Posts by simmondp

Guess its being going on at least three days

Delivery expected via Yodel, not made it out of Reading yet!

18 Jun 2022, 4:14am, Arrived At Depot, READING SERVICE CENTRE

Can't get my phone to work in the US

I have DoH enabled on my phone - works fine in the UK and Europe, but in the US nothing works until I disable it!

Novel? - Some 8 years late!!!

https://nymi.com

<quote> Nymi was founded in 2011 in Toronto, Canada, based on research conducted at the University of Toronto. The research was focused on the electrocardiogram (ECG) and its unique properties. The ECG is different for each individual, and our founding team worked to use the heartbeat as a biometric identifier for authentication.</quote>

Backup plan??

I happened to walk into Asda during the Visa chaos, only to be told "it's cash only" - gone of the days of getting out a manual card-swipe machine.

The reality is that the tech is so complex and interdependent - there is no plan-B when it all goes wrong.

TFTP is better

If you need to FTP files, then TFTP is much better!

At least then you know and are aware that there is no security and no user-name/password and thus (hopefully) need to put a security wrapper around anything you transfer.

So for example: and AES-256 Password encoded ZIP file - sent over TFTP.

Where is ChromeOS in the list?

Four years ago, as an experiment, I paid £175 for a Chromebook to see if I could use it as alternative to my Windows laptop for travel, this means a full day in London without a charger etc.

After four years there have been about 5 occasions where I've needed to use "real" MS Office (presenting embedded video in a PPT) other than that it works fine and has travelled all over the world with me.

It has the added advantage that getting internet connectivity on the move is a simple case of simply plugging my Android (4G+ Internet - often better than my home fibre broadband) into it and it simply works.

Thus I've just upgraded to a new Chromebook ultra slim, with full HD screen, metal case, 11 hrs on a charge AND it supports android apps, thus MS Office 365.

Cost of this new beast £220.....

Can't see myself ever needing to lug my Windows laptop again!

Lets understand how the (RSA) world works

Unless you are "famous" and you are invited (paid) to do the closing keynote, all the major keynotes are from sponsoring companies that put up MAJOR $$$$$$$$$$$ to get a keynote - the more money the higher up the keynote tree you get (opening keynotes on day one being the most expensive I guess).

So, don't blame RSA if those companies, populated my MALE CEO's and very senior executives put up a male for the keynote - by all means blame those companies for their lack of diversity at senior levels.

But do blame RSA for a culture of pursuing only money, and not actually (outside of the cryptographers panel) having keynotes from interesting leaders in their field [Male of Female] high in the keynote agenda.

Don't think I've been to a keynote session since the "Microsoft - "we've got security religion" back in early 2000's as basically they are all just corporate hype. (and it's mind numbingly boring to sit through them to accidentally stumble on the one that is not).

It's an OS not an Ecosystem

Microsoft just don't get it......

What people want is a stable, secure OS on which they can run their business applications, or in the case of Joe Home User; a Word Processor and a Browser.

However MS continue to think that people want an entire ecosystem of apps and other cr*p.

Unfortunately for MS (and fortunately for the rest of us) the world has moved on, those who still need a desktop for full-fat applications buy Windows; if you can afford it Apple, and the rest use either a Chromebook or a portable device of some description.

Speak to the kids, very few now have desktop devices in need of an OS like windows that is the centre of their life!

Farewell Maplin?

As a customer from (almost day 1) circa 1973, they used to be great; as they were the cheapest place to buy electronics with a wide stock. Unfortunately, most of what they now sell can be brought cheaper elsewhere and the electronics are just a sideline.

I fear this will be another "Woolworths" we loved the brand, mourned it passing, but when you thought about it you cannot remember the last time you brought anything "serious" from there or though of it as your first choice destination to buy any particular product.

Please send all those who oppose the Licence Fee to spend a month in the USA - the TV is unwatchable due to the adverts.

Even if you do not watch that much BBC output remember all other commercial broadcasters have to compete with the BBC for quality of output and not overloading it's viewers with adverts. In the US there is nothing on (linear) TV to compare against.

And while we are at it, please remind me why to view Sky I have to pay an exorbitant fee AND put up with adverts?

First rule of buying technology

#1 If you can buy it, it's obsolete

Chromebooks are great!

Brought a Chromebook four years ago as a £200 "throwaway" experiment - over those 4 years I've hardly ever needed a windows laptop when out and about.

Now, just replaced it with a new HD Chromebook - and it supports Android Apps as well - so now Office 365 and Skype as well as Gmail and G-Calendar.

Add to that the "use for a whole day" without need to lug a power supply, and the "instant start".

I think I can finally retire the ageing backup windows laptop.

Should you really care.

Irrespective of how serious this flaw *actually* is.....

Back in 2006 the Jericho Forum explained that the world was going de-perimiterised - and that you should rely on encrypted protocols NOT encrypted networks (you may want restrict network access for QoS purposes - not security).

See: https://collaboration.opengroup.org/jericho/Protocols_v1.0.pdf

If you are not concerned with QoS then follow the guidance of OpenWireless.org and run a fully open wireless network (it's a neighbourly thing to do) with the SSID of openwireless.org - just ensure that your traffic using the network uses only secure protocols.

System Image Backup (SIB)

Actually, the System Image Backup (SIB) is what we should be panicking about - this simple programme, run monthly, has got me out of trouble more than once. If we remove it from "standard" (and no extra cost) windows how many people will never ever run a backup.

Holiday Snaps

The US law is plain daft, by this interpretation if I go on holiday and hand my camera to a random passer-by to take our photo, posing in front of a landmark (as many millions of people do); then legally that random person holds the copyright to the photo.....

As opposed to the UK interpretation, my camera, I set up the pose and set the camera up, and give it to a fellow tourist to push the button - my copyright.

Much more sane and sensible - and no monkey business!

Wire

Look at Wire, simple, by some of the original Skype people, works with a phone app but ALSO WITH any modern browser (including a Chromebook) using WebRTC.

Business School 101

Business School 101; never outsource anything which is critical to your business. Outsource that which is not critical and gives you no competitive advantage (for example; payroll & HR systems).

Seems BA seem to have forgotten the essentials.......

Any CEO who signed off on such a deal, irrespective of whether it was the root cause, should be falling on their sword.

Any CEO who does not understand the criticality of the IT systems (and it may be negligible) in their business should not be in the job.

Batteries?

Surely this is counter to the safetly instruction that Li-On batteries mus be carried in hand luggage AND NOT stowed in the hold??

Telnet

"Until fixes are available, Cisco says Telnet should be disabled in favour of SSH."

What do people not understand about Telnet - username and password and all data sent in clear over the wire....

Telnet should ALWAYS be disabled in favour of SSH......

We were preaching this way back 15 years ago. (Jericho Forum Commandment #4)

Assumes a "benign western society"

"Any of us can be compelled – in appropriate circumstances"

Action have consequences - if you decide not to tell (or decrypt) then based on the law of the land (or lack of it) you face the legal consequences - in a benign western society, that is jail for contempt of court.

Lots of examples of journalists who have done just that.

The problem comes when the society is not benign, then our problems are bigger anyway.

However the solution is NOT backdooring the encryption....

Sounds like wishful thinking

Privacy Shield in an interesting device to protects everyones modesty, I don't think anyone really believes it makes a blind bit of difference.

TLA not defined

RAN = Radio Access Network (I think) which I presume is the street hardware and back-haul wires?

US thinking olny permitted!

"may be awarded only to individuals and teams of individuals who are citizens or permanent residents of the United States"

When are they going to learn?

If you learnt nothing from the first four breaches it is "be open with your customers and tell them early" unfortunately the advice is still "if you have a connectivity problem simply reset your router".

http://help2.talktalk.co.uk/dsl3780-router-connectivity-issues

As before, no proactive advice whatsoever - Yes I'm a customer - no I have not received any proactive communication.

Dido, your customers are reading about the severity in the papers and on the BBC, an email - if only to say "you do not have an affected router" would not go amiss. for those with affected routers then what you are actually doing.

The usual "credit card" string

Every vendor in the spaces used Credit Card strings and they are really simple and unique format, and thus easily defined.

The trick is finding all that "other stuff", so every time with catch someone doing something bad then in retrospect we write another string search......

Else you let your IT and/or security team go trawling for anything suspicious. [and that's so good for employee moral].

Sheep of the world unite.......

Apple playing catch up with a set of "me too" features that can already be found at half the price, and nothing that is leading edge, and at substantial premuim.

Still it's got an Apple logo on the back; Baaaaaa.............

If you don't learn from history, you are doomed to repeat it.

"If privacy is outlawed, only outlaws will have privacy" [the original quote] often bastardised as "If encryption is outlawed, only outlaws will have encryption".

https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html

Advice from the 1990's

So, let's all assume a 1990's architecture where only corporates have networks and only use desktop computers with a hard perimeter!

Let's ignore that fact that since 2003 the Jericho Forum have highlighted the issues of the de-perimeterised network. Microsoft would do well to actually read the Jericho Forum commandments! https://www.opengroup.org/jericho/commandments_v1.2.pdf

Why? - Let's have some critical journalism

This is a vendor produced survey - so surely a little more of the scepticism the Register is famous for?

Last time I looked Gmail, Amazon, Sykpe, What'sApp all used HPPS and/or were Encrypted protocols.

So what is actually the problem?

And why do I need a VPN? Other than a vendor is trying to flog me one?

WinZip

Paid the "lifetime subscription" fee and guess what - upgrades now cost.

Please review the things that differenciate....

Does it;

* Have NFC?

* Have wireless charging?

* Support all the UK 4G Bands?

* Is is 4G or 4G+ (LTE-A or 4.5G)?

* Does is have a full range of sensors?

* Can it take Photosphere pictures?

* Removable media (plus max ROM & RAM) [yes, this was covered]

* Dual-SIM [yes, this was covered]

Because I agree with the above comments; Camera/Screen etc. Yawn.... Battery maybe, but lets review "flagship" phones against the flagship features.

No joy for O2 users

Seems like no Band 20, so you are stuffed if you want 4G on O2

Therein lies ruin

The trick is to understand how to align business strategy to security architecture. Unfortunately having a rough idea and using goggle means you end up with a firewall and some boxes that often inhibit the business and security is thus seen as "the boys that say NO"

I'm sorry Trevor; "Proper information security requires defence in depth: layers of technologies, techniques, best practices and incident response woven together into the tapestry of everyday operations" may be correct for some businesses - but for most this approach is old-hat, and means kludging their architectures to take advantage of BYOD, Cloud, IoT and other such technologies that gives them strategic advantage.

The most agile companies are 100% cloud, using Chromebooks and BYOD; where is your need for firewalls, layers of technology etc.?? Then actually you need a CISO that understand Cloud Identity and entitlement, not layers defence.

But then you get what you pay for......

Competition: SE Stands for.....

My submissions would be:

"Still Expensive"

March with your wallet - buy only open formats

This is a great example of why you should ONLY use open formats. MP3 for you Music and e-Pub for your books. Yes, my Nook may only last until it dies, but I will have all my purchased content backed up and ready to port onto my next device. Will Apple be around in 10 or 20 years time? But at least my music (currently on my iPod) will be portable to whatever is around.

What about good old Cash

So now you will have to log any cash transaction over £5 with your local police station...... or have they forgotten the £63m, the €995bn and the US$1.2 trillion in circulation?

Resign

At what point does the CEO actually take responsibility for all this mess and resign?

** Free ** ubiquitous wi-fi

When will hotels, restaurants and other establishments realise that people want free wi-fi that is truly free - slurping my personal data means it is not free.....

Let's all campaign for the mass adoption for openwirless.org as an SSID and simply let people connect.

Engine software (firmware) development is tightly controlled - to add a "feature" will have been tightly controlled with a specification, writing, testing and QA. All stages will have required approval and sign-off.

Thus is beggars belief it was "just a couple of rogue engineers".

If it really was a rogue addition then you should really worry about the whole production process and the rigour with which VW cars are produced.

I don't understand number 11; "Thou will be sceptical of everything on the Internet"

"We just need a little help about where the lock goes on this chastity bra"