle before the market is clearly defined by the courts.

We've come to wish you an unhappy birthday: Microsoft to yank services from Internet Explorer, kill off Legacy Edge by 2021

pmb00cs

Re: good riddance

IE6 was the default in XP when it was released. IE in XP suffers from the fact that XP does not support TLSv1.1 or higher (other browsers do not use the same SSL engine) and as TLSv1 and lower have been deprecated for some time it's no surprise that IE in XP could not connect to a reasonably secure website. It doesn't matter which version of IE you upgraded to in XP it would have suffered the same problem.

University of Cambridge to decommission its homegrown email service Hermes in favour of Microsoft Exchange Online

pmb00cs
Headmaster

Re: Modern

Yes the Uni will have to spend thousands of pounds on the in house system. Wages for technical and support staff, electricity costs, hardware replacement cycles. It soon adds up. According to the article to approximately £10 per user per year. Somewhat less than the £35 per user per year also stated in the article as the cost for the Microsoft 365 subscription the university is apparently stumping up for. Interestingly some of the £10 per user per year will not be saved, as at least some technical staff will need to be retained by the university.

Hopefully the decision isn't as simple as spend £35 per user per year to not quite save £10 per user per year. Because if it is that's a really fucking stupid decision.

Your industry needs you: Database engineers, sysadmins and developer vacancies revealed

pmb00cs

"We offer a competitive package/annual contract based on your experience"

If it's so competitive why not tell us the approximate salary bands?

Salary on offer informs a lot about the expectations. Is it a job that might stretch me? Or is it a job I can relax into?

It's crap like this that allows uneven salary's to persist. Tell us what you're offering, and we can decide if it's worth our time to apply.

Remember when we warned in February Apple will crack down on long-life HTTPS certs? It's happening: Chrome, Firefox ready to join in, too

pmb00cs

Re: Shake down time

Well Actually.....

So a Cert Issued five years ago with a secure algorithm is theoretically less secure than a cert issued yesterday, not because the certificate itself is more vulnerable, but because the private key has had more time to leak, or be compromised. If you never rotate the private key, then absolutely, renewing the certificate isn't actually more secure, and your statement holds. And I know that it is easy to renew a certificate with the same private key using some of the comercial certificate providers (I've done it more than once in the past).

Of course generating new keys is also fraught with caveats and gotchas, so in theory generating a new private key every time you get a new certificate is more secure, in practise there are circumstances where that may not be true.

Or in other words, it's complicated.

In general automating certificate renewal in a process that generates a new key each time is more secure, and less error prone, than having manually generated csr's and certificate rotations.

Finally, a wafer-thin server... Only a tiny little thin one. Oh all right. Just the one...

pmb00cs

Not a UPS, but quite a loud BANG

Working a Data Centre some years ago as a remote hands and eyes jobby, one of the clients were redesigning their network, and one of their big Cisco switches had a power supply trip, and in doing so it also tripped the circuit breaker. The switch was dual fed, so the other power supply kept things running.

The facilities team were called about the 32 amp single phase circuit being tripped, and asked to turn it back on. Oddly they rather insisted that something bad must have happened and they wanted the tripped power supply to be replaced before turning the breaker back on. The Client's Cisco certified engineer (CCIE I believe, but may have been CCNP) insisted that this Cisco equipment was top of the line, and could not be the cause of the issue. Their was some management back and forth about who was responsible, and how it should be fixed. After many hours of arguments above my pay grade the facilities team tested that the circuit was wired up correctly, and turned the breaker back on. Then we all, facilities, management, and us went to the data hall to watch the client's engineer turn the power supply back on. 32 amps at 240 volts makes a very loud bang at dead short.

The replacement power supply arrived within a day or two, and the, now very nervous, engineer watched as we replaced the power supply for him, and under the watchful eye of us, management, and facilities, he very gingerly turned the power supply on again. There was less drama this time, although the client did enjoy the bill for wasting facilities time, and for the increased risk they put the site's power distribution under by not following the previously agreed process for dealing with tripped circuits under their contract, but the precise details of that were also above my pay grade.

After huffing and puffing for years, US senators unveil law to blow the encryption house down with police backdoors

pmb00cs

Re: OpenPGP

That's why the PGP source was published as a book.

Software was covered under ITAR, but the printed word was protected speech under the first amendment.

I'm not confident such loopholes still exist, but most of the best cryptography is developed internationally these days, and a significant proportion of it is developed entirely outside the USA, so ITAR wouldn't apply.

So you really didn't touch the settings at all, huh? Well, this print-out from my secret backup says otherwise

pmb00cs

Re: Ah, customers.

The best response I have found to an unreasonable "just do what I say" type order from an unknowing boss, or higher up, is "Can I have that in writing please?" either they suddenly start listening to why that order is a bad idea, or you have a paper trail to point to when it does go wrong.

Never underestimate the power of properly applied bureaucracy.

Node.js creator delivers Deno 1.0, a new runtime that fixes 'design mistakes in Node'

pmb00cs

Re: Wonder how long it will take…

The software written now, regardless of language used, is not old and tested. All programming languages have their merits, and their flaws.

A skilled artisan with a chisel can make a great chair, where an idiot with a power saw can make one that's crap. That doesn't mean the power saw is crap, or that the chisel is great.

pmb00cs

Re: Wonder how long it will take…

Firstly, C does have a steeper learning curve than JavaScript, it's a lower level language and so you need a better understanding of how a computer functions in order to make use of it. Also I was replying to a point about how that steeper learning curve specifically reduced the dross written in C.

The only reason there is more written in C is entirely down to the age of the language. It's been around longer than I have.

I'm not saying either C or JavaScript are or are not crap. I'm saying that the comparison based on the steepness of the learning curve is an unhelpful one, and has no real merit.

There are lots of people who would argue the merits of JavaScript, personally I'd suggest that crap or not it's here to stay, and getting grumpy with that fact isn't going to change anything. I don't particularly like JavaScript, but that doesn't mean it can not be used by skilled people to make useful software.

pmb00cs

Re: Wonder how long it will take…

You still get crap written in C. The idea that a steep learning curve automatically filters out idiots is not supported by the evidence.

Yes it is easier to learn JavaScript, and so lots of idiots learnt it, and then wrote terrible JavaScript. But When people gave up on C because it was too hard to learn not all of them were idiots, and not everyone who persevered were not idiots. So fewer idiots learnt C, but so did fewer people who are competent. There's less crap written in C because there's less written in C, relative to it's age anyway. C has the advantage of age, but crap doesn't age well. Old C that's still around makes C look better not because it is, but because time has filtered out the crap.

It's like furniture, you see 100+ year old chairs and say "They don't make chairs like that any more, modern chairs are crap" and mostly modern chairs are crap, but mostly 100+ years ago chairs were crap too, but the crap didn't survive 100+ years to be held up as an example.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER