* Posts by Peter 26

241 publicly visible posts • joined 10 Nov 2010

Page:

Reg reader rages over Virgin Media's email password policy

Peter 26

Re: Something's not right here

I avoid starting numerics for alphanumeric codes when Excel is involved as it sometimes deletes trailing zero's if the column format is set to General. I really hope Excel isn't involved in their process anywhere.

Customer service chatbot sector forecast to be worth $7bn this year

Peter 26

Re: Alternate Reality?

We have chat bots being rolled out globally to every country of our company...

Executives need to roll out something new to get that bonus and lines on their CV claiming to have saved the company money.

Every time someone asks a chatbot something, gets frustrated and gives up, count that as money saved! Multiply that by every country and think of how much money we can claim to have saved and how many customers we can piss off!

I've jumped on the bandwagon and have produced a chatbot using Power Automate and Teams internally. It does nothing that couldn't be done in a simple internal web site much easier and cleaner, but management love it and want me to show other countries how to do the same... what have I done? I played the game and now I'm part of the problem!

UK internet pioneer Cliff Stanford has died

Peter 26

RIP

Thanks for the good memories Cliff. That £10 a month brought me so much fun. I look back on those times fondly trying to figure out what an IP address, gateway and subnet mask was without any Internet to look it up! I can't remember how I overcame that, maybe downloading a guide from a BBS?

Hayes AT commands memorised, using finger, SMTP, POP via telnet.

That journey all started from £10 a month, he literally got us started in the Internet world.

Lost your mouse cursor? Microsoft's PowerToys 0.55 has you covered – with a massive crosshair

Peter 26

Re: IntelliPoint

I have this enabled too. It's really handy when you record tutorials and you want to highlight a mouse click.

Alert: Let's Encrypt to revoke about 2 million HTTPS certificates in two days

Peter 26

Re: Would be really nice

I completely disagree. The aim is to force automation and it works.

I have had warnings that my certificates would fail soon and I then have to go and figure out which my automation isn't working. I hate working dealing with certificates and figuring out why certbot isn't working. I have performed a manual refresh before just to get past the issue. But the second time it happens 90 days later, you do something about it.

I guarantee if it was a year, I wouldn't bother trying to fix it.

Google sours on legacy G Suite freeloaders, demands fee or flee

Peter 26

Re: Zoho email

Good find. So that just means we lose gmail with custom domain? How would that work in practice though? You'd still need to login to youtube and photos etc. to use the subscription which is using our @domain.com account... This is making me wonder if actually this is the dream scenario, our account just gets moved to a normal google account and we get to keep our standard logins me@domain.com, but lose the workspace features I don't care about anyway...

I've already got a setup with https://hanami.run/ as the mail server and using a normal gmail account with the pop3 from hanami and send as my own domain name setup in gmail. But I'm starting to wonder if they will let us keep our gmail accounts with the custom domain, as how else can they give us access to all our purchases and subscriptions?

I might just wait and see with this one, it might not be as bad as we thought. Google haven't even contacted me to let me know yet either.

Peter 26
Unhappy

Give us an easy migration Google

I've been meaning to move away from Workplace for years due to being blocked from so many google features. I can't use the camera on my Google Hub as it's disabled for Workplace customers. When checking my doorbell I'm nagged constantly by Nest to move my account to google, but every time I try it says I can't as it isn't supported under Workplace accounts. I can't install apps on my phone from the web as this is disabled for workplaces.

When they started Google Apps for Domains they didn't know what their target market was and aimed at families. I get it that the world has moved on and actually they need to aim it at businesses now. Why can't they do both and allow from options to choose family/business setup so I can use the features blocked for businesses and I'll happily give them money for it...

I have no issue with paying for the services, I just happily paid up for a years worth of Google Drive storage space for my photos.

What I am annoyed about is the lack of migration options, and this is the reason I haven't moved yet. There is no way to move my subscriptions over. All those Apps I've bought, the annual subscriptions to Strava etc. and recently Goole Drive. I'll need to move my mum & dad to another account too (Argh, I just realised this will be the worst part.)

If anyone from Google is reading, I just want to flick a switch and turn my me@domain.com account to a standard gmail one with the same login and keep everything except the Workplace features. Why can't you do that? What is the reason?

Even better, let me give you money to host my email without adverts and use a custom domain without signing up to Workplace.

Google, you invited us in, now you are kicking us out, at least let us take our stuff.

Team behind delayed ERP project was aware of problems but didn't inform Surrey County Council for months

Peter 26
Thumb Up

Re: Scope Creep

This was my view reading this. New client requirements is a legitimate reason to delay and increase costs. Why on earth would you suggest you could do it all within the same timeline and cost?

Google: We disagree with Sonos patent ruling so much, we've changed our code to avoid infringement

Peter 26
Holmes

Group Volume Change has been broken for the last couple of months, coincidence?

I've been frustratingly having to manually change the volume for all my speakers for the last couple of months. Now I'm wondering if it's down to this case...

ZOE COVID Study app starts the week with a lockdown of its own

Peter 26

Re: The Diet Myth

Save yourself the time and just read the last chapter, then go back and read the rest if you want to know the story.

SCO v. IBM settlement deal is done, but zombie case shuffles on elsewhere

Peter 26

Re: Am confused

But isn't this encouraging others to have a go as you can get a $14M payout for nothing?

Boffins propose Pretty Good Phone Privacy to end pretty invasive location data harvesting by telcos

Peter 26

Re: Won't happen

The purpose of this paper is to prove it's possible and show how to do it without changing hardware.

Making it happen is a job for someone else.

This paper moves the discussion one step forward beyond whether it's possible.

IBM's 18-month company-wide email system migration has been a disaster, sources say

Peter 26

Re: An impossible task

I agree with you, I loved Notes. Outlook annoys me to this day that it can't do the basics.

But the problem was familiarity, everyone knows Outlook, Notes was different, very different. If you had a technical inquisitive mind you'd learn to love it, but that was the very small minority of staff. Notes was a nuisance that got in the way from doing their job, another thing to learn...

Peter 26

An impossible task

I worked for IBM supporting Notes about 15 years ago.

Everyone hated it, 99.9% of the staff wanted to use Outlook because that's what they knew from their previous jobs, but technically Notes was better and had better features. There was so many features in Notes not in Outlook that I remember thinking, god help whoever has to migrate this in the future.

I would have just thrown my hands up in the air and said, we are not migrating this. Here's your new system, we will keep the old system as an archive read only for the next few years.

UK Court of Appeal rules Tiny Computers' legal remains can sue Micron and Infineon over 2002 DRAM price-fixing cartel

Peter 26

I'd forgot about the mass memory stealing around that time! It always made the Computer Weekly headlines.

It seems bizarre looking back that memory was the most expensive part of a PC with the mass production we have now.

Google's ex-boss tells the US it's time to take the gloves off on autonomous weapons

Peter 26

Re: Autonomous weapons need to be internationally banned.

Banning it should stop everyone doing it. While we are at it we should really look into an international agreement to ban recreational drugs too, we have enough ways to kill ourselves with bad health without taking chemicals for fun!

EncroChat hack case: RAM, bam... what? Data in transit is data at rest, rules UK Court of Appeal

Peter 26

Re: Wrong reasoning, right result.

I agree this is akin to planting a bug or a wire tap.

In other articles I've read about this they said they couldn't decode the signal if they had sniffed it in transmission, therefore this proves they didn't get the data in transit. I believe this is sound logic.

Police need to be able to investigate crimes, plant bugs etc. I have an issue with mass surveillance, but at an individual level getting a warrant to bug a specific person because you think they have committed a crime is what I think most people would agree should happen.

The bigger implications of this though is that they planted an updated firmware to EVERYONE who had one of these phones. This was mass surveillance by the backdoor. Maybe in this case it's true that the vast majority of people were using these phones for crime, but I'd like that to go to a judge beforehand to approve the mass surveillance, and I'd expect the bar of evidence to be extremely high before approving this. Plus instructions from the judge on destroying data of any non criminal behaviour captured for innocents caught up the in the mass trawl.

Then you have the issue of which country approves this... Should French courts be authorising hacking of other English citizens phones?

Cisco reveals critical bug in small biz VPN routers when half the world is stuck working at home

Peter 26

Re: "These vulnerabilities exist because HTTP requests are not properly validated."

I don't think I have seen any tutorials around this area in the last decade which don't cover this. It must be people reusing old code, or a proof of concept which ends up making it to the final product.

Windows Product Activation – or just how many numbers we could get a user to tell us down the telephone

Peter 26

I think almost everyone prefers to use an alternative to Office these days.

But there's always that one document you really need that isn't compatible with anything else.

Unauthorised RAC staffer harvested customer details then sold them to accident claims management company

Peter 26

Only 8 months suspended?

These cases are so hard to investigate and uncover it's disappointing an example is not made of the few actually caught and prosecuted.

US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor

Peter 26

Re: "full rebuild"

You've hit the nail on the head. The scale of this hack cannot be understated and it's going to be practically impossible to confirm you've eliminated all the backdoors into your network they have planted.

From now on you will just have to assume they have access and be constantly trying to find it. Probably not a bad approach to security anyway and a lot like our COVID safety protocols, just assume you have the virus and take precautions.

Cybersecurity giant FireEye says it was hacked by govt-backed spies who stole its crown-jewels hacking tools

Peter 26

Yes, you'd expect a more detailed response from a company like this. Clearly they have decided to hide that information, why? Is it embarrassing?

I am highly suspicious of claims of state sponsored actors being the culprits. It's the ideal excuse. Only the best of the best could beat us we are so great...

Where's your evidence that it was a state sponsored actor? Hmm you've decided not to provide that information, why?

My spidey sense is tingling.

Twitter hackers busted 2FA to access accounts and then reset user passwords

Peter 26

Re: insider trading

I doubt these were system admins, just 1st line support. They probably pretended to be their IT and got them to let them remotely login to their computers to fix something, including inputting any 2FA required.

There's no easy solution, more training on phishing calls, including internal phishing attempts to catch those who fall for them. Maybe a change in process so it requires more than one person to fall victim to make changes.

Health Sec Hancock says UK will use Apple-Google API for virus contact-tracing app after all (even though Apple were right rotters)

Peter 26

Re: I've said it before here on el Reg

FYI, I've been tested twice and got results 26 hours after first test and 18 hours the second time. I drove to the testing station rather than using the postal version. I was impressed with the speed of results.

The show Musk go on: Tesla defies Silicon Valley coronavirus lockdown order, keeps Fremont factory open

Peter 26

Re: Simple question

Every old person I have spoke to said it is an overreaction and they don't see themselves as high risk.

I think you summed it up though. Old people, ask yourself, would I call an ambulance and take up a bed if I was dieing from it? If yes, then self isolate and take it seriously.

Post Office burned £100m in UK taxpayer cash on Horizon IT scandal legal fees, MPs told

Peter 26

Re: "That doesn't make sense" ...

Maybe it was. Suspiciously we never heard back from them regarding that issue after my suggestion...

Peter 26

Re: "That doesn't make sense" ...

Back to the IT angle. I had a customer who had random files go missing on Windows Shares intermittently (breaking our software). I suggested they turn on windows auditing so we could see what/which account was deleting them. The MD replied, I will get my IT to do this and sack the person responsible once we find out who it is! I couldn't believe he was so quick to jump to thinking it was some employee doing it out of malice. In my mind I thought the most likely reason was some overzealous antivirus.

Amazon launches itself into retail IT with 'all the necessary technologies'. Not saying which, but you know...

Peter 26

Which businesses is this aimed at?

I really struggle to understand which businesses they are aiming at with this as it's only going to work for everyday convenience items. All the larger retail stores wouldn't touch it with a barge pole for obvious reasons, leaving only the little guy running a corner store. But everyone knows the corner shops main way of making profit is by not declaring all the cash they receive so they won't want all these digital records.

Maybe they are aiming it at the landlords of all the empty retail stores?

Now that's what I call a sticky situation: Repairability fiends open up Galaxy S20 Ultra 5G, find the remains of Shergar

Peter 26

Samsung Repair not that bad

The fact Samsung has its own repair centre's is actually a selling point for me. It's the only flagship phone manufacturer that provides genuine replacement batteries at a reasonable price. If you buy a 2nd hand battery anywhere else it will be fake and have nowhere near the storage capacity of a genuine one (you might as well have stuck with the dud one). I used to repair phones myself and gave up on genuine replacement batteries bought from third parties.

I recently had my Samsung S8+ battery replaced in the Kingston store for £50 all inclusive. It's made my phone like the day I bought it. Looks like I'll get another couple of years out of it now, which is quite clearly why other manufacturers don't want to sell replacement batteries.

If there's a bustle in your hedgerow, don't be alarmed now: Brexit tea towel says it'll just be the gigabit broadband

Peter 26

Re: Who needs Tea Towels when you can have Jack Boots?

Thanks for that link. I'm now a subscriber. It's good to read something honest and unbiased for a change.

Firefox now defaults to DNS-over-HTTPS for US netizens and some are dischuffed about this

Peter 26

Re: So what....

This is a really valid point. We don't think it's the case, but who's to say for sure?

Also, what if they have been issued a secret subpoena requiring them access to all the DNS logs?

Alternatively just targeting their network data which I've read can be fingerprinted to identify lookups. A massive project, but certain people have big pockets and by putting all your eggs in one basket it means they have less networks to target. Cloudflare/Google DNS being the main ones.

Anyway, 99.9999% of people don't know what DNS Sec is, so I think Fierfox have done the right thing for today. In a years time there might be a better option. If you're a techie you can change it in the options, if you aren't you would have no idea and noprotection anyway, so something is better than nothing.

One man is standing up to Donald Trump's ban on US chip tech going to Huawei. That man... is Donald Trump

Peter 26

Re: I blame Rupert for this...

It's the reason the Republican party is what it is, and people are willing to vote for this criminal idiot.

It's clear Brexit happened because of tabloids blaming Europe for everything. We have started down this path, if we let them destroy the BBC we will be much further down the the same route as the US.

Microsoft boffin inadvertently highlights .NET image woes by running C# on Windows 3.11

Peter 26

Re: "Visual Studio is a paid-for product"

"If Microsoft want more developers using C#, they need to drop their enterprise-style pricing and make Visual Studio much more attractive. I know that there's a Community Edition, but the cost of the jump from free to non-free is incredibly high, it's no wonder everyone just goes off and uses something else..."

It's the same as travelling in business class. Way too expensive, but you don't care as you're not the one paying it.

Peter 26

I love .NET

I love .NET, it's so easy to use, the IDE is great, all the libraries are fantastic. It links to everything. If you have an issue a quick google finds an answer.

But then I am over 40 years old... The stereotype seems spot on.

Crown Prince of Saudi Arabia accused of hacking Jeff Bezos' phone with malware-laden WhatsApp message

Peter 26

Time for the super rich to fund security research?

I'd like to see the super rich like Bezos fund security research into anything they use day to day. We'd all benefit from it if he had a team looking into WhatsApp security finding bugs and alerting WhatsApp. Apparently this breach cost him his marriage and a $38 billion settlement with his wife, whatever it costs it's going to be a drop in the ocean compared to that.

FYI: FBI raiding NSA's global wiretap database to probe US peeps is probably illegal, unconstitutional, court says

Peter 26

Re: Checks and balances essential

I definitely think Trump Tower is fishy, but just to play devils advocate this does happen with bigger constructions.

Here's an example. WWF UK Headquarters (The panda one, not wrestling!) WWF knew they needed a new site for their head quarters in the UK, they asked around the different councils to see who would subsidise their new building the most. Woking won by offering to pay for the building for them, in return they got the prestige of having WWF UK Headquarters in Woking putting them on the map, and presumably more jobs... You can argue whether that was a good deal, but it shows that it makes sense to get the subsidies in place first before deciding on location. Even on a smaller scale when doing a house extension, you first sort out with the bank how much money you've got before you start the plans and construction.

This vBulletin vBug is vBad: Zero-day exploit lets miscreants hijack vulnerable web forums

Peter 26

I don't think this classifies as a vulnerability, this is a feature which allows you to run a command on the server from the client. I don't see any way this could be accidental, it's bizarre. It's either a deliberate backdoor or some development code that got into release by accident? The development code part doesn't make any sense either though, why would anyone add remote code execution into a development build?

Capital One 'hacker' hit with fresh charges: She burgled 30 other AWS-hosted orgs, Feds claim

Peter 26

I find it interesting how people can be clearly smart, but also equally stupid at the same time.

Talk about unintended consequences: GDPR is an identity thief's dream ticket to Europeans' data

Peter 26

A solution?

Perhaps snail mail with a code, then a visit to an approved ID checker, such as a bank or post office with that code.

There's an opportunity here for someone to set this service up and sign up the ID checkers and the companies who want to prove identity.

Although this just proves a person is who they say they are, not that they own that particular login name, so it's only part of the puzzle.

Peter 26

It is GDPR's fault. The reason GDPR exists is because we know most companies have piss poor data protection controls. Therefore in the design of it they need to force companies to ensure they protect our personal data. Let's hope they add protocols that have to be followed into GDPR v2.

In the mean time this is great news for companies, they now have an excuse not to deal with GDPR requests, let them get stuck in the red tape of proving who they are.

Get ready for a literal waiting list for European IPv4 addresses. And no jumping the line

Peter 26

Re: We need a new approach

Absolutely agree. I think a big issue with IPv6 is that it may be better on paper, but the human element hasn't been given enough weight. We have all grown up with IPv4 and on the surface it's pretty simple, people are lazy and don't like something that different and looks complicated.

Was this quake AI a little too artificial? Nature-published research accused of boosting accuracy by mixing training, testing data

Peter 26

Raj's response to authors response

I'd like to see a response from Raj about the authors comments. Can he explain why they are wrong?

“The network is mapping modeled stress changes to aftershocks, and this mapping will be entirely different for the example in the training data set and the example in the testing data sets, although they overlap geographically," the pair said.

"There’s no information in the training data set that would help the network before well on the testing data set - instead, the network is being asked in the testing data set to explain the same aftershocks that it has seen in the training data set, but with a different mainshocks. If anything, this would hurt [the] performance on the testing data set,” DeVries and Meade, wrote back to Shah.

When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security

Peter 26

Re: Google too

Can anyone recommend a cheap burner SIM? They all seem to start at £10 minimum topup. A bit much to create anonymous accounts.

Ah, this military GPS system looks shoddy but expensive. Shall we try to break it?

Peter 26

yeah totally, I thought they were going to reveal what crap was inside.

You got a smart speaker but you're worried about privacy. First off, why'd you buy one? Secondly, check out Project Alias

Peter 26

Re: you could simply not put the creepy things in your home

The remote server is required for the quality voice recognition.

I helped catch Silk Road boss Ross Ulbricht: Undercover agent tells all

Peter 26

More Questions

That was a really good read. I have more questions.

How did they find the server in Iceland using the admins account? What was the security failure here, surely there was an encrypted reverse proxy?

How did they find connections from San Francisco to the server? Wasn't he using a VPN?

Customers baffled as Citrix forces password changes for document-slinging Sharefile outfit

Peter 26

2FA Fail

I'm all for increased security, so I went to their website, changed my password to a random generated one (I have no idea what it is) and saved it in my password manager Blur. Then I went to see if they had a 2FA option. There is yay! But only via sms/phone call, boo! But wait, after enabling SMS 2FA, I can then enable a backup 2FA via an Authenticator App, but you cannot remove the SMS 2FA.

I signed in on my mobile and it sent me an SMS rather than using the authenticator app.

They are nearly there, but they need to push to use the authenticator app as the first choice and give the option to remove SMS as 2FA (in fact encourage it), sim swapping is incredibly easy to do, use of it to take over accounts has exploded recently. SMS 2FA cannot be trusted anymore.

I've removed SMS 2FA from my google account, name cheap and anywhere else that gives me the option.

Sharefile is probably the most important account I have, I use it to transfer customer data. That thing needs to be secure. They should up their game with regards to 2FA.

LastPass? More like lost pass. Or where the fsck has it gone pass. Five-hour outage drives netizens bonkers

Peter 26

Re: Keepass

I can't get over the fact you have to manually copy the password file to your device. I get that it's more secure, but it sounds really annoying. What if you sign up on your PC to a service then want to login with the accompanying app on your phone? You have to copy the file first.

Just seems like a lot of hassle, last pass sounds like a good compromise on security/ease of use unless I am missing something.

Azure, Office 365 go super-secure: Multi-factor auth borked in Europe, Asia, USA

Peter 26

Ironic

I was thinking this morning how awful it was that people couldn't get to work because the Waterloo line was shut, and how lucky I am to work from home and not be affected...

Peter 26

Re: I'm locked out of my account for work

Haha, I cleaned the Kitchen Skylight, been meaning to do that for months..

Still locked out, what next...

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER