Re: Collusion
It's true that it's a difficult one to make a TV drama about.
I think the broadband landscape looks somewhat different.
Posts by Pan Handle Door Handle With Care
15 publicly visible posts • joined 30 Apr 2013
BT to spell out contract price hikes in pounds and pence
Wednesday 17th January 2024 12:05 GMT
Collusion
These in contract price rises will be the next big public scandal.
I don't know whether there has been some post-Brexit change to competition law that means telcos can get away with this, or whether the regulator simply sees its role as one of protecting corporate profits more than consumer interests.
In either case, the overall effect over time is to circumvent competition in an organised way.
It used to be that you could normally get a good deal at contract renewal time. Either a competitor would offer something more attractive in return for the hassle of moving to them, or your existing ISP would keep your existing price or reduce it in return for locking you in so they didn't lose you for a further 12-24 months, maybe with a new router to sweeten the deal.
Now, customers no longer need to be fought for because collective action by ISPs over a couple of contract cycles has successfully raised the overall floor price in the industry by a very significant amount.
You won't be able to shave the manifestly excessive 14% in contract rise back off again at renewal time because all the prices have gone up by that much. And the value the contract lock in now has is purely to the provider in establishing the legal basis for that to continue. The consumer has no choice. You might get a few months discounted from a competitor, but they preserve the overall higher-and-rising price floor in the industry by jumping to the "normal" price after that, as well as adding a further inflation-busting increase the following year.
Sure, this makes it more difficult to calculate the true cost of the contacted service, but that isn't the main effect.
Ofcom focusing on making the price more transparent is a meaningless distraction from a consumer perspective because a subverted market means there is no meaningful price competition keeping a cap on costs.
A price which is higher than it would otherwise be in a fair market is still a high price. Being clearer about its true level doesn't help you avoid it.
The scandal is the collective action and abuse of power by commercial interests working in concert to distort the market over time, with the connivance of the regulator.
Inflation is different for different products and industries. Technology prices, historically, do not rise with the Consumer Prices Index. An index is an average. If you impose a particular level of inflation on a market then by definition you distort it.
There is no justification for a CPI + x% formula, nor for price rises within a fixed contract. Those are unfair terms.
How is it different from continuously doubling leasehold ground rents? In principle, it isn't.
Windows XP activation algorithm cracked, keygen now works on Linux
Friday 26th May 2023 14:33 GMT
Re: Where VueScan's going, it doesn't need drivers
If you get in touch with Ed Hamrick he'll no doubt add it if he can. Years ago now I asked if he could add support for a Microtek hardware feature, dropped the scanner off at his request and he'd reverse engineered it a week later! Amazing software and an amazing developer. Still keeping the world spinning 20 years on.
In memoriam: See you in Valhalla, Skype Classic. Version 8 can never replace you
Surprise: Android apps are riddled with trackers
Tuesday 28th November 2017 10:19 GMT
Analytics
Just looking at an Android phone I have to hand with a small set of apps on it, it makes the following DNS queries at startup (amongst other more obviously attributable ones, such as 4 each to Weather Channel, BBC and Google domains, 2 Twitter and 1 Skype):
s3.amazonaws.com
mads.amazon-adsystem.com
device-metrics-us.amazon.com
mobile.eum-appdynamics.com
reports.crashlytics.com
e.crashlytics.com
settings.crashlytics.com
ticks2.bugsense.com
decide.mixpanel.com
api.mixpanel.com
There are no open TCP ports, but it is listening on 24 different UDP ports, for whatever reason (some more obvious than others):
17
53
687
3130
4444
6001
17237
17629
17824
19682
19687
19936
20423
20522
21060
21405
22914
34555
34580
39217
42639
44946
61412
63420
No consumer makes a conscious, informed choice about any of this, let alone about what data is actually transferred. GDPR certainly ought to be relevant...
YouTube sin-bins account of KRACK WPA2 researcher
Friday 20th October 2017 00:58 GMT
Re: Coverage ?
I read the paper before commenting, although possessed of no specific prior interest in nonces nor particular knowledge of WPA keystreams. Hope that's OK.
It is a complex exploit; but not, apparently, too difficult to automate and build upon.
Importantly, the impact is obscured by the complexity.
That it is hard at this stage to fully explain the ramifications is not surprising. So no criticism intended.
It is a big hole, though. And one the significance of which can only be properly understood through detailed and nuanced exposition of practicalities. Well, I'd find that useful, personally.
Not too many malicious people will walk through the hole, in the grand scheme of things. But they always can if they want to.
I've left my keys in the front door (on the outside) overnight before now. Kicked myself; but nobody, in fact, availed themselves of the opportunity to either let themselves into my house or guess which car was mine on the street and use that key to steal it.
If someone had let themselves in, they would have found that many valuables were not locked away. Because we do still tend to trust the perimeter. Frequently, there isn't much choice.
Thursday 19th October 2017 18:38 GMT
Re: Coverage ?
It is true, however, that there hasn't been the kind of well-informed, detailed explanation of the vulnerability that The Register would normally do.
Possibly because the paper hasn't been presented yet?
TP-Link have come out with a statement which suggests they could benefit from just such an explanation:
http://uk.tp-link.com/faq-1970.html
It says, "Time Window: An attack can only happen when a client device is connecting or reconnecting to a Wi-Fi network."
They either don't know, or don't want to point out, that the reconnection can be forced.
Either way, it doesn't sound as if they are planning to roll out any kind of clever mitigation measures on their routers to take account of smartphones, printers and other devices which will never be patched.
And it isn't clear, more generally, whether and how that might be possible. A question which El Reg might be expected to answer in the course of thorough coverage to come...
UK mobile number porting creaks: Arcane system shows its age
Thursday 20th July 2017 13:35 GMT
SMS Black Hole
We have a particular number ported to Three from T-Mobile/EE and have endless problems with SMS messages to it from EE users randomly not being delivered. Seems to happen especially with long (ie. concatenated) text messages. Sometimes "number unavailable" with calls from EE too (when it has full signal,) but that more rarely.
Numerous complaints to Three have gone nowhere (although their staff are generally pretty helpful in their attitude at least) and it is essentially impossible to troubleshoot the issue without a deep technical knowledge of how the mobile networks actually work - which I don't have, and the Three staff you can actually speak to don't either - because there are just so many variables.
Time and location for a start. Problem with the most frequently nearest local mast (which is an EE colocation)? Could be, but there have been problems elsewhere too (so were they colocations too, perhaps?) Is it relevant that the SMS originator is an iPhone on EE? (Three have twice said that they have broad problems with that combination, but without further explanation or any indication of a fix. And in any case, messages have been black-holed from at least one EE Android user.) Is the receiving handset the problem (another thing they like to blame without logical or evidential basis)? Is it an issue with 4G? (Been asked to switch to 3G-only on a few occasions thus far, but there doesn't seem to be any consistent link.)
All very tiresome. Text messages not being delivered can cause real problems. And without the knowledge, we're completely in the dark - can't even try to insist they look into something in particular.
The... Windows... XPocalypse... is... NIGH
Tuesday 8th April 2014 15:33 GMT
Windows 2000 could be the answer :)
All this panic and hand-wringing.
Well I still have a Windows 2000 PC running quite happily for undemanding tasks. I'm posting this from it, in fact.
Can't say I've had any security problems since extended support finished nearly 4 years ago.
(Nor, indeed, before then. The machine hasn't even ever needed re-installing in the course of 13 years of daily use and various upgrades.)
I run ZoneAlarm on it and take other precautions, but don't have anti-virus.
Admittedly, I'm the only user, and not a typical one, so not everyone would necessarily get away with it. Certainly not a recommended IT strategy for institutions; but still, I can at least assure you that the world definitely doesn't end just because Microsoft discontinues support. So don't panic.
I had to rid a friend's Windows 7 machine of a staggering amount of malware for him the other day, including Chrome browser hijacks, so even with a supported and fully patched OS and a modern browser, user behaviour is a far more important factor in vulnerability to baddie attack.
Of course, I will have to put Linux on my old stalwart eventually because more and more bits of the web just don't work in FF3, but the hardware should have life in it yet with the upcoming LTS release of Lubuntu...
No sense in adding techno-waste to the world's mountain at Microsoft's behest.
Plusnet shunts blame for dodgy DNS traffic onto customers' routers
Wednesday 12th March 2014 12:37 GMT
Re: And they just changed their security - mail received
I think this is simply a change to the ports blocked by the network level software firewall implemented on the Juniper E-Series access routers when a customer chooses to activate it for their broadband PPP connections and selects the "Low" setting in the "Member Centre" control panel. There's no change if you elect not to use that firewall, or use one of the other settings.
We certainly haven't had any problems with blocked ports running our own recursive resolvers locally.
But we have had problems with randomly sluggish performance despite running our own DNS.
There is more to this story. A relatively small number of compromised 3rd party routers does not explain the recent halting network performance.
PlusNet's own PowerDNS platform frequently performs very badly for a number of reasons, at least partly to do with the load balancing scheme. However, I suspect that something is going on with UDP traffic, or port 53 UDP traffic, more generally within PN's network or peering arrangements at the moment. UDP traffic to Level3 DNS servers has been slow and unreliable, for example.
T-Mobile UK punters break for freedom in inflation-busting bill row
Tuesday 30th April 2013 13:05 GMT 
Looks like they got away with it - just.
Since the letters went out in early April and, when it was published by the ONS a week or two later, the RPI for March turned out to have gone back up to 3.3% after a slight dip to 3.2% in February, it rather looks as if the whole issue is dead in the water, unfortunately.
T-Mobile seem to have escaped a major cock-up by the skin of their teeth. Who takes pointless risks like that, though? Could they have known what the figure was going to be before it was published, or are they just desperate and not very careful?...
Pity, because it would have been very satisfying for the small print to bite back like that. But maybe it's a positive story after all: perhaps someone at EE got to keep their job.
Biting the hand that feeds IT
