* Posts by DaLo

367 posts • joined 30 Aug 2012

Page:

First pics of flagship Lumias for 18 months released … or maybe not

DaLo
Bronze badge

"Both eschew physical buttons"

And yet from the photos there appears to be 3-4 physical buttons showing?

4
0

Why do driverless car makers have this insatiable need for speed?

DaLo
Bronze badge

Re: The end of any driving pleasure

"We could even regulate manual driving to the top 1% of drivers in any given year."

However 90% of drivers think they are in the top 1%.

36
0

UK's first 'DIY DAB' multiplex goes live in Brighton

DaLo
Bronze badge

Re: Sure they're Pis?

Yes, I would agree. I didn't know what they were but could see that the ports were all wrong for A Raspberry Pi.

1
0

Flash deserves to live, says Cisco security man

DaLo
Bronze badge

Re: "Microsoft is asking its eight Silverlight users and Netflix"

HTML5 Video does have the ability to do DRM,there was a bit of a fuss about it a while ago. Anyway Encrypted Media Extensions have been around for a while in draft form and are supported by all the major browsers and used by Netflix.

0
0
DaLo
Bronze badge

Re: Not a disinterested observer

I concur, seems to me a very strange line to take for a security professional other than when they have a vested interest. There is no indication that Adobe is really setting out a concerted effort of security hardening or even really cares that much about finding the issues and fixing them other than just allowing security researchers to find them and then fix (horse stable method).

It's not as if Adobe have only just found out that there are some vulnerabilities, Flash has been exploited for years and could have started a security hardening procedure back when MS decided it might be time to make noise about doing some 'security hardening' on Windows.

His claims also just don't ring true - HTML5 is not run as a single vendor closed source executable with full system privileges. The standards are open, some of the implementations are open source, multiple vendors create interpreters and it doesn't have as much freedom to the OS. It has also, you would hope, been built using contemporary thinking on secure programming. Flash has a massive codeset, a legacy of backwards compatibility it needs to cater for and a single supplier, closed source.

There is no compelling reason to keep flash with the current alternatives, but also there is no reason for Adobe to invest significantly in it - I can't believe that flash production is a big money maker for them.

7
0

Five data centres you can't live without

DaLo
Bronze badge

Re: Static electricity

Researching a bit more those 45~50% figures are of quite a vintage. They've been expanded out significantly (20~80%) and the ESD worries in data centres are mostly dealt with using standard ESD floors and earthing straps.

ASHRAE are expanding the recommended humidity ranges again along with their widening of temperature ranges to allow more free air cooling.

http://www.ecocooling.co.uk/datacentre/datacentre_humidity.php

1
0
DaLo
Bronze badge

"This means they don’t need chillers to cool the servers but instead use purified and humidified air from outside"

Assuming that is not a spelling mistake, why does the facebook data centre need to humidify the air? I hadn't heard of extra moisture having any advantage in a data centre, instinct would suggest that the drier the air the better.

0
0

Now car hackers can bust in through your motor's DAB RADIO

DaLo
Bronze badge

Re: Need to apply basic secure design principles.

But there is no reason to need to have the infotainment system on the CAN bus in the first place. It only needs to receive signals (such as speed, climate control etc) and then adjust volume or display the relevant screen.

Therefore it would just require an interpreter on the CAN bus which receives signals on the CAN bus and sends them to the infotainment system. All data is sent broadcast style with no need for an ack or allow of any data to flow back (as long as L1 is sound then everything above that is not possible in the other direction).

Any wireless signals would then be handled directly by the infotainment unit (GPS, DAB, 3G etc) and not bother the CAN bus.

However my prediction for a future attack vector - Government/Insurance mandated speed limiting based on GPS location. GPS spoofing hack slows every vehicle on the [fast moving motorway] to the lowest speed available in the system.

5
1

Google robo-car in rear-end smash – but cack-handed human blamed

DaLo
Bronze badge

Re: What do the statistics tell us?

More challenging - which I have thought about is a section of road near me where in the morning all cars have to do a manoeuvre which is possibly illegal, if not it definitely doesn't follow the rules of the road.

If you didn't do it though and were to strictly follow the highway code you end up backing up a whole lane of traffic and would be stuck there for a while.

So would a robo-car be allowed to do an illegal manoeuvre (at certain times of the day), would this need to be a specific override programmed in or would it be able to use an artificial intelligence to say "everyone else is doing it I will as well - which could be very dangerous).

3
0

BT circles wagons round Openreach as Ofcom mulls forced split-up

DaLo
Bronze badge

Re: Do it!

In my experience with dealing with BT* and Openreach, it is a tortuous process.

When Openreach first split away it was still possible to twist their arm to help you out as a BT customer. Now it's not and the 'firewalls' that have gone up between BT and Openreach have made life very difficult when things don't go right.

As Openreach can't be seen to be given any special treatment to BT everything gets very bogged down when something doesn't fit to a standard order form. At the moment I have an EAD1000 order in suspension because BT and Openreach can't come to a consensus and I can't get to speak to anyone useful.

If Openreach were a truly separate company then there would be less risk of special treatment and then perhaps dialogue could flow a bit more freely.

* I'll use BT to cover their other groups such as BT Retail, BT Corporate etc. Throw BTLB into the mix and you've got a whole ring of miscommunication and Chinese whispers going on.

0
0

Crims and politicians using RTBF to scrub themselves from Google? Not quite

DaLo
Bronze badge

Re: I don't get this

Quite. As the defendant can take easily the appeal to their local privacy commissioner if Google rejects their claim then ther eis little issue with Google rejectig 'valid' claims as that is what the authour suggested Google should make everyone do any way.

If the privacy advocates are upset that Google is upholding claims and removing links without letting everyone know then surely if they had let everyone know who the were removing links for it would grant the defendant less privacy.

Also a lot of politicians and public figures are normal members of the public at one stage and Private Eye has quite a few stories about Google cleansing their online links before they ran for office. Some info that may well have been useful once they were expecting people to vote for them.

1
0

Pisspoor EE customer service earns it a cool £1 MILLION Ofcom fine

DaLo
Bronze badge

Re: Can we have...

"or even pass the cost on to their punters"

If they could do that without a problem they would've just increased the costs already. It's not like they can send a letter to all their subscribers saying:

Dear Customer,

We recently go given a really large fine from Ofcom due to our customer service being so poor. Unfortunately our shareholders would prefer it if this didn't affect our profits so we are unfortunatley going to have to make a one-off charge of £15 on your bill next month.

I'm sure you'll appreciate that we are only doing this due to the fine from Ofcom. Thanks for your understanding.

EE

P.S. please don't complain about this as Ofcom might feel the need to impose an even larger fine and then we'll have to make another charge.

3
0

Reddit joins the HTTPS-only stampede

DaLo
Bronze badge

HTTPS can be cached. It is cached with different rules to HTTP but it can still provided a sessioned cached browsing experience.

2
0

Wikipedia to go all HTTPS, all the time

DaLo
Bronze badge

Re: Playing to the gallery

"It's obvious that someone going to "https://wikipedia.com/human_rights_in_china" is not at all protected by the HTTPS protocol"

Eh? Care to explain?

5
0
DaLo
Bronze badge

@Kanhef |RE:Referrer

"HTTPS and browses to a non-sensitive page sent through HTTP, their history will be revealed through the Referer: header"

Doesn't work like that RFC 2616 deems clients should not include a referrer header when linking or redirecting from secure to unsecure for that reason. I've not come across a client that doesn't abide by this.

7
0

Microsoft: FINE, we'll help your web sessions be secure, SHEESH

DaLo
Bronze badge

Really don't understand this pre-load list which all browsers seem to be adopting. These are hard-coded in to the browser source and therefore seems completely unscalable and unmanageable.

In CHromium the preload list is hard coded into transport_security_state_static.json as part of the build. At the moment it has over 2100 domains in the list and every organisation is encouraged to become HSTS compliant and add themselves?

0
0

New Firefox, Chrome SRI script whip to foil man-in-the-middle diddle

DaLo
Bronze badge

Re: Where are the hashes

Eh? Where would they get the fake certificate from? A corporate proxy works because it administers the machines 'below' it. Therefore it creates a trusted root certificate in the computer's certificate store allowing it to impersonate another site.

An unconnected third party doesn't have that luxury. Yes there are a few instances of a compromised trusted certificate store etc but they are relatively rare outside of state control.If there is an easy way to install trusted root certificates on a user's PC then the whole premise of SSL is broken and there is much more to worry about than a rogue script.

At the moment the consensus is that SSL generally works and it is that premise that allows for a secure internet.

As to the original point it then also would not matter about whether the hash and the script had been simultaneously compromised as it would not matter at all whether the site you were visiting used scripts or not, your connection is no longer secure and you are being fed whatever the attacker wants to feed you whether you ask for it or not.

0
0
DaLo
Bronze badge

Re: Where are the hashes

Why would your enterprise need to hack your machine? If a crim has access to your enterprise proxy then you have greater worries than a dodgy script.

0
0
DaLo
Bronze badge

Re: Where are the hashes

This is more a remote MITM or, more relevant, a script server compromise. If they compromise the script server then the web host would serve up the hash and the inconsistency would be found. A local MITM would not be mitigated but this would be stopped by SSL.

0
0
DaLo
Bronze badge

"Marier also urged organisations to add themselves to the browser pre-load list which requires sites to run HTTP strict transport security (HSTS)."

This does not seem very scalable; the preload list is hard coded into transport_security_state_static.json as part of the build (in chromium). At the moment it has about 2100 domains in the list but if every organisation is encouraged to add themselves, surely the list and code will rapidly become unmanageable?

4
0

Android M's Now on Tap cyber-secretary is like Clippy on Class A drugs

DaLo
Bronze badge

Re: Android M will also include much finer user controls as to what apps can access

It has many ways of controlling the access. You won't need to agree to all permissions up front, the first time an app wants to use a permissive feature (e.g. contacts) Android will alert you and ask if you wish to allow it or not. If you don't allow it the app will be expected to handle the restriction gracefully and your choice will be remembered.

At any time you can see the permissions granted to an app and revoke them or you can look at a permission and see all the apps that have been granted that permission and revoke any and all of them.

The issue though is two-fold. You can't restrict Internet access by the look of it and an app compiled for a non-M api won't have the granular control.

1
0

New relay selection fix for Tor to spoil spooks' fun (eventually)

DaLo
Bronze badge
Headmaster

Language has changed a lot since Roman Times

See: Decimate

"Historically, the meaning of the word decimate is ‘kill one in every ten of (a group of people)’. This sense has been more or less totally superseded by the later, more general sense ‘kill, destroy, or remove a large proportion of’, as in the virus has decimated the population."

6
0

mSpy: We haven't been breached. Customers: Oh yes you have

DaLo
Bronze badge

Re: mSpy statement

Yes but in other news: MSpy admits hacking and data theft

"Much to our regret, we must inform you that data leakage has actually taken place," spokeswoman Amelie Ross told BBC News.

"However, the scope and format of the aforesaid information is way too exaggerated."

She said that 80,000 customers had been affected. Initial reports suggested up to 400,000 customer details had been exposed.

"Naturally, we have communicated with our customers whose data could have been stolen, and described them a situation. We put in place all the necessary remedial measures and continue to work on mechanism of data encryption," she added.

A classic quote though from that story though:

"Another user whose financial and personal data was in the cache asked not to be identified but told the security expert that he had paid mSpy to secretly monitor the mobile device of a 'friend.'"

1
0

Pi based kid-nerdifier Kano buried under freak cash avalanche

DaLo
Bronze badge

Re: I hope they brought some cigarettes...

Kano is a british company and the exchange rate is almost spot on.

$149 = £98.36 + 20% VAT = £118.03, so if you feel an extra £1.96 is getting f***ed by an exchange rate rather than just rounding up to the nearest 99, I would suggest you have bigger worries.

11
0

Your new car will dob you in to the cops if you crash, decrees EU

DaLo
Bronze badge

Re: Sound bites bite back

"Severity of injuries"

You may well injure yourself but some times the severity of it depends on quick access to medical professionals and equipment. A cut may not be severe but if it leads to a large blood loss then it becomes severe. A broken bone may not be severe but if it obstructs your blood flow for a long time then it is.

Rapid medical assessment, treatment and extraction often reduces the severity or even the fatality of an injury.

4
1
DaLo
Bronze badge

Re: Sound bites bite back

If the airbag is deployed then it will be reasonable to expect the car will not be going anywhere under it's own steam again so if it is on the road the Police would be needed for traffic flow/recovery etc, if it's off the road then the accident is likely to be more critical.

Also any activation of the airbag should have an ambulance assessment for C-Spine injuries as the forces involved will definitely point to that mechanic of injury.

If you are sure you don't want the emergency services there then you can always call them yourself straight away and tell them there is no problem. It would be likely that the reason for this would be an intoxicated driver so the Police might just turn up anyway.

7
3

Android finally shows up for work, app in hand

DaLo
Bronze badge

Re: The Missing Piece

It's possible for your network provider to do this for you. I'm not sure if any do but Orange in the UK, about 20 years ago used to have a service called "Line 2" which associated a second number to your handset which you could log in and out of. An incon=ming call would show which line was ringing and you could put one on DND etc

1
0

Unpatched 18-year-old Windows man-in-the-middle diddle revived

DaLo
Bronze badge

It is possible to have trusted servers - either previously visited and authenticated (i.e. no automatic attempt to login a box could pop up saying that your device is trying to authenticate to an untrusted/unknown server) or using secure certificates similar to SSL with a whitelist trusted method.

0
0

ICANN urges US, Canada: Help us stop the 'predatory' monster we created ... dot-sucks!

DaLo
Bronze badge

" ICANN claims .sucks domains are being sold to trademark owners in a "predatory" manner"

And at $185,000 deposit + auction surely the original GTLDs were being sold in an even more predatory manner?

8
0

Ethernet Alliance plots 1.6 terabit-per-second future

DaLo
Bronze badge

The picture

A rare post where the picture could actually be useful and relevant to the article and give you some information without clicking through the links and it has been over-cropped so that you can't actually see the figures on the axis or the relevant information!

3
0
DaLo
Bronze badge

Re: Meanwhile we're all still waiting...

They are pretty 'affordable'. even mid range server such as the HP Proliants have or have an option to swap for 10Gbs cards. Netgear do some very reasonable 10Gbs copper to all ports switches for under $1000/£600.

0
1

Smart meters are a ‘costly mistake’ that'll add BILLIONS to bills

DaLo
Bronze badge

Re: Just give us the numbers

"... once a quarter I have to let two men into my house to avoid getting estimated (read imaginary massive numbers) bills."

Where do you live that is so dangerous that it requires two men to read a meter? Also I just post my meter readings online or phone them through, the meter rarely gets read by a company representative unless it seems wildly wrong.

1
0

Zombie SCO shuffles back into court seeking IBM Linux cash

DaLo
Bronze badge

At least Groklaw is still posting the court documents from the major cases on their timeline to keep the case records up to date.

Not sure who is posting it, Mark, PJ or someone else but it is good for the historical record.

1
0

My self-driving cars may lead to human driver ban, says Tesla's Musk

DaLo
Bronze badge

Re: Not a problem solved

"What happens when an autonomous car is approaching an accident and only has a choice between mounting the pavement and possibly killing many pedestrians, or going into the accident and killing the driver?"

That is more of a philosophical question. Is the car a slave to it's master or is it programmed to be a slave to humanity?

However, the chance of you ploughing into an accident will be much, much lower as the sensors will constantly be monitoring for possible accidents and braking times and should be able to react far quicker. Even if it a is a freak accident that couldn't be foreseen then the car should fare much better than a human who will have no time to think perfectly logically and will probably just plough at high speed into the pedestrians killing themselves in the process.

3
3
DaLo
Bronze badge

Liability

"Accident liability. Are you responsible if your car is at fault in a crash, or is your car's AI?"

It doesn't really matter, you will just have an insurance policy which will pay out for the damage caused by your car. Firstly, insurance should be massively cheaper when self driving cars become universal due to the reduced accident rate. Secondly any manufacturers who have accident prone cars will have the insurance rates hiked right up until they either fix the issue or go out of business. Market economics will determine reliable self-driving cars. Same will happen with manufacturers liability insurance.

7
1

Nokia boss smashes net neutrality activists

DaLo
Bronze badge

Connected Cars

Connected cars, for example, will need near-instant response times if they are to avoid accidents. I would hope that connected cars are not reliant on an internet access connection to avoid accidents and are using a peer to peer real-time communication technology where intercar communication is needed.

2
0

Net neutrality secrecy: No one knows what the FCC approved (BUT Google has a good idea)

DaLo
Bronze badge

Re: Last minute revisions are just that...

"So, from 15 pages to upwards of 300..."

I think you may have mis-read that part?

2
0

Mozilla mulls Superfish torpedo

DaLo
Bronze badge

Re: Deeper problem

"The issue is there's no way to tell a "fake" certificate from a "trusted" one"

Your Browser or PC could tell by checking the signature of the certificate for a site from a known good, external source first and then comparing to the signature you are seeing. If they don't match then there is an issue.

Therefore the first visit to https://mybank.com comapres the digital signature to the signature seen by a trusted external host. If they match that signature is cached so the check isn't needed again for a set length of time, if it doesn't a warning is thrown.

0
0

(Re)touching on a quarter-century of Adobe Photoshop

DaLo
Bronze badge

You seem to be misrembering Alistair. I was there supporting users of and using Quark in the early 2000s.

Quark 5 still did not have multiple undos, Quark was not releasing native OSX version. The CEO even had a rant about how dead the Mac Platform was.

The simple features that were available to users in Indesign that you had to jump through hoops for in Quark were numerous. As for PDF, I don't recall Adobe playing underhand with PDF and also I can't see it being much of an issue for the wider Graphics community. All printhouses had Quark anyway and it was very easy to create the separations required from it. No printhouse at the time required a PDF rather than a postscript or Quark file.

This article is very much how I remember it at the time http://arstechnica.com/information-technology/2014/01/quarkxpress-the-demise-of-a-design-desk-darling/ especially the quote: "Quark repeatedly failed to make OS X-native versions of XPress—spanning versions 4.1, 5, and 6—but the company still asked for plenty of loot for the upgrades. With user frustration high with 2002’s Quark 5, CEO Fred Ebrahimi salted the wounds by taunting users to switch to Windows if they didn’t like it, saying, “The Macintosh platform is shrinking." Ebrahimi suggested that anyone dissatisfied with Quark's Mac commitment should "switch to something else.""

1
0
DaLo
Bronze badge

"...it could be said that the once-universal page layout package of the 1980s and 1990s, QuarkXPress, wasn’t killed off by its direct competitor InDesign, but by Photoshop."

I don't think this is entirely accurate. QuarkXPress was ridiculously dominant at the time and the core printroom features were quite solid but as graphic design was now in the mainstream the usability of it was poor. Due to the verticals that Quark had penetrated from designer to printroom it needed much more than just a cheaper option to unseat it. Quark really felt like they had become lazy and complacent and even features like multiple undos were missing - in such a tinkering type of package like a desktop publisher you found you couldn't roll back unless you saved very regularly.

InDesign was a breath of fresh air and looked at it from the opposite end. It made things useful and simple for the user even though it wasn't quite as strong on the back end output. Once designers had used it for a little while they struggled to go back to Quark. Printers caught on and readily installed it and suddenly the vertical market for Quark was broken. They didn't react quick enough to the competition and didn't see it coming.

Quark killed off QuarkXpress themselves by becoming blazé and belligerent. Designers are difficult bunch to pull away from their favourite tools and never seemed to manage change well so to suggest their staple program "QuarkXpress" was not the best tool for the job and Indesign was better was not an easy task, especially with all the legacy artwork that would need changing and updating.

8
0

£100 MILLION poured down drain on failed UK.gov IT projects - in just ONE YEAR

DaLo
Bronze badge

Re: FOSS for all...

To be honest Phil, I don't think it would make any difference to the overall costs...

The license fees or proprietary nature are not the problem here. The costs are for consultancy, development and support. These are larger super-enterprisey projects with all the usual super-enterprisey costs.

The fact is there are few companies that can deliver the large contracts these departments think they want with all the vagueness of Government and are an approved supplier. The suppliers set themselves up for a ride on the gravy train when these contracts surface and that is what they get. Using FOSS would just move some of the money from the "licence cost" column into the "Open source advisor team" column.

19
0

WhatDaHell, WhatsApp? Student claims 'stalker' tool shows security flaws

DaLo
Bronze badge

Not really sure why they need any massive picture on the (any) story unless it is actually part of the news story. It's just a waste of space and bandwidth.

13
0

Top EU court: Ryanair data barrel must be left unscraped

DaLo
Bronze badge

"I wonder if this would not be the way for newspapers to prevent Google News from scraping "

It is as simple as writing two lines of text to a robots.txt file in the root of your website - it'll literally takes 1 minute to do.

User-agent: Googlebot-News

Disallow: /

Yes, yes I know what you're thinking "if it is that easy why is there such massive fuss and legislation being passed in various countries to stop Google's vicious news site from accessing all their lovely content?"

Why indeed? I'll leave it as an exercise for the reader to ponder that one!

PS: if any new article website wants to pay me just 50% of their lawyers rate for trying to stop Google News I will do this change for them and stop the nasty Google News in it's tracks without risking a court appearance.

1
2

Kiss your Glass goodbye: Google mothballs techno-specs (for now)

DaLo
Bronze badge

Re: misleading title?

I completely agree with you but Google did take Wave out of invitation beta and opened it up to everyone before shutting it down a few months later.

So I wouldn't definitely say that pulling something out of experimental means a whole lot either way, it was probably just to free up resources in X and see if a commercial department can make anything out of it.

2
0

I'll build a Hyperloop railgun tube-way in Texas, Elon Musk vows

DaLo
Bronze badge

Re: Let's be fair here

Take a maglev train combine it with the cash tubes that you may see next to cash registers in some stores and you have some of the basic and proven principles for this venture.

I would expect by now, if they are considering the nausea of passengers while going around a corner they have decided that it is feasible from a technology perspective.

From a legislative, cost, time, rights perspective it may be a completely different matter. However if Musk reckons he can make something affordably, he does have some experience in that matter. As long as he and everyone else hasn't convinced themselves that all he touches turns to Gold.

In the end I would much prefer to see a billionaire spend his money on majorly outlandish projects that have a chance of success than either the Government wasting it, the billionaire squirreling it away and spending it on artwork, properties and small islands or the plans being shelved indefinitely because no-one had the balls to give it a go.

17
0

Page:

Forums