Re: FIDO2
Maybe I'm being naive here, but I'd have expected the token to have some kind of protection (such as a PIN code or fingerprint reader).
Posts by Swedish Chef
56 publicly visible posts • joined 2 Dec 2009
T-Mobile US CSO: Spies jumped from one telco to another in a way 'I've not seen in my career'
Thursday 5th December 2024 08:32 GMT
Re: Is it just me ....
I completely agree with you because I'm familiar with the situation and see the contradictions you mention.
However, were I to base my opinion more on ideology than technical knowledge, I could absolutely see myself thinking that there are no circumstances that can't be changed by a new law or two.
Thursday 5th December 2024 08:28 GMT
It could be even worse
If you control the mobile network, there's an awful lot of things you can do with the SIM card and radio module of all connected phones. Considering especially the radio module's virtually unrestricted hardware access (including the ability to use the microphone behind the OS's back whenever it wants), are there any assurances that this has _not_ happened?
Even if you've booted the aggressors off your servers, what about cloned SIM cards, encryption keys etc.?
Infosys scores deal to write code for EV-maker Polestar
Tuesday 1st October 2024 11:00 GMT
Well, it was fun while it lasted.
Been a mostly very happy PS2 driver for a bit more than a year now. The car looks good (at least that's what I think), build quality is very good and it's an absolute joy to drive.
The only real downside are the software problems. Since the last update I've had to force-restart the infotainment system at least once every other week. (Note that many basic car functions, such as ventilation/heating/AC, audio feedback etc. fail when the infotainment system falls over.)
Android Auto (connecting my Android phone to the car, as opposed to Android Automotive, the OS that the car runs) is missing entirely.
For two weeks I've been unable to update the buggy Deezer app or use other nice-to-have features until I've supplied Google with a copy of my passport for 'age verification' purposes.
And now Infosys.
I suppose once the lease runs out next year I'll be shopping around for another car.
Not that this is a fault of EVs per se, mind you. ICE cars get the exact same crappy infotainment.
Recall the Recall recall? Microsoft thinks it can make that Windows feature palatable
Tuesday 1st October 2024 09:59 GMT
"Recall is always opt-in"
It's probably only because I'm just too much of a cynical bastard that this conjures images of a fullscreen 'user choice' screen every time you boot, with a giant "YES ENABLE RECALL" button in the centre and a 5px text link "No, but ask me again next time" in the lower left corner.
And there definitely won't be an unfortunate bug that causes the 'no' link to have a text colour identical to the background and be placed in a random position.
Missing scissors cause 36 flight cancellations in Japan
Tuesday 20th August 2024 06:56 GMT
Re: Meanwhile in Zürich...
Swiss here. Last Time I checked (April), they still carried them.
It's a security thing, obviously. You're not allowed to bring your personal tool knife that you carry with you all day. You're only allowed to buy the same model in the duty-free section airside, because terrorists may be less likely to spend that much money on the exact same weapon that they had to put in checked baggage half an hour earlier, or something? I'm not sure where I'm going with this. But there's probably a good reason for it.
British Airways blames T5 luggage chaos on fault 'outside of our control'
Thursday 27th June 2024 08:04 GMT
Re: For once, BA is right
Not sure about how this went down, but I presume that the individual airlines are to some degree responsible for telling the handling system which bags should go where.
The barcode on the bag tag contains the type of luggage (normal, offline, rush), the airline and a serial number. So if the automated system only has that barcode (making an assumption here), it'd only know that this is suitcase number 123456 travelling with BA as regular luggage, and BA would still need to tell it where that bag is supposed to be going.
Even if the system could read the destination airport code printed on the tag, there may still be several ways for the suitcase to get there, and you couldn't just send everything to the next plane leaving in that direction. Imagine a 737 receiving all the luggage for itself and an A380. The only thing the system could do is direct everything with its own airport code to manual processing.
So I suspect the airline is expected to provide the baggage handling system with a list along the lines of "this bag goes on belt 9, this bag goes on flight BA1234" etc. That list would have to come from BA. Or where did I go wrong?
Miscreants claim they've snatched 560M people's info from Ticketmaster
Thursday 30th May 2024 18:26 GMT
Mandatory password reset
I just tried to log into my account and got asked to reset my password. Is this really something they do regularly as they claim?
> It’s Time to Update Your Password
> To keep your account safe and secure, we periodically ask fans to reset their password, preferably to a new password that you haven’t already used with this account. Let’s Reset Password
Either way, my supply of sympathy in this particular case appears to be very limited for some reason.
Blue screen of death or Eurovision's Windows95man performance – what's less annoying?
Lost your luggage? That's nothing – we just lost your whole flight!
Apple pairs well with profits, not repair shops
Thursday 21st September 2023 07:02 GMT
Re: Umm, tiny omission here.
If all they wanted to do is prevent phone theft for parts, Apple could just have extended the existing iCloud locking mechanism to a phone's individual parts.
iPhone with a new display from a locked phone (or better even, a phone reported as stolen) refuses to work.
iPhone with a new display from an UNlocked phone does some calibration thinggy and then works normally.
Takes one request to Apple's servers for the iPhone to know what it should do with its new donour organ. It could even display a prominent message along the lines of "this phone contains stolen replacement parts", which would be a way better deterrent to thieves than "TrueTone doesn't work, which you might or might not notice".
I'm aware there are some excuses about how Battery Health can't work without the battery's history stored in the donour phone, or TrueTone needs to be calibrated properly, but I call BS on all of them. All of those donour spare parts already have a chip on them that could/should have stored all relevant information ready for the new device to query.
Microsoft pushes users to the Edge in Outlook, Teams
Tuesday 2nd May 2023 08:21 GMT
Re: Eu investigation in 3...2...1...
Oh, I think they've learned. They've learned that inbetween two anti-trust injunctions, they can pretty much do whatever they want.
The investigation won't help much if it only concludes once the damage has been done. MS will pay a fine that's well worth it to them and change absolutely nothing.
Unless the fines start being so eye-wateringly steep that a conviction will have the shareholders howling and demanding the entire board's heads on spikes, nothing much will change.
When civilisation ends, a Xenix box will be running a long-forgotten job somewhere
Tuesday 30th November 2021 13:58 GMT
Re: The secret to a long life
Solaris had an interesting bug for many years. Most telnet clients support a command such as "telnet -l username" to supply the telnet daemon with a user name. The Solaris telnet daemon forwarded that argument to the login process unchecked. As a result, you could get root on any Solaris box by typing "telnet -l '-f root'" on the client, which on the server side would spawn a process "/bin/login -f root", which logged you in as root without any further checks.
Oh the fun we had when we were students.
Apple says it will no longer punish those daring to repair their iPhone 13 screens
Wednesday 10th November 2021 07:23 GMT
Re: Cf. Renault
I think Opel (pre-PSA) had a pretty good solution.
All expensive components in a car were "married" to each other and would not work outside that particular car.
As long as they were inside the car (and the car saw a valid car key), you could quite easily "divorce" them and then "marry" them to another car. Meaning that it was reasonably easy to sell/use your own car for spare parts, but thieves has to either steal your car keys (at which point it's pretty much game over anyway) or go through an authorised Opel dealer.
Apple could easily do something similar hidden behind a secret service menu or something.
Google OS, phone home: Leaked Android 12 screenshots suggest new design, privacy features
Tuesday 9th February 2021 22:23 GMT
Re: Location
> and, better still, feed them bogus data so they don't break
FWIW, Oppo phones offer this to some degree. You can set apps to be served an empty phone book, call log, message (SMS) list and "events" (whatever that last one does is unclear - suppress system broadcasts?). Not much but a start. If you know where to look, you can also manage some of the more obscure app permissions, such as an app gathering info on other installed apps. At the very least it's a step in the right direction.
There are also some Xposed-based solutions for rooted phones, but stability-wise they all seem to be perpetually stuck in alpha.
I still miss the original LBE Privacy Guard. I've never seen anything even remotely as powerful.
Why is the printer spouting nonsense... and who on earth tried to wire this plug?
Friday 13th December 2019 12:10 GMT
PE
PE is also technically identical to neutral, though (in modern installations) for safety reasons has its own wire. E.g. an RCD needs to be able to distinguish between neutral and PE - there's no current supposed to go through PE at any time, while the current through L and N should be identical. If it's not, something's wrong.
In older TN-C installations, PE was just connected to N at the socket - at least in continental Europe; not sure about the UK. This had the interesting side effect of electrifying anybody who touched a device connected to that socket when there was a problem with the neutral line and the device was switched on.
Friday 13th December 2019 11:57 GMT
Live and neutral
As far as the electrons travelling through the wires are concerned, there's no real difference between the two wires.
In real life, one of those is connected to the ground and called 'neutral'. As long as you've got your feet on the ground (or thereabout), you're indirectly connected to it. That's why touching the other ('live') wire hurts - you're now connected to both.
Technically it would be safe to touch the 'live' wire while in free fall or otherwise disconnected from the 'neutral' wire. You still shouldn't try it though.
(This would be the same with DC, only you'd need to consider polarity instead of the phase.)
Friday 13th December 2019 08:55 GMT
Depends on the wiring
In a (relatively) modern TN-S system (separate neutral and PE), switching or connecting neutral and PE would immediately trip a breaker because of the current mismatch in line and neutral.
Whether the fuse would blow depends on the kind of fault.
I reckon the faulty printer in the story was connected to a TT system, which would have been common around that time. Switching neutral and PE can have quite funky effects on the voltage there, not to mention bugging the worms and moles.
OPPO's Reno 2, aka 'Baby Shark', joins the deepening pool of high-spec midranger mobes
Friday 8th November 2019 08:23 GMT
Bought it a week ago...
I've bought the Reno2 some 8 days ago to replace my aging OnePlus 3T.
So far I'm very happy with it. It's posh, snappy and generally a pleasure to use.
It supports the latest iteration of VOOC (what OnePlus used to call Dash Charge). AFAICT the chargers are totally interchangeable between the phones, though Oppo's (newer) charger promises 20W of oomph instead of just 15W.
It also came with a screen protector pre-applied, which is a very good thing, and a really ugly case which I'm not using.
The selfie camera (I've heard it called 'shark fin' but will henceforth refer to it as 'pizza slice') works very well so far. I don't use it often though so don't mind the slight delay. The mechanism seems sturdy enough.
The pizza slice also looks much nicer than OnePlus's rectangular periscope thingy.
Pros:
* The camera is very good (though I might be biased as the 3T's camera is not much to write home about). I'm very impressed by its night mode.
* The on-screen fingerprint reader works very well and looks good, too.
* ColorOS is generally a nice thing. Coming from OnePlus's OxygenOS (which I love) it's not all that different. The notifications are a bit too iPhone-y for my tastes... and dragging a finger down on the start screen will bring up a search window instead of pulling down the notification area. The latter would be lovely for one-handed use on such a big screen.
* Built-in privacy tools. You can set data-grabbing apps to see an empty phonebook, an empty calendar etc. Unfortunately this does not work with system apps.
* Autostart can be disabled on a per-app basis.
* Secure environment for banking apps. Not sure how secure it really is, but at least the phone tells you that the app gets some extra protection.
* Protected apps that require an extra PIN (or fingerprint) to access. You can also hide the app icon, so that the app is only available by dialling a user-configurable phone number. I'm using this for my banking apps and the bloatware that can't be uninstalled, see below.
* The battery lasts forever.
Cons:
* There is some bloatware. Most can be uninstalled, though a couple apps remain.
* Most Google apps, especially Chrome and Maps, can neither be uninstalled nor disabled. I hate both. With the Reno2's very good privacy helpers, this would be the one reason for me to root the phone. Workaround: remove all app permissions, make them 'protected apps' (see above) and hide the icons.
* There's an app Called Phone Manager which is supposed to keep your phone in good shape. While this is a good idea in theory, in its current iteration it does this by repeatedly asking you to disable all background app and asking you to delete basically everything on the phone, including data you're still actively using. It also won't take no for an answer and keep bugging you on a daily basis. I ended up disabling the notifications altogether.
We're free in 3... 2... 1! Amazon unhooks its last Oracle database, nothing breaks and life goes on
You rang? Windows 10 gets ever cosier with Android, unleashes Calls on Insiders
Sony tells hacked gamer to pay for crooks' abuse of PlayStation account
Thursday 2nd April 2015 09:53 GMT
Can't say I'm very sympathetic.
Unless it was somehow Sony's fault that an unauthorised third party got hold of the account, I don't see why they should be held responsible for the consequences. How can we ever expect people to stop giving out their passwords and credit card data to each and every phishing site if they never have to face the consequences of their actions?
I still think Sony are evil. I just don't think *everything* bad happening in this world is their fault.
Stop skiving: Computers can SEE THROUGH your FAKE PAIN
Privacy warriors lob sueball at Facebook buyout of WhatsApp
Friday 7th March 2014 14:17 GMT
"...and privacy policies would not change."
Looking forward to the next shareholder party.
"Yes, I spent 19 billion of your money on WhatsApp. That's $45 per phonebook for data that we're not going to use."
It's like an 80's rock star saying he bought that suitcase of cocaine just to look at it.
El Reg BuzzFelch: 10 Electrical Connectors You CAN'T LIVE WITHOUT!
Right royal rumpus over remote-control 'RoboRoach'
Gov.uk named THE BEST THING Britain has made all year
Littlest pirate’s Winnie-the-Pooh laptop on the way home
Tuesday 4th December 2012 08:18 GMT 
What bothers me the most...
What's the age of criminal responsibility in Finland anyway... IOW, how can you legally do this to a ten-year-old?
I mean, she didn't even succeed in downloading anything, and dad bought the song for her the day after, so clearly no damage has been done, thus there's no need for compensation. And criminal charges... pleease. She's a child FFS!
NASA: THE TRUTH about the END OF THE WORLD on 21 Dec
Android users: More of them than fanbois, but they don't use the web
LOHAN slips BRA over BOOBIES in ballocket backronym buffoonery
Snake-fondling blonde nude punts Polish coffins
Apple faces Italian shutdown over warranty skulduggery
Ikea to integrate TV, Blu-ray, sound system into sideboard
iPhone photo-slurping loophole sparks app privacy fears
Thursday 1st March 2012 08:29 GMT
+++ath0 seems to have a point...
/mnt/sdcard and all its subdirectories on my Galaxy Nexus look like this -->
drwxrwxr-x root sdcard_rw 2012-02-21 sdcard
That means everybody can read stuff, but only apps belonging to the group sdcard_rw can write stuff.
That would also explain why the image viewer works, and why the corresponding Android permission says "change/delete" and not "read/change/delete".
So Android isn't lying to you, but you might still get the wrong impression. Hmmm. I for one always (wrongly) assumed that apps also need that permission to *read* the SD card.
A chmod doesn't work, looks like the 0775 is hardcoded into the FS driver. I wonder if there's any way to keep untrusted apps away from my files?
Facebook denies poaching your text messages on Android
Tuesday 28th February 2012 17:05 GMT
Selective removal of permissions
If you're not afraid of rooting your phone, there are two excellent third-party solutions to this problem.
The first one is to install CyanogenMod. Then when you go to Settings --> Apps --> Manage Apps (or wherever you can view an app's details), at the bottom of the screen where the app's permissions are listed, tapping on any permission will toggle it. This is what Google should have added to Android in the first place.
Downside: this requires a factory reset.
A more elegant solution is LBE Privacy Guard, a simple app that requires root privileges but can otherwise be installed just like any other app on top of your existing system. Its permission management is not that fine-grained, but it has one huge advantage over CM - instead of actually giving the app a slap on the wrist when it attempts to use a permission that has been revoked, it'll intercept the API call and feed it false information.
I've used both solutions (separately) for some time and prefer LBE Privacy Guard because it's more elegant: ...
An app that wants to use a revoked privilege on CM will get an "access denied" message. Some apps aren't designed to cope with this and will crash.
An app guarded by LBE PG on the other hand will simply see an empty phone book, an empty message list, a phone serial number consisting of all zeroes, etc. depending on the permissions you've revoked. It's tricked into believing it still has the revoked privilege but there's simply no data worth looting.
In addition to granting and revoking permissions, LBE PG can also be set to ask or alert you each time an app wants to use a certain privilege.
Paris, because she's been rooted countless times.
Tesla 300-mile e-car UK debut set for 2013
Web scam-busting trio thwarted by mystery DDoS rocket
Thursday 15th December 2011 20:24 GMT 
Stupid, stupid scammer
DDoS'ing *three* websites chock-full of people whose favourite pastime is taking out scammers? That's a bit like getting stung by a hornet and kicking the nest in revenge. It may have seemed like a smart idea at the time, but I'd be surprised if that guy could open any new fake Amazon website in the foreseeable future without half a dozen experienced site killers falling over each other to shut it down the moment it's online.
Have a pint or two on me, baiters and warners. You volunteer your time and money for a very noble cause.
Malicious apps infiltrate Google's Android Market
Tuesday 13th December 2011 10:40 GMT
Already available unofficially
CyanogenMod 7 lets you modify the permissions of installed apps. Just tap on a permission in the list to grant or revoke it.
If you don't want to re-flash your phone, there's an app called LBE Privacy Guard that offers the same functionality but will also let you set it up so it asks you for permission every time it detects a potentially unwanted action. This works really well. Requires a rooted phone though.
Boffins one step closer to Terminator vision
Android upgraded to be more resistant to hack attacks
Tuesday 25th October 2011 09:30 GMT
App permissions management
If your phone happens to be rooted, try LBE Privacy Guard. It runs in the background and lets you set permissions to grant/deny/prompt on a per-app basis. It also notifies you every time an untrusted app wants to use a permission you've blocked. I've been using it for 4 months and am very happy with it - no app crashes due to withdrawn permissions so far, and it allows me to install some useful apps that request a rather questionable set of permissions.
Paris, just because.
Should your system offer Mr, Ms ... and Mx?
BOFH: Axe handles - occasionally quite slippery
Dell's faulty PC legal woes worsen (again)
Monday 11th July 2011 09:51 GMT
Class-action suits
"But I also believe that it makes no sense to bring a class-action suit when the aggrieved parties know in advance that the bulk of any damages awarded (if any) will go to the trial lawyers"
I hope they get sh*tloads of cash from Dell. It's not like I'm a huge fan of lawyers, but to the beancounters at Dell the pain level is the same whether their money ends up in their customers' pockets or at some lawyer's Porsche dealer. If nothing else it might at least serve as a deterrent to other companies that think about saving money by selling dodgy kit.
Biting the hand that feeds IT
