£350 for a locked phone?
I'm assuming this is locked to Vodafone? In which case, count me out.
Shame - the design looks brilliant.
144 posts • joined 27 Jan 2010
Have a look at the TSB login page. Offsite resources include:
This is on a bank login page FFS! How many trackers do you need??
At least they've removed the references to internal test servers that were present when they had their big meltdown earlier this year...
I love the idea of providing a premium rate contact phone number! Why didn't I think of that??
I have had to put up with idiot spam calls for years thanks to ICANN (on the basis that I already pay 'em enough for the domain, I'll be damned if I have to pay extra to have then not publish my phone number...).
Time Machine works perfectly on the new apfs if you know where to look.
On High Sierra, Preferences > Sharing > File Sharing > right click Advance Options, check "Share as a Time Machine backup destination"
That's why they've abandoned the Time Capsule: they'd rather sell you another Mac to do the same job...
Indeed. More examples:
- The account list page is titled "holding list" (yep, in lower case).
- The pages are trying (and failing) to load resources from internal test domains.
This is pretty basic stuff that even cursory testing would pick up.
I'm sure there'll be plenty of blame to go around, but it does look like they went live with software that wasn't sufficiently tested. On the up side, the website is more-or-less working again now, so hopefully they're over the worst...
So much for "we hope to be back up later this afternoon"! It looks like it's getting worse, not better.
While it was (briefly) working yesterday I managed to complete a payment from the app (not the website), but both have been down all day today.
I wonder if there's a point of no return? As more and more backlogged transactions pile up, the more the the pent-up demand is likely to flatten their systems when they are eventually fixed...
Well, I can't log in at all now. It's claiming invalid credentials, even though my credentials are correct.
Ah, there it is: "https://test1.int.uk.tsb/14562512/SbtlTsbr_t.js" - clearly flagged up on the login page console.
I get the impression someone, somewhere is frantically restoring "direct_debits.xls" from last week's backup tape. I had no idea banking IT was so shonky...
My Direct Debit screen says "You don't have any Direct Debits set up for this account". Which is gonna come as one hell of a surprise to my mortgage company...
The web page title for the list of accounts screen is "holding list" - yes, in lower case.
It's a total clusterfsck. This is pretty basic stuff. Did they do ANY testing??
It can manifest itself in crashing, inability to complete install, inability to reboot etc.
High Sierra is supposed to mark existing .kexts as "safe" on install as part of the new-fangled (and annoying) SKEL system. Unfortunately, that process seems to crap out on some machines, leaving them unbootable (other than via System Recovery).
Try system_profiler SPExtensionsDataType > ~/Desktop/kextList.txt
If that process crashes & dies, you definitely have a duff .kext
Look in the output from that command to find any unsigned .kexts
They live in /Library/Extensions - remove anything old/suspicious here and try the upgrade again.
I've had several iPods and I love my 16GB gen 6 (the little 1" square one with a touch screen). It's even survived being put through the washing machine. Hopefully it'll last a while longer, as it's tiny size means it's much more convenient than a phone for music for music listening.
@Commswonk good question, because it's not obvious from the manufacturer literature how they solve the "heating problem".
I have a PHEV and it appears to have both a ~2kW heat pump and ~5kW resistive heating. The heat pump doubles up for air-conditioning duty in summer. Add in headlights, rear demist and heated seats and it can be pulling 8kW before it turns a wheel. That sounds like a lot, but it's still pretty small compared to the power needed to drive it along (max power on mine is 108kW, average is more like 20-30kW at speed).
The heating system makes for a nice, toasty warm cabin in winter (you can even pre-heat the cabin before you set off if it's really cold), but it does reduce battery range. My car manages 40+ miles in the summer on battery power, but this will fall to 25 miles or so in the winter (on a 10.5kWh charge). All because of the heating system. Granted, I can put the system into "eco" mode to save energy, but hey life's too short...
Different manufacturers seem to have different ways to solve the heating problem. I believe early Nissan Leafs only had resistive heaters, which aren't as efficient as a heat pump. I don't know how Tesla do it - they've got 85kWh+ to play with, so maybe heating efficiency is less of a concern...
...but the article seems a it light on the usual level of El Reg insight.
What about the other (potentially promising) areas of the policy doc around energy systems and battery tech? We've got some good, successful companies in this space, may of whom are located in the North-West. Are you saying these sectors NOT worthy of support? Less worthy than "innovative pallets"?
Also, there's a bit of a weird Mersey fetish going on here. You Mancs and Scousers seem to be perpetually at each other's throats. This is a UK strategy, so how about dropping the regional rivalries for a bit.
It's not the the cost of the liquid nitrogen. It's the cost of keeping it liquid!
The energy (currently) needed to keep even a high-temperature superconductor cool is more than the energy that is lost by a normal conductor. Add in the extra cost of the superconductor itself and that's why we seldom use superconductors to transport electricity.
Switching to SSE fibre (they're a reseller of Daisy) has been a disaster for me.
Sure, I get the advertised ~38Mbps EARLY IN THE MORNING.
Evenings? Forget it, Daisy's backhaul is so hopelessly saturated I'm lucky if I get 2Mbps.
Complete waste of time - and it seems there's nothing SSE can do about it.
My own fault, I should have realised the deal was too cheap, but even if there had been postcode-level mapping available, I would still have been suckered. I'm currently arguing with them to escape from my 18-month contract, on the basis that what they're providing isn't worthy of the term "broadband" :-P
Yes, you're right (and I already grok all of that).
However, the article seems to imply that they will add your WhatsApp mobile number to your Facebook account profile - something FB has nagged for for years and I've always resisted. No means no, right?
I realise/accept/hate the fact that *they* are able to identify "me", but I will also be very pissed off if they add my mobile number to my FB account without asking.
Assuming you have both, how can they link your WhatsApp profile (that has a phone number) which your Facebook account (which doesn't)?
Are they linking using the email address or what? I have a different one for both. I've never associated my mobile number with my Facebook account and have no intention of doing so...
I has a quick check with a clean install of the TeamViewer client. There is no need to set up a TeamViewer account. First of all, it asks if you want to set an "unattended access" password. Hmm: I wonder if some people set this on first install with a memorable (possibly re-used) password and then forgot about it? This is clearly a different password to the TeamViewer account password (which is what you use to log in to the service if you set an account. It has 2FA etc).
Next screen implies remote control is now possible with a 9-digit ID (presumably set by the TeamViewer servers) and a 4-digit PIN (presumably randomly set by the client). A quick look with Wireshark shows it opens an SSL connection to integratedchat.teamviewer.com every 5 minutes - presumably to announce its presence to the TeamViewer servers. It defaults to allowing "Full Access".
Nothing looks obviously insecure, but that "set unattended access password on install" combined with "default allow full access with 4 digit PIN" suggests that there are a couple of ways a default installation might be compromised.
I agree with psychonaut that you seem to need the 9-digit ID to connect (rather than just an IP address as I said earlier). Perhaps someone found a way to get that ID from the TeamViewer servers? Or maybe you can just try random IDs with a brute-force on the PIN until you get lucky?
Just joining together a few threads:
- Apparently you can connect to TeamViewer clients by IP address. It's not restricted to the registered account (by default)
- Apparently TeamViewer sets a less-than-random 4-digit one-time use password for remote access (by default)
I did not know either of these things. It seems you have to go into the settings to remove the OTUP if you don't want it and enable whitelisting to prevent connections by IP address.
So, if you can somehow get a list of IPs using TeamViewer (using a DNS DDOS, perchance?) and you've semi-cracked the "random" OTUP generator, then you're in.
Does this sound feasible? I'm unconvinced that this is a simple password re-use problem, despite what TeamViewer are claiming.
"a Windows Trojan disguised as an Adobe Flash update that's doing the rounds using TeamViewer to backdoor machines."
Hmm, you got any evidence for that? While you can never be 100% sure when people claim not to have installed a rogue Flash update, the fact that one of the first actions for some of the TV attacks is to dump the Chrome password list suggests (to me) that they don't already have the user's passwords.
Why would they dump the password list via TeamViewer (not the most subtle approach) if the machine is already compromised by a Flash trojan?
I understand TeamViewer has the ability to start (privileged?) executables remotely. A number of the posts on Reddit report the upload and running of "webbrowserpassview.exe" (for example) that dumps saved passwords from Chrome.
You can still do harm with TeamViewer without gaining control of the desktop...
Maybe, maybe not. My guess is that it's not unrelated to recent attacks on their DNS. Something possibly involving hijacking responses/chatter between the client and the TeamViewer account servers.
Without knowing how TeamViewer authentication works, it's hard to be sure...
The TeamViewer service accounts seem to be OK: 2FA, no evidence of a hack anywhere.
What seems to be happening is that miscreants have found a way to connect to TeamViewer clients, somehow bypassing the authentication. This has happened to a guy at work last week: TeamViewer account fully secure, unique password, 2FA, etc. While using his laptop, someone connected via TeamViewer and started clicking around. Fortunately, it wasn't a serious hack attempt, seemed more like a skiddie.
TeamViewer now uninstalled everywhere here until we find out more. The software client is broken somehow.
Pure speculation on my part, but that's my take on it.
The myth of air-gapped SCADA needs to die once and for all.
On a closed secure site: fine, give it a go. If you can manage to operate efficiently without any link to the outside world then I'm happy for you. Most business don't work that way.
For anything remotely distributed (i.e. most utilities) the air gap WILL be breached somewhere and no, you won't know about it - until it's too late...
"measure a vehicle's emissions whilst it achieves its stated 0-62 time for example"
Now there's an idea to put the fear of God into the motor manufacturers. Have you ever been behind a modern performance car while it accelerates on full throttle? *cough* *splutter*. The muck that comes out of the back of these things on full tilt is amazing.
You get the impression that the pollution control gear is there solely for the purpose of getting through the tests and does pretty much f-a the rest of the time...
This is the nature of nationalised public services. They are uniformly awful. The socialist ideal is fine but when it hits the buffers of reality it all falls apart. Like every socialist ideal.
Counter-example: Vienna's public transport system. Fully integrated tram/bus/rail. Cheap. Everything runs on time, regardless of the weather. The tube runs all night and there's a fill-in night bus service that can get you to more or less anywhere on the network at 4am if you don't mind waiting around. They regularly extend the network with major construction projects through densely populated areas and these projects seem to mostly run to time and budget. And it's state owned, using the 'silent owner' approach described above. Like in London, public transport is seen as a strategic asset for economic wellbeing of the city, not something to make a quick buck from.
I don't know how or why it works, but it does. Heck, it's not even inefficient: 900 million passenger journeys and 8,000 staff compares favourably with TFL's 2.4bn journeys with 28,000 staff!
Terrible proofreading aside, it's good to see this kind of thing getting some media coverage.
In fairness to Innovate UK, if you are lucky enough to get an award from them, they are pretty supportive and easy to deal with - a far cry from the bureaucratic nightmare that was the Technology Strategy Board (TSB).
The funding criteria and awards process are truly bizarre, though. They have funded all sorts of ¡Bong! 'digital' nonsense, but seem really wary of anything vaguely industrial. The placing of the Energy Systems Catapult in the Midlands was another huge missed opportunity, especially when most of the industry and backers for it are located in the North West.
Definitely lots to complain about, but also a potential force for good. We all need to keep the pressure on...
I think it's trying to say:
"We will keep a history of all connections by default. We will trawl this history whenever we feel like without a warrant and if we find anything interesting, we'll get a warrant to look at any new content"
So, it's storage of connection records and access (on demand) to new content. Historic content is not stored by default, but you can put a warrant in place and then just hit "Save".
As someone said above, goodbye end-to-end encryption...
...aaaand there you have it:
"...a record of the communications service that a person has used"
"a record" - could contain anything, as a minimum likely to be who it's from, who it's to, a timestamp and probably a geographic location. "See, it's just metadata. No content data at all, m'lud!"
"the communications service" - Email, Whatsapp, Skype, Facebook, Instagram, Snapchat, dating sites, your online banking service, the works basically.
"a person" - no fuzzy IP addresses here, mate, none of that rubbish. We're talking RealID (TM), backed up by biometrics and the FORCE OF LAW. Ha ha!!
Sheesh. It would be helpful if someone (anyone?) in the mainstream media could get out there and explain this stuff properly.
Worse than that, I don't see how this "itemised phone bill" could possibly be used to work out who is talking to whom (if it's just a "list of websites"). Who the hell communicates via a "website"??
If they really want to know who is talking to whom, they are going to need to go MUCH deeper. This really suggests logging at the service/protocol level.
It'd be helpful if someone could explain what the Bill actually says as it appears to be in foreign. If it requires communication providers to provide such a log, then it would effectively outlaw any end-to-end encrypted service (as well as P2P).
I suspect this is not the "watered down" Bill you are looking for...
Does anyone understand what is being proposed here?
On Radio 4 they were saying that they need to know which "websites" people visit. In the next breath, they're saying that this is so they can find out "who is communicating with who, like we used to be able to do with telephone records".
How the hell is a list of FQDNs going to tell them that? Who communicates via a "website" anyway (apart from grandparents on Facebook, I mean)?.
If they want to know who is talking to whom, they're going to need to compromise every comms platform out there and/or mandate some sort of server-side comms logging. Heck knows how they'll deal with P2P comms. Will P2P just be made illegal? Yeah, that'd "solve" a few other problems along the way, wouldn't it? Hmm.
There must me more to this legislation than the party line of "It's just a list of websites blah blah blah". Can anybody fine the /really/ relevant clauses?
"whereas a fuel cell can offer over 90%... "
Hate to break it to you, but fuel cell conversion efficiency is actually much, much less than that: about 30%, not 90%.
The 90% figure you're quoting includes the waste heat (for CHP schemes and the like). Yes, fuel cells are usefully better than an internal combustion engine, but not by much.
Sadly, end-to-end process efficiency for H2-powered vehicles is "a bit pants".
Just look at all the cooling ducts on the BMW's i8 fuel-cell prototype. That tells you everything you need to know...
These multi-home streamers tend to have a few underlying niggles which they may have kept quiet about the the demo.
1. Will it handle gapless playback? This is just about possible with uPnP (but not always). Linn added some (proprietary but open) extentions to produce OpenHome (http://www.openhome.org/wiki/Oh:Overview), but only Linn seem to use it.
2. I presume it does multi-room synchronous playback? This is hard to do reliably over wireless, especially if you also deal with issue #3. Sinos has this pretty well covered.
3. What is the buffering delay/lag like? AirPlay has huge delay, which means it's not much use for directly connected video. Linn get around this issue by reducing the delay (at the expense of reliability) for video sources.
I think there's a local sync app (a la Dropbox). So you can maintain the mirrored files locally and the sync app should diff the changes to the cloud.
That also helps get around the problem of getting your data back if you cancel the service: maintain a local mirror. The storage limit is then the size of local storage array.
OK, no sympathy for freetards etc, but my Kindle 3G now won't accept any new personal documents because my (previously free) Amazon Cloud account is now deemed "over quota".
Among all the hoopla about the new unlimited storage, most news outlets have forgotten to mention that the old "5GB for free" service has been removed.
Unfortunately, the only way for me to access my account to bring it under quota is by signing up to the trial. Something I don't particularly want to do (having been nearly burned by an accidental "free" Amazon Prime trial in the past...).
Note to self: never *EVER* buy hardware that is tied to cloud specific services. Especially free ones...
Biting the hand that feeds IT © 1998–2019