* Posts by Mage

5557 posts • joined 23 Nov 2007

Chinese electronics biz recalls webcams at heart of botnet DDoS woes

Mage
Silver badge

Re: UPNP is convenient.

For those that don't know (a minority here), VPN = Virtual Private Network. Properly done it adds and extra "network port" on your PC/Tablet/phone which is actually the VPN client software. It's creating an encrypted connection into your VPN server. It then can expose everything on you LAN as if you are on the LAN, or just stuff on the VPN Server, and/or the Internet as seen by your home LAN. So stuff on the internet that's blocked (due to local router / NAT rules of a University OR because you are in America and your home Router is in UK) is then visible via the home internet connection. So you can use VPN for four reasons:

1) Access stuff like POP/SMTP on your own ISP's mail server as if at home, securely in a WiFi cafe, possibly avoiding MiM attacks.

2) Access files or whatever on the VPN server, securely.

3) Access random device on your LAN as if you are on the LAN

4) Bypass geoblock or local port blocks.

If properly set up:

1) You need user/pass that is very secure to connect at all.

2) The data is all securely encrypted, possibly even good enough to block hypothetical quantum computers cracking.

The keys are made at home, and loaded on the device at home* so the classic problem of key distribution is solved.

[*You can write it on rice paper and eat it]

1
1
Mage
Silver badge
Happy

Amazing...

A company actually recalling IoT stuff for security.

AND they are Chinese!

5
0
Mage
Silver badge

Re: UPNP is convenient.

But like Autorun, ultimately stupid and not needed.

Either manually set up a port (but with sensible rules, to a sensible device or else your LAN is exposed), or a VPN. I set up a VPN server on an old PC and later on my router instead (Open WRT) and put it on port 80 so I could use home LAN to access email securely (or at all! I don't use Web based email) away from home, or other home resources. Why port 80? Because hotels, cafes, University especially may block various ports. They don't block 80, thinking it's only used for HTTP.

Not all VPN clients can use arbitrary ports. But I found one for Windows for my kids at Uni that did (this was 10 years ago).

3
3

Duck Google's data grab

Mage
Silver badge

" with user permission"

But can we trust them?

They have a HUGE web of data gathering.

They only stopped WiFi Slurp when

a) Caught

b) Android (esp.) & Chrome Browser and Chrome OS help continue slurp of location and WiFi info.

How meaningful are any of their statements.

The insistence on combining cookies, log-in etc on all the Google services (inc Google Doc, Maps, Youtube, Gmail) is totally obnoxious and evil.

They are worse than Facebook before this as Facebook is easily avoided. Google hosts fonts, analytics, javascript libraries, APIs etc for very many third party websites. SHAME ON THE STUPIDITY of site owners promoting Facebook, Twitter, pinterest and using Google services they could host themselves, in many cases the 3rd party sites use of Google certainly breaks the intention of EU dataprotection and cookie law even if legal.

I block all 3rd party cookies. Why is that not the default setting on browsers, they serve no honest purpose and never needed by user.

Noscript is also your friend to block domains.

I'm also a bit fed up with how general searches have loads of YouTube links and image searches have loads of pinterest links (who owns them and it's evil how hard it is to see where the pinterest image is "stolen" from.)

3
0

Hackers pop top 'secure' wireless keyboard and mouse kits, gain RCE

Mage
Silver badge

Re: Alternatively....

USB HID is such a broken thing security wise, maybe the USB mouse / keyboard is malicious. I'm not sure if a PS/2 mouse is safe.

A PS/2 keyboard could have a keylogger and intermittent mobile modem to report home built in?

I just can't see any advantage to a wireless keyboard or mouse anyway, liable to run out of battery at awkward time, the stupid keyboards sleep and miss your first few keystrokes, and wired is instant after PC / Tablet sleep, the BT types are slow to re-connect. If 2.4GHz and your WiFi is 2.4GHz and weak, it may make it weaker.

A USB mouse is £1 to £10 for a perfectly good one.

0
0
Mage
Silver badge
Devil

Even after it's fixed...

You buy some, do them up nice, add some software or a chip and ship it to your targets as free samples/presents/beta test etc. (It's been done and works better than "losing" USB sticks in the target's car park, though that works too)

Beware Geeks carrying Gifts this Christmas.

6
0

Is Google using YouTube to put one over on Samsung?

Mage
Silver badge

Google is emerging as a major rival in smartphones to Samsung

I don't think so. The new GooPhone is aimed at Apple customers.

Google makes money TWICE from Samsung:

1) Any licence fee to use the "Blob".

2) Android reporting to Google.

As one of the largest (or largest?) and flag ship supporters of the official Android ecosystem, why would Google want to damage Samsung or the Android brand (by association). My conspiracy theory is that Google was taking these videos down, not Samsung via DMCA notices. Samsung isn't Apple or the Thai Government. Then Google (or the minion that had acted without higher up authorisation) realised this was counter productive. Better to join the laughter than pull a Streisand?

5
1

Every LTE call, text, can be intercepted, blacked out, hacker finds

Mage
Silver badge
Windows

Re: I'm near retirement age and what is this

More like 30 years... of Mobile.

The entire history of Internet.

It seems designed in security is rare and working is rarer.

2
0

AT&T wants Time Warner

Mage
Silver badge
Devil

Delivery and Content

Combining content creation and owning channels is good. The UK idea of BBC divesting content creation is nuts.

Combining Content/Channels and a delivery platform is evil. We've seen that in Ireland and UK with Sky.

0
0

Today the web was broken by countless hacked devices – your 60-second summary

Mage
Silver badge

Re: Maybe..

" it uses uPNP to punch a hole in the router for itself. It announces its presence to several foreign servers, and it has a default telnet login of root/123456.

I've hacked the startup script (luckily writeable) to replace the hosts file "

Disable uPNP on your firewall / router.

Setup a VPN (properly) to your home network if you want to remotely access stuff on it.

3
5
Mage
Silver badge

Re: Maybe..

Problem is proving that the USERS/Owners suffered at all.

0
0
Mage
Silver badge
Coat

Re: "....big names including GitHub, Twitter, Reddit, Netflix, AirBnb ...."

No, but could be next time. They might come for El Reg.

"First they came for ..."

4
0
Mage
Silver badge

Re: Home Router Traffic

The most evil feature added after Autorun (Win95a and earlier Amiga) was uPNP, especially on routers!

It should be illegal to have uPNP on a router/firewall and have internet without a firewall. It's only a partial mitigation, but would stop most of current IoT compromise.

There is no complete solution.

4
0
Mage
Silver badge

Re: Maybe..

There is actually no solution to this.

2
0

Como–D'oh! Infosec duo exploits OCR flaw to nab a website's HTTPS cert

Mage
Silver badge

Il

Capital i and small L

Never mind 1 I and l

4
0

Hewlett Packard Enterprise gives UK boss control of Ireland

Mage
Silver badge

Ireland as a UK region

I'm a bit fed up.

Try using Amazon in Ireland.

Or buy stuff sold in Euros or Dollars made outside UK without it having a UK middle man profit margin and UK sterling <-> Euro hedge, maybe on UK import and export to Ireland.

However HP became irrelevant to me when they took over Compaq and rationalised on the wrong products and bloated their printers.

0
0

Sky’s CEO drops MVNO bombshell at results conference

Mage
Silver badge

TWAIN scanner API/Drivers

Allegedly doesn't mean anything!

Why do people spell Laser with a "z" :)

1
0
Mage
Silver badge
Headmaster

MVNO

Actually over 1200 hits searching MVNO on forums here.

It does seem to occasionally cause confusion.

I remember in early 21st C reading a trade/professional Telecomms journal after a few years break and finding every article had myriads of undefined acronyms and abbreviations.

Given that this is a Tech site, I'm only partly sympathetic, which is why I bothered to explain.

Then there are acronyms like CAPI and SMB that change with time or context to mean something entirely different. Or BEREC, which in 1906 was British Ever Ready Electrical Company and in 1950s was British Ever Ready Export Company (a UK Ever Ready Division) and in 1980s briefly BEREC was the holding company for Ever Ready and BEREC.

BEREC is now:

Body of European Regulators for Electronic Communications (BEREC) was established by Regulation (EC) No 1211/2009.

Very annoying when searching for 1950s BEREC as there is really no sensible way to to date related searches, either on content or site creation.

It's nearly impossible to keep up to date. Maybe articles should mention once, what the abbreviation is for?

6
0
Mage
Silver badge

MVNO

Mobile Virtual Network Operator.

You'd easily guess as Sky has no mobile network and it's how Tesco and others work.

Some like Tesco have their own backend using only masts and backhaul and others are really just resellers with only a billing system (probably outsourced).

Technically, it would be best if there was ONE infrastructure per major geographic region and everyone was a kind MVNO. See also RAN, the idea that you'd roam to other operators even where you own operator has coverage, so as the load per channel / mast / sector is balanced. Can give x2 or more improvement in speed or capacity.

Dividing a scarce thing like spectrum between operators is totally daft and inefficient. It's not like Service Stations or baked beans factories in terms of competition.

4
0

Sysadmin flees asbestos scare with disk drive, blank pay cheques, angry builders in pursuit

Mage
Silver badge

Bursar

How you must hate that bursar. ^_^

I think I'd leave before the second annual sports day :(

2
0
Mage
Silver badge

Die Hard VII: Sysadmin

Excellent.

48
1

What will happen when I'm too old to push? (buttons, that is)

Mage
Silver badge
Pint

Not being old

Just realising there are better uses of time than watching blinking Blue LEDs (Red and Green was so 15 years ago).

You've realised the Emperor has no clothes.

7
0

AMD is a rounding error on Intel's spreadsheet and that sucks for us all

Mage
Silver badge
Unhappy

Sigh

How did we get here with Intel CPUs being so expensive? It can't be a properly operating market. There has to be a nasty explanation, underhand dealing, to explain such market dominance on overpriced parts.

10
5

Dirty COW explained: Get a moooo-ve on and patch Linux root hole

Mage
Silver badge

Re: Whinging

And at the end of the day it wasn't exploitable unless you had rubbish security anyway, or physical access, as the computer has to be running suitable malware.

It was NOT an access hole or back door, but privilege escalation.

13
1
Mage
Silver badge

Mitigation

There has to be a malicious program running on your computer designed to exploit this. It's a privilege escalation.

It's somewhat less likely there is a malicious program already, on a workstation etc behind a firewall with no outward facing services and "Noscript" or similar on the Browser.

12
3

Third of Donald Trump's debate deplorables are mindless automatons

Mage
Silver badge

Twitter, Facebook: Freedom of speech?

I thought Adam's blog was daft. Everyone knows that Facebook & Twitter have to be PAID to deliver all your posts to all your followers.

Neither are public service broadcasters but advert funded exploitive parasites, except twitter isn't so good at it so is losing money.

0
0

Britain's fight to get its F-35 aircraft carriers operational turns legal

Mage
Silver badge

Re: It's like the blind leading the blind.

The USA approach (not dissimilar to Russian, Chinese and French) is to claim only their own laws apply, and not only to their own troops, but indeed to anyone else. Also they will define who is a combatant or civilian, not the Red Cross/Red Crescent etc.

I'm puzzled why if "Brexit" is about being in control of British sovereignty that they would ask anyone, or indeed why there are not plans to leave NATO and UN as well as EU (Swiss only recently joined*)

[*3 Mar 2002 ... Switzerland abandoned centuries of political isolationism yesterday by voting to join the United Nations in a cliffhanger referendum which had ... The Guardian. See also Wikipedia]

8
2

BYE, EVERYBODY! Virtual personal health assistants are coming, says Gartner

Mage
Silver badge

Gartner

Now I know Gartner are smoking something bad for health.

5
0

Is this the worst Blockchain idea you've ever heard?

Mage
Silver badge

Re: Blockchain and HMRC

The problem is that all services the public needs would collapse. Due to the fact it would take years to process each months taxation.

The tax revenue pays for lots of stuff people need. The MPs and Civil servants only actually spend a small percentage of what is raised on themselves.

Similarly if it was used for DRM, no-one would buy streaming services, downloads, subscriptions or physical media after a few days as it would seize up.

2
1
Mage
Silver badge

micropayment system

However Blockchain is the opposite to a micropayment system in almost every aspect of how it works.

9
0

IoT botnet swells

Mage
Silver badge

Re: Great. Just great.

It's Western marketing. The Chinese are only fulfilling the orders generated by Western Marketing wholesale and Retail.

Who owns Amazon, Facebook, Google, eBay, Maplin etc?

Where are the regulatory offices?

2
0

Will rush for New Radio compromise 5G quality?

Mage
Silver badge
Flame

Spectrum

The sub 1GHz, especially 800MHz and lower is cells that are too big for high capacity, high speed data. Only a cheap way to extend voice coverage at expense of capacity.

Above 2GHz, toward 3.5GHz radio spectrum becomes progressively more Line Of Sight. So 3.5GHz is only much good for roof top aerials or femto cells.

Above the 4.5GHz / 6GHz you are looking at only open plan offices pico-cells or air-point per room WiFi.

I've used 10GHz band terrestrial Fixed Wireless Broadband and both Ku Band (11GHz to 12GHz approx) and Ka Band (19GHz to 21GHz) gear, not just as a user, but both as RF Equipment design engineer and also evaluation of systems.

28GHz etc is fantasy outside of a room or open plan.

Very much in the media, stuff by Regulators etc is nonsense.

Mobile is viable between 900MHz and 2600MHz bands. The 2300MHz is the only useful new band in Europe.

Most of the existing 900, 1800 and 2100 spectrum is massively underutilised:

1) Cells too big

2) Split between multiple operators. Using one shared Infrastructure, or even "roaming" where an operator actually HAS coverage, would almost double capacity!

Regulators need to be forbidden to auction as this encourages weak licence conditions to make auction price go higher. Auctions are the enemy of efficient spectrum use.

Conventional badly applied theories of Competition benefiting Consumer damage Mobile performance and competition as it's NOT like making baked beans. Spectrum is too finite. They need to be only competing for customers by offering shorter contracts, better deals from the same wholesale properly regulated spectrum.

Subsidy of handsets by subscription is hidden hire purchase.

Also hidden is the overcharging on voice and text, subsidising data.

The regulators have totally messed up.

The FCC is messing it up for the rest of the world too, as does greed of royalty earners like Qualcomm wanting to sell new model chips for new bands. The proposal to have LTE on WiFi bands is driven by chip vendor greed and to an extent Mobile Operators (Femto cells without an expensive licence or bothering to co-ordinate channels).

700MHz and 600MHz are madness as the cell size can't be controlled and even larger than 800MHz which is poor for cell size.

You can't beat the laws of physics.

5
0

Just what Europe needs – another bungled exit: Mars lander goes AWOL

Mage
Silver badge
Unhappy

Re: Shame

It was though an experimental landing mechanism. The main mission is actually the satellite, the lander was only supposed to operate for a short period and establish if the landing tech actually works. Still, I agree it's a shame.

I hope they got some useful telemetry to unravel where it went wrong.

2
0

Microsoft reveals career-enhancing .PNG files

Mage
Silver badge
Headmaster

Re: Revenue generators. Full stop.

"I've said this before I am yet to see an individual with a certification from the likes of Microsoft or Citrix that can demonstrate a superior level of knowledge to an individual that's actually worked with the technology."

Actually sometimes the MCPs, MCSEs are worse, because you have to put MS Marketing Dept answers to pass, which not only conflict with real world common sense, but sometimes with MSDN/TechNet articles.

Very many of the "Official" MS exam ways of doing stuff are nuts.

IMO the MS exams (having passed four with high scores) are only of value to companies selling ONLY MS products picking MS friendly Sales people.

Some of the Cisco ones are a bit more useful.

" Until and unless they can make the exams real world examples where the solutions don't revolved around using only vendor technology and / or the way the vendor want you to do it in a lab environment, they're just noise."

Can't upvote that sentiment enough!

6
0

It's finally happened: Hackers are coming for home routers en masse

Mage
Silver badge

"It's finally happened"

Really?

I moved to my own custom router nearly 10 years ago because of SOHO/Domestic router security issues on routers sold in Tesco, Argos, Maplin and popular on commonly used online stores.

7
2

Who killed Cyanogen?

Mage
Silver badge

Partly Google & Partly Cyanogen

The Playstore access rules, Google app rules and their binary blob licence is a severe handicap for any 3rd party Android. However Cyanogen themselves seem to have messed up a bit too as well as alienating / ripping off some contributors.

4
0

This speech recognition code is 'just as good' as a pro transcriber

Mage
Silver badge
Devil

Re: Dodgy numbers?

Yes, it's actually garbage.

1) The real score on real world stuff will be lower.

2) Any competent Audio typist (that works with the same person) can beat a transcriber (remove source errors).

3) Perhaps they are comparing a real time stenographer? Even so it's a poor score.

Natural language parsing is the limit, it's simply nowhere near good enough to sport decent text to speech.

Dictation transcription (aka Audio typists), transscription not in real time of unknown source, speech/Film/TV/News subtitles in real time, and live stenography / shorthand with later transscription are all different activities. All rely on UNDERSTANDING the meaning as well as basic parsing.

This is shameless marketing.

4
1

HomeKit is where the dearth is – no one wants Apple's IoT tech

Mage
Silver badge
Devil

Also

IoT is mostly sold by accident? You buy the expensive coffee maker and it happens to have it?

Yes SOME people deliberately go out and buy Nest or an IoT door etc, rather than reliable traditional products from established suppliers that won't be closed by Google tomorrow or ditched by Amazon or Apple for something with more profit.

Amazon Echo and Google Home are madness anyway. Ask Harry Harrison's teddy.

Apple Homekit isn't as show-offable as their iPhone and iPad. I'm sure Apple can't understand why the apple TV (stupid name for something that's an over priced locked to iTunes streaming box with no screen) isn't the money spinner that iPod + iTunes was. I wonder do Apple actually understand why the iPod and then then the iPhone were so successful? It wasn't the price, security or technology.

iPod: The iTunes compelling content deal with Record Labels of selling tracks instead of full albums.

iPhone: The compelling Carrier deals with unlimited or massive caps, when all other smart phone users were paying a fortune per megabyte! Or even per second connect time!

It was never purely the technology or even the box, despite what Apple or Apple fans like to think.

There is simply no compelling reason to have an Apple TV vs a Roku, Chromecast, Amazon FireTV, PS4, Xbox or Sky Box.

There is no compelling reason to have an Apple Watch, unless you already have an iPhone and you want to look like you have a high disposable income (it's a product that should and does sell less than $60)

Why would anyone especially buy Apple Homekit compared to any other IoT, given that IoT is a minority sport in the first place? Hardly anyone will know you have it and it's not even shiny in an an Apple Store. It's laudable the commitment to security in it. I wish all IoT had it but elsewhere I point out that security is never coming to IoT.

11
5

AI, AI, captain: Royal Navy warships to set sail with computer officers

Mage
Silver badge

Oh dear

Words fail ...

2
0

How do you make a qubit 10 times as stable? Dress it up for work

Mage
Silver badge

Hmmm... interesting explination

Sounds a little like lies for children, except do they understand difference between AM and FM?

2
0

Ubuntu 16.10: Yakkety Yak... Unity 8's not wack

Mage
Silver badge

Mint 18

Mint 17 and Mate desktop is much better than Ubuntu also.

2
1
Mage
Silver badge
Mushroom

still-not-quite-there Unity 8

Scrap Unity.

It's a nonsense idea for productive workstations. Who installs Ubuntu on a 7" tablet or less than 6" Phablet?

1
1

Vodafone and Inmarsat hang satellites over potential Internet of Things customers

Mage
Silver badge
Boffin

RFIDs

The RFIDs are read at close range (i.e. dairy) or some herding activity.

Then a Mobile phone data connection is used.

Satellite provides the back-haul for the conventional mobile basestation. Inmarsat is competing with OB2 / Astra / Eutelsat and others. This is NOT the expensive direct to customer satellite Terminal market. The clue is Vodafone.

2
0

Basic income after automation? That’s not how capitalism works

Mage
Silver badge
Windows

Re: Errrm

How many of those cars are made in UK?

How many TVs are made in Europe now.

Large scale automation was common in the 1930s, though it started in the late 18th century.

There is eventually saturation and eventually a situation where very few people are employed. They are developing the technology to restock shelves and already have self service checkouts in some shops.

There will be no overnight change. However there are no "jobs for life" any more, except maybe in some Civil Services. We are a long way from having to make this decision, it could be another 150 years. It seems likely though there will be a slowly increasing number of people that never get jobs.

It's really a lie about retirement age being raised. It's the age to start getting a government pension that is being raised. If you are over 49, then you are more likely to be made redundant and if over 59 unlikely to to find a job if you are unemployed. Businesses have not raised retirement age, quite the reverse. It's obvious without an age, the approximate age of the person on a CV.

It's a dishonestly written article, typical of the propaganda from "The Conversation"

13
10

Apple's car is driving nowhere

Mage
Silver badge

Re: Trains, planes and ships

"So what happens if there's a loose car on the tracks? Or a large tree? Or a cow (remember why old trains had "cow catchers")?"

Indeed. It's not so simple. So why are people working on much harder car issue than on trains? Solve one problem at a time. Autonomous car needs many different issues solved.

0
0
Mage
Silver badge

Trains, planes and ships

Buses, trucks and cars should be last on the list after Trams.

It's not just because of Unions that trains have drivers, and surely that doesn't even need so called "AI" or GPS (apparently GPS isn't good enough for autonomous cars, not just accuracy, but signal loss). So let's do trains first. Signals can tell the train where it is. It doesn't need to steer. Only follow signals and stop if there is something unexpected on the track, which should be very much easier than cars avoiding unexpected things on roads (bins blowing in wind, missing manhole covers, never mind trucks, children or cyclists.)

1
1

What's 5G? Who knows, but Qualcomm's designed a modem for it

Mage
Silver badge
Coat

fool around with 28 GHz

Yes, in open plan offices. Or rooftops.

1
0

Sweet, vulnerable IoT devices compromised 6 min after going online

Mage
Silver badge

ISP problem isn't simple.

Unlike historic email spam bots the current devs are clever. They rely on scale. Each individual IoT will seem innocuous to an ISP and their main concern of absolute traffic per user. There are a lot of ISPs and the bigger ones have a lot of customers.

3
0

Google has unleashed Factivism to smite the untruthy

Mage
Silver badge

so if one side is simply making stuff up

Both (or more sides) make up different stuff.

3
1

Forums