141 posts • joined 14 Jul 2009
Re: $10/yr is the tip of the iceberg
Browser's hoot when they see a new self signed certificate because there's no trust involved. Anyone could have made that certificate. If you rely solely upon such a certificate, anyone could perform a MITM attack, and your encryption is now worthless.
If you don't want the browser to spit fire when it sees such a cert, install the certificate on the client. If you can't install the certificate, the only way to obtain a benefit from a self-signed certificate is to have the end-user actually view the certificate details and confirm the fingerprint matches one which has been securely transmitted to them. And that's a whole lot of hassle to save a few dollars.
Re: $10/yr is the tip of the iceberg
Just how many wildcard domains would you need? They're less than $100 a piece.
If you're running a business setup that requires multiple domains and a content delivery network for your customer facing side of things, I'd be pretty surprised to learn that you don't already have certificate management in place. Crikey, when I managed the business side of such things, I had every site SSL accessible a decade ago.
If your contractors cannot manage SSL configuration, you need new and competent contractors. This stuff isn't rocket science.
Re: When I can self sign, and provide my CA by side channel (e.g. DNSSEC)
Presumably you don't need a high google ranking. Otherwise, when an SSL cert is available for around $10/year it's a bit of a no brainer.
Encouraging the use of self-signed certificates is never going to happen. On a public facing website, their use only encourages users to blindly click through security warnings. Their only appropriate place would be where you have control over all the client devices so you can install your own certificate authority.
Re: Proprietary compression technology
The licensing cost is likely trivial compared to the cost of developing a quality alternate codec that will have hardware decode/encode support that's necessary for decent scaling. But, if you really want to avoid the costs of licensing something that's been tried and tested, use speex which can work at similar bitrates.
I remain skeptical of any need or benefit from developing a proprietary codec.
Proprietary compression technology
Why would you spend money developing a proprietary compression technology that carries voice in 11 kbps when g.729 runs at 8kbps and with extensions can get to 6.4kbps?
Either way, on 2G data this isn't happening. With consistent bandwidth g.729 is good enough, but on 2G mobile data latency and jitter will be big issues. Combine that with the ever decreasing cost of just making a call from your phone and there's no incentive.
In most the world, the cost of mobile calls are declining or being bundled as unlimited packages, whereas data is becoming more restricted. That reflects usage. If, in areas where calls are still pricy, there is any sudden shift to VOIP, carriers will just change their pricing structure.
The paid for 900 and 1800, but not in cash
At least for the 900MHz block, and I think also for the 1800 block, operators had population coverage requirements to meet. So they paid for the allocation in terms of rolling out masts.
If only the government had adopted that stance with 3G and 4G and these small islands would have close to 100% geographic coverage with high speed mobile connections. That would have a potential to drive real economic growth. Instead the government just went for a quick pay day that has only hindered deployment. Now they seek to repeat the mistake.
Seems hugely unlikely. I check permissions before installing any app, and don't recall any unusual ones asking for read/send SMS permission. So I dig around and find the actual source for the article: http://research.zscaler.com/2014/07/and-mice-will-play-app-stores-and.html
And sure enough, of the 75k apps, 7% ask for SMS permissions, or 5,250 of the 75,000 tested.
68% of apps with SMS permissions have the ability to send, so 68% of 7% is 4.76% of apps, from the 75,000 tested, can send text messages.
Whenever my discount ends I go through the 20 minute call saying match what you gave me or just cancel the service.
You mean now they're going to answer with 'okay, we've turned of your interwebs' rather than offering me a discount on my bill?
Re: Accessing data , and Chromebooks
Create new document, add some random text
File -> Email as attachment
Set filetype to plain text
There, you just created a plain text version using the Google Docs web interface.
As for the backup being with Google, rather than on my computer, I'm pretty confident that Google have better backup processes in place than I'll ever manage at home. They've previously shown that even gmail gets backed up to tape.
On most modern phones, a clear rear cover is really only going to show you the battery, since it takes up the vast bulk of space behind the rear cover. That's probably a big part of why, when Google/LG and Apple made phones with glass backs, they chose not to show the phone's innards.
Re: With NYT-editorial levels of truthiness, we boldly go....
The problem is that if all the publishers act together then they'll breach competition rules. If one independently decided to boycott and others independently chose to follow that might be okay, but they'd likely be in big trouble if they acted as a group.
Still, there are other outlets for their books on both sides of the Atlantic, be it Barnes and Noble in the US or Waterstones in the UK. I'm sure either would happily take the business if one or more publishers wanted to abandon Amazon.
Re: Use Welsh/ Irish or Scots Gaelic
God help us.
Strange description of Chromecast
I imagine streaming a Chrome tab is the least most common use for the Chromecast. A great many more users will be using it as a way to get Netflix, Plex, HBO etc onto their big TV while controlling things from their phone.
This is where Chromecast comes into its own, because it streams directly from the server, rather than through your mobile device as in Apple's AirPlay.
An adult head weighs over ten pounds. About five kilos in new money.
Moving your head a lot is typically uncomfortable. Try tilting your head and keeping it at an angle for a minute. To me at least, this user interface sounds exhausting at best, and downright painful at worst.
I really can't think of a worse way to navigate a phone than moving my head.
Re: I disagree
They could take lessons from Google. My Moto X responds to voice commands. It also recognizes if I'm giving them and ignores them if it's my wife speaking.
I have to guess you've never used it. It takes me far longer to open my wallet and get out my card than it does to pull out my phone and tap the back against the terminal. So it's faster, not slower.
Using Google Wallet I pay exactly the same. My only disadvantage is I get fewer rewards from my credit card company - I'd normally get about 5% cash back in a supermarket and that's cut to 1% as a general transaction through Google Wallet. If I was using a debit card rather than credit card with rewards, there'd be no difference whatsoever.
Certainly it's unnecessary, but so to are debit and credit cards. Indeed we could all return to paying by lumps of gold. But, truth be told, I have a wallet full of bank cards and store cards. I carry my phone with me, so it's necessary. With widespread NFC acceptance, the wallet is not.
If it were to be a big problem, the solution is for Ofcom to hold the carrier responsible for the CLID. They should trust peers to send a genuine CLID and where there is no trust, refuse to set one.
Telemarketers can then be blocked by CLID, calls with no CLID can be dumped straight to voicemail and abuse can be traced.
Reputable VOIP providers will require proof of ownership of the number before it's available as a presentation number. Non-reputable ones will find no-one sees the CLID they set and they'll lose customers.
Restoring from an actual backup would limit the inconvenience to about three or four minutes. It's a shame Google, in their drive to get us all relying on the cloud, haven't actually integrated a proper backup tool within Android.
I'd love my phone to recognize it's at home and it's the middle of the night and to then start making a backup of itself to my NAS.
Re: Platooooooon - HALT!
I have to wonder if the author has driven in the US? In the UK, you can anticipate the green light because it has a preceding red + amber light. In the US, the light switches immediately from red to green. Drivers of the mostly automatic cars then have to switch from brake to accelerator - no sitting with the clutch depressed, other foot on the accelerator and a hand on the handbrake for a quick getaway.
The highway code assumes about 0.7 seconds reaction time. I'm going to guess the computer driven car will have a much smoother departure from stationary than your typical driver too, so I doubt there would be any particularly noticeable delay from other road user's perspective.
Sure there are plenty of wide and straight roads, but - as someone who has driven on both sides of the Atlantic - the idea that all US roads are like this is tosh. Even San Francisco which has a nice grid system, also has hills and windy roads. Head east and you hit a mountain range.
As for everyone driving at the same speed with cruise control, it's no different to the UK. Sure if you're on the interstate/motorway you can probably use cruise control for lengthy periods, but then you'll hit a lorry passing another lorry with both lanes suddenly slowing from 80mh to 45mph in the blink of an eye. Then the two lorries - non speed limited - will reach the top of the hill and accelerate to 80mph on the descent before repeating.
Now the Google Car might not be prime time ready yet, but anyone who thinks UK roads are somehow special and that UK drivers somehow excel over and above all others is the type of person still buying stock in buggy whip manufacturers.
Do you really believe this? If so, I cannot imagine why.
My gmail account has been made available to numerous companies. I see almost no spam, only a steady trickle of adverts that Google dumps into their own folder automagically.
On my own server, an email account that's about fifteen years old and which has been widely used also sees little spam, thanks to spamassassin, RBLs, and some postfix rules.
If anything, modern anti-spam techniques mean my inbox is cleaner today than it was ten years ago.
Re: SMS Problems?
WhatsApp? Don't Facebook know enough personal info? I really don't want to be reliant on a propriety messaging system as a replacement for SMS.
What's needed is a widely adopted internet based text messaging platform that supports public key encryption. Keys could easily be shared these days using QR codes or by NFC. Then a private message could be exactly that - private.
Re: Stop this madness now
That demands the domain name actually be shown in a different color which at present necessitates a much more expensive certificate. Or are we to have a rainbow of colors for those using EV SSL and those using plain SSL and those that are unencrypted and those with an expired certificate? Meanwhile users see the phishing domain name beside a secured padlock that they've been taught means the connection is encrypted.
Personally, I think that so long as this can be (1) turned off, and (2) when clicked on shows the full URL, it's potentially a good thing.
Re: Why would you make it convenient to turn off an alarm?
Presumably you are not elderly and don't know anyone who is. Presumably you're not disabled and don't know anyone who is.
I was actually quite taken by the idea of having an easy way to silence the alarm if I burn toast, since I find it difficult to reach a ceiling mounted alarm (even with a stool). Just because it's idiotic for you, does not mean it's idiotic for everyone else.
That said, something like the cell phone interface to silence the alarm would be almost as convenient and presumably less prone to accidental silencing.
Most houses either have a gaming device or don't want one. I just don't see where another entrant fits in this marketplace. I have three TVs, I imagine many households are similar. I've put Chromecast on two and will be adding a third and final one.
The disappointing thing is that this likely means no Chromecast support for Amazon Instant Video, not because they cannot but only because they don't want to.
Re: 2007 hardware obsolete?
"Until the hardware dies there's just no reason to buy a new machine - unless you're obsessed with having new shiny-shiny."
This, and this again. I'm sure I'm not alone here in having been one of those who would routinely upgrade their desktop as new processors, motherboards and other bits and bobs became available in the late 90s or early 2000s. There was a big difference in going from a 500MHz part to 1GHz and as RAM prices plummeted we were able to go from computers with 4MB of ram to many hundreds of MB. Today, and since the mid-late 2000s there have still been improvements but they haven't revolutionized the ordinary desktop.
Sure we can now work more easily with video and other taxing stuff, but launching a desktop, a web browser and a word processor is juts as feasible on a 2007 computer as on one bought yesterday. Where one company supplied the hardware and OS, there's little excuse for them to end support this soon.
A few people? I'd imagine there are quite a lot of Mac Minis from 2006-2008 still operational. They're running dual core intel processors and quite capable of running a modern operating system when they have a couple of gig of ram in them.
This isn't an XP moment, this is like Microsoft abandoning Vista which was launched in 2007 - the time as Apple were selling computers that they now imply are fit only for landfill.
And it's only recently that these upgrades were available cheaply. The upgrade from 10.4 to 10.5 was over $100.
Great. Expect random fluctuation in latency
It's pretty easy to make voip work really poorly on a given network. Random fluctuations in latency are almost impossible to work around. A little bit of congestion and your call becomes useless. I don't see networks who have already lost so much revenue from text messaging handing their voice revenue over too.
Re: Any specs? Release date?
From USA Today:
The Nokia X, boasts a 4-inch IPS capacitive display and 3 megapixel camera. It includes 512MB of RAM and 4GB of storage, which can be expanded with a microSD card.
The Nokia X+ is almost identical to the X but comes with more storage and memory by including a 4GB microSD card and 768MB of RAM.
The Nokia XL boasts a 5-inch display with a 2-megapixel front-facing camera, 768MB of RAM and a 5-megapixel rear camera with autofocus and flash. Like the X+, it too comes with a 4GB microSD card.
Nokia X, X+ and XL – priced at €89 ($122), €99 ($136) and €109 ($149) respectively. Availability is immediate.
Re: Prime one-day delivery? Ha!
That's strange. In the US, Prime has been very reliable. Whenever a delivery has been late - other than for weather related reasons - I've received a very quick apology and usually a credit of something like $5.
I can't understand why the customer service in the UK would be so different.
It also showed Google Fiber as the fastest network. Isn't it possible that the speed you refer to represents the maximum bandwidth for a mix of HD and SD broadcasts from Netflix?
They are, after all, a streaming service, not a download service. As such, they have nothing to gain from letting users download much faster than the program they are watching's maximum bit rate. Otherwise, when a viewer stops watching half way through a program, the bandwidth used was wasted.
The results at Speedtest.net suggest Google Fiber delivers a lot more than the Netflix survey suggests:
Because upgrading will surely let them know you are a new user? Do you often find all your preferences, history and bookmarks are deleted when upgrading Firefox?
Not upgrading a browser must be one of the most idiotic things to do, given each new release - from any of the big three browsers - is awash with security updates.
Plex works perfectly and fantastically. It's a shame to have to pay, but the lifetime pass seems reasonable for what you get - i.e. the ability to watch your local media on your on your telly at home, or on your phone at home or anywhere else (assuming you have decent upstream bandwidth).
Given the purpose of Plex is to let you stream your local media, and that Google gave their app early approval, I don't think their problem was with local media streaming.
Did the other apps maybe use the Android device as a conduit, rather than setting up a link between the Chromecast device and the server? If so that would maybe explain why they were banned since it goes against the way Google designed the Chromecast to work.
You could add a small fan and a cheap telly showing that youtube video of a log in the fireplace and use the thing to keep the living room warm.
What an unlucky coincidence that their typo pointed to a malicious domain that was registered yesterday.
I think one of two things could have happened. They did make a typo, but left it hanging around long enough for someone to notice. That person then registered the domain and took advantage.
The alternative is that they were simply hacked and the pages were maliciously altered.
To me, the first scenario seems the more likely screw-up. And therein lies a lesson to everyone in the dangers presented by typos, particularly when you're trusting code from other domains.
When you go to the AT&T website and select their options for bring your own phone it takes you here:
Select you want to bring a smart phone and they recommend a no-contract plan with 4GB of data at $110 a month. I've no idea what else you get for that crazy price, presumably a live-in butler or something.
Having come here from the UK, it's really hard to comprehend just how much ordinary families are paying for cell phones.
I bet you were a barrel of laughs on the school playground.
What does this solve?
What problem does this solve.
Here in the US, I can tap my android phone momentarily against the POS terminal. That's all it takes for the transaction, as the terminal just needs to get the card number from my phone. It then processes it over a second (secure unless you're in Target) data network with the bank's merchant provider.
It's not like I need to keep my phone against the terminal for the duration of the transaction.
Maybe it's the author, not the Americans
"not being fully responsive" to such actions is a reflection of the lack of choice, not the 'stupidity' of Americans. of course, name calling is more fun but the author had already identified the issue earlier in the article.
If, say, an ISP blocked netflix, you would expect most netflix customers to switch ISP. That would be fully responsive. Where you have no choice of ISP, you cannot switch and so the customer base would not, as the court put it, 'be fully responsive'.
That's not a reflection on how lazy or stupid they are, it's a damning indictment of the monopoly/duopoly in internet provision that most U.S. residents face.
Re: google idiots
Not sure I'd admit to visiting YouTube for the comments.
Re: Not seeing the problem here
if you have email addresses that aren't public, don't create a public Google+ account with them. Problem solved.
As for the article saying people were stealthily opted in, I think the fact that Google sent everyone an email explaining what had happened and pointing them to where they can disable it is quite some way for being stealthy.
For those who are upset, and want a clean and private mailbox, there are plenty of hosts that will let you pay for one.
Re: Is this good or what?
And pray tell why the majority of people would need or want a hackable router?
This is hardly aimed at the majority of people. I'd think it's aimed more at the folk who've built an x86 router because there's nothing reasonably priced commercially available to meet their needs. For those folk this isn't unreasonable.
As for the psu, I'm an n of one, but my wrt54g has been running 2x7 for nine years 4 months. I have no problem with its longevity.
So, can I buy 100TB of AT&T data for my app, then sell a browser app with a per gb charge lower than AT&T's consumer data rate? If I faced AT&T's charges, I'd happily pay for Chrome or Firefox by montly subscription if they came with a data allowance.
Re: Ways around censorship
@ Suricou Raven
That's why I specifically asked about whether DNS traffic routed away from port 53 works.
I also pointed out a well known public DNS service that permits traffic on other ports.
I'm suspecting they have a very simple block or possible transparent redirect of all DNS traffic on port 53. They'd need to start packet inspection to spot DNS traffic on other ports.
Re: Ways around censorship
Does anyone have it activated yet? What happens if you use iptables to send your DNS traffic to opendns servers on port 5353? E.g. 188.8.131.52:5353
Re: Plex is a big deal
But $30 a year to stream YOUR local content? That is, after all, what a great many Chromecase owners want.
Avia looks like it might do something, but it used a crazy amount of battery on my Nexus 4 before I forced it to quit.
Isn't that a plain old laptop SATA drive. This is mSATA and a fraction of the size. The largest capacity mSATA on the crucial.com website is 480GB for $329.99 or £242.39 inc. VAT in the UK.
Re: AC @ 21:25
Look it up again. Now it's got three times the effective range!