* Posts by Lee D

3984 publicly visible posts • joined 14 Feb 2013

Switch to hit the fan as BT begins prep ahead of analog phone sunset

Lee D Silver badge

Re: Connections..

Or Starlink. Or 4G with a myriad of providers.

For 4 members of staff, you really don't need that much, but also you shouldn't notice the cost of a Starlink.

(And, personally, I hate Starlink and can't wait for alternatives, but you have to consider it).

I lived as an IT Manager for 5 years with having 4G only at home - including for VPN, CCTV, smart devices, TV streaming, etc. etc. etc.

I moved house and did get DSL at a decent speed (finally) but I also brought my 4G router AND was on the cusp of reluctantly parting with money to get Starlink if I couldn't get decent speeds.

As it turned out, the broadband is meh but usable and cheap. And because I still have the 4G in it, and that still works well, I don't really care if it falls over until it gets to the point that I feel like asking for a refund.

If Mr Bezos ever gets his network off the ground, I would be sorely tempted to do that instead, if it would provide greater speed.

Also... I've run entire networks with 100s of staff off nothing but dual-DSL lines before now. And even one month where all we had was 4G after our DSL contract was terminated through idiocy on the suppliers part (and then we bought a leased line).

Lee D Silver badge

Re: Connections..

It would be at that point that I would stop using all BT products.

In fact, I literally did that in similar circumstances at my former workplace.

They wanted to play silly-beggers with pathetic DSL line speeds and taking THREE YEARS to install a leased line so we could go SIP. To the point that every 6 months, they'd be yelled at by senior management, come on site, put a piece of empty tubing through the site, never joint it, then go home. That way they could say they "attended site" and "progressed the installation".

Turned out, that if you asked Virgin nicely and covered some costs, they would provider a leased line within THREE WEEKS. Which is still there 10 years later.

And at that point, BT / OR then randomly turn up at a protected site uninvited on a regular basis trying to "complete the install" and are refused access, the contracts are all thrown in the bin, and all other BT services are severed. Partly because they then admit that there was NEVER enough room at the exchange at any time during those three years anyway.

I took the site all-SIP within a few months of the leased line install and even cut the "backup" ADSL lines because we just didn't want to have to deal with a company like that.

Vote with your feet, people.

Lee D Silver badge

Still waiting.

Vodafone (who provide my landline) keep telling me that I must move to this and they'll send me kit etc. for about the last 6 months. So far, zip.

I don't care. In my last house, I literally never activated the phone line (which somehow confused the people that the landlord had tried to sell out too and who forcibly switched my electricity to them without my consent - they made that illegal shortly afterwards - and who wanted me to use their satellite TV and their broadband and their phone... I literally activated none of them and switched my electricity away immediately). That was 6 years ago.

Last year I bought a house, the phone line was active and I used it for broadband (because it was so rural, but I'd been living 4G-only for many years already). I still don't know the phone number to this day, and I've never bothered to even connect a phone to it.

And Vodafone will send me "adaptors" that plug into "my" router. You know, the one that I put in the bin as soon as it arrived, and put my own router with all my previous config on it on instead and made them give me the ADSL login details. So those adaptors will end up in the bin too.

If I'm feeling bored, I may ask for the SIP login details for this Digital Voice thing (which is just a SIP line in reality) and plug it into my already-SIP-capable router which has analogue voice ports for handsets too. I still won't plug in a handset, but you never know - I might one day bother to have it answer the line, tell people that there's nobody on this number and then hang up.

I don't decry the loss of analogue phones. I've been getting rid of them at work for 10+ years at least. I don't see the point in them in the modern age, especially for the cost of maintaining that line. And if I thought that the SIP-over-wifi and the backup of a 4G / GSM signal (on a dual-SIm phone) wasn't enough in an emergency (in a day and age where you can tweet for help or text 999 or similar), I could just sign up to something like Starlink or similar. I live in a very rural place, and have perfect views of the sky across a huge arc.

Oh, and my kit is not only UPS but running off a solar battery bank too. It can maintain the whole cabinet in my house for many, many hours as well as my laptop, NAS and CCTV. But that's not why it's on a UPS or on the solar. If the power goes out for an extended period of time and there's an emergency requiring immediate assistance at the same time, and the phone lines are down and the wifi is down and the 4G is down - I will raise the attention of my neighbours, and then if it comes to it, someone can drive into town. Sure, not as fast, but already an extremely unlikely scenario.

To be honest, why people think that that UPS in the cabinet is any different to one in their house or office, I can't fathom. After an hour or so, it's going to be dead. So in a power-cut, you make sure you don't need an ambulance in the second and subsequent hours, right?

Search for phone signal caused oil spill, say Japanese investigators

Lee D Silver badge

Re: “Shit, what I have done in my life? Now, my career is gone!”

I don't think that anybody even remotely concerned about an environmental disaster would be piloting a ship full of oil and then get distracted by the need for a phone signal, and then ignore charts to order several days of travel to come closer to coral reefs in order to talk to their girlfriend (or whoever).

Raspberry Pi 5 revealed, and it should satisfy your need for speed

Lee D Silver badge

I once trawled home from their shop on Tottenham Court Road on the Underground carrying several black bin bags full of AT and PS/2 keyboards that I'd snapped up for £10 the lot.

Getty delivers text-to-image service it says won't get you sued, may get you paid

Lee D Silver badge

Re: Whose images?

Well, all it needs is another competitor selling images and giving 41p to the creators, and unless Getty are doing something illegal they should start raking it in, right?

It's the same argument about Kindle, etc. My father-in-law is a published author, dozens of works to his name, huge sales figures over his lifetime.

His new books, his agents can't sell and only give him a pittance when they do. He puts the same book on a private website, a dozen other services, he gets a pittance of sales and even though through his own site he gets nearly 100% of the cost, he has to discount heavily to get anyone actually buying them - including the books that were previous best-sellers in physical form and translated into a dozen languages.

He puts them on Kindle, himself, no other middle-men, and he makes money straight away. And though the percentage is nowhere near 100%, he makes money because consumers go to Kindle FIRST almost every time. That's not monopolistic unless Amazon actively abuse that. At one point his books were removed from Amazon, and he devoted his full-time career as an author to getting them up anywhere else, on every other service. He moved immediately back to Kindle the second that the dispute was resolved (which took months) because it had taken him from "making a nice amount on top of his pension" to "you might get a coffee a year if you're lucky" and far, far, far more effort (in terms of marketing, conversion, uploading, etc.) than it was ever worth elsewhere.

In the same way, people looking for stock images are going to Getty first despite there being a thousand other companies doing the same thing. So they can throw the creator only a gnawed bone, and the people getting their images are perfectly happy.

I don't work for any associated companies in this space (unless you count hosting my father-in-law's website for him), by the way. And I don't necessarily think it's fair or right. But your sport photographer friend will know - if he sells his images to ANY other company in that space, he won't make as much as Getty give him, in the long-run. Doesn't mean they aren't conning him, but also doesn't mean they're doing anything "wrong" if there are no serious competitors able to provide the same.

The home Wi-Fi upgrade we never asked for is coming. The one we need is not

Lee D Silver badge

Re: Fundamental issues unaddressed

"Wifi is 20 times slower than a cable".

It's always been true, it's still true now and it will likely always be true.

However the bandwidth is now coming out of the "for casual use, it'll work okay" into "it's so damn fast it doesn't really matter" areas.

The big problem is legacy kit, taking up far more frequency and generating far more noise than required, but with WPA3 that will start to solve itself too and anything not WPA3 capable will be consigned to a bin.

I hard-cable servers, etc. obviously, and at home I'm cabled to my main laptop (mostly for gaming ping!), but I have probably 50+ wifi devices, and my neighbours have a few, and it all "just works", so long as you're not expecting perfection and zero latency and perfect response. And that's on an 802.11n (Wifi 4) network.

To be honest, we're now at the point where something like Wifi 6 or 7 "just works" for almost any application, but we'll all keep servers etc. on multi-gigabit guaranteed connections for a few generations more, I imagine. By that point, everything will be cloud and then all we need is Wifi and core networking on the back-end.

It's come along a lot, and it achieves marvellous things, but it's now at the point where brute-force and ignorance of the problems pretty much just makes everything work together. A bit like when we all started using sensible amounts of CPU and RAM and nobody had to hand-optimise stuff any more.

Not saying that's great from an engineering point of view, but for domestic and small business, nobody is going to care about the difference and they'll just Wifi 7 everything and it'll work - maybe with a QoS tweak or two, but it'll work. The use cases of cabled hardware for domestic / small business are getting less and less every day. Even access control, CCTV, etc. aren't going to care about a short blip any more.

Lee D Silver badge

I only ever use my own router providing my own wifi.

Purely because I don't want the ISP to have any control over my modem, or any access - theoretical or not - to my Wifi key and/or network.

Same in every workplace I work in, and at home.

I like the Draytek routers as they have VDSL, 4G failover, proper Wifi with multiple SSIDs, VLANs, QoS, VPN and all kinds of good features for a decent price. My previous one has been through 3 houses with me and is still my preference even if it's "only" Wifi 4 (802.11n).

It allows me to block off my CCTV cameras and "smart" devices onto their own SSID and VLAN and they can still get out to the Internet if necessary but can't interfere with my local machines (remember everything behind your "firewall" can talk, so those things could be probing your laptops and desktops and will be in the "trusted" local network!).

I will happily buy a Wifi 7 model of the same Draytek and I have no doubt that they'll make one. Hell, I was about to buy the Wifi 6 model anyway, to be honest, I don't need the extra speed. Maybe one will push the price of the other down?

But ISP-supplied routers? Straight in the bin. Most of the time you have to fight to get them into modem mode, their wifi is awful and doesn't want to co-operate with anything else, and the ISP can literally do what they like on them which I don't like... ISPs have had their modems compromised before now and used to open up huge holes in corporate and home networks.

It's one of the (many) things that puts me off Starlink too... the home stations only offer out over Wifi... er... nope. Not having that. Besides the fact that it's then inherently limited by the Wifi connection from the roof into the house, I don't want it broadcasting and taking up all the bandwidth twice (because I would then have to send it to my existing wireless), and they could have just slapped on an Ethernet port for a pittance. They have it on the business models, but I'm not paying for the business subscription just for an Ethernet port.

And now I hear that my ISP is going to be cutting my phone line and making me use VoIP for my home phone number. So they are going to send me lots of digital adaptors, etc. to plug into "their" router. Nope. Just give me the SIP trunk details and I'll plug them into my Draytek which can handle that no problem as it has the adaptors built-in already on the V voice models (and I'll still never use the phone, but hey, you never know).

Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder

Lee D Silver badge

Re: How long?

As someone who has multi-dozen-terabyte storage in the cloud for hundreds of users.... I can tell you that a complete backup of every single Office 365 - including all Sharepoints, Teams, Exchange, Onedrive etc. - for every user doesn't take anywhere near 10.8 hours to complete, for a cloud-to-cloud backup to another provider.

And that's as one well-known user, I bet that if you spread it over lots of people downloading different portions of it from computers across the world, Azure would cope just fine.

(P.S. I'm absolutely no Azure nor cloud fan at all).

Lee D Silver badge

Re: How long?

38TBytes over a 1Gbit/s connection - 38,912 seconds or 10.8 hours.

People have 1Gbit to their homes now, I'm pretty sure a hacking collective have access to more than that.

Hell, I know of a primary school with three 10Gbit leased lines.

With any kind of co-ordinated and automated effort, you could probably pull that off Azure in under an hour, tops.

Lawsuit claims Google Maps led dad of two over collapsed bridge to his death

Lee D Silver badge

Re: Were there no signs indicating that the Bridge was out?

Google might drive every road, but they won't know if a road is officially "closed" or not - that's taken from mapping data supplied by local authorities, the same as things like speed limits, etc.

Google can't just guess at those, because getting it wrong would result in things like this being their fault. But if the local authority never "officially" closed the road, that's on the authority.

Sysadmin and spouse admit to part in 'massive' pirated Avaya licenses scam

Lee D Silver badge

Re: Similarity to "BMW's pay-as-you-toast subscription failure" article in The Register?

Here, I would agree.

Sadly, it turns out that the ones who do this the most, are the ones who deploy the strongest protections and who get the shirtiest if you bypass it.

It's 2023 and I still have a machine that has to have a USB key plugged in in order for some software to work.

Lee D Silver badge

Re: Similarity to "BMW's pay-as-you-toast subscription failure" article in The Register?

Then vote with your feet and go to a manufacturer that doesn't play that game, don't just break the law anyway.

We're talking about telephony, something you need ZERO licences for, can host entirely in-house, can use pretty much any handset you like, etc.

The providers at my previous employer are still annoyed from years back that I moved everything to VoIP and denied their annual demand for payment for physical lines. (They were also singularly unable to demonstrate a single working SIP line to us, after much faffing and blaming our firewall, whereas a competitor did so almost immediately with no firewall changes required).

Then they started getting shirty about internal telephony, so I put in Asterisk on cheaper, better handsets, no ties, and joined to the same SIP trunk provider. Cut them out of the picture enormously.

I've also seen people RENTING telephony including cloud control and Yealink handsets... yes, renting a £25 handset. With monthly charge, minimum terms, completely reliant on their platform (which provides no way to export any of the setup, etc.) and without significant control without having to get someone else to make changes for you. The first monthly charge alone would have paid for the handset outright.

Like the BMW story of selling "heated-seats unlock codes" - if you don't want that to happen, don't GIVE THEM MONEY and then illegal unlock your BMW and risk further problems down the line.... just don't buy one, don't buy that add-on, or complain to BMW and let it be known. Because people did exactly that and now... BMW have backtracked, as reported only the other day on The Reg.

Signal adopts new alphabet jumble to protect chats from quantum computers

Lee D Silver badge

Re: Confused!

No, the concept of Diffie Hellman is to form a secure channel by which you both agree upon a temporary secret - which you then use to share your public keys with each other to initiate an channel elsewhere under ordinary public key encryption - and then discard everything DH because it's no longer needed.

It's literally called a key exchange protocol.

Now, there may be some confusion of terminology and scope here, but ultimately any public key being able to be used to determine the private key is death to all public-key encryption, whether you used DH to transmit the keys or not.

What you're hinting at is that if you use DH in a PFS scheme, you send temporal keys to each other constantly, that's where they are "never shared or even known to the users" and "never stored or published". Hell, you can even mis-use DH directly as an encryption scheme (there are several like that), but it's uncommon.

But the majority use of DH is to exchange keys and go home, and then to leave you to do then something else, somewhere else. PFS uses DH in the way you describe, but not all public-key-encryption bothers with PFS.

And the fact is that a quantum computer of sufficient size would break DH, PFS and most common public key cryptography quite easily, as none of them are quantum-computing-safe.

We do have quantum-safe equivalents of the above, but they are vastly different, and they are also being weakened all the time (and many are not even in active use yet!).

(To simplify the QC-safe thing: At the moment we "scramble" two numbers mathematically to make it almost impossible to determine what the original two numbers were - but there's only really one correct answer, it just takes countless billion-billion-billion attempts to find it by brute-force. With QC, we basically do the opposite - we try to make as many answers as possible appear valid, so that each one is "returned" by a quantum computer, but you still can't work out which one was actually the original message without knowing what the original message was (kind of like a known-plain-text attack). So even though you know all the possible starting numbers, you end up with a billion-billion-billion equally likely and viable number-pairs, and no clue which one is the right one until, basically, you already know what the message contained in the first place to compare it with)

BT confirms it's switching off 3G in UK from Jan next year

Lee D Silver badge

Re: 3G

Have you seen licence-free channels and the mess people make of them?

It'd be swamped to death in seconds and largely unusable, plus you'd have to severely limit the power allowed (especially given the range current given to 3G, you'd want to dial that down if you don't want the guy in the next town interfering with your signal).

Lee D Silver badge

Re: So.......2G will be here for while and 3G will disappear almost immediately...

Yeah, so to make it easier to spy on you they're keeping one old legacy, abandoning all the pathetic encryption schemes in 3G/4G, and forcing you to 5G.... which has proper EAP TLS which is the first mobile standard to actually use a known-secure algorithm.

Literally everything below 5G didn't have encryption worthy of the name, even on their day of standardisation or years later.

And things like SS7 ... god, what a security mess.

If you're worried about encryption and people "listening in", let me give you a hint:

- You cannot rely on any mainstream public communications service.

- You don't know enough to roll your own (trust me.. you don't, no matter what you think).

- When you do, you'll light up like a Christmas tree on the radar of anyone who cares about what you might be doing.

Also, the majority of your data is going over the data channels anyway, including your Wifi calling, and they all have well-known endpoints. You'd be an idiot to try to "break" the encryption, for any official purpose - e.g. to "spy on you" - of the phone radio connection itself, when you could just tap the ISP side of the data channel or ask the telco to flag your calls.

That's how the US were deploying vans to monitor communications at large events... your phone was talking to them, and they are just authorised base-stations as far as your phone is concerned. Encryption in that case is utterly worthless, your phone is told it can trust those base-stations by the telco issuing valid certificates to them, etc.

GitHub Copilot, Amazon Code Whisperer sometimes emit other people's API keys

Lee D Silver badge

This stuff is really the dumbest use of machines that I can imagine.

"Please give me a bad answer unreliably, trained on data that you really shouldn't have ever had access to."

Azure SQL Database takes Saturday off on US east coast following network power failure

Lee D Silver badge

People keep trying to tell me that they must have cloud services.

In other news Office 365 is often down, Exchange Online can be a nightmare, Azure has all kinds of problems, the Google Cloud has its spats, and my former-workplace are apparently spending tens of thousands on YET-ANOTHER leased line because they are so desperately dependent on the Internet being up 24/7 for ... well... a school. So not exactly the kind of high-stakes, always-on place you really expect to see that. But they can't possibly tolerate anything going wrong, which since they went entirely cloud dependent appears to happen about once a month on a regular basis.

As IT, I don't mind. Because with that change comes the same old caveat: I cannot manage or provide any guarantees about a third-party service. You're free to go this way. My life becomes easier the more you push off to anonymous entities in the cloud on expensive subscriptions.

And if you can't get to their services, 99% of the time I can do absolutely nothing about that. The other 1% you will pay 300% of the cost of your IT services overall trying to eliminate before you give up and realise that you just have to accept some downtime, even if that takes years to realise, I suspect.

Please, move all your stuff to the cloud. I will ensure you have access to a browser. That's my job done. And then you can try to yell at me when things don't work, but if you can successfully get on Google or BBC News... that's me done, mate.

Lee D Silver badge

This forum page was 404 for several minutes after article posting too, not to mention that I just saw another article with raw HTML spludged into the article text near a link.

Oracle at Europe's largest council didn't foresee bankruptcy

Lee D Silver badge

At which point did someone join:

"We need to save money"

with

"Let's move to Oracle"?

12,453 employees. £100 million to manage them.

That's £8000+ per employee.

To do what? "for financial, HR and procurement processes".

That's a ludicrous number.

Throw it in the bin, go back to what you had, then sack yourselves.

Getting to the bottom of BMW's pay-as-you-toast subscription failure

Lee D Silver badge

Re: What is unclear with these "shops" in cars

Tesla hit that enormously with their "self-driving" (NOT SELF-DRIVING) modes and features.

People, for the most part, just sucked it up.

And Tesla then sued people who tried to re-enable it on cars that had been purchased with it, and then sold onwards.

They'll keep trying to pull this nonsense, until they've found the boundary at which people will or won't tolerate it.

California passes bill to set up one-stop data deletion shop

Lee D Silver badge

Those who do not understand GDPR are condemned to reinvent it.

Meet Honda's latest electric vehicle: A rideable suitcase

Lee D Silver badge

How to die in new and interesting ways while looking like an extra from Spaceballs.

Ford, BMW, Honda to steer bidirectional EV charging standard

Lee D Silver badge

Do not want

Why should my investment in a car be used to make up for lack of investment by the entire energy industry?

I'm of the same opinion with my solar at the moment.

I'm slowly building up capacity but at no point do I ever want to connect and feed back to the grid. There is literal money to be made that way (pathetic though it is) but I don't see why I should be the one building out so that they can sell it to other people.

I plan to be energy independent in the next few years, and my house is all-electric and was bought partly on that basis.

I'll generate what I can, and save the expense and hassle of trying to tie in with the grid. If I end up being able to only maintain a grid connection as a backup (paying standard charge only), that'll be a success.

Sorry, but if I've generated electricity, charged my car (and that, in itself, would be a damn lot of electricity) for hours upon end from my equipment, why would I want to let someone else take that charge and probably pay me less than it cost to generate, or to buy from the grid?

The industry had the opportunity to build out and use the resources available and it was never interested, now that it saves them a few billion on a nuclear plant they expect me to send them power and act as a giant battery for them at my own expense?

Come to me with an offer in excess of twice the grid price per KWh, and a guarantee you'll take whatever I can produce, and we'll talk. But chances are I still won't let you discharge my car battery purely because I want it to be charged for my usage at any time of the day or night.

Also, you then won't get to dictate when I can decide to charge that battery to help your over-generation.

Lightning struck: Apple switches to USB-C for iPhone 15 lineup

Lee D Silver badge

Re: Where do we go from here...?

"So is this the end of innovation for accelerator pedal placement now? If no one is allowed to choose which pedal they want to accelerate we can use then we're stuck with (the many variants of) pedals that are on the right. Don't get me wrong, I'm all for standardising things, but if this decision had been made 10 years ago then the standard would have been mechanical pedals and we wouldn't have cruise control or speed limiting".

USB is a large collection of very-backwards-compatible standards. USB-C is a connector standard, the same as microUSB. The two are very different things.

microUSB from 10 years ago would work fine today, including everything from USB 1.0 to USB3.2.

In this case, we're picking a connector standard, and a base-level power charging standard (which only forms the legal minimum and doesn't prevent upgrades, innovation and negotiation of newer power standards).

What we've stopped in the process is a non-standard, patented connector, pretty monopolistically developed, that does nothing special and only one company in the entire industry has any interest in using.

We will also have to standardise electric car charging cables, and I don't want the precedent that Ford can make a Ford-only cable that you have to have Ford adaptors or go to a Ford charger to use... which is exactly what happen if we don't dictate base-level standards occasionally.

Imagine how much simpler travel would be if we all used 220V and a standardised plug that comes with all usage cases? We spend hundreds of millions every year on pieces of plastic, and wheatstone bridges to cope with foreign electrics in billions of devices that only a tiny minority ever get used abroad, and then only for very fleeting moments for the most part.

And there's nothing in a Lightning cable that cannot be delivered over USB-C in exactly the same way, and nothing stopping Apple "innovating" an enhanced protocol on top of the USB connector that only their phones/chargers support. So long as consumers CAN also charge with a standard USB-C charger on the basic power profiles.

And the fact that they just complied - after much passive opposition - without really any legal fuss whatsoever means that they know that. Apple made *billions* from just having a different connector to everyone else, and that's their only interest. Now those billions are gone, there's no "innovation" in there, but not because of being stifled.

Lee D Silver badge

Re: Thank God for fast forward..

My previous two Android phones (4 years apart each) both supported USB 3.0 and so many devices by default that it was basically a PC. Apple still don't support USB3.0 on their low end models here.

Samsung themselves even make a thing of this with DeX, which when it detects any screen automatically makes it into a "desktop" Android OS. It's been in the OS for years, DeX is just one implementation to make it a bit prettier.

And I've been able to connect USB / Bluetooth mice (and you get a cute little cursor immediately) and keyboards alongside the touch/OSK since the days of my Samsung Ace series cheapy-smartphone.

Currently my phone has free software for full SDR functionality (including dump1080, SDR app, airband receivers, FM radio and DVB-T receiving apps), one for all webcams (and even some antique and difficult-to-drive ancient models via a very cheap paid app, including a snake-cam and microscope I bought 20+ years ago), and I carry a tiny USB-3 hub with Ethernet, HDMI, VGA, SD-card, etc. that "just works" on Android and has on every phone I've tried... except all but the most recent Apples.

"already has support for network and cameras" is a laughably "recent" addition for Apple compared to just about any other smartphone, even the iPhone 11.

Yet again, Apple just cripples a phone on release and then finally lets you "use" those standards at your own expense much later if you buy adaptors or upgrade.

Lee D Silver badge

Re: "can reach out for help when there's no cell signal coverage over satellite connections"

I've been able to send signals to a satellite for 20+ years from a device no bigger than a matchbox.

The Register used it themselves for weather-balloon and other projects.

In those 20 years, mobile phones have come into their own so I'm not at all surprised that it's possible, especially given as this isn't the first generation of phones to feature it.

It's just a very short emergency "high-power" data message on reserved frequencies, not a phone call.

Iridium is so old that the kit you're talking about is basically obsolete nowadays.

Linux 6.6's in-kernel SMB networking server graduates

Lee D Silver badge

Nothing says "kernel-level compromise" quite like putting an antique, backwards-compatible user-facing network service into the kernel for performance reasons.

Especially when for decades it's been a user-level application with numerous protocol security problems but otherwise without major issue in terms of operation or performance.

Did we not learn from IIS?

Windows August update plays Blue Screen bingo – and MSI boards got the winning ticket

Lee D Silver badge

Re: Gee

You're cheaper than a suite of beta testers.

And you pay them for the privilege.

Microsoft calls time on ancient TLS in Windows, breaking own stuff in the process

Lee D Silver badge

"Most of us" would then utterly fail any kind of cybersecurity review, which is required for workplaces as basic as primary schools nowadays.

Lee D Silver badge

Re: This will be fun

There are still mainstream UK banks insisting that you have to do all your millions of pounds of bank transfers via Internet Explorer, so I'm not surprised.

To the point that they just point you at a PDF on their main website which basically says "Get your IT to re-enable it" including "after 30 days the security settings will revert, so you'll have to put them back every 30 days".

So you have to have a smartcard, double-authentication via two separate entities, getting a card is almost as difficult as opening a bank account in the first place because of all the authorisation you have to get, but then you have to plug it into a Gemalto reader for which they will only give you IE plugins to access it (despite Gemalto having Chrome, etc. plugins for everything) and won't support any alternative.

Lee D Silver badge

Ran IISCrypto last year and enabled it's best practice mode on all the servers on my new workplace.

Who the hell relies on early TLS still? And Microsoft doing it now "because usage has fallen to an acceptable level", in essence? How ridiculous for an outdated and insecure security-based protocol with a clear path to replacement/upgrade for years now.

CrowView: A clamp-on, portable second laptop display

Lee D Silver badge

Almost every laptop I've ever condemned to the "cannot economically repair" bin has been breakage on the screen hinges.

This just adds for more weight, in a lop-sided manner, to what's supposed to be a portable device.

Nope. If you want this, buy a separate monitor - small portable ones are cheap - and never attach it fully to your laptop screen, because you simply don't need to.

What happens when What3Words gets lost in translation?

Lee D Silver badge

Do you know why ISBNs were designed specifically differently to other barcodes?

It's because you can transpose any two digits and the ISBN will still work. To counter the most simple human error seen when entering book numbers manually.

The same way that you know the code of any ISBN barcode is faulty if it doesn't total up to a multiple of 11 (where any X is taken as 10).

You can design systems to cope with errors. You're literally using probably a hundred different checksum and ECC and error detection systems just putting your post on this page, at every level from your keyboard up to the website's database's multiple storage drives.

If you want a resilient system, you can easily build one where it doesn't matter if people get 5 out of 10 numbers wrong, you would still know where they are. Literally you can choose the number of errors you want to correct and that'll determine the size of the final code and almost all such codes are not prohibitive. We literally use the exact same system to take to Voyager spacecraft where some countless thousands upon thousands of errors can occur in every megabyte of data transmitted and it'll still get through in an understandable way where you know it's correct.

W3W has *SO MANY* flaws that it really shouldn't be taken seriously.

Lat/Long or OS are long-standing, standardised, royalty-free and "just work", and you can do it in a foreign language (I know the German, French and Spanish for the numbers 0-9 without even trying, all I'd need is the compass directions and possible "minus").

But if we want a resilient system, random numbers or letters would actually work far better - even just a small bunch of alphabetical characters could do a better job than W3W, could be transmitted with the NATA phonetic alphabet or Morse Code, and just one or two extra characters would greatly enhance its resiliency in the cases of tranmission or transcription errors.

It's literally an afternoon jaunt for any mathematical student averse in Coding Theory, with a dash of geographical coordinate systems, to code up a solution to all the problems there.

But when Lat/Lon (international, standardised) and OS (UK only, standardised) are staring us in the face, there's really little need to do so. Transmit both. Transmit one and your approximate location. Or just read it twice.

But the problems with W3W go far beyond confusingly similar symbols (not something that Lat/Long or OS suffer from), and it really should be put to bed as anything but a gimmick to get your pizza.

Tor turns to proof-of-work puzzles to defend onion network from DDoS attacks

Lee D Silver badge

We were talking about allocation of money, for which exit nodes would be a good candidate to spend money on.

Lee D Silver badge

Tor exit nodes are expensive and difficult to run, and Tor operate several of their own.

Not everything can just happen "for free" especially when every ISP and host is rejecting Tor exit nodes, especially when they're being DDoS'd all the time.

Using the money to set up or fund exit nodes would make Tor vaguely useable rather than the slow mess that it currently is.

'Millions' of spammy emails with no opt-out? That'll cost you $650K, Experian

Lee D Silver badge

Good, can they look at Santander now?

All kinds of crap posing as "service messages".

Internet Archive sued by record labels as battle with book publishers intensifies

Lee D Silver badge

"The real idea of this is preservation, research, and discovery,"

None of which allow them to REDISTRIBUTE their captured material.

Hell, they host entire MAME ROM sets which have seen all kinds of places taken down, entire BBC series, etc.

It's fine to "archive", it's not fine under current law anywhere to then put all those archives online for absolutely everyone in the world to download without limit or permission.

There's a big difference between being something like the BFI or the British Library, and just being a torrent dumping ground of anything people like.

Ford SYNC 3 infotainment vulnerable to drive-by Wi-Fi hijacking

Lee D Silver badge

Re: firewalled

I can't speak for Sync 3, but Sync 2 (which was ironically Windows-based) actually is isolated.

There is no information from the driving computer (e.g. speedo, mileometer, etc.) that propagates into the Sync 2 system anywhere at all. Even the controls on the steering wheel are separated - cruise control etc. on the left,and entertainment volume, phone etc. on the right. You have the clock on one but not another, the GPS on one but the instrument speedo on the other, and so on.

The Sync 2 handles bluetooth, wifi (for sharing local connections only), satnav (entirely offline) and - oddly - aircon and as far as I know contains no connection to the car's buses. If you want to replace the Sync 2 with Android units, you basically have to plug in an OBD adaptor to get anything like that. You don't have to plug in to control aircon, for instance, but you do if you want OBD information.

Given that you can upgrade the Sync 2 to the Sync 3 in many models, I would suspect that this is actually the case going forward too, unless such an upgrade involves a far more drastic rewire than people are letting on.

And I have personal experience of the Sync 2 because I had the unit fail on me while driving. At first the music was skipping and being odd, then I lost control of the entertainment. Then the unit powered down and I lost aircon. But at no point was the dashboard computer (the one behind the steering wheel that handles and displays MPG, driving settings, etc.) affected, and nor were any driving functions.

Turned out that the SD card just needed replacement, but the whole entertainment system just bugged out and fell over, while I was driving along happily.

Apart from that one incident (resolved with a non-corrupt SD card), it was pretty solid.

But Ford Sync has been through a number of iterations now - QNX, Windows, etc. I'm just going to leave mine on Sync 2 until the car dies, I think. I don't even really use the satnav any more as it costs £150+ (or some piracy) to update the maps and they only surface once every year or so. They can't quite seem to get it right and I don't think throwing it all out and starting again each time is helping.

That said, it does everything I want it to do which is connect to my phone, play music, turn on the air-con and get out of my way.

Scientists strangely unable to follow recipe for holy grail room-temp superconductor

Lee D Silver badge

Seems to be largely hyperbole at this point, and for a material that was actually created 24 years ago.

All the created samples appear to be miniscule as well, which seems odd for something that uses basic materials.

As with all science - until you can reproduce it independently, it's at best a fluke or misreading, at worst a fraud.

Selling it as a room-temperature superconductor, especially, appears to be largely nonsense. And diamagnetic properties are hardly rare.

Like with every battery-technology claim, every "AI" claim, every super-material breakthrough - until it's literally a commodity item (even if that commodity is a £1m per sample thing sold only to labs), it's basically just hyperbole.

'Weird numerological coincidence' found during work on Linux kernel 6.5

Lee D Silver badge

Re: The what?

Same department as awaits responses from Apple, so it's unlikely anyone ever hears them at all.

NASA mistakenly severs communication to Voyager 2

Lee D Silver badge

Re: Talk it up

They'll still call it fibre.

Tesla's Autopilot boasts, safety probed by California AG

Lee D Silver badge

Re: Autonomy

No, the moral of the story is always let some other poor sap buy the car first, test it for you and discover and deal with all the problems, then research your purchases accordingly before parting with 30k+ of your money.

At no point was it ever full autonomy. Ever. Not even for a microsecond, and then later revoked. You bought a sales "promise", from a car dealer, with absolutely no way for them to deliver on it. And, hilariously, you bought a promise that this car would do something that no other car has ever done in all of recorded history.

I have no sympathy, but I am very grateful that someone is now taking this up from a consumer-law point of view because it's years past that point and Tesla are still getting away with fraud.

TETRA radio comms used by emergency heroes easily cracked, say experts

Lee D Silver badge

Re: Spectacularly irresponsible.

Maybe they should stop just throwing money, lay down a specification, and engage a company in a contractual agreement to deliver it.

Other countries around the world don't seem to have this problem. Ask them. Engage their people.

It's because the politicians can get their 10% repeatedly if they sign up a company every year, then get about 10% when they renew with the old system (at zero cost to the manufacturer, but at significant markup because "well, we were going to retire that, but we'll keep it running another year, but it'll cost ya!"), then get to call out to tender again, sign another dodgy contract that doesn't penalise non-delivery, change the spec just at the right time so the new guys pull out because of costs, etc. etc. and repeat ad infinitum.

It's a government IT project, and it's failing because it's a government IT project. There's really nothing difficult here, even if you produced a hybrid system that did BOTH Tetra and whatever you wanted to move to.

One investment in new kit... no investment in infrastructure required to use it... then as you build up 5G (or whatever), you don't need to replace the kit... you just keep using it. And if something goes wrong, you still have the other to fall back to! And twice the capacity.

Specify that properly, put out a government contract, and write proper delivery clauses. Watch the Tetra people run around like loonies in case a rival delivers a product that can do that and make them obsolete within a couple of years.

Lee D Silver badge

Re: Spectacularly irresponsible.

The services were all at risk anyway. This is just the first lot to actually legally and publically look into it, after the EU asked them to (obviously suspecting that there may be flaws).

You think the criminal gangs that are hacking huge cloud datacentres don't have a few guys who could have done the same at any point in the last 20 years (bear in mind, these researchers had no info or assistance so had to reverse-engineer everything just the same!) and the whole thing been compromised for decades?

It's not a Heisenberg radio. It's not "secure until you actually look at it". And it's definitely not "secure until someone with good intentions looked at it". It's insecure, by design, and has been for many, many years.

Without exposure, that would NEVER change.

TETRA and similar systems has been posited for replacement for decades, as far as I remember, and huge amounts of money spaffed on obtaining replacements but then falling back and just renewing the system for yet-another-year. The only way to actually get them secure and move into the 21st century is to show that the old system is not just "archaic but viable" but that it's entirely obsolete, insecure and unfit for purpose. And, probably, always has been.

Framework starts taking orders for 16-inch repairable, upgradeable laptop

Lee D Silver badge

I looked at one as soon as they come out, as a replacement of a gaming laptop that was no longer supported by the manufacturer and had a bad firmware update (the timing seemed perfect, I was willing to drop money).

As soon as you load the GPU onto it, the price goes beyond what I would reasonably pay for such a thing (and I own a gaming laptop!) before you even get into the same amount/speed of storage, RAM, etc.

Also, the modules are a bit... well... limited. 6 modules on this model (I think it used to be four) and two of those are a single USB-A slot, and a single USB-C slot. One for Ethernet. One for HDMI. One for microSD. Sure you can change them, but the modules should really be things like 2 or 3 USB slots, not just one. Hell, one module is nothing but a 3.5mm audio jack. By the time you get it back to a "normal" laptop, there are no slots left. You can argue that you wouldn't use the microSD all the time, maybe, but if you thought it important enough to order the module then surely you use it quite a bit and not just as an afterthought. Why not microSD, plus SD, plus maybe another USB-C on one module? I think few people are going to be carrying it around with a bunch of spare modules at £20 a pop (so it's £120 just to populate the basic ports!).

It's a great idea but it needs more, and it needs to justify its price. I have a friend it would be ideal for, but it still needs more to entice them beyond dropping the same amount of money on a more mainstream laptop that'll actually have more connectivity. And if you're carrying around modules (okay, they're USB-C connected but they're still non-standard), you might as well just carry around cheaper more generic adaptors.

Linux lover consumed a quarter of the network

Lee D Silver badge

My old university used to gauge people's internet usage by the amount of local storage they were using.

They didn't have the kit to monitor the BLINDINGLY fast connection of the day (I think 100Mbps), and so they weren't able to monitor usage directly, so they correlated it to those students downloading tons of stuff and keeping it on their account.

Every few weeks, they'd send out an email of shame to everyone naming the people using the most local storage, and next week those people would have cleaned up and taken the slap on the wrist.

Except... if you looked, the emails were always generated from data produced at a certain predictable date and time. Obviously some scheduled task or cron job somewhere.

I managed to go three years, in which I knew I was literally trouncing everyone on the name-and-shame list, by the simple precept of removing all the downloads the day before the script was scheduled to run. That sometimes meant an evening with a bunch of floppy disks (and later ZIP disks), and an intense familiarity with the PKZIP command line options for spanning disks, but I would pack all my stuff up, go home and "download" it to my machine, clear out my university storage, and then repeat over the next week.

They never seemed to cotton on, and I was literally orders of magnitude more downloading and storage than those on the list, and I never made it onto the list personally. Not even once.

But when your only home connection was 56K dial-up, then "sneakernet" to a 100Mbps location and the cost of a box of disks was actually far superior, even if it required far more patience (especially if I got home and the spanned set had a failed disk!).

Also, because of the loss of the storage on a regular basis, I would later make a bunch of CD-R copies (at 1x speed!) so I didn't have to download things again. I still have them. They all still work. I would burn them in pairs so I had two copies of everything.

Including one that, the day I burned it, failed verification when it was read back. It's copy burned absolutely fine, no problems. When I looked, a single byte was incorrect in a single file. I attached a post-it to the CDR with the hex address and what the byte should read.

To this day, if you load up that CD-R, hex-edit that one file, change that one byte, the archive passes all tests and opens and give you the files inside perfectly intact.

Tesla's Dojo supercomputer is a billion-dollar bet to make AI better at driving than humans

Lee D Silver badge

Re: But will it be clever enough

Name a RHD country that would allow this product on the road. Pedestrian safety laws rule out UK, Australia, NZ, etc..

Lee D Silver badge

Throwing a billion monkeys at a billion typewriters does not make an intelligent end-product.

And in this case, the monkeys aren't even sentient themselves, they're just mechanical automaton monkeys.

This is the same problem that we've had since the 60's. Neural networks, AI, etc. etc. etc. - and the answer is always "if only we had more computers, more computer time, and just left it running for longer processing more input, I'm sure that somehow it will magically become intelligent".

No. It won't. If it did, Google would have had the best AI in the world about 10-15 years ago. Or even Amazon.

Brute-force and ignorance is not the seed of intelligence.

Slackware wasn't the first Linux distro, but it's the oldest still alive and kicking

Lee D Silver badge

Best part:

No systemd.