* Posts by Colin Miller

615 publicly visible posts • joined 19 Apr 2007

Page:

How Apple Wi-Fi Positioning System can be abused to track people around the globe

Colin Miller

If a stalker knows their ex's accespoint's BSSID, then they might be able find out where it is, by sending a location request with (for example) FF:FF:FF:00:11:22 at 10%. If it returns an approximate location, then they can stalk the area (G's result). A's result appears to be the exact location of the access point.

I hope both services will check what other access points should be visible, and if the request doesn't include any of them, then they will reject the request

Elon Musk's latest brainfart is to turn Tesla cars into AWS on wheels

Colin Miller
Boffin

Re: Tesla's used 1/3rd of the time?

He might - shock I know - have thought this through, and only have the cars do the computation when they're connected to mains power.

Assuming that when the car is at home it's on-charge, and not when at work, then being available for about 2/3 of the time is in the correct ball-park

That's not the web you're browsing, Microsoft. That's our data

Colin Miller

justice delayed is…

They'll get fined for this, no doubt. $1 million, in 10 year's time

Thieves steal 35.5M customers’ data from Vans sneakers maker

Colin Miller
Holmes

Why do they need customers' SSN?

What legitimate reason does a webstore need for its customers' SSN number?

Postal and email address, yes. Credit card numbers ideally should be kept on a different server, and passwords should be salted.

But I can see no reason for the SSN, nor what they would do with it

You don't get what you don't pay for, but nobody is paid enough to be abused

Colin Miller

Abigail oath

This rather reminds me of Abigail's Oath, which I think was named after a member of the Scary Devil Monastery, who was forced out of her job. It goes

I am hired because I know what I am doing, not because I will do whatever I am told is a good idea. This might cost me bonuses, raises, promotions and may even label me as “undesirable” by places I don’t want to work at anyway, but I don’t care. I will not compromise my own principles and judgement without putting up a fight. Of course, I won’t always win, and I will sometimes be forced to do things I don’t agree with, but if I am my objections will be known, and if I am shown to be right and problems later develop, I will shout “I told you so!” repeatedly, laugh hysterically, and do a small dance or jig as appropriate to my heritage

However, I'm struggling to find the original

Robot can rip the data out of RAM chips with chilling technology

Colin Miller

DDR bus snooping

Is it possible to attach a device to the DDR bus, and snoop on all traffic on it?

Yes, that is probably like trying to drink from a firehose, but it would give you a wealth of information about what the CPU is doing

Gunfire at electrical grid kills power for 45,000 in North Carolina

Colin Miller

Access

Master key?

I've seen the street door to a transformer building (on a a university campus) with, instead of a padlock through the hasp, a bolt. The bolt had a hole at both ends, each with one padlock. I assume one key was for electricity board, and the other was uni facilities. That way the board's engineers can get in with their normal key. and faculties can get into that specific transformer with they key - but no other transformer.

Two signs in the comms cabinet said 'Do not unplug'. Guess what happened

Colin Miller

Go ahead, be rude. You don't know it now, but it will cost you $350,000

Colin Miller

Re: You get what you order

Elephant are owned by Admiral

Hooking up to Starlink might be pricier than you thought

Colin Miller

wages

And will he be raising staff wages by 6% (or whatever the local inflation rate is)?

No? I thought not

Are we springing into a Y2K-class nightmare?

Colin Miller

European Union ending summer time

The EU has voted to end Winter Time/Summer Time; the vote went through in 2018. It was due to come into effect in 2021, but it seems to have got stuck somewhere. Each country could decide if it would prefer to be on local summer time, or local winter time.

The UK has decided, post-brexit, that it will keep changing it's clocks

EU Press Release

To err is human. To really tmux things up requires an engineer

Colin Miller

Re: Here's Johnny...

or use

ALTER DATABASE DevSys SET SINGLE_USER WITH ROLLBACK IMMEDIATE; GO;

ALTER DATABASE DevSys SET READ_ONLY; GO; --

It's reversible, but still makes the point. They can't do anything until the db is put back into MULTI_USER.

Court papers indicate text messages from HMRC's 60886 number could snoop on Brit taxpayers' locations

Colin Miller

Delivery receipt?

A mobile phone user can already turn on delivery receipts for all SMSs they send; when the SMS is delivered to the recipient's phone a SMS is sent back to the sender's phone. AFAIK the recipient can't prevent this.

Likewise for MMSs you can request both delivery and read receipts, although the recipient can block sending both of the receipts.

Is there any reason why HMRC didn't use this, instead of SS7?

Some errors fill the screen. And some come from the .NET Framework

Colin Miller

Win 7 with classic skin

It looks like it is running Windows 7 with the classic (aka NT skin), or Windows Embedded Standard 7.

Amazon tells folks it will stop accepting UK Visa credit cards via weird empty email

Colin Miller

Re: Debit card? Nope!

The lack of CVV generally pushes up the merchant's costs. However, requiring CVV breaks 1-click purchasing. 1-Click is required for Kindle purchases.

HIV Scotland fined £10,000 for BCC email blunder identifying names of virus-carriers' patient-advocates

Colin Miller

BCC hidden by default

It's not helped by Outlook hiding BCC by default. If the PC was recently (re)installed then the Bcc field might have been hidden.

Can Exchange be set to detect more than 10 recipients and block the outgoing email?

Nobody cares about DAB radio – so let's force it onto smart speakers, suggests UK govt review

Colin Miller

ok, they are going to force Smartspeaker manufactures to add DAB+ functionality, and then boast that 100,000+ DAB receivers are being sold a year.

However, that doesn't guarantee that anyone will actually use the DAB. It really depends on if people like listening to ads and DJs who talk over the songs.

In a complete non-surprise, Mozilla hammers final nail in FTP's coffin by removing it from Firefox

Colin Miller

WinSCP

WinSCP ( https://winscp.net/eng/index.php ) is a good tool for scp and ftp, on Windows

It has two explorer-like panes, the left local and the right remote. You can also drank from the right into another explorer and vice-versa

NASA shows Mars that humans can drive a remote control space tank at .01 km/h

Colin Miller
Joke

magic code

forward, forward, back, back, left, right, left, right, clockwise, anti-clockwise

Oh, no one knows what goes on behind locked doors... so don't leave your UPS in there

Colin Miller

Methinks they need to put a sign on the socket reading 'do not switch off, on pain of termination'. Or use a switched outlet.

However that won't stop the kind of people Terry Pratchett has referred to.

The BOFH can, however, terminate an etherkiller...

New lawsuit: Why do Android phones mysteriously exchange 260MB a month with Google via cellular data when they're not even in use?

Colin Miller

determing mobile data destination

How do you tell what servers your phone is connecting to over mobile data? Over WiFi it's reasonably easy - install Wireshark on the hotspot or another device that can eavesdrop.

But unless you are running your own basestation (not impossible, but beyond most peoples' abilities), or root it for TcpDump to work, I don't know how to grab the data.

Radio nerd who sipped NHS pager messages then streamed them via webcam may have committed a crime

Colin Miller

Fingerprints

Any non-citizen entering the US by air will be asked for their fingerprints

Ancient telly borked broadband for entire Welsh village

Colin Miller

OFCOM

Don't OFCOM take a dim view of electronic equipment emitting stray RF signals, to the detriment of other people in the area? IIRC, OFCOM can get a court warrent to check the equipment, and possibly seize it

Mate, it's the '90s. You don't need to be reachable every minute of every hour. Your operating system can't cope

Colin Miller

IMAP filtering. Was Re: installing discipline in the senders of email...

There are a number of headless apps which connect to a IMAP mail server, and can move emails to filters based on your rules.

As IMAP is a push protocol (POP3 was pull), and IMAP stores the mail on the server, the filters can activate on receipt of emails.

Brit MP demands answers from Fujitsu about Horizon IT system after Post Office staff jailed over accounting errors

Colin Miller

Re: WTF?

Postmasters were prosecuted using unreliable evidence

https://www.bbc.co.uk/news/uk-52905378

UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal

Colin Miller

Bluetooth disabled?

Does the app function correctly (I hope not!) if the user has turned off Bluetooth on their device? Until I got a smartwatch, I only turned on Bluetooth when I was using it, in an attempt to extend my phone's battery life.

However, I'm not sure how many other folks do this

Arm gets edgy: Tiny neural-network accelerator offered for future smart speakers, light-bulbs, fridges, etc

Colin Miller
Terminator

SCC GPP

When will we end up with Sirius Cybernetic Corp smart light bulbs with Genuine People Personality? Which are either deliriously happy to light out way or sulk and refuse to work lest we injure ourselves in a task that they help facilitate

Shouldn't Uber freeze app accounts to prevent spread of coronavirus by drivers and fares? Oh, OK, it already is

Colin Miller
Flame

compo

I hope (but expect to be disappointed) that Uber will pay the drivers compensation for denying them buisness [can't call it lack of wages].

The riders should also receive money/credits for being denied access to Uber's services

Whirlybird-driving infosec boss fined after ranty Blackpool Airport air traffic control antics

Colin Miller

Re: Contrary view

Helicopters use more fuel when hovering as opposed to flying forwards

Colin Miller

Re: fined £1,600 plus £870 in legal costs

That's pocket change if you can afford a £550/hr helibird

Why is a 22GB database containing 56 million US folks' personal details sitting on the open internet using a Chinese IP address? Seriously, why?

Colin Miller

Re: How long before all our NHS data appears there too ?

Somehow I read the name as "Bergholt Stuttley Johnson"

It's always DNS, especially when you're on holiday with nothing but a phone on GPRS

Colin Miller

Re: Hit once by this ok. Twice, more fool you

There's nothing quite like leading from the front

Bose customers beg for firmware ceasefire after headphones fall victim to another crap update

Colin Miller

Re: Reason for not rolling back

They already support Siri or GoogleAssist. Adding Alexa is a sensible move

Colin Miller

Re: Just bought a set of QC 35 II's ...

Same here. I bought mine two months ago, which came with the old firmware, and upgraded it to the then latest firmware. Apart from the noise cancellation going into 'low' I haven't noticed anything wrong.

I've changed the action button (big button on the back of the left headphone) to change the cancellation level, and it's easy to knock by mistake when donning/doffing them. By default the button triggers Siri/GoogleAssiast, and the cancellation level is set by the app.

I can't be sure if this the firmware changed the level, or I accidentally changed it at the same time

Malicious code ousted from PureScript's npm installer – but who put it there in the first place?

Colin Miller

repo ip log

The repo will probably log the public ip that the commit was made from.

It may be interesting to peruse the logs for these commits

Oh cool, the Bluetooth 5.1 specification is out. Nice. *control-F* master-slave... 2,000 results

Colin Miller

battery state

On thing the BlueTooth spec could do with is a method to query the deivice's battey's charge level.

That way your phone/pc will watn you when your headphones have less than 1 hour's charge left

Blighty: If EU won't let us play at Galileo, we're going home and taking encryption tech with us

Colin Miller

Launcher?

How are they going to launch the birds? On a modified Blue Streak? It shouldn't be too hard… Wait, ah, err…

'Dear Mr F*ckingjoking': UK PM Theresa May's mass marketing missive misses mark

Colin Miller

Re: Not voting...

In the UK, if a ballot paper is spoilt, then all the candidates (or their agents) must agree that it's spolt. So, should you wish to, you can use this to tell the candidates why none of them are worthy of your vote.

Sysadmin shut down the wrong server, and with it all European operations

Colin Miller

Mollyguard

On *nix machines, the mollyguard package installs a set of wrappers around shutdown, reboot, poweroff, etc. If it detects that you are inside a ssh session, it will ask you for the name of the box you intend to shutdown. It refuses to shutdown if you aren't on that box.

It doesn't normally intervene for console and desktops, so be careful with KVMs

Europe dumps 300,000 UK-owned .EU domains into the Brexit bin

Colin Miller

Re: So if they are taking their ball home...

The UK isn't the only EU member-state who has English as an official language.

Fed up with Facebook data slurping? Firefox has a cunning plan

Colin Miller

You forgot fbcdn.net (FaceBook Content Delivery Network) and probably many others

FYI: There's a cop tool called GrayKey that force unlocks iPhones. Let's hope it doesn't fall into the wrong hands!

Colin Miller

Re: If the police have got one...

IIRC, the fingerprint data is stored on a PIC that is dedicated to the reader. The main CPU asks the PIC if the fingerprint is correct. If it is, then the PIC releases an asymmetric key to the main CPU. This then unlocks the flash drive.

Good luck saying 'Sorry I'm late, I had to update my car's firmware'

Colin Miller

I am doubtful of this anecdote. The update screen quite clearly tells you how long it will take and you have to accept the dialog window to continue. They usually say a time > 1hr but often complete a bit quicker. You can also schedule it for any time you like (defaults to 2am or something like that) so there was no need to try and cram it in before a trip either.

It would be useful if the car reminded you of an update when you turn the ignition off. A fair number of folks could well forgot between being told at the start of their drive, and arriving at their destination.

'A sledgehammer to crack a nut': Charities slam UK voter ID trials

Colin Miller

European ID cards

If the Swedish or German government inroduced an ID card, would I trust them to make individual privacy a top priority, and to not subvert the scheme into a means of tracking every detail of their subjects' activities? Possibly. Would I trust Amber Rudd with the same question? Absolutely not.

Germany does have ID cards - they're administrated by the Länder, the 16 federal states, but are now printed centrally. The Länder are on strict instructions, that should the Federal Government become authoritarian, they are to destroy their records. The reasons for this should be obvious to all.

Sweden also has ID cards.

The EU has a list of all identifying documents issued by each member. However, it doesn't indicate what can be used if the police ask you for ID. Britain is one of the few countries that accept your driver's license, which doesn't indicate your citizenship, only which country it was issued by. However, the police will check with the Home Office if they have doubts over a persons citizenship.

UK.gov: Use police body cams to grill suspects at scene of crime

Colin Miller

Copy for the suspect?

Do body-worn cameras have two independent recording systems, as required at a police interview suite? The suspect is entitled to a copy of their interview (in reality, this is given to their lawyer).

Without this, I think a good lawyer will be able to have the interview struck off as being illegally conducted.

Facebook claims a third more users in the US than people who exist

Colin Miller

Dual accounts?

FB may well have 41 million US 18-24 year old with accounts. Some folks may have two accounts, either from abandoning one (forgotten password, too much bullying on the first account).

Or some folks may use two accounts. If you are a closeted LGBT person, you may one for your family who you are not out to, and a second one for your real persona.

Set your alarms for 2.40am UTC – so you can watch Unix time hit 1,500,000,000

Colin Miller

Re: Signed Integer

@hellwing

Uh, for an absolute value, why would you store that in a signed integer? In what scenario is a negative time since epoch useful? An unsigned integer would have given 136-some years of reliability.

Using a signed time_t allows you to use time_t for both datetime, and for a duration. This is useful in procedural languages like C, however most OO languages use a separate DateTime and Duration types.

Colin Miller

Re: Year 2106

@AC, Yup, GPS counts the number of weeks since 1980, as a 10 bit unsigned integer. Thus it loops every 19.6 years. Wikipedia. Of course, if you don't know which decade it is, you've got bigger problems.

When we said don't link to the article, Google, we meant DON'T LINK TO THE ARTICLE!

Colin Miller

ask for a clarification?

If I'm reading this correctly, then Zenith-Betriebe* is concerned that Der Tägliche Iris** inaccurately reported on allegations against Zenith-Betriebe. This allowed Der Tägliche Iris's readers to form the wrong conclusion about the type of fraud alleged against Zenith-Betriebe.

So why didn't Zenith-Betriebe contact Der Tägliche Iris, and ask them to correct their article? Instead it appears that Zenith-Betriebe went straight to the right-to-be-forgotten law.

*, ** all names used are fictional, and any relationship to any real entity is accidental and unintentional.

Page: