Posts by rg287

Re: identity and encryption

Mobile email apps that don't support inward encryption wouldn't be sending the public key and would not be inviting encryption!

So thunderbird to thunderbird accounts would be encrypted. Mobile app to thunderbird and thunderbird to mobile app would not.

That isn't how email works. Email is sent to an MX server/inbox - not to a client. How the user collects their mail (POP/IMAP to a client, or webmail) is then irrelevant and entirely outside the control of the sender.

For sure, TB could embed a flag and a public key inviting the use of PGP. That's fine, and then your correspondent's TB client would send you encrypted mail by default. But you would not then be able to read those encrypted messages in your mobile app when fetching them via IMAP.

My correspondent's TB client may have received a TB PGP flag, but they're not sending emails to Thunderbird - they're sending them to my inbox, where I might collect them via TB, webmail or mobile app. The sender has no control over how I access my inbox, but of all the possible methods only TB would be able to decrypt them by default. I would have to perform additional configuration or even change mobile app to read my mail anywhere else.

This is not insurmountable - as I say, there are PGP-capable mobile apps which you could import your (and your correspondent's) keys into. It's definitely doable, but to turn it on by default is going to be a breaking change for many users.

By that time I would truly hope that most of that software was available in ARM form, even the most laggard software team should have achieved that.

It's not just software. My brother is (I begrudgingly admit) a rather talented amateur musician.

When he moved from a POWER to Intel Macbook, his external sound card stopped working. Nothing so prosaic as a driver issue - there was a known hardware issue and that was that. Paperweight.

For him, that was a tedious £100 to shell out for a new model. For a recording studio, jog on - they're not going to bin £100k mixing boards because something weird doesn't play nicely with ARM (granted, you would hope at that level you would be able to get sensible manufacturer support - if they still exist).

Of course studios are an "industrial" setting with long-life hardware installations where if it works today you can just carry on using it (same reason there are MRI machines and CNC stations driven by Windows XP boxes). But sooner or later the hardware will die and then if it won't play nicely with Apple's ARM gear, then you'll need to be able to hackintosh onto whatever x86 hardware is available that year. Which means having Apple offer a legitimate OSX licence for virtualisation or generic-hardware, just as you can for WinXP in those exceptional cases.

No comment on the occasional pesky fishing trawler with anchors and difficulty to perform maintenance though?

The reason it was located there was that the area is controlled by the European Marine Energy Centre, a test site for tidal turbines and wave energy converters. No trawling because there's lots of "stuff" on the sea floor - cables, turbines, test rigs. It's also got some quite strong currents and decent winter storms, so was a good test of the pod getting "jostled" externally.

Aside from the practical considerations (no-trawl zone and their project partners have heavy-lift equipment available - see maintenance), this was partly for green credentials and also to show that they could run off a power supply traditionally viewed as unreliable. The suggestion is that these pods could be quite reasonably powered by an offshore wind farm (again, no-fish and good work-vessel availability) with a last-resort shore-power connection laid alongside the fibre-uplink. This would provide no-maintenance, self-contained edge-computing in remote areas. Just roll up once every x years and replace the pod wholesale.

However I do wonder a bit about the fact that these things are designed to decay from orbit naturally. The first stage satellites orbit above the ISS, so the ISS might have a lot of avoidance manoeuvres in its future (if it isn't deorbited first)?

They'll only be left to decay naturally if they fail completely and go unresponsive or have a propulsion failure (and like a ghost ship obviously needs monitoring so other stuff can keep clear). But most satellites will be deliberately de-orbited at EOL, in which case they'll do it somewhere the ISS (and everything else) isn't. That's not a new concept for LEO satellites at EOL, just as GEO satellites get moved to a graveyard orbit when they get retired.

And space is big. The odds of a dead starlink satellite conflicting with the ISS are extremely low to start with.

Of course the more stuff that's up there the higher the odds of having to avoid something, but the ISS isn't going to suddenly have to spend half it's time dodging falling sats.

Definitely biased towards the latter stages, mainly due to the development of CUDA/GPU processing.

I got my first laptop quite toasty running classic SETI overnight ~2004-07.

When I built my first proper gaming rig in 2011 with a dedicated GPU I doubled 3 years worth of contributions in about a month. Being a quad-core i5 didn't hurt either, but it was mostly the GPU. The CPU cores (3, with core 4 left for system) could crunch a unit in ~75 minutes, so ~0.8units/hr/core or 2.4units/hr overall. The GPU was doing a unit every 10-12mins (5-6units/hr).

That was a GTX460 IIRC. Enthusiasts with a 480 or multiples SLI'd would have been crunching units much faster.

If you were building a dedicated rig, there was a lot to be said for buying the cheapest board/CPU you could find that had multiple full-length PCIe slots, pop on 4GB RAM and simply use it as a host for the best GPUs you could afford. The work isn't especially I/O bound. The workunits were small, it was all on-GPU using the graphics memory.

In fact, I wonder whether it is sensible to run a distributed computing project over such a long period.

Perfection is the enemy of progress. Tech will always be better in 5 years than it is today. You have to start sometime - and given the cost of storage 20 years ago, the costs associated with storing the data for later analysis may well have outstripped the cost of getting the data crunched (inefficiently) back then and just storing that output.

And SETI really broke new ground for citizen science and distributed computing. All the other projects like Folding@Home followed SETI's lead, so the contribution stretches far beyond the direct scientific objectives of SETI@Home.

Re: Does this mean all MI5 could find was a 30m cable?

They can probably get the 30m one through as "office expenses".

50m goes over the spending cap and requires sign off, which is - y'know - such a pain.

Shadow IT isn't just for enterprise you know ;)

Re: They could

London Bridge is a very boring 1970s concrete motorway bridge

But it has a rifle range in the southern footing, so it's got that going for it!

As often happens, more interesting on the inside.

If I've understood correctly apple have a dispute with Epic so they have said anything written by anyone which uses the unreal engine is banned from the app store?

Not quite. Apple yanked their developer account because of the Fortnite bruhah.

The problem is that without an Apple Developer Account Epic can't access the latest Xcode stuff or signing certs for the other half of their business, which is Unreal.

This doesn't stop anyone using Unreal and certainly doesn't mean their apps get kicked from the store, but it does stop Epic issuing patches. It means Unreal Engine is effectively unmaintained for iOS/macOS.

Additionally, by preventing updates to Unreal for new iOS/macOS versions, there's a fair chance of everyone's Unreal-based games breaking on the next major OS releases. So it's no longer just "Fortnite". Apple are dangling their entire Unreal customer base over the heads.

Re: Why offices?

With the kids screaming through at 3.30pm when they get back from school?

Some people live in flats with two bedrooms just large enough to get the actual bed in, a bathroom and the kitchen/diner/living-room. Have fun setting up a dual-monitor rig on the kitchen table, jostling for elbow space with your kids doing their homework, then clearing the lot away for tea.

A folding desk doesn't solve that issue.

Working from home is great. I'm doing it and long may it continue. But I also don't overlook the immense privilege I have in possessing a little office room where I can close the door and shut out the household.

Re: Unfortunately, Apple will win

Wasn't the 90s when Apple ran their "I'm a Mac. I'm a PC" ad campaign specifically to show how they were NOT a PC?

2006-2009, though it seems like longer ago.

Yes... thing is, that's usually when the bosses are newly-minted MBAs with lots of case studies and big ideas but limited knowledge of your industry vertical (or the company is tanking and the boss does whatever their new business-guru tells them).

Mitchell Baker has been with Mozilla since Netscape. She wrote the Mozilla Public Licence. She should know better.

Worse yet, Servo is the new shiny. A Servo-powered Gecko engine should be the selling point of the org, and aspire to underpin other browsers. If it had come along a bit earlier or been more mature then MS might have jumped on Servo/Gecko for Edge instead of Chromium.

Re: This is actually a good thing

Perhaps as a community we need to find better ways to fund them.

Seems to be the season. Few such projects seem to be finding good models to support themselves:

Companies toiling away the most on LibreOffice code complain ecosystem is 'beyond utterly broken'

Re: Coming soon

I was thinking more along the lines of "If you have a warehouse in a retail area, you might as well have a counter there so people can do pickups for common items instead of waiting for delivery".

There we go, I've just invented Argos.

Re: Shits All Over Google

And for some screwed up reason I'm not yet able to grasp, Google News will soon have to pay sites like news.com.au for providing a link to news.com.au ???

No. Google will have to pay sites presenting their content to users within Google, instead of forwarding them to the site where the content creator runs ads and can make some money.

It turns out that if you give the user a big enough snippet of the article, they don't usually bother clicking through to read the rest of it - even if you provide a link.

But you knew that already.

TLS1.3 isn't just about mathematically more secure ciphers or ESNI.

TLS1.3 also mandates cipher suites with Forward Secrecy. This breaks MITM boxes because you can't just siphon off a data stream and decrypt it at will using your private/internal Certificate (as plenty of banks & corps do using a private Certificate Authority). Cipher Suites with Forward Secrecy generate a new - ephemeral - secret key for every session.

Also, as noted - ESNI complicates the process of knowing what domain the user is requesting and presenting the user with an appropriate spoofed certificate.

This is all by design, has created many headaches in corps with regulatory requirements to monitor everything going across their networks. It is telling that China have just thrown in the towel and banned it outright.

Given the general long life of Macs (annoying OS-based planned obsolescence aside), could the announcement of impending ARM chippery see a bit of Osborne Effect?

I doubt it. If anything professional users will pick up a late-model Intel iMac to last them through the transition period, picking up ARM in 5 years time when the ecosystem and third party software has all settled down. Let the consumers and bleeding-edge die-hards find the bugs.

Most consumers won't care that much, they're buying it for macOS, not the chippery. If they need a new box they'll buy a new box. They're not bouncing on their heels for the ARM version.

Re: less than ideal

Everybody knows they're in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.”

Don't forget to take a flashlight - the cellar lights will probably have gone.

Re: Can it reduce the time spent at airports

Like Concorde, I imagine a service commanding ticket prices of $5500 will have it's own check-in and security. Arrive 15 minutes before departure (possibly by helicopter), collect martini and away you go.

Re: Deep-rooted prejudice

There's an entire episode of Only Fools and Horses built around the Indian caste system in London (or rather, exploiting British ignorance of it!). That was 1981.

Re: you would be surprised...

I recall reading a Cory Doctorow story some time back. It wasn't terribly good, but one scene did stick with me.

Set in the near future the protagonist ends up in court and after being queried on a point the judge replies "I'm not a complete luddite you know - I used to play CounterStrike for England!".

It was an entertaining observation that whilst we like to view judges as old and fusty, the generation of young professionals who were ~20-25 when Half Life came out in 1998(!) are now in their mid-40s and starting to fill into roles on the Bench. As you say, they understand enough to ask the right questions as the technology relates to the law.

They've had their redress.

By agreeing to enter binding arbitration they agreed to be bound by the findings. Arbitration is really just like going through the courts but a hell of a lot cheaper. You both present your cases and the arbitrator makes a ruling.

I've seen cases in non-binding arbitration where one party has decided they didn't like the ruling, forcing a court case. This ultimately costs more (because you've paid out for the arbitration) and wastes everybody's time. It's an arsehole move. If you're not sincere about entering arbitration, then don't. Have your day in court and get it done with.

It is an entirely reasonable response to seek a no-suit ruling to prevent vexatious lawsuits if one party is going to play silly buggers after arbitration.

Consider this. If SETS had gone to court, they'd have been told the same thing, and if they'd then tried to bypass or reject that ruling they would have ended up in contempt. This is just the court enforcing the terms of the contract that they willingly signed. Same outcome, just via a slightly different route.

Re: Correct me if I’m wrong

But isn’t it the first manned capsule to have been designed since the ‘70s? That’s more impressive to me than the 9 year stat that always gets bandied around.

Put it this way. It's only the 9th vehicle to have carried humans to space (and the first privately developed one).

* Vostok

* Voskhod

* Mercury

* Gemini

* Apollo

* Soyuz (albeit various iterations/versions)

* Shuttle

* Shenzhou

* Crew Dragon

Re: How much?

$50-60m is the cost of a commercial launch on F9.

Crew Dragon launching to ISS is ~$160m, because you have to pay for the payload (Crew Dragon) as well as the rocket. And man-rating carries a premium.

So for Bob & Doug, that works out at $80m/seat. But in principle Crew Dragon can carry 7 (.vs Soyuz 3) which whittles the price down to $23m/seat - though it's unlikely NASA will actually launch 7 at a time due to available space on ISS. More like 3-4 with space for pressurised cargo/experiments.

Re: Oh. Again?

Liquid rocket fuel is often pretty nasty stuff

LauncherOne uses LOX/RP-1, so just highly-refined Kerosene. A spill has environmental impacts but there's no nasty hypergolics (though the payload of course might have hydrazine maneuvering thrusters if they're not simple cold-gas, but the main propulsion by weight and volume is just RP-1).

Still, the sort of thing you'd do at a quiet location like Newquay without the hassle of integrating with nonstop freight and passenger traffic at somewhere like Heathrow or Gatwick.

Re: Oh what a tangled web we weave!

Not sure if serious...? I suppose this happens with international audiences.

At one point during Labour's last tenure Ms Harman was associated as a promoter of "Political Correctness gone mad". Consequently it seemed wrong to call her Harriet Harman since that was clearly sexist and furthered the oppressive patriarchy. So Harriet Harperson became a nickname in some quarters.

Much like "Petty Patel" or "Priti Awful" (for our current death-sentence loving Home Sec), Tony Bliar (no luck catching them WMDs then?" ... "It's just the one WMD actually"), etc, etc.

Re: A possible explanation for sudden behaviour change.

Musk has got himself in trouble with tweets for a few years now - with the SEC for tweets about Tesla stock, or accusing a British of being a paedophile (a baseless accusation that came from a scam private investigator that Musk hired).

I'd attribute those to throwaway comments when under pressure. Musk has always been a bit edgy and anti-social. I think it goes with the territory. Uncompromising geniuses (and objectively, he's an extremely high-performing polymath) tend to have compromised social skills and Musk has never been any different. His performances on Twitter only show that more acutely.

His detractors will say "Oh, it's just Musk being a dick", but that's lazy. The latest hissy-fit over lockdown seems... different. It's not based on a rational analysis of the available data - and that's unusual for Musk. On the one hand you can forgive him being annoyed - Alameda County are the only ones in California maintaining lockdown and every other car manufacturer is going back in their respective states too. But on the other hand, we all know that everybody else is wrong. Trump is wrong, the walts protesting outside state capitols with AR15s across their chests are wrong (and an embarrassment to the 100million respectable and responsible US gun owners to boot). For someone who has always been happy to buck the trend and challenge the received wisdom... it's a change. Is that the fog of new fatherhood, or is this an early indication he's going the way of Cloudflare founder Lee Holloway?

Or maybe he's just being an arrogant dick and he hasn't realised that his enviable ability to integrate new skills and domains of expertise has run out at epidemiology.

It's also about attitude.

You can have a sizeable breach, but if you took all reasonable steps - patched, segmented the network, enforced strong passwords, MFA, etc and someone got in because oh, say, a well-respected firewall vendor (*cough* Sophos *cough*) had a serious RCE bug being exploited in the wild, then ICO will take a very sympathetic view to you. You did everything you reasonably could.

As compared to a web-facing dashboard with no auth and no attempt at auth, spilling out PII for years which clearly wasn't properly configured at installation and should never have been accepted by the customer in such a state.

Re: This may be a really obvious question.

No, your average American who doesn't like within a major metro area (and quite a few who do). Not to mention those Brits who live inside the M25 yet can't get sensible speeds due to weird EO lines - or those in rural areas who BT confidently claim can access "superfast fibre broadband", but can't get better than 2Mb down on account of being >2miles from the cabinet.

Re: It's used because it works

Absolutely - and not just in industry but in the consumer space.

Good look setting up a github/x/y/z to some bog-standard cPanel or Plesk hosting (unless the admins have been uncommonly generous and enabled the appropriate plugins). I actually do do this with a hugo site - commit files to a private repo, which triggers a Github Action to rebuild the site and then... FTPs the Public directory onto the hosting.

But fundamentally, your options are login and use the web-based file manager or FTP(S) in. It's so easy your dad can use it.

If you maintain your own servers and can configure your workflow just how you like it (or use cloud services with the latest workflow options) then great. For many consumers and indeed SMBs, FTP is the lowest/simplest common denominator, regardless of whether it's used directly or at the end of an automated testing/build pipeline.

Along with RDP, which we're all told is prehistoric and "nobody uses RDP anymore" - oh yes they do!

... we've removed all the landscape features that used to absorb the extra water (marshes & wetlands) and keep building houses in places ta flood..

Along with all the upland woods and forests which trapped water upstream and "flattened the curve" (wait, where have we been hearing that recently?), either sucking up water for the foliage, or just releasing it slowly over the course of days/weeks rather than hours.

Re: What about the CDN?

This is a genuine question. Does anybody know why this is a measure worth taking?

Because most broadband networks are sold on a contended basis. Buying a 70Mb connection doesn't guarantee you 70Mb of backhaul from the cabinet to the exchange or from the exchange to the head-end or regional core, which is where CDN and OpenConnect appliances will live. At one time cabinet contention of 25:1 was common, so if 25 of you bought a 30Mb connection, you were sharing 30Mb of capacity out of the cabinet - and just over 1Mb each doesn't go that far these days.

If all the kids are streaming Netflix in UHD, that can impede their teleworking neighbours who are trying to use VOIP, video conferencing or remote desktop infrastructure (or indeed trying to wrangle large files down from company filestores which would normally be on the office LAN). Encouraging Netflix to cap streams at HD (for instance) is eminently sensible.

It's the cabinets and exchanges which are likely to become saturated rather than the IXPs or Network Cores.

Re: Hang on...

If scientists are going to download so much data locally that went to the cloud first, then surely that data should have gone directly to a NASA data centre first anyway (either for use or for pre-processing prior to AWS ingress)

I was likewise confused at first. Surely the likes of NASA could just negotiate a couple of fat peering connections with AWS and bump off egress charges (in the same way that Bandwidth Alliance deals allow customers to discount egress costs from Azure if they are using something like Cloudflare, because Azure and CF peer and it costs MS nothing to send data to CF compared with sending it over transit).

I think the point is that this is the cost derived from arbitrary users - people at academic institutions around the world. I wouldn't be surprised if this is where the oversight has occurred - NASA will likely be able to get at their data in AWS for free, and it was forgotten that most of their data users are outside NASA and EDSIS will get stung for the egress to them.

I think.

Re: You can disable

Technically Cloudflare's DoH endpoint is at <https://cloudflare-dns.com/dns-query>

Obviously this requires that you have a config file with the IPs for that domain to bootstrap the service (just as a full resolver has a Root Hints file to bootstrap the service).

Using a domain is done because although it's perfectly possible to have a TLS Cert for an IP address, it's poor form and CAs aren't supposed to issue such things. As a result it's better for the resolver to be calling a FQDN (though CF, being their own CA could generate one - and I seem to recall reading that they might have by now).

Re: Not to pour a dampener...

...but the SE replacement has been one of those rumours that is as enduring as Apple releasing a TV.

Yeah, but the difference is that I've finally updated, and it'd be just my bloody luck if Apple finally release an SE2 6 months after I upgrade.

I've been hanging on for years. Finally bit the bullet in October when my beloved 5S started to physically fall apart and ended up getting an XR when the price dropped after the 11 came out.

Re: "In other words, you ain't got no choice."

EdgeOS on the EdgeMAX/EdgeRouter gear is forked from Vyatta.

The Unifi stuff is OpenWRT.