* Posts by David Shaw

172 posts • joined 23 May 2007

Page:

Put your tin-foil hats on! Wi-Fi can be used to guesstimate number of people hidden in a room

David Shaw

You have to remember that mobile phone masts also double as a mini radar station

the analysis of GSM disturbances allegedly detected stealth aircraft, pre Bosnia

some search terms "GSM opportunistic emitter bistatic multistatic radar" . quite a bit of (simple) MATLAB signal processing can extract a lot of info from any available transmitter, parasitically

I've no real idea what the military call them, from the 'humanitarian' radar side we also used them for avalanche/mudslide and volcanic eruption prediction. Hopefully the new UK Space Radar sat can also do some of that

0
0
David Shaw

Re: how many enemies or civilians

I might have built a synthetic aperture radar based on WiFi, for detecting "moose/elk" passing across the forested european border to a very large autocratic regime, or vice-versa

Now I've recently seen similar devices along some of the wilder roads in the Alps, checking for deer & wild-boar and flashing signs at cars and beaming awful noises at the wildlife. Only seen one 'tripped' but there were no heffalumps in sight.

0
0

Cover up your privates: Linux distro Tails drops a new version

David Shaw

Re: Great idea, compromised right at its heart by insisting on using systemd

I was handing out TAILS live-DVD's at an open day a few years ago and someone rapidly deployed HUMINT to talk to me for an hour (how do I install it, do I have to put it in the coffee-cup holder, which way up? etc etc), just to stop me handing more DVDs out!

I remain astonished. [I was suggesting that the DVDs should be used for secure home banking, this was *not* the revolution that you were looking for]

TOR at the time had unique multiple fingerprint stained traffic(*) so I guess *they* just didnt want to dilute real exciting 'colorful' stuff with random users.

(*) in 2011 Tor claimed that their software protected users in two ways: i) Tor protects your communications from ``traffic analysis;'' and ii) Tor provides ``anonymity.'' Neither of these was always completely true.

Tor uses/used a public key exchange protocol called Diffie-Hellman to establish an initial encrypted connection between the user and an ``entry node.'' However, the parameters to this exchange -- which were sent unencrypted on the wire -- were chosen to be those defined as the ``Second Oakley Group'' (RFC 2409). No other web software used/uses these parameters. Thus, if traffic on the wire is observed to be communicating these parameters, it is almost certainly traffic generated by Tor. In other words, the use of these specific parameters was a unique signature which identifies Tor traffic from all other encrypted traffic

Another TOR bugdoor of that era, around TOR version 0.2.1 of the stable branch

Tor uses/used SSL to secure communications between Tor nodes and clients. When a Tor client wishes to connect to a Tor node (including `bridge' nodes), the node presents the client with an SSL Server Certificate. The problem is that the Common name field in this certificate is literally gibberish. The Tor node fills this field with a domain name generated at random, i.e. one that does not actually exist. For example, a typical Common Name field in a Tor node SSL Server Certificate could be ``www.s4ku5skci.net'' If one were to try to resolve this domain (e.g. using the command `nslookup http://www.s4ku5skci.net'), an error would be returned, since this is not a real domain name. Recall that SSL Server Certificates are/were sent unencrypted on the wire -- before an encrypted connection is established.

This behaviour (filling certificate fields with gibberish) is unique to Tor, i.e. no other SSL-capable server software does this; not Apache or any of its derivatives, not Microsoft's IIS, not Oracle's iPlanet... Even self-signed SSL Server Certificates (used by people who cannot afford one signed by a Certificate Authority) typically contain either an IP address in the Common Name field, or an empty Common Name field.

Therefore, all an ISP or government observer would need to do to unmask Tor traffic is to look for connections where SSL Server Certificates are/were being sent (this is trivial with DPI technology), attempt to resolve the domain(s) in the Common Name field, and if that fails, mark that connection as being Tor traffic, or block it altogether.

A third 'bugdoor' of the time

Historically, the Common Name fields in Tor SSL Server Certificates all begin with 'www.' and ended with '.net'. Simple SPAM traffic analysis tools are/were trivially adapted to identifying Tor traffic handshaking.

hopefully nowadays TOR 0.3.3.x has no bugs ;-)

I'm now focussing on renewables not security

5
1

Spies still super upset they can't get at your encrypted comms data

David Shaw

Re: Tide, stop coming in!

Does this means that all those nice spooks and spooky-assistants who are embedded(*) in the many & various tech/telecom international standards development groups are finally going home?

(*)Many open source reports of this, as I couldn’t possibly comment!

Sigh. So much more to say, but just no point when half of the conversation is with an antique rigidly militarized system that doesn’t even accept the need for unlinkable pseudonymity, on occasion, for certain groups. I’m happy with you ‘cracking crypto’ for ‘catching terrrrsts’ but someone will always mention Gladio etc you have lost rather a lot of trust recently. /rant

15
0

Do I hear two million dollars? Apple-1 fossil goes on the block, cassettes included

David Shaw

Expensive new Apple computers

They are expensive, yes, but the new MacBook Pro 13” for example is excellent value for money, especially with the eGPU.

6
18

Apple tipped to revive forgotten Macbook Air and Mac mini – report

David Shaw

Re: I don't need it yet...

I still have an 11" MBAir with just 2GB, it does work much better with the aftermarket SSD blade 300GB+ upgrade (from OWC, I think) as it flies compared to the original sluggish apple 64gb proprietry nvme stick.

So, old MBA RAM, doesnt seem to be an issue, but I'm also fitting/buying 16GB where I can.

my hexacore video editing macpro works great with 12GB

1
0
David Shaw

Re: Hmmmm

I just bought the new MacBook Pro, 13".

It was expensive - but great value for money

It was very up to date tech, my first 8 CPU threads in the shiny small form factor

it has 4 USB-C, can charge from any, can thunderbolt to/from any

I bought 16GB RAM, as it is a non-upgradeable block, but I can plug in my eGPU for fun, and I'll later try the RTX 2060 Turing nVidia external upgrade. Will take some typing!

Apple has some great stuff, still - if you buy with care

0
0

When's a backdoor not a backdoor? When the Oz government says it isn't

David Shaw
Holmes

“Covert screenshots”

Some versions of macOS ‘helpfully’ store both a jpg and a png image of all web pages viewed in Safari, one high res & one low-res. It includes user generated text in google search, translate etc. stored deep in ~/Library

Allegedly it is part of the macOS smooth transition from one webpage to another, if you are scrolling sideways back into history , for example, you see not very greeked cartoon pages of where you were. Might be a valid use of the UI, but one of my Macs had years of images and it was fascinating, forensically, to see what I was up to in 2012. (TimeCapsule backed-up these dual images of each webpage, for some reason)

1
0

Shock Land Rover Discovery: Sellers could meddle with connected cars if not unbound

David Shaw

Re: Same applies to other vendors...

A friend was driving his BMW X-something recently, on the motorway. He got a phone call on his hands-free infotainment system; “good morning Dr. D., we’ve noticed that it’s about time to change your brake-pads. We do have a slot tomorrow at 2pm if you’d like” this call came from the local city‘s big beemer dealership. They seemingly received live telemetry the second that an amber light came on, my colleague only noticed his dashboard display warning/advising about brakes after the phone-call. He was certain that there were no alarms at the start of his journey. Westinghouse brake & signal company SCADA with remote terminal management comes to cars! Dr. D. immediately booked a brake pad replacement at anywhere other than the city’s main-dealer.

They are probably using the E-911/E-112 channel etc

One thing about a 1973 Series III diesel landy is that it not only Carrington event immune, but also lacks any SCADA telemetry, for good or ill?

10
1
David Shaw

Land Rover pwned?

A previous JLR model that we used for a (legitimate research ) Bluetooth attack was slightly flawed in having a BT pin that was fixed, immutable. It wasn’t the VIN code, but those guessing “00000” would only be one zero out!

14
0

Russia appears to be 'live testing' cyber attacks – Former UK spy boss Robert Hannigan

David Shaw

Re: More FUD

Having personally received malware from UKUSA and partners, whilst not being a terrorist, I do think it highly likely that the Russians are also flinging exploits around at their home and abroad; perhaps they are better at it than our esteemed keyboard warriors?

Remember that the Russian cyberwarriors are typically many moves ahead of us playing “chess,” our Hannigan-led typist forces admittedly seem to be playing an anti-democratic candy-crush/flappy-bird with all the Trump shenanigans whilst the ascendent empire just “go” for it!

This next article describes a Chinese attack in Jan/Feb 2018, which pwned the USNavy, allegedly.

https://www.independent.co.uk/news/world/americas/china-government-hackers-us-navy-contractor-fbi-investigation-a8390831.html

5
0

PGP and S/MIME decryptors can leak plaintext from emails, says infosec professor

David Shaw

Re: "...exposure of the contents of past messages.”

Call me old fashioned, but as soon as I was required to communicate some other project with a CERT using PGP at their request, I chose a random ancient PC (out of hundreds available) to do the offline encoding and later decoding. And I set my PGP keys to expire in 3-weeks, not sure if that was overkill?

I then just used a generic mail client to send blobs of text back & forth, it seemed to work OK as the uptick in the spear-phishing from Gloucestershire was noticeable. They even phoned me up, pretending to be intel. Well done chaps. Go after some real targets.

I don’t trust non-mathematically proven ‘secure’ mail ‘add-ons’, never mind html-rich or remote beacon pixel laden emails

5
0

Ozzie Ozzie Ozzie, oi oi oi! Tech zillionaire Ray's backdoor crypto for the Feds is Clipper chip v2

David Shaw

Re: Weren't Lotus Notes backdoored with weak Crypto?

refreshing my mind further, it was weak crypto and it was escrowed crypto.

IBM/Lotus said: We deliver 64 bit keys to all customers, but 24 bits of those in the version that we deliver outside of the United States are deposited with the American government. That's how it works today,'' says Eileen Rudden, vice president at Lotus. Those 24 bits are critical for security in the system. 40-bit encryption is broken by a fast computer in several seconds

I can half remember Lotus steganographic key leakage too, but I haven't the time to hunt down that paranoid thought, so I might be mis-remembering.

3
0
David Shaw

Weren't Lotus Notes backdoored with weak Crypto?

I seem to recall that there was a mild kerfuffle when Sweden discovered that all their diplomatic-comms were rooted by Lotus, a 'feature' that they were seemingly unaware of.

looking on yandex.RU, as Slurp sometimes 'forgets', I found a UK document mentioning that it wasn't weak but escrowed crypto. Ray seems to have form!

Secret Swedish E-Mail Can Be Read by the U.S.A.

Fredrik Laurin, Calle Froste, *Svenska Dagbladet*, 18 Nov 1997

One of the world's most widely used e-mail programs, the American Lotus Notes, is not so secure as most of its 400,000 to 500,000 Swedish users believe. To be sure, it includes advanced cryptography in its e-mail function, but the codes that protect the encryption have been surrendered to American authorities. With them, the U.S. government can decode encrypted information. Among Swedish users are 349 parliament members, 15,000 tax agency employees, as well as employees in large businesses and the defense department. ``I didn't know that our Notes keys were deposited (with the U.S.). It was interesting to learn this,'' says Data Security Chief Jan Karlsson at the [Swedish] defense department. Gunnar Grenfors, Parliament director and daily e-mail user, says, ``I didn't know about this--here we handle sensitive information concerning Sweden's interests, and we should not leave the keys to this information to the U.S. government or anyone else. This must be a basic requirement.''

but this *was* over twenty years ago, so I'm sure everything is reasonable now, cough CryptoAG, cough.

10
0

Tim Berners-Lee says regulation of the web may be needed

David Shaw

Yes trolly, Tim 'invented' the WWW quite a while before release, hyperlinking all his DD department notes on his CompaQ 80286 'luggable', so that he could find a document in the vast space of its 20 megabyte hard disk. He did some typing in my apartment near Prévessin, probably before the ISO 8879 SGML release?

His genius, apart from regularly beating me at Scrabble, was to extend an idea that 'worked on his PC' in the mid 80's, to just 'the rest of the world.' And then defend it, gratis. That's why The Queen's College, Oxford have named a [small] cafeteria after him.

And SGML was written by a non-programming car-rally enthusiast called Charles, don't forget, who commented The World Wide Web, for example, succeeded commercially while many nobler, more technically interesting hypermedia systems proved only of academic interest, because of the Web's artful compromise in connecting technology to the needs of a real user community Tim was awake, he groks tech.

15
0
David Shaw

Professor Sir TimBL was always an optimist, but realist too

Dan55, I ilked this extract from the Grauniad article that you linked

Berners-Lee has always maintained that his creation was a reflection of humanity – the good, the bad and the ugly. However, his vision to create an “open platform that allows anyone to share information, access opportunities and collaborate across geographical boundaries” has been challenged as the web has become more centralised.

“I’m still an optimist, but an optimist standing at the top of the hill with a nasty storm blowing in my face, hanging on to a fence,” he told the Guardian in November. “We have to grit our teeth and hang on to the fence and not take it for granted that the web will lead us to wonderful things.”

TimBL saw as soon as his W.W.W was launched that it needed defending, and he set about taking and standardising the carpet away from under the extend, embrace, extinguish mob. The centralize, snoop, subvert/weaponize mob are hard-at-it now, ramping up control since the late 90's. They are doing historically-unprecedented attacks on behalf of their sovereign nation states, following or sometimes leading a political agenda, intertwined with a badvert business model. As sovereign nations they of course *can* do this, they just have to rationally explain to the people of the web , why.

Come on nations that aren't scared of their people, invest in the future, like the 2004 Finnish: Millennium-teknologiapalkinto

http://www.nytimes.com/2004/06/14/business/pioneer-who-kept-the-web-free-honored-with-a-technology-prize.html

4
0

Europe is living in the past (by nearly six minutes) thanks to Serbia and Kosovo

David Shaw

'free' German NTP?

I bought a bunch of Meinberg hardware references, for work

I also use them for home amongst a few other different tools for time-sync using - for example weak signal propagation reporter (WSPR or the WSJT-X) Ham Radio digi-modes, from https://physics.princeton.edu/pulsar/k1jt/

you could try Meinbergs's NTP software for Windows

https://www.meinbergglobal.com/english/sw/ntp.htm#ntp_stable

they used to have a special offer, write them a mail saying why you'd like to become an NTP node, and they might send you all the hardware!

0
0

Private browsing isn't: Boffins say smut-mode can't hide your tracks

David Shaw

Re: Putin's hackers!

@PM, evidence here agree with you partially, 30 retired spies have been recently arrested for a multi-million dollar attack on oposition parties, opposition figureheads and just celebs who held the wrong opinion. Sadly lacks a link to Vlad.

http://english.yonhapnews.co.kr/national/2018/02/26/0301000000AEN20180226007600315.html

massive illegal political maneuver led by the state spy agency

reminder this is the South of Korea, refers to the previous administration, a previously fully on-message member of the enormous MIC *ntel agencies matrix. Subverting democracy, and getting caught - at least that sounds like a resurgence of democracy, if only, amazingly, in the snowy Korean Peninusula.

Spies/Officers do obviously have a real role to play, spy vs. spy, so counter corrupt Putin by all means - but stop subverting normal life with your cheap digital tools and your pervasive 'store everything' for later advantage. For the massed ranks of spies with their near trillions in budgets It is obviously so tempting to nudge 'your' version of democracy, that I'd be surprised if this wasn't happening everywhere on the planet, and not just where there are rooskies. That's an important fact, and I won't even mention the absurd Czech's. oops.

Back to the subject of the article, I have used TAILS(*), as a live boot CD, but in the correct paranoid-level of security I assumed even that was backdoored to some extent, and certainly my download of the tool was a flagged event. I consider 'private browsing' feature in Browsers to be another bit of security theatre - but maybe "Private Browsing" could work on some badvertiser javascript auction behind the scenes? getting a decent air-fare or insurance quote maybe!

(*)I needed to hide my data/metadata whilst I worked on some sensitive GMO related corn analysis figures for work, and that implied, and required, almost 'active terrorist cell' levels of IT, in order to preserve the security of the citizens, allegedly. It seems to have worked.

4
1

To hack Australia and learn its secrets, buy second-hand furniture

David Shaw

Re: Dangerous data

I was given a cardboard box in the late eighties containing a Mac512k (M0001W model just before the Macintosh Plus) in very small bits. It came with OS2.1 on 3.5" floppies. And a five megabyte Hard Disk.

Assembled all the bits, got it to boot, but no joy from the HDD. Opened it back up, and noticed that the HDD was slaved off the Mac PSU and had a dry-ish joint, possible due to overcurrent, overtemp in the unventilated box. Bit of lead/tin later & it booted into a Ferranti defence-secret environment containing encrypted HDD, in 1986! missiles, sonar, eurofighter - who knows. The HDD was encrypted, but as it failed mounted, it was able to be remounted without a problem, allowing me to delete everything, including the crypto system and install boring office programs. The Mac still boots and the 5MB HDD still overheats.

7
0

UK Army chief: Russia could totally pwn us with cable-cutting and hax0rs

David Shaw

Re: Senior service

but we apparently dont even have anything bigger than police/coastguard - basically ceremonial

some study {or DailyWail article} showed UK RN having three boats to cover inshore water, compared to Italy RN having hundreds (for an approximately similar coastline)

I wouldnt be surprised if the Swiss actually have more water craft

1
0

'The capacitors exploded, showering the lab in flaming confetti'

David Shaw

capacitors exploded? we had an exploding antimatter target

Im not sure if this is 'entertaining', but it did contain a 'Who, me?' moment. I said 'Yes'

The excellent University of Sheffield designed us an antimatter production rod, a target for the conversion of incoming pulses of GeV protons, into high energy pbars. The antimatter fell out of the back of the target, in a Pratchetian magic way, as statistically it was able to. I daren't use the word quantum, as most sentences which use the 'Q' word are wrong. We of course also got a lot of electrons, positrons, neutrons and positive and negative pions, kaons and muons, which was lovely, but not wanted in the pbar phase space.

The pbar target then was basically a solid rod of copper (size of a pencil), using magnetic focussing to self-contain the GeVp to allow maximum matter/energy/matter interaction magic, and a bit of cooling.

This focussing current was around 320000A pulsed(*), at some hundreds of volts. It worked well, low p/-p efficiency , but we were able to make and store more antimatter than had existed since the big one, quite a while ago. (*other Lithium targets take 1 MA pulses, @ ~6Hz)

One day, something didn't go very well, I never found out what, maybe a UPS tripped?, the Norsk Data computerised interlock system did manage to dump the incoming 26GeV pulses and switch everything off, but still the room and all the activated engineering inside it burned. Some heroes, as they do, ran towards it & put the 'nuke fire' out.

I was 'volunteered' into the second response team, as were the other twenty engineers on the un-named project, we were lined up by age - those childless were moved to the lower bias, and then we went in for an annual rad dose in my case I was painting everything with super sticky paint for around 6 minutes to get my dose. Senior colleagues took much more. Our WTF alarms were screaming all the time. We stabilised the errant activated BeO etc dust/soot. Think Wii-U Splatoon, we were the glow-in-the-dark squids.

Science started again after about a month. I salute Eifionydd who led the team and made the show go on.

3
0

VW's US environment boss gets seven years for Dieselgate scam

David Shaw

I'm not allowed to comment on this

1
2

Investigatory Powers Act: You're not being paranoid. UK.gov really is watching you

David Shaw

Re: Operation haystack...

Yep, been there and done that - since about 2006 (when I was slightly involved with sensitive GMO detection % levels and so the work called for a legitimate use of TAiLS, ToR & TrackMeNot etc)

it really annoyed the IT support at work, it didn't seem to perturb particularly the professional watchers, I guess that you do have to write your own traffic generators/mixers to avoid the backdoored complier type problem.

I think it is a very valid countermeasure to the commercial slurping, which is *almost* worse than the 'gov stuff, but as they are sovereign - they all are allowed to do whatever they want, provided they occasionally explain/justify, which is nice.

3
0

Damian Green: Not only my workstation – mystery pr0n all over Parliamentary PCs

David Shaw

An MP that gives credentials to their staff . . .

obligatory Dilbert (actually today's)

http://assets.amuniversal.com/5af325a0b04a0135ff38005056a9545d

alternate link incase the above hash is temporary http://dilbert.com/strip/2017-12-05

maybe the staff just guess, accurately! (or can read the Post-It repo)

1
0
David Shaw

Re: Did he do it or not? was it planted or not?

there's a very nice free ebook pdf on the reliability of even real forensic digital evidence here, written by a UK Barrister & a univ. prof.

http://ials.sas.ac.uk/digital/humanities-digital-library/observing-law-ials-open-book-service-law/electronic-evidence

leaks/hacker/secret-squirrels/pr0n who knows what was going on !, but read and worry. . .

1
0

Apple sprays down bug-ridden iOS 11 with more fixes

David Shaw

Re: With an annoying feature.

you can make that <!> go away by starting to set up apple pay (which might eventually be needed when all the ATM's have gone) and after a few seconds into the set-up procedure you can choose the "finish setting-up later' option in tiny font at the bottom of the screen, and then forget about it, until cashless society hits.

3
0
David Shaw

Re: 11.2 screws up . . .

11.2 also helpfully wouldn't connect to any of my WiFi access points

"incorrect password for network "fluffywhatsits"

even tho' I struggled to enter the ~23 random digit key verifiably correctly, several times

Cured, seemingly, via a simple General/Reset/Reset Network Settings and its restarts and the mobe started to behave

11.2 does tell me that when I turn OFF my Wi-Fi it isn't, gives me a pop-over filled with info - it still doesnt address environmental profiling / the supermarkets that are alleged to be using device Wi-Fi & BT MAC addresses, MAC LUT, then in some cases use dynamic on-shelf pricing - charging JesusPhone users a bit over the odds, do I need to keep a landfill android for my trips to ASDA or Carrefour?

and by the way, the bug, dubbed "I Am Root" is possibly going to come back when we get the macOS 11.3.2 upgrade, with its inevitable nice new emojis

2
0

Report: Underwater net cables are prime targets for terrorists and Russia

David Shaw

old news

I seem to recall big bad Russia asking the telco where I worked in the early 1990's for some cross country infrastructure. My company proposed, and then probably installed (I was not involved so have no idea), a chain of submarine cables strung across the north of their massive landmass. It was smirked locally at the time that the cable would be much easier for us to 'record for continuous improvement of the service' ELINT type stuff, rather than if someone else sold them a network of MLOS towers from Königsberg to Vladik. Apparently, allegedly, probably was just a joke?

more worryingly, I was recently wandering around a quaint fishing village in a big euro nation, saw a nice small obviously telco building down a side street. it had a large proud sign on the outside, something like

"THIS IS THE INTER EU TERMINATION POINT FOR UNDERSEA CABLES FROM X, Y & Z, a VERY IMPORTANT BUILDING"

sigh, OK, keep the sign for bigs, but stick it on a nearby decoy small garden shed that doesnt contain the termination systems and their redundant equipment. paint the actual target to look like something other than a very important small building, perhaps pretend it is a small garden shed.

resilience?

0
0

UK.gov admits Investigatory Powers Act illegal under EU law

David Shaw

I’m actually in favor of Police having wide access to intelligence data

They are, after all, the service that sorts stuff out.

Meanwhile, I’m impressed that the UK is being transparent about their “data-retention illegality,” many EU MS have continued to DR as much as possible, possibly only Slovenia stopped?

More transparency at http://statewatch.org/news/2017/nov/eu-ctc-data-ret.htm

2
8

As Apple fixes macOS root password hole, here's what went wrong

David Shaw

Re: Mistakes happen, part two

seems (from Apple themselves) that fixing the root password bug introduces a file-sharing fail bug, more specifically a fail-to-ever-authenticate file sharing no-go between High Sierra machines, and sometimes apfs SMB, NAS permissions problems etc

https://support.apple.com/en-us/HT208317

SNAFU used to be the appropriate .mil term, how quickly will we get Security Update 2017-001b?

12
0

10 years of the Kindle and the curious incident of a dog in the day-time

David Shaw

Re: One good reason for the Kindle...

The Kindle has a web browser ..... the original 3G kindle's (experimental) web-browser even worked via whisper-net (sim-free UMTS) behind/thru the great firewall of China

good call on the Gutenberg txt repository too, I d/l every book in every language on that site (before I was banned) to use for part of my password-finding dictionary

modern kindle paperwhite works really well on a beach , tho' not tried it yet on a Chinese beach

4
0

FYI: iOS apps can turn on your camera any time without warning

David Shaw
WTF?

Great, so my new Samsung Galaxy ‘X’, if I can afford it, will have colorful post-it notes back and front!

Have you all tried the iOS11 calculator trick yet?, seeing how quickly you can use Calculator to add 1+2+3, and just how big the answer can be?

Applesauce

2
5

Apple Cook's half-baked defense of the Mac Mini: This kit ain't a leftover

David Shaw
FAIL

Re: The 2011 one still works

I have a few 2011 MMs and had problems specifically with the one used for email etc. One with a 3TB usb3 timecapsule was always commiting self-DoS to the fruity ‘Magic-Mouse’ and BT trackpad and wireless keyboards. This hopping, skipping, jumping of the cursor happened with all attempted layouts of the desktop & wires and eventually I reverted back to wired peripherals. Putting the electromagnetic non-compatibility down to a poorly screened LaCie USB3 cable.

Recently however, when I bought the nano-connector and SATA harness to add a lower or was it upper SSD to max out the 16GB mini, I was surprised that the nice supplier included completely freely and off their own bat a linear inch of copper sticky screening foil. They had independently determined that the 2011/2012 macMini Bluetooth radio card is insufficiently screened from the rest of the Mac mobo, and with this five ha’porth of foil - solved all my EMC probs.

I had submitted the failures to Apple in bug reports as I’ve been beta-testing their OS’s over the years, there was never any feedback from Cupertino, good to see that the MM will be updated (probably with an hexacore A11X in a year?)

It’s nice to finally have a working macMini, thanks due NOT to Apple

4
0

He's no good for you! Ofcom wants to give folk powers to dump subpar broadband contracts

David Shaw
Thumb Up

Re: We have had this QoS based contract exit law in Italy for a few years already

I just checked, as there are quite a few Nemesys similar named anti-malware systems out there, this is specifically NeMeSys. http://www.tuttoadsl.net/NeMeSys.htm

Now also Mac/Linux versions, I did eventually get SLOWEB to speed up, but that’s another story.

0
0
David Shaw
FAIL

We have had this QoS based contract exit law in Italy for a few years already

The law guarantees a minimum broadband service of , say 2 mbps.

Telecom Italia offers 6 mbps or 20 or whatever , if you feel like checking this, then you go to the OFCOM equivalent website, enter a few unique Id codes (tax code , ni number , phone number etc) and they build you a personalized speed test app. This app (NeMeSys) will only run on Windows, only connect to the modem via Ethernet, it quits open browsers & then runs for 24 hours, making frequent calls to a neutral server somewhere else in Italy & measures the throughput. It then delivers the result of the test as a certified download, trusted & traceable and sends the data to the client and the appropriate TELCO.

In my test, it ran - showed that my 6megs at the end of miles of degraded cables was down to sometimes half-a-meg, and allowed me to leave Telecom Italia with no penalties. It really worked.

However, my new telco, SLOWEB as I call them, don’t permit NeMeSys to run, unless you give them 24hours notice that you are about to start profiling your line in a serious way! Magically, 24 h seems to be just enough time for someone to temporarily allocate a better contention ratio, or simply blast more line RF power, to perhaps just pass the tests?

Been-there , done that.

1
0

WikiLeaks a 'hostile intelligence service', SS7 spying, Russian money laundering – all now on US Congress todo list

David Shaw
Boffin

Re: The real hostile intelligence service

Here's the ZH article on Assange(tm)

http://www.zerohedge.com/news/2017-08-24/senate-declares-war-assange

It reads perfectly fine, they are just part of a spectrum of news/cointelpro, whatever you want to call it , much of which is a bit iffy/whiffy, like the Daily Mail or (whatever happened to) the Guardian in the last 5 years.

The 'diplomatic communication' (propaganda) budget of many nations is up in the billions of $/£/€ per year and it is now aimed domestically not just far-away by HF TX. Sometimes the propaganda is astroturfed in comments, even on El'Reg.

Read widely and wisely.

3
0

.. ..-. / -.-- --- ..- / -.-. .- -. / .-. . .- -.. / - .... .. ... then a US Navy fondleslab just put you out of a job

David Shaw

Re: Indeed

indeed, my kid at college was slightly flummoxed this year when they asked him to write a program in C, and just gave a blank sheet of A4. Upon checking, computers/compliers weren't (initially) allowed - just a pencil and a piece of paper. . . it does show if you've been paying attention

I do personally prefer digimodes/WSPR etc now to my very patchy morse (G8 = 1wpm), just invested in 16-bit DDC/DUC hardware made in EU, and even digital radio mondiale is being decoded

0
0

Britain's warhead-watcher to simulate Trident nukes with Atos supercomputer

David Shaw

Re: Hmm

We also use a lot of (sadly, sharkless - more octopus-like) lasers for testing the nuclear materiel.

I think it wouldn't fit in an old saucepan, perhaps a large Le Creuset?

0
0

Fresh cotton underpants fix series of mysterious mainframe crashes

David Shaw

Re: Finger of death

point her finger at the screen from a distance of a number of centimetres and it would die.

I saw this happen to a live System-X (telecom) switch in central London, I'd taken my team of 20 budding engineers to look at the room filled with humming boxes, and an operations engineer pointed to the nearest PCM Concentrator unit. The other Concentrators and the cross-connect switching seemed to carry on - but all hell broke loose as a few thousand trading calls stopped.

I'm quite sure it was a gesture from around 3-feet away, I think the floor was correctly dissipative, dunno what underwear/pants were involved but Cable & W certainly stopped 'tourism' after that.

The O&M was rather fantastic getting new cards in & working within ten-minutes. Also late 80s.

4
0
David Shaw

Re: ughh- No static at all?

its quite possible that you're not getting a 'static' belt, but the 'leakage current' through the RF suppression components. On a Macbook this leakage can be solved by using an official earthed power lead into the white square blob instead of a generic figure-of-eight twin lead mains plug. If you're already using a 3-pin plug then its time to check for earth (non)-continuity, perhaps through adapters or extension leads?

the (safeish) leakage current of about half-a-milliamp (typical) on a metal framed laptop is floating at half the mains volts, so around 1.4 milliNylonBloomers - others describe the Macbook as feeling tickly - as the back of the hand can detect the alternating current quite well. Lenovo's have the charger with an earthed clover connector - many 'plastic' Lenovos are stuffed with light metal alloys that can also 'buzz' without an earth. . .and remember you can run MacOS Sierra on an X220 with a de-whitelisted BIOS & a £20 wifi card, allegedly.

3
0

PC rebooted every time user flushed the toilet

David Shaw

Re: Yank here.

Yes, "That device sounds suspiciously like a ferroresonant power conditioner." I found one of these in the HVPSU of an Austrian designed TV transmitter/transverter that I installed in the fairly peaceful and very beautiful KSA/Yemeni Asir border area in the '80s.

the ferroresonant device was 50Hz, but the previously installed TV repeater station genset was 60Hz, I was able to fudge it once I had worked out why the tetrode EHT fuses were popping! (for some reason I ate mostly parmesan cheese whilst doing this maintenance as the local market of horribly beweaponed ghat growing tribes sold whole round cheeses) The UHF driver amplifier was also multimoding as a second fault, and had to be filled with a lot of aluminium foil inside a plastic bag, to try and dampen down the feedback/gain/sprogs, all this whilst trying to breathe at 3500 metres asl, on top of Jabel Fayfa.

1
0

Millimetre wave.. omigerd it's going nowherrr.. Apple, you say?

David Shaw

~60GHz, IIRC, is (soon) going to be the ubiquitous Internet of Cars M2M - think the cell is around a hundred metres. That will be big business.

The Ham bands at 47GHz and 24GHz have achieved many hundreds of kilometres direct range, with good preparation, and worldwide coverage via a lunar reflector - with a lot of care.

Some of the very small motes for next generation computing nodes only have enough space for a λ/4 mmW array - so that's a niche use for the sort of IoT stuff that you buy by the kilogram.

cognitive/white-space was also supposed to solve the 'spectrum' - with my £20 NooElec (. . ..co.uk/dp/B01HA642SW/) I can see rather a lot of empty stuff, but thats just upto 0.0017THz, using SDR# on Win & Gqrx (old standalone) app on macOS newer macOS GQRX here

0
0

'Jaff' argh snakes: 5m emails/hour ransomware floods inboxes

David Shaw

Re: If you want to help scientifically test email providers for security/etc

thanks aCynic , yes canonically the email provider test is at mesa.jrc.ec.europa.eu (why we need three 'europes' in the URL is beyond me!)

a typical result is here

STARTTLS CERTIFICATE SPF DKIM DMARC DANE DNSSEC

100 50 100 100 100 0 0

which ended up providing 'minimum security' - all weird & wonderful providers welcome

0
0
David Shaw
Coat

If you want to help scientifically test email providers for security/etc

https://mesa.jrc.ec.europa

(I don't get to see any of the logs, so it's quite a safe test)

It showed me that one of my email services was open to fraud/spam, and that two of them were probably ok!

1
0

PC repair chap lets tech support scammer log on to his PC. His Linux PC

David Shaw

professional scammers

I work in Italy, so I was mildly surprised when I received a phone call from a UK '0345' number.

He/she/it/they said "Hello Mr. Shaw" in perfect English to which I replied in Italian, for the lulz.

He/she/it/they continued the conversation in Italian (wow!), claiming to be from Intel UK - wanting to send me "a pdf" of their latest processors.

I graciously declined his/her/its/their kind offer of a Remote Access Trojan or whatever, and they hung-up.

Perfectly professional, courteous, and slightly more intimidating than a run of the mill scammer - and FYI I use very-offline PGP (with a 3 month validity) at a non-networked PC when I en/de/crypt messages to that particular CERT - so in the end, fruitless - but carry-on chaps/chapettes/. . .

I get the MS calls from Asia too, but just leave the phone next to the radio whilst I simulate looking for the Windows administrator, until they too give-up. . .

12
0

RF pulses from dust collisions could be killing satellites

David Shaw

the VNIIEF January 1952 andrei sakharov emp grenade-generator, where he used tnt to blow apart a single loop of coppery/plasma with circulating high current was similar to this? basically back-emf EMP as an electromagnet turned to scattering dust. the small mass of the particle in the satellite case has rather a lot more momentum than a hundred grams of exothermic chemical, but would the overall energies be similar!

2
1
David Shaw

Re: Impact --> dense plasma --> charge separation due to differential velocity--> RF pulse

you can actually unroll a reel of sellotape in a vacuum to get X-rays, without DARPA

4
0

Chap 'fixes' Microsoft's Windows 7 and 8 update block on new CPUs

David Shaw

for those dedicated Astronomy apps why not try using, say, Windows 7 in a VM on a 2012 core-i5 Macmini (12GB)

OS X 'El Capitan' (10.11.6) runs Win7x64 in VMware Fusion 6.0.6 very well - snappily even!

macOS 'Sierra' (10.12.4) runs Win7x64 in Parallels Desktop 12 reasonably well (it was cheaper than the VMWare 8.5 upgrade) however kids complain that Roblox is laggy - it was better in VMware 6.0.6

or, install Linux Mint on a multi-core/multi-thread PC with 12 - 16GB RAM then sudo apt-get install virtualbox;sudo apt-get install virtualbox-guest-dkms

I just counted and I now have around thirty VM's on disk, I'll be migrating some to my new Pentium Kaby Lake G4560 build

7
0

Regulate This! Time to subject algorithms to our laws

David Shaw
Flame

Re: what...

The {national} parliament{s} these days even seems to bypass close scrutiny of any draft legislation.

I seem to recall one of the early ILETS data-retention laws being passed entirely by fax!

One noble Lord in the UK briefly noticed, but he was told to calm down as "it wasn't that important" - just seemingly - at present illegal per ECJ

As for the algos, by the time the Amazon Cloud has finished training my software defined architecture, can even I understand the rules, never mind explain it to the Palatial incumbents?

0
1

Smart meter firm EDMI asked UK for £7m to change a single component

David Shaw

I've got (so-far) three smart meters at home

A reads the left side of the house for one energy supplier [or it should] (LCD display has failed so I can no longer read it locally - I'm going to have to wire an arduino up to count the kWh led pulses)

B reads the right side of the house for another energy supplier

and a third one C checks what output my main FIT PV-array has, (installed immediately after the inverter to ensure that I don't cheat to get bigger FIT payments) [or they should]

The reality is that all my meters are read by company B, who sometimes send my consumption data to company A for billing, [once they delayed the data by a whole year] My B & C smartmeters are also not accurate for receiving my FIT payments as I'm simply receiving "an average" for my 3kWp array - I'm getting identical payments to a local friend. Maybe one-day they will correct with over/under payments?

As a new hobby, I've just bought a new set of PV components (from a major online book-seller) :- couple of "12V" 100Wp poly modules from somewhere in the EU@£80-ish each and a £79 MPPT 18V 600W grid-tie micro-inverter. I'll be feeding this 230V into smartmeter A, checking carefully to ensure that it doesn't register my generation as power-consumption! [smartmeters often don't run backwards] I hope to just get rid of my base-load on that side of the house. All lights are already LED.

In this part of the EU I was given no-option / zero choice about the first two meters, and had to accept the checksum meter as part of the FIT contract. It's good that you might get a choice in UK, if you say "NO" a lot when offered.

The initial load-shedding function hypothesis envisaged of smartmeters is that they will connect through a domotic API for turning off the fridge and freezer for a few hours [without any risk of spoiling the food], then progressively shed further loads until potentially fully off. However it seems that the current generation doesn't do that, my fridge & freezers certainly don't do that, and I don't really want to pay multi-millions to billions to implement this, without a lot more debate.

2
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018