* Posts by Time Waster

10 posts • joined 18 Aug 2018

Germany has a problem with the entire point of Amazon's daft Dash buttons – and bans them

Time Waster

Drawer full of buttons

My biggest gripe with these buttons has always been the sheer number of products which would “require” them. If you’re going to bother getting a button for, let’s say, washing powder, logically you should probably grab one for washing up liquid, bog roll, fabric softener, furniture polish, scouring pads, multi surface cleaner, kitchen towels, glass cleaner, dishwasher tablets, rinse aid... and that’s just the under sink cupboard. The question is, where are you supposed to store all these buttons? Maybe what we really need is an Amazon keyboard. Or, better yet, perhaps some kind of touch screen device we could carry around in our pockets...

As others have mentioned, at least they’re better than subscribe and save, where you seem to end up entering an agreement to make future purchases at a price that will be determined (by Amazon) at some later date. If the buttons are deemed illegal, where at least you can cancel / return the order if you seriously disagree with the price, how is this subscribe and save feature OK?

Amazon exec tells UK peers: No, we don't want to be dominant. Also, we don't fancy being taxed on revenues

Time Waster

Re: Heh?

Now, my maths is pretty rusty, but I make that more like 2%. Clearly your point still stands.

UK taxman told to chill out 'cos loan charge is whacking tax dodgers and whoopsies alike

Time Waster

Payday loans

If you accept payment by your employer as non-taxable loans, whilst I’m trying to remain open-minded, I’m struggling to summon much sympathy. I’d actually be very interested to know what happens in such an arrangement were the employer to become insolvent. I would imagine when the liquidators spotted those “loans”, the tax man would be the least of your worries!

Ericsson's very good bad quarter, Mozilla encrypts SNI, new TIP projects, and more

Time Waster

Given the public key for this is shared via DNS, prior to the TLS connection, why not encrypt the whole handshake with it? Presumably this would help protect against downgrade attacks and the like as well? As it stands, this seems a lot of effort to encrypt just one of the many fields in a client hello. Especially when, in the vast majority of cases, that field is (and will continue to be) announced in a cleartext DNS request. Also, unless I am completely misreading that draft, there appears to be no suggestion of encrypting the server certificate, meaning that this will likely also be observable in the CN / SAN returned by the server, which would appear to make the whole venture rather pointless?

You like HTTPS. We like HTTPS. Except when a quirk of TLS can smash someone's web privacy

Time Waster

Re: This is why I set Firefox to clear cache, etc... on close

You sure clearing Firefox’s cache clears NSS’s TLS session tickets?

Microsoft pulls plug on IPv6-only Wi-Fi network over borked VPN fears

Time Waster

Re: Why do we need IPv6

That’s in addition to 240.0.0.0/4 (268 million addresses) “reserved for future use”, in addition to 224.0.0.0/4 (same again) multicast addresses. Given multicast is realistically only usable in highly limited environments (not across the public internet), does this really necessitate a 16th of the total IPv4 address space? As for future use, how is now not the “future”? That’s not even getting into why we need 16 million addresses for localhost (127.0.0.1 is merely the most commonly used from 127.0.0.0/8). I realise many OSes / network devices couldn’t cope with these addresses being publicly routable, but would assume it would be a relatively minor software / firmware upgrade to fix that?

Time Waster

IPv5

I’m going to start pushing IPv5. The crucial difference being 64-bit addresses. These will obviously more or less halve the network overhead, are twice as easy to write / remember, halve memory requirements on network gear and, rather handily fit into current 64-bit CPU artitectures. The one downside being, only 2.5 billion IP address per person on the planet, so we’ll have to be frugal with our IOT devices!

Just for fun, might as well make it backward compatible with IPv4 (6 can go whistle).

Solid password practice on Capital One's site? Don't bank on it

Time Waster

Re: Single figure entry

Thumbs up for the idea of storing hashes of different combinations. Though there’s no way I credit many banks with coming up with (or caring about) doing so. Realistically if, like my bank, they only ask for 3 characters at a time, it wouldn’t take much to brute force those hashes anyway... My bank does ask for a secondary password (I think they call it a memorable word), which I guess (again, assuming a massive amount of faith in their security / engineering teams) they could be storing hashed with these different pre-chosen combinations...

2-bit punks' weak 40-bit crypto didn't help Tesla keyless fobs one bit

Time Waster

Re: Problem-solution dichotomy

I’m with you on avoiding excessive and often unnecessary technology. Keyless entry being a case in point. How hard is it to press a button on a remote to lock / unlock your vehicle, a remote virtually all “keyless” systems still require. Such buttons have the rather handy features of knowing whether you’ve actually locked your car, and rather neatly preventing relay attacks from your hallway / coat pocket. However, going back to physical keys is a step too far even for me. Car thefts have decreased rather dramatically since the 90’s (last I looked, they were down over 80% in the UK) and I can’t help but suspect this may be related to swapping old-school key barrels (which are all too easily old-school hot-wired) for more electronically integrated remote systems. Whilst I’m sure there are some professional car thieves taking advantage of such holes in current technology, I’m pretty sure there are far more teenage oiks with a brick and a pair of pliers looking for some quick thrills.

Self-driving cars will be safe, we're testing them in a massive AI Sim

Time Waster

Re: L5

Whilst no doubt this is true. Any L5 system on sale cannot simply refuse to drive down particular roads or in certain conditions. What if I buy this vehicle and live down such a road? Or jump in a taxi and it starts snowing? Or live in Bangalore?

Biting the hand that feeds IT © 1998–2019