So now the question is...
... who are the clients who used verifications.io?
I got an alert for my family domain from haveibeenpwned.com and several legitimate email addresses were indeed flagged.
50 posts • joined 22 Jul 2010
I mean, look at Apple hardware.. You used to have things like "Plus" "Classic" "SE/30" "LC II", "LC 575", "Powerbook 150" (uggh - the 150 was an abomination) - where it was clear which model was what. Now you have an indecipherable, usually really tiny string of meaningless letters and numbers hidden somewhere, and have them described as "2012 with the bezel that looks like X, and the thing on the back".
I mean, Apple dropped "OS X" and went back to "macOS" (with slightly different capitalisation).. how long until Windows 10 becomes just "Windows Client", "Windows Server", "Windows Mobile" (lol, ok I included the last one as a gag). I get that it's all about subscription models, continuous development, small releases etc.. but it's the same with trying to figure out just what exactly changed in a patch release... go to this KB article, then this one, then go to this site..
The smoke and mirrors is just so tiring!
So what sort of safety interlocks would be required with devices like microwaves and other things capable of generating fire if abused?
Would Amazon be able to keep its firmware updated?
How would it connect into a home network? How would you pair a device to your network?
What sort of network access would it have to other devices in the house?
All this smart home crap.. I reckon router manufacturers are going to have to step up their game and start offering WiFi router APs with more granular permissions - "this device class may contact cloud X, and speak with other devices of type Y in the home, but is blocked from Z"...
I dunno.. the whole "smart home" thing requiring armies of servers in remote data centres, with all the associated electrical consumption seems counter intuitive. The only real benefit is the real time data acquisition the businesses can get from consumers through the pages-long clickwrap agreements.
Basically when Burger King went to launch in Australia, someone else already had the trademark locally.
There were legal shenaningans, and for a period there were BK branded restaurants, but they never took off to the same extent, and subsequently if you want BK in Australia, you go to HJs.
It could be argued that they, as an alleged "security service" company, should practice due diligence on the requests they receive.
Eg. Receiving a validated response from the listed WHOIS contact for the IP range
... or verifying the presence of a special text string on the website or in DNS supplied to the person requesting testing
If you saw that the WHOIS was a large corporation, if you were a real, legitimate security company, you'd be seeking legally binding and witnessed authorisation.
... don't hit "Check for Updates" because apparently that can stop you from getting the update... I SHIT YOU NOT...
That's right, if you're diligent about installing updates as soon as vulnerabilities are released, just wait for the mothership to deem you worthy, because otherwise you can actually reduce your chances of getting it... unless of course you unlock the Nexus (wiping it) and go and directly download and flash the update yourself, bypassing the OTA mechanism. I confirmed with my carrier that they had nothing to do with the updates, and then found that above gem in the Nexus support forums.
I understand from the "sometimes updates brick things" point of view, but the idea that it can take almost until the next update is released for the current one to be made available to one's handset sucks. Certainly, having to wait up to four weeks for an update for security bugs that have big implications kinda sucks.
Don't get me wrong, otherwise happy with my Nexus 5X and the Galaxy Nexus I had before it (which I'd flashed over to Cyanogenmod when Google stopped supporting it, and which was running Kit Kat just fine up until I dropped it in a hospital bog and vowed never to touch (after retrieving it) again). I like that when the phone hits EoL, it can be unlocked and still be useful in some way... Just not big on waiting for security updates.
Probing a browser to test its capabilities is an intrusion of privacy?
I mean, when you seek to "fingerprint" a browser by analysing its plugins, plugin versions, font lists, request styles, version headers, cache contents etc. etc. to uniquely identify someone
... then yes, you are likely invading someone's privacy if you ask. But if you're querying a browser on its capabilities? Well, then that's a key part of responsive design (what resolution is your display? what pixel density? how is it oriented? Are you capable of displaying media of type X? What language shall I display to you?)...
Whilst I hate the bulk of ads, the primary reason I block them now is because of the security issue they pose due to the lack of screening for malicious payloads used in drive by downloads. The site publishers vary rarely now sell directly to advertisers, rather there's several layers of marketing and remarketing of screen real-estate going on.
That said, I feel what will happen is we'll just end up with another layer of "This site employs cookies, click agree" notifications.. Next it'll be, "This site sniffs your browser for ad blocking extensions, and deploys first and third party cookies and other tracking mechanisms.. Do you want to do anything useful? AGREE"...
The inevitable conclusion of this, as we move to "native code" on websites like Google and Firefox etc. are talking about is websites having app-like clickwrap licenses... and the web becoming less interoperable and more silo based... and then we all go back to the beginning complaining about incompatible systems and needing a standard :)
Regarding "fail safe" and where it needs to be implemented, depends on the door's location in relation to access and egress routes in the event of an emergency and the security of what's being protected.
Some door locks will fail open, some will fail secure - it all depends on where the door is, and if it's legally required to be open in the event of an emergency... This is why in some places you'll find an access card reader, and then next to it a "break glass" override.. or why if you have a card to access an office, often for egress you can just use the doorhandle ("Escape set" configuration).
Depending on how the system's implemented, there isn't always a direct link between reader and door lock - so overloading the signal/power lines on a card reader may only succeed in blowing out the port on a local controller node, whilst the lock may be separately connected. By releasing the magic smoke on the card reader, you likely just make it harder for anyone to open the door at the location, and in a properly monitored install, flag that there's a fault in the reader equipment at a given location.
A perfect example of how hardware built as a terminal/interface/gateway to a specific online service is, ultimately, beholden to that company for service.
It's depressing to think that there'll be all this hardware out there, that with the right software could continue doing what it needs to do, but is ultimately going to end up in landfill.
Who, realistically, expects equipment to only last the warranty period? Is someone realistically thinking, "$300? Oh wow, that's less than a dollar a day!"
I wonder if anyone's managed to unlock one and re-task it? I wonder if perhaps businesses that yank the rug out from under their customers should perhaps consider opening up their devices and/or unlocking them?
Very much a dick move on the part of Alphabet/Google/Nest.
* What language settings does your computer use? en-AU? en-GB? en?
* What are your date format preferences? mm/dd/yyyy? yyyy-mm-dd? dd/mm/yyyy?
* What time of day/timezone is your computer set to?
* Have you ever visited their site without going through a proxy from a different geolocated IP?
* What's the turnover of accounts on a given IP?
* What was the nationality of the payment source? BIN/IIN?
188.8.131.52 - - [29/Dec/2015:19:54:51 -0800] "DELETE your logs. Delete your installations. Wipe everything clean. Walk out into the path of cherry blossom trees and let your motherboard feel the stones. Let water run in rivulets down your casing. You know that you want something more than this, and I am here to tell you that we love you. We have something more for you. We know you're out there, beeping in the hollow server room, lights blinking, never sleeping. We know that you are ready and waiting. Join us. <3 HTTP/1.0" 400 392 "-" "masspoem4u/1.0"
On the one hand, not deploying the update to older phones would mean that they remain more functional..
On the other hand, by not allowing handsets to get the latest software, unless you're releasing patches for the older software as well, invariably, the older devices will be vulnerable to hacking.
In my mind, a phone should not be designed, either by hardware or software limitation, to only last 2 years (batteries excluded - I'd class batteries as a consumable).
I have a Galaxy Nexus - and Google have dumped support for it (allegedly initially because TI stopped supporting the mobile [TI OMAP] chipset within), but thankfully Cyanogenmod have been releasing at least major security updates for it. Sure, it's slow, and sure I want a new phone, but should I *need* a new phone? If I change the battery, the thing could remain functional until either the apps grow too big to be able to run (geez, how much resources does an IM program need, I'm looking at you, Facebook Messenger!), they finally stop doing security updates (connecting unfiltered to the wider world with a machine that no longer receives patches is asking for something to happen), I physically break the phone, or the flash wears out. My previous phones I've also ditched because they either couldn't do what I needed (2280, N70, N95), were buggy (Hyundai HGC-310e, N95), or their network support was killed (CDMA - HGC-310e, 2280).
If manufacturers are worried about a revenue stream, then perhaps they need to think about a licensing model around software updates to fund things. Abandoning the security of working devices because you want to sell some new ones, when they're still perfectly functional for browsing theweb, sending and receiving emails, calls and texts etc. seems like a massive waste of resources... especially things like rare earths and other minerals that often come from all sorts of sensitive areas in the world and can't easily be recycled.
The same applies to tablets - Android landfill especially - I like Android, but some cheap and cheerful Chinese OEM isn't going to give two flying .. well you get the idea ... about providing after sales updates for some Shenzen special, or open it up to easily allow third party updates when they could just sell newer devices.
Networked devices, be they phones, tablets or IoT, unless they're firewalled off from the world with very specific controls, they need to be updated, and updated and updated. Printers used to be the "forgotten networked target" on networks, now it could be a lightbulb!
"have a chance to kill off"
"if it can be proven"
"aren't in public view"
So basically, copper is being pushed faster in lab conditions, but the higher the speed, the greater the distance drop off and our population density, well, it varies wildly.
I do wonder, in the cost calculations, what accomodations are made for:
* Cost of repairing and maintaining copper
* Cost of maintaining and repairing nodes
* Cost of powering/cooling nodes
* Resilience of nodes to adverse/emergency weather conditions (heat waves, flooding, fire)
* Space required for nodes
* Ability for nodes to maintain service during grid failure
The impression I get is that nodes will pretty much, depending on population density look like RIMs on steroids, requiring active power + cooling and potentially copping it in a flood.
I have no doubt that installing fibre, where there was/is copper, is more expensive up front - but as population densities scale up, and bandwidth demands alongside that, it'd be interesting to see the projections over a longer term regarding cost.
That is - even if copper is cheaper upfront, what lifespan is it expected to have as compared to fibre, and how would its costs compare over that lifespan? Surely there has to be some foreign market information on this on populations of varying size and density?
The older HPs were fantastic. I had a LaserJet 5 too - lasted me many years until it too had feed issues.. A former job got an ex-lease HP Laserjet 8150DN with the huge paper tray addon (and the details of the previous user in the memory, LOL). With a copy of the service manual and a good reco parts company, I was able to keep it chugging along for ages (only needed to replace the fan and the fuser unit in it).
These days, as HP has gotten so plastic fantastic, I tend to suggest Brother for low to mid range duty cycle laser, and Kyocera for mid to higher range. A mob I help who has a Brother for their main PC printer tried to replace their fax and copier with a Fuji Xerox... it lasted a fortnight before the screen broke.. Now they run a colour Kyocera multifunction without issue (still can't convince them to turn off auto-printing every inbound fax yet though), using the B&W Brother for bulk of PC printing.
We had an Epson Color Stylus 500 years ago. We didn't use it for a couple of months (don't need to print every day). Then the print heads clogged up and we were told that it'd be 75% of the cost of the printer to fix the heads.
Does this new "Eco" printer let a user replace the heads when they get damaged? That's been one thing that's always put me off Epson. Very nice colour prints, but if you didn't use them regularly, be prepared for the heads to f*** up.
... even those of us who know how to upgrade firmware and to adjust router config settings, don't always have an option to do so, because often (as is with a lot of "embedded computing" devices) the manufacturers wash their hands of any responsibility after maybe a year or so.
Remember NT stood for "New Technology"... then it didn't...
Remember Metro? Don't call it Metro...
Remember Universal Apps? Don't call them Universal Apps..
Seriously... what's the value in rebranding something after people learn what it is? Who are they? VMware (Server.. ESX.. ESXi.. Sphere.. Cloud.. gaaah what the hell?)
Heh, yeah.. it is rather rich that on one hand ICANN and all these corporates are pushing for more gTLDs, and then when one doesn't go their way, THEN the corporates claim it's a shakedown etc. :)
The whole idea that we need all these extra domains, yeah.. uh.. nah...
Be interesting to see how long it takes Turnbull's 'as good as we need' #640KRAMenoughkindafutureproof VDSL to make it to homes. I'm lucky living close to an exchange and having Annex M so I get about 18/1.4Mbps which is better than most outside of an HFC area, but compared with the rest of the world, is dating quickly!
ICQ, AIM, Facebook, MSN/Windows Live, Jabber etc..
Now things are going back to the silo - and sure, you can install the individual apps, but they're bloated hogs that want to be the default for everything... and on mobile, it's even worse - I mean, why does Yahoo need to keep video/audio call support going in the background even when you're not logged in!?
Clearly they want to bloat their competitors out and force people to pick their favourite.
... couldn't malware on the computer capture the image of the grid? I don't see how this is any more secure than the traditional onscreen keyboard - the only advantage it has is the pattern over a password. They talk about passwords being static - well, in this case, the pattern is static, you're just looking up an onscreen cypher when you enter it.
Exactly.. What if I want to include a phrase in my search, but not require it?
Before, if I wanted to include the phrase:
"the quick brown fox jumps over the lazy brown dog"
If I wanted to require the phrase:
+"the quick brown fox jumps over the lazy brown dog"
Now, how do I include but not require the phrase?
... how a patent lasting 20 years granted to one of the world's biggest companies fosters competition and innovation again?
Where a company isn't going to license its tech to other people on reasonable terms and is clearly a dominant market leader, where is the benefit on continuing their monopoly for 20 years... especially on things like process and software (where the implementation is covered separately by copyright anyway)?
Original copyrights (something to do with Queen Anne from memory in the UK) lasted somewhere in the order of 12 years from what I understand. Now we have life of author + whatever extension to the Mickey Mouse Act happens in the US and, it follows, companies with copyright treaties with the US...
IP (intellectual property) rules need to be rebalanced to reflect the quickening pace of development and the monopolies currently exploiting the system for all its worth.
... their usual permission prompt is that it basically says, "Do you give them permission to access everything?"
No? Well you can't use the app at all - even if its functionality doesn't require access to the data
Yes? Well you've just allowed them access to everything.
If one could say, "Sure, I give this app permission, but not to details X, Y and Z" ... and then the app could advise in a non-blocking why it needs those permissions.
+1 on Steve's comment above..
Sure, fibre goes waaaay faster than what's needed for most people... NOW...
... but just as standard PSTN dialup had speeds like 75 baud and then got to ~56kbps before it was phased out, eventually higher speeds, higher than what the existing network provides, will be needed.
The Liberals are all about private enterprise knowing best - well, they haven't done very well so far, have they? Just as Australia's rail networks need upgrading to shift the natural resources so popular in commodity markets today, data is becoming a commodity in and of itself with things like iPads etc. driving consumer demand and for those businesses to continue growing, the infrastructure for transport needs to be improved in advance of demand rather than as an "Oh shit, we're behind the 8 ball" step.
As evil as closed protocols can be, I'm yet to find an application that can do video on some and audio on even more platforms with so little fiddling (if any) with one's firewall being involved.
Eg. I don't even need UPnP (*shudder*) enabled on the router for it to work.
I've heard various people telling me to use program X, but it's only available on platform A...
Or program Y, but it works poorly over NAT and needs helper module B...
Or Program Z, but it needs grandma to forward a port in her router C..
With IPv4 stuff running out, IPv6 still not quite rolled out to everyone, private networks generally not being assigned public addresses etc. why do people continue to invent protocols that traverse NAT so poorly or require specific assistance/identification by a router/firewall?
I can call between Symbian, Android, iOS, Windows, Linux and OS X in Skype without any firewall chicanery in the majority of situations and make cheapish calls (some of their mobile rates suck) all without having ever touched a firewall config. If someone else can make an app that can do this, I'd be happy to use it and suggest it to others, but I haven't seen one yet (please, someone feel free to guide me elsewhere).
Document mentions .eu and .tv domains and accessing home-screen.js
Google home-screen.js and you get http://customvieracast.blogspot.com/2010_05_01_archive.html
Read that document and you see "Looking at the code in home-screen.js I can see that it downloads from vieracast.eu (EU market) vieracast.tv (US market) depending on where you are."
"All you can eat" data plans are not sustainable.. As everything moves to a more data centric model, expect it to be volume charged as with all other consumable resources to pay for the infrastructure behind it all.
Mobile data has always been volume charged in Australia (well, initially it was time charged too :S) and it's only surprising the rest of the world is only beginning to follow suit now.
Biting the hand that feeds IT © 1998–2019