* Posts by Joseba4242

54 posts • joined 21 May 2014


House of Lords push internet legend on greater openness and transparency from Google. Nope, says Vint Cerf


Re: Cerf was right - you wouldn't understand it, and nor would he

Quite so, they asked the wrong questions. Even assuming that the algorithm itself is completely black box there are plenty of questions to ask.

What training data so they use? How do they evolve the algorithms? How do they judge whether they are working well? How do they incorporate new sources of data to search? How do they counter-manipulate deliberate attempts at manipulating results (SEO)?

You. Drop and give me 20... per cent IPv6 by 2023, 80% by 2025, Uncle Sam tells its IT admins after years of slacking


The No-Solution

"in recent years it has become clear that this approach is overly complex to maintain and unnecessary."

So the solution is to go single stack IPv6 which (to my knowledge) no complex enterprise has yet achieved, despite some like Microsoft trying very har

C'mon SPARCky, it's just an admin utility update. What could possibly go wrong?


Re: Just following instructions....

You had a mainframe where devs could spin up VMs, managed databases, message buses etc though a self-service API?


It's been one day since Blighty OK'd Huawei for parts of 5G – and US politicians haven't overreacted at all. Wait, what? Surveillance state commies?



I'm genuinely puzzled what this is all about. Huawei has been in 4G networks in the UK for a long time, with no apparent or even bemoaned "loss of sovereignity".

There are many cries of China getting access to "data" but in almost all cases nowadays data transfer uses TLS so that's of little use. Other forms of data like location have been available in 4G already. So what's different with 5G? That there are potentially more devices (assuming someone finds an actual use case)?

This episode of Black Mirror sucks: London cops boast that facial-recog creepycams will be on the streets this year


"1 in 1000 people scanned would generate a false alarm. That's going from a known and proven failure rate of 98% back in May 2018 to one of 0.1% today."

No it's not. 98% of people flagged were not on the watchlist. That's not the same as 98% of people being flagged.

Say 100,000 people are caught on camera. 98 are flagged innocently, 2 are on the list. Here you have 98% false positives as reported before, and 0.1% false positives as reported here - they are very different metrics.

It grates me if numbers are so grossly misused. Just because you agree with the criticism (which I do BTW) you shouldn't just blindly and uncritically believe and repeat every argument that "supports" your case.

Hold my Bose, we can do premium: Sennheiser chucks pricey wireless cans at travellers


Sound Separation?

I am looking for a noise cancelling headphone with good separation of voice from background noise, to have business calls in less than ideal environments.

To that end I looked at the usual contenders - Sony WH-1000XM3, Sennheiser Momentum 3, Bose NC700 with "unrivalled four-microphone system" and compared them with my inelegant but trusty £70 Jabra Evolve 40.

None of them come anywhere near. Where the person at the other end of the line struggled to understand me in a noisy environment with all three of them, they hardly heard any noise on the Jabra.

I wish this one is better! (that's allowed in this season, isn't it?)

What do Nginx, Twitch... and the English Premier League have in common? Russians. It's always the Russians


Re: I get a bit bored

It's perfectly possible to match live streams with extremely low rate of false positives.

Other major platforms (YouTube, Facebook) implement this; Twitch hasn't made the investment.

You need to be careful what you match against though - for example remove ads in the reference stream.

Londoner admits illegally accessing National Lottery accounts


Re: Statistically speaking, his chances of a prison sentence are low.

"Exponentially" is a term used to describe the correlation between two metrics and has no meaning where only one metric is involved.

It is not a synonym for "much".

Newly born Firefox 71 emerges from its den – with its own VPN and some privacy tricks


Re: Few legitimate uses of VPN?

ISPs are more "hostile" than a US company with no accountability in your country, one that is required to give TLAs any access they request?

We are absolutely, definitively, completely and utterly out of IPv4 addresses, warns RIPE


Re: "We have now run out of IPv4 addresses"

How, exactly, does adding 4 bytes instead of 12 bytes make the transition any easier?


Re: The internet will be privatised

Enabling IPv6 does not remove the need for IPv4 connectivity. It certainly helps with scaling CGNAT but you still need it.


Vicious Circle

As long as significant number of end user connections are IPv4 only, pretty much all services will be available on IPv4.

As long as no significant services are IPv6-only, significant numbers of ISPs and end users won't have IPv6.

It's a vicious circle. Increased adoption does not help this at all. Whether 20% or 90% of traffic is IPv6, still 100% of end users and 100% of services require IPv4 connectivity.

It's not clear how to break out of this. The complaint that IPv6 isn't compatible with IPv4 is old and easy to make but at the same time no "compatible" proposals have been made that work and address the key problems.

The immovable object versus the unstoppable force: How the tech boys club remains exclusive


Re: Misguided

So with the flick of a switch you suddenly change all that is currently in the way of equality such as the encrusted views and attitudes of the typically older, male leadership.

Sounds like a plan.

Here we go again: US govt tells Facebook to kill end-to-end encryption for the sake of the children


Re: "Outside the digital world, none of us would accept the proposition that"

Outside the digital world we do actually accept that that police with a warrant can enter your house through any means necessary.

This is NOT a proposal to have a global externally held decryption key that can be used without Facebook's authorisation or knowledge.

Get ready for a literal waiting list for European IPv4 addresses. And no jumping the line


Re: What's the problem

Problem is that IPv6 doesn't alleviate the need to support IPv4. You still need to supply every single customer with the ability to communicate through IPv4.


Re: Untill Mainstream ISP's...

BT and Sky aren't mainstream ISPs?


Re: IPv6 was designed by theorists

Problem is, there just isn't any other proposal that would allow seamless interoperability and migration in a way that would allow users or services to drop IPv4 support during a transition phase.

It's easy to say that the problem is that IPv6 was designed by theorists, but there's no alternative that doesn't have the same fundamental flaws, full stop.


Re: We need a new approach

"If users start asking their ISPs for ipv6 en masse and moving towards isps which already support it you will quickly see support expand."

The fallacy that has plagued IPv6 from the beginning is the belief that increased support for users or increased support on services somehow reduces the need for IPv4.

It doesn't. As long as there are any commonly used services that are only IPv4, or any users that have IPv4 only, ALL users and ALL services will have to remain to be IPv4 enabled.

Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General



At risk of massive downvotes: "This kind of special secret access has already ended in disaster". It might have, but the example given with the Juniper backdoor isn't one of them.

What they are asking for is a process where they can approach WhatsApp, armed with a court order, where WhatsApo can validate the request and then silently add the TLA to the conversations. This is nothing like the Juniper cast which is unlimited, uncontrolled, autonomous "root" access through a single unchangeable secret.

Where are the examples where these powers that have existed in PSTN networks for decades have led to disasters?

How does UK.gov fsck up IT projects? Let us count the ways


22 Months?

Crossrail is 22 months late? Wasn't it supposed to be ready for the Olympics in 2012?

Internet imbeciles, aka British ISP lobbyists, backtrack on dubbing Mozilla a villain for DNS-over-HTTPS support


Re: DoH isn't "uncontroversial"

Lots of specific, concrete issues brushed aside with a one-line ad hominem attack. Quality commentary!

How about refuting them instead?

Or explaining why the vast majority of internet users who will use the default settings should trust Google and Cloudflare more than their local ISP?


Re: How will DoH affect ad blockers?

Fixed IP addresses can be detected and taken down; that's why they use DNS which survives much better.


Re: "However, this privacy-protecting technology has turned out to be controversial"

Quite so. Whether or not we should hand over DNS lookup data for 70% of browsing and 80% of mobile activity to Google seems uncontroversial to me indeed.

Cloudflare gave everyone a 30-minute break from a chunk of the internet yesterday: Here's how they did it


Re: I'm worried they'll outlaw Kodi in some unenforceable way...

While Cloudflare was refreshingly open about the technical cause for the outage, they have not touched on the process issues.

There's always a possibility that a change, however thoroughly lab tested, has unintended consequences in a large-scale production environment.

That's what good old phased rollouts are for. Why have they make an immediate, global change? That approach should have raised a very big, crimson red flag.

Please stop regulating the dumb tubes, says Internet Society boss


Re: IWF Handwringing

IP blocking doesn't work because of shared hosting, and SNI hostname based blocking for HTTPS won't work if eSNI becomes widely used.


Re: Public blacklist...

"It'll also make amplification DDoS quite a lot more difficult"

No it doesn't. Just because DoH is deployed, even if deployed widely, does not mean a single Do53 server is shut down. Unless that happens those same Do53 servers (even if used less by "proper" clients) can still be used for DoS attacks.


"You could embed the blocklist in servers on the internet."

No you can't. Well, technically you can of course but in reality it cannot be enforced.

The whole reason why blocking happens on infrastructure level is because it doesn't work at server level. ISPs are accountable to local jurisdiction, the operators are (usually) responsible businesses and there are a reasonably small number of them so they can practically be addressed.

There are hosting providers out there that tolerate kiddie porn. If even that content can't be removed from servers, what chance is there for other illegal content?

Why would IWF bother with ISP blocking if they could just get that content removed from the servers?

That's not even talking about jurisdictional issues for which there isn't an obvious answer. Why should a server operator in Netherlands block content that a UK court deems illegal?

There simply isn't any alternative. What they are proposing means in reality no content, however bad, will be blocked one the proposals are implented. This argument of "I agree with the intentions but there are other means" just isn't true.

You won't guess where European mobile data was rerouted for two hours. Oh. You can. Yes, it was China Telecom


Re: That's what happens when you use a Huawei router....

China Telecom is much better. British Telecom will do silly things disrupting your internet connection such as filtering your prefixes.

When it comes to DNS over HTTPS, it's privacy in excess, frets UK child exploitation watchdog


Re: The IWF's impact

If DoH (DNS-over-HTTP) as a protocol was used in the same way as transitional DNS then this would be true.

However the way the Mozilla and Google are envisaging to implement it is that their browsers use fixed DoH resolvers directly, thus completely bypassing the ISP's DNS servers.

So Mozilla and Google would choose which DNS provider theirs browsers use. Cloudflare and Google and the two main contenders for that.

Uber, Lyft rides among the biggest reasons why you're probably sitting in traffic right now – study


Self Driving Cars

Self driving cars will have a similar but even stronger effect.

People largely talk about effects improving traffic. Driving coordinated between cars, closer distances, smoother traffic.

However I believe that many people will move from public transport to self driving cars, just because it's so much more convenient and you can make good productive use of the time. I know I would and most people I've spoken to would too.

So there net effect is less public transport use and much more congestion.

Sky customers moan: Our broadband hubs are bricking it


Do you have a shred of evidence for this rather defamatory implicit accusation?

It is 2018 and the NHS is still counting the cost of WannaCry. Carry the 2, + aftermath... um... £92m


Being insecure cost £92m. Becoming (resonably) secure would cost £800m. Any surprises that it doesn't happen?

IPv6: It's only NAT-ural that network nerds are dragging their feet...


IPv4 Forever

This article, like others before, seems to misunderstand the incentives for IPv6 adoptions.

If the number of IPv6-only services grows from 1 to 10 you might call it a tenfold increase, but overall it's still next to nothing. No reputable services will be IPv6-only unless practically all clients are IPv6 enabled. Please name just one significant service that's IPv6 only to support your claim of "more websites and online services will begin to only be available via IPv6".

Some access and corporate networks have good reasons to enable IPv6. However there will always be a many that don't and that will only change if significant services were IPv6-only.

Many IPv4-only services have little incentive to move to IPv4+IPv6 unless significant number of clients are IPv6-only. ElReg is a great example of this; even years of mockery of its user base were not sufficient and it continues to operate on IPv4-only just fine.

Crucially a critical mass of adoption is not enough to break this stable cycle. You can have 95% of clients IPv6 enabled yet still need to provide service on IPv4. You can have 95% of services IPv6 enabled yet still need to provide IPv4 connectivity to your network.

The only way would be to if either practically all access and corporate networks become IPv6 enabled, or significant services become IPv6 only. There is next to no chance of either of this happening.

So you accidentally told a million people they are going to die: What next? Your essential guide...


Process allows one individual's mistake to have catastrophic effect. Communication unclear. No provision for unhappy path, or any such rehearsal. Root cause is a system that was systemically incompetently set up. Root cause blamed on one individual.

The result? La la land announced winner.

Should ISPs pay to block pirate websites? Supreme Court to decide


Re: Who decides if it's copyright-infringing?

> Typically blocked content is not copyright infringing where the host server is situated

Yes it is. Section 97A orders are issued in cases where the content are illegal in most jurisdictions.

> or they would attack the source

Being illegal does not mean that it is feasible to address the problem at source. See for example the Ecatel case which was decided last week where it took four years for the court to decide.

> Netflix for example has most of it's content unavailible outside of the US

Which blocking scenario are you considering that relates to Netflix? Netflix asking for a 97A order against UK ISPs to block access to Netflix content ? That would be most bizarre.

No, these orders are not used (or possible to be used) for geo restriction.

> So if the Government instead removed the distribution monopolies [...] then the whole "piracy" issue would disappear

How exactly would that stop counterfeit Cartier watches?

Of course all cases of copyright infringement could be stopped immediately by abolishing copyright. Whether or not a world without copyright (and hence a world without Game of Thrones and possibly Cartier) would be a better world is debatable, but there doesn't seem to be widespread support for it.

Outside Torrentfreak an ElReg that is.

Just how are HMRC’s IT systems going to cope with Brexit?



What is "exponential" about a one-off sixfold increase?

Who's behind the Kodi TV streaming stick crackdown?


Re: I'm worried they'll outlaw Kodi in some unenforceable way...

Is that "distancing" as in, for example, limitless.co.uk distancing themselves from piracy?

End all the 'up to' broadband speed bull. Release proper data – LGA


Re: Yes!

What is a multiplexing ratio? How would consumers be able to interpret that? How would you even define it? It's fiendishly difficult to do this meaningfully.

Let's take it to mean sum on sync rates divided by sum of external network connectivity, counting things such as CDN as external connectivity.

Assume an operator has 10:1 "multiplexing" ratio in this meaning and they offer a 100Mbps service today. Let's say they decide to upgrade that to 200Mbps. Then that suddenly becomes 20:1. Does that mean the network has become worse for the customers?

On the other hand you can have 10:1 which a couple of years ago may have provided a completely uncongested service and today it's slow due as average consumption went up.

There are much more meaningful metrics such as off-peak vs. peak transfer speed. That is actually measured by Ofcom today.

Actually most ISPs today score very well on that.


Re: Can they extend that....

Which is exactly what happens elsewhere where consumers don't seem to have a problem understanding the meaning of "up to".

Do you go to a shop and expect to get what you want half price in an "up to 50% off" sale?

300 million pelicans? Pah. What 6 billion plastic bags really weigh


Re: "instead of handing it to the ever-greedy taxman"

Considering that a bin liner sells for about 4.5p and is of worse quality that a single-use supermarket plastic bag, let alone the Sainsburys long-life ones, it's not difficult to see that "reasonable costs" would be justified as more than 5p.

Whether they'll request money back from the good causes remains to be seen.

500Gbps DDoS attack flattens world record


Whether that's a lot to deal with depends on the nature of the attack. If it's a simple (reflective) UDP attack to a non-UDP service then you can easily filter that at the network borders where such a capacity is available in the large national networks and certainly in the Tier 1 ISPs.

If it's an attack simulating the application (eg. a HTTP attack to a HTTP service) from similar networks as legitimate clients then you need a more intelligent scrubbing capability that can analyse and block the traffic in detail. For that it's big.

How NSA continued to spy on American citizens' email traffic – from overseas


Re: Haven't a clue

As the four cases of diphteria in vaccinated people in Europe show, all this vaccination is just totally a waste of time and money.

Feeling ripped off by your ISP? It's getting cheaper to pipe your packets globally


Re: Mbps per month is a strange unit

$1 per Mbps per month is $12 per Mbps per year or $120,000 per 10Gbps per year. So it's a bit less than $2m.

East Timor was officially removed from the internet yesterday



Ordnance Survey disagrees and includes the surrounding islands in the term GB: "Great Britain is the official collective name of of England, Scotland and Wales and their associated islands."

Expired router cache sends Google Cloud Engine TITSUP


Re: Remind me again

"100% global availability SLA" http://www.akamai.com/html/resources/cloud-architecture.html

"Rackspace guarantees that its data center network will be available 100% of the time" http://www.rackspace.com/pt/information/legal/cloud/sla

Many people would call 100% stupid yet accept 99.95% as perfectly valid. However if measured monthly any long outage would breach a 100% SLA as much as it would breach a 99.95% and hence in reality 99.95% can be guaranteed as much or as little as 100% can be.

Stupid? Reality of SLAs is much more difficult than looking at a single number.

Google boffins PROVE security warnings don't ... LOOK! A funny cat!


“We attribute the low comprehension rates to the difficulty of creating an SSL warning that is simultaneously brief, non-technical, simple, and specific"

What's the solution? Changing the wording of the warning clearly isn't sufficient. As long as the browser doesn't have sufficient information to distinguish a harmless forgotten renewal or incorrect local configuration from a genuine attack that problem will remain.

I believe we need new protocols and infrastructure that focus on the negative validation case. The client such as a browser needs more information to make an informed risk assessment. For example:

- has the certificate recently changed

- do I get the same certificate as other clients

- do other clients also have certificate failures or is it only me

- would it validate ok if the client had a missing root certificate

- contact the certificate issuer in case a client verification fails

Telling the average user to not proceed any time there is a certificate error is not realistic or practical. With such additional information however the client could distinguish between a low-risk configuration error and high-risk targeted attack and hence make clear recommendations that can sensibly be followed.

Landlines: The tech that just won't die


Re: No dialtone required

That's called Left in Jumper. Openreach doesn't bother to disconnect the copper line.

Technically there is indeed no need for dialtone for ADSL. PSTN and DSL are two independent services using different frequency bands on the same copper pair.


Static IPs

"It would likely be easier, they think, to issue a fixed IP address by default than to set up an infrastructure of DHCP servers, and then charge a monthly fee not to use them."

I wouldn't comment on what you think, nor discuss your obvious enjoyment in Big Telco bashing, Let's look at the facts instead.

Static IP addresses have a number of drawbacks. You need to have them in the first place. RIPE is not going to allocate large amounts of them without significant justification and that just isn't there for the vast majority of customers.

You need to have systems to assign them and communicate them to your customers.

You need to have a support organisation that understands them.

Depending on the network architecture your IP session (PPP or IPoE) can often terminate on different devices (LNSs, BNGs). With static IP addresses you need to have a huge amount of dynamic, deaggregated routing information in your network to get to the right device. Think about millions of /32s if the network. Dynamic addresses are assigned to the device and hence pretty statically routed in your network (and aggregated).

All of this to satisfy the 0.01% of technically savvy El Reg reading (or writing) customer base. Really?

'Critical' security bugs dating back to 1987 found in X Window


Re: "X Windows"?

So few upvotes. Does that show our age?



Biting the hand that feeds IT © 1998–2020