* Posts by Mage

5301 posts • joined 23 Nov 2007

Hackers pop top 'secure' wireless keyboard and mouse kits, gain RCE

Mage
Silver badge
Devil

Even after it's fixed...

You buy some, do them up nice, add some software or a chip and ship it to your targets as free samples/presents/beta test etc. (It's been done and works better than "losing" USB sticks in the target's car park, though that works too)

Beware Geeks carrying Gifts this Christmas.

6
0

Every LTE call, text, can be intercepted, blacked out, hacker finds

Mage
Silver badge
Windows

Re: I'm near retirement age and what is this

More like 30 years... of Mobile.

The entire history of Internet.

It seems designed in security is rare and working is rarer.

2
0

AT&T wants Time Warner

Mage
Silver badge
Devil

Delivery and Content

Combining content creation and owning channels is good. The UK idea of BBC divesting content creation is nuts.

Combining Content/Channels and a delivery platform is evil. We've seen that in Ireland and UK with Sky.

0
0

Today the web was broken by countless hacked devices – your 60-second summary

Mage
Silver badge

Re: Maybe..

" it uses uPNP to punch a hole in the router for itself. It announces its presence to several foreign servers, and it has a default telnet login of root/123456.

I've hacked the startup script (luckily writeable) to replace the hosts file "

Disable uPNP on your firewall / router.

Setup a VPN (properly) to your home network if you want to remotely access stuff on it.

3
5
Mage
Silver badge

Re: Maybe..

Problem is proving that the USERS/Owners suffered at all.

0
0
Mage
Silver badge
Coat

Re: "....big names including GitHub, Twitter, Reddit, Netflix, AirBnb ...."

No, but could be next time. They might come for El Reg.

"First they came for ..."

4
0
Mage
Silver badge

Re: Home Router Traffic

The most evil feature added after Autorun (Win95a and earlier Amiga) was uPNP, especially on routers!

It should be illegal to have uPNP on a router/firewall and have internet without a firewall. It's only a partial mitigation, but would stop most of current IoT compromise.

There is no complete solution.

4
0
Mage
Silver badge

Re: Maybe..

There is actually no solution to this.

2
0

Como–D'oh! Infosec duo exploits OCR flaw to nab a website's HTTPS cert

Mage
Silver badge

Il

Capital i and small L

Never mind 1 I and l

4
0

Hewlett Packard Enterprise gives UK boss control of Ireland

Mage
Silver badge

Ireland as a UK region

I'm a bit fed up.

Try using Amazon in Ireland.

Or buy stuff sold in Euros or Dollars made outside UK without it having a UK middle man profit margin and UK sterling <-> Euro hedge, maybe on UK import and export to Ireland.

However HP became irrelevant to me when they took over Compaq and rationalised on the wrong products and bloated their printers.

0
0

Sky’s CEO drops MVNO bombshell at results conference

Mage
Silver badge

TWAIN scanner API/Drivers

Allegedly doesn't mean anything!

Why do people spell Laser with a "z" :)

1
0
Mage
Silver badge
Headmaster

MVNO

Actually over 1200 hits searching MVNO on forums here.

It does seem to occasionally cause confusion.

I remember in early 21st C reading a trade/professional Telecomms journal after a few years break and finding every article had myriads of undefined acronyms and abbreviations.

Given that this is a Tech site, I'm only partly sympathetic, which is why I bothered to explain.

Then there are acronyms like CAPI and SMB that change with time or context to mean something entirely different. Or BEREC, which in 1906 was British Ever Ready Electrical Company and in 1950s was British Ever Ready Export Company (a UK Ever Ready Division) and in 1980s briefly BEREC was the holding company for Ever Ready and BEREC.

BEREC is now:

Body of European Regulators for Electronic Communications (BEREC) was established by Regulation (EC) No 1211/2009.

Very annoying when searching for 1950s BEREC as there is really no sensible way to to date related searches, either on content or site creation.

It's nearly impossible to keep up to date. Maybe articles should mention once, what the abbreviation is for?

6
0
Mage
Silver badge

MVNO

Mobile Virtual Network Operator.

You'd easily guess as Sky has no mobile network and it's how Tesco and others work.

Some like Tesco have their own backend using only masts and backhaul and others are really just resellers with only a billing system (probably outsourced).

Technically, it would be best if there was ONE infrastructure per major geographic region and everyone was a kind MVNO. See also RAN, the idea that you'd roam to other operators even where you own operator has coverage, so as the load per channel / mast / sector is balanced. Can give x2 or more improvement in speed or capacity.

Dividing a scarce thing like spectrum between operators is totally daft and inefficient. It's not like Service Stations or baked beans factories in terms of competition.

4
0

Sysadmin flees asbestos scare with disk drive, blank pay cheques, angry builders in pursuit

Mage
Silver badge

Bursar

How you must hate that bursar. ^_^

I think I'd leave before the second annual sports day :(

2
0
Mage
Silver badge

Die Hard VII: Sysadmin

Excellent.

48
1

What will happen when I'm too old to push? (buttons, that is)

Mage
Silver badge
Pint

Not being old

Just realising there are better uses of time than watching blinking Blue LEDs (Red and Green was so 15 years ago).

You've realised the Emperor has no clothes.

7
0

AMD is a rounding error on Intel's spreadsheet and that sucks for us all

Mage
Silver badge
Unhappy

Sigh

How did we get here with Intel CPUs being so expensive? It can't be a properly operating market. There has to be a nasty explanation, underhand dealing, to explain such market dominance on overpriced parts.

10
5

Dirty COW explained: Get a moooo-ve on and patch Linux root hole

Mage
Silver badge

Re: Whinging

And at the end of the day it wasn't exploitable unless you had rubbish security anyway, or physical access, as the computer has to be running suitable malware.

It was NOT an access hole or back door, but privilege escalation.

13
1
Mage
Silver badge

Mitigation

There has to be a malicious program running on your computer designed to exploit this. It's a privilege escalation.

It's somewhat less likely there is a malicious program already, on a workstation etc behind a firewall with no outward facing services and "Noscript" or similar on the Browser.

12
3

Third of Donald Trump's debate deplorables are mindless automatons

Mage
Silver badge

Twitter, Facebook: Freedom of speech?

I thought Adam's blog was daft. Everyone knows that Facebook & Twitter have to be PAID to deliver all your posts to all your followers.

Neither are public service broadcasters but advert funded exploitive parasites, except twitter isn't so good at it so is losing money.

0
0

Britain's fight to get its F-35 aircraft carriers operational turns legal

Mage
Silver badge

Re: It's like the blind leading the blind.

The USA approach (not dissimilar to Russian, Chinese and French) is to claim only their own laws apply, and not only to their own troops, but indeed to anyone else. Also they will define who is a combatant or civilian, not the Red Cross/Red Crescent etc.

I'm puzzled why if "Brexit" is about being in control of British sovereignty that they would ask anyone, or indeed why there are not plans to leave NATO and UN as well as EU (Swiss only recently joined*)

[*3 Mar 2002 ... Switzerland abandoned centuries of political isolationism yesterday by voting to join the United Nations in a cliffhanger referendum which had ... The Guardian. See also Wikipedia]

8
2

BYE, EVERYBODY! Virtual personal health assistants are coming, says Gartner

Mage
Silver badge

Gartner

Now I know Gartner are smoking something bad for health.

5
0

Is this the worst Blockchain idea you've ever heard?

Mage
Silver badge

Re: Blockchain and HMRC

The problem is that all services the public needs would collapse. Due to the fact it would take years to process each months taxation.

The tax revenue pays for lots of stuff people need. The MPs and Civil servants only actually spend a small percentage of what is raised on themselves.

Similarly if it was used for DRM, no-one would buy streaming services, downloads, subscriptions or physical media after a few days as it would seize up.

2
1
Mage
Silver badge

micropayment system

However Blockchain is the opposite to a micropayment system in almost every aspect of how it works.

9
0

IoT botnet swells

Mage
Silver badge

Re: Great. Just great.

It's Western marketing. The Chinese are only fulfilling the orders generated by Western Marketing wholesale and Retail.

Who owns Amazon, Facebook, Google, eBay, Maplin etc?

Where are the regulatory offices?

2
0

Will rush for New Radio compromise 5G quality?

Mage
Silver badge
Flame

Spectrum

The sub 1GHz, especially 800MHz and lower is cells that are too big for high capacity, high speed data. Only a cheap way to extend voice coverage at expense of capacity.

Above 2GHz, toward 3.5GHz radio spectrum becomes progressively more Line Of Sight. So 3.5GHz is only much good for roof top aerials or femto cells.

Above the 4.5GHz / 6GHz you are looking at only open plan offices pico-cells or air-point per room WiFi.

I've used 10GHz band terrestrial Fixed Wireless Broadband and both Ku Band (11GHz to 12GHz approx) and Ka Band (19GHz to 21GHz) gear, not just as a user, but both as RF Equipment design engineer and also evaluation of systems.

28GHz etc is fantasy outside of a room or open plan.

Very much in the media, stuff by Regulators etc is nonsense.

Mobile is viable between 900MHz and 2600MHz bands. The 2300MHz is the only useful new band in Europe.

Most of the existing 900, 1800 and 2100 spectrum is massively underutilised:

1) Cells too big

2) Split between multiple operators. Using one shared Infrastructure, or even "roaming" where an operator actually HAS coverage, would almost double capacity!

Regulators need to be forbidden to auction as this encourages weak licence conditions to make auction price go higher. Auctions are the enemy of efficient spectrum use.

Conventional badly applied theories of Competition benefiting Consumer damage Mobile performance and competition as it's NOT like making baked beans. Spectrum is too finite. They need to be only competing for customers by offering shorter contracts, better deals from the same wholesale properly regulated spectrum.

Subsidy of handsets by subscription is hidden hire purchase.

Also hidden is the overcharging on voice and text, subsidising data.

The regulators have totally messed up.

The FCC is messing it up for the rest of the world too, as does greed of royalty earners like Qualcomm wanting to sell new model chips for new bands. The proposal to have LTE on WiFi bands is driven by chip vendor greed and to an extent Mobile Operators (Femto cells without an expensive licence or bothering to co-ordinate channels).

700MHz and 600MHz are madness as the cell size can't be controlled and even larger than 800MHz which is poor for cell size.

You can't beat the laws of physics.

5
0

Just what Europe needs – another bungled exit: Mars lander goes AWOL

Mage
Silver badge
Unhappy

Re: Shame

It was though an experimental landing mechanism. The main mission is actually the satellite, the lander was only supposed to operate for a short period and establish if the landing tech actually works. Still, I agree it's a shame.

I hope they got some useful telemetry to unravel where it went wrong.

2
0

Microsoft reveals career-enhancing .PNG files

Mage
Silver badge
Headmaster

Re: Revenue generators. Full stop.

"I've said this before I am yet to see an individual with a certification from the likes of Microsoft or Citrix that can demonstrate a superior level of knowledge to an individual that's actually worked with the technology."

Actually sometimes the MCPs, MCSEs are worse, because you have to put MS Marketing Dept answers to pass, which not only conflict with real world common sense, but sometimes with MSDN/TechNet articles.

Very many of the "Official" MS exam ways of doing stuff are nuts.

IMO the MS exams (having passed four with high scores) are only of value to companies selling ONLY MS products picking MS friendly Sales people.

Some of the Cisco ones are a bit more useful.

" Until and unless they can make the exams real world examples where the solutions don't revolved around using only vendor technology and / or the way the vendor want you to do it in a lab environment, they're just noise."

Can't upvote that sentiment enough!

6
0

It's finally happened: Hackers are coming for home routers en masse

Mage
Silver badge

"It's finally happened"

Really?

I moved to my own custom router nearly 10 years ago because of SOHO/Domestic router security issues on routers sold in Tesco, Argos, Maplin and popular on commonly used online stores.

7
2

Who killed Cyanogen?

Mage
Silver badge

Partly Google & Partly Cyanogen

The Playstore access rules, Google app rules and their binary blob licence is a severe handicap for any 3rd party Android. However Cyanogen themselves seem to have messed up a bit too as well as alienating / ripping off some contributors.

4
0

This speech recognition code is 'just as good' as a pro transcriber

Mage
Silver badge
Devil

Re: Dodgy numbers?

Yes, it's actually garbage.

1) The real score on real world stuff will be lower.

2) Any competent Audio typist (that works with the same person) can beat a transcriber (remove source errors).

3) Perhaps they are comparing a real time stenographer? Even so it's a poor score.

Natural language parsing is the limit, it's simply nowhere near good enough to sport decent text to speech.

Dictation transcription (aka Audio typists), transscription not in real time of unknown source, speech/Film/TV/News subtitles in real time, and live stenography / shorthand with later transscription are all different activities. All rely on UNDERSTANDING the meaning as well as basic parsing.

This is shameless marketing.

4
1

HomeKit is where the dearth is – no one wants Apple's IoT tech

Mage
Silver badge
Devil

Also

IoT is mostly sold by accident? You buy the expensive coffee maker and it happens to have it?

Yes SOME people deliberately go out and buy Nest or an IoT door etc, rather than reliable traditional products from established suppliers that won't be closed by Google tomorrow or ditched by Amazon or Apple for something with more profit.

Amazon Echo and Google Home are madness anyway. Ask Harry Harrison's teddy.

Apple Homekit isn't as show-offable as their iPhone and iPad. I'm sure Apple can't understand why the apple TV (stupid name for something that's an over priced locked to iTunes streaming box with no screen) isn't the money spinner that iPod + iTunes was. I wonder do Apple actually understand why the iPod and then then the iPhone were so successful? It wasn't the price, security or technology.

iPod: The iTunes compelling content deal with Record Labels of selling tracks instead of full albums.

iPhone: The compelling Carrier deals with unlimited or massive caps, when all other smart phone users were paying a fortune per megabyte! Or even per second connect time!

It was never purely the technology or even the box, despite what Apple or Apple fans like to think.

There is simply no compelling reason to have an Apple TV vs a Roku, Chromecast, Amazon FireTV, PS4, Xbox or Sky Box.

There is no compelling reason to have an Apple Watch, unless you already have an iPhone and you want to look like you have a high disposable income (it's a product that should and does sell less than $60)

Why would anyone especially buy Apple Homekit compared to any other IoT, given that IoT is a minority sport in the first place? Hardly anyone will know you have it and it's not even shiny in an an Apple Store. It's laudable the commitment to security in it. I wish all IoT had it but elsewhere I point out that security is never coming to IoT.

11
5

AI, AI, captain: Royal Navy warships to set sail with computer officers

Mage
Silver badge

Oh dear

Words fail ...

2
0

How do you make a qubit 10 times as stable? Dress it up for work

Mage
Silver badge

Hmmm... interesting explination

Sounds a little like lies for children, except do they understand difference between AM and FM?

2
0

Ubuntu 16.10: Yakkety Yak... Unity 8's not wack

Mage
Silver badge

Mint 18

Mint 17 and Mate desktop is much better than Ubuntu also.

2
1
Mage
Silver badge
Mushroom

still-not-quite-there Unity 8

Scrap Unity.

It's a nonsense idea for productive workstations. Who installs Ubuntu on a 7" tablet or less than 6" Phablet?

1
1

Vodafone and Inmarsat hang satellites over potential Internet of Things customers

Mage
Silver badge
Boffin

RFIDs

The RFIDs are read at close range (i.e. dairy) or some herding activity.

Then a Mobile phone data connection is used.

Satellite provides the back-haul for the conventional mobile basestation. Inmarsat is competing with OB2 / Astra / Eutelsat and others. This is NOT the expensive direct to customer satellite Terminal market. The clue is Vodafone.

2
0

Basic income after automation? That’s not how capitalism works

Mage
Silver badge
Windows

Re: Errrm

How many of those cars are made in UK?

How many TVs are made in Europe now.

Large scale automation was common in the 1930s, though it started in the late 18th century.

There is eventually saturation and eventually a situation where very few people are employed. They are developing the technology to restock shelves and already have self service checkouts in some shops.

There will be no overnight change. However there are no "jobs for life" any more, except maybe in some Civil Services. We are a long way from having to make this decision, it could be another 150 years. It seems likely though there will be a slowly increasing number of people that never get jobs.

It's really a lie about retirement age being raised. It's the age to start getting a government pension that is being raised. If you are over 49, then you are more likely to be made redundant and if over 59 unlikely to to find a job if you are unemployed. Businesses have not raised retirement age, quite the reverse. It's obvious without an age, the approximate age of the person on a CV.

It's a dishonestly written article, typical of the propaganda from "The Conversation"

13
10

Apple's car is driving nowhere

Mage
Silver badge

Re: Trains, planes and ships

"So what happens if there's a loose car on the tracks? Or a large tree? Or a cow (remember why old trains had "cow catchers")?"

Indeed. It's not so simple. So why are people working on much harder car issue than on trains? Solve one problem at a time. Autonomous car needs many different issues solved.

0
0
Mage
Silver badge

Trains, planes and ships

Buses, trucks and cars should be last on the list after Trams.

It's not just because of Unions that trains have drivers, and surely that doesn't even need so called "AI" or GPS (apparently GPS isn't good enough for autonomous cars, not just accuracy, but signal loss). So let's do trains first. Signals can tell the train where it is. It doesn't need to steer. Only follow signals and stop if there is something unexpected on the track, which should be very much easier than cars avoiding unexpected things on roads (bins blowing in wind, missing manhole covers, never mind trucks, children or cyclists.)

1
1

What's 5G? Who knows, but Qualcomm's designed a modem for it

Mage
Silver badge
Coat

fool around with 28 GHz

Yes, in open plan offices. Or rooftops.

1
0

Sweet, vulnerable IoT devices compromised 6 min after going online

Mage
Silver badge

ISP problem isn't simple.

Unlike historic email spam bots the current devs are clever. They rely on scale. Each individual IoT will seem innocuous to an ISP and their main concern of absolute traffic per user. There are a lot of ISPs and the bigger ones have a lot of customers.

3
0
Mage
Silver badge
Unhappy

How Bitcoin might help fix the Internet of Things.

It can't.

The other issues are:

1) The user is unlikely to ever know it's compromised.

2) Most devices can't be updated.

3) Even if updates exist, users are unlikely to know they exist.

4) Even if it can be, and the user knows, most users won't bother.

5) There will be another bug, or patch ineffective and the maker will be gone, or closed by Google or lose interest as they are supporting the new shiny thing, or developer is gone (outsourced?) and no-one can patch it.

Forced automatic updates are actually a security risk and not a solution.

Ultimately the palliatives used by phones, tablets, PCs etc only partially solve the problem even for those. The IoT issue may not have a solution other than uPNP illegal on firewalls and no INWARD control at all on domestic IoT.

We don't even have a complete solution for ordinary Internet stuff. The issues go to the heart of adding security as an afterthought to most internet protocols. Why didn't email have signing, whitelisting, etc from day one?

Why are web browsers still not properly sandboxed?

Why did anyone ever think Active X or Java (not Javascript) was a good idea in a browser?

Why aren't 3rd party cookies illegal, or 3 party iFrames blocked? Why are all defaults on all browsers and email clients at nearly the worst for security & privacy.

So how can we expect anyone to get IoT security right?

So called "Agile" software development makes it all worse.

32
0

Google has unleashed Factivism to smite the untruthy

Mage
Silver badge

so if one side is simply making stuff up

Both (or more sides) make up different stuff.

3
0
Mage
Silver badge
Devil

Google as the Brahmin priesthood?

Ha ha!

I'd trust them less than Clinton, Blair, Bush, Trump, Putin etc.

Though I think their agenda is making money. At some stage though all large corporations become more interested in Empire Building and Ego than purely profit motive. That's a worrying thought.

4
1

Court finds GCHQ and MI5 engaged in illegal bulk data collection

Mage
Silver badge

Re: Article 8 of the European Convention on Human Rights.

In case anyone is in doubt, I'm being sarcastic and thinking of Theresa "1999" May. The Wilfred Greatorix stories more like UK than Orwell's 1984, as after all he was really condemning contemporary regimes.

21
2
Mage
Silver badge

Article 8 of the European Convention on Human Rights.

Well, solution is obviously to exit EU, then ECHR, then various conventions (Hague, Berne, Geneva) and UN.

39
1

Hello |FNAME|, this is the Obama-bot Drupal chat module speaking

Mage
Silver badge
Facepalm

Bot for Facebook Messenger?

Another reason to avoid ...

1
0

Salesforce rules out Twitter bid

Mage
Silver badge

Twitter losing money - will eventually close

Perhaps if people stopped using Facebook, or at least stopped promoting it or blocked all the ads it might eventually close too. Then we would only have the problem of how to regulate Google.

Amazon, Apple, MS, AirBNB, Uber etc are all adequately covered by pre-internet laws, if they were enforced.

Why do Police, Broadcasters, Local Councils, Big companies all promote Twitter & Facebook on the their websites (driving away traffic)? It's not the golden pages / yellow pages.

They moderate, thus are not common carriers, yet don't do it properly, also are they even in reality legal in EU and other places with EU style legal systems?

0
0

Forums