* Posts by Andrew Jones 2

814 posts • joined 27 Sep 2009


It's Pi day: Care to stuff a brand new Raspberry one in your wallet?

Andrew Jones 2

Re: Plex server...

If it's just for Audio, why are you bothering going down the Plex route? Stick Logitech Media Server on there (used to Slim Devices Squeezeserver) and on any spare Pis, run PiCorePlayer which means you can have your own cheap, opensource synchronised music system without having to touch Sonos or other expensive crap.

OK, Google: Why does Chromecast clobber Wi-Fi connections?

Andrew Jones 2

I'm sure it sounds like a reasonable explanation from the router vendors, but there is a small problem that they are overlooking.. Chromecast (all generations), Chromecast Audio and anything running Google Assistant - DO NOT enter any sort of sleep mode. They stay awake 24/7 when powered and they broadcast mDNS messages a lot more frequently than every 20 seconds! That's how devices on the network know that they exist.

Google reveals Android Robocop AI to spot and destroy malware

Andrew Jones 2

Re: Bloatware query

One would imagine that as the OEM software is either on the system partition and/or signed with OEM keys - that it will ignore it - however - even if it does flag something on a system partition, it's on a system partition - it's mounted read only, the only possible action it can take is to alert the user.

UK surveillance law raises concerns security researchers could be 'deputised' by the state

Andrew Jones 2

The experts who have discussed among themselves can think what they like - and I frankly find it surprising that they are even giving the Government the benefit of the doubt here. We all saw the writing on the wall with the "don't worry, the [you must give us any passwords we ask for] law will ONLY ever be used for anti-terror" - we all knew it would be used eventually for stuff that was not even vaguely related to anti-terror and sure enough, that day came and went - with very little media coverage.

If the UK Government have an over-reaching power, it doesn't matter what they claim it is for - it WILL be deployed on a frighteningly regular basis and it will be used for many many things that have no relation at all to the original reason they claim they needed the power in the first place.

Along with the plans for complete internet regulation, the existing stupid bill - especially with regard to the adult entertainment industry, and now this new plan - the IT industry is going to flee the UK within the next 10 years.

Auntie sh!tcans BBC Store after 18 months

Andrew Jones 2

And at the same time - they couldn't actually cope with requests (other than telling me it was a good idea).

I asked if it was possible to stick the BBC produced Carmen (Bollywood) Opera that was performed live in Bradford and broadcast on BBC Three.

It's not available on Amazon, Google Play, Netflix, iPlayer (or any *ahem* alternative sources). I was happy to buy a copy - but nothing ever came of the request and clearly now it never will.

Andrew Jones 2

The license fee paid for the content to be made in the first place. I'm not going to pay again - to watch something that technically I've already paid to have made and paid to watch it the first time it was broadcast.

If I buy it on DVD, that's different - I'm not just paying for a license that entitles me to watch the content - and because I physically own the media - I can watch it on whatever device I feel like - including ripping it to my media server and watching it on any of our TVs that have a Chromecast. Since BBC Store took FOREVER to even support the Chromecast (despite supporting it on iPlayer) then had I actually wanted to buy something from the store (and I was tempted at launch) - I couldn't actually have watched it on anything remotely convenient.

If they had thought the whole thing out properly from the start......

TRUMP SCANDAL! No, not that one. Or that one. Or that one. Or that one.

Andrew Jones 2

Hi, I see you are currently on fire - would you like me to put it out?

"On Fire? That's crazy, I am not on fire, I am.... my parents lived... and that's why Islam is.... and it was the biggest arms deal the US has ever done, it was the greatest, much better than any deal that has been done before... and that's why I am not on fire...."

Uh... OK - but I can literally smell your flesh burning and see the actual flames....

"Flames? No... that's fake news - I have the best words - I have the best people - I have the best intel, I have people that would tell me if I was on fire..."


I imagine this is very close to how a conversation about Donald Trump being on fire might play out....

T-Mobile goes Apple/Google route by separating phone numbers and devices

Andrew Jones 2

This is presumably using the Next Gen network since this is one of the many things covered on the GSMA site and ties in with RCS.

Three Nigerians sentenced to 235 years in prison for online scamming

Andrew Jones 2

Re: >low employment prospects in the region for computer specialists

...damn you.... now I have to go and watch that episode!

Andrew Jones 2

Well I mean if we are dealing in nonsense and highly impractical sentences - then they might as well each of been fined 90 quadrilion trillion billion potatoes or something....

UK ministers to push anti-encryption laws after election

Andrew Jones 2

Out of purely hypothetical interest -

If someone created an online shop or forum, and stored all user data in plain text and had no HTTPS on the website and some 10K records were stolen from it by hackers, then presumably when the ICO tried to fine you for data breaches you could simply say - sorry - it was not possible to comply with any your rules because the Government made it illegal, so feel free to pass the bill on to them.

Andrew Jones 2

And just as I suspected would happen as soon as the future was threatened by a clueless Government, work is progressing quickly on a decentralised internet using Blockchain tech. Snoop on that UK Gov, when you stop playing fair - people will just take your tools away.

Dixons Carphone: Brexit not a factor as Brits' gadget lust holds strong

Andrew Jones 2

People are still spending money, because they still have money. That's only because we aren't all bankrupt yet - but it's coming.

UK.gov throws hissy fit after Twitter chokes off snoop firm's access

Andrew Jones 2

..... but ......

it's ONLY the MP side of things that's confidential - the message I sent to the MP is fully readable because MY connection is not private - so that argument falls over.

Andrew Jones 2

"The British government has made no secret of its desire to spy on everyone everywhere using social media, even though its in-house knowledge of technology is embarrassingly dire."

Should read "....desire to spy on everyone everywhere (excluding members of Parliament, who are exempt from being profiled and / or tracked, because they added that clause in to the bill)....."

Telecoms fail in UK takes down passport scanners in Australia

Andrew Jones 2

......so a terrorist attack on the actual data centre - will disrupt the ability for people to fly in multiple countries around the world?

That seems like something that might need to be looked into pretty quickly.

Kill Google AMP before it kills the web

Andrew Jones 2

Well I call bollocks - these arguments are badly researched by whoever is doing the complaining. There is one valid point about metrics - which Google are addressing - but you certainly don't have to use Google analytics. Branding complaints are a bit bogus too - the pages might have similar layout - but it's not impossible to have your brand on it. The complaints touch on the fact that it's open source but still largely make it seem like only Google is invested in the project - when the github shows that to simply not be the case. Finally - there were numerous talks at IO about how easy it is to serve up an AMP page and then have any links transitioning to your PWA app - and let's face it - if you cared enough to play around with AMP then you clearly want your website to run as fast as possible - so PWA is the next logical step.

Mi casa es su casa: Ubuntu bug makes 'guests' anything but

Andrew Jones 2

It's bad - but it's not like the ludicrous decision of Microsoft in Windows XP to launch the Accessibility tools with SYSTEM account privileges when you click on the button on the login screen - which of course enables someone with a USB flash disk - to boot to anything that lets you access the filesystem rename Utilman make a copy of cmd called Utilman and reboot - and then of course at the login screen click the button and change the password of any account on the system.

Reading other users' files is bad - but it's not complete system ownership in 60 seconds. (Something which by the way - even now - still hasn't been patched)

Android O-mg. Google won't kill screen hijack nasties on Android 6, 7 until the summer

Andrew Jones 2

It is worth pointing out though - that key parts of the OS can't be hijacked with this method. Ask anyone who runs a full screen overlay like Twilight. You can't for instance tap the Install button, or factory reset the device, or approve a new device administrator app while Android thinks that an overlay might be trying to trick you.

Troll it your way: Burger King ad tries to hijack Google Home gadgets

Andrew Jones 2

They did, within hours. The lights come on when it hears "OK Google" they spin a few times, Google uses contentID matching on the server - recognises the advert and issues a cancel command to the device and the lights switch off and it goes back to sleep silently - while the advert continues to play.

Andrew Jones 2

Re: Yet another reason

or.... like any other reasonably knowledgeable IT person - run Wireshark for the first 48 hours after letting the thing on to the network. Can confirm - other than when it's woken up, it doesn't generate a lot more traffic than a Chromecast, and seeing as it is a Chromecast Audio - that's not terribly surprising.

Andrew Jones 2

"Is it really just an internet connected microphone with absolutely zero on board processing capability? If that's the case then they deserve every bit of headache and pain that miscellaneous audio sources can inflict upon them and that applies equally to both Google and it's customer lackeys."

Come on - this isn't the Daily Mail - you are on IT site here, you know perfectly well that it is simply not feasible that it sits streaming everything you say 24/7 back to Google. Aside from the fact that this thing will have been taken apart by someone, someone else probably has serial access to one. At least 100 people will have run Wireshark to see who it is talking to and when. And then finally - it may only be voice - but it would still add a massive amount of bandwidth use to your monthly internet usage which would of been questioned countless times by now.

It works like every other device of it's kind - including Siri and any other always listening bit of software. It wakes up when it hears the phrase it has been programmed to wait for - and at that point it starts sending the microphone stream off to whichever company is processing the stream.

As for the countless people saying if you could change the phrase it would all be solved - you are wrong, and for this - I point to what happened when we asked people to come up with passwords. Google Home, Echo and whatever comes next are designed for normal people - not IT professionals. Normal people will either name it "Computer" or the name of someone they know / knew. The number of false triggerings would skyrocket. This is something many tech bloggers have touched upon - that while it's not quite as natural having to say "OK Google" it is 4 syllables and therefore has a lot less accidental triggerings compared to "Alexa" which gets false triggered a lot and "Siri" which if it was in a proper bit of hardware with a special microphone array making the device extremely sensitive - would be triggered ALL THE TIME because it's such a short word - and you know there is a not a chance in hell Apple would ever let you be able to customise that - because - they don't let you customise anything else either.

Andrew Jones 2

If you go into someones house and pick up their Sky Remote (this has probably changed on the new layout though), and press Setup and then type "01" and press select and scroll down to LNB power on the installer menu and turn the LNB power off rendering the box unable to receive a Sky signal and requiring an installer visit to revert the change you made - then you have performed a malicious act. The fact that it was completely unprotected is beside the point.

If you do something malicious just because you can - you are still the one at fault.

Andrew Jones 2

You should really update the article to note that Google acted swiftly - and just like they blacklist their own ads to prevent this exact thing from happening - they have blacklisted this advert too.

It's very very impressive, when you consider that the device initially wakes up to the "OK Google" and in seconds as the advert is playing, Google has stripped out the background sound from your room, matched the fingerprint of the advert to it's contentID system and issued a cancel command back to the Google Home device to cancel the search and the lights switch off silently.

Even with the dog barking in the room - Google still manages to recognise the advert and stop the search executing.

Callisto Group snoopers wreak havoc with leaked HackingTeam spyware

Andrew Jones 2

And there is the answer to the question - would it really be so bad if the UK Gov (and now the EU and US it seems) could instantly backdoor into any secure communication taking place....

Google's video recognition AI is trivially trollable

Andrew Jones 2

So.... the system is designed to accurately spot computers more than anything else is the takeaway I get from this. The "AI" is clearly designed to seek out other possible AI friends...... Not chilling at all...... honest.....

Wi-Fi sex toy with built-in camera fails penetration test

Andrew Jones 2

Is there actually someone out there who suggested this as a product to someone?

Reg now behind invisible HTML5 Bitcoin paywall

Andrew Jones 2

Re: B4 Midday

I believe that really only works when you are talking about pranks in the real world, when you talk about internet pranks - they actually run for about 48 hours because of the fact you are dealing with multiple timezones.

Dishwasher has directory traversal bug

Andrew Jones 2

I suspect it's going to take persons with malicious intent to cause something like flooding or fire forcing a complete recall - before manufacturers are going to start taking this stuff seriously. At the moment - manufacturer are probably thinking - so they can get into the machine - what's the worst they can realistically do?

After London attack, UK gov lays into Facebook, Google for not killing extremist terror pages

Andrew Jones 2

An understandable reaction - but a very slippery slope.

And then.......

"Google, Facebook etc you are hosting (or linking to) pages set up by disgruntled current / former customers of a company and this is causing that company to lose money - we demand that you do more to protect the interests of these companies."

will become

"Google, Facebook, etc, you are hosting (or linking to) pages setup by disgruntled citizens who hope to enact change in government policies by encouraging other disgruntled citizens to sign a petition. We demand that you do more to ensure these pages never see the light of day."

and progress to

"Google, Facebook, etc you are hosting (or linking to) videos uploaded by people who have an opinion that differs to that of the government of this country - we demand that you act swiftly to prevent these videos from being widely seen - before they infect others who may adopt the same opinions as those expressed by the uploader of the video."

and eventually

"Google, Facebook, etc you are hosting (or linking to) content uploaded / posted by people whereupon they express thoughts and opinions that we have decided are detrimental to our ability to run our country in whatever way we see fit. As such - we demand that you ONLY allow content to be linked to and / or uploaded if it meets the content guidelines in this 25,000 page document."

UK to block Kodi pirates in real-time: Saturday kick-off

Andrew Jones 2

Re: Short term 'fix'


Using distributed streaming would most definitely not be the solution - getting back in to the peer2peer system would mean all watchers would be uploading parts of the copyrighted material and thus be guilty of copyright infringement. That might be preferable to the authorities of course - but suing hundreds of thousands of watchers/uploaders and worse - proving who in each household is actually guilty would be a rather large operation.

Want to come to the US? Be prepared to hand over your passwords if you're on Trump's hit list

Andrew Jones 2

So..... if you have a Yubikey (or equivalent 2FA device) - you have to hand it over?

Android Wear: The bloatware that turned into gloatware

This post has been deleted by a moderator

Chrome 56 quietly added Bluetooth snitch API

Andrew Jones 2

I'm so confused - why is there an outcry exactly? This can't detect anything until the website has asked for and been granted permission right? The whole point of this is supposed to be to do away with the current stupid situation we are in where every product you buy (like for example Bluetooth controlled Christmas Lights) - also requires an app to be downloaded for whatever mobile operating system you happen to be running - and usually it's only available for Apple and Google, Microsoft is often left out. Further - it's only for mobile users. Having a website that allows you to configure the product on whatever platform you are on - regardless of whether it is mobile or desktop via Bluetooth seems like a no-brainer idea to me.

If anyone even bothered to watch last years IO - the plan would be that you could go to a parking meter or EV charger and the Bluetooth Eddystone beacon broadcasts the URL for the parking meter to your phone which announces it's existence, and then the Bluetooth API allows you to connect to it locally so you can pay for your parking or electricity. But I mean if you would prefer absolutely everything should be connected to the internet and you would do things via a central server requiring an account and something sitting constantly listening for commands from a central server - feel free.

I know which solution sounds better from a privacy aspect to me.

God save the Queen... from Donald Trump. So say 1 million Britons

Andrew Jones 2

Re: Not that I like Donald Trump...

" that when you don’t get your own way, it’s now not to accept the outcome, but instead to shout and scream, stamp your feet, burst into tears and hurl abuse and block anyone/thing that does not agree with you."


Hmmmmmm that sounds awfully familiar.... I'm sure I've seen someone doing that countless times over the last few years - usually around 2am, hmmmmm I wonder who that was......

Oh that's right! That would in fact be the current President of the United States.

So - I take it from this what you are actually saying - unhappy people are not allowed to show that they an unhappy in any way - but - if they are in a position of power, applying to be in a position of power - or just generally quite well known - then it is perfectly fine for them to have a Twitter meltdown. OK - your double standards have been noted. Thanks for playing.

Andrew Jones 2

Re: Bot boosting?

The signatures are not just from the UK - they are from British people living abroad.

I had the same suspicion seeing 10-20 people every 10 seconds signing at 3 in the morning made me question whether it was real. Eventually I managed to find a way to access the raw data - because while the petition site allows you to sign from any country - it doesn't display that information anywhere. So I knocked up a quick page to display the counts per country when the country has 500 signers and above (and of course one country below 500, because I should have put "break;" before printing out the table row instead of after)

There are 1,596,002 signatures as of Tue, 31 Jan 2017 02:19:15 +0000

Top countries:

Country Signature Count

United Kingdom 1,546,878

United States 8,776

France 6,250

Australia 4,706

Canada 3,458

Spain 2,988

Germany 2,769

Ireland 1,736

New Zealand 1,731

Netherlands 1,542

Switzerland 1,310

Belgium 851

United Arab Emirates 849

Italy 833

Sweden 805

Hong Kong 695

South Africa 550

Singapore 498

'Celebgate' nudes thief gets just nine months of porridge

Andrew Jones 2

I just want to say thank you to the various people who took the time to reply to my comment before with their views on the sentence. You have swayed me enough that I'm now on the fence. On one hand I can see the points of view about how locking up someone with a mental health issue in the same place as proper violent criminals is probably not a productive result - but at the same time, it's not just one or two "hacking" attempts.

Andrew Jones 2

OK first -

if he (and the other guy) didn't upload the images, how did the images get out?

Second -

This new defence is getting used far too much "I was depressed" or "I have a learning difficulty" - so if these same people robbed someones house, ran over a baby, stabbed a random person - can they still get off with saying "Oh I was depressed"?

I suffer from severe anxiety and depression - I don't suddenly think it gives me the right to break into secured (regardless of whether the security is good or rubbish) networks or break the law in other ways.

Former Mozilla dev joins chorus roasting antivirus, says 'It's poison!'

Andrew Jones 2

I have to agree with what a lot of posters here have pointed out - users with AV installed tend to believe that because they are "protected" they can click on what they want and visit the most dodgy sites and they are protected so everything will be fine. Every single computer I have had to repair over the years has always had some type of AV product installed - sometimes up-to-date and sometimes not. I've even had a computer that was fully up-to-date, had up-to-date AV installed (Norton if I recall), but had been infected with something which had obliterated system restore, the admin account, the ability to create new user accounts and most of control panel. Regedit and MSConfig wouldn't run and while web browsing was possible, any attempt to download something like Stinger would get to around 60% and then fail with "connection reset by peer" - in the end - while it would of been possible to clear the computer of whatever was infecting it, a reformat and re-install was a much preferred option.

I'm often asked "what AV do you use?" to which I respond, I don't - I just make sure I don't visit any dodgy sites and I don't open every email attachment that is sent to me.

From a psychological point of view - a study was done a long time ago that showed that while you would expect that Motorcycle users would suffer from more accidents than car drivers - the reverse was actually true because motorcycle users know they don't have a massive box around them protecting them - so they don't take risks that car drivers take - even though consciously neither type of driver was necessarily aware of the reasons one type of driver might take a risk that another would not. I feel that non technical users who believe they are completely protected from everything behave in the same way.

We saw first hand at college in the days of Win32.CIH how damaging AV was when Dr Solomon that was installed across the entire network encountered a problem where the virus copied itself to the C: drive because for some reason we were allowed to write to the C: drive, but not delete or modify existing files. Dr Solomon was unable to remove the virus from the C: drive and crashed, in less than 2 hours - every computer at Bishop Auckland College had a BSOD.

If I need to download something I am unsure of - I do it in a VM and if I absolutely need to do a virus scan, I tend to use ClamAV (in the VM) because I trust the community to do a better job than any individual company will.

Doomsday Clock moves to 150 seconds before midnight. Thanks, Trump

Andrew Jones 2

Re: Move along, no science here

Really - so you honestly don't see a future where Russia is reported to have said something (real or imaginary) about Trump, Trump jumps on Twitter and has a ranty meltdown as he likes to do, pisses off Russia and they decide to retaliate? No?

President Trump tweets from insecure Android, security boffins roll eyes

Andrew Jones 2

Re: Details please.

Android Central (I think) that ran this yesterday did a bit of sleuthing from the photos that are floating about showing him using the phone and have determined from the position of the "home" button and the position of the rear camera and the position of the microphone hole and the fact that Trump has apparently previously mentioned he uses a Samsung Galaxy - that his phone is in fact a Samsung Galaxy S3 - and as such - incredibly out of date and running Android - Ice Cream Sandwich.

President Donald Trump taken on by unlikely foe: Badass park rangers

Andrew Jones 2

There are now 24 "officially" unofficial - and some just jumping on the bandwagon - twitter accounts for the major agencies https://twitter.com/stollmeyereu/lists/twistance/members

Andrew Jones 2

Re: About time


Jesus! It's stuff like this that makes you wonder how bad the stuff is that we still don't know about that is still being covered up!

Andrew Jones 2

Re: About time


"But if some minor govt. employees still want to embrace the cult, they can do so. Trump won't try to criminalize it like the cultists wanted to do to the AGW skeptics. "

You are aware that forbidding the EPA from releasing any scientific studies or studies to the scientific community for peer review unless the US Gov says it is OK to do so basically contradicts that statement right? So now the situation will be that the EPA might for example (in the future) find that a water supply has been polluted with harmful chemicals - but if the Trump admin says "nope" then they can't publicly report their findings. I mean sure there is no problem here if you are happy living in a future where the only information you are ever allowed to read is "approved" information.

I fully expect to see a China style firewall within a year in the US (because eventually he will realise that some terrorists are actually US citizens)

Trump's FBI boss, Attorney General picks reckon your encryption's getting backdoored

Andrew Jones 2

I'm not terribly surprised.

I was much more surprised by the UK going down this route - now I just weep for the future of technology.

Furby Rickroll demo: What fresh hell is this?

Andrew Jones 2

I like the suggestion of going into a store and making all the Furbies start talking about building a wall.....

Sysadmin chatbots: We have the technology

Andrew Jones 2

So you can have a conversation with your mate along these lines:

"Oh I see you have one of those Amazon Echo's - how useful do you find it? Is it not a security risk? What would happen for example if I said 'Alexa, delete all virtual machines' ..... Oh I'm so sorry - I didn't realise it would do it without asking for confirmation"

TV anchor says live on-air 'Alexa, order me a dollhouse' – guess what happens next

Andrew Jones 2

And before long - the actual adverts will likely take advantage of this fact by saying something like - take advantage of this offer by simply saying "Alexa, book me a test drive with Nissan". "Alex, add tampons to my shopping list", "Alexa, subscribe to amazon prime"

After all - how many people actually sit and watch the adverts.

Google's Chromecast Audio busted BT home routers – now it has a fix

Andrew Jones 2

Just to say the only thing the Chromecasts are doing is broadcasting an mDNS packet that looks a bit like this:


md=Chromecast.ic=/setup/icon.png.fn=DH Master Bedroom.ca=<PIN>.st=1.bs=<MAC>.rs=<APP NAME>...!.....x.-.....I$3e<UID>...........x.....Q............._googlecast._tcp.local........x..

If the BT router is rebooting and factory resetting itself because it doesn't like the mDNS packets - that really is BTs fault.

No super-kinky web smut please, we're British

Andrew Jones 2

We are going to introduce a bill that allows us to know exactly what sites you have been looking at.....

Britain: "Yeah - I'm not happy about that - but I'm not bothered enough to do anything about it"

oh and also - we don't really want you looking at porn and will make it incredibly complicated and potentially risk you having to hand credit card details over to sites if you want to view them.

40% of Britain: " So... VPN then? Yup VPN...."

Various tech blogs and magazines - "hey, want to know how you can look at whatever you want on the internet without being spied on by the government?"

65% of Britain: "So.... VPN then? Yup VPN...."

Government: well, we have an idea of who we want to track - but they seem to be using a VPN.... like well.... pretty much everyone is - ever since the anti-porn law.


and the nonsensical thing of course - just like "we want access to WhatsApp" and encryption is bad stuff, is that "tracking terrorists" is nonsense - because they don't write their plans on Facebook or Twitter, or send them via SMS, and they certainly don't chat about them on WhatsApp. I admit I don't know exactly HOW they communicate - but I would imagine - a secure VoIP call is probably pretty high up the list? And if they are looking at something potentially incriminating online - I doubt they just use bog standard internet, at the very least there will be a proxy server or VPN involved - and very likely - it's not even their own connection that they are using.

But it's OK UK Gov you just continue pretending that all these powers are required for catching terrorists. I'm just wondering how long it will be before the off-the-shelf RaspPi boxes become available - that are configured to do nothing but load random websites 24x7 to make sure if there are any logs about what you have been looking at over the last year...... they are VERY VERY VERY FULL logs...... full of noise which completely obliterates any hope of building a profile of a user.


Biting the hand that feeds IT © 1998–2019