Posts by The Other Steve1181 posts • joined Sunday 7th October 2007 12:51 GMT
http://www.comtrend.com/cgi-bin/db-search.cgi?template=News&dbname=product&key2=17&action=searchdbdisplay
"A soon to be released version of the PowerGrid DH-10PF Ethernet Adapter will also enable one of the main requirements of IPTV operators: a TR-069-compliant powerline adapter. These devices will allow operators to remotely manage every node installed in the network, perform firmware upgrades and access logged data among many other features. "Our service provider customers want to manage every node in the home network without modifying the home gateway or broadband router in any way. Every change made to a gateway or router could delay a deployment by several months, especially if the equipment has to be re-certified.", Harold Fitch stated. "
(That's from 2008)
And it was the DH-10P and DH-10PF models that were recalled. So at some point, these units have phoned into a Comtrend auto config server on BT's network, as described here :
http://www.slideshare.net/mickaelboubala/comtrendacsdspdf
So it isn't necesarily the hub that's peeking into your LAN, but the comtrend PLT's that are phoning out.
Then again, as the above poster says, most likely the hub is also TR069 compliant.
Something that isn't mentioned in the wikipedia article on TR069 ( http://en.wikipedia.org/wiki/TR-069 ), but is mentioned in the linked Comtrend document is the following :
"At any time, CT-ACS can request that a CPE initiate a connection to the CT-ACS using the Connection Request notification mechanism. By using the Connection Request, Comtrend ACS can ask the CPE to reboot or restore CPE settings to the factory defaults. Comtrend ACS can also send Grouping Connection Requests to all of the CPEs that belong to a certain CPE Group."
This is how BT update your HH firmware for example.
Can it do other stuff ? Oh hell yeah.
" For example, it can ask the CPE to ping an IP address or hostname and report the result of the ping test."
And so on.
So fuck yes, it's an issue, fuck yes, BT could be doing anything in your network that the the TR-069/CWMP setup allows them to do, and fuck yeah, we should be concerned.
However, this is a general issue regarding TR-069 management, not just specifically BT. Although they are asshats.
Any device that uses TR-069/CWMP does not belong to you unless you can switch it off. Any network you install such a device on, well, join the dots.
HTH
PS. Note particularly in the above quote "Our service provider customers want to manage every node in the home network without modifying the home gateway or broadband router in any way"
So just swapping out the hub is not going to solve the problem that your PLTs are ratting on you. I have never yet plugged my PLTs in. But I most certainly will be doing so now, into a machine with a network analyser running on it.
Oh, and this could all be wrong, could be some other mechanism. Glad to hear from anyone who knows better.
"Many of us welcome a world where interoperability is not really an issue if everyone can cheaply use much higher level software than Sun/Oracle want to sell. "
And what, pray tell, is the name of this utopia ?
Stallman and his army of bearded virgins would be laying siege to Redmond right now.
No, wait 0800
No, 1000,
And in the end, it didn't go off at all.
"What is really needed is to layout a 10 year ,20 year or even longer term plan"
It is quite literally impossible to make a realistic economic plan of that range, simply because things change. Take for instance growth forecasts which are now different than they were six months ago.
Had we made a 20 year plan based on the information we had just six months ago, it would now be broken.
"but I may require usage agreements and define permissions to access it"
I avoided the [D]RM issue as I didn't have my asbestos pants handy, but yes, absolutely.
Let's explore that a bit. Say I sell someone some rows from my dataset. Do they now own them ? Can they show them to others ? Use them in a profit generating capacity ? If they profit from it, do I want some of it ? I can hear the freetards cracking their knuckles ready to type flamage, but these are important questions.
How do I price access, essentially. For many large datasets the value is not in the individual data but in the aggregation, which allows you to perform ad-hoc queries and derive some result. Arguably if I have a gert big dataset and you want to run queries over it, you should be paying for the whole set, or at least each row you touch, rather than for the four rows of results you get at the end.
And what have you just paid for ? To own the results ? To have a licence to them under certain terms ?
One of the reasons that "information wants to be free" is so wrong headed is that while it is exceptionally easy to put a lower bound (0) on some piece of information, it is very hard to find an upper bound. The number of people who drive VW beetles, wear wellies and like orange juice may look like a piece of trivia to most people, but to someone it could be the key piece of information for a multi million pound business venture.
Hence much information actually tends towards expensive - at least in volumes large enough to be useful - rather than free.
So while "we demand free access to data" is a nice rallying call - and there are many, many datasets that we ought to be able to get at, especially ones we already paid for, and ones that benefit the data providers by their existence (bus timetables, transport geo info, etc) - it will take a bit more than just having a suitable technical framework in place to get the data out of Berners Lee's "silos".
They aren't inaccessible by accident, but by design.
No one has seen the chat logs that I'm keeping for later.
xxxx
MILFChix0r69
Information, lacking agency - and contrary to the popular (and annoyingly resistant to logic) meme - doesn't want to be free.
Some of the data in those silos is in silos because it has value to the people who collected it, and they certainly don't want it to be free.
So I would hope that there is some parallel group working on implementing a complementary micro-transaction framework so that on the day when the big switch is thrown on the brave new semantic web those of us who believe in swapping money for things of value are able to play.
Otherwise simply wishing for all the information to be free is like asking santa for a magic kitten that shits fairy dust.
Still, good luck to them. I can't wait to have another standard to choose from.
BTW, if anyone is actually in possession of a magic kitten that shits fairy dust and is willing to swap it for one that vomits what appear to be the remains of dead snails, do get in touch.
" For that I can almost forgive him for say "less than 1000" instead of "fewer". "
There is almost certainly some kind of fundamental law governing the increased possibility of buggering up one's grammar while bashing someone else with it.
Then they aren't ONE TIME pads anymore
They are unabashed thieves.
So by the sound of it, he used a "Caeser Box" (columnar transposition) cipher*, thought to have been first described by that well known muslim brother and jihadi Julius Caeser, using instructions he certainly got off the internet - which as we all know was invented by a cabal of radical islamists - and implemented it using software developed by well known fighters for the caliphate, Microsoft.
Shame he didn't bother his sorry arse to check the kaffir's literature - there's a whole chapter on this in Fouche Gaines, for instance - or the kaffir's Google search which yields the exact method by which to crack such as it's first result.
Upgrade the terror alert status to "Mong" and spin up the ROFLCOPTER
As for using more sophisticated ciphers, well.
Cops : "Give us the key"
jitardi: "No"
Judge: "Five years in solitary chokey for you"
... five years later ...
Cops: "Give us the key"
jitardi: "No"
... etc ad infinitum ...
(Note : there is simply no way that GCHQ et al are going to use decrypts from any modern crypto system in open, or even closed court even if they can break them.)
Either way you're fucked once the rozzers have put your front door through, it's just funnier the way he did it. Possibly worth noting that shit crypto was the least of his opsec problems. Hats off to the security services for the catch, because in all seriousness this dickhead could have done real damage.
*@TeamReg, you mention transposition tables, so I'm going with that. ICBW. Substitution ciphers are a different beast. I shall look forward to the forthcoming articles on jihadtard crypto.
"I understand that Mr. Jobs et al are withholding the WiFi Hotspot feature from pre-4 iPhones."
4.3 is no longer under NDA since build 4A304a was officially released, so I can rather grumpily inform you that the hotspot feature will work just peachy on your 3GS, but your carrier will almost certainly require you to pay them for a tethering plan just the same as before, so don't get your hopes up.
I've no idea about the other carriers, but O2 in particular will take you to a 'pay up or fuck off' website as soon as you try to activate the feature, offering to sell you a bolt on of 500MB for GBP 7.50 a month (IIRC), which is frankly laughable unless you absolutely must have the convenience of tethering. But then again, what are you going to tether to it ? Netbook ? Get a PAYG dongle. iPad ? Get a 3 PAYG iPad SIM.
I can't advise you to jailbreak your phone or Steve Jobs will send flying monkeys to bukakke me, but that's the only way you're going to get that functionality without a carrier signed provisioning profile.
*Applause* Look, other commentards, see how much smarter people seem when they actually have a fucking clue what they're talking about because they took time to click the links or read something of the story before spewing their brain farts into the interwebs ?
Look upon the above comment and aspire to it.
Oh look, someone has a different opinion than me and it is based on facts, therefore rather than enter into an argument based on facts - of which I have none - I will simply take the most intellectually lazy and dishonest route of deciding that they are therefore in the pay of/conspiring with some massive global cartel which is massively inimical to the interests of humanity in general, and to me personally in particular since I'm so damn important.
This will save me the bother of having to listen to them or modify my opinion in the face of any facts that don't fit the coherent but utterly uninformed view of the world I have manufactured from whole cloth.
In the mean time, people are dying in their thousands as a result of all the other fucktards like me doing the same thing, but that's nowhere as near as important as the fact that my ideology is intact.
Yay me!
Weapons Grade Fail.
You are wrong in all your assertions, until you understand construction of contract you need to stop making assertions predicated upon your ignorance.
Alternatively, find some way of switching the browser User Agent, which off the top of my head is about the only way I can think of that they would be able to tell ? If only there were some kind of firefox extension for that.
I think the carrier tethering policies are dumb to the point of self harm, O2 want GBP 7.50/month (down from 15, ISTR) for 500GB, I can buy twice that much PAYG for a tenner, so no sale, but still, see title.
less open, but more free.
Simply replace the whole IP infrastructure with a load of dolly birds managed by Sid James-esque foremen doing typewriter samizdat of knob gags and posting them on to everyone. It will be practically indistinguishable from the real thing.
On a more serious note, all censorship is oppression and not to be tolerated. anyone who believes otherwise, who believes that can be "good" censorship for "good" reasons is lucky enough never to have had the immense misfortune of spending quality time with any of it's more vociferous proponents such as the late and very much unlamented cakky fingered old witch Whitehouse or any of her contemporaries, or any of their modern reincarnations.
There is, quite simply, nothing - and I mean nothing - that more inimical to mankind than allowing these motherfuckers even the merest illusion that they are in control. The day I met Whitehousse, as a small child, the very category of being she was supposedly sworn to protect, was the day
I knew for certain that evil exists in the world.
No doubt someone will be along in a minute to tell me that kidpron is worse. It isn't. It is horrendously bad, but in the hierarchy of things which are evil to humanity, not just humans,there are things which trump it.
Flame on, bitches.
So that's the first plan out. The second one would require them to lock out all third party clients - which we've established would cause the whole Internet to burst into tears and never use twitter again.
As for the third, well, promoted tweets are a cak handed and similarly unpopular attempt at doing just that, but twitter seem to think - and I have no idea if they're correct - that revenue streams from businesses are best derived by selling access to the full twitter stream for analytics, having signed up Gnip as their preferred (and currently only) reseller.
Time will tell whether businesses see value in this.
Yeah, because it would never occur to them to download a third party client and have a look at it. They'll never think of that.
""The company announced last week that due to "user confusion", the company was effectively going to kill (or maim) rival Twitter clients."
That post appears to have been deleted."
@anarchic-teapot
There was never a post that said that, but for reference, this was posted to the dev list yesterday, author may like to update :
From : @rsarver :
"The original posting has seemed to disappear. So for the sake of posterity, here is a link to the same thread on the discussion group: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/c82cd59c7a87216a"
@AC:
"The moment Tweetdeck stops working is the moment it's deleted from my iPhone and Twitter with it."
That won't happen unless Tweetdeck is somehow breaching the ToS, @rsarver's clarification, apparently much needed by people with poor comprehension skills - and arguably late because of there being so many - posted to the dev mailing list at 00:24 UTC today :
" ...I don't know how else to make this any more clear. As long as you stay within the rules, your app will not get shut off. We would like to see, and recommend that, developers focus on bigger opportunities with more potential than writing another consumer client app."
"As for desktop??? Twitter don't make a desktop app"
Yes they do. The 'official' twitter app was one of the first items available from the Mac app store. It's sufficiently awful that I can see how people would wish that it didn't exist, but it does.
"so they cannot have a say there?"
Yes they can, because a desktop client app still has to comply with API ToS.
"For years people have talked up Twitter as the future of journalism, described it as a freedom-fighting platform"
People who spurt that kind of gushing hyperbole tend to be full of shit, you should probably ignore them.
"The company announced last week that due to "user confusion", the company was effectively going to kill (or maim) rival Twitter clients."
No, no they didn't. Admittedly it turns out that they could have communicated better, otherwise I wouldn't be reading yet another "ZOMG! WTF! Twitter is DEAD TO ME NOW!" story. But that's not what was said, nor was it really implied except in the minds of a few of the more febrile denizens of the dev mailing list and the usual supporting cast of hysterical new media douchebags and assorted tin foil ass-hatters. Even the BBC jumped in - 72 hours late and wrong - with a story about the death of third party twitter apps. Didn't happen.
Here is a very short list of the actual facts : Twitter tweaked their ToS. Twitter intends to enforce their ToS. BFD. The guys at Twitter don't think your clients are very good. They are largely correct.
"Canonical chief technology officer Matt Zimmerman writes, smart companies are those that listen to users, not just customers."
And on the day Canonical announces a profit, I might even care.
"Oh, I expect there are girl geeks like this, but I never met one. I don't say 'he' because I'm a misogynist."
No, you say that because you haven't met enough girls.
"And they seem to be crawling out of the woodwork this week!"
You have to be shitting me, you've literally only just noticed that everyone in the internets is indistinguishable from from a semi-retarded sociopath with all the happy social skills of Jack the Ripper ?
Where the fuck have you been ?
"That can only be true if an unbelievable level of public ignorance of the real facts, born of truly dreadful news reporting over the weekend, is allowed to persist."
Since all previous attempts at eradicating hysterical ineducability about things nuclear have utterly failed, we can consider the truth to be pretty much fucked, can't we ?
As usual the Internet echotard chamber takes a perfectly reasonable ToS change and one guy's opinion and blows it out of all proportion. About six actual devs, all of whom have wildly misinterpreted Ryan's initial posting and none of whom appear to have bothered their sorry asses to actually read the new ToS have lost their shit. That is all.
And yet all weekend, the shrilling of the ignorant has been making it's whiny way across the wires.
Man up twitter devs, twitter gives you their shit for free, and they can take their ball home any time they like. If you've been dumb enough to build a business around this model without anticipating the risk, you pretty much deserve to fail.
What's more, given that all that has actually happened is some not particularly onerous changes to the ToS, if this genuinely effects your app, you are almost certainly doing something dickish in any case.
All will now STFU and go and read the mailing list announcement and the ToS before continuing to whine in ignorance. Chance would be a fine thing.
Agreed, how the fuck hard CAN it be ? Actually, that's an entirely rhetorical question, I've been writing software for more than 20 years now, so I know the answer, which is "slightly harder than you initially imagine it to be, but not by very much"
Besides which, this is a solved problem, not only in general but very specifically in the very OS from which iOS is derived, FFS.
At the point at which it was first discovered that there were stupid enough bugs in the timekeeping code that it looked like some dimwitted google SoC intern had been allowed to write it, it should have been ripped out and debugged or rewritten until it passed an incredibly strict QA procedure, and whoever had written the initial version should have been out of a job.
And yet apparently the SoC intern, rather than being driven out of town with a pointy stick has been hired and is now cak handedly chucking shitty work arounds into that code one trouble ticket at a time rather than understanding that it is fundamentally borken.
Unlike some of the vi loving Luddites in the above comments, I personally do happen to believe that the least thing my smartphone should be able to do is to tell me what bastard time it is, the fact that I am still unable to trust it to do so, several major versions after the first time this happened says some very, very, bad things about the iOS development process.
Then again, this will come as no surprise to anyone with exposure to radar (Apple's bug reporting system, not the radio kind)
... "Secure backups that automatically store data in encrypted form would be performed on the Freedom Boxes of our friends"
Only without the SLA. So basically, like the cloud, but even worse.
I think I'll continue to store my securely encrypted data in my fire safe then, ta very much.
So I will merely refer you to the following article, the title of which is "SHA 1 Broken"
http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
Keep on failtruckin.
This is awful, I had previously assumed that CLOUD could only be used for good. Cloud is good! Cloud can not be evil! Cloud will solve all problem of humanity ! BAD CLOUD!
"You could do that with any hashing algorithm so it doesn't demonstrate a weakness of SHA-1."
Er, it does, it demonstrates that an exhaustive attack on SHA-1 is easily achievable with commodity computational power (49 minutes, $2, FFS).
That's a pretty large weakness.
Any sufficiently sophisticated economic statement is indistinguishable from utter cockwaffle, unless you have a thorough grounding in the relevant economic theory, at which point it becomes obvious.
Probably sent round a couple of hookers to sweeten up the deal. You know he's the type. Jobs to, you know what they say about men in black turtle neck sweaters.
"Suffice it to say that your trick of repeatedly casting the enemy as stupid and evil has historical precedent."
Yes, it does, I've seen Monbiot's columns. Oh, and LOVING the irony - not to say hypocrisy and circular logic - of you using up all that text to call someone ignorant because they don't agree with you and then ending it all by suggesting they're a nazi, as though that were some kind of crushing QED.
Priceless. This issue really does bring out the worst in all of us.
"There is less humidity, less rainfall and less water available to the fauna."
And yet, that is not at all what yet another bit of research being widely screamed about by the chicken-littlers shows, suggesting that in fact the concomitant rise in humidity (hint: water evaporates more in the hot) will surely be what kills us all as parts of the planet become uninhabitable - because humans don't shift heat efficiently in high humidity* and eventually they die from heat stress.
And yet people keep talking about this shit as though all the data, models, theories and predictions broadly agree.
Funny that.
*Personally, most places south of Rome already fall into this category for me, so this scenario is unlikely to affect my habits, YMMV.
"You can make a case for everything being fine and dandy 60 million years ago, but you seem to ignore the fact that sea levels were hundreds of meters higher during that period."
Boats. That is all.
I know you're only doing this to stop us from migrating in droves the minute we get a sniff of a more liberal regime in a warmer climate, but really, sometimes you go to far.
Would it really be so bad to have 30 Million Brits wash up on your welcoming shore seeking political asylum ? Oh hang on, I just read that back, yes, yes it would, carry on.
It will also be warmer! Really, it's just the gift that keeps on giving!
Dammit, boffins, if the plebs get wind that the sky might not falling they'll never let us opress them and we'll have to go back to being a bunch of bolshie nobodys !
"And that code Oracle doctored? There's a strong indication they removed the copyright attribution on *their* version - because leaving the GPL copyright notice on it completely invalidates their case. Yes, Sun released that version under GPL"
Were that to turn out to be the case then Google would still be fucked, because they released their version under a different licence and under the GPL that is strictly verboten, IIRC.
Really ? That's the evidence for it making you sad ? Seriously ?
Some really excellent arguments from Google there, I particularly like the one where they state that the code doesn't look quite as similar if you leave the copyright headers on.
But remember kids, it's OK to be an IP thief if you open source.
That would presumably be a UX that doesn't suck and that adheres to the principal of least astonishment ?
"Android folk ... more technical ... used to making decisions"
Is it possible that next time you post you could include a little more blind prejudice, just so that when you claim to be all rational and technical there's something for us to point at while we're laughing.
I'd have thought the fact that safari disappears and skype appears in its place telling you it's currently dialling a number would probably be a pretty big clue.
Plus, hey ho boys and girls, that's not a bug, it's a feature. URL handling is working as designed, and much as you little bitches love to bash Apple, it IS the responsibility of the application to sanitise input and decide what to do with it. Always.
Another day, another example of a self aggrandising 'security researcher' misunderstanding practically everything except how to get his name in the news, and the same tired, ignorant reaction from the commentards.
Same old, same old.
According to people who lie to us. The IPCC simply has zero credibility, and this is entirely it's own doing. You can wibble on about the science all you like, it changes nothing. The IPCC is incompent, dishonest and unapologetic about either. Since 99% of the population of Earth can't interpret the thousands of pages of bum wad that the IPCC is trying to pass off as science, some of which we really do know is bullshit - like the CRU climate model in its entirety, for instance - we have a trust issue. The solution to this problem is not to run around defending the IPCC, but simply to accept that it's a bust.
It only hangs on by a slim thread because it's the darling of the green movement, to whom suppressing contradictory data in favour of propaganda and pronouncing the result to be science in order to further their agenda is in fact widely admired, rather than shunned as it rightly ought to be by people claiming to have such respect for science.
