* Posts by Tom Wood

547 posts • joined 14 May 2008

Page:

Openreach tells El Reg it'll kill off copper sales in 118 UK locations next year

Tom Wood

Re: Quick Question regaring Fibre

Short answer is "yes it's asymmetric" for most residential packages.

Who's still using Webex? Not even Cisco: Judge orders IT giant to use rival Zoom for virtual patent trial

Tom Wood

I have to use WebEx occasionally for meetings with customers. It's certainly much better now than it used to be a few years ago - it may not look any prettier but it now Just Works in Firefox on Ubuntu without any plugins or anything.

Though every company I use WebEx with seems to have a slightly different system (whether you can use web audio or have to phone in or have it phone you, etc), maybe due to how it is configured.

Leave your admin interface's TLS cert and private key in your router firmware in 2020? Just Netgear things

Tom Wood

Re: Am I missing something.

You must be using an old browser. I just tried in Firefox and you see a crossed-through padlock icon when visiting 192.168.1.1, hovering over this the tooltip reads "Connection is not secure".

Tom Wood

Re: Netgear are between a rock and a hard place

Firstly, that would also trigger the "insecure" warnings in the user's browser, since nobody would issue a TLS certificate for that IP address.

Secondly, while an IP address might work fine for you, most less savvy users might be rather confused by it.

Tom Wood

Netgear are between a rock and a hard place

I am sure this was not some unknown vulnerability, rather a deliberate decision made by Netgear as the least-worst option.

Even if they did have per-device keys, it would make no difference, unless they also had per-device domain names with associated certificates (e.g. they asked you to visit abcdef123456.routerlogin.net, which is somewhat less user friendly). Having a bunch of different keys and certificates all for the same domain wouldn't give any more security as an attacker could use any one of them in a MITM attack.

I think Netgear probably knew the risks and took the decision to basically allow the key to be compromised as still being preferable to having to tell users to click through browser warnings (neither is secure anyway).

We live so fast I can't even finish this sent...

Tom Wood

Re: Now you know what 2020 is going to look like

The best crisps are Yorkshire's own Seabrooks, cheese and onion flavour, which come in a yellow bag. Which is probably the closest 4-bit colour to cheese, or onions for that matter.

Smart speaker maker Sonos takes heat for deliberately bricking older kit with 'Trade Up' plan

Tom Wood

Re: Right to repair?

The fact they can offer a 30% discount suggests that all Sonos kit is at least 30% overpriced. That's reason enough not to buy it.

Reasons to be fearful 2020: Smishing, public Wi-Fi, deepfakes... and all the usual suspects

Tom Wood

Re: if you're prepared to cough up an email and some other details

you mean you use a genuine / non-disposable email address for such purposes?

We are absolutely, definitively, completely and utterly out of IPv4 addresses, warns RIPE

Tom Wood

wow, they've gone up in my estimation :)

Tom Wood

Re: "We have now run out of IPv4 addresses"

Protocols only work if everyone wanting to use the protocol supports it.

There isn't enough space in an IPv4 packet header for any number of extra bytes of address.

Which is why IPv6 went from 32 bit addresses to 128 bit addresses - so we are not likely to ever need a longer IPv7 address...

If you want to create your own "MyIPv4+" protocol with 64 bit addresses, you could try, but it would be a lot easier just to adopt IPv6...

Tom Wood

Actually a state-owned ISP could lead to massive uptake of IPv6, if they made it available to all domestic customers. Most residential ISPs don't currently provide IPv6 connectivity.

Tom Wood

Do Sky really give you a routable IPv6 address, or is it just a link-local one?

At work we have functioning IPV6 and traffic to sites that support it (like Google) uses v6. I used it to test my own personal websites which also work on v6.

But my ISP at home (EE) don't provide IPV6 connectivity. If they did I'd use it.

I'm still not that Gary, says US email mixup bloke who hasn't even seen Dartford Crossing

Tom Wood

Re: Handle Gmail handles with care

I get all the same sort of stuff too. I have a very old, 6 letter gmail address. The ones that irk me most are from the likes of Instagram and other websites that really should know better about email verification.

ZTE Nubia Z20: It's £499. It's a great phone. Buy it. Or don't. We don't care

Tom Wood

Re: What about Skypiness

You can do that with most phones though? They just have 2 cameras, rather than 2 screens.

Tom Wood

Re: Not Cool

You could use it for playing Battleships?

Tom Wood

Re: Well played, sir

"More polish than a Pledge factory in Gdansk" would have been a more, erm, polished way of putting it.

Socket to the energy bill: 5-bed home with stupid number of power outlets leaves us asking... why?

Tom Wood

Re: Lots of sockets

You can never have too many sockets in a kitchen, even with a moderate number of middle-class appliances (coffee grinder, coffee maker, breadmaker, slow cooker, food mixer, blender...as well as the usual kettle, toaster and microwave)

Our kitchen definitely doesn't have enough, it's a pain to unplug the toaster if you want to use the blender for example.

When I had my last house rewired, the electrician thought I was weird for wanting two double sockets fitted on either side of the double bed in the bedroom, but it definitely proved useful (if you just have the one then it's full with a lamp and a phone charger, it's nice to have one for a second kind of charger and a free one to plug the hoover in...).

The eagle has handed.... scientists a serious text message bill after flying through Iran, Pakistan

Tom Wood

Re: Global roaming charges are evil

On holiday in the summer, we went to the Greek island of Lesvos. As it's in Greece, which is part of the EU, roaming is free. Except when you drive around the northern coast of Lesvos, which is quite close to the mainland of Turkey, and your phone connects to a Turkish network.

We were driving for 20 minutes, my phone got a text which I didn't read as I was driving. When we stopped a few minutes later, I saw it said "welcome to Turkey, data is £3 a megabyte".

I immediately switched off data roaming, but when I got home I found I'd been charged £2.97 for whatever my phone was doing in those few minutes.

Luckily it wasn't more...

GitLab reset --hard bad1dea: Biz U-turns, unbans office political chat, will vet customers

Tom Wood

Re: Open Season

No, the whole point is quite the opposite. Life is not black and white, and while it may be more "efficient" to pretend that it is, reality is that you have to consider the particular set of circumstances and make a value judgement on those circumstances. You can't avoid this by lazily saying either "anything goes" or "if you rule this out you will slide down the slippery slope".

Tom Wood

Depends on which set of facts you are checking.

Previous commenters in this thread seem to be contradicting each other because they are talking at cross-purposes about two different court cases involving bakeries. One was in Northern Ireland and the other in Colorado.

Sod 3G, that can go, but don't rush to turn off 2G, UK still needs it – report

Tom Wood
Mushroom

Radio 4 is one of the few things keeping us from nuclear war.

https://www.businessinsider.com/bbc-radio-show-may-be-preventing-nuclear-apocalypse-2018-8

A cautionary, Thames Watery tale on how not to look phishy: 'Click here to re-register!'

Tom Wood

Re: Why no subdomain!?

Indeed. And if I were a phisher I could even register a much more convincing looking domain than online-thameswater.co.uk - for example thames-water.uk is available at time of writing.

Help! I bought a domain and ended up with a stranger's PayPal! And I can't give it back

Tom Wood

Re: Trying to report when people sign up with my addresses is painful

Likewise. I have a vintage Gmail account (from when they rolled it out invite only to Blogger users) with a short username. The number of people who get my email address either through typos or through being too stupid to know their own email address is ridiculous.

I've received all sorts of order confirmations, 'your car is ready to collect from its service', 'reminder of your dentist/hairdresser/therapist etc appointment', website signups, circulars for community groups etc. Aside from the community group ones invariably I have to mark them as spam in Gmail (which they are, since while the businesses may be legitimate they are certainly unsolicited emails).

Gather round, friends. Listen close. It's time to list the five biggest lies about 5G

Tom Wood
Black Helicopters

China is not using 5G to spy on people

You say, on a page plastered with Huawei adverts... ?

You were told to clean up our systems, not delete 8,000 crucial files

Tom Wood

Re: xfer

I have a cron job that runs once a day and deletes files from ~/tmp (not /tmp) after 7 days and ~/Downloads after 30 days.

Stuff of a 'here's some notes I might need this afternoon' nature gets saved to ~/tmp. If it's something genuinely useful then it must be filed properly or hit the bit bucket next week.

London's Gatwick airport suspends all flights after 'multiple' reports of drones

Tom Wood

The internet

Can't these things be controlled remotely from the internet? How are they planning to find the operator when s/he could literally be anywhere?

OnePlus 6T: Tasteful, powerful – and much cheaper than a flagship

Tom Wood

Re: L500

I use my phone more than my personal laptop. It is more powerful than said laptop and crams that power into a smaller package... No wonder its more expensive.

Tom Wood

Re: My 5 is still good

My 3T is still going strong, as is my wife's 3 (though hers is on its fourth screen courtesy of the Nationwide's insurance policy).

Put your tin-foil hats on! Wi-Fi can be used to guesstimate number of people hidden in a room

Tom Wood

CCTV

"Wi-Fi base stations could be used in shops, offices, hotels, cafes, and so on, to work out how many people are present at a given moment of the day"

Don't most of those places already have CCTV which could be used for such purposes... Probably more reliably?

Redis does a Python, crushes 'offensive' master, slave code terms

Tom Wood

Re: "Hurtful"

Like the old argument about 'brainstorming'. Someone decided that would be offensive to people with epilepsy and decreed it henceforth be known as a 'thought shower'. But then someone actually asked the people who actually were epileptic and they laughed: https://www.epilepsy.org.uk/press/facts/brainstorming-offensive

Google keeps tracking you even when you specifically tell it not to: Maps, Search won't take no for an answer

Tom Wood

Re: Firefox and DuckDuckGo

"Only sometimes?"

Actually it seems like a good idea to use more than one browser. And more than one credit card, more than one supermarket, etc.

Then at least none of them have *all* your data.

Tom Wood

Firefox and DuckDuckGo

A couple of weeks ago I found a lot of websites I use regularly kept crashing in Chrome on Android (repeated 'Aw Snap' messages). So I downloaded Firefox and found it works just as well as chrome (but without the errors).

While I was there I noticed it was easy to search DuckDuckGo instead of Google and indeed to set it as default. First time I'd used DDG and its actually pretty usable.

So, while Google still know my location etc they don't know what I'm searching for.

Also I noticed there were a lot of websites where audio recording and camera permissions popped up in Firefox - no idea why, they were just news sites etc - ads triggering these permissions? Needless to say I denied them as I have no need to use audio or camera from within Firefox.

So yeah, use a different browser sometimes.

Nah, it won't install: The return of the ad-blocker-blocker

Tom Wood

Re: Independent

Our local rag's website shows the first paragraph of an article then asks you to answer a survey question to see the rest of it.

Of course you don't have to actually read the question or any of the multiple choice answers, jabbing one at random works fine.

No idea who is paying them for the survey results but it can't be very useful data.

We shall call him Mini-U – Ubuntu reveals tiny cloudy server

Tom Wood

Re: also for Docker?

The article mentions containers in the first sentence and Docker in the third. So yeah.

Tom Wood

You can't have your cake and eat it

The things that make it comfortable to use also make it 'not small'.

Like how camping beds are less comfortable than regular beds.

Google Chrome update to label HTTP-only sites insecure within WEEKS

Tom Wood

Re: Shared Hosting

"no one can see what you're browsing with https" was never really true. The domain you are visiting is always sent in the clear during DNS resolution and the fact that you are connecting to a particular IP address is always visible (or the Internet protocol wouldn't work). Without SNI there was a one to one mapping from secured domain to IP address anyway.

What particular URLs you are accessing (below the domain level e.g. Pages within a site) is encrypted, and is still encrypted with SNI.

It's hip to be Square: Twitter founder Jack Dorsey's other firm targets White Van Man

Tom Wood

Re: I trust nothing Jack Dorsey touches...

But Square isn't really innovative, St least in Europe. PayPal, iZettle, Sumup and probably others all have type chip and pin and contactless readers and offer a similar service to Square. The square reader doesn't even seem to have a screen or a pin entry keypad.

Cambridge Analytica CEO suspended – and that's not even the worst news for them today

Tom Wood

Re: What I don't understand

Obama's (and yes, Corbyn's) campaigns mainly used social media in an open, person-to-person way, sharing links and personal opinions amongst their friends etc with the source clearly attributed.

What the Brexit and Trump campaigns did via Cambridge Analytica was paid, targeted advertising/propaganda which was not attributed to the party/group paying for it, and furthermore was targeted in an opaque way based on stolen data (they used the data of people's friends against Facebook's published terms of use and without their knowledge).

There is clear blue water between the two ways of using social media to campaign.

You can't find tech staff – wah, wah, wah. Start with your ridiculous job spec

Tom Wood

Re: Not knowing how to look can make it hard to find

Our interviews are very real-world, and of course still many people don't make the grade.

I'm sure I wouldn't. I have software deployed in C, C++, C#, Go, Python, SQL92, JavaScript, TypeScript and Kotlin on 4 different embedded ARM architectures plus Linux, Windows and FreeRTOS.

Can I remember the exact syntax, APIs, class libraries etc for all of them off the top of my head? Of course not.

Absolutely, and what about me saying our interviews are very real-world made you think I'd expect you to know all the syntax etc?

In the real world, people use Google. They look at books. They ask people for help. No, we don't let people use Google in our interviews but we do give people help and drop clues. It tells you more if someone can pick up on a clue and run with it rather than stare at you blankly (or argue that your clue is wrong). If someone says "I'm not sure but I'd look it up" I'd ask them what they would look up - it's no good searching Google if you don't know what you are searching for. It's no good reading an answer on StackOverflow if you can't understand it and tell the good answers from the bad ones - so we give people code to read and ask them to find what's wrong with it, and why. Would this code work? Could it be done better a different way? What do you mean by "better"?

etc

Still, I've had more than one candidate who couldn't write a 'for' loop without help...that much I do expect you to know, in at least one language...

Tom Wood

Re: Not knowing how to look can make it hard to find

That's certainly not true of everywhere. A lot of what gets written about recruiting software engineers implies the employer is awash with candidates and it's a case of whittling the list down to the number of vacancies.

In my experience that's often not the case, at least in the regions we work in. Our interviews are very real-world, and of course still many people don't make the grade.

Tom Wood

Re: Bucolic programming

Interesting you should mention Bradford. We're a tech firm based on it's outskirts and we're certainly not alone in this region. And yeah, we struggle to recruit good engineers too.

Good luck building a VR PC: Ethereum miners are buying all the GPUs

Tom Wood

"Proof of work"

Greenpeace (etc) should award a prize to whoever can come up with a cryptocurrency where the "proof of work" is proof of /useful/ work - not just burning CPU cycles (= heating the planet/wasting electricity).

UK parliamentary email compromised after 'sustained and determined cyber attack'

Tom Wood

Re: Email != Webmail

Because the algorithms which are used to limit logins usually take into account the IP from which the attempt is made

Well don't use those algorithms then.

(I know, you could lock a legitimate user out of their account in that case, but maybe you could design some way to mitigate the impact of that, e.g. require a user to log in from a separate web system using decent 2FA or whatever to unlock their account in that case).

Tom Wood

Re: Email != Webmail

Why are limited login attempts not going to stop that happening?

Every time I change my work network password, I have to first stop my phone and email client auto-syncing with the server, otherwise I get locked out of my email for too many bad password attempts.

And if logins are automated, all the more reason for using long and complex passwords.

Tom Wood

Re: Why all the speculation?

So? Messagelabs provide the first MTA, I expect mail passes through a bunch of other servers before it reaches the users.

Sysadmin finds insecure printer, remotely prints 'Fix Me!' notice

Tom Wood

University printers

In our Computer Science department at uni (2003-2007) they had some network printers which were connected such that every page printed cost a few pence in credit. Students were allocated a couple of quid of free credit each term and if you used that up you had to buy additional credit using a coin box.

They also had stuck fixings to the printer trays with epoxy and used a padlock and chain to stop people fiddling with the internals, or taking paper from the paper trays.

Some bright spark figured out that you could walk up to the printer and print a diagnostics page from the menu, and it showed the printer's IP address. The printer had a FTP interface enabled and any postscript file transferred to it would be printed instantly. Of course this was all anonymous and bypassed the print credit charging system.

After that I don't think anyone seemed to run out of printer credits. One guy even took to printing a blank postscript file whenever he wanted a blank piece of paper.

Worse still, at least at that time universities had huge IPv4 address blocks meaning every PC - and yes, the printers - in the department had real-world public IP addresses. Not sure if anyone tried but I reckon you could have logged in to that printer from anywhere in the world, without any authentication, and printed stuff off.

74 countries hit by NSA-powered WannaCrypt ransomware backdoor: Emergency fixes emitted by Microsoft for WinXP+

Tom Wood

Re: When the dust settles...

The OS provider who has been warning for years 'this OS is obsolete, it's unsafe, we no longer support it, stop using it'?

Tom Wood

That looks like like the result of 'randomly' mashing the keyboard, not truly random. Lots of substrings formed of letters that are close together on the keyboard.

D'oh! Amber Rudd meant 'understand hashing', not 'hashtags'

Tom Wood

"Banning end-to-end encryption"

Haigh also asked what assessment has been conducted of the consequences for (a) the UK economy and (b) national security of banning end-to-end encryption?

How could the government ban end-to-end encryption? Or rather, how could they enforce such a ban? Assuming they can inspect all internet traffic, encrypted content should be indistinguishable from random noise, so are they going to ban sending random data over the internet? Assuming not, an encryption tool could just hide genuine data in amongst a stream of random noise; there's no way they could force you to decrypt the random noise because it's impossible to do so, and no way for them to tell which of the packets contain encrypted content.

Of course they could prevent named service providers from offering messaging apps that use end-to-end encryption, but someone (probably abroad) would just create another one, or the terrorists will use PGP or something. We all know how well attempts at banning that went.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020