Posts by TonyHoyle

Re: i've chipped in

It's not emulation.. it's a real spectrum designed by Rick Dickinson, the designer of the original Spectrum.

You can plug spectrum hardware in there, like an interface 1, and it'll work.

If an FPGA is defined as emulation, then the original spectrum was one too as it had a ULA at its heart (and the +2, +3 various different gate arrays). The only difference is the modern chips are programmable.

Re: And what about the people ...

The government is setting up a separate system for those without smartphones - NHS 119 - although how calling a number is going to manage contact tracing I've no idea.. but I guess calling it if you have symptoms allows them to track the spread.

I used to volunteer for a festival. The noise complaints would start coming in during the build week, before there was anything on site capable of making said noise.

Re: I must be an edge case

An amusing thought is if they require login to decrypt the user directory then systemd user services are fubar.. and they're even semi useful for some things. So lennart is breaking his own stuff.

56k Dialup can now be sold as fibre broadband, So can my mobile phone contract.

It's hard to get any kind of connectivity without fibre being involved somewhere.

Re: Thanks Harry

Funny thing about that is scaled up it's basically how the EU presidency works..

We were in line to be the 'executive officer of the week' but decided to brexit instead :p

Re: Oops

I tend to find companies with that mindset are complete shitshows.. they waste more money trying to be cheap than they ever save.

Then they go bust when all their cheap stuff breaks, and they're surprised.

So either:

The third party suppliers, large enough to supply a company the size of O2 with significant infrastructure, doesn't roll out new updates to a test network first and doesn't have a rollback procedure in the case of emergency, in which case O2 picked an incompetent supplier.

Or O2 doesn't have the above (and they should, even if the supplier already does it.. you never trust new builds until you've validated them internally), and they're incompetent.

It's a better programming language overall. Developed by Jetbrains who know what programmers want out of a language (they also developed the IDE for it). It supports multiple programming styles & the community has built up around it like that.. for example if you're into functional programming, go for it, if you prefer OO, that's fine too.

OTOH it provides you with more than enough tools to shoot yourself in the foot with both barrels, reload then fire again. Which I predict plenty of people will do once it gets more popular.

Re: Local Expertise

Nominet simply don't list the address any more, just a statement that the address that they have on file is accurate.

This is all that's needed. GDPR allows sharing data for legal purposes so there's no loss to law enforcement, just spammers/domain harvesters.

Interestingly the RIPE database still contains this information, the argument I think being that the contacts for network blocks tend to be engineers in charge of them not individuals (plus they've implemented a right to have the data removed).

It's clear from the information shown so far that these IOT locks aren't compatible at all with multipoint lock systems. Which means to install one you'd basically have to replace the door - to get worse security.

Re: Nest's smartphone app really is the best

You'd be surprised - the alarm I ripped out when it broke is still a current model, was 3 years old when I disposed of it.

Not an IC on it.. all transistor based, so it was about 5 times the size it should be about 12" by 8".. I doubt the design has changed since the 1980s.

Replaced with an ESP8266 that does the same job in a 1.5 inch square piece of silicon (and gives me wireless status as well plus remote arming if I'm in wifi range).

Re: here's a vendor which is not vulnerable to either attack

It does that by not supporting speculative branching at all.

So it's merely too crap to run spectre..

Re: List of CPUs affected?

Presently it's assumed to be all intel CPUs, with newer ones (<2 years) having extra instructions that drop the hit on benchmarks to 'only' 30%.

Windows 7 is on extended support, so should get a patch, but that's up to microsoft.

Re: Diameter

Technically it wasn't designed 'these days'. Diameter (RFC3588) dates from 2003. Which probably makes it dangerously modern by telco standards..

Strap a couple of SRBs to the corolla and point it directly upwards. It'll easily get to 1000mph then shortly do the same journey in reverse.

Re: What could possibly go wrong?

The much simpler solution of a box with a lock for which the amazon bloke has the key (or combination) doesn't seem to have been considered.

But that wouldn't net amazon 250 quid plus 20 quid a month subscription fees.

Yes you can theoretically mitigate it on the AP - it effectively turns into a DoS on the client, which is in many cases preferable to leaking information.

Aruba are the first I've heard to actually implement this if so (Unifi only fixed client mode).

Well considering one was the CFO and one was the 'president of U.S. information solutions' the idea that neither of them knew of a significant data breach days after it happened is farcical.

Re: Can't even be arsed to use an Equifax cert?

Also they failed to defensively register

equifaxsecurity.com

equifax2017.com

equifaxsecurity2107.com

equifaxsecurity2018.com

etc.

As a result they've all been registered by a mixture of people having fun and miscreants stealing data.

They're probably hardened against that, being $800 locks.

It's like being able to open padlocks with bits of beercan or pick locks in about 10 seconds flat (I've seen an electric lockpick in action.. 10 seconds is an outlier - it's probably quicker than using the key..). A *lot* of locks are just security theatre, but most burglars don't know that, and of those that do, they'll go after the easy ones rather than the hard ones, so all you have to do is make sure you don't get your lock from the bargain bin like your neighbour did and you're probably safe

I'm not sure their reservation system actually does anything.

For various reasons I needed an extra hard drive caddy.. could have got it next day from amazon but this couldn't wait, so I did a 'reserve' on the PC World website and set off up there... so arrived maybe half an hour later. It's a £10 fairly common item.. should be easy, right?

They had the reservation on their system, sure, but it took the staff completely by surprise that anyone would actually want to pick one up - it took multiple staff hunting around the back of the store.. I was stood at the till for another half an hour before they turned up with the caddy. I would have walked out, but needed the damned thing.

In my head a reservation would mean that a little thing would pop up and a minion would go to the right place in the stock room (catalogued.. if your'e searching for stock you're doing it wrong) and put it behind the till.. 2-3 minutes tops. That's clearly not what happens..

Re: Speed

It also says a lot about how much verification was going on with the magstripes ie. none.

The longest I've had to wait was 30 seconds which is generally small shops with handheld cheap readers. In larger stores it's so fast I've got the notification the money has gone from my account before the receipt printer has finished printing.. it's sub-second.

Re: IPv6 is fundamentally broken

That would be ipv6 then.

Although cripping the network using NAT would be just cutting your hand off to spite your face, given that address randomisation means you're not trackable anyway.

Re: Free?

The electricity companies are refusing to install smart meters in houses with solar PV stating that smart meters can't work with them, so whatever the standards might say the companies that have to actually implement this stuff say they don't work.

Re: VPN?

It's not harder at all - You'd block the /64, since the bottom 64 bits refer to a local network and can change fairly easily (/48 possibly if you want to block an entire site owner).

Definately not out of the door.. I can't see anything but a press release hawking features.

Re: What about the other browsers?

They probably will, if these allegations are proven.

The problem is bank's ludicrously bad 'fraud detection' requires you to answer the phone otherwise they block all your cards because you apparently buying the same things you do every month is somehow suspicious.

You get a call from mumbai from someone with an accent so thick you can barely work out who they're from, demanding private information for 'security' and if you fail to answer correctly good luck spending any money for a whille.

It's a real concern. Banks should be hauled over the coals for it, as it not only encourages - even requires - behaviour that makes you vulnerable to fraud, they don't offer any alternatives - A simple text saying 'call the number on the back of your card' would suffice, but nope..

Why would it become a route for any network traffic? The OS shouldn't be changing its default route on a whim because something answered ping faster (maybe windows does, but I'm sure even MS aren't that stupid, surely?).

Re: A Stalker's Dream

Yeah I don't really know how you enforce WAN access only... The windows device has the password. This must be reversible to work, so it's only a matter of time (hours, days) before you can download a tool that tells you the password which bypasses the restriction.

Also, how do you restrict.. I can't see it being particularly troublesome to bypass that. Once you're on the network you have access to that network - simple software blocks (under the control of the attacker, no less) simply won't work. You could simply dump all the now unencrypted traffic straight off the wifi interface & get loads of information.