* Posts by jay_bea

46 posts • joined 10 Aug 2009

Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs

jay_bea

Re: EFF Wordlist

No, the sheets of paper are the lookup lists. The resultant passwords are stored in a password manager!

Mind you, I would rather my aged relatives used unique passwords for each website and wrote them down in a book than use the name of their favourite son-in-law for everything!

jay_bea

EFF Wordlist

I use password manager-generated passwords of random characters and symbols for website passwords that I can fill again from the password manager, but there are some passwords that I need to be able to type in manually - typing ks£94!_lkF0#- with a Playstation controller is difficult (and even harder over the phone to the kids).

For those occasions, I use a set of 5 dice and EFF's Wordlist [1] to construct a passphrase. This means I can still remember the individual words long enough to type them in, whilst the passphrases are appropriately random.There is something satisfyingly old-school about creating secure passwords using a dice and sheets of paper.

1. https://www.eff.org/dice

Return of the audio format wars and other money-making scams

jay_bea

Iomega

Even after 20 years, the word Iomega brings me out in a cold sweat, recalling trying to restore a failed drive in the face of the the dreaded click of death.

Super Micro China super spy chip super scandal: US Homeland Security, UK spies back Amazon, Apple denials

jay_bea

Re: I'm surprised that anyone is surprised that a Chinese owned or controlled company would do this.

I wondered about this too. I assume that the Chinese factories just assemble to the designed provided by Super Micro in the US. If this is the case, then surely adding components would require a detailed knowledge of these plans, the ability to change them and modification of the assembly process, and would need to be originated with the designers in the US? How much control to the factories in China have over design?

Russian volcanoes fingered for Earth's largest mass extinction

jay_bea

Re: The Ends of the World

"It's worth putting that 'fragility of life' quote into context too: life survived, every time. And that was without having the advantage of intelligence or technology."

Most accurately, I should have said the fragility of current life on the planet, for as you have noted, life did survive. However, each mass extinction event was effectively a reboot, with different forms of life appearing each time. Very few living things have made it through all the mass extinction events. If humans do succeeding in starting the next mass extinction event (Brannen thinks we are nowhere near that yet), then life will reappear again even though it may take 100s of millions of years; but possibly without humans.

jay_bea

The Ends of the World

Peter Brannen has written a very interesting and readable account of this and the other 4 mass extinction events that have taken place over the history of life on the planet (The Ends of the World). It is amazing just how much can be learnt about the Earth's history from billion year old rocks.

The book is a bit like the Total Perspective Vortex from the Hitchhikers Guide to the Galaxy, highlighting the tiny amount of time that humans have been on the planet in the perspective of its 5 billion year history, as well as the fragility of life.

WannaCry is back! (Psych. It's just phisher folk doing what they do)

jay_bea

Re: New Email List?

Cheshire one of those authorities by any chance?

Yes, Cheshire East and Cheshire West & Chester. There is no Cheshire local authority any more.

jay_bea
Flame

New Email List?

I have had a few of these, but to two email addresses that I don't usually get spam on, both of which were used exclusively for FoI requests to local authorities, which suggests that some local authority in England has had a leak of email addresses. The two email addresses were used a few years apart.

Perhaps I should do an FoI request to English Local Authorities to ask whether they have leaked any email addresses used for FoI requests?

Next time I will generate an unique email address for each local authority so I will know who to point the finger at.

High-end router flinger DrayTek admits to zero day in bunch of Vigor kit

jay_bea

Older Routers

My parents have a hand-me-down Draytek router, for which updated firmware has not appeared yet. Fingers crossed that it does, although when I checked, there were no changes to any settings. That Draytek have continued to release regular updates for a 7 year old router (as of March this year, anyway), sets them apart from a lot of other makers who don't support last year's model.

Look how modern we are! UK network Three to kill off 3G-only phones

jay_bea
Coffee/keyboard

Ending Three Contracts

Good luck getting out. It took me nearly an hour of being passed round Customer Service Assistants to get a PAC. They wanted to know why I wanted to leave (poor reception in key areas) and would not take it as a reason, because I had not phoned up previously and complained about it. By the end of the call I swore I would never go back to Three even if the only alternative were Vodafone.

More power to UK, say 'leccy vehicle makers. Seriously, they need it

jay_bea

Trip Distance

You do have to wonder, based on the comments here, what problem electric cars are a solution to (other than selling more cars).

Based on 2014 road use figures (DoT Road Use Statistics Great Britain, 2016), only 6% of car journeys were for more than 25 miles, and 56% were for less than 6 miles. Other forms of transport (walking, bicycles, public transport) would be a much better solution to the emissions problem caused by fossil fuel powered vehicles, and would also address the congestion / parking problems. Where local car / van journeys are necessary, then electric makes sense, but replacing every petrol/diesel vehicle with an electric one makes little economic or practical sense.

For longer journeys, I cannot see electric vehicles being practical for the vast majority of journeys for a long time.

Customers reporting credit card fraud after using OnePlus webstore

jay_bea

Paypal

Paypal is not great, but at least it provides a bit of insulation between my payment account details and retailer websites, and I am reluctant to purchase from sites that don't offer it, particularly if they are overseas.

It is a pity that Paypal make it difficult to set up secure 2FA unless you want to use SMS or their own Security Key, but it can be done using any TOTP client with a bit of work.

https://medium.com/@dubistkomisch/set-up-2fa-two-factor-authentication-for-paypal-with-google-authenticator-or-other-totp-client-60fee63bfa4f

WD My Cloud NAS devices have hard-wired backdoor

jay_bea

DLink 320L NAS

If you have a DLink NAS, you can always flash the Alt-F firmware, which is open source, has more features than the original DLink version, and does not (AFAIK) have any backdoors.

https://sourceforge.net/projects/alt-f/

YouTuber cements head inside microwave oven

jay_bea

Learning from Experience

Doesn't everyone have those - "maybe I didn't think that through" moments? I have certainly had my share, although they have diminished as I have got older (and wiser?). My list of things that I learnt by experience include: don't cycle down steep hills with no hands on the handlebars (I was 5), keep fingers well away from the sharp end of axes (14), a foot is not a vice, check the washer fluid before driving on winter roads. The only difference now is that our stupid mistakes are captured, intentionally or otherwise, for everyone else to see and judge.

Now, should I get a ladder to put up the Christmas lights, or just stand on my office chair?

Hot news! Combustible Galaxy Note 7 to return as 'Galaxy Note FE'

jay_bea

Re: What could FE stand for?

F**kin' 'Ell

Haven't deleted your Yahoo account yet? Reminder: Hackers forged login cookies

jay_bea

Flickr

The focus of the discussions of Yahoo has been email, but they operate a number of other services, including Flickr, which use the same login credentials as Yahoo. If they are using the same authentication systems, does that mean that Flickr is also vulnerable to the forged session cookies?

UK's new Snoopers' Charter just passed an encryption backdoor law by the backdoor

jay_bea

Curtailing Dissent

How better to stop dissent than to make people fear that their views might get them into trouble. The legislation creates a modern day, electronic, Panopticon, less about what the Government can or wish to do with the your personal data, and more about creating an environment where people are put off expressing or seeking out views that might dissent from those of the wider public or government.

Sure, you could use Tor or a VPN to hide what you are looking for, but how long before your browsing history becomes a valid area of investigation in a job interview? You want to become a teacher, or drive a train, but oh dear, your browsing history is hidden through the use of a VPN, so clearly you have something to hide, and you are not suitable for a responsible position.

Toe the line, use the internet for cat videos and to read news and political information that has been deemed appropriate by Facebook and Twitter, like the other 95% of the population, and you have nothing to fear. The remaining 5% are the ones to watch because they either have something to hide or they are mavericks.

Three Mobile, two alleged hackers, one big customer database heist

jay_bea

PR Fog

The various press reports and Three's own statements make the whole incident very confusing:

Three refers to "authorised logins to Three's upgrade system". Presumably this is an internal system and internal credentials that have been used? Or is it an internet-facing system and customer credentials that have been used?

Three refers mainly to attempted fraud (being very specific mentions about upgrades being ordered for only 8 customers) and makes little mention about data theft. Was data taken or did the intruders just have access to the database which contained the details? There is a big difference between the records of 5m customers being taken and intruders being able to view individual customer details from a database containing 5m records.

Hopefully we will find out more over the next couple of days.

PayPal patches bone-headed two factor authentication bypass

jay_bea

Re: 2fa choices

You can get a Paypal Security Key, which is a hardware VIP device to generate access codes, but these don't seem to be available in the UK.

Someone has created a free alternative, which means you can use any OTP app: "python-vipaccess is a free and open source software (FOSS) implementation of Symantec's VIP Access client. It is able to generate OATH URIs and their corresponding QR codes so any TOTP-generating application can be used as a VIP OTP token." You can find it on Github.

£11bn later: Smart meters project delayed again for Crapita tests

jay_bea

Re: Gaz and Leccy...?

As well as paying more for electricity at busy times of day, I also suspect that you will have the "opportunity" to pay more to get a guaranteed supply that is not subject to brown-outs when demand is likely to outstrip supply.

Zuck covers up mic and webcam because sharing isn't always good

jay_bea

Re: Zuckerberg is running Thunderbird

The Bat? I've been using it since version 1.x, not long after it was first released in 1998, converting from Eudora after seeing a review in PC Mag. I occasionally think about trying something new, but haven't found anything with the same powerful filtering and template capabilities and a focus on mail management rather than a flashy UI. It is still actively developed.

UK govt sneaks citizen database aka 'request filters' into proposed internet super-spy law

jay_bea

Even better, hack the Ad network so that requests are redirected to dodgy sites, not only obscuring any actual criminal activity, but also landing lots of people on a watchlist.

The poor state of security on an ad network you have never heard of could flag you as a person of interest subject to much closer surveillance, without you ever knowing about it (at least not until the Police come knocking at 6am for your computers).

Encrypt voice calls, says GCHQ's CESG team ... using CESG encryption

jay_bea

I am looking forward to the arrival of JackPair (www.jackpair.com/). Although it requires a hardware at both ends, so will not work without some pre-planning, it can work with any phone (mobile/VoIP/PSTN), and it addresses the issue of MITM neatly.

Abort, abort! Metal-on-metal VIOLENCE as Google's robo-car nearly CRASHES

jay_bea

Not a near miss

According to Ars, the events were not as described by Reuters and was a standard manoeuvre by the car and not a near miss: "Our car saw the Google car move into the same lane as our car was planning to move into, but upon detecting that the lane was no longer open it decided to terminate the move and wait until it was clear again" This is called checking the lane is clear before moving into it, and it could have avoided it by just sitting in the middle lane.

Bring on the Music, Apple: Spotify ups the ante - and money pot

jay_bea

Re: Interesting...

Well at the moment, you can install the Spotify/Amazon Music/Google Play Music App on your iDevice so you can have different music services, but will that continue once Apple Music is launched?

Amazon rekindles e-readers and Fire OS without weeks of whack-a-leak fun

jay_bea

Re: Wait for reviews...

The product information says "You can personalise both the pressure level needed to trigger a page turn and the haptic feedback level." If it works, it will be good. The touch screen has never really been a great replacement for the original page turn buttons, although it works very well for highlighting / marking text, etc.

NUDE SELFIE CLOUD PERV menace: Apple 2FA? Sweet FA, more like

jay_bea

Re: Security questions?

@Pen-y-gors - Exactly. I have taken to generating random strings in response to these questions. I look forward to the day when I have to answer security questions over the phone when my mother's maiden name is entered as "iyRdiaaEjH", for example.

UK gov rushes through emergency law on data retention

jay_bea

Mandatory Reference to 1984

"It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live— did live, from habit that became instinct— in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized." George Orwell, 1984.

Of course, now we have mobile phones, so it does not matter whether it is dark.

3CX Phone System takes on the corporate mobiles

jay_bea

Re: Mobile SIP Clients

You provide the SIP service that does the gateway and the number, so either your own office SIP Server or a SIP service like Sipgate. You pay for the mobile leg of the call and then whatever your SIP call costs are. You can see the technical and pricing details at http://aaisp.net.uk/telecoms-sip2sim.html.

jay_bea

Mobile SIP Clients

I spent some time messing with SIP clients on my mobile to connect back to my Asterisk server, but a lot of the time it was more trouble than it was worth, particularly when dependent on a data connection. However, AAISP have just re-launched their SIP2SIM service, so with a sip2sim sim in my phone and it bit of configuration in Asterisk / 3CX, my mobile becomes just another extension of the phone system, but operating on the mobile network (O2 provide the network). No messing with SIP clients, it just works, even on a 2G connection.

Twitter locks down logins by adding two-factor authentication

jay_bea
FAIL

Re: RFC 6238

From an Ars article and comments, it appears that Twitter's implementation is flawed and limited and does not support RFC6238. You have to be sent a code every time you log in, and you cannot approve particular devices or browsers. In addition "The relationship between phones and accounts is also strictly one-to-one: if you have a shared business account, you're going to need to share a phone number too. If you have multiple accounts and only one phone number, then you can only secure a single account."

See http://arstechnica.com/security/2013/05/twitter-launches-two-factor-authentication-too-late-to-save-the-onion/

Amazon prices up Kindle Paperwhite for Blighty

jay_bea

Fingerprints

I was concerned about fingerprints on my Touch, but in practice I have not noticed them on the matt screen and they certainly don't affect reading. This is from someone who hates fingerprints and other marks on screens.

I am hoping that the capacitive touch display will stop the accidental page turns and presses I get with the IR sensors on the Touch if something other than a finger comes into contact with it. Although the buttons on the non-touch models avoid this particular problem, I find the touch interface ideal for publications which require more interaction with the content (such as The Guardian), and find the non-touch Kindles frustrating now.

Pipex 'silence' condemned punters' emails to spam blackhole

jay_bea

Re: The sorry state of ISP competition.

I went from Direct Connection (Dircon) to Pipex years ago, and left Pipex for Andrews and Arnold (AAISP) who are like Dircon and Pipex used to be - but better. There is still a vibrant small ISP market out there, where you pay a bit more in return for excellent service and support.

When I read about the merger plans (Dircon to Netscalibur and Pipex to TalkTalk), I start looking for a new ISP.

TV Guide UK

jay_bea
Thumb Up

Re: Filter

You can select the channels that it shows, but it does not display the channel numbers.

Great app for quickly checking what's on and setting reminders, although I am still waiting patiently for Digiguide to make an Android version, as Digiguide for Windows is the king of TV Guides.

Go Contacts EX

jay_bea
Thumb Up

Just testing it now..

and it runs on my Venerable HTC Hero running CM7 based Elelinux. I had tried a couple of dialers but none, until Go Contacts, had the thing I missed from Sense - matching on numbers and names from the dialpad. So, dialing 742 will bring up numbers starting 742 and contacts starting Ric ("Richard", for example). Brilliant.

UK broadband speeds crippled during 'rush hour'

jay_bea

Re: Services.

"Can you imagine if those providers 'throttled' your power?"

I am sure that they would do that in a shot if they could and it will probably be possible with Smart Meters.

Amazon intros $199 movie Kindle

jay_bea

3G

I tether my Kindle to my phone and use its 3G connection if I am away from home. Works well and means that I can get a cheaper Kindle

jay_bea
WTF?

How much???

I see from the Amazon.co.uk website that the cheapest Kindle, the one that goes for $79 in the US, sells for £89 in the UK. I know the exchange rate is not great, but I did not think it was that bad! Will it be £250 for the Fire then? Not so attractive, after all.

Amazon revamps E Ink Kindle line

jay_bea

I'm quite excited too

but I wonder how long it will take them to appear in the UK. There was quite a lag with the original Kindle wasn't there?

At $199 (or whatever that turns into in £s), the Fire would be quite a good option for children. I wonder whether Amazon will do any content filtering as part of the back-end processing of web pages to exclude malicious or adult sites?

HTC loses prelim patent ruling to Apple, takes stock hit

jay_bea

Killing competitors

I can't see it being in Apple's interest to have Android competitors wiped out - everyone has gained from the massive growth in interest in smartphones stimulated by Apple and Android. What Apple are probably more interested in, like Microsoft, is license fees for using its patented technology, if the patents stick. This not only brings them additional income, but also raises the cost of Android compared with Apple ones.

As ezman notes, the skirmishes with the individual manufacturers are part of a wider battle between Google with Android as its "mobile advertising platform" and everyone else who wants a cut of Google's ad revenues. Perhaps Google's silence is because it knows that one way or another Android is going to start costing it in license fees to MS, Oracle and Apple.

Solar panel selling scam shown up by sting

jay_bea
FAIL

Pressure Selling?

A few houses near us have sprouted PV Panels recently, often on east facing roofs. East facing placement is not ideal but better than one nearby house which has a bank of 5 panels fixed vertically onto a south-facing wall, in the shadow of the house next door. I suspect that the sun might go out before the end of the payback period on that one.

Windows Home Server 2011 signed off

jay_bea
Linux

If you want small...

then what about a Plug Computer - http://blog.amahi.org/2010/08/11/amahi-for-the-marvell-plug-computer-released-get-yours-free/. Even if you don't want a PC that small, Amahi running on a normal server can do all you want. Mine is a DLNA server, a central backup location, file server and I run Asterisk on it to provide an intelligent home phone system.

South Yorks police leads UK in use of ANPR cameras

jay_bea

Do they have an effect?

I wonder how much of an effect ANPR cameras have on crime? Are they like CCTV cameras which actually have a very limited impact on crime detection? I had the misfortune to see a bit of Police! Camera! Action! last night, most of which seemed to be shameless propaganda in favour of CCTV and how they help solve lots of crimes. If ANPR does actually help reduce the number of untaxed vehicles and uninsured drivers then good. If not they end up being a waste of money.

As for speed cameras, I have never understood why being caught breaking the speed limit by a camera is unfair. If the speed limit for an area is unrealistic should not the focus be on increasing the limit, rather than taking away the cameras. It seems to me that having discretionary laws (on speed limits or anything else) is the start of a slippery slope.

Tablets to eclipse e-book readers

jay_bea

Re: dunno about that

Having used a Kindle for a few weeks now, I can't see it being replaced by a tablet, although I might get a tablet as well at some point. It is a pleasure to use a device where the first thought is not where the power socket it and is easy on the eyes.

I think that there are limits to convergence. I can see Tablets replacing Netbooks, as many of the functions are similar. I won't be replacing my Thinkpad with a tablet as I want a big screen and keyboard for writing reports and working on spreadsheets when travelling. This means that the household will end up with PCs, laptops, tablets, smartphones, MP3 players and Kindles. A common power supply for them all would be good though!

MS drops drive pooling from Windows Home Server

jay_bea

Amahi

I am running Amahi Home Server, which is a Fedora-based home server. Works well, comes with a range of additional applications, includes LVM / Greyhole pre-configured, and is free.

HTC Hero Android smartphone

jay_bea
Thumb Up

Great phone (after Treo 650)

Personally, I find the phone (Orange Contract) fast and responsive, particularly after a Treo. Battery life is a little short (a day of intensive usage or 1.5-2 days otherwise) but not terrible and I have ordered a spare battery for periods when I may be away from a charger for a day or more. And it comes with a full complement of features and does not appear to have any removed. There are no restrictions about installing signed (from the Android Market) or unsigned applications (from websites).

I find the on-screen keyboard surprisingly good - better than the hardware version on my Treo - although this is partly due to an effective predictive text / autocorrect function which deals with most of the errors I make.

Biting the hand that feeds IT © 1998–2019