* Posts by DaLo

355 posts • joined 30 Aug 2012

Page:

Pisspoor EE customer service earns it a cool £1 MILLION Ofcom fine

DaLo
Bronze badge

Re: Can we have...

"or even pass the cost on to their punters"

If they could do that without a problem they would've just increased the costs already. It's not like they can send a letter to all their subscribers saying:

Dear Customer,

We recently go given a really large fine from Ofcom due to our customer service being so poor. Unfortunately our shareholders would prefer it if this didn't affect our profits so we are unfortunatley going to have to make a one-off charge of £15 on your bill next month.

I'm sure you'll appreciate that we are only doing this due to the fine from Ofcom. Thanks for your understanding.

EE

P.S. please don't complain about this as Ofcom might feel the need to impose an even larger fine and then we'll have to make another charge.

3
0

Reddit joins the HTTPS-only stampede

DaLo
Bronze badge

HTTPS can be cached. It is cached with different rules to HTTP but it can still provided a sessioned cached browsing experience.

1
0

Wikipedia to go all HTTPS, all the time

DaLo
Bronze badge

Re: Playing to the gallery

"It's obvious that someone going to "https://wikipedia.com/human_rights_in_china" is not at all protected by the HTTPS protocol"

Eh? Care to explain?

5
0
DaLo
Bronze badge

@Kanhef |RE:Referrer

"HTTPS and browses to a non-sensitive page sent through HTTP, their history will be revealed through the Referer: header"

Doesn't work like that RFC 2616 deems clients should not include a referrer header when linking or redirecting from secure to unsecure for that reason. I've not come across a client that doesn't abide by this.

7
0

Microsoft: FINE, we'll help your web sessions be secure, SHEESH

DaLo
Bronze badge

Really don't understand this pre-load list which all browsers seem to be adopting. These are hard-coded in to the browser source and therefore seems completely unscalable and unmanageable.

In CHromium the preload list is hard coded into transport_security_state_static.json as part of the build. At the moment it has over 2100 domains in the list and every organisation is encouraged to become HSTS compliant and add themselves?

0
0

New Firefox, Chrome SRI script whip to foil man-in-the-middle diddle

DaLo
Bronze badge

Re: Where are the hashes

Eh? Where would they get the fake certificate from? A corporate proxy works because it administers the machines 'below' it. Therefore it creates a trusted root certificate in the computer's certificate store allowing it to impersonate another site.

An unconnected third party doesn't have that luxury. Yes there are a few instances of a compromised trusted certificate store etc but they are relatively rare outside of state control.If there is an easy way to install trusted root certificates on a user's PC then the whole premise of SSL is broken and there is much more to worry about than a rogue script.

At the moment the consensus is that SSL generally works and it is that premise that allows for a secure internet.

As to the original point it then also would not matter about whether the hash and the script had been simultaneously compromised as it would not matter at all whether the site you were visiting used scripts or not, your connection is no longer secure and you are being fed whatever the attacker wants to feed you whether you ask for it or not.

0
0
DaLo
Bronze badge

Re: Where are the hashes

Why would your enterprise need to hack your machine? If a crim has access to your enterprise proxy then you have greater worries than a dodgy script.

0
0
DaLo
Bronze badge

Re: Where are the hashes

This is more a remote MITM or, more relevant, a script server compromise. If they compromise the script server then the web host would serve up the hash and the inconsistency would be found. A local MITM would not be mitigated but this would be stopped by SSL.

0
0
DaLo
Bronze badge

"Marier also urged organisations to add themselves to the browser pre-load list which requires sites to run HTTP strict transport security (HSTS)."

This does not seem very scalable; the preload list is hard coded into transport_security_state_static.json as part of the build (in chromium). At the moment it has about 2100 domains in the list but if every organisation is encouraged to add themselves, surely the list and code will rapidly become unmanageable?

4
0

Android M's Now on Tap cyber-secretary is like Clippy on Class A drugs

DaLo
Bronze badge

Re: Android M will also include much finer user controls as to what apps can access

It has many ways of controlling the access. You won't need to agree to all permissions up front, the first time an app wants to use a permissive feature (e.g. contacts) Android will alert you and ask if you wish to allow it or not. If you don't allow it the app will be expected to handle the restriction gracefully and your choice will be remembered.

At any time you can see the permissions granted to an app and revoke them or you can look at a permission and see all the apps that have been granted that permission and revoke any and all of them.

The issue though is two-fold. You can't restrict Internet access by the look of it and an app compiled for a non-M api won't have the granular control.

1
0

New relay selection fix for Tor to spoil spooks' fun (eventually)

DaLo
Bronze badge
Headmaster

Language has changed a lot since Roman Times

See: Decimate

"Historically, the meaning of the word decimate is ‘kill one in every ten of (a group of people)’. This sense has been more or less totally superseded by the later, more general sense ‘kill, destroy, or remove a large proportion of’, as in the virus has decimated the population."

6
0

mSpy: We haven't been breached. Customers: Oh yes you have

DaLo
Bronze badge

Re: mSpy statement

Yes but in other news: MSpy admits hacking and data theft

"Much to our regret, we must inform you that data leakage has actually taken place," spokeswoman Amelie Ross told BBC News.

"However, the scope and format of the aforesaid information is way too exaggerated."

She said that 80,000 customers had been affected. Initial reports suggested up to 400,000 customer details had been exposed.

"Naturally, we have communicated with our customers whose data could have been stolen, and described them a situation. We put in place all the necessary remedial measures and continue to work on mechanism of data encryption," she added.

A classic quote though from that story though:

"Another user whose financial and personal data was in the cache asked not to be identified but told the security expert that he had paid mSpy to secretly monitor the mobile device of a 'friend.'"

1
0

Pi based kid-nerdifier Kano buried under freak cash avalanche

DaLo
Bronze badge

Re: I hope they brought some cigarettes...

Kano is a british company and the exchange rate is almost spot on.

$149 = £98.36 + 20% VAT = £118.03, so if you feel an extra £1.96 is getting f***ed by an exchange rate rather than just rounding up to the nearest 99, I would suggest you have bigger worries.

11
0

Your new car will dob you in to the cops if you crash, decrees EU

DaLo
Bronze badge

Re: Sound bites bite back

"Severity of injuries"

You may well injure yourself but some times the severity of it depends on quick access to medical professionals and equipment. A cut may not be severe but if it leads to a large blood loss then it becomes severe. A broken bone may not be severe but if it obstructs your blood flow for a long time then it is.

Rapid medical assessment, treatment and extraction often reduces the severity or even the fatality of an injury.

4
1
DaLo
Bronze badge

Re: Sound bites bite back

If the airbag is deployed then it will be reasonable to expect the car will not be going anywhere under it's own steam again so if it is on the road the Police would be needed for traffic flow/recovery etc, if it's off the road then the accident is likely to be more critical.

Also any activation of the airbag should have an ambulance assessment for C-Spine injuries as the forces involved will definitely point to that mechanic of injury.

If you are sure you don't want the emergency services there then you can always call them yourself straight away and tell them there is no problem. It would be likely that the reason for this would be an intoxicated driver so the Police might just turn up anyway.

7
3

Android finally shows up for work, app in hand

DaLo
Bronze badge

Re: The Missing Piece

It's possible for your network provider to do this for you. I'm not sure if any do but Orange in the UK, about 20 years ago used to have a service called "Line 2" which associated a second number to your handset which you could log in and out of. An incon=ming call would show which line was ringing and you could put one on DND etc

1
0

Unpatched 18-year-old Windows man-in-the-middle diddle revived

DaLo
Bronze badge

It is possible to have trusted servers - either previously visited and authenticated (i.e. no automatic attempt to login a box could pop up saying that your device is trying to authenticate to an untrusted/unknown server) or using secure certificates similar to SSL with a whitelist trusted method.

0
0

ICANN urges US, Canada: Help us stop the 'predatory' monster we created ... dot-sucks!

DaLo
Bronze badge

" ICANN claims .sucks domains are being sold to trademark owners in a "predatory" manner"

And at $185,000 deposit + auction surely the original GTLDs were being sold in an even more predatory manner?

8
0

Ethernet Alliance plots 1.6 terabit-per-second future

DaLo
Bronze badge

The picture

A rare post where the picture could actually be useful and relevant to the article and give you some information without clicking through the links and it has been over-cropped so that you can't actually see the figures on the axis or the relevant information!

3
0
DaLo
Bronze badge

Re: Meanwhile we're all still waiting...

They are pretty 'affordable'. even mid range server such as the HP Proliants have or have an option to swap for 10Gbs cards. Netgear do some very reasonable 10Gbs copper to all ports switches for under $1000/£600.

0
1

Smart meters are a ‘costly mistake’ that'll add BILLIONS to bills

DaLo
Bronze badge

Re: Just give us the numbers

"... once a quarter I have to let two men into my house to avoid getting estimated (read imaginary massive numbers) bills."

Where do you live that is so dangerous that it requires two men to read a meter? Also I just post my meter readings online or phone them through, the meter rarely gets read by a company representative unless it seems wildly wrong.

1
0

Zombie SCO shuffles back into court seeking IBM Linux cash

DaLo
Bronze badge

At least Groklaw is still posting the court documents from the major cases on their timeline to keep the case records up to date.

Not sure who is posting it, Mark, PJ or someone else but it is good for the historical record.

1
0

My self-driving cars may lead to human driver ban, says Tesla's Musk

DaLo
Bronze badge

Re: Not a problem solved

"What happens when an autonomous car is approaching an accident and only has a choice between mounting the pavement and possibly killing many pedestrians, or going into the accident and killing the driver?"

That is more of a philosophical question. Is the car a slave to it's master or is it programmed to be a slave to humanity?

However, the chance of you ploughing into an accident will be much, much lower as the sensors will constantly be monitoring for possible accidents and braking times and should be able to react far quicker. Even if it a is a freak accident that couldn't be foreseen then the car should fare much better than a human who will have no time to think perfectly logically and will probably just plough at high speed into the pedestrians killing themselves in the process.

3
3
DaLo
Bronze badge

Liability

"Accident liability. Are you responsible if your car is at fault in a crash, or is your car's AI?"

It doesn't really matter, you will just have an insurance policy which will pay out for the damage caused by your car. Firstly, insurance should be massively cheaper when self driving cars become universal due to the reduced accident rate. Secondly any manufacturers who have accident prone cars will have the insurance rates hiked right up until they either fix the issue or go out of business. Market economics will determine reliable self-driving cars. Same will happen with manufacturers liability insurance.

7
1

Nokia boss smashes net neutrality activists

DaLo
Bronze badge

Connected Cars

Connected cars, for example, will need near-instant response times if they are to avoid accidents. I would hope that connected cars are not reliant on an internet access connection to avoid accidents and are using a peer to peer real-time communication technology where intercar communication is needed.

2
0

Net neutrality secrecy: No one knows what the FCC approved (BUT Google has a good idea)

DaLo
Bronze badge

Re: Last minute revisions are just that...

"So, from 15 pages to upwards of 300..."

I think you may have mis-read that part?

2
0

Mozilla mulls Superfish torpedo

DaLo
Bronze badge

Re: Deeper problem

"The issue is there's no way to tell a "fake" certificate from a "trusted" one"

Your Browser or PC could tell by checking the signature of the certificate for a site from a known good, external source first and then comparing to the signature you are seeing. If they don't match then there is an issue.

Therefore the first visit to https://mybank.com comapres the digital signature to the signature seen by a trusted external host. If they match that signature is cached so the check isn't needed again for a set length of time, if it doesn't a warning is thrown.

0
0

(Re)touching on a quarter-century of Adobe Photoshop

DaLo
Bronze badge

You seem to be misrembering Alistair. I was there supporting users of and using Quark in the early 2000s.

Quark 5 still did not have multiple undos, Quark was not releasing native OSX version. The CEO even had a rant about how dead the Mac Platform was.

The simple features that were available to users in Indesign that you had to jump through hoops for in Quark were numerous. As for PDF, I don't recall Adobe playing underhand with PDF and also I can't see it being much of an issue for the wider Graphics community. All printhouses had Quark anyway and it was very easy to create the separations required from it. No printhouse at the time required a PDF rather than a postscript or Quark file.

This article is very much how I remember it at the time http://arstechnica.com/information-technology/2014/01/quarkxpress-the-demise-of-a-design-desk-darling/ especially the quote: "Quark repeatedly failed to make OS X-native versions of XPress—spanning versions 4.1, 5, and 6—but the company still asked for plenty of loot for the upgrades. With user frustration high with 2002’s Quark 5, CEO Fred Ebrahimi salted the wounds by taunting users to switch to Windows if they didn’t like it, saying, “The Macintosh platform is shrinking." Ebrahimi suggested that anyone dissatisfied with Quark's Mac commitment should "switch to something else.""

1
0
DaLo
Bronze badge

"...it could be said that the once-universal page layout package of the 1980s and 1990s, QuarkXPress, wasn’t killed off by its direct competitor InDesign, but by Photoshop."

I don't think this is entirely accurate. QuarkXPress was ridiculously dominant at the time and the core printroom features were quite solid but as graphic design was now in the mainstream the usability of it was poor. Due to the verticals that Quark had penetrated from designer to printroom it needed much more than just a cheaper option to unseat it. Quark really felt like they had become lazy and complacent and even features like multiple undos were missing - in such a tinkering type of package like a desktop publisher you found you couldn't roll back unless you saved very regularly.

InDesign was a breath of fresh air and looked at it from the opposite end. It made things useful and simple for the user even though it wasn't quite as strong on the back end output. Once designers had used it for a little while they struggled to go back to Quark. Printers caught on and readily installed it and suddenly the vertical market for Quark was broken. They didn't react quick enough to the competition and didn't see it coming.

Quark killed off QuarkXpress themselves by becoming blazé and belligerent. Designers are difficult bunch to pull away from their favourite tools and never seemed to manage change well so to suggest their staple program "QuarkXpress" was not the best tool for the job and Indesign was better was not an easy task, especially with all the legacy artwork that would need changing and updating.

8
0

£100 MILLION poured down drain on failed UK.gov IT projects - in just ONE YEAR

DaLo
Bronze badge

Re: FOSS for all...

To be honest Phil, I don't think it would make any difference to the overall costs...

The license fees or proprietary nature are not the problem here. The costs are for consultancy, development and support. These are larger super-enterprisey projects with all the usual super-enterprisey costs.

The fact is there are few companies that can deliver the large contracts these departments think they want with all the vagueness of Government and are an approved supplier. The suppliers set themselves up for a ride on the gravy train when these contracts surface and that is what they get. Using FOSS would just move some of the money from the "licence cost" column into the "Open source advisor team" column.

19
0

WhatDaHell, WhatsApp? Student claims 'stalker' tool shows security flaws

DaLo
Bronze badge

Not really sure why they need any massive picture on the (any) story unless it is actually part of the news story. It's just a waste of space and bandwidth.

13
0

Top EU court: Ryanair data barrel must be left unscraped

DaLo
Bronze badge

"I wonder if this would not be the way for newspapers to prevent Google News from scraping "

It is as simple as writing two lines of text to a robots.txt file in the root of your website - it'll literally takes 1 minute to do.

User-agent: Googlebot-News

Disallow: /

Yes, yes I know what you're thinking "if it is that easy why is there such massive fuss and legislation being passed in various countries to stop Google's vicious news site from accessing all their lovely content?"

Why indeed? I'll leave it as an exercise for the reader to ponder that one!

PS: if any new article website wants to pay me just 50% of their lawyers rate for trying to stop Google News I will do this change for them and stop the nasty Google News in it's tracks without risking a court appearance.

1
2

Kiss your Glass goodbye: Google mothballs techno-specs (for now)

DaLo
Bronze badge

Re: misleading title?

I completely agree with you but Google did take Wave out of invitation beta and opened it up to everyone before shutting it down a few months later.

So I wouldn't definitely say that pulling something out of experimental means a whole lot either way, it was probably just to free up resources in X and see if a commercial department can make anything out of it.

2
0

I'll build a Hyperloop railgun tube-way in Texas, Elon Musk vows

DaLo
Bronze badge

Re: Let's be fair here

Take a maglev train combine it with the cash tubes that you may see next to cash registers in some stores and you have some of the basic and proven principles for this venture.

I would expect by now, if they are considering the nausea of passengers while going around a corner they have decided that it is feasible from a technology perspective.

From a legislative, cost, time, rights perspective it may be a completely different matter. However if Musk reckons he can make something affordably, he does have some experience in that matter. As long as he and everyone else hasn't convinced themselves that all he touches turns to Gold.

In the end I would much prefer to see a billionaire spend his money on majorly outlandish projects that have a chance of success than either the Government wasting it, the billionaire squirreling it away and spending it on artwork, properties and small islands or the plans being shelved indefinitely because no-one had the balls to give it a go.

17
0

Microsoft CAL licensing

DaLo
Bronze badge

Re: Microsoft CAL licensing

You obviously didn't read the Microsoft post or maybe just have difficulty comprehending topics. Either way pointing out a ridiculous post by Microsoft's own licensing team is not moaning.

I know a lot more about Microsoft licensing than you appear to however that was not the point of the post - just read the article and the comments and then maybe you can actually add something useful to this thread?

2
0
DaLo
Bronze badge

Re: Microsoft CAL licensing

I would say that no-one is paying for them, which is why that post is so ridiculous.

If that was an enforced claim then no-one at all would be able to use Microsoft as a Web Server outside of a brochureware site.

Also, you couldn't run a WiFi hotspot in a cafe if you just happened to be using your DHCP server on a Windows Server to allocate private IPs. It would bankrupt you.

0
0
DaLo
Bronze badge

Microsoft CAL licensing

This article was written in March but I've only just seen it while searching for something else. http://blogs.technet.com/b/volume-licensing/archive/2014/03/10/licensing-how-to-when-do-i-need-a-client-access-license-cal.aspx.

This is written by Microsoft Licensing team and would be very troubling reading for anyone who uses device CALs, hosts a web server which allows user logins or uses MS Server for their DHCP service.

It states, I kid you not, that every device that gets a DHCP address from an MS server needs either a device CAL or the user needs a User CAL!. It also specifically states that a printer that is attached to the network and its users print via an MS print queue, have the drivers delivered by GPO and/or gets its IP from DHCP needs a device CAL unless every user of that printer has a user CAL.

It also states that if you host a website and the users log in (not to Active Directory, just log in to create to add something to their basket) then they each need an External Connector CAL!!! Yes, you have 50,000 visitors a year to your website logging in to buy something - that'll be a CAL for each of them.

Have they gone barmy? Surely a CAL should only be needed if that user or device needs authentication via Active Directory?

0
0

YES, we need TWO MEELLION ORACLE licences - DEFRA

DaLo
Bronze badge

Microsoft haved stated that you need a licence for every user that picks up a DHCP address from a Windows based DHCP server whether that user access the network or files on the server or not.

They have also said that every printer that is managed via windows needs a licence and also that if you have a website hosted on a Windows server that uses any kind of login (whether that login is linked to an Active directory or just your own SQLite user DB) you need a licence for every public person that accesses your site.

Yes, I am not making this up - if you use IIS and there is any form of login, you need a windows CAL for every visitor!

http://forums.theregister.co.uk/forum/1/2014/12/01/DaLo_Microsoft_CAL_licensing/

9
0

FREE EBOOKS: Apple falls into line with EU refund laws

DaLo
Bronze badge

Re: There is no requirement on digital content

@Mike Bell I don't have an iPhone to hand so couldn't check, just going by the story. However does it say this explicitly before you start the download? You have to be told this and agree to this specific term before the download starts, not just a catch-all ToC.

Also when this was introduced users were reporting that they could get a no quibble refund within 14 days even on apps that they had downloaded and played. The app also didn't auto-delete, it was just removed from "my purchases".

It may be that they are working on the explicit confirmation part but are allowing 14 day refunds up until then.

1
0
DaLo
Bronze badge

There is no requirement on digital content

The strange thing is that there is no requirement of 14 days to refund a digital content delivery once the product has started to be downloaded or streamed as long as a few simple terms are met.

Therefore as soon as a user buys an app, ebook or streaming movie, as long as they were told that the download would start instantly and therefore they lose their 14 day window, when purchasing there is no obligation to allow a 14 day refund window.

If you can purchase an e-book without immediately downloading or reading it then you get 14 days, but as soon as you start reading it or downloading it your refund window ceases to exist.

I think Apple have misread the rules, or are being ridiculously generous (I would be surprised if it was the latter).

2
0

Oracle, the King of Cloud? Maybe in Ellison's world

DaLo
Bronze badge

Re: Grow the cloud, ignore the rest

Yes, not only is it more difficult to get out but at least with an onsite system you can create your own tool to migrate data. You can also do this where your cloud acts just as a data store. However once your only access to the application is a web front end you may find that it is impossible to retrieve the underlying data (some of which you may be required to retain for x years for compliance purposes).

Therefore you may find that legally it is impossible to stop using your cloud service and the only way to get out of it is to phoenix the company and start again - quite a dramatic move.

0
1

Google vows: Earth will VANISH in 2015

DaLo
Bronze badge

Re: Rather evil, if you ask me

Hmm, show me one developer who hadn't heard that NPAPI had been deprecated and was becoming obsolete in the near future.

It's been well over a year since Google announced it was being killed off in Chrome. Devs might have been waiting for a new API - they'll probably get one as part of an update to the Maps API, but I don't think anyone was under any illusion that the existing API was going to be a single NPAPI hold-out while the main architecture was killed off around it.

0
0

Apple knob refusenik Sir Jony Ive handed award - for talking BOLLOCKS

DaLo
Bronze badge

@Khaptain Re: Talking of plain English

"The watch strap/buckle would rub/click/clank on the desk, catch on the mousepad ( if anyone still remembers what they are) and generally be a damned nuisance."

[talking about why to use it on the right wrist on the left] "I feel that certain tasks are much easier "the other way round"."

These two statements seem to show an inconsistency.

1
0

Brits conned out of nearly £24m in phone scams IN ONE YEAR

DaLo
Bronze badge

ORLY, DCI Stokes?

"DCI Perry Stokes, head of specialist policing unit the Dedicated Cheque and Plastic Crime Unit (DCPCU), warned people that they always needed to be on their guard when asked for financial details on the phone.

“The bank or the police will never tell you to take such actions, so if you’re asked it can only be a criminal attack..."

Complete rubbish. Still, today, some banks will ring you up and start the conversation with "I just need to ask you some security questions before we start..."

DCI Stokes needs to be speaking to the banks to stop this practice as they can't tell someone to never answer any financial or security questions to unknown callers when the banks themselves ask those very questions.

11
0

A WHOPPING 8 million Windows Server 2003 systems still out there

DaLo
Bronze badge

Re: Not surprising...

Also be aware that you can buy a Server from one of the big name brands and get their ROK version of Windows Server. This is essentially an OEM version but you can buy it with the hardware and not pre-installed. This can also be downgraded and you can get the media for the downgraded version direct from the manufacturer.

You also have the opportunity to buy multiple ROK licenses and over-licence a sever; Why would you do this?

Well consider this scenario. You have your aging 2003 servers and the hardware should probably get a refresh and you fancy incorporating a bit of redundancy. You have 5 servers currently. You could go out and buy 2 x new servers with SMB specs to replace them all. Buy 3 x ROK for each which will give you 6 VM licences on each for your required server version (2008R2 for instance).

You now have the ability to run up to 6 servers virtually on each server with no further cost. You might normally run 3 on one and 2 on the other but if one host fails you can switch them all over to one host (even keeping the extra VMs dormant on one machine). You can fire up test versions of any server to test out new upgrades, security patches, configurations etc. You could even try out server 2012 in core mode as a test server to see if you can manage it fully remotely and not need to touch the GUI (which would be the recommended option for any 2012 install, imo)

0
0

Renewable energy 'simply WON'T WORK': Top Google engineers

DaLo
Bronze badge

Re: I seem to remember

"... in some depth"

Aha, I see what you did there, very well played.

11
0

Page:

Forums