* Posts by rg287

376 posts • joined 13 Apr 2018


Thunderbird implements PGP crypto feature requested 21 years ago


Re: identity and encryption

Mobile email apps that don't support inward encryption wouldn't be sending the public key and would not be inviting encryption!


So thunderbird to thunderbird accounts would be encrypted. Mobile app to thunderbird and thunderbird to mobile app would not.

That isn't how email works. Email is sent to an MX server/inbox - not to a client. How the user collects their mail (POP/IMAP to a client, or webmail) is then irrelevant and entirely outside the control of the sender.

For sure, TB could embed a flag and a public key inviting the use of PGP. That's fine, and then your correspondent's TB client would send you encrypted mail by default. But you would not then be able to read those encrypted messages in your mobile app when fetching them via IMAP.

My correspondent's TB client may have received a TB PGP flag, but they're not sending emails to Thunderbird - they're sending them to my inbox, where I might collect them via TB, webmail or mobile app. The sender has no control over how I access my inbox, but of all the possible methods only TB would be able to decrypt them by default. I would have to perform additional configuration or even change mobile app to read my mail anywhere else.

This is not insurmountable - as I say, there are PGP-capable mobile apps which you could import your (and your correspondent's) keys into. It's definitely doable, but to turn it on by default is going to be a breaking change for many users.


Re: identity and encryption

Thunderbird can really take the initiative here, and simply implement it. If two Thunderbird clients are emailing each other then it will automatically be encrypted after the first email exchange. Without the need for a third party key holder and without the need for the user to do anything.

You can't turn on encryption automatically because you can't assume that users are only using Thunderbird (which has no mobile app). Flick encryption "on" in TB and suddenly whatever you're using on your phone will collect your mail well enough but most likely won't be able to decrypt it.

There are mobile apps like K9 and Canarymail which can handle PGP of course, but what are the odds that you're actually using one of those? If you're using TB as a desktop client for a hotmail or gmail account, you're most likely using the Outlook or Gmail apps on mobile.

Thunderbird can and should prompt for users to enable encryption, but needs to explain the ramifications of doing so (like changing mobile apps).

Once enabled, some sort of auto-detect and key-exchange for PGP would seem to be beneficial. ProtonMail made key-exchange go away by just doing it automatically between ProtonMail accounts, acting as their own internal key server. But encrypting to third party addresses is still a faff. Their selling point is mostly the mail being effortlessly zero-knowledge at rest courtesy of the client-side encryption, even if most mail ends up being sent unencrypted to non-PM users.

Research into deflecting potentially world-destroying asteroids is apparently not a 'national priority' for the UK


For those wondering, here is the ESA Funding Pie Chart.

The ESA is a strictly what-you-put-in-you-get-out organisation. There's no "winning" or "losing". If you put €100M in, they'll spend €100M in your country. Base membership contributions are based on GDP and then there are optional programmes that states can additionally sign up to (like Hera). Spend for optional projects only goes back to participating nations.

The UK currently contributes (and receives) ~9% of the "ESA budget from Member States" (including Switzerland & Canada).

France and Germany contribute 26.9% and 20.1% respectively.

So you would expect France and Germany to get twice as much spend as the UK (because they put twice as much in), even before they start soaking up money from the EU projects.

The EU then puts in about €1.53B for EU projects like Galileo and Copernicus. Spending for those projects has to go back to EU states, or participating non-EU states who have signed up to those projects (like Switzerland).

When the author states:

Bremen-based OHB took a substantial bite out of ESA's Copernicus award pie earlier this year while the UK, a major ESA contributor, did not fare so well

This is a bit misleading. Copernicus is an EU project delivered by ESA - not an "ESA project". Once we left the EU, we lost our entitlement to a slice of that €1.53Bn they drop in for Galileo/Copernicus/etc. We didn't "not fare well". It wasn't an open contest that we lost. We surrendered our entitlement by leaving the EU. If we were still in, a chunk of Copernicus would have had to come to us.

Who cares what Apple's about to announce? It owes us a macOS x86 virtual appliance for non-Mac computers


By that time I would truly hope that most of that software was available in ARM form, even the most laggard software team should have achieved that.

It's not just software. My brother is (I begrudgingly admit) a rather talented amateur musician.

When he moved from a POWER to Intel Macbook, his external sound card stopped working. Nothing so prosaic as a driver issue - there was a known hardware issue and that was that. Paperweight.

For him, that was a tedious £100 to shell out for a new model. For a recording studio, jog on - they're not going to bin £100k mixing boards because something weird doesn't play nicely with ARM (granted, you would hope at that level you would be able to get sensible manufacturer support - if they still exist).

Of course studios are an "industrial" setting with long-life hardware installations where if it works today you can just carry on using it (same reason there are MRI machines and CNC stations driven by Windows XP boxes). But sooner or later the hardware will die and then if it won't play nicely with Apple's ARM gear, then you'll need to be able to hackintosh onto whatever x86 hardware is available that year. Which means having Apple offer a legitimate OSX licence for virtualisation or generic-hardware, just as you can for WinXP in those exceptional cases.

Up from the depths, 864 servers inside, covered in slime, it's Natick!


No comment on the occasional pesky fishing trawler with anchors and difficulty to perform maintenance though?

The reason it was located there was that the area is controlled by the European Marine Energy Centre, a test site for tidal turbines and wave energy converters. No trawling because there's lots of "stuff" on the sea floor - cables, turbines, test rigs. It's also got some quite strong currents and decent winter storms, so was a good test of the pod getting "jostled" externally.

Aside from the practical considerations (no-trawl zone and their project partners have heavy-lift equipment available - see maintenance), this was partly for green credentials and also to show that they could run off a power supply traditionally viewed as unreliable. The suggestion is that these pods could be quite reasonably powered by an offshore wind farm (again, no-fish and good work-vessel availability) with a last-resort shore-power connection laid alongside the fibre-uplink. This would provide no-maintenance, self-contained edge-computing in remote areas. Just roll up once every x years and replace the pod wholesale.

Rocket Lab deploys Photon, er, in-house built satellite on Flight 14


However I do wonder a bit about the fact that these things are designed to decay from orbit naturally. The first stage satellites orbit above the ISS, so the ISS might have a lot of avoidance manoeuvres in its future (if it isn't deorbited first)?

They'll only be left to decay naturally if they fail completely and go unresponsive or have a propulsion failure (and like a ghost ship obviously needs monitoring so other stuff can keep clear). But most satellites will be deliberately de-orbited at EOL, in which case they'll do it somewhere the ISS (and everything else) isn't. That's not a new concept for LEO satellites at EOL, just as GEO satellites get moved to a graveyard orbit when they get retired.

And space is big. The odds of a dead starlink satellite conflicting with the ISS are extremely low to start with.

Of course the more stuff that's up there the higher the odds of having to avoid something, but the ISS isn't going to suddenly have to spend half it's time dodging falling sats.


Not mentioned in the article - SpaceX/Starlink also demoed the first satellite-satellite links (necessary for things like mid-Pacific, TransAtlantic or Southern Ocean coverage where you don't have a ground-station to bounce down to. It makes the constellation an actual mesh-network, not just up-and-down relays).

Most sats launched so far are "Version 1" without inter-sat links, but a few prototype V2 models seem to have snuck onto the last couple of launches.

Musk-based onanism aside, accurately shooting free-space lasers between satellites and getting a usable data link is top-notch boffinry from the StarLink engineers and has wide-ranging implications not just for Moon/Mars colonies or whatnot, but as a high-bandwidth option for science probes and satellites to communicate with each other (e.g. if a mission sends multiple science probes with one "mothership" comms relay as per certain Mars architectures).

After 1.5 million days of computer time, SETI@home heads home to probe potential signs of alien civilizations


Definitely biased towards the latter stages, mainly due to the development of CUDA/GPU processing.

I got my first laptop quite toasty running classic SETI overnight ~2004-07.

When I built my first proper gaming rig in 2011 with a dedicated GPU I doubled 3 years worth of contributions in about a month. Being a quad-core i5 didn't hurt either, but it was mostly the GPU. The CPU cores (3, with core 4 left for system) could crunch a unit in ~75 minutes, so ~0.8units/hr/core or 2.4units/hr overall. The GPU was doing a unit every 10-12mins (5-6units/hr).

That was a GTX460 IIRC. Enthusiasts with a 480 or multiples SLI'd would have been crunching units much faster.

If you were building a dedicated rig, there was a lot to be said for buying the cheapest board/CPU you could find that had multiple full-length PCIe slots, pop on 4GB RAM and simply use it as a host for the best GPUs you could afford. The work isn't especially I/O bound. The workunits were small, it was all on-GPU using the graphics memory.

In fact, I wonder whether it is sensible to run a distributed computing project over such a long period.

Perfection is the enemy of progress. Tech will always be better in 5 years than it is today. You have to start sometime - and given the cost of storage 20 years ago, the costs associated with storing the data for later analysis may well have outstripped the cost of getting the data crunched (inefficiently) back then and just storing that output.

And SETI really broke new ground for citizen science and distributed computing. All the other projects like Folding@Home followed SETI's lead, so the contribution stretches far beyond the direct scientific objectives of SETI@Home.

Huawei mobile mast installed next to secret MI5 data centre in London has 7 years to do whatever it is Huawei does


Re: Does this mean all MI5 could find was a 30m cable?

They can probably get the 30m one through as "office expenses".

50m goes over the spending cap and requires sign off, which is - y'know - such a pain.

Shadow IT isn't just for enterprise you know ;)

Black Helicopters

Enemies of the State?

We are not revealing its precise location in case enemies of the British state stick pneumatic drills through the pavements surrounding it

I know Thames Water have had issues over the years, but "Enemy of the British State" seems a bit strong!

A bridge too far: Passengers on Sydney's new ferries would get 'their heads knocked off' on upper deck, say politicos


Re: They could

London Bridge is a very boring 1970s concrete motorway bridge

But it has a rifle range in the southern footing, so it's got that going for it!

As often happens, more interesting on the inside.

Microsoft sides with Epic over Apple developer ban, supports motion for temporary restraining order


If I've understood correctly apple have a dispute with Epic so they have said anything written by anyone which uses the unreal engine is banned from the app store?

Not quite. Apple yanked their developer account because of the Fortnite bruhah.

The problem is that without an Apple Developer Account Epic can't access the latest Xcode stuff or signing certs for the other half of their business, which is Unreal.

This doesn't stop anyone using Unreal and certainly doesn't mean their apps get kicked from the store, but it does stop Epic issuing patches. It means Unreal Engine is effectively unmaintained for iOS/macOS.

Additionally, by preventing updates to Unreal for new iOS/macOS versions, there's a fair chance of everyone's Unreal-based games breaking on the next major OS releases. So it's no longer just "Fortnite". Apple are dangling their entire Unreal customer base over the heads.


Re: Cynical

1. Do registration in app and give us an ongoing 30% cut of your subscriptions.

Just for completeness - For subscriptions bought through apps, Apple take 30% for the 12months, dropping to 15% thereafter. Which is still far to high for various low-margin sectors. But worth noting it's not 30% forever. </pedant>

However, paid apps and one-off in-app purchases (by far the most common transactions) are 30%.

TalkTalk, Three, and Virgin Media, come on down! You've all won a prize for... not being that great at something!


A spokesperson at Virgin Media said the company is "always looking at how we can further improve our customer service.

IPv6. It's 2020.

It's a fiddle, but it ain't that hard.

You too PlusNet. You're on BT's network and they manage it.

Amazon makes 850,000m2 bet that its people will get off the kitchen table and back to an office


Re: Why offices?

With the kids screaming through at 3.30pm when they get back from school?

Some people live in flats with two bedrooms just large enough to get the actual bed in, a bathroom and the kitchen/diner/living-room. Have fun setting up a dual-monitor rig on the kitchen table, jostling for elbow space with your kids doing their homework, then clearing the lot away for tea.

A folding desk doesn't solve that issue.

Working from home is great. I'm doing it and long may it continue. But I also don't overlook the immense privilege I have in possessing a little office room where I can close the door and shut out the household.


Re: Why offices?

Occasional meet-ups would be nice, and some centralised tech support is needed, but hard worth a full-scale office that would have everyone inside.

You've answered your own question.

Meetings, tech support and storage (you can't expect your tech support to be giving over their homes to storage, workbenches or receiving pallets of new laptops at home), face-to-face interviews, on-boarding, off-boarding, training...

Plus the people who just don't have a good home environment (no dedicated office space, working off the kitchen table with kids around, etc) and want to work in the office.

In a large enough org that's enough to maintain footfall through the office even if many individuals only show their face once a fortnight or month.

Epic Games gets itself epically banned, launches epic Fortnite death match with Apple over App Store's epic 30% cut


Re: Unfortunately, Apple will win

Wasn't the 90s when Apple ran their "I'm a Mac. I'm a PC" ad campaign specifically to show how they were NOT a PC?

2006-2009, though it seems like longer ago.


Re: After all the appeals

BTW Google also pulled the app from their app store - if Fortnite was smart they would have only done this in Apple's hoping to put some pressure on them from hardcore Fortnite fans who might be willing to switch to Android to get it.

Fortnite started out as a side-load on Android and had no shortage of players. It's only relatively recently that they joined the Play Store. You can still download the Android apk from the Epic website.

Which is probably why they're asking for the iOS issue to be handled separate to Google Play.

Apple is a much more clear-cut monopoly. Google are a bit trickier since it's perfectly possible to sideload or use other stores, but Google have made a song-and-dance about "anything not from the Play Store is malware". It's not the same sort of monopoly as Apple have, but they're still throwing their weight around to disparage competitors, in a manner that Epic would describe as unreasonable to the point of illegality. And they're trying to shame both over their 30% cut from store sales.

Nobody would care if Apple were taking 5% for providing the Store platform and CDN infrastructure. Claiming 30% is - and always has been - a bit of a pisstake.

Mozilla signs fresh Google search deal worth mega-millions as 25% staff cut hits Servo, MDN, security teams


Yes... thing is, that's usually when the bosses are newly-minted MBAs with lots of case studies and big ideas but limited knowledge of your industry vertical (or the company is tanking and the boss does whatever their new business-guru tells them).

Mitchell Baker has been with Mozilla since Netscape. She wrote the Mozilla Public Licence. She should know better.

Worse yet, Servo is the new shiny. A Servo-powered Gecko engine should be the selling point of the org, and aspire to underpin other browsers. If it had come along a bit earlier or been more mature then MS might have jumped on Servo/Gecko for Edge instead of Chromium.


Re: Servo?

Doesn't seem clear. Technically Servo was considered a research project with stuff carried over to Gecko as appropriate (only Servo-CSS so far AFAIK).

Presumably the Gecko dev team have the option to continue developing from the Servo codebase and integrate that into Gecko. I guess whether they can/will depends on whether they have much Rust-dev experience in the team and whether Servo's goals are a priority for them (compared with the baseline of keeping up with evolving web standards in the first place, never mind developing an all-new engine).


Having a periodic thin out is inevitable at orgs like Mozilla which have such broad and varied interests that mission-creep is encapsulated almost by design. Sooner or later you'll find that certain projects are no longer earning their keep, or there are simply more impactful projects that could be funded in their place and deserve a day in the sun.

It's also not a bad idea to try and diversify your income. It's never good to be reliant on one customer.

But dropping the entire Servo team who are building your next-gen engine? That sounds like a solid long-term strategy for your browser.

Dumping the Security team at the same time as you're trying to sell a VPN product? Yes, very reassuring...

Firefox maker Mozilla axes a quarter of its workforce, blames coronavirus, vows to 'develop new revenue streams'


Re: This is actually a good thing

Perhaps as a community we need to find better ways to fund them.

Seems to be the season. Few such projects seem to be finding good models to support themselves:

Companies toiling away the most on LibreOffice code complain ecosystem is 'beyond utterly broken'

UK utility Thames Water splashes cash as host of IT consultancies appointed to handle £100m worth of deals


"Amp 7"?

Shurely shome mishtake? Thames Water of all people should know to keep water and electricity firmly separated!

We've reached the endgame: Bezos 'in talks' to turn shuttered department stores into Amazon warehouses


Re: Coming soon

I was thinking more along the lines of "If you have a warehouse in a retail area, you might as well have a counter there so people can do pickups for common items instead of waiting for delivery".

There we go, I've just invented Argos.

Publishers signed up to Apple's premium News may be less than 'appy to discover the iGiant snatching readers


Re: Shits All Over Google

And for some screwed up reason I'm not yet able to grasp, Google News will soon have to pay sites like news.com.au for providing a link to news.com.au ???

No. Google will have to pay sites presenting their content to users within Google, instead of forwarding them to the site where the content creator runs ads and can make some money.

It turns out that if you give the user a big enough snippet of the article, they don't usually bother clicking through to read the rest of it - even if you provide a link.

But you knew that already.

China now blocking ESNI-enabled TLS 1.3 connections, say Great-Firewall-watchers


TLS1.3 isn't just about mathematically more secure ciphers or ESNI.

TLS1.3 also mandates cipher suites with Forward Secrecy. This breaks MITM boxes because you can't just siphon off a data stream and decrypt it at will using your private/internal Certificate (as plenty of banks & corps do using a private Certificate Authority). Cipher Suites with Forward Secrecy generate a new - ephemeral - secret key for every session.

Also, as noted - ESNI complicates the process of knowing what domain the user is requesting and presenting the user with an appropriate spoofed certificate.

This is all by design, has created many headaches in corps with regulatory requirements to monitor everything going across their networks. It is telling that China have just thrown in the towel and banned it outright.

Apple re-arms the iMac with 10th-gen Intel Core silicon


Given the general long life of Macs (annoying OS-based planned obsolescence aside), could the announcement of impending ARM chippery see a bit of Osborne Effect?

I doubt it. If anything professional users will pick up a late-model Intel iMac to last them through the transition period, picking up ARM in 5 years time when the ecosystem and third party software has all settled down. Let the consumers and bleeding-edge die-hards find the bugs.

Most consumers won't care that much, they're buying it for macOS, not the chippery. If they need a new box they'll buy a new box. They're not bouncing on their heels for the ARM version.

University of Cambridge to decommission its homegrown email service Hermes in favour of Microsoft Exchange Online


Re: less than ideal

Everybody knows they're in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”

Don't forget to take a flashlight - the cellar lights will probably have gone.

Heir-to-Concorde demo model to debut in October


Re: Can it reduce the time spent at airports

Like Concorde, I imagine a service commanding ticket prices of $5500 will have it's own check-in and security. Arrive 15 minutes before departure (possibly by helicopter), collect martini and away you go.

UK space firms forced to adjust their models of how the universe works as they lose out on Copernicus contracts


Not a single mention of the ESA's £100m investment in a new Business Incubation Centre in Leicester?

Copernicus is an EU project like Galileo. So we will no longer get to participate (pending the new UK-EU Treaty).

But the ESA is a what-you-put-in-you-get-out agency. We contribute money, and the ESA will continue to award a proportionate work-share to the UK. There's no "winning" or "losing out" - we are guaranteed our share of ESA projects.

But we won't get a share of EU projects awarded to the ESA for delivery because we're not part of the EU (unless we successfully get a Swiss-type deal which permits participation, which is why the Swiss are able to work on Galileo).

I was screwed over by Cisco managers who enforced India's caste hierarchy on me in US HQ, claims engineer


Re: Deep-rooted prejudice

There's an entire episode of Only Fools and Horses built around the Indian caste system in London (or rather, exploiting British ignorance of it!). That was 1981.

Laws on police facial recognition aren't tough enough, UK data watchdog barrister tells Court of Appeal


Re: you would be surprised...

I recall reading a Cory Doctorow story some time back. It wasn't terribly good, but one scene did stick with me.

Set in the near future the protagonist ends up in court and after being queried on a point the judge replies "I'm not a complete luddite you know - I used to play CounterStrike for England!".

It was an entertaining observation that whilst we like to view judges as old and fusty, the generation of young professionals who were ~20-25 when Half Life came out in 1998(!) are now in their mid-40s and starting to fill into roles on the Bench. As you say, they understand enough to ask the right questions as the technology relates to the law.

Ex-Dell distributor in Lebanon ignored ban on suing US tech giant. Now four directors have been sentenced to prison in the UK


They've had their redress.

By agreeing to enter binding arbitration they agreed to be bound by the findings. Arbitration is really just like going through the courts but a hell of a lot cheaper. You both present your cases and the arbitrator makes a ruling.

I've seen cases in non-binding arbitration where one party has decided they didn't like the ruling, forcing a court case. This ultimately costs more (because you've paid out for the arbitration) and wastes everybody's time. It's an arsehole move. If you're not sincere about entering arbitration, then don't. Have your day in court and get it done with.

It is an entirely reasonable response to seek a no-suit ruling to prevent vexatious lawsuits if one party is going to play silly buggers after arbitration.

Consider this. If SETS had gone to court, they'd have been told the same thing, and if they'd then tried to bypass or reject that ruling they would have ended up in contempt. This is just the court enforcing the terms of the contract that they willingly signed. Same outcome, just via a slightly different route.

SpaceX Crew Dragon docks at International Space Station


Re: Correct me if I’m wrong

But isn’t it the first manned capsule to have been designed since the ‘70s? That’s more impressive to me than the 9 year stat that always gets bandied around.

Put it this way. It's only the 9th vehicle to have carried humans to space (and the first privately developed one).

* Vostok

* Voskhod

* Mercury

* Gemini

* Apollo

* Soyuz (albeit various iterations/versions)

* Shuttle

* Shenzhou

* Crew Dragon

They've only gone and bloody done it! NASA, SpaceX send two fellas off to the International Space Station


Re: How much?

$50-60m is the cost of a commercial launch on F9.

Crew Dragon launching to ISS is ~$160m, because you have to pay for the payload (Crew Dragon) as well as the rocket. And man-rating carries a premium.

So for Bob & Doug, that works out at $80m/seat. But in principle Crew Dragon can carry 7 (.vs Soyuz 3) which whittles the price down to $23m/seat - though it's unlikely NASA will actually launch 7 at a time due to available space on ISS. More like 3-4 with space for pressurised cargo/experiments.

Gone in 9 seconds: Virgin Orbit's maiden rocket flight went perfectly until it didn't


Re: Oh. Again?

Liquid rocket fuel is often pretty nasty stuff

LauncherOne uses LOX/RP-1, so just highly-refined Kerosene. A spill has environmental impacts but there's no nasty hypergolics (though the payload of course might have hydrazine maneuvering thrusters if they're not simple cold-gas, but the main propulsion by weight and volume is just RP-1).

Still, the sort of thing you'd do at a quiet location like Newquay without the hassle of integrating with nonstop freight and passenger traffic at somewhere like Heathrow or Gatwick.

Former Labour deputy leader Harriet Harman calls on UK govt to legally protect data from contact-tracing apps


Re: Oh what a tangled web we weave!

Not sure if serious...? I suppose this happens with international audiences.

At one point during Labour's last tenure Ms Harman was associated as a promoter of "Political Correctness gone mad". Consequently it seemed wrong to call her Harriet Harman since that was clearly sexist and furthered the oppressive patriarchy. So Harriet Harperson became a nickname in some quarters.

Much like "Petty Patel" or "Priti Awful" (for our current death-sentence loving Home Sec), Tony Bliar (no luck catching them WMDs then?" ... "It's just the one WMD actually"), etc, etc.

Breaking virus lockdown rules, suing officials, threatening staff, raging on Twitter. Just Elon Musk things


Re: A possible explanation for sudden behaviour change.

Musk has got himself in trouble with tweets for a few years now - with the SEC for tweets about Tesla stock, or accusing a British of being a paedophile (a baseless accusation that came from a scam private investigator that Musk hired).

I'd attribute those to throwaway comments when under pressure. Musk has always been a bit edgy and anti-social. I think it goes with the territory. Uncompromising geniuses (and objectively, he's an extremely high-performing polymath) tend to have compromised social skills and Musk has never been any different. His performances on Twitter only show that more acutely.

His detractors will say "Oh, it's just Musk being a dick", but that's lazy. The latest hissy-fit over lockdown seems... different. It's not based on a rational analysis of the available data - and that's unusual for Musk. On the one hand you can forgive him being annoyed - Alameda County are the only ones in California maintaining lockdown and every other car manufacturer is going back in their respective states too. But on the other hand, we all know that everybody else is wrong. Trump is wrong, the walts protesting outside state capitols with AR15s across their chests are wrong (and an embarrassment to the 100million respectable and responsible US gun owners to boot). For someone who has always been happy to buck the trend and challenge the received wisdom... it's a change. Is that the fog of new fatherhood, or is this an early indication he's going the way of Cloudflare founder Lee Holloway?

Or maybe he's just being an arrogant dick and he hasn't realised that his enviable ability to integrate new skills and domains of expertise has run out at epidemiology.

Nine million logs of Brits' road journeys spill onto the internet from password-less number-plate camera dashboard


It's also about attitude.

You can have a sizeable breach, but if you took all reasonable steps - patched, segmented the network, enforced strong passwords, MFA, etc and someone got in because oh, say, a well-respected firewall vendor (*cough* Sophos *cough*) had a serious RCE bug being exploited in the wild, then ICO will take a very sympathetic view to you. You did everything you reasonably could.

As compared to a web-facing dashboard with no auth and no attempt at auth, spilling out PII for years which clearly wasn't properly configured at installation and should never have been accepted by the customer in such a state.


Re: Massive invasion of privacy

The otherwise unqualified reference to "increasingly authoritarian government" is clearly intended as a poke at the incumbent Conservative government in Westminster.

As such it represents a cheap and feeble attempt at political point scoring against the awful Tory child-eaters which ignores the Labour control of Sheffield Council as well as the raft of intrusive measures introduced nationally by the Blair/Brown Labour administrations from 1997-2010.

In short: They're all as bad as each other and there's no political points to be scored.

But you already knew that.

SpaceX's Elon Musk high on success after counting '420' Starlinks in orbit and Frosty the Starship survives cryo test


Re: This may be a really obvious question.

No, your average American who doesn't like within a major metro area (and quite a few who do). Not to mention those Brits who live inside the M25 yet can't get sensible speeds due to weird EO lines - or those in rural areas who BT confidently claim can access "superfast fibre broadband", but can't get better than 2Mb down on account of being >2miles from the cabinet.

FTP is crusty and mostly dead, right? AWS just started supporting it anyway


Re: It's used because it works

Absolutely - and not just in industry but in the consumer space.

Good look setting up a github/x/y/z to some bog-standard cPanel or Plesk hosting (unless the admins have been uncommonly generous and enabled the appropriate plugins). I actually do do this with a hugo site - commit files to a private repo, which triggers a Github Action to rebuild the site and then... FTPs the Public directory onto the hosting.

But fundamentally, your options are login and use the web-based file manager or FTP(S) in. It's so easy your dad can use it.

If you maintain your own servers and can configure your workflow just how you like it (or use cloud services with the latest workflow options) then great. For many consumers and indeed SMBs, FTP is the lowest/simplest common denominator, regardless of whether it's used directly or at the end of an automated testing/build pipeline.

Along with RDP, which we're all told is prehistoric and "nobody uses RDP anymore" - oh yes they do!

Come kneel with us at UK's Cathedral, er, Oil Rig of the Canal: Engineering masterpiece Anderton Boat Lift


... we've removed all the landscape features that used to absorb the extra water (marshes & wetlands) and keep building houses in places ta flood..

Along with all the upland woods and forests which trapped water upstream and "flattened the curve" (wait, where have we been hearing that recently?), either sucking up water for the foliage, or just releasing it slowly over the course of days/weeks rather than hours.

Netflix starts 30-day video data diet at EU's request to ensure network availability during coronavirus crisis


Re: What about the CDN?

This is a genuine question. Does anybody know why this is a measure worth taking?

Because most broadband networks are sold on a contended basis. Buying a 70Mb connection doesn't guarantee you 70Mb of backhaul from the cabinet to the exchange or from the exchange to the head-end or regional core, which is where CDN and OpenConnect appliances will live. At one time cabinet contention of 25:1 was common, so if 25 of you bought a 30Mb connection, you were sharing 30Mb of capacity out of the cabinet - and just over 1Mb each doesn't go that far these days.

If all the kids are streaming Netflix in UHD, that can impede their teleworking neighbours who are trying to use VOIP, video conferencing or remote desktop infrastructure (or indeed trying to wrangle large files down from company filestores which would normally be on the office LAN). Encouraging Netflix to cap streams at HD (for instance) is eminently sensible.

It's the cabinets and exchanges which are likely to become saturated rather than the IXPs or Network Cores.

NASA to launch 247 petabytes of data into AWS – but forgot about eye-watering cloudy egress costs before lift-off


Re: Hang on...

If scientists are going to download so much data locally that went to the cloud first, then surely that data should have gone directly to a NASA data centre first anyway (either for use or for pre-processing prior to AWS ingress)

I was likewise confused at first. Surely the likes of NASA could just negotiate a couple of fat peering connections with AWS and bump off egress charges (in the same way that Bandwidth Alliance deals allow customers to discount egress costs from Azure if they are using something like Cloudflare, because Azure and CF peer and it costs MS nothing to send data to CF compared with sending it over transit).

I think the point is that this is the cost derived from arbitrary users - people at academic institutions around the world. I wouldn't be surprised if this is where the oversight has occurred - NASA will likely be able to get at their data in AWS for free, and it was forgotten that most of their data users are outside NASA and EDSIS will get stung for the egress to them.

I think.

Firefox now defaults to DNS-over-HTTPS for US netizens and some are dischuffed about this


Re: You can disable

Technically Cloudflare's DoH endpoint is at <https://cloudflare-dns.com/dns-query>

Obviously this requires that you have a config file with the IPs for that domain to bootstrap the service (just as a full resolver has a Root Hints file to bootstrap the service).

Using a domain is done because although it's perfectly possible to have a TLS Cert for an IP address, it's poor form and CAs aren't supposed to issue such things. As a result it's better for the resolver to be calling a FQDN (though CF, being their own CA could generate one - and I seem to recall reading that they might have by now).


Re: Thank goodness we can turn it off...


As always there are multiple correct answers here. Just as the anonymity argument on social media swings between "But trolls" and "But political activists operating in fear of their lives" or just people separating their online and professional persona (e.g. The Secret Barrister) so it is with the case for DoT/DoH.

DoH is excellent for not only securing your DNS but obfuscating it as general HTTPS traffic. It also bypasses possibly-compromised DHCP settings (though if the authorities are on your device it's already game over). For some people that's genuinely of interest and value.

But for general usage, the Browser is categorically the wrong place to be doing DNS. It makes the crucial assumption that you don't want to connect to LAN domains or use anything that your system might otherwise know about. Worse yet, Firefox's implementation allows you to specify only one "Trusted provider". When Cloudflare fell over last year, there was no way - other than manually changing your settings - to say "Yes, use NextDNS if Cloudflare is unavailable" resulting in resolution failures for everyone using it. What sort of fragile implementation doesn't allow for failover?

Of course there's a security argument there as well, but if you only trust one provider, you can just specify one provider. Those who prefer reliability can specify two.

Compare this to System-level DNS Resolvers - W10 lets you set a Primary/Secondary, macOS lets you set an arbitrary number in preferred order. Linux likewise.

London's top cop dismisses 'highly inaccurate or ill informed' facial-recognition critics, possibly ironically


Given that individuals of BAME ethnicity make up 26% of the UK Prison population compared with 14% of the General Population, if they've trained the system on mugshots there's a case to be made that it may legitimately be less ethnically-biased than a system trained on a conventional or "representative" training set. This would also explain the gender bias of being more accurate on men than women (more men convicted than women, bigger training set). It possibly also exposes a racial bias of the Met's finest in pursuing prosecutions of BAME ethnicity suspects...

Of course, it can only ever be as good as it's training data and if their training data is well-lit mugshots of front and sides, then it's no surprise that identification from street cameras in real-world conditions is rubbish. I wonder how long it will be before they start doing much more in-depth scans of convicted (or even suspected) individuals in order to provide better training data for the AI? Front-Left-Right gets multiplied across "chin up"; "chin down"; up-lit; down-lit and low-light. If a smartphone can do depth-mapping, the Police will surely be angling to collect such data.

I wouldn't even be surprised if they've been pushing the Home Office to allow them to scrape the Social Media in order to add more "real world" photos to their training data (I'd be even less surprised if they've been doing it anyway on the quiet).

It's calculated Apple leak time: Cheaper iPhone, laptops with proper keyboards, and, oh, a Tile competitor


Re: Not to pour a dampener...

...but the SE replacement has been one of those rumours that is as enduring as Apple releasing a TV.

Yeah, but the difference is that I've finally updated, and it'd be just my bloody luck if Apple finally release an SE2 6 months after I upgrade.

I've been hanging on for years. Finally bit the bullet in October when my beloved 5S started to physically fall apart and ended up getting an XR when the price dropped after the 11 came out.

You spoke, we didn't listen: Ubiquiti says UniFi routers will beam performance data back to mothership automatically


Re: "In other words, you ain't got no choice."

EdgeOS on the EdgeMAX/EdgeRouter gear is forked from Vyatta.

The Unifi stuff is OpenWRT.



Biting the hand that feeds IT © 1998–2020