* Posts by Joseba4242

84 publicly visible posts • joined 21 May 2014


Meta to use work badge and Status Tool to snoop on staff


Re: No surprises...


To all of those downvoters: What better way is there for newcomers to learn than to sit with different people, look over the shoulders and get ad-hoc explanations?

I've seen it time and time again that the all-time-at-home people are "productive" at what they are doing, but not able to change quickly and flexibly and discover new ways.

Microsoft’s Azure mishap betrays an industry blind to a big problem


"Nobody who has seen this happen ever forgets - or repeats - it. "

Especially fun when this happens in a script that's auto-run on every single Mac in the company.

Google HR hounds threaten 'next steps' for slackers not coming in 3 days a week


Re: That explains why productivity has fallen off a cliff due to "W"FH.

It depends on the type of work. If there is a clearly described piece of work, then WFH can be very productive.

The moment you need to go beyond and figure it out in the context of a complex company it breaks down. Serendipity is important.

Innovation works much better if people are actually sitting together.

Bringing new people is hard if they can't look over the shoulders and ask quick questions.

I'm seeing it every day that there is a strong correlation between doing WFH almost exclusively and working in a transactional manner and being stuck in your ways.

Automation is great. Until it breaks and nobody gets paid


Re: "execute his target script 16384 times"

"Exponential" does not mean "big".

The impact in this case is that running time is quadratic instead of linear.

Amazon to shutter Digital Photography Review


Re: Typical

I am taken aback by this decision and it leaves a big, sad gap.

However, this argument is like saying that the government spends 100s of billions, a million is nothing to then, so they can give me a million.

Belarus legalizes piracy – but citizens will have to pay for it


Re: The Problem is not Belarus, it is WIPO

If the content was available freely globally (which you seem to advocate), there would be no Harry Potter. No LoTR. None of the expensive-to-produce film.

Cinema wouldn't exist.

You might like that, but it's hardly a majority view that the world would be better without these.

AWS CEO Adam Selipsky promises 'Zero ETL' future in re:Invent keynote


Re: I am an Amazon Redshift specialist, and I have Views about all this.

Thank you very much, great information that you don't find in many other places.

How do you compare this with BigQuery?

Demand for software experts pushes tech salaries higher in UK


Re: Diversity should be a consequence, not a goal.

People don't decide what they want in an empty space. It is heavily influenced by their environment and what they see. That's why we first need to create an environment without biases before people truly make choices based on their real interests and talents.

Men in nurseries are still looked at suspiciously. Of course that will turn away men who would otherwise like to do that job.

Anti-piracy messaging may just encourage more piracy


Re: False equivalence as well...

If they copied for example the exact shape and forms of the cars then this would almost certainly "piracy" (violation of intellectual property rights).

I suspect that the overlap between the potential customers of the Burmanese and the original versions is next to nil, and hence they don't consider that this a risk to sales.

It might been seen as a curiosity that enhances mystic brand status.

Just because Bugatti doesn't act against these people doesn't mean that they believe legally they could not.

OMIGOD: Cloud providers still using secret middleware


Re: "they also add new potential attack surfaces"

If running VMs and containers is all you need, sure. That's not what cloud is really about though.

An international incident or just some finger trouble at the console?


Re: Figured out what THAT meant

Big Fast Router.

Curiously later processors could run either classic IOS or IOS-XR, though we never attempted a conversion.


Re: Figured out what THAT meant

Carrier Routing System (if I remember correctly)

A discounting disaster averted at the expense of one's own employment


Re: Alarming, fired.

"Which always makes me wonder, why did the orignal design / architect / plan not take into consideration all these points"

It's easy to put this down to incompetence or unwillingness. However I think the deeper reason is in the nature of such contracts. In order to specify fully you'd need to complete a good proportion of the design which by itself is part of the tender.

It's just almost impossible to specify precisely what you need in a reasonable sized document that takes a proportionate time to prepare.

Dropbox unplugged its own datacenter – and things went better than expected



Looking at this at reducing the RTO from 8min to 4min is a bit of a dangerous angle.

Imagine there was an earthquake that took out their SJ datacenter, and all services recovered with no data lost 8min later. Noone would complain; that would be celebrated as a success.

Imagine, on the other hand, a dirty failure that introduced instabilities which causes replication to have issues and hence data to be lost. Technically the service might have recovered in 4min but the impact and fallout would be massive.

Crucially their test was a planned failover. They FIRST drained all traffic away and THEN failed over. While this by itself is an impressive achievement, reality often doesn't allow you this luxury, and that's where things can go really pear shaped.

Google bans third-party call-recording apps from Play Store


Re: This call may be recorded for training purposes...

Both are data processing and require either legitimate interest or consent. The latter is only such if it is freely given. Listening to a recording wirhout the option of proceeding without consent is never consent.

Google Maps just got lost for a few hours


Re: Not Just Maps

60 Gbps at home! Can I move there please?

A tale of two dishwashers: Buy one, buy it again, and again


Re: Adverts

What kind of albums did Cable & Wirelsss produce?

Linux tops Google's Project Zero charts for fastest bug fixes


2FA Success?

They call a reduction in account takeovers of 50% through 2FA a success.

I'd call this an abject failure.

Success for me would be 99%+ reduction.

BOFH: What a beautiful classic car. Shame if anything were to happen to it


Proving ID

My experience with Santander: Made online transaction a bit larger then normal (but to account I had previously sent to). Account blocked. Online unblocking needed details of recent transaction - there were none on this account. Went to branch. Passport was not enough to prove ID. Needed debit card which I couldn't find. Alternative was someone at branch who knows me to confirm ID. I don't know anyone at branch, doing 99% online.

1.5h later, sorted. Sigh.

Wifinity hands customers bills for Wi-Fi services they didn't want but used by accident after software 'glitch' let 'fixed term' subs continue


Telecomms Costs

Infrastructure needs to be refreshed and expanded and hence its depreciation is a real cost that ends to be factored in all the time.

Additionally customers expect an exponential* increase in bandwidth consumption without cost increase. That also requires constant reinvestment.

Then there is customer service and repair which takes up a significant proportion of the fees.

At the prices of Internet access in the UK this really isn't a high-margin "cash cow".

* Bandwith consumption has for a long time been "exponential" in the true meaning ie multiplying each fixed period. Not just meaning "large" as it's normally used (a pet hate of mine)

Judge rejects claims Cloudflare should be held responsible for customers' copyright infringement


Re: "We agree with the district court’s reasoning"

As others have commented the problem with the "roads" argument is that is justifies any and all support for criminal activities.

Take banks for example. With the same "roads" argument you could say that banks are just providing the transport of money (legal and illegal) just like roads provide transport for goods (legal and illegal). So banks shouldn't have to do any money laundry and customer checks and should be allowed just to serve any customer.

Some may think that this is right but it's certainly not a majority view.

Cloudflare slams AWS egress fees to convince web giant to join its discount data club


Why just AWS

This does deserve serious attention but why single out AWS?

Using the 80x cost from the blog, we get 98.8% profit margin for AWS. If they did offer 27% discount quoted, that would still be 98.3%. An improvement, yes, but still atrociously high so really they should call them out together.

Add to that that GCP starts at a 22% higher cost so a 27% discount on is just a tiny amount less than AWS.

No change control? Without suitable planning, a change can be as good as an arrest


Risk Questions

The two risk questions typically asked (and postulated in the article) are "how likely is it to go wrong" and "if how what's the impact".

These questions have a fundamental flaws. Firstly, there isn't a single dimension. A typical change has some low-likelihood change of something going a little bit wrong, and a very-low-likelihood chance of going very seriously wrong. These can't be put into a single answer.

Secondly, both of these questions are next to impossible to answer objectively and hence with a degree of repeatability. Different engineers will, perfectly legitimately and competently, come to different answers. For example one engineer might consider a typo in applying a change with impact to one particular service as the impact to focus on as it's the most common scenario. Another one would instead consider triggering an unknown software defect that impact a whole host of otherwise not directly related services, as this is the worst case impact. In either case it's difficult to see how "likelihood" could be objectively described.

Thirdly, these questions put the focus in the wrong place. It focuses on the expected outcome of the change so encourages not just wishful thinking but also focus on the "expected unexpected" outcomes.

I am advocating two different questions instead: "How quickly do you notice a problem" and "how quickly and reliably can you roll back". These two questions are considerably more objective, and they drive good behaviours such as focusing on monitoring which might otherwise be overlooked. Crucially it encourages to think about worst-case service restoration which is often most relevant for the business - think about 5min worst-case impact vs. hour of worst-case impact. So these questions focus on dealing with the biggest issues in a mature change control environment - the "unexpected unexpected".

UK government bows to pressure, agrees to delay NHS Digital grabbing the data of England's GP patients


Re: Matt Hancock to involve patients

What they actually said is that the literal meaning is correct - they were consulted - but they objected.

Global Fastly outage takes down many on the wibbly web – but El Reg remains standing


Good plan ... except all this does is to shift the SPOF from CDN to CDN selector so doesn't solve the problem.

And it introduces significant additional complexity which experience shows is often the cause of problems. If you are serving a simple static page that's not an issue (but then you wouldn't be quoted here). Larger sites need to consider for example test coverage, troubleshooting, logging etc. which are all far more complex on multi-CDN.

Thinking you can just re-point a CNAME is, well, wishful thinking.

And that's not even touching on large services that need to do capacity planning with the CDNs and take selector decisions based on load.


Tell that to the likes of Mozilla who think that there's nothing wrong with defaulting to a single global DNS provider.

Apple: We didn't take commission on 90% of App Store sales and billings


Why not Amazon?

Amazon, Netflix, etc - why are they allowed to use their own payment gateways and hence not pay the 30%?

Cloudflare launches campaign to ‘end the madness’ of CAPTCHAs


4.5bn users times $20 is $90bn. Quite something created there, more than 10 times the UK music industry.

So I'm saving 15 minutes per year, on average. That assumes it takes 0 seconds to find the device which is certainly not the case for me.

Then add the time to select and buy the device. Then add the time to make this work on every single device which likely adds up to a few hours. Then the time to troubleshoot when it doesn't work. Then the efforts to take a tiny device with me anywhere because we don't already have enough in chargers, cables, adapters etc. Then add the time and cost to replace it when it gets lost.


Aviation regulator outlines fixes that will get the 737 MAX flying again


Re: Hmm.

In that case you will avoid the airplane that has had the most intense safety scrutiny and awareness amongst pilots. There won't be a single one who is not fully aware of MCAS and its dangers.

Avoiding all Boeing planes might make more sense on the assumption that these failures stem from systematic corporate culture and governance failures.

Avoiding all planes relying of FAA certification even more so given that they are ultimately responsible for allowing much of this to happen.

It somehow restricts your options though.

Finally, made it to the weekend, time to breathe, relax, and... Cloudflare's taken down a chunk of the web



Mozilla should take note. If their vision* had become reality, a single configuration error on a single router would have affected all Firefox users.

* Use DoH for all users, with Cloudflare being the default

House of Lords push internet legend on greater openness and transparency from Google. Nope, says Vint Cerf


Re: Cerf was right - you wouldn't understand it, and nor would he

Quite so, they asked the wrong questions. Even assuming that the algorithm itself is completely black box there are plenty of questions to ask.

What training data so they use? How do they evolve the algorithms? How do they judge whether they are working well? How do they incorporate new sources of data to search? How do they counter-manipulate deliberate attempts at manipulating results (SEO)?

You. Drop and give me 20... per cent IPv6 by 2023, 80% by 2025, Uncle Sam tells its IT admins after years of slacking


The No-Solution

"in recent years it has become clear that this approach is overly complex to maintain and unnecessary."

So the solution is to go single stack IPv6 which (to my knowledge) no complex enterprise has yet achieved, despite some like Microsoft trying very har

C'mon SPARCky, it's just an admin utility update. What could possibly go wrong?


Re: Just following instructions....

You had a mainframe where devs could spin up VMs, managed databases, message buses etc though a self-service API?


It's been one day since Blighty OK'd Huawei for parts of 5G – and US politicians haven't overreacted at all. Wait, what? Surveillance state commies?



I'm genuinely puzzled what this is all about. Huawei has been in 4G networks in the UK for a long time, with no apparent or even bemoaned "loss of sovereignity".

There are many cries of China getting access to "data" but in almost all cases nowadays data transfer uses TLS so that's of little use. Other forms of data like location have been available in 4G already. So what's different with 5G? That there are potentially more devices (assuming someone finds an actual use case)?

This episode of Black Mirror sucks: London cops boast that facial-recog creepycams will be on the streets this year


"1 in 1000 people scanned would generate a false alarm. That's going from a known and proven failure rate of 98% back in May 2018 to one of 0.1% today."

No it's not. 98% of people flagged were not on the watchlist. That's not the same as 98% of people being flagged.

Say 100,000 people are caught on camera. 98 are flagged innocently, 2 are on the list. Here you have 98% false positives as reported before, and 0.1% false positives as reported here - they are very different metrics.

It grates me if numbers are so grossly misused. Just because you agree with the criticism (which I do BTW) you shouldn't just blindly and uncritically believe and repeat every argument that "supports" your case.

Hold my Bose, we can do premium: Sennheiser chucks pricey wireless cans at travellers


Sound Separation?

I am looking for a noise cancelling headphone with good separation of voice from background noise, to have business calls in less than ideal environments.

To that end I looked at the usual contenders - Sony WH-1000XM3, Sennheiser Momentum 3, Bose NC700 with "unrivalled four-microphone system" and compared them with my inelegant but trusty £70 Jabra Evolve 40.

None of them come anywhere near. Where the person at the other end of the line struggled to understand me in a noisy environment with all three of them, they hardly heard any noise on the Jabra.

I wish this one is better! (that's allowed in this season, isn't it?)

What do Nginx, Twitch... and the English Premier League have in common? Russians. It's always the Russians


Re: I get a bit bored

It's perfectly possible to match live streams with extremely low rate of false positives.

Other major platforms (YouTube, Facebook) implement this; Twitch hasn't made the investment.

You need to be careful what you match against though - for example remove ads in the reference stream.

Londoner admits illegally accessing National Lottery accounts


Re: Statistically speaking, his chances of a prison sentence are low.

"Exponentially" is a term used to describe the correlation between two metrics and has no meaning where only one metric is involved.

It is not a synonym for "much".

Newly born Firefox 71 emerges from its den – with its own VPN and some privacy tricks


Re: Few legitimate uses of VPN?

ISPs are more "hostile" than a US company with no accountability in your country, one that is required to give TLAs any access they request?

We are absolutely, definitively, completely and utterly out of IPv4 addresses, warns RIPE


Re: "We have now run out of IPv4 addresses"

How, exactly, does adding 4 bytes instead of 12 bytes make the transition any easier?


Re: The internet will be privatised

Enabling IPv6 does not remove the need for IPv4 connectivity. It certainly helps with scaling CGNAT but you still need it.


Vicious Circle

As long as significant number of end user connections are IPv4 only, pretty much all services will be available on IPv4.

As long as no significant services are IPv6-only, significant numbers of ISPs and end users won't have IPv6.

It's a vicious circle. Increased adoption does not help this at all. Whether 20% or 90% of traffic is IPv6, still 100% of end users and 100% of services require IPv4 connectivity.

It's not clear how to break out of this. The complaint that IPv6 isn't compatible with IPv4 is old and easy to make but at the same time no "compatible" proposals have been made that work and address the key problems.

The immovable object versus the unstoppable force: How the tech boys club remains exclusive


Re: Misguided

So with the flick of a switch you suddenly change all that is currently in the way of equality such as the encrusted views and attitudes of the typically older, male leadership.

Sounds like a plan.

Here we go again: US govt tells Facebook to kill end-to-end encryption for the sake of the children


Re: "Outside the digital world, none of us would accept the proposition that"

Outside the digital world we do actually accept that that police with a warrant can enter your house through any means necessary.

This is NOT a proposal to have a global externally held decryption key that can be used without Facebook's authorisation or knowledge.

Get ready for a literal waiting list for European IPv4 addresses. And no jumping the line


Re: What's the problem

Problem is that IPv6 doesn't alleviate the need to support IPv4. You still need to supply every single customer with the ability to communicate through IPv4.


Re: Untill Mainstream ISP's...

BT and Sky aren't mainstream ISPs?


Re: IPv6 was designed by theorists

Problem is, there just isn't any other proposal that would allow seamless interoperability and migration in a way that would allow users or services to drop IPv4 support during a transition phase.

It's easy to say that the problem is that IPv6 was designed by theorists, but there's no alternative that doesn't have the same fundamental flaws, full stop.


Re: We need a new approach

"If users start asking their ISPs for ipv6 en masse and moving towards isps which already support it you will quickly see support expand."

The fallacy that has plagued IPv6 from the beginning is the belief that increased support for users or increased support on services somehow reduces the need for IPv4.

It doesn't. As long as there are any commonly used services that are only IPv4, or any users that have IPv4 only, ALL users and ALL services will have to remain to be IPv4 enabled.

Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General



At risk of massive downvotes: "This kind of special secret access has already ended in disaster". It might have, but the example given with the Juniper backdoor isn't one of them.

What they are asking for is a process where they can approach WhatsApp, armed with a court order, where WhatsApo can validate the request and then silently add the TLA to the conversations. This is nothing like the Juniper cast which is unlimited, uncontrolled, autonomous "root" access through a single unchangeable secret.

Where are the examples where these powers that have existed in PSTN networks for decades have led to disasters?