May your tenure be long and untroubled, may the registry prices be ever reduced to £3/year range and may Nominet's bizarre and irrelevant side hustles be dropped. Look forward to seeing you help turn it around to become the good registry it used to be.
Posts by ~chrisw
55 publicly visible posts • joined 5 Jan 2016
He's only gone and done it. Ex-Register vulture elected to board of .uk registry
Sharing is caring, except when it's your internet connection
Re: My Fav
Agreed. I get enough unwanted email intended for other people to my (2006 vintage) gmail address, I'd hate to have something like blah@ or foo@ due to the torrent of formspam. Double opt-in should be mandatory! I get tetchy enough as it is redirecting emails intended for other people with the same name but slightly different addresses.
One amusing byproduct is that I've built up an informal database of extensive personal information on these other people over the years, just from emails sent to me.
Sir Tim Berners-Lee and the BBC stage a very British coup to rescue our data from Facebook and friends
From your vantage point, that is your opinion. Whilst valid, it is not the only opinion.
For generations of kids, CBBC, CBeebies and the significant amount of free educational content available through Bitesize and Lockdown Learning (just two examples) provides a wealth of educational content not provided by anyone else. I remember growing up watching and learning from their Schools programmes broadcast overnight which the teachers taped to show us in the daytime. And the morning and afternoon CBBC shows entertained me for hours each week (with occasional flips over to CITV).
Nowadays it's sport, dramas, docs, serials, current affairs including some deep and lengthy investigations (e.g. this week's unveiling and coverage of the Pandora Papers in coordination with other journalists around the world) plus I regularly enjoy four of the main network radio stations and various bits and pieces on Sounds. Some of the radio dramas released over the last couple of years have been excellent.
For other audiences there's various programmes, a mix of new and long-standing, many with steadfastly devoted audiences like GQT, Songs of Praise Farming Today, Gardener's World, a certain longest running radio serial in the world broadcast on Radio 4...
And then you have the marvellous diverse palette of music, speech and informational radio; the diverse, challenging and sometimes very controversial commissions for outlets like BBC Three which become wildly popular cult hits; the hugely successful mainstream primetime entertainment shows (which personally I can take or leave)... there's plenty going on. Lest we forget the expansive web sites and significant cross-media coverage of major political, news, sporting events etc. All free at the point of use. The BBC's mantra is literally "for everyone", not just one person's particular viewpoint. :-)
There's an entire training course for every single employee (not just journalists) to reiterate and explain the importance of balancing due impartiality and due weight. I agree over the years some editors and presenters haven't done a very good job of this, but it seems people are damned if they do and damned if they don't. Hopefully the BBC as a whole takes a firmer stance on not giving equal minutes of airtime to patently fringe or harmful ideas being espoused on their main debate/panel shows or news articles.
Re: the Scottish game
With regards to sports rights, it's a simple money game. BBC can't afford blanket rights for everything and commercial competition is squeezing them out left right and centre. Heck, there were even rumblings pre-Covid that they might not necessarily have banner events like Wimbledon, the Boat Race and the London Marathon for much longer (and look at this week's news about the Marathon potentially going to another broadcaster, thanks to a change of mind from the rightsholders).
The deal that was struck between broadcasters for the Euros meant that the BBC only got a very limited number of games, so - logically - it went for the ones with the biggest relevance to the largest possible audience. It's the cold reality of sports rights.
Seagate UK customer stung by VAT on replacement drive shipped via the Netherlands
"incorrectly declared faulty item export has replacement's import VAT correctly applied". UK customs have to adhere to the new process, so this seems more a failure both by Seagate, to communicate the new required procedures by the exporter, and the exporter himself in not adequately researching the customs requirements, which is slightly surprising.
Once upon a time I worked for an indie label and we exported physical product to the US, UK and Asia. I was well aware of the various customs declarations required and the importance of not screwing it up, particularly for the US. Now we have to do the same thing for Europe.
I agree it's shite, and I have sympathy for how the person feels hard done to, I'd be just as frustrated. But hey, that's what the majority seemed to want.
An expensive lesson for this guy that shipping returns across customs areas is still subject to the same rules as trade export, next time he'll check the paperwork. Write it off as a business expense for tax purposes...
Pure frustration: What happens when someone uses your email address to sign up for PayPal, car hire, doctors, security systems and more
And I thought it was just me...
I've had this problem for a few years. At first, it was fairly benign - CCed on some osteopath's correspondence. It was fun doing some amateur sleuthing, ringing around and calling the US (free on Skype and Google Voice of course) to get in touch with people.
Nowadays, the easy wins are sorted, and it's only the more insidious inaccurate sign-ups reported. What's worrying is how willing some organisations are to provide full biographical info about a customer, or even provide access to what should be fairly sensitive services - bank accounts, credit cards, mobile phone accounts, memberships of various clubs etc. At a glance, current emails in the "Wrong me!" category (notwithstanding any I've missed) has just surpassed 1,200...
It highlights the abject failure of almost every service to double opt-in or adequately confirm email addresses before adding an address to an account. Interestingly it's the social media organisations, particularly Facebook/Instagram and a handful of others, who proactively invite the recipient to click a link to flag their address as incorrectly added to an account - presumably this goes into a feedback loop to flag potential spam accounts. I've dealt with a rash of those on one client's business email address recently with loads of junk/spam follow Instagram accounts.
Crazily, the longest running saga is that of Microsoft and XBox accounts. For over five years, my address has been associated with an XBox Live account holder and Microsoft say not only do they not have a mechanism to deal with addresses incorrectly added on an XBox account, they have no means by which an individual can even speak to support to discuss the matter.
I've not bothered to start ringing Microsoft's Reading HQ yet, but it's not far off... I now have a dedicated GMail labels for this one person's MS XBL emails. Filing away the misaddressed emails has almost become a weekly ritual, I feel like something's missing if I don't get to do it.
It's not all frustrating though. I have had some particularly juicy stuff inadvertently sent to me... Criminal records and background checks were quite interesting...
It's always DNS, especially when a sysadmin makes a hash of their semicolons
Re: Back in th eday? Still!
On one of my old customer boxes, bind's validator borked and the box was nearing EOL... I never fixed it. Just a shame the box was multiple domains' primary NS. A few nail-biting occasions where I realized just in time I'd syntax errored - I'm now exceptionally methodical with zonefiles. And everything gets bonus rsnapshotted daily!
Far-right leader walks free from court after conviction for refusing to hand his phone passcode over to police
He should be grateful he's British
If he was Russian and going on an equivalently unfavourable trip to meet anti-Putin, pro-freedom of speech activists, he'd disappear for 9 months in the company of the FSB until he provided an accurate PIN or Touch ID finger. He should be grateful he got off so lightly.
Brother, can you spare a dime: Flickr owner sends mass-email begging for subscriptions
Glad the freetards are gone
I used Flickr for free for over a decade on their free tier. After its divorce from Y! and subsequent acquisition, I enjoyed the storage increase to 1TB, still for free. I increased the number of Flickr services I use - now it's an important part of my life. Then came the Pro-or-GTFO for >1000 images and it made me assess the value proposition.
You realise $50 a year is not a lot for what they provide. At its core, solid image hosting with ubiquitous availability. Photostream, portfolio, collections, albums, tagging, groups and all the other features including ad-free browsing, advanced stats, desktop upload tool (incredibly useful), 6K photo display option for high res images, longer video lengths, etc. The Android app also does image syncing which I use on my phone - excellent if you don't solely trust Google, Amazon or $friendlybigcorp to archive your most important photos.
In my younger years, I used to be a free-tier crusader. Now, running my own servers, services and maintaining them for others (both in personal and work capacity) I appreciate someone else doing the hard work for me.
Smugmug's added a bunch of perks and offers for other services (including 50% off a smugmug account - haha - and an IP infringement monitoring service which could be genuinely useful for professionals already on Flickr). The other stuff's nice if you want to get things printed or merch made, there's also learning courses and a 2 month trial of Adobe CC Photography plan. That's fine, I don't need most of that, but I'm sure others might.
You can be a curmudgeon and argue "what should I pay them for?" - and fundamentally it's for it to not be your problem.
Given the various things I manage/admin, I'm fed up with worrying about servers, services, uptime of underlying hosting companies, managing DNS, email services, disk space, system security and patching cycles... all the stuff which comes with self-hosting. Adding photo hosting to that, and putting another egg in the same basket as all my other personal email and web sites doesn't feel sensible. My photos and videos are so important to me as memories I actually back them up in several places (including Flickr and Google Photos).
I suppose most of us Reg readers could bang something up on AWS on Azure, self-manage the auto-backup of photos plus whatever we'd implement to upload, archival and display other photos. Perhaps add a public portfolio/gallery and add stats monitoring, embedding stuff, etc etc. It would probably be less elegant than the existing Flickr and Google Photos Android apps and web sites unless I spent hours developing replacements, and what's the point? My time is worth far more than $50 an hour.
Also I'm ideologically opposed to giving yet more money to Amazon who act so unethically regarding tax contributions in this country. Azure isn't much better. The convenience and relative price effectiveness of practically unlimited storage on a familiar, mature web service is great. In my case, Flickr's hosting over 225 GB (and counting) of my photos spanning well over 15 years, with pretty much continuous availability since I joined. For its flaws, it's still a great platform, and they are still updating the design and other features.
If Flickr hadn't done anything to drive conversions to Pro membership, people would have accused them of failing to move with the times, they'd die on their arse and nobody would mourn them. If some of the freeloader members go elsewhere and unburden the service of their library, fine by me. I converted from lifetime free to Pro member, and what tipped the balance was realising that it's worth it for the features I use.
For those only storing a few hundred photos on Flickr, nothing changes, enjoy your free account. If you'd uploaded >1000 images pre-cull, what truly stopped you ponying up $50? And if you're simply opposed to giving anyone any of your money for anything you use, enjoy your free-tier, ad-supported, best-effort support pauper status accounts :-) Enjoy your free beer from the pub driptray later.
Mystery GPS glitch grounds flights, leaves passengers in the bar
Cheapskate Brits appear to love their Poundland MVNOs as UK's big four snubbed in survey again
Except they recently discounted the price of their top AYCE Advanced package (uncapped data, uncapped tethering, unlimited calls and texts) down to £20 pcm on 12 month contract. I was rolling along on the 600 minutes version for two quid a month more - switched in a heartbeat.
I accept providing certain levels of data costs to operate radio networks, provide infrastructure yada yada - I'm happy to pay a reasonable cost. £20-25 for unlimited everything with no horrific traffic shaping past a low threshold (looking at you, giffgaff) is a pretty reasonable deal. The mega cheap tariffs are simply feasible because call and SMS infrastructure is there and total cost is so low (and utilisation falling year on year) the providers don't mind. Data is the cash cow but building out infrastructure capacity and sufficient backhaul is increasingly costly.
Three have had the most generous packages for a while and brought in some of the things like inclusive roaming a good couple of years before other providers. Many years ago I started off on Voda, migrating to O2, then T-Mobile (Flext with Web 'n Walk for pretty high allowances of 3G data and that was back in 2005!) which became EE, but I've never been as happy a customer as when I've been with Three. No mucking about with retention deals you have to hassle for at renewal, just simple prices, good features, a few nice perks and overall good reliable customer service. Can't speak to everyone's experience but I've been a Three customer for over a decade.
Three had coverage issues in early 2000s (remember the voice-only 2G Orange backfill areas?) but coverage and speeds have significantly improved since. MBNL partnership benefitted both providers in rural areas. Three's weak point remains indoor coverage in some areas due to spectrum allocations and cell site paucity (my employer has mobile repeaters installed in our building, but only for two telcos)...
This won't last forever though. Their service overall is great and prices are amongst the best in the industry. Even with the option of going to Voda or O2 on one of their top packages with company scheme discount, the packages can't compete. At the moment I think no other major provider can match Three on tariff features, data allowances and general levels of customer service. I was happy to recommit for another year.
Begone, Demon Internet: Vodafone to shutter old-school pioneer ISP
I knew it was curtains for Demon when they delinked from EFNet
RIP Demon Internet, 1992-2019 (RIP efnet.demon.co.uk, 1993-2009).
Once the IRC closedown happened, it was only ever going to be a downhill trend from there. Corporate overlords' writing was on the wall. Usenet gone before end of 2014, email and hosting transferred in 2015 - very surprised the brand lasted another decade (!) without being totally subsumed by Voda, good on whoever was left of original Demon supporting their remaining customers.
I'll be sad to see the Demon brand definitively shuttered, Voda should relaunch it as a specialist / niche VISP utilising their infrastructure. Perhaps some hybrid product offerings for those living in notspots.
This is a nice, albeit brief read: https://www.uknof.org.uk/uknof11/Davies-History.pdf
(And don't forget their role in the creation of LINX)
Wi-Fi Alliance ditches 802.11 spec codes for consumer-friendly naming scheme
I'm conflicted on this
I understand the 802.11 designations perfectly, they're succint and useful.
I recently attempted to explain the distinction to both my mum and a neighbour - strangely enough, both times while setting up their new wireless routers (broadcasting both 2.4 and 5 GHz SSIDs) and doing the usual rain dance pairing devices.
Despite explaining using VERY high level technophobe language half a dozen times - each time with genuinely easy to understand, increasingly simple analogies - they just couldn't wrap their heads around it. In the kindest possible way, it felt like I'd just tried to explain chess basics to a toddler.
To most non-technical people, Wi-Fi is just a wibbly thing which usually runs well, sometimes runs slow, but is A Thing Which Basically Works. If it's easier to explain to my mum why her router now advertises a Wi-Fi 5 and a Wi-Fi 6 hotspot, while her old tablet can only see the v5 wibble, that's fine, I get to the pub quicker.
If I can toggle marketingspeak for descriptive labels (a/b/g/n/ac/ax) on my devices, I'm OK with this. I'd rather devices be able to display estimated mbit/sec throughput - or even just dBM - with a simple toggle, instead of arse about with third-party apps.
TV Licensing admits: We directed 25,000 people to send their bank details in the clear
Service charges on leasehold flats or properties for things like 'lift maintenance', concierges and so forth, even when management companies do a terrible job / no work at all.
Paying council tax when, increasingly, council-funded services are having to reduce budgets due to increasing deficits, resulting in things like poorly-maintained highways or completely closed public facilities (where have all the public loos gone?)
For what's provided in return for the licence fee, it seems like a pretty balanced deal.
* Globally recognised R&D which generates income for UK industry and leads the world in broadcasting standards
* World-class, pioneering on-demand platform
* So many TV and radio shows
* A host of online content and services
* A network of national and local radio and TV stations, including dedicated national language stations.
* Extensive coverage of Parliamentary goings-on
* Regular, massive charitable fundraising campaigns
* Significant 'soft power' working in our interests overseas
* A globally recognised and admired World Service
(Believe me, in countries where there's free or independent media, the BBC is lauded as an acclaimed, trustworthy broadcaster. Have first-hand experience of this. It's only in the UK where the BBC's constantly accused of bias from both sides!)
It's a chunk of cash, but when you consider Switzerland charge about £400 a year for a licence and loads of Scandi countries also charge several hundred a year... Most countries with TV licenses also show ads (except Norway, Sweden and Finland I think?).
Heck, Slovenia still charge for a radio licence even if you don't watch TV. That's horrific.
Trainer regrets giving straight answer to staffer's odd question
Keyboards, phones and liquid ingress, oh my
I've come across a few terrible BT slice-and-dice wiring jobs in my time, however sometimes they've required a little 'fettling' to be deemed consistently faulty enough to warrant the FOC Openreach visit. In one case, all it needed was to have been jelly crimped properly in the first place, but cheap crimps, water ingress, outdoor jumper box fallen into disrepair... Poor show all round really.
I'm not perfect. I once spilled nearly a pint of orange juice into my fairly new MS Natural Keyboard Elite. This was the original model, made in Mexico, without the hotkeys (and shipped with a USB adapter for the brave early adopters amongst us).
Surprisingly, after tipping out most of the juice, taking it apart, wiping down the boards and letting it all dry, the thing worked perfectly for another decade until the left Ctrl and Shift keys slowly started to fail. I still have it, but it was retired in favour of a Topre switched TKL. I can't quite bring myself to throw it away, it's a neatly engineered design and is still my favourite keyboard shape.
Better yet, I was installing a toilet once and using an old work iPhone as a light source. Later that day after the grout had sealed, I managed to idiotically drop said phone-torch in to the toilet just after test flushes but before it 'entered service'. Top five of my all-time idiotic moments. Promptly retrieved, but still got a dunking, though fortunately not all the way to the bottom speaker and mic grilles. It also had a Mophie fitted which may have protected it a bit.
The phone was powered off and buried for three days in a sealed container of rice and silica beads on the windowsill. And on next boot... perfect operation! So thank you tight manufacturing tolerances, because I cba with the hassle of sorting out a new work phone - it would have been an old stock model anyway.
The phone is now nearing the end of its natural lifespan, and the Mophie has decided it can't recharge the phone (though passthrough still works), but that's the extent of it. The Mophie probably would have packed up anyway by now given the amount of impacts it's had.
These stories have nothing on the workplace stuff though. Coffee spilled into a brand new mixing desk then left unreported for a week was an amusing anecdote told by a colleague (upon cracking it open, the affected cards were covered in various forms of life). Though some of the most painful (and expensive) stories are the ones involving genuine accidental damage.
And finally, no harm done except bruised pride: I once gently explained to a journalist that the reason her iPhone interview recordings sounded so bad was because she was holding the phone with the main microphone pointing 180° from her subjects. The reason the on-screen interface was still upside down was because she had rotation lock engaged.
Now you can tell someone to literally go f--k themselves over the internet: Remote-control mock-cock patent dies
The last phablet? 6.4in Samsung Galaxy Note 9 leaves you $1k lighter, needs 'water cooling'
Re: Nobody buys Samsung anymore...
Samsung pushed out monthly updates for July and August for my new S9. Granted, one of the things the August update did was fix the broken VoLTE feature which presumably they broke with the July patch, but at least they're trying... ;-)
I'm hopeful I'll receive future Android security patches - I didn't even get those from LG on my flagship handsets. Total disappointment with them and zero meaningful customer engagement.
I similarly weighed up for a LONG time buying an S8, 5T or S9. The S8 is a great value handset now but I wanted some of the physical design improvements (stereo speakers with decent bass, dual iris back camera and the higher resolution screen than the 5T were what swung it).
The curved edge screen is a pain to apply a good curved TGSP to, so some people might prefer the 5T's screen design although it's only HD not 2K HDR (like the S9).
I royally messed up my first attempt at a Whitestone Dome protector on my S9, and only just about made it acceptable after lots of finessing. Now I need to find a good supplier of more LOCA!
Tech team trapped in data centre as hypoxic gas flooded in. Again
LG G7 ThinkQ: Ropey AI, but a feast for sore eyes and ears
Re: LG G7 ThinQ: Raising a StinQ.
Once upon a time I had the 4G LTE variant of the Galaxy S3. Great phone, except one day I saw a burst of static on the display then it never functioned again. Sad times.
So, I bought the LG G3. Good phone in general, though I was frustrated by its undefeatable screen sharpening (unless you rooted and ROMmed). Then the SIM slot stopped working properly, I gave up and along came a G4.
Hurray! On the G4, no more screen sharpening. Nice screen, albeit a bit dim in daylight. Power button and volume rocker buttons on the rear of the phone were SUCH a good UX choice. Seriously, class-leading ergonomic design there. Who cares about a fingerprint reader when those buttons were so well placed. It gave the phone a nice profile, too.
Camera was pretty good for photos (tip: always leave HDR enabled) but video had that weird 'drunk'-style OIS where it can't figure out what you're doing with moderate speed pans or tilts. The S9 also has it, though not as noticeably in certain frame rate modes (seems to be the slower fps, higher resolution ones).
Sadly just before a year of ownership it started to bootloop, so was sent off for repair. Upon return, it worked again, but not long after that it started to get really hot almost all the time - and excessively chomped through its battery - which caused excessive 'screen burn' image persistence.
When you're able to read text displayed for less than 3 minutes for over an hour afterwards, frankly that's terrible.
I got so hacked off with the phone and its less-than-stellar cellular performance that I've just moved back to the dark side (Samsung S9). Thus far, the Samsung camera app is slightly 'quirky', but the phone is loaded up with all my software and so on and it's still pretty rapid, no obvious slowdowns yet.
No OLED problems as of yet either, and the S9's WiFi, 3G & 4G performance in marginal signal areas completely outstrips the LG. I can get moderate, usable signal where I previously had none at all.
And best of all - the S9 already received the June software security OTA patch after first boot. Impressive given the G4 still hadn't received an LG patch to fix all of the 2017 Android vulnerabilities by the time I bought its successor, it was stuck on a mid-2017 patch.
The LG G4 was effectively abandoned by LG outside of Korea after its release, despite earlier press releases from them stating to the contrary that all G4s would get Android 7. Only Korean G4s ever got Android 7, never mind Android 8.
I've read some less than glowing reports of the G7's camera - not enough progress, and marred by some of the same problems which dogged its predecessors. I have to say the S9's camera has generally impressed me so far, although it tends to expose slightly brighter than the LG (not always good) and its choice of white balance is sometimes a bit too cool for me (visually bluer than I'd like). The Pro camera mode is good enough though to counter-act this and there's lots of camera apps on the market.
The S9's audio quality is pretty decent, given it's nothing they specifically tout in the marketing. GSMArena seemed suitably impressed from their lab testing. It can drive my HD25s deafeningly loud, though I bet it would struggle with my 300 ohm 650s.
The S9 does interestingly include the AptX (believe to also include AptX HD) plus the very high quality and low latency Sony LDAC Bluetooth codec, so it'll be ideal to pair with premium headphones like the Audeze Mobius planars.
The S9 in Developer Options also has an impressive array of customisation options to fine-tune the Bluetooth audio settings (codec preference, bit rate, sample rate and even AVRCP version!) -- much more testing to be done soon with those... Finally I can bin off the horrible SBC codec.
You can get the S9 for £619 from Amazon or John Lewis; the G7 is a shade under £600. And in that respect, not considering the fact they will actually regularly receive future Android updates, I'd still have to pick Samsung. LG have lost me due to their incompetence with after-sales support and platform updates, which is a damn shame as I was rooting for them.
Fixing a printer ended with a dozen fire engines in the car park
Re: Had the fire brigade called to a five star hotel, in Malta....
Back in my school days, I worked part-time in a supermarket whose canteen had a commercial belt toaster. It was efficient at toasting, exceedingly so. This resulted in people fairly often putting bread in, walking off to the far side of the (large) canteen, then wondering why smoke was emanating from the toaster several minutes later.
It wasn't helped by people unnecessarily cranking the heat dial to 7 or 8 due to impatience, instead of adjusting the belt speed.
Several times, I had to improvise to eject multiple pieces of toast that were literally on fire inside the toaster - and somehow extinguish them before setting off the supermarket's fire alarms. I'm amazed it didn't cause a more serious fire.
Apple's QWERTY gets dirty, leaving fanbois shirty
Re: This is exactly why I now avoid Apple gear
A colleague with boss-level electronics experience recently repaired a fairly new smaller Samsung TV (21") whose power IC decided to let some of its magic smoke out and make a second component (HV ceramic cap) to fail in sympathy. It's apparently a fairly common failure mode in modern TVs due to the cheap caps they fit, a £5 component to replace, and an hour's worth of effort (apparently taking the casing off takes the most time). The TV once again works perfectly, whereas most people would either take it down the tip or RMA for a new unit if in warranty (we know the original would be binned eventually).
When I bought a Samsung 32" TV about five years ago from Richer I fortunately took out the 5 year cover... The LCD panel packed in with nasty vertical bars 15 months in so an engineer replaced the panel and it's worked perfectly since (touch wood). I would have been screwed otherwise: arguments of CRA/SOGA aside, you're often SOL unless you have a benevolent manufacturer warranty outside of 6 months.
This reinforces the point: technological advances leave us in a situation where things often prematurely fail due to complexity of manufacturing. Because they're so much more complex than even ten years ago, fewer people understand how to diagnose and repair the commonest types of failures.
I hate seeing good kit thrown out that's otherwise functional except for one failed component preventing it working. It happens on such a huge scale now. My employer alone must bin many tons of equipment which is declared as 'beyond economical repair'.
More than that, I hate things deliberately being made incredibly hard - or impossible - to repair or return to good condition. Making a phone a couple of mm more slender by glueing in a non-replaceable battery is a common example and it's been a primary motivator for buying LG phones up to now. But even they've caved to integrated batteries now.
I used to repair my own mobile phones if I damaged them, cracked the screen, damaged the speaker or camera assembly... It's just getting too hard now, even with disassembly guides, and kiss that manufacturer warranty goodbye if you try. But the general public doesn't need to give a shit about sustainability or longevity when the latest fondleslabs get glossy media launches every 12 months.
Crazy high industry-wide wastage, the wrong mindsets all round, and even after recovering all salvageable things like rare metals it's got to be doing our ecosystem no good. I wonder when we'll get the balance right between innovation and sustainability.
DVLA denies driving licence processing site is a security 'car crash'
As usual, it's rare that project managers action any of the sensible things recommended by consulting engineers, because that would skew the delivery timetable and budget forecast right off. Can't be having that. Bloody engineers always sticking their noses in, going on about 'industry best practices'.
Re: Certificate chain
And stupid esoteric stuff like the need for IP SANs to also be included as DNSname SANs so Chrome understands them. Certificates are getting quite complicated. No wonder ukgov's IT bods can't even check they have it working in all browsers and old insecure server settings disabled, they probably don't even know what a chain cert is.
Knock, knock. Whois there? Get ready for anonymized email addresses after domain privacy shake-up
Namesilo offers free domain privacy. I have tons of domains through them. And for all my UK domains, I've opted out anyway wherever relevant if the domain is registered as an individual (non-trading). This whole thing is a stupid kneejerk reaction to a misinterpretation of the law. All the commercial services which cache WHOIS information will still have massive caches of PII, probably mostly accurate as well. They should be worrying more than the registries.
23,000 HTTPS certs will be axed in next 24 hours after private keys leak
Re: Certificate Authorities are link banks: Print money and fuck you over
I remember the social engineering experiment a chap undertook last year to see how gullible/lax CAs were in respect to issuing confusingly named EV certs that could be used for sophisticated onward phishing/scamming. I think all bar one CA was guilty of slipping up at issuance...?
I'm happier with my Comodo certs than I would be had I stayed with my RapidSSLs at renewal. 2011 is a long time ago in computerland.
Pedantic is slightly unfair for some people, sometimes they're forced to be specific and have to handtool everything.
Some of the systems I've recently obtained certificates for have variable implementations of CSR generation - passably OK at best, deteriorating to crude or archaic at worst. They all have annoyingly long-winded and confusing routines to obtain the CSRs. This can even be from different products in the same family from a different vendor (and not cheap, either).
If only they could be automated! Once you step away from mainstream systems or devices, it quickly becomes pot luck. Sadly not every appliance will support offline generation or key replacement to facilitate the totally automated method you espouse.
I'm with you on automation but it seems a lot of other vendors still consider certificates an afterthought.
Heck, several of the appliances can ONLY generate CSRs which will always flag as invalid due to them not even having the CN as a SAN. And this is latest firmwares etc. Not much hope for the dream of total automation just yet...
South Australia bins emergency alert app, contract
Hackers' delight: Mobile bank app security flaw could have smacked millions
This is why personal certs are required
Multi-factor authentication using a secondary source of identity validation is more important than ever. We should have gone down the route Estonia took and issued certificates to every citizen for use with banking and governmental online services. Our current model of relying solely on one set of credentials per service then trusting service providers to guarantee E2E security no longer seems fit.
Worse still, people STILL don't assume insecure-by-default. Everything is just too complicated for a layman to understand even a portion of your average app's operation in the context of system and network security. We're basically all doomed :(
Do fear the Reaper: Huge army of webcams, routers raised from 'one million' hacked orgs
Re: Safe home router ?
Exactly this. I'm running AdvancedTomato on my Netgear R6400. Solid as a rock. Great throughput. Great features. User upgradeable / cross-flashable. And importantly, easily updated when security updates are published.
The old engineering mantra - measure twice, implement once - applied while checking I was about to flash with the correct build. My worry was unfounded though; the instructions are clear and installation is incredibly simple now compared to a few years ago. The Tomato site lists which versions support which software builds as a good starting point and there's a device for most budgets.
Installation was a breeze. No TFTPing firmwares, no pinging to catch the router in its the bootloader sequence. Just an upload of a "first stage" base image (to do things like prep the onboard storage to a correct format and size) and then a flash of the full Tomato image. All through the web interface.
Other firmwares are available. DD-WRT is fine and all, but it's always been bloated for what I want. Tomato won me over with granular Quality of Service features, reliable support for SIP through NAT without dirty hacks and a useful, informative web interface.
There's various branches of Tomato (Shibby, AdvancedTomato, Kille72, Toastman etc..), but the mainstream release is grand for almost everyone.
For those not at the Mikrotik / Firebrick / Cisco / Juniper level, and you're not buying kit capable of running OpenWRT/HyperWRT-based firmware, you're not spending wisely.
Sidenote - I only bought the R6400 as an upgrade from my trusty Netgear WRT54GL - running an older build of Tomato - as the router chipset couldn't keep up with my FTTC throughput! It served well for a decade. Still comes in useful as a managed switch and WiFi repeater.
VMworld schwag heist CCTV didn't work and casino wouldn't share it
"proprietary"? Ha, that policy's universal
I was punched in the head by a drunk person outside a Cannes hotel about a decade ago at an industry convention. As I can speak French, I went straight to venue reception and spoke to security. After ~30 mins of (polite!) remonstrations, management insisted no footage was available as there were no cameras covering the area - despite it being the main entrance/exit for the function rooms.
I expect perfectly good footage would have magically appeared if the police got involved, but I was on a plane the next morning so frankly had no inclination to wade through the French local justice system at 2am.
I think the response from hotels, bars, clubs and casinos is always the same the world over - if they're not liable, and not being compelled to provide this footage, they DGAF!
CrashPlan crashes out of cloudy consumer backup caper
Suck it up datahoarders
I did, bit the bullet and use Arq backup with Google Cloud Storage coldline level for data backups.
Its billed monthly based on storage used and costs when generating egress traffic (i.e., downloading backups if you need them). My bill for storing a few TB of system backups with incrementals is between $3 and $6 a month. Varies based on what new files I upload, but it's easy to calculate. The client is easy to use and works without interaction.
I think the only reason more people don't use GCS is because its pricing and configuration with supported backup clients is slightly opaque, but after the company I'd backed up a dozen systems to went out of business I'd had enough. I'm happy to pay $10 or $15 a month to ensure guaranteed backup storage with the world's largest data barn...
For smaller quantities of live backups at an all in cost, Spideroak is still excellent though comparatively expensive. For your random crap like videos, photos and so on, just buy a 4TV NAS with a UPS and DIY.
Did ROPEMAKER just unravel email security? Nah, it's likely a feature
There is a solution for this
Lock down an allowed subset of HTML and simple multimedia support which is universally supported. Simple CSS with none of the latest magic features (all entirely unnecessary and mostly unsupported in the most widely used desktop clients), basic image support and a functional set of tags for paragraph formatting, text layout and so on.
The key thing is to mandate accessibility and essential support for responsive design, but all this could and should be included in an inline stylesheet. Email doesn't need deluxe stylesheet features with transitions and all of the stuff modern web sites use. It's more work for the designers of commercial email design/delivery programs, but that's their job.
This could be done pretty quickly by the main manufacturers and W3C defining an RFC in consultation with a cabal of infosec orgs. It won't happen until something catastrophic happens affecting big business, but HTML email should have never been rendered with the same support as regular web sites.
Vodafone customers moan about sluggish data abroad
The AA's copped to credit data blurt, but what about car-crash incident response?
Fresh Microsoft Office franken-exploit flops – and you should have patched by now anyway
Sensor-rich traffic info shows how far Silly Valley has to drive
Re: "Auto makers keep the CAN bus locked down"
I had a car which was stolen from my driveway in less than 60 seconds (immobiliser disabled and new key programmed using induction hoop) by car thieves - using an easily available, push-button unit, all via the OBD2 port. This is an increasingly common occurrence.
So, while esoteric info like cylinder duty cycles, spark plug misfire counts or number of potholes driven over may be withheld from all except the dealer, the actually important command sets seem freely available for all to (mis)use with little or no security whatsoever.
Twitter's twits turned troll's tech taunt into thought-provoking tonic
Presumably a billion renders is a meaningful enough metric to measure a useful amount of load against. The 3.5% must represent a median given each request and its response will vary.
It's worth noting they handle many, many billions of calls to just their API each day. If we assume an API call is computationally comparable with a 'render' for the mobile interfaces, all of which is equivalent to one request from one user, that's a fairly modest sample window.
Uneasy rest the buttocks on the iron throne. Profits plunge 14% at Sky UK and Ireland
Doing the sums...
I've had F1 through the HD pack deal for ages (since Sky first started showing F1). I started off at £28 a month. Due to Sky's ability to raise package prices and port people to new tariffs (ala T-Mobile used to do).
I currently pay £44 and get the Variety Pack and HD. I started on Entertainment Extra at about £18pcm, about £10pcm for HD and was 'gifted' Sky F1 HD.
If you weigh it up, compared to cancelling and resubscribing, it's still just worth my while continuing to pay £44. Occasional boxsets, a bunch of channels I hardly ever watch and F1 in HD. But to get F1 in HD, I would have had to subscribe to the entirety of Sky Sports (~£38pcm) plus the HD premium, which is a ripoff. Oh, and at least one basic package.
The cost for new viewers is exorbitant, and it only gets worse if you're suckered into Sky Q.
Prior to this new "tenure-based loyalty scheme" they're now crowing about, the best offer I had after much phone haggling was 1/3 off my package cost if I committed for another 12 months. I didn't take it because I didn't fancy being locked in for another year. The new packages as they stand are a bit more flexible for some viewers, but still far too expensive.
The worst thing about renegotiating any package, even if you stay on the same at a discount, is that they just withdraw bonus or legacy channels without telling you then refuse to reinstate, stating "billing platform" issues or some nonsense like that. You have to argue until you're blue in the face and send lots of emails to Sky "bosses" (inevitably they're all getting picked up by a dedicated complaints team). They're utterly crap at this and it's why they get their reputation for being shysters.
Example: I, and many others with the old HD & F1 package, suddenly lost F1 interactive red button video streams for months, due to the channel moving into the Sports bundle -- it crashed your box if you tried to use it! They hadn't thought about the additional account permissions for red button video streams (just another bunch of channels hidden from the EPG, nothing else special about them).
Perhaps it's time to just ditch the box and get NowTV weekend passes. If F1 doesn't halt its decline, only the F2 and GP3 will be worth watching. And that's all available online if you know where to look.
Take that, gender pay gap! Atos to offshore hundreds of BBC roles
Public Service versus Private Sector - guess who wins
Sadly, it's Atos specifying they can contract for services at a particular price point -- and Atos deciding they can reshuffle their long-serving UK workforce to make much of the required savings. As far as the BBC's concerned, from a business perspective, if that's the quoted price for a service fulfilling their requirements, they should not care about how that price is met.
Knowing the outcome, you can argue all day about the wording of the tender, but an organisation should not strictly have to worry about the morality of the tendering suppliers. I think this demonstrates that business ethics are far more important than some people still think and are overlooked at one's peril!
With context, it seems the Eurotender 'lowest cost' route has once again bitten everyone - the BBC seeks to make maximum savings (it would be pilloried if it came out that they had not gone with the cheapest quote) and Atos seeks to retain its contract even if it means losing the incumbent experts who've helped build and support the infrastructure for the past decade.
It's shameful commercialism from Atos and an impossible situation for the BBC. It has, however, insourced some of its previously outsourced operations, so it is doing something, albeit slowly. There's no way they could insource all of Atos (née Siemens, née BBC Technology) who currently look after BBC things.
BBC hooks up with ITV, launches long awaited US subscription VoD
Separate company (LLC). Joint venture between ITV, BBC and AMC (et al). More info on their site if you're interested in the small print pages.
All programmes are apparently ad free. The biggest issue they have is acquiring rebroadcast / on-demand rights for catalogue -- it's a massive, massive, MASSIVE headache because I imagine they'll have to renegotiate entire swathes of content again for this new service. Rights negotiations is an absolute minefield.
The whole point of britbox, from what I've read on their site, is that they offer stuff not already available through BBC America rebroadcast / AMC (etc) syndication. It's a complementary service and it also offers ITV programming, so I imagine as we go on it'll offer Channel 4 shows too. Agreeing the rights and licensing periods will be what holds up new content appearing on the platform faster than it is.
Is Tesla telling us the truth over autopilot spat?
Re: It is all in a name...
Autopilots are separate systems though more modern craft have control systems capable of controlling the plane in cruise, approach, landing and rollout. Takeoff and taxi needs a human. In flight, autopilot typically maintains a bearing and altitude whilst keeping the plane level; it has pitch, yaw and angle sensors plus accelerometers and gyros (inertial guidance) to understand its relative speed and axes of travel (and perhaps GPS and DME).
Then there's autoland, where the plane follows an ILS or MLS beacon in combination with a radar altimeter for near-ground final manoeuvres. I personally think, whilst marvellously precise systems (albeit with design-controlled error rates) they're comparatively dumb systems. And that's good, because what can you do if a really complex system fails at 10,000 feet in thick fog mid landing approach?
Airspace is so intentionally precisely controlled it allows for variation in craft behaviour -- much more than a car can get away with. Plus you have, at minimum, three small armies of highly skilled human operators watching over flightpaths at every takeoff, cruise and landing, advising the two highly skilled human operators in the cockpit.
Current car 'autopilot' systems involve visual spectrum cameras and radar, GPS, collision detection and avoidance. The better ones also perform real-time trajectory projection (to figure out if something that's moving unpredictably might intersect with you given your current rate and direction of travel). On top of that, they can handle proximity warnings, can read signage and lane markers and - in Tesla's case at least - machine learning as their fleet progressively builds up a database of road conditions and optimum speeds. Those systems are advising and watching out on behalf of one (probably average-skill, and likely distracted) driver.
Autopilot systems haven't really changed that much in decades because of all the failsafe precautions put in place - and the controlled operating environment. You stick a car on the road, who knows what will happen in 30 seconds' time... I think the current generation of systems is already borderline performing magic tricks. Though I wouldn't quite trust it yet with my commute. Humans are crazy.
Haven't deleted your Yahoo account yet? Reminder: Hackers forged login cookies
One would assume that to be the case, given Yahoo! imposed their common authentication system onto Flickr a couple of years ago. More worryingly this means those who infiltrated their systems had access to a massive database of personal photos (for those who use the mobile app to sync personal photos) along with associated geolocation info. Very worrying. Imagine the profile a state actor could build on a potential target.
IoT worm can hack Philips Hue lightbulbs, spread across cities
Is Google using YouTube to put one over on Samsung?
Hapless Network Rail contractors KO broadband in Uxbridge
Whereas in Japan, one regional Shinkansen operator puts track measurement equipment on the underside of every train that runs - yielding a constant stream of valuable, relevant data every day. NR insist on running the bananamobile up and down the country every other day at great cost when they could just improve how they capture the data. Always a few steps ahead...