Posts by Andrew Jones 2

"from the swipe notifications to the quick access to key settings and applications."

Sorry - are you taking the piss? You do know Android has had swipeable notifications and quick settings (natively) since KitKat (Android 4) ?!

I know you are all having fun with this one - but you know it's fake right?

https://twitter.com/K4LENhasnohoes/status/780148785359966208 this was the original tweet.

There's a sane security reason usually a server is involved in actually generating the preview, especially when it comes to grabbing the og:image resource. I can't believe that they pushed out a product with such a blatant attack vector. Isn't there a security rule about not trusting 3rd party content by default etc? "Let's just take whatever information we get back from the a 3rd party site, parse it and display it" What could possibly go wrong........ I don't have an iDevice to test it - but obviously the first thing anyone should test (bearing in mind Safari is the renderer) would be embedding javascript into the og:description field and see what happens when iMessage tries to preview the URL

To be fair - he quite clearly told the guards that were holding him that he couldn't breathe and when they ignored him, THEN he put his hands around the guards throat - but not before complaining that he couldn't breathe. (Well according the video with English subtitles on it anyway)

OK, it's a step in the right direction - but presumably this relies on the presented Caller ID number right?

We've started getting a lot more calls in the UK that use the trick they use in the US, where they call you from a number that appears to be a local number. In the last 6 months I've had about 40 calls that appear to originate from both the 01361 and 01896 area, but the few times I have answered them, they are clearly calls from a call centre and I know for a fact that there are no call centres in either of these area codes.

If all that is required is to add a password to the hotspot - as in the WPA2 password, and presuming that it will never be changed after it's been added, then there are a good 20 apps where after connecting to a password secured network, the password is then sent off to a server so that anyone else running the app no-longer needs the password to connect. Google "WiMan" for an example.

I obviously have a very dirty mind.... I was expecting an entirely different article after that headline......

With all the Star Trek esqueness going around today - I can't help but hear "Worf" when I read Chief (information) Security Officer....

Phew, I was a bit concerned for a moment then.... but I'm running the latest Xenserver on 64bit hardware with all host OSes running 64bit flavours. Looks like I'm safe for now.

The warp drive may not be here yet, but ThinkGeek have the com badge up for pre-order (sadly only in the US for now, but I'm hoping they will be available globally after November) and with the news about Majel's voice being recorded phonetically.... it's looking incredibly likely that we will get at least some Star Trek tech soon :) www.thinkgeek.com/product/jmgi

Half expecting a post on launch day explaining that El Reg were banned from being anywhere near any Apple store in the country after the article about attempting to get a press invite to the launch event.... and also possibly the "both of you" comment - which I'm still giggling about....

When I was at College, I made mine in Visual Basic, saving the chat unencrypted, in plain text to a dll file in the mapped network drive we all had access to. But I took a print screen of MS Word 97 and used that as the background of my form so when the lecturers walked by - they thought it was just Microsoft Word. It worked surprisingly well. People were less suspicious in the late 90s... they would run anything without a second thought (as evidenced when Newcastle University students sent the Win32CIH virus to someone in the College which was called "Porn2000.exe" and brought every computer in the College to it's knees in an incredibly impressive 3 and a half hours)

Signal detected by Russian astronomers, withheld for over a year, and then it is claimed it originated from a Russian satellite.... yup - that's not suspicious at all....

"Now, in a mystifying settlement, lawyers for the plaintiffs have taken a payout; agreed that none of the plaintiffs get anything;" but then later "Cody Baker, Brian Pincus, Halima Nobles, and Rebecca Abrams – the named plaintiffs in the class action – get $5,000 each."

So... do they are don't they?

I thought they were supposed to be using a GPS database to prevent drones from being able to fly in any areas that were on the database - is that a US only thing or has it just not reached the UK yet?

Oh no - the UK regulator which is probably world famous by now for talking loudly and occasionally slapping someones wrist and saying "don't do it again". Whatever will Facebook do now.... probably nothing and the ICO will probably go - "we aren't terribly happy about this, make the privacy policy a bit clearer and a bit simpler, and the option for people to opt-out a bit more obvious and we'll say no more about it"

Oh..... and there was me thinking that pointing at a Muslim and screaming "terrorist!" just because they are a Muslim - might have had something to do with it.....

Slippery slope.....

It's amazing isn't it - we keep getting told that they need all these extra powers to identify potential terrorists - and then it comes out a bit later that the security services in various countries were already aware of the terrorists that were involved in whatever the attack was. Very few people though seem to question why they need more powers to identify terrorists if they can't even act to stop attacks when they have already identified the terrorists using the powers they already have..... This will be a slippery road we are heading down - if people keep saying "if it keeps me safe then I suppose it's OK" - then before long it will be security services killed a suspected terrorist who as it turns out had no links to terrorism whatsoever - and people will say "well... if it keeps me safe, I suppose we'll just have to live with the possibility that anyone could be killed for being a suspected terrorist - even if they aren't" and further down the line - the definition of terrorist will start to mutate much like now - where laws that are supposed to be to prevent terrorism are being used on people who aren't terrorists.

I do find this quite irritating, I use Chrome Remote Desktop frequently, and while Authy can probably be an extension and Secure Shell can probably be a PWA, I don't know if "open web technology" will allow Chrome Remote Desktop to run without any additional software. People keep telling me that Google will have their reasons - and I just keep thinking - yeah they told us when they removed the notification center that they would replace it with something more useful, and they didn't - so now apps and websites can send us push notifications which if we don't see them within 10 seconds then vanish into oblivion. Clearly this is so much more useful than having a central service which collects these notifications so that we can review them when it is convenient to do so.....

I wonder how they would have reacted had it been a leap year - Oh noes! an extra whole day!

"I grant you that in 5-10 years time most people will want 100Mbps. But what BT has done is incremental."

Yup, and when you start upgrading people it will take another 10-20 years. There are really only 2 ways forward for the next upgrade and they are FTTP which will cost a lot and FTTdP which potentially could be even more expensive unless they go down the overhead route.

With all the money we are now apparently saving by not paying EU membership - a couple of weeks worth of money could see FTTP to pretty much everyone. We still have this on-going issue where government services are moving to be digital first (or even only), and there are still people who just don't have access, and under the current FTTC everywhere plan - still won't have access when the plan has finished. FTTC has a distance limit, FTTP does not (though obviously it costs more). FTTC also has a major crosstalk issue that everyone likes to pretend isn't there and finally - there while it is not exactly widespread - the copper system suffers from REIN and for those that is affects - there is no legal or regulatory enforcement available to fix the issue.

Please note - Hangouts which is the multi party video conferencing system is NOT going anywhere. Hangouts On Air - is like normal Hangouts, but it is streamed live and an unlimited number of people can watch it - but cannot join in, the session is then saved to the connected YouTube account so it can be watched by people after it has ended. You have always been able to watch live streaming Hangouts via the YouTube site - more than likely because it has always used the YouTube live streaming infrastructure on the backend.

"Google's brand new OS could replace Android" well... nope - pretty certain like 150% certain that Google have not spent 6 years building a developer community, getting more and more involved with the the development community and generally addressing the complaints of the users (admittedly - not all of them) - to then go back to the drawing board and start from scratch. It's only a few weeks ago that the Android development team did an AMA - none of these things are the signs of a project that is about to be superseded by an entirely new OS. A Google OS for tablets and Desktops running Windows, yup - that I can easily see happening.

You would think that the BBC would of been in favour of Brexit - after all EU regulations prevent our modern TVs from emitting interference - like the sort that would be useful to people with a TV detector van.... I'm sure once we leave Europe the UK government will drop this regulation so our TVs can all emit a homing beacon for the BBC.

So.... even though the app couldn't be put into the App store by the banks until Apple vet the app, that will harm security - despite the fact Apple will be able to see every single part of the app and how it all goes together before granting it access to the app store and to end users' NFC hardware. Funny that - you would think that was exactly what the app approval process was intended for.

Just a FYI - "Verify Apps" ships as part of Google Play Services and should protect devices all the way back to Android 2.3 https://www.google.co.uk/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=verify+apps+android+2.3

You can't argue with a working proof of concept video.....

So, they can claim he is wrong as much as they want, the video is pretty conclusive proof - and makes you immediately question the decision to generate tokens as soon as app activity is started and NOT invalidate them within a short space of time. 24 hours!! Seriously! Why?! I can't be the only one who thinks 30 seconds is more than generous - after all it doesn't matter how long the actual transaction takes, once the token has been transmitted that should be it. That video is pretty scary stuff actually because removing the whole compiling process from the equation - as I'd imagine this would run on kit that dynamically replaced the hardcoded token in the code on each successful skim - this looks like stealing tokens from people would be ridiculously easy - especially with some of the long range modifications. You'd be surprised how many people open their payment app while standing in the queue - just to make sure it's working, doesn't crash, is using the correct card etc so everything should be straightforward at the point they are actually paying.

I regularly take time away from Facebook, pretty much 3 or so hours out of every few weeks is the only time I visit it now. But I'm not letting anyone take my Netflix or NowTV (though granted, this one is a bit more meh). Most importantly taking time away from Facebook does make me feel better. Facebook doesn't like me taking time away and starts out by sending me notifications that say thinks "This person just added a new photo" (no I didn't turn on notifications for everytime they post). As I continue to ignore notifications from Facebook, they get more aggressive - like "You have 52 missed notifications, 4 requests to play a game and have missed 18 Birthdays". On some days I can end up with as many as 10 notifications telling me about all the "amazing" stuff that I have missed.

It does however bring up a serious point, there is no doubt that being addicted to Social Networking is a real condition, as is the fear of missing out. Now I take time away because I find my levels of depression rise dramatically if I get sucked back in to spending days at a time on the site, so my will power to ignore the notifications is strong enough to resist being drawn in (and in fact the notifications have the opposite effect that Facebook are aiming for, they make me less likely to visit the site - they feel nagging, which makes me feel resentful to the site) - but people who suffer from fear of missing out will very easily get drawn back in with these notifications, which - while obviously not being exactly the same, does sort of seem a bit like giving a drug addict, copious amounts of their drug of choice for "free" when they are part way through rehab......

I've been arguing for the last few years - the chances are - we are beyond Nuclear weapons now. The next World War will be fought online. Because of our reliance on Technology - targeting the banking network and the communications networks will bring a civilised country to it's knees. If the ATMs don't work and the ePOS card readers don't work, you are left relying on physical cash - and I doubt I'm the only one who only has a small amount of physical cash handy, relying on the bit of plastic far more than perhaps I should. Largely as a civilised society we overlook all the technology that works - while it is working, we only notice how complicated and interconnected things are when they stop working. We don't care how the channel list on the Sky box stays up-to-date as long as it does, but if someone wanted to hack the Astra 2E/F/whatever-letter-it-has-now satellite to add a channel - or remove every channel except the propaganda channel, that's do-able. If someone wanted to instruct the Sky boxes to delete all recorded programmes - that's do-able. The chances are because a satellite is involved - moving the chances of an attack out of the range of more typical script kiddies - security is probably not the most sophisticated. The banking network obviously would be a more difficult target, but DDoS would probably be possible. I don't profess to know enough about the infrastructure of the mobile network(s) to understand how feasible an attack against the infrastructure is, but hypothetically speaking - I'd imagine it would be safe to assume that any system that is open to being managed remotely, is also possible to exploit.

It might all be hypothetical right now, it may even not be possible right now, but I think someone somewhere should note that eventually - it will happen, and it's probably a good time to think about how to defend an attack against the system.

In every case that I have encountered so far of failing to upgrade to Windows 10, it has been resolved by reformatting and starting from scratch. If they had just allowed you to enter your existing product key into their website and activate it for Windows 10, so you could then do a fresh from scratch Windows 10 install it would have been great, but no in one case I had to go through the painful process of Windows Vista install and upgrade to Windows 7 and upgrade to Windows 10.

As I have read elsewhere, what would there be to stop BT from simply doing the installs via BT Retail and investing next to nothing in Openreach until it dies on its own?

Urging him to commit suicide by text message was one thing but "I was the one on the phone with him and he got out of the car because it was working and I fucken [sic] told him to get back in." being aware that he got out of the car because it was working - and therefore wished to seek help, for her to then convince him to get back into the car and carry on killing himself - that is a whole new level of wrong. Further it suggests that she was indeed on the phone with him the entire time he was killing himself - and if nothing else - it makes you wonder about the state of her own mental health, normal well adjusted people would find it difficult, if not impossible to stay on the phone with someone who you knew was ending their own life.