Posts by Alan Brown 16473 publicly visible posts • joined 8 Feb 2008
"In all seriousness, Vegas casinos have some of the most comprehensive and sophisticated monitoring and data analysis setups on the planet. The things they can do if they so choose are often terrifying."
Which inspired the lyrics 'I am the Eye in the Sky, looking at you, I can read your mind/I can cheat you blind'
> makes about as much sense as driving a supercar around with the hand brake on.
Nope. Sata's still useful, These big SSDs aren't particularly fast. They can max out a sata bus but they're not much faster than that even though they blow HDDs out of the water on latency.The tradeoff is heat.
Think of these as a large Box van. The increased performance is only part of the equation when buying them. Reduced power consumption & noise, vastly faster startup (which means they can sleep faster and that drops the power consumption even more) and massively longer lifespans than spenning drives are where these win out.
"Fat lot of good when your laptop ONLY takes SATA"
I'll leave you with THIS: https://www.startech.com/HDD/Adapters/m2-sata-adapter~S322M225R
Or If you have a truely ancient laptop, THIS: https://www.lindy.co.uk/components-tools-c7/drive-caddies-raid-c321/msata-to-2-5-ide-ssd-drive-7mm-p8706
You can get them considerably cheaper than the figures above if you look around and they both work fairly well.
Of course, in a desktop, space isn't so much of an issue anyway.
You could always use an expresscard SSD, but it's no faster than a sata bus and they've pretty much gone from the market.
The fun part is getting a PATA to M2 adaptor and then cropping a suitable msata card into it.
It's cheaper than getting a PATA ssd and _much_ faster (the pata SSDs tend to be crap). You'll find your old workhorses start moving at unbelievable speeds.
This is also a good way of keeping various scada kit and things like ancient CNC equipment alive.
> So why hasn't a manufacturer come out with a medium format (3.5" rather than 2.5" or 5.25) SSD that can be stuffed chock to the gills with chips from the previous generation
Because demand is mostly still outstripping supply for production of those chips and in the larger case formats getting rid of heat becomes a little problematic - especially with older (hotter) generations of chips which in turn kills reliability. Heat is one of the reasons that M2 is becoming popular. Getting rid of the case makes cooling much easier. 2.5" is a legacy case format. Anything larger is from the dark ages.
If your motherboard can't directly take M2 devices, there's a legion of addin cards. I've seen up to 4 mSATAs supported on one card and StarTech sell a neat wee pcie card that takes a NVMe drive on one side, with 2 msata carriers on the other that plug back to the motherboard ports.
There's talk of NAND oversupply, but it's more catchup than anything else. In any case SSD prices _are_ falling whilst HDD prices are relatively static.
"For those of us who still use desktops (or NAS) HDDs are still the best way to go."
If you want to make best use of large HDDs, then you need to front them with SSD caching (read caching and write intent cache) to mitigate the seek penalties.
The size of that cache depends on the kinds of loads you're generating. The way you do it depends on what you have available. I prefer ZFS for large arrays as it's got zero downtime for fsck(*), but you can cache bsd/linux LVM and Windows servers have their own implementations.
"In the enterprise, ideally you want frequently accessed data somewhere quick and infrequently accessed data somewhere cheap and well-protected. The ability to sort data and place it properly keeps the industry going."
In the enterprise old style, that was the case. When you have large scale automatic tiering/caching then this kind of balancing act becomes much easier. That's why ZFS is a godsend when the "infrequently accessed data" suddenly becomes "hot" for whatever reason.
(*) Some of my older installations have 3-400TB of storage onboard. If they decide they need fsck at startup, that makes for a long delay.
"When that happens, that manufacturer will probably just ditch all of the R&D (no point in future development after a certain point) and just churn out cheap drives on their existing equipment."
Which is what happened a few years ago at both Seagate and WD. HAMR was the last development to come out of the R&D labs before they closed. It's been in the engineering labs trying to be turned into a commercial product ever since.
"So If Samsung think their new SSD is going to compete on capacity with hard drives, they're going to have to sell it for about 8-10 times less than their current generation of SSDs. "
If they sell for 4 times the price of HDDs, most buyers will bite their arms off. That 3 year warranty is a good indicator of expected lifespan for starters.
Then there's the vastly reduced seek times, power consumption, size and massively increased bandwidth (mechanical drives top out at about 105-120MB/s sequential and drop as low as 5MB/s at 120-180IOPS random - and at that rate of sustained random IOPs large enterprise drives shake themselves to death in 6 months, let alone consumer ones.)
The introductory price of the 4TB QLC drives in "evo" format is unlikely to be above £600 inc vat - which puts them about 4-6 times that of NAS drives such as WDreds and I'd happily drop them into my 32TB ZFS NAS rig knowing that they'd save me about £75/year apiece in power bills alone.
Bear in mind that 2TB SM863s have come down from £2k to £1k, whilst you can get old stock 860evo 2TB for £435(M2)/535(2.5") and 970evo 2Tb M2 for £630 and the 860Evo 4TB sata being £880 (those are all inc vat) - these are all about to face runout discounts.
> The hardware in an SSD however is fixed
More or less, but it changes areas dynamically from QLC to SLC or somewhere in between as the drive decides it needs caching or not - and it's constantly moving things around to keep everything healthy, plus the level of error correction being applied is mind-blowing and adjacently addressed bits aren't necessarily stored physically adjacently.
> and so maximum voltage levels in the cells will decline as they age
These aren't electrolytic capacitors with leaky insulators. They're silicon electron wells - about the best insulated form of FET you can devise. It's about coulombs, not volts.
> but more to the point - not uniformly between them.
They already do.
> So the firmware can't simply adjust its voltage level parameters to account for it.
The firmware already does and is already dynamically recalibrating itself over areas of the die to account for ion drift, else large chunks would become unusable very quickly. That's the point of having all that processing power onboard to actively keep track of and manage the health of the NAND.
Samsung wouldn't be shipping QLC without a large level of confidence in their product - and whilst they put a 3 year warranty on their _consumer_ drives, WD and Seagate have so much confidence in their consumer devices that they best they'll offer is 2 years(*), but more usually 12 months - and I've had to replace far too many drives under warranty in that 2 year period for purchases made since 2011.
(*) One of their fabulous weasel antics is to refuse to honour warranties on anything sold via an OEM and point the customer back to that supplier - meaning if they gave you a 6 month warranty or went toes up, that's what you got. Samsung have zero quibbles about directly honouring warranties.
"So as far as I am concerned, if I put anything online I fully *expect* it to be scanner, probed, prodded and slapped for good measure. "
127.0.0.1 is explicitly NOT online and I don't expect something outside my network to work out a way of bypassing my firewalls, scan it (and possibly the rest of my internal network) the report back to the attacker's mothership.
Halifax really haven't thought this one through and their actions go well beyond the bounds of what's reasonable behaviour. CMA most definietly applies - not for the scanning, but for the way they're explicitly bypassing security and attacking the target network, plus running unauthorised attack code on 3rd party computers.
"I get VERY grumpy at etailers that try to introduce 3rd party scripts at the final stage of a payment process;"
I get very grumpy at contract suppliers who do it at any point along the way. GDPR and personal data harvesting tends to figure in such complaints.
"I've never had one of the twats e-mail me to to warn me that I might have a security problem."
If they did you'd probably scream your head off about spam. That was the experience of various voluntary efforts that tried this approach in the 1990s. Shooting the messenger is still a popular pasttime.
"The fact of the matter is that Halifax isn't technically scanning you."
No, Halifax is exploiting a security vulnerability of web browsers to induce your computer to run network scanning code - ie, without bothering to get explicit permission first.
The fact that it's scanning 127.0.0.1 instead of 192.168.0.1-255 or 195.130.217.2[014]1 and 91.220.42.2[014]1(*) isn't relevant. The factor of permission and unauthorised operation _IS_. It would take a couple of tiny tweaks to move this from something apparently benign to something extremely nasty and the fact that its existence has been disclosed means the webserver holding that javascript is now a target for every script kiddie on the planet looking for a DDoS attack engine. As we all know, banking webservers are some of the most secure on the planet.....
(*) Extra points if anyone recognises those IPs and what the likely reaction would be if they were prodded.
" this (invasive, I agree) action is triggered by your browser downloading some asset on a system you are using voluntarily."
Um no. It's no different to surreptitiously kicking off a coinminer in the background when I visit your website.
_Other_ sites such as IRC networks and suchlike are looking at what ports you have open from the outside (mainly to ensure you're not an open proxy) they're not stealing cycles to run a scanner on the victim box and then using that victim box to report details of the internal network which would be shielded from the attacker even on a well-firewalled installation.
Shit like this is why I use scriptblockers.
"I'm not saying he wouldn't do it but he would be heading into progressively deeper shit if he did."
Part of me is hoping that he's both stupid enough to try and thick enough not to realise that a lot of people are going to make a hobby out of keeping an eye on his activities.(*)
Personally I thin the ban should be 6 years or until the fine is paid, whichever is longer.
(*) Bearing in mind that a lot of criminals of this kind believe they're too clever to get caught, that they have an infallible scheme and tend to have a tendency to gloat about their moneymakers or simply flaunt the unexplained wealth.
" They are no doubt hoping that the matter will never get to a Court with the power to force them to disclose the information."
What's been happening in the USA is that as soon as it looks likely that a court would order such a thing, they've dropped the cases in question.
Of course a judge whose interest has been piqued may not _allow_ them to walk away like that.
"What if they gather a piece of evidence proving your innocence but keep it secret to convict you?"
What if several years after bring convicted, sentenced and jailed, it comes to light this is exactly what happened?
Actually you don't need a 'what if', because this has happened on multiple occasions.
Police corruption isn't just taking a backhander or letting some influential person (or their kids) off on serious charges because it might embarrass the establishment. Nor is it framing up some innocent person because they embarrassed the hell out of a racist senior inspector.
The most common type of corruption in policing - which also happens to be the most corrosively dangerous kind of corruption for society as a whole - is "noble cause" corruption, where the people concerned are convinced of their righteousness often feel they're "on a mission" and feel they have to break the rules for the greater good. It used to be summarised as "He's a bad man and he's done lots of bad things we can't put him away for, we need to make this one stick no matter what"
It's the kind of thing which resulted in miscarriages of justice like the Guildford Four and the Birmingham Six, amongst many others.
https://en.wikipedia.org/wiki/Noble_cause_corruption makes pretty interesting reading: Perhaps you can recognise people in your local county LEO from these descriptions.
> "It's being worked on, we should be starting initial roll out next year."
> That was 5 years ago
Ditto.
Which is why I filed an ASA complaint about what they're calling Unlimited Broadband and Internet.
There is ZERO mention of IPv6 on their website. I've pointed ou tthat some other ISPs are specifically saying they can't provide IPv6 whilst others (A&A) are pointing out that they can.
"I'm not up to speed on the technicalities of IPv4 vs v6"
That much is obvious. Various ways of trying to but out compatible ways forward were discussed and discarded because it was clear they would end up as a Rube-Goldberg (Heath-Robinson for the ukites) mess from the outset and things would go rapidly downhill from there.
IPv4 was not designed with expandability in mind. It was intended to be a temporary solution to a pressing problem with a 5-year life expectancy whilst a "real" internet protocol (IPv5) was under development. That "solution" turned out to be IPX, which turned out to be completely unusable because Novell forgot that it needed to be widely routable.
At its core, IPv6 _IS_ just IPv4 with extra bytes tacked on. The way its written is different but you can use octets if you really want to (the format change is to keep it manageable) and it still has 65536 ports, etc. There are some extensions to add functionality and extra undefined type fields to handle future growth in types, because IPv4 demonstrated that what was projected wasn't enough.
The single biggest problem is that there is NO WAY WHATSOEVER that an IPv4 host can initiate a connection to an IPv6 one. It would be like a 2 dimensional being trying to connect to a 3 dimensional one. Or to put it another way, it would be like trying to communicate from our universe to other bubbles in the multiverse. We simply can't address those spaces whilst sitting in this frame of reference.
IPv4 is full. There are no more addresses being issued - ever. There's some horse trading of existing ones around the edges which is simply making the existing routing quagmire even worse whilst people are kidding themselves that "Ip addresses" are valuable. meantime, there are quadzillions going begging if you look in the other direction, to the tune of a few million "IPv4" IP ranges person.
Whoever pays out millions for a few IPv4 subnets and then has to explain to the investors that they're essentially worthless is going to be an unhappy camper. There are already fairly large tracts of netspace that are unreachable from IPv4-space. Even if Joe-average consumer can't see that those of use who need to deal with the US, EU or Chinese high speed academic networks are already feeling it and IPv6 is gaining popularity across asia thanks to the effects of multiple levels of IPv4 CG-NAT.
If you want to beat on the Brexit drum, live in your little IPv4 walled garden and dream of the days of empire and a smaller network world, then feel free, but bear in mind that the last outfits to leave IPv4 space will be the marketers - who love the stick-in-the-mud reluctant shifters, so you can look forward to an ever-increasing proportion of spam as the rest of the world moves to ipv6-only.
"Nevertheless if you talk to those who are using such connections and tell them about their potential problems they'll look at you blankly and say "but it works"."
So did people who had the most amazingly shitty TV pictures until the day they saw a decent display on their neighbour's set thanks to a decent antenna
"Erm, is there any reason all those shoddily (or not at all) secured IoT devices should be directly on the Net, rather than behind a NAT gateway?"
Actually what happens is that because of CGNAT, they tunnel out to servers in other parts of the world to get a stable address and that's where a lot of the problems start rearing their ugly head (essetnially creating a VPN backdoor into your NATed home network.
"When IPv4 was under development during the 1970s, it must have seemed reasonable to specify 32-bit source and destination fields that dictate approximately 4.3 billion possible addresses."
Actually, Vint Cerf was castigated for using 128-bit addressing and told to cut it down to 32-bits.
640k ought to be enough for anyone.
(Actually, as I've mentioned before, IPv4 was intended to be a temporary solution - which has lived more than 30 years past its use-by date, thanks to IPv5 being DOA.)
"Would it have been feasible to devise a protocol which accepted IPv4 as a fully accepted subset?"
No - and one of the driving reasons for making IPv6 address space so large is to ensure that needing to go through this exercise again in future is "unlikely"
"When IPv4 was under development during the 1970s, it must have seemed reasonable to specify 32-bit source and destination fields that dictate approximately 4.3 billion possible addresses"
Just because you can HAVE 4.3 billion IP addresses means you SHOULD do it.
"After all, the entire internet at the time comprised a relatively small population of government and academic sites. Then came the World Wide Web in the 1990s, and global subscriber numbers went stratospheric."
The first octet was supposed to be routing information, the second octet, routing information within the organisation. (a bit like country codes and area codes)
That went out the window long before the WWW was an idea in Tim B's head, mainly because IPv4 was a "hacky kludge" with a projected lifespan of maybe 5 years whilst the real Internet Protocol was developed (Didn't you ever wonder what happened to IPv5?)
A lot of the first few bytes of IPv6 is intended to provide exactly that routing detail. Yes it COULD provide quadzillions of individual IP addresses, but that's not the actual design purpose and focussing on that misses the entire fucking point (In fact, if you did start filling up the space, you'd wreck the easy routability in the same way that IPv4 routing tables have become a clusterfuck in the core levels)
As others have said: CG-NAT is not "Internet", it's a window out of a walled garden.
There is a possible way forward on this (for UK readers, if not YMMV): The Internet Engineering task Force declared IPv4 to be in official "sunset period" back in 2017 and that it is to be replaced by IPv6.
This gives force to misleading advertising complaints to the ASA and your local Trading Standards office against any provider which claims to offer "Unlimited" access without IPv6 (that's a very real limitation right there - effectively a walled garden with decreasing horizons over time), or "Internet access" without IPv6 - again for the same reaon (Ipv6 is an essential part of the Internet, therefore not providing it means that what's on offer is no longer an Internet service, but some kind of cut down version.)
Casting back to the mid 2000s when complaints were upheld about 3's Walled Garden web-only service being called "Internet", complaints like this might have legs - especially if lots of complaints are sent in.
"There should have been a point, long ago, where the basic addressing system of the internet stopped being under the control of a US-based entity, and instead was governed by an international body formed by an international treaty."
That's what the ITU is arguing.
You really _don't_ want that model. It would have killed the Internet as we know it in the crib as a threat to the global telecommunications cartels and it still has the potential to strangle it.
"The one groups of people who won't end up paying are the people who run ICANN which is presumably the people you want to suffer."
Judges are not stupid people. If they decide that the actions of the board "pierce the corporate veil", then they can hold board members and directors individually and personally liable for illegal behaviour.
Limited liability companies shield the _shareholders_ from unlimited financial liabilities. They do not shield the directors or management from the consequences of illegal or criminal actions.
"about the sale of domain names without a legit contact. Admittedly that horse has largely bolted,"
That horse bolted long before 1998. ICANN didn't even _start_ taking an interest in whois accuracy until it was threatened with legal action over all the faked addresses and collateral damage ensuing (one kiddy porn domain was registered to a residential address in Guildford inhabited by a very confused and upset little old lady, as one example) and then when it realised it could be a money earner things started going cha-ching.
"Perhaps because I was working in government disorganisations, the client did not know how to specify a problem and remediation requirements so that vendor could do what was needed ? "
But the same incompetent buffoons were prone to shifting the goalposts mid project and utterlly incapable of writing watertight contracts.
But that doesn't matter, because they simply use threats and beration to silence all critics until the problem is too big to ignore, then get paid handsomely to fuck off, because there's no other way to get rid of them without a massive legal fight and years of delays.
A _very_ long time ago I added code to a PC router to toggle the speaker output for every packet passed.
The speaker output was piped to a timer circuit (555 monostable) which in turn was piped to the reset switch.
If nothing passed for 5 minutes, the OS got a crowbar dropped on it (This was long enough ago that the whole thing booted off a 360k floppy). That $5 mod saved a number of callouts.
"You could put this down to rubbish infrastructure, or a subtle plan to make the Great Firewall undocumentatble."
As far as I can tell, chinese are fairly free to criticise their government or anything else for that matter.
What REALLY worries the authorities is any sign of _organised_ activity (or incitement to organise) and that's what makes them jump rapidly.
"The Dalai Lama may be a progressive guy but his predecessors were not."
And neither are many of his contemporaries in a certain other "Buddhist" country to the southeast, which has experienced what can only be described as "religious clensing" since 1962 (which is at the root of the refugee crisis going on there at the moment)
"the American Trans-Pacific trade agreemnt was offering the southeast Asian countries".. much the same, only on much worse terms.
There, FTFY.
China's flexing its muscles and stepping back up to the plate as a major power - something that it's been absent from over the last 300 years due to colonialism, civil wars and the rise in sea trade overtaking the importance of the Silk Route.
Unlike other countries I could mention it's managing its economic expansion and growth in international trade WITHOUT planting its gunboats in other countries' harbours and threatening to blow the local government sky high(**) unless the people on the pointy end of the barrels decided to trade on the terms of the people with the matches.
(**) Some didn't even bother with the threats and just blew african coastal civilizations to bits without any warning, then called them primitive barbarians deserving to be conquered and enslaved.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2026
