* Posts by Peter 26

219 posts • joined 10 Nov 2010


The show Musk go on: Tesla defies Silicon Valley coronavirus lockdown order, keeps Fremont factory open

Peter 26

Re: Simple question

Every old person I have spoke to said it is an overreaction and they don't see themselves as high risk.

I think you summed it up though. Old people, ask yourself, would I call an ambulance and take up a bed if I was dieing from it? If yes, then self isolate and take it seriously.

Post Office burned £100m in UK taxpayer cash on Horizon IT scandal legal fees, MPs told

Peter 26

Re: "That doesn't make sense" ...

Maybe it was. Suspiciously we never heard back from them regarding that issue after my suggestion...

Peter 26

Re: "That doesn't make sense" ...

Back to the IT angle. I had a customer who had random files go missing on Windows Shares intermittently (breaking our software). I suggested they turn on windows auditing so we could see what/which account was deleting them. The MD replied, I will get my IT to do this and sack the person responsible once we find out who it is! I couldn't believe he was so quick to jump to thinking it was some employee doing it out of malice. In my mind I thought the most likely reason was some overzealous antivirus.

Amazon launches itself into retail IT with 'all the necessary technologies'. Not saying which, but you know...

Peter 26

Which businesses is this aimed at?

I really struggle to understand which businesses they are aiming at with this as it's only going to work for everyday convenience items. All the larger retail stores wouldn't touch it with a barge pole for obvious reasons, leaving only the little guy running a corner store. But everyone knows the corner shops main way of making profit is by not declaring all the cash they receive so they won't want all these digital records.

Maybe they are aiming it at the landlords of all the empty retail stores?

Now that's what I call a sticky situation: Repairability fiends open up Galaxy S20 Ultra 5G, find the remains of Shergar

Peter 26

Samsung Repair not that bad

The fact Samsung has its own repair centre's is actually a selling point for me. It's the only flagship phone manufacturer that provides genuine replacement batteries at a reasonable price. If you buy a 2nd hand battery anywhere else it will be fake and have nowhere near the storage capacity of a genuine one (you might as well have stuck with the dud one). I used to repair phones myself and gave up on genuine replacement batteries bought from third parties.

I recently had my Samsung S8+ battery replaced in the Kingston store for £50 all inclusive. It's made my phone like the day I bought it. Looks like I'll get another couple of years out of it now, which is quite clearly why other manufacturers don't want to sell replacement batteries.

If there's a bustle in your hedgerow, don't be alarmed now: Brexit tea towel says it'll just be the gigabit broadband

Peter 26

Re: Who needs Tea Towels when you can have Jack Boots?

Thanks for that link. I'm now a subscriber. It's good to read something honest and unbiased for a change.

Firefox now defaults to DNS-over-HTTPS for US netizens and some are dischuffed about this

Peter 26

Re: So what....

This is a really valid point. We don't think it's the case, but who's to say for sure?

Also, what if they have been issued a secret subpoena requiring them access to all the DNS logs?

Alternatively just targeting their network data which I've read can be fingerprinted to identify lookups. A massive project, but certain people have big pockets and by putting all your eggs in one basket it means they have less networks to target. Cloudflare/Google DNS being the main ones.

Anyway, 99.9999% of people don't know what DNS Sec is, so I think Fierfox have done the right thing for today. In a years time there might be a better option. If you're a techie you can change it in the options, if you aren't you would have no idea and noprotection anyway, so something is better than nothing.

Peter 26

Re: You can disable

How would that work? Surely it's hard coded to use In general you don't use DNS to look up a DNS server, although it theoretically would be possible in this case.

One man is standing up to Donald Trump's ban on US chip tech going to Huawei. That man... is Donald Trump

Peter 26

Re: I blame Rupert for this...

It's the reason the Republican party is what it is, and people are willing to vote for this criminal idiot.

It's clear Brexit happened because of tabloids blaming Europe for everything. We have started down this path, if we let them destroy the BBC we will be much further down the the same route as the US.

Microsoft boffin inadvertently highlights .NET image woes by running C# on Windows 3.11

Peter 26

Re: "Visual Studio is a paid-for product"

"If Microsoft want more developers using C#, they need to drop their enterprise-style pricing and make Visual Studio much more attractive. I know that there's a Community Edition, but the cost of the jump from free to non-free is incredibly high, it's no wonder everyone just goes off and uses something else..."

It's the same as travelling in business class. Way too expensive, but you don't care as you're not the one paying it.

Peter 26

I love .NET

I love .NET, it's so easy to use, the IDE is great, all the libraries are fantastic. It links to everything. If you have an issue a quick google finds an answer.

But then I am over 40 years old... The stereotype seems spot on.

Crown Prince of Saudi Arabia accused of hacking Jeff Bezos' phone with malware-laden WhatsApp message

Peter 26

Time for the super rich to fund security research?

I'd like to see the super rich like Bezos fund security research into anything they use day to day. We'd all benefit from it if he had a team looking into WhatsApp security finding bugs and alerting WhatsApp. Apparently this breach cost him his marriage and a $38 billion settlement with his wife, whatever it costs it's going to be a drop in the ocean compared to that.

FYI: FBI raiding NSA's global wiretap database to probe US peeps is probably illegal, unconstitutional, court says

Peter 26

Re: Checks and balances essential

I definitely think Trump Tower is fishy, but just to play devils advocate this does happen with bigger constructions.

Here's an example. WWF UK Headquarters (The panda one, not wrestling!) WWF knew they needed a new site for their head quarters in the UK, they asked around the different councils to see who would subsidise their new building the most. Woking won by offering to pay for the building for them, in return they got the prestige of having WWF UK Headquarters in Woking putting them on the map, and presumably more jobs... You can argue whether that was a good deal, but it shows that it makes sense to get the subsidies in place first before deciding on location. Even on a smaller scale when doing a house extension, you first sort out with the bank how much money you've got before you start the plans and construction.

This vBulletin vBug is vBad: Zero-day exploit lets miscreants hijack vulnerable web forums

Peter 26

I don't think this classifies as a vulnerability, this is a feature which allows you to run a command on the server from the client. I don't see any way this could be accidental, it's bizarre. It's either a deliberate backdoor or some development code that got into release by accident? The development code part doesn't make any sense either though, why would anyone add remote code execution into a development build?

Capital One 'hacker' hit with fresh charges: She burgled 30 other AWS-hosted orgs, Feds claim

Peter 26

I find it interesting how people can be clearly smart, but also equally stupid at the same time.

Talk about unintended consequences: GDPR is an identity thief's dream ticket to Europeans' data

Peter 26

A solution?

Perhaps snail mail with a code, then a visit to an approved ID checker, such as a bank or post office with that code.

There's an opportunity here for someone to set this service up and sign up the ID checkers and the companies who want to prove identity.

Although this just proves a person is who they say they are, not that they own that particular login name, so it's only part of the puzzle.

Peter 26

It is GDPR's fault. The reason GDPR exists is because we know most companies have piss poor data protection controls. Therefore in the design of it they need to force companies to ensure they protect our personal data. Let's hope they add protocols that have to be followed into GDPR v2.

In the mean time this is great news for companies, they now have an excuse not to deal with GDPR requests, let them get stuck in the red tape of proving who they are.

Get ready for a literal waiting list for European IPv4 addresses. And no jumping the line

Peter 26

Re: We need a new approach

Absolutely agree. I think a big issue with IPv6 is that it may be better on paper, but the human element hasn't been given enough weight. We have all grown up with IPv4 and on the surface it's pretty simple, people are lazy and don't like something that different and looks complicated.

Was this quake AI a little too artificial? Nature-published research accused of boosting accuracy by mixing training, testing data

Peter 26

Raj's response to authors response

I'd like to see a response from Raj about the authors comments. Can he explain why they are wrong?

“The network is mapping modeled stress changes to aftershocks, and this mapping will be entirely different for the example in the training data set and the example in the testing data sets, although they overlap geographically," the pair said.

"There’s no information in the training data set that would help the network before well on the testing data set - instead, the network is being asked in the testing data set to explain the same aftershocks that it has seen in the training data set, but with a different mainshocks. If anything, this would hurt [the] performance on the testing data set,” DeVries and Meade, wrote back to Shah.

When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security

Peter 26

Re: Google too

Can anyone recommend a cheap burner SIM? They all seem to start at £10 minimum topup. A bit much to create anonymous accounts.

Ah, this military GPS system looks shoddy but expensive. Shall we try to break it?

Peter 26

yeah totally, I thought they were going to reveal what crap was inside.

You got a smart speaker but you're worried about privacy. First off, why'd you buy one? Secondly, check out Project Alias

Peter 26

Re: you could simply not put the creepy things in your home

The remote server is required for the quality voice recognition.

I helped catch Silk Road boss Ross Ulbricht: Undercover agent tells all

Peter 26

More Questions

That was a really good read. I have more questions.

How did they find the server in Iceland using the admins account? What was the security failure here, surely there was an encrypted reverse proxy?

How did they find connections from San Francisco to the server? Wasn't he using a VPN?

Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit

Peter 26

2FA Fail

I'm all for increased security, so I went to their website, changed my password to a random generated one (I have no idea what it is) and saved it in my password manager Blur. Then I went to see if they had a 2FA option. There is yay! But only via sms/phone call, boo! But wait, after enabling SMS 2FA, I can then enable a backup 2FA via an Authenticator App, but you cannot remove the SMS 2FA.

I signed in on my mobile and it sent me an SMS rather than using the authenticator app.

They are nearly there, but they need to push to use the authenticator app as the first choice and give the option to remove SMS as 2FA (in fact encourage it), sim swapping is incredibly easy to do, use of it to take over accounts has exploded recently. SMS 2FA cannot be trusted anymore.

I've removed SMS 2FA from my google account, name cheap and anywhere else that gives me the option.

Sharefile is probably the most important account I have, I use it to transfer customer data. That thing needs to be secure. They should up their game with regards to 2FA.

LastPass? More like lost pass. Or where the fsck has it gone pass. Five-hour outage drives netizens bonkers

Peter 26

Re: Keepass

I can't get over the fact you have to manually copy the password file to your device. I get that it's more secure, but it sounds really annoying. What if you sign up on your PC to a service then want to login with the accompanying app on your phone? You have to copy the file first.

Just seems like a lot of hassle, last pass sounds like a good compromise on security/ease of use unless I am missing something.

Azure, Office 365 go super-secure: Multi-factor auth borked in Europe, Asia, USA

Peter 26


I was thinking this morning how awful it was that people couldn't get to work because the Waterloo line was shut, and how lucky I am to work from home and not be affected...

Peter 26

Re: I'm locked out of my account for work

Haha, I cleaned the Kitchen Skylight, been meaning to do that for months..

Still locked out, what next...

Just because you're paranoid doesn't mean hackers won't nuke your employer into the ground tomorrow

Peter 26

Re: Paranoid

You're just paranoid until it happens. Do you cover your house in CCTV and alarms, or do you wait to be burgled before installing them?

Getting secure in IT is just such a ball ache. It requires an incredible amount of work, for something that might never happen. Personally I try to do half of it, but I'd be screwed if targeted.

Cancelled in Crawley? At least your train has free Wi-Fi now, right?

Peter 26

Time to dream up solutions

I turn off WiFi on the train as it is next to useless. With my free time I dream up personal windows suction mounted antennas, tethered to your phone somehow that you can use to boost your signal. I have yet to figure out the details on how that would actually work. Maybe I need another train journey to continue the dream.

Namecheap users rage at domain transfer pain, but their supplier Enom blames... er, GDPR?

Peter 26

Re: The clue is in the name

When I looked into registrars a couple of years ago, everyone seemed to say they were the best. They were one of the first to implement 2FA which was one of the reasons I moved to them from GoDaddy.

I haven't any issues, but would be interesting to see what Google's Service is like.

CEO insisted his email was on server that had been offline for years

Peter 26

Re: Deleting emails

I am that hoarder, but it's not because I want every email, it's just that I can't be bothered to sort them out. I have two types of email, read one and unread ones.

I am thinking I should really delete all my work ones (>10 years) as I was once told at an Oil & Gas firm that we should delete everything after 3 years of the project ending so that our own email records couldn't be used to sue us in the future.

uTorrent file-swappers urged to upgrade after PC hijack flaws fixed

Peter 26

Better alternatives

I switched to qBitorrent (qBit) yesterday after reading recommendations on reddit. I was a bit reluctant as there has been so many features added to utorrent that other torrent programs didn't have such as the remote downloading, automatic seed ending, move completed downloads to another folder. But it turns out qBit has all the same features as far as I can see except the annoying adverts. It looks a lot like utorrent did before it went ad crazy. I should have switched ages ago.

Combined with Transdroid on your android phone for remote downloading and torrent searching, it's a perfect combination.

Use ad blockers? Mine some Monero to get access to news, says US site

Peter 26

Re: Just Visiting

I'm just running ublock origin and am not getting any notifications about this. 31 Ads blocked though.

The e-waste warrior, 28,000 copied Windows restore discs, and a fight to stay out of jail

Peter 26

He even admitted he was stupid to put the logos on the CD. He should be convicted as he technically committed the crime, but it should be taken into account that there is zero cost to Microsoft from doing this, he copied something which can be obtained for free and he gains very little from this copyright infringement himself (there is some as people are more likely to buy the old PC if it comes with a legitimate looking restore disc)

There shouldn't be any prison sentence, make him destroy the discs, give him a small fine at worst.

GitHub shrugs off drone maker DJI's crypto key DMCA takedown effort

Peter 26

Re: one experience ...

MSDN license? You get enough free credits each month to do quite a bit. I've got a couple of servers running at the moment free of charge for testing.

Brit transport pundit Christian Wolmar on why the driverless car is on a 'road to nowhere'

Peter 26

He's right about all the issues, but sometimes you need to disengage your brain to succeed

Although he gives a good reality check, I think there is a lot of innovation that come come out of this, so it is a worthwhile exercise. The tech companies have money to burn like he says, so they might as well put it into something like this.

Some of my greatest successes have been when I started something that I had no idea how complicated it would actually be thankfully, otherwise I never would have started.

Sky customer dinged for livestreaming pay-per-view boxing to Facebook

Peter 26

Card Number?

I know when watching Premier League games your viewing card number is shown in the top right of the screen intermittently and occasionally in the middle of the screen during transitions.

There must be some software in the Sky box doing it, so if you wanted to avoid that you'd need to use a third party sky decoder with a real card in it I guess.

TalkTalk banbans TeamTeamviewerviewer againagain

Peter 26

Re: Begs the question(s) ...

They have been doing this for coming up to 5 years now. Basically they throttle everything except anything they have white listed. I used to be able to get round the throttling of P2P by encrypting the traffic, but when they changed to this method there was no way round it. I switched to slower 75Mb BT Infinity which effectively was faster as it is untouched (other BT packages are throttled). To get untouched traffic with VM they now have the option to pay for the gaming package I believe, it's the most expensive of course.

The US is wondering what the lack of Net Neutrality leads to, well we already know as it is here in the UK. If you want to have proper Internet access untouched then you have to buy the top *fast* package, which really just means they haven't screwed with it..

Leaky-by-design location services show outsourced security won't ever work

Peter 26

Re: solution seems easy enough

Yep, came here to say this. They just need to update the security model and strip the EXIF info if the app doesn't have permission for. Obviously that last bit is easier said than done when you get to the nitty gritty detail, but I'm pretty sure Apple/Google can figure it out.

Samsung's Galaxy Note 8 is hot, but not much more than the S8+

Peter 26

Re: I'm marginally annoyed

Maybe the stylus took up some of the battery room. FWIW my S8+ easily lasts a day, but that always seems to be the case with a new phone, hopefully that will still be the case in a couple of years.

Peter 26

I hate crapware, but went with the Samsung S8+ bought 2nd hand on eBay for about £530. They have only been out a few months, so most people selling them are unwanted upgrades. There is an app called BK Disabler which you can use to disable all the Samsung crapware including the Bixby button (no root required), install Nova launcher and it ends up looking like a normal android phone.

The only alternative I considered in the flagship but not £1000 price bracket are the OnePlus 5 which has a slightly worse camera, proprietary fast charging (which is better than all the rest, but means you can only buy charging accessories from OnePlus) and they only support software updates on their phones for about 18 months. But the best thing is no crapware, it's pretty much default android.

Unfortunately there is no obvious answer, it depends on what you care about. For me I care more about regular updates and a decent camera so went with Samsung s8+, but wish I didn't have to disable all the crapware, but it wasn't that hard and is a one off thing.

The best phone will probably be the next Google Pixel announced in the beginning of October, but it will probably cost around £1000.

Couple fires sueball at Amazon over faulty solar eclipse-viewing goggles

Peter 26

Re: Sungazing should never be taken lightly!!

I suspect their eyes are permanently damaged unfortunately. Their brain will make up for the damaged parts filling it in as best it can, but they will have destroyed part of their retina and now have blind spots.

Unfortunately due to branding people think anything sold on Amazon is quality, but really it's no better than buying something off a street market or eBay.

CrashPlan crashes out of cloudy consumer backup caper

Peter 26


I am almost 30 days into their trial and really impressed with the software, it just works. Select the folders you want anywhere, with versions, it sits in the background and doesn't annoy you. I was going to quite happily carry on paying for the comfort of knowing if the worst happens I'm covered. All the alternatives mentioned like dropbox and google drive kind of suck. You have to move your files to the correct folders and I don't really trust their version control if hit by some sort of crypto malware.

I'll probably just stump up the higher price.

FBI's spyware-laden video claims another scalp: Alleged sextortionist charged

Peter 26

Re: OMG. Feds gather evidence of actual crime, get court warrant and arrest actual suspect

Yes, I came here to say this. It's so good to read about some really good police work. Don't cut corners, put the effort in, make sure it passes all legal requirements. They even went beyond the minimum needed to nab him, setting up CCTV and monitoring the network to 100% pin it on him, and all done legally! Fantastic!

I guess the only problem is the cost. If he hadn't made himself such a high profile target would the police have been allocated the resources to find him? It makes me think of The Wire and the constant struggle for the funds to do good police work. It was only when something was high profile that the police were given a blank cheque to do the job properly.

WannaCry kill-switch hero Marcus Hutchins collared by FBI on way home from DEF CON

Peter 26

Hmm, some quite specific charges there. Looks like he is just being charged with creating it and updating it. Someone else is being charged with trying to sell it/advertise it on forums. I wonder what information they have that says he created it, unless they have nabbed the other person?

Chrome web dev plugin with 1m+ users hijacked, crams ads into browsers

Peter 26

Re: 2FA?

Seem sensible and something they can implement straight away.

Crap gift card security helps crims spend your birthday pressie cash

Peter 26

PIN on the back

This makes no mention of the security feature that is on every gift card I have ever seen, the PIN on the back which you have to scratch to reveal.

You shouldn't be able to check the balance or purchase anything online without that PIN. Which means their attack would only work in physical stores, which with the amount of CCTV and loss prevention teams would be a bad idea, especially if you have to guess the last 3-4 digits(1 check digit).

You should never accept a card with that PIN already scratched off as it means someone could go online and use the credit. Someone could grab a load of blank cards from the counter, take them home, read the cards and scratch the PIN off, then go back and put them in the store and just wait for them to be loaded up.

Staff are supposed to be trained to check the cards haven't had the PIN scratched off before loading them up.

Nest leaves competition in the dust with new smart camera

Peter 26

Re: Ermmmm

Most criminals are stupid.


If you wanted to stop internet based cameras you could cut the BT line entering the house and the virgin cable. But if they knew there was cameras they probably wouldn't bother...

Plus hopefully it will upload as it records.

El Reg straps on the Huawei Watch 2

Peter 26
Thumb Down

Android Wear is shockingly bad

I can't believe Google produced this piece of garbage that is Android Wear. It's like they decided on a bunch of features at a committee and then just shoved them all in without any thought.

You summed it up perfectly with swipe left and swipe right lets you change the watch face???? How could anyone ever think that was a good idea and actually get out to a live release?

The best solution for a smart watch seems to be buying one from a company that has gone bust, Pebble. They actually put some thought into how people might use it. That's a sad state of affairs for smart watches.

My only hope at the moment is that Apple will show Google how it's done like they did with the iPhone. I feel like I'm browsing the web on a Symbian S60 when I'm using Android Wear. It has all the features, but just isn't a fun experience, it's just easier to get your phone out.

Google offers devs fat bribes, hopes to lure them to its Home

Peter 26

Doesn't work for Google Apps users

If you want the techie community to use it, how about making it work for Google Apps (now G Suite) accounts? I'm not going to create completely new google accounts and lose access to my apps features just to use home..



Biting the hand that feeds IT © 1998–2020