* Posts by Joseba4242

75 posts • joined 21 May 2014


An international incident or just some finger trouble at the console?


Re: Figured out what THAT meant

Big Fast Router.

Curiously later processors could run either classic IOS or IOS-XR, though we never attempted a conversion.


Re: Figured out what THAT meant

Carrier Routing System (if I remember correctly)

A discounting disaster averted at the expense of one's own employment


Re: Alarming, fired.

"Which always makes me wonder, why did the orignal design / architect / plan not take into consideration all these points"

It's easy to put this down to incompetence or unwillingness. However I think the deeper reason is in the nature of such contracts. In order to specify fully you'd need to complete a good proportion of the design which by itself is part of the tender.

It's just almost impossible to specify precisely what you need in a reasonable sized document that takes a proportionate time to prepare.

Dropbox unplugged its own datacenter – and things went better than expected



Looking at this at reducing the RTO from 8min to 4min is a bit of a dangerous angle.

Imagine there was an earthquake that took out their SJ datacenter, and all services recovered with no data lost 8min later. Noone would complain; that would be celebrated as a success.

Imagine, on the other hand, a dirty failure that introduced instabilities which causes replication to have issues and hence data to be lost. Technically the service might have recovered in 4min but the impact and fallout would be massive.

Crucially their test was a planned failover. They FIRST drained all traffic away and THEN failed over. While this by itself is an impressive achievement, reality often doesn't allow you this luxury, and that's where things can go really pear shaped.

Google bans third-party call-recording apps from Play Store


Re: This call may be recorded for training purposes...

Both are data processing and require either legitimate interest or consent. The latter is only such if it is freely given. Listening to a recording wirhout the option of proceeding without consent is never consent.

Google Maps just got lost for a few hours


Re: Not Just Maps

60 Gbps at home! Can I move there please?

Only 29% of techies truly want to stay in current job

This post has been deleted by a moderator

A tale of two dishwashers: Buy one, buy it again, and again


Re: Adverts

What kind of albums did Cable & Wirelsss produce?

Linux tops Google's Project Zero charts for fastest bug fixes


2FA Success?

They call a reduction in account takeovers of 50% through 2FA a success.

I'd call this an abject failure.

Success for me would be 99%+ reduction.

BOFH: What a beautiful classic car. Shame if anything were to happen to it


Proving ID

My experience with Santander: Made online transaction a bit larger then normal (but to account I had previously sent to). Account blocked. Online unblocking needed details of recent transaction - there were none on this account. Went to branch. Passport was not enough to prove ID. Needed debit card which I couldn't find. Alternative was someone at branch who knows me to confirm ID. I don't know anyone at branch, doing 99% online.

1.5h later, sorted. Sigh.

Wifinity hands customers bills for Wi-Fi services they didn't want but used by accident after software 'glitch' let 'fixed term' subs continue


Telecomms Costs

Infrastructure needs to be refreshed and expanded and hence its depreciation is a real cost that ends to be factored in all the time.

Additionally customers expect an exponential* increase in bandwidth consumption without cost increase. That also requires constant reinvestment.

Then there is customer service and repair which takes up a significant proportion of the fees.

At the prices of Internet access in the UK this really isn't a high-margin "cash cow".

* Bandwith consumption has for a long time been "exponential" in the true meaning ie multiplying each fixed period. Not just meaning "large" as it's normally used (a pet hate of mine)

Judge rejects claims Cloudflare should be held responsible for customers' copyright infringement


Re: "We agree with the district court’s reasoning"

As others have commented the problem with the "roads" argument is that is justifies any and all support for criminal activities.

Take banks for example. With the same "roads" argument you could say that banks are just providing the transport of money (legal and illegal) just like roads provide transport for goods (legal and illegal). So banks shouldn't have to do any money laundry and customer checks and should be allowed just to serve any customer.

Some may think that this is right but it's certainly not a majority view.

Cloudflare slams AWS egress fees to convince web giant to join its discount data club


Why just AWS

This does deserve serious attention but why single out AWS?

Using the 80x cost from the blog, we get 98.8% profit margin for AWS. If they did offer 27% discount quoted, that would still be 98.3%. An improvement, yes, but still atrociously high so really they should call them out together.

Add to that that GCP starts at a 22% higher cost so a 27% discount on is just a tiny amount less than AWS.

No change control? Without suitable planning, a change can be as good as an arrest


Risk Questions

The two risk questions typically asked (and postulated in the article) are "how likely is it to go wrong" and "if how what's the impact".

These questions have a fundamental flaws. Firstly, there isn't a single dimension. A typical change has some low-likelihood change of something going a little bit wrong, and a very-low-likelihood chance of going very seriously wrong. These can't be put into a single answer.

Secondly, both of these questions are next to impossible to answer objectively and hence with a degree of repeatability. Different engineers will, perfectly legitimately and competently, come to different answers. For example one engineer might consider a typo in applying a change with impact to one particular service as the impact to focus on as it's the most common scenario. Another one would instead consider triggering an unknown software defect that impact a whole host of otherwise not directly related services, as this is the worst case impact. In either case it's difficult to see how "likelihood" could be objectively described.

Thirdly, these questions put the focus in the wrong place. It focuses on the expected outcome of the change so encourages not just wishful thinking but also focus on the "expected unexpected" outcomes.

I am advocating two different questions instead: "How quickly do you notice a problem" and "how quickly and reliably can you roll back". These two questions are considerably more objective, and they drive good behaviours such as focusing on monitoring which might otherwise be overlooked. Crucially it encourages to think about worst-case service restoration which is often most relevant for the business - think about 5min worst-case impact vs. hour of worst-case impact. So these questions focus on dealing with the biggest issues in a mature change control environment - the "unexpected unexpected".

UK government bows to pressure, agrees to delay NHS Digital grabbing the data of England's GP patients


Re: Matt Hancock to involve patients

What they actually said is that the literal meaning is correct - they were consulted - but they objected.

Global Fastly outage takes down many on the wibbly web – but El Reg remains standing


Good plan ... except all this does is to shift the SPOF from CDN to CDN selector so doesn't solve the problem.

And it introduces significant additional complexity which experience shows is often the cause of problems. If you are serving a simple static page that's not an issue (but then you wouldn't be quoted here). Larger sites need to consider for example test coverage, troubleshooting, logging etc. which are all far more complex on multi-CDN.

Thinking you can just re-point a CNAME is, well, wishful thinking.

And that's not even touching on large services that need to do capacity planning with the CDNs and take selector decisions based on load.


Tell that to the likes of Mozilla who think that there's nothing wrong with defaulting to a single global DNS provider.

Apple: We didn't take commission on 90% of App Store sales and billings


Why not Amazon?

Amazon, Netflix, etc - why are they allowed to use their own payment gateways and hence not pay the 30%?

Cloudflare launches campaign to ‘end the madness’ of CAPTCHAs


4.5bn users times $20 is $90bn. Quite something created there, more than 10 times the UK music industry.

So I'm saving 15 minutes per year, on average. That assumes it takes 0 seconds to find the device which is certainly not the case for me.

Then add the time to select and buy the device. Then add the time to make this work on every single device which likely adds up to a few hours. Then the time to troubleshoot when it doesn't work. Then the efforts to take a tiny device with me anywhere because we don't already have enough in chargers, cables, adapters etc. Then add the time and cost to replace it when it gets lost.


Aviation regulator outlines fixes that will get the 737 MAX flying again


Re: Hmm.

In that case you will avoid the airplane that has had the most intense safety scrutiny and awareness amongst pilots. There won't be a single one who is not fully aware of MCAS and its dangers.

Avoiding all Boeing planes might make more sense on the assumption that these failures stem from systematic corporate culture and governance failures.

Avoiding all planes relying of FAA certification even more so given that they are ultimately responsible for allowing much of this to happen.

It somehow restricts your options though.

Finally, made it to the weekend, time to breathe, relax, and... Cloudflare's taken down a chunk of the web



Mozilla should take note. If their vision* had become reality, a single configuration error on a single router would have affected all Firefox users.

* Use DoH for all users, with Cloudflare being the default

House of Lords push internet legend on greater openness and transparency from Google. Nope, says Vint Cerf


Re: Cerf was right - you wouldn't understand it, and nor would he

Quite so, they asked the wrong questions. Even assuming that the algorithm itself is completely black box there are plenty of questions to ask.

What training data so they use? How do they evolve the algorithms? How do they judge whether they are working well? How do they incorporate new sources of data to search? How do they counter-manipulate deliberate attempts at manipulating results (SEO)?

You. Drop and give me 20... per cent IPv6 by 2023, 80% by 2025, Uncle Sam tells its IT admins after years of slacking


The No-Solution

"in recent years it has become clear that this approach is overly complex to maintain and unnecessary."

So the solution is to go single stack IPv6 which (to my knowledge) no complex enterprise has yet achieved, despite some like Microsoft trying very har

C'mon SPARCky, it's just an admin utility update. What could possibly go wrong?


Re: Just following instructions....

You had a mainframe where devs could spin up VMs, managed databases, message buses etc though a self-service API?


It's been one day since Blighty OK'd Huawei for parts of 5G – and US politicians haven't overreacted at all. Wait, what? Surveillance state commies?



I'm genuinely puzzled what this is all about. Huawei has been in 4G networks in the UK for a long time, with no apparent or even bemoaned "loss of sovereignity".

There are many cries of China getting access to "data" but in almost all cases nowadays data transfer uses TLS so that's of little use. Other forms of data like location have been available in 4G already. So what's different with 5G? That there are potentially more devices (assuming someone finds an actual use case)?

This episode of Black Mirror sucks: London cops boast that facial-recog creepycams will be on the streets this year


"1 in 1000 people scanned would generate a false alarm. That's going from a known and proven failure rate of 98% back in May 2018 to one of 0.1% today."

No it's not. 98% of people flagged were not on the watchlist. That's not the same as 98% of people being flagged.

Say 100,000 people are caught on camera. 98 are flagged innocently, 2 are on the list. Here you have 98% false positives as reported before, and 0.1% false positives as reported here - they are very different metrics.

It grates me if numbers are so grossly misused. Just because you agree with the criticism (which I do BTW) you shouldn't just blindly and uncritically believe and repeat every argument that "supports" your case.

Hold my Bose, we can do premium: Sennheiser chucks pricey wireless cans at travellers


Sound Separation?

I am looking for a noise cancelling headphone with good separation of voice from background noise, to have business calls in less than ideal environments.

To that end I looked at the usual contenders - Sony WH-1000XM3, Sennheiser Momentum 3, Bose NC700 with "unrivalled four-microphone system" and compared them with my inelegant but trusty £70 Jabra Evolve 40.

None of them come anywhere near. Where the person at the other end of the line struggled to understand me in a noisy environment with all three of them, they hardly heard any noise on the Jabra.

I wish this one is better! (that's allowed in this season, isn't it?)

What do Nginx, Twitch... and the English Premier League have in common? Russians. It's always the Russians


Re: I get a bit bored

It's perfectly possible to match live streams with extremely low rate of false positives.

Other major platforms (YouTube, Facebook) implement this; Twitch hasn't made the investment.

You need to be careful what you match against though - for example remove ads in the reference stream.

Londoner admits illegally accessing National Lottery accounts


Re: Statistically speaking, his chances of a prison sentence are low.

"Exponentially" is a term used to describe the correlation between two metrics and has no meaning where only one metric is involved.

It is not a synonym for "much".

Newly born Firefox 71 emerges from its den – with its own VPN and some privacy tricks


Re: Few legitimate uses of VPN?

ISPs are more "hostile" than a US company with no accountability in your country, one that is required to give TLAs any access they request?

We are absolutely, definitively, completely and utterly out of IPv4 addresses, warns RIPE


Re: "We have now run out of IPv4 addresses"

How, exactly, does adding 4 bytes instead of 12 bytes make the transition any easier?


Re: The internet will be privatised

Enabling IPv6 does not remove the need for IPv4 connectivity. It certainly helps with scaling CGNAT but you still need it.


Vicious Circle

As long as significant number of end user connections are IPv4 only, pretty much all services will be available on IPv4.

As long as no significant services are IPv6-only, significant numbers of ISPs and end users won't have IPv6.

It's a vicious circle. Increased adoption does not help this at all. Whether 20% or 90% of traffic is IPv6, still 100% of end users and 100% of services require IPv4 connectivity.

It's not clear how to break out of this. The complaint that IPv6 isn't compatible with IPv4 is old and easy to make but at the same time no "compatible" proposals have been made that work and address the key problems.

The immovable object versus the unstoppable force: How the tech boys club remains exclusive


Re: Misguided

So with the flick of a switch you suddenly change all that is currently in the way of equality such as the encrusted views and attitudes of the typically older, male leadership.

Sounds like a plan.

Here we go again: US govt tells Facebook to kill end-to-end encryption for the sake of the children


Re: "Outside the digital world, none of us would accept the proposition that"

Outside the digital world we do actually accept that that police with a warrant can enter your house through any means necessary.

This is NOT a proposal to have a global externally held decryption key that can be used without Facebook's authorisation or knowledge.

Get ready for a literal waiting list for European IPv4 addresses. And no jumping the line


Re: What's the problem

Problem is that IPv6 doesn't alleviate the need to support IPv4. You still need to supply every single customer with the ability to communicate through IPv4.


Re: Untill Mainstream ISP's...

BT and Sky aren't mainstream ISPs?


Re: IPv6 was designed by theorists

Problem is, there just isn't any other proposal that would allow seamless interoperability and migration in a way that would allow users or services to drop IPv4 support during a transition phase.

It's easy to say that the problem is that IPv6 was designed by theorists, but there's no alternative that doesn't have the same fundamental flaws, full stop.


Re: We need a new approach

"If users start asking their ISPs for ipv6 en masse and moving towards isps which already support it you will quickly see support expand."

The fallacy that has plagued IPv6 from the beginning is the belief that increased support for users or increased support on services somehow reduces the need for IPv4.

It doesn't. As long as there are any commonly used services that are only IPv4, or any users that have IPv4 only, ALL users and ALL services will have to remain to be IPv4 enabled.

Low Barr: Don't give me that crap about security, just put the backdoors in the encryption, roars US Attorney General



At risk of massive downvotes: "This kind of special secret access has already ended in disaster". It might have, but the example given with the Juniper backdoor isn't one of them.

What they are asking for is a process where they can approach WhatsApp, armed with a court order, where WhatsApo can validate the request and then silently add the TLA to the conversations. This is nothing like the Juniper cast which is unlimited, uncontrolled, autonomous "root" access through a single unchangeable secret.

Where are the examples where these powers that have existed in PSTN networks for decades have led to disasters?

How does UK.gov fsck up IT projects? Let us count the ways


22 Months?

Crossrail is 22 months late? Wasn't it supposed to be ready for the Olympics in 2012?

Internet imbeciles, aka British ISP lobbyists, backtrack on dubbing Mozilla a villain for DNS-over-HTTPS support


Re: DoH isn't "uncontroversial"

Lots of specific, concrete issues brushed aside with a one-line ad hominem attack. Quality commentary!

How about refuting them instead?

Or explaining why the vast majority of internet users who will use the default settings should trust Google and Cloudflare more than their local ISP?


Re: How will DoH affect ad blockers?

Fixed IP addresses can be detected and taken down; that's why they use DNS which survives much better.


Re: "However, this privacy-protecting technology has turned out to be controversial"

Quite so. Whether or not we should hand over DNS lookup data for 70% of browsing and 80% of mobile activity to Google seems uncontroversial to me indeed.

Cloudflare gave everyone a 30-minute break from a chunk of the internet yesterday: Here's how they did it


Re: I'm worried they'll outlaw Kodi in some unenforceable way...

While Cloudflare was refreshingly open about the technical cause for the outage, they have not touched on the process issues.

There's always a possibility that a change, however thoroughly lab tested, has unintended consequences in a large-scale production environment.

That's what good old phased rollouts are for. Why have they make an immediate, global change? That approach should have raised a very big, crimson red flag.

Please stop regulating the dumb tubes, says Internet Society boss


Re: IWF Handwringing

IP blocking doesn't work because of shared hosting, and SNI hostname based blocking for HTTPS won't work if eSNI becomes widely used.


Re: Public blacklist...

"It'll also make amplification DDoS quite a lot more difficult"

No it doesn't. Just because DoH is deployed, even if deployed widely, does not mean a single Do53 server is shut down. Unless that happens those same Do53 servers (even if used less by "proper" clients) can still be used for DoS attacks.


"You could embed the blocklist in servers on the internet."

No you can't. Well, technically you can of course but in reality it cannot be enforced.

The whole reason why blocking happens on infrastructure level is because it doesn't work at server level. ISPs are accountable to local jurisdiction, the operators are (usually) responsible businesses and there are a reasonably small number of them so they can practically be addressed.

There are hosting providers out there that tolerate kiddie porn. If even that content can't be removed from servers, what chance is there for other illegal content?

Why would IWF bother with ISP blocking if they could just get that content removed from the servers?

That's not even talking about jurisdictional issues for which there isn't an obvious answer. Why should a server operator in Netherlands block content that a UK court deems illegal?

There simply isn't any alternative. What they are proposing means in reality no content, however bad, will be blocked one the proposals are implented. This argument of "I agree with the intentions but there are other means" just isn't true.

You won't guess where European mobile data was rerouted for two hours. Oh. You can. Yes, it was China Telecom


Re: That's what happens when you use a Huawei router....

China Telecom is much better. British Telecom will do silly things disrupting your internet connection such as filtering your prefixes.



Biting the hand that feeds IT © 1998–2022