Re: Can we copy one which work
Crowdstrike recently provided a good example of what can happen when everyone uses the same system.
550 publicly visible posts • joined 14 May 2008
My pet hate is popups in apps asking if I "am liking" the app. The only options are "yes" or "no" rather than "just f*ck off out of the way so I can get on with using the app, which is fine apart from this irritating interruption".
"Yes" takes you to the page to leave the app a review on the app store, and "No" takes you to some feedback form.
A fair part of Ocado's business is actually designing the technology behind these warehouses and selling it to other companies - not just delivering groceries.
While the reputation of their grocery business may not have been badly affected, I expect the reputation of their technology business may be impacted a fair bit - especially as this is not the first fire in an Ocado warehouse.
If your website goes down at the same time as a bunch of other websites, your IT department can say "ah well, happens to the best of us".
If your website goes down but the rest of the internet is working, all fingers are pointing at your IT department.
So clearly, from their point of view, cloud services are a good thing...
I have to use WebEx occasionally for meetings with customers. It's certainly much better now than it used to be a few years ago - it may not look any prettier but it now Just Works in Firefox on Ubuntu without any plugins or anything.
Though every company I use WebEx with seems to have a slightly different system (whether you can use web audio or have to phone in or have it phone you, etc), maybe due to how it is configured.
Firstly, that would also trigger the "insecure" warnings in the user's browser, since nobody would issue a TLS certificate for that IP address.
Secondly, while an IP address might work fine for you, most less savvy users might be rather confused by it.
I am sure this was not some unknown vulnerability, rather a deliberate decision made by Netgear as the least-worst option.
Even if they did have per-device keys, it would make no difference, unless they also had per-device domain names with associated certificates (e.g. they asked you to visit abcdef123456.routerlogin.net, which is somewhat less user friendly). Having a bunch of different keys and certificates all for the same domain wouldn't give any more security as an attacker could use any one of them in a MITM attack.
I think Netgear probably knew the risks and took the decision to basically allow the key to be compromised as still being preferable to having to tell users to click through browser warnings (neither is secure anyway).
Protocols only work if everyone wanting to use the protocol supports it.
There isn't enough space in an IPv4 packet header for any number of extra bytes of address.
Which is why IPv6 went from 32 bit addresses to 128 bit addresses - so we are not likely to ever need a longer IPv7 address...
If you want to create your own "MyIPv4+" protocol with 64 bit addresses, you could try, but it would be a lot easier just to adopt IPv6...
Do Sky really give you a routable IPv6 address, or is it just a link-local one?
At work we have functioning IPV6 and traffic to sites that support it (like Google) uses v6. I used it to test my own personal websites which also work on v6.
But my ISP at home (EE) don't provide IPV6 connectivity. If they did I'd use it.
You can never have too many sockets in a kitchen, even with a moderate number of middle-class appliances (coffee grinder, coffee maker, breadmaker, slow cooker, food mixer, blender...as well as the usual kettle, toaster and microwave)
Our kitchen definitely doesn't have enough, it's a pain to unplug the toaster if you want to use the blender for example.
When I had my last house rewired, the electrician thought I was weird for wanting two double sockets fitted on either side of the double bed in the bedroom, but it definitely proved useful (if you just have the one then it's full with a lamp and a phone charger, it's nice to have one for a second kind of charger and a free one to plug the hoover in...).
On holiday in the summer, we went to the Greek island of Lesvos. As it's in Greece, which is part of the EU, roaming is free. Except when you drive around the northern coast of Lesvos, which is quite close to the mainland of Turkey, and your phone connects to a Turkish network.
We were driving for 20 minutes, my phone got a text which I didn't read as I was driving. When we stopped a few minutes later, I saw it said "welcome to Turkey, data is £3 a megabyte".
I immediately switched off data roaming, but when I got home I found I'd been charged £2.97 for whatever my phone was doing in those few minutes.
Luckily it wasn't more...
No, the whole point is quite the opposite. Life is not black and white, and while it may be more "efficient" to pretend that it is, reality is that you have to consider the particular set of circumstances and make a value judgement on those circumstances. You can't avoid this by lazily saying either "anything goes" or "if you rule this out you will slide down the slippery slope".
Likewise. I have a vintage Gmail account (from when they rolled it out invite only to Blogger users) with a short username. The number of people who get my email address either through typos or through being too stupid to know their own email address is ridiculous.
I've received all sorts of order confirmations, 'your car is ready to collect from its service', 'reminder of your dentist/hairdresser/therapist etc appointment', website signups, circulars for community groups etc. Aside from the community group ones invariably I have to mark them as spam in Gmail (which they are, since while the businesses may be legitimate they are certainly unsolicited emails).
I have a cron job that runs once a day and deletes files from ~/tmp (not /tmp) after 7 days and ~/Downloads after 30 days.
Stuff of a 'here's some notes I might need this afternoon' nature gets saved to ~/tmp. If it's something genuinely useful then it must be filed properly or hit the bit bucket next week.
Like the old argument about 'brainstorming'. Someone decided that would be offensive to people with epilepsy and decreed it henceforth be known as a 'thought shower'. But then someone actually asked the people who actually were epileptic and they laughed: https://www.epilepsy.org.uk/press/facts/brainstorming-offensive
A couple of weeks ago I found a lot of websites I use regularly kept crashing in Chrome on Android (repeated 'Aw Snap' messages). So I downloaded Firefox and found it works just as well as chrome (but without the errors).
While I was there I noticed it was easy to search DuckDuckGo instead of Google and indeed to set it as default. First time I'd used DDG and its actually pretty usable.
So, while Google still know my location etc they don't know what I'm searching for.
Also I noticed there were a lot of websites where audio recording and camera permissions popped up in Firefox - no idea why, they were just news sites etc - ads triggering these permissions? Needless to say I denied them as I have no need to use audio or camera from within Firefox.
So yeah, use a different browser sometimes.
Our local rag's website shows the first paragraph of an article then asks you to answer a survey question to see the rest of it.
Of course you don't have to actually read the question or any of the multiple choice answers, jabbing one at random works fine.
No idea who is paying them for the survey results but it can't be very useful data.
"no one can see what you're browsing with https" was never really true. The domain you are visiting is always sent in the clear during DNS resolution and the fact that you are connecting to a particular IP address is always visible (or the Internet protocol wouldn't work). Without SNI there was a one to one mapping from secured domain to IP address anyway.
What particular URLs you are accessing (below the domain level e.g. Pages within a site) is encrypted, and is still encrypted with SNI.
But Square isn't really innovative, St least in Europe. PayPal, iZettle, Sumup and probably others all have type chip and pin and contactless readers and offer a similar service to Square. The square reader doesn't even seem to have a screen or a pin entry keypad.
Obama's (and yes, Corbyn's) campaigns mainly used social media in an open, person-to-person way, sharing links and personal opinions amongst their friends etc with the source clearly attributed.
What the Brexit and Trump campaigns did via Cambridge Analytica was paid, targeted advertising/propaganda which was not attributed to the party/group paying for it, and furthermore was targeted in an opaque way based on stolen data (they used the data of people's friends against Facebook's published terms of use and without their knowledge).
There is clear blue water between the two ways of using social media to campaign.
Our interviews are very real-world, and of course still many people don't make the grade.
I'm sure I wouldn't. I have software deployed in C, C++, C#, Go, Python, SQL92, JavaScript, TypeScript and Kotlin on 4 different embedded ARM architectures plus Linux, Windows and FreeRTOS.
Can I remember the exact syntax, APIs, class libraries etc for all of them off the top of my head? Of course not.
Absolutely, and what about me saying our interviews are very real-world made you think I'd expect you to know all the syntax etc?
In the real world, people use Google. They look at books. They ask people for help. No, we don't let people use Google in our interviews but we do give people help and drop clues. It tells you more if someone can pick up on a clue and run with it rather than stare at you blankly (or argue that your clue is wrong). If someone says "I'm not sure but I'd look it up" I'd ask them what they would look up - it's no good searching Google if you don't know what you are searching for. It's no good reading an answer on StackOverflow if you can't understand it and tell the good answers from the bad ones - so we give people code to read and ask them to find what's wrong with it, and why. Would this code work? Could it be done better a different way? What do you mean by "better"?
etc
Still, I've had more than one candidate who couldn't write a 'for' loop without help...that much I do expect you to know, in at least one language...
That's certainly not true of everywhere. A lot of what gets written about recruiting software engineers implies the employer is awash with candidates and it's a case of whittling the list down to the number of vacancies.
In my experience that's often not the case, at least in the regions we work in. Our interviews are very real-world, and of course still many people don't make the grade.
Because the algorithms which are used to limit logins usually take into account the IP from which the attempt is made
Well don't use those algorithms then.
(I know, you could lock a legitimate user out of their account in that case, but maybe you could design some way to mitigate the impact of that, e.g. require a user to log in from a separate web system using decent 2FA or whatever to unlock their account in that case).
Why are limited login attempts not going to stop that happening?
Every time I change my work network password, I have to first stop my phone and email client auto-syncing with the server, otherwise I get locked out of my email for too many bad password attempts.
And if logins are automated, all the more reason for using long and complex passwords.