* Posts by clanger9

126 posts • joined 27 Jan 2010

Page:

New state of matter discovered by superconductivity gurus

clanger9

Re: using liquid helium or liquid nitrogen, which is expensive.

It's not the the cost of the liquid nitrogen. It's the cost of keeping it liquid!

The energy (currently) needed to keep even a high-temperature superconductor cool is more than the energy that is lost by a normal conductor. Add in the extra cost of the superconductor itself and that's why we seldom use superconductors to transport electricity.

4
0

End all the 'up to' broadband speed bull. Release proper data – LGA

clanger9
FAIL

Still not enough to filter out incompetent ISPs...

Switching to SSE fibre (they're a reseller of Daisy) has been a disaster for me.

Sure, I get the advertised ~38Mbps EARLY IN THE MORNING.

Evenings? Forget it, Daisy's backhaul is so hopelessly saturated I'm lucky if I get 2Mbps.

Complete waste of time - and it seems there's nothing SSE can do about it.

My own fault, I should have realised the deal was too cheap, but even if there had been postcode-level mapping available, I would still have been suckered. I'm currently arguing with them to escape from my 18-month contract, on the basis that what they're providing isn't worthy of the term "broadband" :-P

2
1

WhatsApp is to hand your phone number to Facebook

clanger9

Yes, you're right (and I already grok all of that).

However, the article seems to imply that they will add your WhatsApp mobile number to your Facebook account profile - something FB has nagged for for years and I've always resisted. No means no, right?

I realise/accept/hate the fact that *they* are able to identify "me", but I will also be very pissed off if they add my mobile number to my FB account without asking.

1
0
clanger9

Assuming you have both, how can they link your WhatsApp profile (that has a phone number) which your Facebook account (which doesn't)?

Are they linking using the email address or what? I have a different one for both. I've never associated my mobile number with my Facebook account and have no intention of doing so...

1
0

Lester Haines: RIP

clanger9

Thanks for all the laughs

Sad, sad news. Taken way too early.

7,000+ stories is a good ol' legacy! You made us smile & laugh, that's what counts...

4
0

TeamViewer denies hack after PCs hijacked, PayPal accounts drained

clanger9

Re: Possible attack vector?

I has a quick check with a clean install of the TeamViewer client. There is no need to set up a TeamViewer account. First of all, it asks if you want to set an "unattended access" password. Hmm: I wonder if some people set this on first install with a memorable (possibly re-used) password and then forgot about it? This is clearly a different password to the TeamViewer account password (which is what you use to log in to the service if you set an account. It has 2FA etc).

Next screen implies remote control is now possible with a 9-digit ID (presumably set by the TeamViewer servers) and a 4-digit PIN (presumably randomly set by the client). A quick look with Wireshark shows it opens an SSL connection to integratedchat.teamviewer.com every 5 minutes - presumably to announce its presence to the TeamViewer servers. It defaults to allowing "Full Access".

Nothing looks obviously insecure, but that "set unattended access password on install" combined with "default allow full access with 4 digit PIN" suggests that there are a couple of ways a default installation might be compromised.

I agree with psychonaut that you seem to need the 9-digit ID to connect (rather than just an IP address as I said earlier). Perhaps someone found a way to get that ID from the TeamViewer servers? Or maybe you can just try random IDs with a brute-force on the PIN until you get lucky?

0
0
clanger9
WTF?

Possible attack vector?

Just joining together a few threads:

- Apparently you can connect to TeamViewer clients by IP address. It's not restricted to the registered account (by default)

- Apparently TeamViewer sets a less-than-random 4-digit one-time use password for remote access (by default)

I did not know either of these things. It seems you have to go into the settings to remove the OTUP if you don't want it and enable whitelisting to prevent connections by IP address.

So, if you can somehow get a list of IPs using TeamViewer (using a DNS DDOS, perchance?) and you've semi-cracked the "random" OTUP generator, then you're in.

Does this sound feasible? I'm unconvinced that this is a simple password re-use problem, despite what TeamViewer are claiming.

0
0
clanger9

Re: Nope, Teamviewer is the tool, not the source

"a Windows Trojan disguised as an Adobe Flash update that's doing the rounds using TeamViewer to backdoor machines."

Hmm, you got any evidence for that? While you can never be 100% sure when people claim not to have installed a rogue Flash update, the fact that one of the first actions for some of the TV attacks is to dump the Chrome password list suggests (to me) that they don't already have the user's passwords.

Why would they dump the password list via TeamViewer (not the most subtle approach) if the machine is already compromised by a Flash trojan?

0
0
clanger9

Re: I could be wrong but

Probably naive.

I understand TeamViewer has the ability to start (privileged?) executables remotely. A number of the posts on Reddit report the upload and running of "webbrowserpassview.exe" (for example) that dumps saved passwords from Chrome.

You can still do harm with TeamViewer without gaining control of the desktop...

0
0
clanger9

Re: It's not the accounts that got hacked, it's the client

Maybe, maybe not. My guess is that it's not unrelated to recent attacks on their DNS. Something possibly involving hijacking responses/chatter between the client and the TeamViewer account servers.

Without knowing how TeamViewer authentication works, it's hard to be sure...

1
0
clanger9
FAIL

It's not the accounts that got hacked, it's the client

The TeamViewer service accounts seem to be OK: 2FA, no evidence of a hack anywhere.

What seems to be happening is that miscreants have found a way to connect to TeamViewer clients, somehow bypassing the authentication. This has happened to a guy at work last week: TeamViewer account fully secure, unique password, 2FA, etc. While using his laptop, someone connected via TeamViewer and started clicking around. Fortunately, it wasn't a serious hack attempt, seemed more like a skiddie.

TeamViewer now uninstalled everywhere here until we find out more. The software client is broken somehow.

Pure speculation on my part, but that's my take on it.

2
0

Air-gapping SCADA systems won't help you, says man who knows

clanger9

Re: Excellent

Sure, you can try to air-gap. Enforce it all you like.

But you can't stop there, you have to assume it'll be breached and watch for the breaches.

I've lost count of the number of times I've heard "it's secure, we have an air-gap". Yeah, right.

2
2
clanger9
Mushroom

Excellent

The myth of air-gapped SCADA needs to die once and for all.

On a closed secure site: fine, give it a go. If you can manage to operate efficiently without any link to the outside world then I'm happy for you. Most business don't work that way.

For anything remotely distributed (i.e. most utilities) the air gap WILL be breached somewhere and no, you won't know about it - until it's too late...

5
9

Mitsubishi 'fesses up: We lied in fuel tests to make our cars look great

clanger9

Re: Energy in = energy out

Max efficiency of an i/c engine is only around the 30% mark. Efficiency of a typical i/c car (from fuel to forward motion) is ~15% (when I last checked - maybe a bit better these days). There's still plenty of scope for improvement...

0
1
clanger9
Devil

Re: Only 10%?

"measure a vehicle's emissions whilst it achieves its stated 0-62 time for example"

Now there's an idea to put the fear of God into the motor manufacturers. Have you ever been behind a modern performance car while it accelerates on full throttle? *cough* *splutter*. The muck that comes out of the back of these things on full tilt is amazing.

You get the impression that the pollution control gear is there solely for the purpose of getting through the tests and does pretty much f-a the rest of the time...

2
1

BT dismisses MPs' calls to snap off Openreach as 'wrong-headed'

clanger9

Re: Publicly owned business

This is the nature of nationalised public services. They are uniformly awful. The socialist ideal is fine but when it hits the buffers of reality it all falls apart. Like every socialist ideal.

Counter-example: Vienna's public transport system. Fully integrated tram/bus/rail. Cheap. Everything runs on time, regardless of the weather. The tube runs all night and there's a fill-in night bus service that can get you to more or less anywhere on the network at 4am if you don't mind waiting around. They regularly extend the network with major construction projects through densely populated areas and these projects seem to mostly run to time and budget. And it's state owned, using the 'silent owner' approach described above. Like in London, public transport is seen as a strategic asset for economic wellbeing of the city, not something to make a quick buck from.

https://en.wikipedia.org/wiki/Wiener_Linien

I don't know how or why it works, but it does. Heck, it's not even inefficient: 900 million passenger journeys and 8,000 staff compares favourably with TFL's 2.4bn journeys with 28,000 staff!

0
0

Bone-dry British tech SMBs miss out on UK.gov cash shower

clanger9
Thumb Up

Good to see this on El reg

Terrible proofreading aside, it's good to see this kind of thing getting some media coverage.

In fairness to Innovate UK, if you are lucky enough to get an award from them, they are pretty supportive and easy to deal with - a far cry from the bureaucratic nightmare that was the Technology Strategy Board (TSB).

The funding criteria and awards process are truly bizarre, though. They have funded all sorts of ¡Bong! 'digital' nonsense, but seem really wary of anything vaguely industrial. The placing of the Energy Systems Catapult in the Midlands was another huge missed opportunity, especially when most of the industry and backers for it are located in the North West.

Definitely lots to complain about, but also a potential force for good. We all need to keep the pressure on...

4
0

LastPass in 2FA lock down after 'fessing up to phishing attack

clanger9

Re: KeePass Cross Platform Synching

Yes: 1Password does subscription-free cross-platform self-sync, with the password vault stored in a place of your choosing.

No vested interest (other than being a happy customer). Sure to be other options out there.

5
0

UK's super-cyber-snoop shopping list: Internet data, bulk spying, covert equipment tapping

clanger9

Re: Please explain this.

I think it's trying to say:

"We will keep a history of all connections by default. We will trawl this history whenever we feel like without a warrant and if we find anything interesting, we'll get a warrant to look at any new content"

So, it's storage of connection records and access (on demand) to new content. Historic content is not stored by default, but you can put a warrant in place and then just hit "Save".

As someone said above, goodbye end-to-end encryption...

1
0
clanger9

Re: The devil is in the detail ...

...aaaand there you have it:

"...a record of the communications service that a person has used"

"a record" - could contain anything, as a minimum likely to be who it's from, who it's to, a timestamp and probably a geographic location. "See, it's just metadata. No content data at all, m'lud!"

"the communications service" - Email, Whatsapp, Skype, Facebook, Instagram, Snapchat, dating sites, your online banking service, the works basically.

"a person" - no fuzzy IP addresses here, mate, none of that rubbish. We're talking RealID (TM), backed up by biometrics and the FORCE OF LAW. Ha ha!!

Sheesh. It would be helpful if someone (anyone?) in the mainstream media could get out there and explain this stuff properly.

9
0
clanger9

Re: I haven't heared so much bull$h1t since the last time she stood up...

Worse than that, I don't see how this "itemised phone bill" could possibly be used to work out who is talking to whom (if it's just a "list of websites"). Who the hell communicates via a "website"??

If they really want to know who is talking to whom, they are going to need to go MUCH deeper. This really suggests logging at the service/protocol level.

It'd be helpful if someone could explain what the Bill actually says as it appears to be in foreign. If it requires communication providers to provide such a log, then it would effectively outlaw any end-to-end encrypted service (as well as P2P).

I suspect this is not the "watered down" Bill you are looking for...

10
0

Licence to snoop: Ipso facto, crypto embargo? Draft Investigatory Powers bill lands

clanger9

Re: DNS and SSL - flawed proposal?

Yes, but they also keep saying that the purpose of this legislation is to enable them to establish who is talking to whom. If that is indeed true, I don't see how a FQDN gives you that.

There must be something else being legislated here.

0
0
clanger9

Websites != "communication"

Does anyone understand what is being proposed here?

On Radio 4 they were saying that they need to know which "websites" people visit. In the next breath, they're saying that this is so they can find out "who is communicating with who, like we used to be able to do with telephone records".

How the hell is a list of FQDNs going to tell them that? Who communicates via a "website" anyway (apart from grandparents on Facebook, I mean)?.

If they want to know who is talking to whom, they're going to need to compromise every comms platform out there and/or mandate some sort of server-side comms logging. Heck knows how they'll deal with P2P comms. Will P2P just be made illegal? Yeah, that'd "solve" a few other problems along the way, wouldn't it? Hmm.

There must me more to this legislation than the party line of "It's just a list of websites blah blah blah". Can anybody fine the /really/ relevant clauses?

5
0

Jeremy Corbyn: My part in his glorious socialist triumph

clanger9

Full of win

Pam Ayres in a burqa

"enormous desire to spend other people’s money"

"analogue"

- genius! :-)

4
0

Hyundai ix35 Fuel Cell: El Reg on the hydrogen highway

clanger9

Re: Fuel tank rated to 10,000psi

"whereas a fuel cell can offer over 90%... "

Hate to break it to you, but fuel cell conversion efficiency is actually much, much less than that: about 30%, not 90%.

The 90% figure you're quoting includes the waste heat (for CHP schemes and the like). Yes, fuel cells are usefully better than an internal combustion engine, but not by much.

Sadly, end-to-end process efficiency for H2-powered vehicles is "a bit pants".

Just look at all the cooling ducts on the BMW's i8 fuel-cell prototype. That tells you everything you need to know...

1
0

Watch out Sonos! Here's the second coming of Yamaha MusicCast

clanger9

Looks nice, couple of questions...

These multi-home streamers tend to have a few underlying niggles which they may have kept quiet about the the demo.

1. Will it handle gapless playback? This is just about possible with uPnP (but not always). Linn added some (proprietary but open) extentions to produce OpenHome (http://www.openhome.org/wiki/Oh:Overview), but only Linn seem to use it.

2. I presume it does multi-room synchronous playback? This is hard to do reliably over wireless, especially if you also deal with issue #3. Sinos has this pretty well covered.

3. What is the buffering delay/lag like? AirPlay has huge delay, which means it's not much use for directly connected video. Linn get around this issue by reducing the delay (at the expense of reliability) for video sources.

3
0

Anti-privacy unkillable super-cookies spreading around the world – study

clanger9

They put the phone number in the header??

Good God, that's a spectacularly clueless idea. I'd like to know which mobile providers actually do that. Anyone able to name names?

3
0

Global spy system ECHELON confirmed at last – by leaked Snowden files

clanger9

Re: Wrong targets

> So, why are we told that it's ok to bring in mass surveilance for one problem, but not for more serious ones?

Simple. Terrorism threatens politicians' well-being. Car accidents threaten yours.

4
0

W3C's failed Do Not Track crusade tumbles to ad-blockers' Vietnam

clanger9

Re: Google Scripts

Try Ghostery. It seems to block the Google tracker without breaking the site (mostly).

5
0

Amazon cloud threatens to SMASH the fundamental laws of PHYSICS

clanger9

Re: Note the free 5GB service has now gone

Update: Amazon seem to have reinstated Personal Docs - I haven't signed up to the free trial, but it's working again.

Cock-up rather than conspiracy I guess. Yay for customer service, at least they fixed it within a day.

0
0
clanger9

Re: 30 Days to back out - there's your limit

I think there's a local sync app (a la Dropbox). So you can maintain the mirrored files locally and the sync app should diff the changes to the cloud.

That also helps get around the problem of getting your data back if you cancel the service: maintain a local mirror. The storage limit is then the size of local storage array.

0
0
clanger9

Note the free 5GB service has now gone

OK, no sympathy for freetards etc, but my Kindle 3G now won't accept any new personal documents because my (previously free) Amazon Cloud account is now deemed "over quota".

Among all the hoopla about the new unlimited storage, most news outlets have forgotten to mention that the old "5GB for free" service has been removed.

Unfortunately, the only way for me to access my account to bring it under quota is by signing up to the trial. Something I don't particularly want to do (having been nearly burned by an accidental "free" Amazon Prime trial in the past...).

Note to self: never *EVER* buy hardware that is tied to cloud specific services. Especially free ones...

2
0

HELP! Windows Phone update 8.1 broke my Lumia

clanger9

Weird

My cheapy Linx 7 tablet does exactly this - yet it runs full-fat Windows 8.1 (not Phone). Is there much shared code between the two platforms? It seems to lock up on power-state changes (charging, etc). Waiting/hoping for a fix...

4
0

Synths of the father: Making some noise at NAMM 2015

clanger9

I love this stuff

Please can someone buy me an EDP Wasp for Christmas?

Cheap, nasty and punk. Shame so few of them are still around...

3
0

I'm sooooo green: The Beginner's Guide to Krautrock

clanger9

Welsh Krautrock, anyone?

Great article - I love all this stuff!

I recently came across this little gem from the seventies (though Welsh rather than German):

http://www.sadwrn.com/eng/Bur-Hoff-Bau/Bur-Hoff-Bau

No idea who they are, but proof that Seventies was a very weird decade...

4
0

DEAD STEVE JOBS accuses Real Networks of 'hacking' iPods

clanger9

My memory is fading...

But it seems either the reporter (or the lawyers - I can't tell which) have got the story slightly back to front.

You've *always* been able to put non-DRM music on any iPod via iTunes. However, if you want to play DRM'd music on an iPod then it has to be Apple's own. I suppose this is what Real are complaining about: "Apple won't let iPod users buy crappy DRM'd music from *our* store!"

The problem for Real was that iPods were popular and Apple weren't interested in letting them put Real's DRM onto iPods

If I remember correctly, there was some "hack" around at the time which fooled iPods into accepting content from Real networks by fooling the iPod into thinking it was talking to iTunes and Apple closed this loophole by pushing out a firmware update.

Or did I get this wrong? I don't remember "iTunes" ever "blocking" users from putting content on an iPod. On the other hand, it's never offered a choice of "DRM'd music store", but seeing as the music-buying public had already got bitten once and quickly flocked to non-DRM stores instead (emusic, We7, Amazon and now iTunes Store), this is a moot point.

If Real had had half a clue, they'd have recognised this and offered non-DRM music. Problem solved.

11
1

Hi-torque tank engines: EXTREME car hacking with The Register

clanger9

Re: Mavis

Chris Williams has also got a fantastic Napier-Bentley. it's "only" a 24 litre W12, vaporises the tyres off the start and is an absolute hoot to watch. See it if you can!

Here's some footage of him getting it all wrong at this year's Cholmondeley Pageant of Power (Mavis the Packard-Bentley is the first car through sedately, followed by the manic Napier-Bentley about 01:20 in):

http://www.cpop.co.uk/social-buzz/videos/napier-bentley-crash-at-cpop-2014?video=18

2
0

You stupid BRICK! PCs running Avast AV can't handle Windows fixes

clanger9

Re: Anti-virus

ESET?

We use the Endpoint Antivirus product here on our corporate PCs and it's the least intrusive system I've come across...

1
0

We must SMASH the Democratic Deadlock with MINDFUL EVIDENCE

clanger9

Re: Rand

Excellent stuff, thanks for the pointer. A very neat skewering of the utter loopiness at the heart on the Rayndian cult. For example:

"Cigarettes were pro-life and pro-man since they were manufactured by productive capitalists for human enjoyment"

It's scary how many people still appear to sympathise with this junk.

8
2

Microsoft has Windows Server running on ARM: report

clanger9

Re: Linux ahead(as per usual)

We had a bunch of Alpha NT machines back in the day. Nothing worked. All the (useful) Windows software was closed source and no-one would sell us Alpha binaries. Even the official release of Microsoft Office for Alpha (4.2?) was flaky.

Eventually, we gave them away. I took one home to use as a server, but as it ran a buggy version of Windows NT 3.51, it wasn't much use for that either. It could have probably run Linux, but Linux was fairly primitive back then...

0
0

'Leccy racer whacks petrols in Oz race

clanger9

Re: Impressive

Blimey, that is one quick car!

Radical V8s are jaw-droppingly quick off the line to start with - the way it screams past the V8s from the start is very impressive...

3
0

Cor blimey: Virgin Media pipes 152Mb fibre to 100,000 East Londoners

clanger9

Anyone tried aaisp.net?

aaisp.net seem to offer no-contract unthrottled IPv6 internet (but with 100GB cap). Looks more like a business offering than consumer-grade, but they do offer a "home" package.

Just wondering, 'cos I'm getting fed up with my consumer-grade ISP who seems to have decided what I *really* need is to buy TV services from them. Hint: I don't, so go away and stop asking.

2
0

Google updates Maps app for iOS, Android, adds Uber support

clanger9

Why does it keep trying to access my Contacts?

Not sure why, but every time I ask for directions it wants access to all my Contacts. Hmmm.

0
0

Spy back doors? That would be suicide, says Huawei

clanger9

Surely...

...the problem for the security services is that Huawei kit doesn't have security service-mandated back doors in it, whereas the domestic kit does?

You can't trust anyone these days...

7
0

Amazon wires up email-to-Kindle to its gigantic online hard drive

clanger9

Kindles have always had the email-to-Kindle-via-Amazon's cloud feature. This part isn't new.

What does appear to be new is that you can manage the files stored in the cloud though your Cloud Drive.This is welcome as previously there was no sane way to manage these files: just a long list of them that enabled you to delete them one at a time, for example. It'll be much easier to manage if these files now show up in Cloud Drive.

5
0

Deep desert XP-ocalypse averted as Reg man returns

clanger9

Great write up!

I love these stories of IT in the real world.

Never mind all the pontificating how things ought to be, this is the (harsh) reality for many folk and it's great that wise heads have pitched in with valuable advice for the rest of us.

Simon, you should feel proud of what you've done for this community. Keep up the good work!!

3
0

Bletchley Park spat 'halts work on rare German cipher machine'

clanger9

Donation made to TNMOC

Why is the Bletchley Park Trust acting in this way? It makes no sense!

Does anyone actually think that Ian Standen is doing a good job? If not, why is he still in a job??

8
0

Compact Cassette supremo Lou Ottens talks to El Reg

clanger9

Re: Ah, cassette tapes...

Ah yes, the ancient lost art of azimuth adjustment!

To hell with calibrated measuring gear and all that; people would look on amazed as I whipped out a pocked screwdriver and transformed their muffled ol' cassette deck with brightness and clarity :-)

Of course I never had any threadlock on me, so once it had been adjusted once it would wander out of true again after a few months. Cue an encore performance!!

It wasn't all bad being a geek...

3
0

Fanbois taught to use Apple's new killer app: Microsoft Windows

clanger9

Re: Macs are "so expensive" - not.

Umm, could it be that an old Mac is *actually still useful*?

Got an ancient (2002-era) PPC iBook here fitted with an SSD. Runs in clamshell mode as a silent server and daily newspaper aggregator. Uptime: {checks} 709 days. Not bad. I've certainly had my money's worth out of it.

1
0

IT bloke publishes comprehensive maps of CALL CENTRE menu HELL

clanger9

Awesome - thumbs up to this guy!

Nice website too. Really nicely done :-)

2
0

Page:

Forums