* Posts by Lee D

2698 posts • joined 14 Feb 2013

Fork it! Google fined €4.34bn over Android, has 90 days to behave

Lee D
Silver badge

Re: You can't fork Android

And probably always will be.

I don't think this case will change that, no different to expecting Steam to open up their source code.

What they are arguing is that you can't FORCE people to use Google Play in order to use Android.

17
3
Lee D
Silver badge

"the requirement to preinstall Google Search and Chrome"

- Yep, no need to force this on people. However, can we please learn that you need to be able to REMOVE THE JUNK THAT THEY PREINSTALL. Whoever "they" are. This will mean a lot of "Samsung Internet Browsers" being installed, fine, activated by default, fine, but it will also mean that they'll make it a pain in the butt (or even impossible) to remove them and JUST have Chrome even if that's what the user wants.

"payments to phone makers to make Google Search the default"

- Not sure how this hurts, as such, as surely other people could pay those makers to be the default? So long as it's changeable? Is this any different to Apple being paid to direct people to Google? That could hurt if that went to court based on this case.

"and restrictions on creating "forks" of Android."

- Yep, no need for this, they just can't call it an Android phone etc.

13
29

Samsung’s new phone-as-desktop is slick, fast and ready for splash-down ... somewhere

Lee D
Silver badge

Re: ...however!

Mini projectors are cheap.

1
0
Lee D
Silver badge

Developers?

And Dex isn't just about Android, is it?

https://www.theregister.co.uk/2017/11/10/linux_on_galaxy_video_demo/

Ubuntu and Eclipse. That could be perfect for a developer, web designer, etc. on the move as well as one who needs to test their results on mobile.

And the price is reasonable, much more than I would expect to be honest, but I can't afford the Samsung phone to go with it, so maybe that's why.

But I think I'd quite happily consider running Ubuntu off my phone as an emergency/portable desktop, if I was a salesman, developer, IT contractor, etc. Much more so than an iPad. Hell, I'd do it and just keep the Dex bit on me for the "just-in-case" of needing a laptop and not having one, or a presentation (plug phone into Dex into HDMI projector). You can also get a mini-projector for peanuts nowadays. You could have a full Linux desktop setup on an airplane seat with things that you can slip into your pocket.

It seems to me to have a lot of uses, it's just a shame that the phones to do it are so expensive (and even my old S4 Mini / S5 Mini could probably be a serviceable desktop with the right OS).

4
0

Microsoft to pay new bounties for identity services holes

Lee D
Silver badge

I don't think there's much of anything like Banyan Vines left in AD, Samba would have found it by now if there was, I should imagine. Whether in inter-compatibility testing, or legacy protocols that they try to support, or anything else.

And given that Samba can be a full AD domain controller, I reckon they've had stumbled across / recommended against any such code.

Hell, to be honest, SMBv1 and v2 are already dead BECAUSE they're so insecure. That's how those worms of a few years ago propagated and even that was seen as "Why the hell does the NHS have that option enabled any more anyway?"

0
0

The crowd roars and Ruckus joins in with 802.11ax kit

Lee D
Silver badge

Which is like not sending a response packet to a DoS.

They've still used up the airwaves, fought with existing clients, and spoke over them to request anything. Sure, you're not propagating that situation but without protocol changes there's no way to say "shut up and don't ask again" or isolate such requests from the parts that actual data-transferring clients are using.

Additionally, what you're doing then is ignoring random "who's there" probes, which is going to affect auto-join of all kinds (remember - the clients are dumb and may just be trying to connect to favoured network while connected to an unfavoured one, which they can't because you ignore their probes).

At best this is a minor tweak, that will impact legacy clients (maybe in protocol-breaking ways?) and not actually help all that much (e.g. if you have even 11Mbps clients, the probes are an incredibly TINY fraction of the data that they would transmit just to stay online once connected, and mostly passive - SSIDs are broadcast quite openly and clients pick up, they don't really transmit until you join - this is how the old WEP-cracking tools of old worked, they could determine the SSID and WEP key without broadcasting a single byte of data over the airwaves. It's the "thousands of clients" bit that's the problem, and ignoring a portion of them still doesn't make it any better - they're old so they're likely to re-transmit more often to get an answer!).

This is hype at best. If you are so congested that can't fit in a client scanning for SSIDs it might want to join, then you don't stand a chance of transmitting any kind of useful data to any connected client anyway.

10,000 clients sensing networks at even 11Mbps (i.e. taking up the most chunk of spectrum, while also taking the greatest portion of their allocated data to do so) is literally lost in the noise.

The problem comes not from the responses given, but the sheer "waiting time" for the airwaves to be clear before it's safe to broadcast any kind of request at all, and that's determined by the protocol of the client, not the AP.

0
1
Lee D
Silver badge

That's all very nice but surely it requires everyone to be using 802.11ax on the client end too. As always, you still have to deal with legacy clients in legacy fashions, and as most things dial down to legacy connections when they get weak signal or bad responses, 99% of "heavy traffic" management is surely just dealing with the DoS from legacy clients.

And surely here one of the flaws is using the same channel for data as we do for client-querying. All those thousands of devices saying "What are you offering?" constantly shouldn't be interfering with a client that's already joined the network and is passing data, surely?

1
5

You wanna be an alpha... tester of The Register's redesign? Step this way

Lee D
Silver badge

You've got time to pee about like that, but:

- No IPv6 still.

- You still can't link my old posts under previous usernames (but same id!) to the badge/stats

- I can't search through my own (or another user's) comments to find a particular thing I posted.

6
1

Capita strikes again: Bug in UK-wide school info management system risks huge data breach

Lee D
Silver badge

Re: Gonna be one less school soon

Most MIS providers are no different.

What are you moving to? I betcha I can point you in the direction of someone with similar/worse horror stories on whatever it is.

4
1

Microsoft's TextWorld gives AI a Zork-like challenge

Lee D
Silver badge

If it ever learns to quit vi then we know we're in trouble.

5
0

Crumbs. Apple has tweaked the MacBook Pro keyboard

Lee D
Silver badge

God, the PC you could get for the same money that wouldn't have a pathetic 13" screen...

If I was GIVEN one of these, I'd flog it and buy a decent laptop and spend the difference on all kinds of stuff.

9
14

What can $10 stretch to these days? Lunch... or access to international airport security systems

Lee D
Silver badge

"I'm gonna give you run of the complete IP network" rather than "I'm going to show you a picture of a machine that you'll have to log into"?

VPN is sensible, sure, but as an encryption layer only. VPN into a network as if you were plugged in locally is just a perfect way to spread stuff from their machines to your network.

VPN, and filter, and VLAN, and etc. etc. etc. and then to a limited network that only allows RDP traffic, through an authenticated gateway, only to select apps/VM's... yep. That sounds ideal.

But to most people, well-configured RDP - with up-to-date clients - to an unprivileged TS acting as a network client is perfectly sufficient in terms of encryption, stopping brute-force attacks, letting people work from hotels, etc., convenience, and compatibility (you can do it from an iPad, or a smartphone).

The question is not "what protocol do you use" but "what measures do you have protecting that protocol".

But, personally, blanket VPN access is incredibly dangerous. And most people want it "to access network shares", so you can't block the protocols associated with that. Now you have SMB/CIFS traffic flowing around uncontrolled home networks.

RDP, via a gateway, with certs, decent policy, IDS/IPS, and file-transfers disabled... it's then impossible to do anything that "that user logged in on a real machine inside" couldn't do, while also preventing all exposure of unsanitised data to/from their home / cybercafe / etc. IP networks.

4
0
Lee D
Silver badge

Re: I was "hacked" via RDP

Do yourself a favour - get or write a script that emails you for every RDP login. There are loads of them out there.

There's nothing more reassuring than at least knowing "Hey, I spotted something odd that managed to slip past what I thought was secure!".

RDP has suffered several attacks recently (e.g. CredSSP), so patch it like mad, and check people aren't bypassing your password entirely.

7
0

'It's legacy stuff brute-forced in': Not everyone is happy with Citrix's cloud

Lee D
Silver badge

Re: Good ol'terminal services stuff

Things like GDPR etc. kept us in-house.

Sure, put stuff in the cloud, but that just means "rent a computer somewhere with a good policy, encrypt it heavily, and control it yourself" in our case.

Citrix always seemed a con, for something you could do yourself better. Cloud Citrix just seems silly.

0
0

Geoboffins spot hundreds of ghost dunes on Mars

Lee D
Silver badge

That's saffron-t to my sensibilities...

4
0

Google offers to leave robocallers hanging on the telephone

Lee D
Silver badge

International calls? I get CLI all the time. I know because a lot of them like to use tricksy ones that LOOK like local calls but aren't (0027, etc.). I have one on my phone history today, if you'd like to see.

Unless, and this is important, it's spam. Then no CLI, international or not. But it's never answered.

I don't care that the local council use withheld numbers etc. That's their problem. They are one very, very specific example of exactly a place that SHOULD be pushing CLI properly with an official council number to call them back on clearly visible.

If you have to HIDE WHO'S CALLING then I don't want to take that call. Legit or not. Actual client/supplier/service or not. Known to me or not. Simple as that.

Yes, you can fake CLI (but it should be impossible, BT just need to pull their finger out). But every workplace I ever worked for has never felt the need to hide their number. All they do do is not advertise their internal DDI's and make the CLI of all calls go out with the main public switchboard DDI. There's no reason to be doing anything else, unless you're intending to deceive people about the origin of the call.

Those kinds of people won't want to answer the phone anyway, so no loss to just advertise the number at least for the first few calls anyway.

Plus, sorry, but nothing binding is done by me over a telephone call. You will email or write if you need it. And absolute best case: I'll call you back on your advertised number to ensure I'm actually speaking to who I think I am, and deal direct and still ask you for whatever-it-is in writing. You could request that via an SMS, if you wanted.

There is zero NEED for CLI. It's not even convenient as it can be easily faked or blocked. Hence it's about as reliable as a From: header in an email, and I trust it just as little. Because of that, I disregard them entirely and work on the much simpler principle of "I didn't give you my number, therefore I never wanted to hear from you."

12
4
Lee D
Silver badge

Easier solution:

Whitelist by default.

If I don't have your number plugged into my phone as a contact, your phone call doesn't ring, or get answered.

If you're persistent then I might bother to Google you.

The magic keys to the kingdom of speech with me? Use a well-known number that I can search for online, inform me of your number/call in advance, or send me a text (if you're a human) to let me know who you are and why you're contacting me.

Otherwise, enjoy the glorious brrr-ing-brr-ing into perpetuity without even a possibility of leaving a voicemail.

P.S. My ringtone for real people is the sound of the phone ringing from the ZX Spectrum game Software House. True story.

20
5

Boffin botheration as IET lifts axe on 20-year-old email alias service

Lee D
Silver badge

Re: Email forwarding services are passé

Nonsense.

Any email forwarding is easily coped with, and SPF can be simply added (it's IET's job to say what mailserver can claim to be from their domains, that's it - they could just leave an open record on it or offera basic SMTP sender with auth).

And envelope-rewriting and forwarding is supported by just about every domain-name host out there with email-forwarding. I forward ALL my public emails (which I use heavily for everything, personal and business, for 20+ years) to a GMail (ultimately, but that's unpublicised and can be changed in seconds) which I use as my actual method to collect and read and reply to those emails.

I also run my OWN forwarding server to do just that as secondary, to handle more critical domains, etc.. It's Postfix and maybe an hour of config for anyone familiar with Linux at all. That forwards to and isn't blocked by Google etc. unless it's quite obvious spam. My own grey-listing, SPF-checking, DKIM-checking, etc. spam filter blocks WAY MORE than GMail does, and it never touches even fresh incoming addresses at my domains (e.g. newsocialmediacompanyspamhole@mydomain.com) that haven't ever seen an email prior.

Their reasoning isn't based on that because it's hard. It's just an expense and liability that they don't need. Personally, I'd ask people for £100 per address per year and then bolt it into Google Apps for those customers who want to pay to retain it. Would take long at all, and no GDPR liability as you literally never touch their email. But I can perfectly understand why they wouldn't want to, it's just not their job.

1
3

BGP borked? Blame the net's big boppers

Lee D
Silver badge

Oh look.

This is unprecedented.

"Failure to properly sanitise input data".

"Failure to apply least-privilege principles" (if it's not explicitly allowed, it can't happen).

"Failure to apply sensible defaults"

"Failure to check output of own systems matches expectations"

It's not like those EVER cause problems, is it?

9
0

Microsoft might not support Windows XP any more, but GandCrab v4.1 ransomware does

Lee D
Silver badge

"Being able to spread without internet access and impacting legacy XP and 2003 systems suggests some older environments may end up at risk where there is poor security practice – e.g. no working antivirus software"

Poor security practice like running obsolete and unsupported operating systems, for example?

I think Microsoft should just be honest... if your system has XP anywhere on it, in any configuration, even as a VM, the rest of the network's security is pointless and cannot be guaranteed. Give it up, stop developing, testing and shipping software for it, let it on the kerb.

Until you do that, people will just keep running it forever and think that just because there's some ancient version of Sophos on it that it's somehow magically "secure" now.

2
17

Cops suspect Detroit fuel station was hacked before 10 drivers made off with 2.3k 'free' litres

Lee D
Silver badge

Re: Outrageous!

A weak pound worth $1.32?

14
0

Sysadmin cracked military PC’s security by reading the manual

Lee D
Silver badge

SWITCHES=/N

in your CONFIG.SYS.

8
0
Lee D
Silver badge

Re: Bypass autoexec bat & config.sys..

1) You could disable that.

2) What makes you so sure it was MS DOS?

4
0
Lee D
Silver badge

A bunch of machines in an IT suite that I was revamping for a school, all tied together with serious steel cables, attached to the machines with some quite serious adhesive on a plate secured direct to the metal chassis of the machines.

Because they were all interlinked, and the cables padlocked together, you couldn't steal one without the one next to it, and so on. I thought it was going to be a nightmare of having to reimage them all in-situ or going through a bundle of different padlocks key endlessly to separate them, but I thought I'd give things a shot to see if there was an easier way.

I knew that you couldn't just pull the computers apart by brute force - I'd witnessed one fall to the floor hard and just dangle there by the plate/cable, and seen a few cursory demonstrations by big strong men trying to pull on them.

But every system has a weakness. In this case, the hefty metal plate that was epoxied in some manner to the chassis that everyone assumed was inseperable. Like with a maglock, it's not how strong it attaches when you pull laterally against the lock, it's how you can break that lateral surface area connection.

Turns out, a small flatblade screwdriver inserted into a tiny sliver of a gap between the chassis and plate, and then a small "twist" rotation of the head at normal hand strength would easily separate the two surfaces. Despite the fact that you could probably tie the offending articles to two vehicles driving in opposite directions and only ever snap the cables not the attachment, once you got the hang of it, you could literally walk down the row, stab, twist, stab, twist and fire the plates off the machines at high speed with nothing more than a basic hand tool and hand-tight motion. And no damage to the machines.

Headmaster of the school came past about 20 minutes after he'd said he'd go get me the keys, saw the pile of hefty steel cables and plates on the floor and his now "insecure" IT Suite and was flabbergasted. We never bothered to put them back on. (And, yes, I had permission to remove them if I could, before you ask).

If I found it, you can be sure anyone determined to steal those machines knew it too, even if they hadn't brought bolt-cutters.

Similarly, schools all used to just buy expensive projectors and dangle them from their high-ceilings on long-rods. In time, people became aware of the necessity of a "swing test". Literally, if you can't swing from the rod with your full weight then it only takes seconds to get the projector down and walk off with it. Sure, you'll damage the hell out of the ceilings/joists, but burglars tend not to care if they can walk out with £1000 of kit in ten seconds.

Despite then being told by several places that "our projectors have to survive a swing test", never did find anyone who even suggested it was possible to build or fit such an item if you're just attached to joists and your ceilings are 14 foot height, so the pole has to be at least 8 feet long. They learned quickly that leverage and brute-force beats ingenuity every time. After that, they started to buy projectors that were marked educational use only (destroying resale value on the main markets), had passcodes to stop them turning on, that weren't as valuable, or that mounted "short-throw" so at least the thieves only damaged a £50 bracket rather than created a £1000 ceiling repair for their insurers.

11
0

ICANN't get no respect: Europe throws Whois privacy plan in the trash

Lee D
Silver badge

It's simple. You trade with another country, you have to abide by their rules too for that trade.

It's a long-established situation everywhere, not just California. Otherwise Apple would just put two fingers up to every other state/country in the world and sell their products there. Instead they sold-out to China and all kinds of places to be able to sell their devices there.

You are "International" but can't trade with Europe? That's a 50% hit on your revenue immediately, not counting fines and compliance work that you'll still need to do anyway.

ICANN are being really idiotic here and will lose the EU domains if they're not careful. It wouldn't take a year to set up a "ECANN" and make all EU ISPs use it (you just say ICANN isn't GDPR compatible and, bam, they'll move over), which means that if the rest of the world want to trade with Europe, they'll have to send queries to ECANN not ICANN and the DNS roots will change to give preference to ECANN overnight (A third of them are in Europe anyway).

This is arguing with the legal system that binds 50% of your worldwide customers saying "We don't care, and we're incompetent enough that we can't even fix it", which will just end in loss of control, whether through incompetence or legal decree. And once EU goes, other nations will follow suit.

57
5

TalkTalk, UK2 sitting in a tree, not T-A-L-K-I-N-G: Hosting biz cut off after ISP broadband upgrade

Lee D
Silver badge

They used to offer a lovely number for dialup with just uk2/uk2 as the login details, local rates.

Whatever happened to them? That was a great backup when the "new" DSL went down or just when you were "roaming" in a hotel or something pre-wireless.

And game servers, they used to run a ton of game servers.

Since DSL came along, haven't heard hide nor hair of them.

2
0

UK.gov: New London courthouse will focus on crimes of a cyber nature

Lee D
Silver badge

Re: Will they fund the specialist lawyers and digital forensics experts?

Legal aid has always been a pittance.

Lawyers literally only work via legal aid out of the goodness of their hearts, or because their firm instructs them to, not for the pay.

The bigger difference has always been prosecution versus defence. Work on defending people who don't want to go to jail and you'll earn 10 times more than the people hired to gather the evidence to send you there.

Plus, courts are entirely separate to lawyers, forensics and everything else. The court is merely the venue when you show those items to people trained in law. They specifically AREN'T trained in every minor detail, that's for the lawyers to get across to the 12 lay-men in the jury and the judge who might not have a clue anywhere. Only incredibly specialist cases will dare mess with that.

If anything, you DO NOT WANT all that stuff in a court. You want an expert coming in, testifying, and being rebutted by other experts. You don't want judge and jury thinking they know more than the guy on trial, or the experts he's hired, or the counsel hired to represent him. Because, more often than not, they don't.

Take it from me, someone who works in IT, graduated in mathematics, was married to a barrister, and lived with a geneticist. In all those areas of specialism, I assure you I can point out huge gaping flaws in other people's expectations of what "hacking", "probability", "legal precedent", or "DNA match" actually means in real life. You want normal people listening to an expert who says "No, that's not how it works, your honour. There's only 96% certainty that this is the same DNA, which means that almost everyone in this room could be convicted of the crime being described today".

4
0

ZX Spectrum reboot firm boss delays director vote date again

Lee D
Silver badge

What better way to flog a dead horse than to flog it thousands of times to other people and not actually give anyone any kind of horse, dead or not?

17
0

Apple is Mac-ing on enterprise: Plans strategic B2B alliance with HPE

Lee D
Silver badge

Re: Actually...

Welcome to the 90's. It's where you appear to be stuck, anyway.

"Actually......it is easier to get an Mac to boot Linux than it is to get a PC to do the same."

Absolute nonsense. Stick disk in, F12, boot, install, done.

"They may have some ideas how they want to people to use their product but that is not different from how your dishwasher manufacturer want you to use their dishwasher."

My dishwasher has never told me that it only works with John Lewis Plates, that I'll need to use Apple Soap, nor that it "just can't do that" when I ask it for a 10 minute rinse instead of a 20.

"Most of the anti-apple mob are angry Windblows users who are afraid of losing their "supremacy" of having to reinstall their PC at least once a year."

1) If you're reinstalling a PC once a year, you're an idiot.

2) Would you like stats on how often I have to reinstall a Windows machine versus a Mac machine in a school with hundreds of the former and only a dozen of the later? I'll give you a clue: You lose.

"I am btw. running OpenSuSE on a MacBook Pro... installing Linux on a Lenovo was too time consuming."

Good for you. And why? As someone with an entirely-Lenovo shop, I can't imagine what could cause that. Literally, boot install at disk / decompression speed.

"Oh one more thing: Windblows still can't manage proper display scaling something OS X and Linux has been doing for over 10 years."

Display scaling? As in zooming your display to show on higher resolution screens? You really are operating in the dark ages.

14
9

London's top cop isn't expecting facial recog tech to result in 'lots of arrests'

Lee D
Silver badge

But they're not.

That's a silly use case.

They're looking for possibly 100,000 people out of possibly 70m people. At that point - in fact, WAY before that point - the numbers explode and even an accurate system has an atrocious false positive error rate.

5
1
Lee D
Silver badge

Just let them, already.

Because the tech most certainly is NOT ready.

And when it proves an expensive failure, it'll be harder to justify the next (or any) such system in the future.

I have not yet once managed to get through Stansted airport facial-recognition, with or without-glasses, wearing the same T-shirt as in my passport photo, etc. etc. Not once. I ALWAYS stand there like an idiot for 5 minutes while it keeps trying, and then get pulled away by the woman STATIONED at the damn thing to take people to the "Whoops it didn't work line" where a human does the job (and which is always a long queue, not just individuals).

This stuff doesn't work any better than random chance, and certainly not better than a trained human. Stop it. Or rather - trial it all, see how useless it is, realise the salesmen lied, get over it and spend your next pot of money elsewhere to avoid a repeat embarrassment.

9
0

A fine vintage: Wine has run Microsoft Solitaire on Linux for 25 years

Lee D
Silver badge

"If I understood your problem correctly, the solution is simple:"

Yeah. Those obvious, intuitive commands, environment variables passing into other environment variables, etc. etc. etc.

I mean, I understand everything its doing and why. But I wouldn't be able to guess at that in a million years.

6
1

Who fancies a six-core, 128GB RAM, 8TB NVMe … laptop?

Lee D
Silver badge

Re: What does it run?

People stopped dual-booting 20 years ago.

Having to shut down one OS to run another is ridiculous in the modern age, where you can run both simultaneously without issue.

Honestly, we stopped doing that the second virtualisation instructions were put into processors.

16
25
Lee D
Silver badge

Re: What does it run?

That kind of machine, you're going to want VMWare or similar anyway.

That's a waste to use it for just one OS with those cores and RAM, when you can run everything at the same time.

Linux as the base OS, maybe, but good luck getting all the drivers (especially for the RAID etc.).

13
25

New Android P beta is 'very close', 'near-final' but also just 'early'

Lee D
Silver badge

Re: What's the app?

To my knowledge, an awful lot of phones have never supported recording calls at all, but that's a hardware manufacturer integration. If they don't present the hardware to the Android drivers, then there's no way for the Android API to record it.

But also note:

https://developer.android.com/reference/android/media/MediaRecorder.AudioSource

"This permission is reserved for use by system components and is not available to third-party applications."

Even the latest Android APIs do have an option to do just what you're talking about, but it's never been properly exposed and officially supported. When you use unsupported stuff, that's what happens.

I don't think it's ANYTHING to do with Android. It's to do with people BYPASSING Android. And I think it's to do with manufacturer's not exposing functionality in a standardised way via the Android APIs that already exist and/or not producing hardware that supports such functionality (e.g. a voice-call-handling chip that doesn't provide the voice data to the processor running Android at all).

3
0
Lee D
Silver badge

Re: Wonder what it'll break ?

What's the app?

What's the function that can't be reintroduced?

Is there a single other app anywhere in the Play Store that does the same function (I don't care how, what else, whether it's prettier)?

Because I imagine there's not much that doesn't work in the way you state, when the developer is non-lazy.

3
1
Lee D
Silver badge

You mean the OS where you're not allowed to render a website in any other way than an Apple control.

Google Chrome on iPad / iPhone is just a Safari control in a different coloured box.

I'm not at all sure that "universality" of APIs is an no-questions-asked good thing in and of itself. There has to be something else too in order to ensure you can program against them freely.

Also note, it's impossible to do certain things on iOS programmatically at all, by design. Sure, that saves you a few small security headaches but the amount they MISS tells you that that isn't the end of the story either. And causes huge user interface problems.

Don't even get me started on the junk that is screen-modal pop-up login dialogs that don't tell the user their origin, and go over the top of anything you happened to be doing.

5
0

The Notch contagion is spreading slower than phone experts thought

Lee D
Silver badge

Because it's pointless, that's why.

49
4

HMRC told AGAIN to toughen up on VAT-dodging online traders

Lee D
Silver badge

Re: How hard can it be?

Why?

If they have to mark all their products as "used" to be VAT-free, then they're not going to like doing that for big-brand items (i.e. the things that sell for the most money).

0
0

Giffgaff admits to billing faff, actually tells folk to turn it off and on again

Lee D
Silver badge

Re: Oy

I make about £20 a month out of giffgaff.

I work at a school, they have lots of international teachers etc. They all come to IT for help setting up their phones, skype, etc. to call home.

I don't force it, but I hand out giffgaff SIMs. Every time they activate one, I get cash which gets to my Paypal eventually.

And lots of them do stay on giffgaff because of the "PAYG / Monthly" thing so they can pick and choose and be short of money and knock down their package without obligation. Nobody ever calls for support, so they don't notice giffgaff's is only online.

They really need a "big bundle" though, that I can tether for mobile broadband. 9Gb isn't enough and even the unlimited package is subject to a tethering limit.

I also activate a lot of their cards for things like GPS trackers and GSM gate openers. Run it down on PAYG over a year from about £20, or stick it on the £5 a month one if you want guaranteed service.

3
6

Time to dump dual-stack networks and get on the IPv6 train – with LW4o6

Lee D
Silver badge

Re: Big advantage

All your major services are now proxied through the 4&6 machine at the boundary. All your external connections, webmail, remote, VPN, etc.

If your ISP says "no more IPv4 for you", it doesn't matter.

Internally, you then have ALL THE TIME IN THE WORLD to upgrade, and if you're using web proxy etc. then it's quite seamless. But all your customers and outside services are already up and ready.

You can now deploy 4 machines. 6 machines. 4&6 machines. It literally doesn't matter. You can move services one by one. But your outside customers (e.g. visits to your website) can use both from the second you do it, and your external IPs number... 1 of each.

Your internal workings, IP's, etc. literally don't matter. That's the beauty of NAT.

But what you were telling people was "You have to give every machine, server, printer, phone, etc. a world-routable IPv6 address, from day one, and configure your systems securely to allow that. Oh and NAT IS EVIL AND YOU HAVE TO DESTROY ALL TRACES". That was ALWAYS nonsense. You leave them exactly as they are, IPv6 the gateway, leave everything else on IPv4 NAT and then everything else is done at your leisure.

Say The Reg had done that? They could just add "IPv6 compatibility" to their front page and all their clients would be happy and think they were "cutting edge". They could be using IPX internally, nobody cares.

5
1
Lee D
Silver badge

Re: Big advantage

NAT and IPv6 were always entirely unrelated.

Only stupid people thought that NAT wasn't the ideal way to transition - convert your NAT gateway to IPv6, bang, job done and no more internal changes required until you wanted to.

The confusion of the two is EXACTLY what held back adoption and instead... ironically... resulted in Carrier-Grade NAT at the ISP in order to keep things moving.

P.S. Maybe The Reg could read the article linked themselves? Because they keep SAYING they're doing something about IPv6 but I've yet to see any movement.

5
1

Vodafone pinches mobe network nerd metrics from the mighty EE

Lee D
Silver badge

Three suits me fine. I get 30Mbps down, 20 up and it replaces all other Internet connections except my smartphone.

I hate to say it, especially as I nearly sued them at one point, but they do quite well for a decent price on their SIM-only dongle deals.

Happily live my entire online life via them, including all kinds of streaming, without issue.

Vodafone, however, still haven't worked out how to let me order another SIM after the first one never arrived. I can't even sign up for another account on the same card, and the account I have I can't do anything with. They say I can resolve it by going into a shop, but that's not what I expect from a tech company. Shame, as they were my first choice and I was going to buy their addons so all my WhatsApp, iPlayer, etc. traffic wasn't counted, but they were too dumb to even get a SIM to me, or sort out the account problem.

2
1

SD cards add PCIe and NVMe, hit 985 MB/sec and 128TB

Lee D
Silver badge

Re: Heat sink?

Not at the stupendous low voltage they use, I imagine.

0.4V and they separate it into multiple "few hundred mb/s" lanes. So no warmer than an Ethernet cable, in fact probably a lot less.

5
0
Lee D
Silver badge

Re: No Wear Levelling hmmmmmm

You must be buying some cheap junk SD cards.

My cards been in my dashcam for 2.5 years (since I bought my car) and it's absolutely fine.

The card in my phone has been there for nearly 8 years. Also fine.

I have a card inside a CCTV camera doing a timelapse. That's been six months+ and still fine. In fact the reason they include it is so that you can constant-record to it in case the system goes down, a lot of CCTV cameras do now.

I get that they aren't certified to last forever, but if you're replacing every few months, you have a false economy on whatever junk it is that you're buying and just need to buy a decent card.

18
0

The butterfly defect: MacBook keys wrecked by single grain of sand

Lee D
Silver badge

And yet... they KEEP BUYING APPLE PRODUCTS too.

9
0

Ticketmaster gatecrash: Gig revelers' personal, payment info glimpsed by support site malware

Lee D
Silver badge

Seriously.

Stop giving your call centre and back-office agents general purpose operating systems and/or permissions enough that they can get infected by any random passing malware. They don't need it.

Also, don't give them free reign of the database access. Rate-limit, dial down permissions and make them REQUEST info. Then if one person requests info on a million users, you know there's something wrong.

2018, and we still can't get the very basics of "need to know" and "minimal permission necessary" right.

2
0

Firefox hooks up with HaveIBeenPwned for account pwnage probe

Lee D
Silver badge

Breaches — 41 emails found.

Three of which contain an email address that I know to be a service I signed up for (all of which were spammed to oblivion years ago so they were made public before this service even existed). All of which are blocked at my mailservers with a "This email address was distributed without permission, all emails blocked" message. All of them were "give us an email to register" style emails, so nothing of value there, where some employee later sold on the list of emails presumably (one of them that I know for sure was theft of emails by a "former employee" of the company I gave that email and spammed to try to drum up business for their related spin-off...).

Five of which are my "You don't need a real email" nonsense emails "johnsmith@" etc. before I started tying them to the services I had given that address to. They've been spammed to oblivion for years, and could have come from anywhere but certainly don't have any passwords associated with them.

The rest are all made-up, poorly-copied/pasted (e.g. "ohnsmith@" etc.) or just plain nonsense that never existed ("junk_maildd") and seem to have been culled from spam people try to falsely send with my domain as a "from" (I'm SPF'd up but lots of people don't care and I still get bouncebacks).

Ironically, among the list are:

- LinkedIn

- Adobe/Macromedia

- Disqus

"compromised" emails... which is strange because the emails listed are junk and nothing to do with me, and I have real accounts for those that *aren't* listed, all of them far pre-dating the so-called exposure of the compromised lists.

I'm not at all convinced about the utility of this service at all.

3
1
Lee D
Silver badge

Never used to be an option, because you'd need to do the domain verification (otherwise someone could just request @gmail.com). Now they have domain verification, though, it seems.

0
0
Lee D
Silver badge

Re: handy..

Virus scanners are also REALLY easy to evade.

Take anything from your inbox, even years old, that's malware.

Change the javascript / whatever around a bit, to produce pretty much identical code but breaking the existing signature (usually, the lines nearest the "exploit vector" itself are most heavily detected - jumble them up and introduce some intermediate variables, etc.). Upload to VirusTotal. Watch it sail through every commercial antivirus in the world, while still capable of performing a (years old) exploit.

What things like VirusTotal show you is that anything can be a virus, and also that even the things that packages think are viruses aren't necessarily (e.g. an awful lot of apps are detected as "malware"... everything from sysinternals tools to scripts from Microsoft's own knowledgebase. Because they have, or could, be used maliciously).

I'm fairly sure I could knock up a self-replicating drive-wiping virus in a few hours. A bit of tweaking and I bet I could get it past VirusTotal with a clean slate. Should it ever run rampant, and end up on the signatures list, I could make a variation in minutes that would slip past the same scanners again.

Generally speaking, I'm the one telling Sophos that something that came into work is a virus, not the other way around.

And there are private and manufacturer-supported tools that do exactly this - have a VirusTotal-like equivalent sandbox for people to check their apps aren't going to be blocked on release, to submit and test things that might flag, etc. And you can guarantee that the bad guys have the exact same services available to themselves (hey, they don't even need to worry about licensing the antivirus, do they, really?).

The number of actual malware websites is pitifully tiny, and obvious the second you hit them. Any modern browser is defended by "Don't hit download and then run the program it downloads". The browser DOM does more than antivirus, or low-privilege sandboxing setup programs, ever did.

Though it could be helpful, there are browser extensions that do just what you say already. But it's a false sense of security. A VirusTotal check will happily let you download all kinds of crap, but will stop you getting basic admin tools off microsoft.com and things like that.

1
0

Forums

Biting the hand that feeds IT © 1998–2018