Nix | 2 Aug 00:36 2010
Picon

Re: (OT) Demonic dropping out

On 26 Jul 2010, Bernard Peek outgrape:

> On 26/07/10 20:11, Nix wrote:
>>> Pretty much the only chance for Demon now would be a management buy-out
>>> and an attempt to build the good name it once had.
>>>      
>> They'd have to rehire most of their good staff, too.
>
> True. The developers that did a stunningly good job on their Turnpike 
> mail/news client have all left now.

I think they've de-facto retired it, with no new development at all.
And they're recommending users use Outlook instead (ew!)
--

-- 
Gllug mailing list  -  Gllug <at> gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

Nix | 2 Aug 01:23 2010
Picon

entropykey: why did nobody ever mention this thing before?

[not quite OT: the makers of this thing are very Linux-friendly,
 more specifically Debian-friendly ;) and it seems like the sort
 of thing Linux people might well need; also it's so nifty I have
 to rave about it]

I just bought an Entropy Key (from <http://www.entropykey.co.uk/>. Why
did nobody mention the existence of this thing before? Why is nobody
shouting about it from the rooftops? It's very rare I find a device that
plainly does everything *right*, with interface software I can't
complain about at all (free software, nice coding style, very good
documentation for both the hardware and software, easy network
export/import of entropy, flexible enough to do everything I can imagine
and easy to extend thanks to using a Lua-based inner loop, you name it).
The hardware design appears to be pleasantly paranoid, and the device
itself is plainly not made out of thin tinfoil as some of these things
are (dropping it on the floor isn't going to smash it).

And it fixes a real problem: headless boxes and VMs ending up with
sod-all entropy because pretty much nothing other than keyboard and
mouse input is considered an acceptable entropy source these days:
notably network cards aren't. Disk I/O patterns and interrupt patterns
are, but these do not provide much entropy at *all*, particularly not if
you've got a lot of memory so you hardly need to touch the disk in
normal operation, or if you're using a solid-state disk so have had to
stop the system collecting randomness from the disk timings entirely.
This tends to mean that all your headless servers end up almost devoid
of entropy, which is not good. Your VMs have even less chance of getting
meaningful entropy.

For comparison, I got a hardware random number source for a system at
(Continue reading)

Nix | 2 Aug 01:25 2010
Picon

Re: (OT) Demonic dropping out

On 26 Jul 2010, Gordon Joly verbalised:

> On 24/07/2010 17:28, Don Williams wrote:
>> Does anyone have any relevant advice or helpful comment for this old
>> fart?
>>    
> Bail out. I did about six months ago.
>
> DNS failure, connection failure, POP failure... the list was endless.

They've been like this since, well, since at least 1996. They had an
excuse in the early days, when ISPing was new, but it started getting
really bad around 2001 and, as far as I can tell, never improved (but
I left in '03 so maybe it got better after that, ha ha fat chance).

Routing failures, authentication failures, billing failures, packet loss
like confetti, a day didn't pass without some part of their
infrastructure that you relied upon falling over.
--

-- 
Gllug mailing list  -  Gllug <at> gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

Nix | 2 Aug 01:26 2010
Picon

Re: (OT) Demonic dropping out

On 27 Jul 2010, Gordon Joly told this:

>
> Last week, I noticed that I had a direct debit Thus (Demon). Since I do 
> not have a service from them, and have not had for a while, I decided to 
> cancel the direct debit. Today I got a letter saying my service would be 
> suspended unless I made the necessary payments.

Crack billing system still on the job I see.
--

-- 
Gllug mailing list  -  Gllug <at> gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

Nix | 2 Aug 01:52 2010
Picon

Re: (OT) Demonic dropping out

On 27 Jul 2010, Jason Clifford told this:

> On Sat, 2010-07-24 at 17:28 +0100, Don Williams wrote:
>> She warned that I might have a £200-plus charge to pay to have the line 
>> checked if problems recurred. By BT, the people who
>> were responsible for the failure in the first place, according to Demon!
>
> Alas this is true with all xDSL services. The charge (usually about £144
> +VAT) is what ISPs are charged by BT Wholesale for an engineer call out
> where it is determined that there was no fault at the BT end. It is

The charge is what ISPs are charged because BT insist on trying to force
their SFI 'service' down ISPs throats, often without bothering to
actually ask them first. If you point out that the line doesn't work
properly loudly enough (and have proof of e.g. a line not syncing or
dropping all the time to wave at them), they eventually tend to give up,
stop rejecting your faults and send an engineer anyway, as they are in
fact contractually obliged to do (they're selling a service and if the
service doesn't work it's their responsibility to fix it, they can't
take your money and give you nothing in return: but my god do they
ever try).

Last time I had a line fault BT cleared the fault nine times in a two
day period before giving up and fixing it. *sigh*

> something all ISPs will try to avoid as nobody wants to try explaining
> why it is acceptable to a consumer.

Because, well, it isn't acceptable. BT know this if you hit them with it
hard enough.
(Continue reading)

Nix | 2 Aug 01:53 2010
Picon

Re: (OT) Demonic dropping out

On 29 Jul 2010, Christopher Hunter verbalised:
> ALL of Virgin's advertising is at variance with the reality of their
> "service" - they can't deliver all the TV channels they advertise in
> most areas, their phone service is ~2X as expensive as BT, and their
> internet "service" is a poor joke.

But their balloon flights are quite good.
--

-- 
Gllug mailing list  -  Gllug <at> gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

Gordon Joly | 2 Aug 10:24 2010
Picon

Re: (OT) Demonic dropping out

On 01/08/2010 23:36, Nix wrote:
> I think they've de-facto retired it, with no new development at all.
> And they're recommending users use Outlook instead (ew!)
>    
Not Thunderbird?

Gordo

-- 

Gordon Joly
gordon.joly <at> pobox.com
http://www.joly.org.uk/
Don't Leave Space To The Professionals!

--

-- 
Gllug mailing list  -  Gllug <at> gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

Richard Jones | 2 Aug 11:32 2010

Re: entropykey: why did nobody ever mention this thing before?

On Mon, Aug 02, 2010 at 12:23:11AM +0100, Nix wrote:
> I just bought an Entropy Key (from <http://www.entropykey.co.uk/>. Why
> did nobody mention the existence of this thing before? Why is nobody
> shouting about it from the rooftops? It's very rare I find a device that
> plainly does everything *right*, with interface software I can't
> complain about at all (free software, nice coding style, very good
> documentation for both the hardware and software, easy network
> export/import of entropy, flexible enough to do everything I can imagine
> and easy to extend thanks to using a Lua-based inner loop, you name it).
> The hardware design appears to be pleasantly paranoid, and the device
> itself is plainly not made out of thin tinfoil as some of these things
> are (dropping it on the floor isn't going to smash it).

Fantastically overengineered (a reverse-biased junction with an ARM
processor?) yet very cheap.

However I'm suspicious that the numbers are really going to be random.

Back when I was a hardware engineer we actually tried to build a
theoretically perfect random number generator using a reverse-biased
zener diode sampled at a fixed rate by an ADC (similar in design to
how they describe the entropykey).  The diode bounces off and on "at
random", but at quite a low average frequency.  The clock rate that
you have to sample at must be some large multiple of this frequency in
order to reduce correlation with the frequency of the diode (IIRC the
clock rate finally chosen wasn't very much, 2 Hz or something, so you
end up with 2 random bits per second).  Then there's the question of
whether the diode is bouncing up and down with some external factor:
power supply?  environmental radio sources?

(Continue reading)

Richard Jones | 2 Aug 11:41 2010

Re: entropykey: why did nobody ever mention this thing before?

On Mon, Aug 02, 2010 at 10:32:19AM +0100, Richard Jones wrote:
> The clock rate that you have to sample at must be some large
> multiple of this frequency in order to reduce correlation with the
> frequency of the diode

I didn't explain that very well.

If you have a source which switches on and off at random, you can
measure the average frequency - say 100 Hz.  If you sample this at
some rate, then there is a probability that adjacent bits are
correlated.  eg. If you sampled this source at 10,000Hz then often
adjacent samples would be the same.  You have to sample at a much
lower frequency (eg. 1 Hz) to reduce the probability that bits are
correlated.

You can work out mathematically the exact probability.  And no matter
how slow you sample, the probability is always > 0.  You can reduce it
to below any acceptable probability, but your sample rate, hence the
number of random bits you get out, hence the usefulness of your
device, becomes very low.

Rich.

-- 
Richard Jones
Red Hat
--

-- 
Gllug mailing list  -  Gllug <at> gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

(Continue reading)

Richard Jones | 2 Aug 11:55 2010

Re: entropykey: why did nobody ever mention this thing before?

On Mon, Aug 02, 2010 at 10:32:19AM +0100, Richard Jones wrote:
> However I'm suspicious that the numbers are really going to be random.

By "really", I mean "in a way that would convince physicists and
philosophers", not would pass a chi-square test.

Rich.

-- 
Richard Jones
Red Hat
--

-- 
Gllug mailing list  -  Gllug <at> gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug


Gmane