* Posts by Pink Duck

101 posts • joined 18 Oct 2007

Page:

Yet another mega-leak: 100 million Quora accounts compromised by system invaders

Pink Duck

Deleted account

Surprised to find I had used Google to authenticate with them at some point. Wouldn't let me delete the account until setting a password though. So I did, "deleteme", then deleted the account. All a bit late, but these breaches are far too many and frequent now that we may as well give up all hope of having anything not widely known about us any more. Like most incidents like this, I just black-list the service and never use it again.

Boeing 737 pilots battled confused safety system that plunged aircraft to their deaths – black box

Pink Duck

Question

Why didn't they just disable MCAS?

2-bit punks' weak 40-bit crypto didn't help Tesla keyless fobs one bit

Pink Duck

I've been feeling a lot less anxious since enabling their PIN to Drive feature for 2FA overnight and in the office, as then even if keys/phone are swiped there's no silently driving off never to be seen again.

Don't mean to alarm you – but NASA is about to pummel the planet with huge frikkin' space laser

Pink Duck

Height measurement precision

From https://www.nasa.gov/sites/default/files/thumbnails/image/icesat-2-infographic.jpg, it's equivalent to 3 cm resolution in the vertical.

OK, this time it's for real: The last available IPv4 address block has gone

Pink Duck
Happy

To the max!

Nothing like a graph that goes to from 0 to 11 :)

That terrifying 'unfixable' Microsoft Skype security flaw: THE TRUTH

Pink Duck
FAIL

Skype Desktop v8 on Win 10

A delightful 58 MB download that, if up-to-date, will tell you to go use the Microsoft Store instead to get version 12, have no system tray icon, and additional clicks for everything.

Or, run the installer having set compatibility mode for Windows 8. Job done, realise your mistake, then go back to 7.4

Electric cars to create new peak hour when they all need a charge

Pink Duck

Green winner for me

I recently switched from OvoEnergy who want £60/year more for 100% renewable electricity to Bulb, a 100% renewable electricity offering with 10% biomass. Rather good bonus of £50 each for referrals and they're even paying the exit fees. Obligatory referral link.

I'll be scheduling my EV to charge from 01:30 to 08:00 and though there's nothing too evident in the UK grid graphs yet, there is a noticeable mini-peak between 00:00 and 01:30 for the Economy-7 users.

Put down the eggnog, it's Patch Tuesday: Fix Windows boxes ASAP

Pink Duck
FAIL

Trusted security?

Late 2017 and Microsoft still don't code sign SmartScreen.exe

80-year-old cyclist killed in prang with Tesla Model S

Pink Duck

Re: re: unwarranted triumphalism

Except courtesy of UK gov there's a £310 luxury vehicle tax from years 2 to 6 inclusive.

Pink Duck
Go

The only video that Tesla vehicles display from the front seats is the reverse camera when requested.

Patch your Android, peeps, it has up to 14 nasty flaws to flog

Pink Duck
Go

Tip

Pleasingly since I have Lineage OS on my ageing Samsung Galaxy S3 the patches are going to be available to my phone shortly.

Stolen passwords integrated into the ultimate dictionary attack

Pink Duck

Re: Sites also a problem

I usually go for Shift-Insert first, failing that using a built-in web debugger.

And! it! begins! Yahoo! sued! over! ultra-hack! of! 500m! accounts!

Pink Duck

BT Email affected too

Received emails from old BT Yahoo! accounts suggesting a password reset recently, a little surprised to find they were still active. Rather bothersome to have relative's actual security answers out in the wild now, just re-enforcing my view that they should always be made-up.

At last: Ordnance Survey's map wizardry goes live

Pink Duck

Re: Finally, a map that distinguishes A roads from Motorways

In addition to http://www.openstreetmap.org/#map=14/52.0745/0.1964&layers=N

Romania suffers Eurovision premature ejection

Pink Duck

Is sad…

Since the Romanian entry is in my top 5 from this year’s contenders. Oh well, could just be seen as not making it through the semi-finals like 21 other countries.

It's 2016 and idiots still use '123456' as their password

Pink Duck

What's disgraceful are the sites that don't allow passwords to be set up from any Unicode characters of any length. Worse still the ones that allow you to set a password but then only log in with the DB clipped 15 characters of it. Particularly bothersome has been BBC ID and UK GOV, where passwords have to be downgraded to work through mobile authentication. I keep notes on the rejected characters and weird rules for the various sites. I'm also developing a new system with proper client and server-side salted hashing and SSL/TLS.

Microsoft pushes us closer to the Edge: Test new web browser now in free Windows 10 VMs

Pink Duck

Waiting for version 1

Edge still feels like an under development browser. It currently breaks our major work web portals unlike any other browser out there, even with feature detection and sane browser sniffing where utterly necessary. An irritating one for me is client-side XSLT outputting Document instead of XmlDocument from a transform to XML.

Would you trust crowd-sourced maps? Skobbler releases satnav app

Pink Duck
Meh

Speed limits?

It's worth pointing out that OpenStreetMap's coverage of speed limits is very much a work in progress. That significantly affects the routing decisions of satellite navigation using its data. Most of the time it works well enough, but there are roads that without tagging are presumed to be 60 mph but are likely a lower limit in reality.

Apple's brilliant plan to fix iOS Maps: Get YOU to do it

Pink Duck
WTF?

Re: OpenStreetMap

For some reason Apple took the weird decision to only use years out of date OpenStreetMap data and then only use it partially.

Santander's banking website craps out

Pink Duck

My favourite problem with Santander is the ever increasing page height in Firefox as they add div upon div to the page every second. Even though I pointed it out to them, twice, over a year I suspect that's still there.

Ex-Nokia Siemens engineer admits eBaying nicked routers

Pink Duck

So, had he just locked his desktop like any sane employee then he’d have got away with it?

Google to FCC: Protecting Street View coder didn't derail probe

Pink Duck

SSIDs?

Why bother with SSIDs when the MAC address is available and far more unique?

Florida man 'fesses to naked Scarlett Johansson outrage

Pink Duck
Meh

Security reset?

Erm, shouldn’t resetting security on an account cause a new password to be in place and thus wouldn’t the celebritards notice fairly swiftly that something’s up?

UK.gov holds summit to stop satnav-driven smash-ups

Pink Duck

Root cause

1. Map updates aren't free

2. Updates aren't available to older kit

3. Map reports take years to get fixed

Solution? Something that's free to use, quick to fix and non-proprietary. OpenStreetMap comes to mind, but there's still a few years to go before it has complete UK road network coverage.

Adobe adds Flash sandboxing to Firefox

Pink Duck
Meh

A bit late?

Is it me or have the number of Flash security updates dropped off over the last few months?

GCHQ code-breaking challenge cracked by Google search

Pink Duck

There was no backdoor, Google just spidered the links mentioned at http://lolhax.org/2011/12/03/can-you-crack-it/#more-114 (warning: contains answer and solution technique)

Mozilla updates to Firefox 8, disables add-ons

Pink Duck
Holmes

Disappointingly this is not the version in which an official 64-bit release becomes available, as https://bugzilla.mozilla.org/show_bug.cgi?id=471090 illustrates. Flash 64-bit? Check. Java 64-bit? Check. Performance gain? erm… Roll on 20th December (for Fx9).

Google Maps API now costs $4 per 1,000 requests

Pink Duck

If only OpenStreetMap.org was up to the job.

5 SECONDS to bypass an iPad 2 password

Pink Duck
Meh

Proof positive that Apple care about your security.

Trusteer rebuffs bank security bypass claims

Pink Duck
Alert

Bigger Problems?

If an exploit can run as administrator surely there are bigger problems to be concerned about?

Hero Ordnance Surveyors dodge bullets, tweet as they map

Pink Duck

Precision

Actually the modern OS GPS sticks have sub-millimeter precision using OS' own radio broadcast network of around 85 high frequency stations from known positions.

BOFH: I'll get my bonus even if it kills, well, someone

Pink Duck

EFTS?

Can someone enlighten me?

Phishing email used in serious RSA attack surfaces

Pink Duck
Alert

Makes you wonder

Whether Adobe are in it with the crooks.

12% of UK don't carry cash

Pink Duck
Go

@mark 63

Contactless payment with no authorisation for transactions under £15 GBP means no inserting card into a specific slot, no typing in a PIN number followed by an entry key, probably quicker than cash too.

Rogue character space tripped Scottish exam results

Pink Duck
FAIL

Fail Point

The real failure was the Scottish Qualifications Authority in providing dates as string format. What happens next time when SQA fills in the spreadsheet with a different date format? Presumably the person doing the import has been spoken to, and perhaps their import tool changed to warn of unexpected data rather than going ahead blindly with defaults.

Defragger salesman frags HP

Pink Duck
FAIL

Caution

I advise a full system image clone before touching Diskeeper, due to fond memories of it corrupting NTFS’ Master File Table.

PayPal teaches Androids to swap cash

Pink Duck
Thumb Down

Ock

Another instance of 'Ok', which reads in my mind as 'Ock'. It should either be the word "Okay" or the short form "OK".

MS to WinXP diehards: Just under 3 more years' support

Pink Duck
Meh

Impressive

13 years of patches to XP and Microsoft still reckon it will need patching in 2014? Yet stopping the release of security patches via Windows Update will surely reduce the number of active exploits since there’ll be nothing to reverse-engineer.

Fridge-sized war raygun for US bombers gets $40m

Pink Duck
Holmes

Curious

What happened to the $166,501 that would have otherwise meant a sum of $40 million USD? I suspect someone already has their yacht.

Peugeot iOn e-car

Pink Duck
Stop

Makes me nervous

£500 per month for 48 months = £24,000 - but I can't help but foresee a technically superior vehicle with greater range and affordability coming to market within those same 4 years.

Codemasters pulls website after hackers pwn customer database

Pink Duck
Thumb Down

required, and must contain letters and/or digits.

Time for a new email address :(

MP headshot sex rating site: Gentlemen prefer Tories

Pink Duck
Thumb Up

Inline URL hyperlinking

A greasemonkey script at http://userscripts.org/scripts/show/29651 does just that for me :)

2011 Ford Focus

Pink Duck
Alert

Dependence on technology?

I would prefer to see less fatal accidents as a result of drivers falling asleep or drifting into the path of oncoming traffic due to distraction. The technology aids are primarily there to enhance safety for those brief moments where they can make a worthwhile intervention.

Average Brit has three mysterious keys

Pink Duck
Pint

2 keys too many

One for my car, one for my house - but I usually only ever carry one at a time.

I long for a future where my phone can provide access to house, transport and small payments for that magical key-less future.

Adobe Reader browse-and-get-pwned 0day under attack

Pink Duck
FAIL

Grr, I've had enough

I've uninstalled Flash entirely (and disabled Chrome's built-in Flash too). Roll on Firefox 4 and WebM HTML5 codec support.

Firefox 4 hits third beta stage, gets touchy-feely with Windows 7

Pink Duck
Boffin

Anything but IE

If you want start up speed go for Chrome. If you want standards then opt for Opera. If you want IE then see a clinical psychologist.

Google's $124.6m open codec hits Chrome dev build

Pink Duck
Boffin

Really?

I'm not sure <60% market share counts as 'almost everyone' any more.

Latest Chrome beta fastest ever - again

Pink Duck
Megaphone

It would be nice if...

javascript:alert(new Date().toLocaleString()) showed the date in my locale format, rather than the browser's country of origin.

Firefox plans fix for decade-old browsing history leak

Pink Duck
WTF?

Hardly important

So JavaScript has to be injected in a page and then a list of predefined URLs used to establish the colouring assigned by the browser based on page history. That excludes capturing anything useful from the querystring and implies that there's already a script injection vulnerability, something of far greater significant in any case.

Page:

Biting the hand that feeds IT © 1998–2019