* Posts by Peter 26

198 posts • joined 10 Nov 2010


You got a smart speaker but you're worried about privacy. First off, why'd you buy one? Secondly, check out Project Alias

Peter 26

Re: you could simply not put the creepy things in your home

The remote server is required for the quality voice recognition.

I helped catch Silk Road boss Ross Ulbricht: Undercover agent tells all

Peter 26

More Questions

That was a really good read. I have more questions.

How did they find the server in Iceland using the admins account? What was the security failure here, surely there was an encrypted reverse proxy?

How did they find connections from San Francisco to the server? Wasn't he using a VPN?

Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit

Peter 26

2FA Fail

I'm all for increased security, so I went to their website, changed my password to a random generated one (I have no idea what it is) and saved it in my password manager Blur. Then I went to see if they had a 2FA option. There is yay! But only via sms/phone call, boo! But wait, after enabling SMS 2FA, I can then enable a backup 2FA via an Authenticator App, but you cannot remove the SMS 2FA.

I signed in on my mobile and it sent me an SMS rather than using the authenticator app.

They are nearly there, but they need to push to use the authenticator app as the first choice and give the option to remove SMS as 2FA (in fact encourage it), sim swapping is incredibly easy to do, use of it to take over accounts has exploded recently. SMS 2FA cannot be trusted anymore.

I've removed SMS 2FA from my google account, name cheap and anywhere else that gives me the option.

Sharefile is probably the most important account I have, I use it to transfer customer data. That thing needs to be secure. They should up their game with regards to 2FA.

LastPass? More like lost pass. Or where the fsck has it gone pass. Five-hour outage drives netizens bonkers

Peter 26

Re: Keepass

I can't get over the fact you have to manually copy the password file to your device. I get that it's more secure, but it sounds really annoying. What if you sign up on your PC to a service then want to login with the accompanying app on your phone? You have to copy the file first.

Just seems like a lot of hassle, last pass sounds like a good compromise on security/ease of use unless I am missing something.

Azure, Office 365 go super-secure: Multi-factor auth borked in Europe, Asia, USA

Peter 26


I was thinking this morning how awful it was that people couldn't get to work because the Waterloo line was shut, and how lucky I am to work from home and not be affected...

Peter 26

Re: I'm locked out of my account for work

Haha, I cleaned the Kitchen Skylight, been meaning to do that for months..

Still locked out, what next...

Just because you're paranoid doesn't mean hackers won't nuke your employer into the ground tomorrow

Peter 26

Re: Paranoid

You're just paranoid until it happens. Do you cover your house in CCTV and alarms, or do you wait to be burgled before installing them?

Getting secure in IT is just such a ball ache. It requires an incredible amount of work, for something that might never happen. Personally I try to do half of it, but I'd be screwed if targeted.

Cancelled in Crawley? At least your train has free Wi-Fi now, right?

Peter 26

Time to dream up solutions

I turn off WiFi on the train as it is next to useless. With my free time I dream up personal windows suction mounted antennas, tethered to your phone somehow that you can use to boost your signal. I have yet to figure out the details on how that would actually work. Maybe I need another train journey to continue the dream.

Namecheap users rage at domain transfer pain, but their supplier Enom blames... er, GDPR?

Peter 26

Re: The clue is in the name

When I looked into registrars a couple of years ago, everyone seemed to say they were the best. They were one of the first to implement 2FA which was one of the reasons I moved to them from GoDaddy.

I haven't any issues, but would be interesting to see what Google's Service is like.

CEO insisted his email was on server that had been offline for years

Peter 26

Re: Deleting emails

I am that hoarder, but it's not because I want every email, it's just that I can't be bothered to sort them out. I have two types of email, read one and unread ones.

I am thinking I should really delete all my work ones (>10 years) as I was once told at an Oil & Gas firm that we should delete everything after 3 years of the project ending so that our own email records couldn't be used to sue us in the future.

uTorrent file-swappers urged to upgrade after PC hijack flaws fixed

Peter 26

Better alternatives

I switched to qBitorrent (qBit) yesterday after reading recommendations on reddit. I was a bit reluctant as there has been so many features added to utorrent that other torrent programs didn't have such as the remote downloading, automatic seed ending, move completed downloads to another folder. But it turns out qBit has all the same features as far as I can see except the annoying adverts. It looks a lot like utorrent did before it went ad crazy. I should have switched ages ago.

Combined with Transdroid on your android phone for remote downloading and torrent searching, it's a perfect combination.

Use ad blockers? Mine some Monero to get access to news, says US site

Peter 26

Re: Just Visiting

I'm just running ublock origin and am not getting any notifications about this. 31 Ads blocked though.

The e-waste warrior, 28,000 copied Windows restore discs, and a fight to stay out of jail

Peter 26

He even admitted he was stupid to put the logos on the CD. He should be convicted as he technically committed the crime, but it should be taken into account that there is zero cost to Microsoft from doing this, he copied something which can be obtained for free and he gains very little from this copyright infringement himself (there is some as people are more likely to buy the old PC if it comes with a legitimate looking restore disc)

There shouldn't be any prison sentence, make him destroy the discs, give him a small fine at worst.

GitHub shrugs off drone maker DJI's crypto key DMCA takedown effort

Peter 26

Re: one experience ...

MSDN license? You get enough free credits each month to do quite a bit. I've got a couple of servers running at the moment free of charge for testing.

Brit transport pundit Christian Wolmar on why the driverless car is on a 'road to nowhere'

Peter 26

He's right about all the issues, but sometimes you need to disengage your brain to succeed

Although he gives a good reality check, I think there is a lot of innovation that come come out of this, so it is a worthwhile exercise. The tech companies have money to burn like he says, so they might as well put it into something like this.

Some of my greatest successes have been when I started something that I had no idea how complicated it would actually be thankfully, otherwise I never would have started.

Sky customer dinged for livestreaming pay-per-view boxing to Facebook

Peter 26

Card Number?

I know when watching Premier League games your viewing card number is shown in the top right of the screen intermittently and occasionally in the middle of the screen during transitions.

There must be some software in the Sky box doing it, so if you wanted to avoid that you'd need to use a third party sky decoder with a real card in it I guess.

TalkTalk banbans TeamTeamviewerviewer againagain

Peter 26

Re: Begs the question(s) ...

They have been doing this for coming up to 5 years now. Basically they throttle everything except anything they have white listed. I used to be able to get round the throttling of P2P by encrypting the traffic, but when they changed to this method there was no way round it. I switched to slower 75Mb BT Infinity which effectively was faster as it is untouched (other BT packages are throttled). To get untouched traffic with VM they now have the option to pay for the gaming package I believe, it's the most expensive of course.

The US is wondering what the lack of Net Neutrality leads to, well we already know as it is here in the UK. If you want to have proper Internet access untouched then you have to buy the top *fast* package, which really just means they haven't screwed with it..

Leaky-by-design location services show outsourced security won't ever work

Peter 26

Re: solution seems easy enough

Yep, came here to say this. They just need to update the security model and strip the EXIF info if the app doesn't have permission for. Obviously that last bit is easier said than done when you get to the nitty gritty detail, but I'm pretty sure Apple/Google can figure it out.

Samsung's Galaxy Note 8 is hot, but not much more than the S8+

Peter 26

Re: I'm marginally annoyed

Maybe the stylus took up some of the battery room. FWIW my S8+ easily lasts a day, but that always seems to be the case with a new phone, hopefully that will still be the case in a couple of years.

Peter 26

I hate crapware, but went with the Samsung S8+ bought 2nd hand on eBay for about £530. They have only been out a few months, so most people selling them are unwanted upgrades. There is an app called BK Disabler which you can use to disable all the Samsung crapware including the Bixby button (no root required), install Nova launcher and it ends up looking like a normal android phone.

The only alternative I considered in the flagship but not £1000 price bracket are the OnePlus 5 which has a slightly worse camera, proprietary fast charging (which is better than all the rest, but means you can only buy charging accessories from OnePlus) and they only support software updates on their phones for about 18 months. But the best thing is no crapware, it's pretty much default android.

Unfortunately there is no obvious answer, it depends on what you care about. For me I care more about regular updates and a decent camera so went with Samsung s8+, but wish I didn't have to disable all the crapware, but it wasn't that hard and is a one off thing.

The best phone will probably be the next Google Pixel announced in the beginning of October, but it will probably cost around £1000.

Couple fires sueball at Amazon over faulty solar eclipse-viewing goggles

Peter 26

Re: Sungazing should never be taken lightly!!

I suspect their eyes are permanently damaged unfortunately. Their brain will make up for the damaged parts filling it in as best it can, but they will have destroyed part of their retina and now have blind spots.

Unfortunately due to branding people think anything sold on Amazon is quality, but really it's no better than buying something off a street market or eBay.

CrashPlan crashes out of cloudy consumer backup caper

Peter 26


I am almost 30 days into their trial and really impressed with the software, it just works. Select the folders you want anywhere, with versions, it sits in the background and doesn't annoy you. I was going to quite happily carry on paying for the comfort of knowing if the worst happens I'm covered. All the alternatives mentioned like dropbox and google drive kind of suck. You have to move your files to the correct folders and I don't really trust their version control if hit by some sort of crypto malware.

I'll probably just stump up the higher price.

FBI's spyware-laden video claims another scalp: Alleged sextortionist charged

Peter 26

Re: OMG. Feds gather evidence of actual crime, get court warrant and arrest actual suspect

Yes, I came here to say this. It's so good to read about some really good police work. Don't cut corners, put the effort in, make sure it passes all legal requirements. They even went beyond the minimum needed to nab him, setting up CCTV and monitoring the network to 100% pin it on him, and all done legally! Fantastic!

I guess the only problem is the cost. If he hadn't made himself such a high profile target would the police have been allocated the resources to find him? It makes me think of The Wire and the constant struggle for the funds to do good police work. It was only when something was high profile that the police were given a blank cheque to do the job properly.

WannaCry kill-switch hero Marcus Hutchins collared by FBI on way home from DEF CON

Peter 26

Hmm, some quite specific charges there. Looks like he is just being charged with creating it and updating it. Someone else is being charged with trying to sell it/advertise it on forums. I wonder what information they have that says he created it, unless they have nabbed the other person?

Chrome web dev plugin with 1m+ users hijacked, crams ads into browsers

Peter 26

Re: 2FA?

Seem sensible and something they can implement straight away.

Crap gift card security helps crims spend your birthday pressie cash

Peter 26

PIN on the back

This makes no mention of the security feature that is on every gift card I have ever seen, the PIN on the back which you have to scratch to reveal.

You shouldn't be able to check the balance or purchase anything online without that PIN. Which means their attack would only work in physical stores, which with the amount of CCTV and loss prevention teams would be a bad idea, especially if you have to guess the last 3-4 digits(1 check digit).

You should never accept a card with that PIN already scratched off as it means someone could go online and use the credit. Someone could grab a load of blank cards from the counter, take them home, read the cards and scratch the PIN off, then go back and put them in the store and just wait for them to be loaded up.

Staff are supposed to be trained to check the cards haven't had the PIN scratched off before loading them up.

Nest leaves competition in the dust with new smart camera

Peter 26

Re: Ermmmm

Most criminals are stupid.


If you wanted to stop internet based cameras you could cut the BT line entering the house and the virgin cable. But if they knew there was cameras they probably wouldn't bother...

Plus hopefully it will upload as it records.

El Reg straps on the Huawei Watch 2

Peter 26
Thumb Down

Android Wear is shockingly bad

I can't believe Google produced this piece of garbage that is Android Wear. It's like they decided on a bunch of features at a committee and then just shoved them all in without any thought.

You summed it up perfectly with swipe left and swipe right lets you change the watch face???? How could anyone ever think that was a good idea and actually get out to a live release?

The best solution for a smart watch seems to be buying one from a company that has gone bust, Pebble. They actually put some thought into how people might use it. That's a sad state of affairs for smart watches.

My only hope at the moment is that Apple will show Google how it's done like they did with the iPhone. I feel like I'm browsing the web on a Symbian S60 when I'm using Android Wear. It has all the features, but just isn't a fun experience, it's just easier to get your phone out.

Google offers devs fat bribes, hopes to lure them to its Home

Peter 26

Doesn't work for Google Apps users

If you want the techie community to use it, how about making it work for Google Apps (now G Suite) accounts? I'm not going to create completely new google accounts and lose access to my apps features just to use home..

Cryptocurrency miner found armed with same exploits as WannaCrypt

Peter 26

They can update their malware now to install the hotfix thanks to Microsoft releasing it instead of disabling file sharing. :)

IBM: Remote working is great! ... For everyone except us

Peter 26

Re: Is it just me, or is this "retro" trend appearing in workplaces ?

There is always resistance to progress. I think it's a sign of a poor CEO, they blame everything on home workers as it wasn't how they succeeded. Where really it's up to them to empower workers giving them meaningful targets to ensure they provide the most for the company and themselves. But that's too much hard work, easier to just say I want bums on seats.

UK to block Kodi pirates in real-time: Saturday kick-off

Peter 26

Re: Short term 'fix'

A lot of the streams are via AceStream which is really just a torrent which downloads in order as much as possible so you can watch it "live" (about 30 seconds delay). Displayed usually via VLC using the network stream option.

The other ones are HTML5 or flash which just show in the browser. (With a million adverts on top) I think most of the Kodi plugins use this method.

From what I have read you need a special plugin for AceStream which is not compatible with all hardware on top of the already special plugins you need to watch the illegal content via Kodi.

There is two things that can be blocked, the web page or server which lists the streams. (A good place to start), or the actual streaming servers for the flash content.

Either of those should have a significant impact on the low lying fruit, the people who just bought a box with no idea how it works. Nothing is going to stop the VPN.

Cybercriminals getting as good as nation state spies – report

Peter 26


But does this take into account the increase in ransomware which must be lowering the time to realise you have been attacked as it announces itself to you as part of its strategy? Also doesn't ransomware predominantly attack Western Europe?

Brit ISP TalkTalk blocks control tool TeamViewer

Peter 26

Re: @Leah

I think that explains exactly why it's not there yet. if you just want to use it for a one off with an IT illiterate user that's a lot of hassle, it'd probably be easier to talk them through fixing the issue than connecting in to do it yourself.

With Teamviewer they have made the download button simple to find on their main screen, you can run it without installing it from the download, then it just gives you a number in your face you can ask the user for.

Wearables aren't dead but apps on wearables might be

Peter 26

Re: 2nd Display

Yeah you're not the only one wanting a simple extra display with NFC capabilites for tap to pay. But apparently they know better than us what we want...

Alleged $17.5m fraudster accused of duping HPE out of 42,000 servers

Peter 26


I don't see why they went to this effort for $30K profit. Was it to try to make the company look legitimate to get investors? Maybe the con was to get investors money?

Android Wear: The bloatware that turned into gloatware

Peter 26

Re: Bloat v Usability

Thanks, I will check it out.

Peter 26

Bloat v Usability

I started with Pebble v1.0 when it first came out and moved to Huwaei Watch when Pebble went bust.

The pebble was ugly but really useful for quickly reading a small message and deciding whether to get your phone out. Really good when speaking to someone or in a meeting, a quick look mid conversation without being rude.

Android wear is absolutely appalling. It is designed to show off, not be usable day to day.

With the pebble you received a message on your phone, the message immediately appeared on your watch to read, you had one button to press which scrolled down to read more, or the other button to cancel it. Most of the time I didn't even need to press a button, just twist my wrist and read what the notification was and make a mental note whether I could ignore it or not.

With android wear your receive a message on your phone, your watch shows a small semi circle on the bottom that I have to swipe up, then I have to select the notification I want to read, then if I want to read more than 4 words of text I need to click on this which then does different things depending on the app. Sometimes you have to swipe left then up, other times just up. TBH I still haven't figured it out, I just fumble around trying to read the message, then just give up and get my phones out.

How hard can you make it to read a bloody message!

I'm going to give Android Wear 2.0 a go, but I am seriously considering selling it and buying a nicer pebble and hope it works long enough for someone to make a decent watch and software.

The problem is I would really like the NFC with the new watches and integration with Android Pay, especially seeing as my house door opens with NFC, so I could use it for that...

GCHQ cyber-chief slams security outfits peddling 'medieval witchcraft'

Peter 26

This needs to be run by the private sector, not GCHQ. Why has this not happened? Why have they had to implement their own systems?

Devs reverse-engineer 16,000 Android apps, find secrets and keys to AWS accounts

Peter 26

Isn't this self policed?

There are bots crawling github looking for AWS keys, one simple mistake with a commit and you'll have bitcoin miners running within minutes racking up your fees.

I would imagine the same people would have done the same with the play store, or are they missing a trick?

French spies warn politicians of hack risk as election draws near

Peter 26

They don't like it up em!

Previously it was just the Western powers who could influence a small country's elections. But now with a bit of hacking it has opened it up to everyone.

It's really interesting watching the world change due to the Internet. I think back to when it was only us geeks using it, so much has changed in such a short period of time.

OpenStreetView? You are no longer hostage to Google's car-driven vision

Peter 26

Great for Runners

OSM is great for finding public foot paths and bridleways which aren't on Google Maps.

Very handy when planning a running route.

Standards body warned SMS 2FA is insecure and nobody listened

Peter 26

Re: SMS messages ... may be ... redirected,

Maybe they mean with the method of getting the network operator to transfer your number to a new sim as mentioned in the article. You don't need much info to get that done.

Lib Dems to oppose porn checks in Blighty's Digital Economy Bill

Peter 26

Re: The problem with this country

My neighbours in the fire service, will he now be able to see my search history? So what if I want to watch some adult content, I should be able to do that with privacy?

I'm considering setting up a permanent VPN from my internet connection. I'll probably set it up on a UK based server for speed and for the 2% reason you mentioned. I don't have anything to hide, but no need to make it easy to browse my history and block content at will. I want the control back...

More movie and TV binge-streaming sites join UK banned list

This post has been deleted by a moderator

Cyanogen mods self away from full Android alternative

Peter 26

They screwed over OnePlus now no other company would risk working with them

They set a precedent when they screwed over OnePlus and left them hanging with no OS. They made themselves a very hard sell to other phone companies.

What's even worse is if they had carried on with OnePlus it would have been a fantastic example of a success story with their OS. Other phone manufactures would have wished to replicate the success of OnePlus.

They shot themselves in the foot.

Premier League Sky card crims ordered to cough up nearly £1m

Peter 26

Re: very confused

Yes I am confused too.

I only know of two types of card, consumer and pub. The pub ones showing the beer glass logo at the bottom of the screen. If they were buying consumer cards and selling to businesses then it would be obvious that something is up. Perhaps there is different levels of business\pub sky card price based on the size of the pub. They purchased cheaper somehow then sold them on? Or maybe did multi screen as many pubs have lots of screens?

Fill in the detail for us Gareth!

Source code unleashed for junk-blasting Internet of Things botnet

Peter 26

"By happy coincidence I received my new V****n router on Saturday. I was surprised to see that the username and password was available in five places"

It is pretty shitty physical security. But the vast majority of people are computer illiterate and are never going to change the password anyway. If we have to sacrifice physical security to stop the far more plausible threat of attacks via the Internet, then I think it's a good compromise.

Brit telcos plead with Ofcom: No one should own more than 30% of available spectrum

Peter 26

Re: Simple solution

Although I agree in principal. Who do you trust to provide the infrastructure without ending up with a BT open reach situation?


Biting the hand that feeds IT © 1998–2019