Nope
I have a setup I like, that does what I want.
I don't want errant things burrowing holes to get DNS via other methods.
Go away.
Posts by Blacklight
163 posts • joined 6 May 2008
Google rolls out pro-privacy DNS-over-HTTPS support in Chrome 83... with a handy kill switch for corporate IT
Three things in life are certain: Death, taxes, and cloud-based IoT gear bricked by vendors. Looking at you, Belkin
Hey bud – how the heck does that stay in your ear? Google emits latest Pixel Buds, plus extra bloatware if you have the matching phone
So you locked your backups away for years, huh? Allow me to introduce my colleagues, Brute, Force and Ignorance
Friday 31st January 2020 19:54 GMT
Pencils
Our old 8088 and then 8086 used to have a batch file we ran to "park" the heads on the disks prior to shutdown. But we started with a 20MB "hardcard" (and a Hercules b&w graphics card, along with DOS 2.11...)
But later we had a dead hard drive, that we could restart with a pencil in the drive spindle, releasing it. We did back it up then
Voyager suffers a power wobble as boffins start the final countdown for Spitzer
Uncle Sam challenged in court for slurping social media info on 'millions' of visa applicants
It's back: The mercifully normal-looking Moto 360 smartwatch
Tuesday 29th October 2019 14:43 GMT
V3...
I have a 2nd gen 360, bought from new when Moto did a father's Day offer. Totally black with black metal strap. That pic in the article looks like the straps may be transferred from old units.
Moto were awesome and swapped my battery well outside warranty, as the various updates oiled the battery (Google that, it wasn't fun) and whilst I don't wear it much it still provides time functions by the bed. The main drawback is its a bit slow now.
If the new one has NFC, a speaker and wireless charging, I may be in.
HMRC's HTTPS howler: Childcare payments site cert expired at 1am on Sunday, down for hours
Backup your files with CrashPlan! Except this file type. No, not that one either. Try again...
Thursday 30th May 2019 07:59 GMT
Received this morning:
"Dear Valued Customer,
On May 6, 2019, our technical services team rolled out a number of changes to the CrashPlan for Small Business data protection service. These changes were intended to make restoring files and machines more efficient by eliminating unnecessary files from your backup sets. Unfortunately, we made two mistakes during this change process.
The first mistake relates to our email notifications sent to you regarding the changes to CrashPlan. Our initial email sent in early April was classified incorrectly as a marketing communication and did not reach customers who opted out of marketing communications. We resent the notification to all customers on May 17, but this did not give enough advance notice to some of our customers. We apologize for this mistake and we can assure you that we have since changed our processes to ensure better communications in the future.
The second mistake involves the actual file changes that we made. As part of this update, we stopped archiving 32 file types and directories. The email notification included a link to an updated list of files that are excluded from CrashPlan backups. One of the file types we began excluding from backups is the .sparseimage file format. We believed that this file format was obsolete because in 2007 Apple introduced a new format called .sparsebundle, which we thought replaced .sparseimage for the use case we track. After we implemented the changes in May, some of our customers made it clear they still have valid use cases for .sparseimage. We now believe we made an error in excluding .sparseimage, and we have since added it back to the list of files we support via backup.
If you use .sparseimage files, there is no action you need to take. The change will automatically be pushed to your client and .sparseimage files will once again be backed up in CrashPlan. This process will take several days as these devices connect to our service. You can see a full list of excluded files here.
We regret the inconveniences that these two mistakes may have caused you. Our priority is to provide a great product that protects your important small business data. We appreciate your feedback and ongoing partnership. Should you have any questions or need assistance, please contact our Support Team.
Thank you for your support and trusting us with your most important information.
Sincerely,
Joe Payne
President and CEO
Code42"
Tuesday 21st May 2019 12:19 GMT
Re: Whatever happened to three copies ?
My data is held locally, protected by RAID and was backed up to Crashplan, which until now had been flawless. I also periodically ran an LTO (yes, that old tape) backup.
Most of my data was also only on the server when it was shunted off the original device, so I had 3 copies for a point, then typically two.
The point being that whilst I know a Cloud provider may be ephemeral and your data may go poof, the management of this implementation leaves a "lot" to be desired. Like "management", decent comms etc - I can't believe they just looked at the potential disk size reduction and went "What could go wrong?"....
You got a smart speaker but you're worried about privacy. First off, why'd you buy one? Secondly, check out Project Alias
Um, I'm not that Gary, American man tells Ryanair after being sent other Gary's flight itinerary
Thursday 3rd January 2019 16:17 GMT
I've had this, for a similar named person to me, and their flights.
And someone else crime report, with number (direct from the police)
And something from HM Government.
And home building plans, and insurance.
Normally I do get a "sorry" in most cases, but STA (re: the flights) took a LONG time to sort it, and I did consider cancelling the flight....
A year after Logitech screwed over Harmony users, it, um, screws over Harmony users: Device API killed off
Thursday 20th December 2018 12:57 GMT
Alternatives...
Anyone who has enough nouse to play with APIs, can do the following...
Get a Raspberry Pi, an enclosure, and install OpenRemote on it.
Yes, there is a cloud UI to set things up, but once you've got the config on the Pi, you can cut it off from t'interweb and it will still control anything in your house/network that you can make it talk to (from HTTP/JSON to raw TCP/UDP).
Mine runs on a NAS rather than a Pi, but talks to Philips Hue (which runs when no cloud is available), Lightwave (same), and direct to other devices on the LAN. It is a bit of effort to get going, but it's so worth it when you hear of crap like this!
Rookie almost wipes customer's entire inventory – unbeknownst to sysadmin
Amazon warns you have 30 days before Music Storage files bloodbath
Android P will hear no evil, see no evil, support evil notches
Intel gives Broadwells and Haswells their Meltdown medicine
Wednesday 28th February 2018 11:56 GMT
I recently played with amending AMI type BIOS, as I wanted a new Intel BIOS for RST, and it worked. Hopefully if they drop the microcode in useful formats, people can try rolling their own (if they are suitably equipped).
At least my Gigabyte motherboard has Dual-BIOS, so I can't *totally* kill it...
Intel’s Meltdown fix freaked out some Broadwells, Haswells
Friday 12th January 2018 12:25 GMT
Hmm.
Since putting the latest MS patches on my (Sandy Bridge based) PC, I've had two unexplained crashes - which is annoying when working remotely as while the Intel RST on my machine recovers correctly, it doesn't then reboot, so just sits waiting for someone to reset it. Maybe time invest a remote power switch....
Also quite annoying as my Sandy Bridge (i7 2700K) DOES support PCID, but not, apparently INVPCID...
So, on a Sandy Bridge i7 2700K (released Oct 2011 I believe) running Win 10 Pro, the results of "Get-SpeculationControlSettings" are:
Speculation control settings for CVE-2017-5715 [branch target injection]
Hardware support for branch target injection mitigation is present: False
Windows OS support for branch target injection mitigation is present: True
Windows OS support for branch target injection mitigation is enabled: False
Windows OS support for branch target injection mitigation is disabled by system policy: False
Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True
Speculation control settings for CVE-2017-5754 [rogue data cache load]
Hardware requires kernel VA shadowing: True
Windows OS support for kernel VA shadow is present: True
Windows OS support for kernel VA shadow is enabled: True
Windows OS support for PCID performance optimization is enabled: False [not required for security]
Suggested actions
* Install BIOS/firmware update provided by your device OEM that enables hardware support for the branch target injection mitigation.
BTIHardwarePresent : False
BTIWindowsSupportPresent : True
BTIWindowsSupportEnabled : False
BTIDisabledBySystemPolicy : False
BTIDisabledByNoHardwareSupport : True
KVAShadowRequired : True
KVAShadowWindowsSupportPresent : True
KVAShadowWindowsSupportEnabled : True
KVAShadowPcidEnabled : False
1980s sci-fi movies: The thrill of being not quite terrified on mum's floral sofa
Tuesday 9th January 2018 11:12 GMT 
Lovely lovely Sci-Fi.
Tripods, Chocky, Children of the Dog Star, "Benji, Zax & the Alien Prince", The Tomorrow People, all squarely aimed at kids, and in some cases quite dark (Chocky, I'm looking at you...). Knights of God was my first proper Dystopia, and the bastards never released it officially....
But then we got some proper trippy stuff. Manimal. Automan (not at *all* trying to be Tron). And the action sets (Airwolf, Knight Rider, Street Hawk). And big budget sci-fi, like "V", in all its latex goodness. It even had Freddy Kruger hiding in it.
What I want to see (properly restored) is "The Highwayman". That was proper, classic, dystopian cheese (with added Jane Badler, of V fame)....
Hells door-bells! Ring pieces paralyzed in horror during Halloween trick-or-treat rush
Wednesday 1st November 2017 08:31 GMT 
Le sigh...
"Let's all think of the clever, and not think of the function...."
Yes, it might put up a bit of cost, but how hard is it to also incorporate a remote sounder, like most wireless doorbells? Or even some local (encrypted) storage, so it can take/store pics of people who did come to the door?
If your internet backhaul is down, isn't the result going to be the same? At least Hue & Lightwave etc continue working with whatever settings they have been given, if the cloud goes down. My home automation system uses a cloud UI to configure, but once it's got it's config. it doesn't need the internet.
Failover modes people, failover modes....
Boffins blast beats to bury secret sonar in your 'smart' home
Tuesday 22nd August 2017 14:43 GMT
Re: yet another reason...
Depends on a variety of things :)
Your phone mobile is permanently wired, it can't be disconnected. As to wether it's "active" is down to software, listening to the input channel.
The various assistants (Siri etc) can be configured to either "listen all the time" (keyword activation) or after a button press (Siri). But do you trust that's what they're actually doing? :)
If you've got a Smartphone, and you can't take the battery out, you can't be 100% certain that it's not listening, That's the basic fact. Assuming you haven't run some third party apps with access to microphones, or granted access to those apps, then you should be "as safe as your assistant settings" are configured.
Virgin Media router security flap follows weak password expose
Monday 26th June 2017 10:19 GMT 
Erm....
I may be wrong (probably am!) but is the other issue resolved?
i.e the one whereby when the router powers up, for 7 seconds or so, there is no encryption set on the WiFi? o_O
Thus, if you are quick enough, you can get onto the WLAN - and then (again, if quick enough) - either use the default web admin password to find a WLAN password (even if it's been changed), so you can then reconnect shortly after, or do a quick network probe? Granted that's a tight window of opportunity, but still!
[EDIT] Ah yes - a powershell to reboot a SuperHub - if you know the password. Assume it's default, and a bit of cross site jiggery-pokery with a form post/social engineering - and away you go, router reboots, WLAN available briefly...[/EDIT]
Personally, opt for "SACM" (standalone cable modem) mode and use my own WiFi. I'd still be using 802.1x EAP too if the firmware I use was updated to not break RADIUS :( (choice of stick with RADIUS but keep other vulns active, or upgrade and lose RADIUS)
If you don't have your own router, change the WiFi AND admin passwords - which should be standard OpSec anyway. It wouldn't be that hard for device manufacturers to trap all web traffic when the thing is in "default" mode and force passwords to change, before letting it go fully operational....
Faking incontinence and other ways to scare off tech support scammers
Friday 19th May 2017 10:52 GMT 
Lenny
I've just installed Lenny onto our PABX as a handy extension. Now I'll probably get no calls...
I also love that other default message (with the correct English pack) that says "All members of the household are currently assisting other telemarkers. Your call will be answered in the order it was received"...(and then dumps them on permanent hold music)
Leaked: The UK's secret blueprint with telcos for mass spying on internet, phones – and backdoors
Friday 5th May 2017 12:12 GMT
Re: Encryption is not made "illegal"
Again, it's the over the top services that will be the "fun".
MPLS/BGP/TCP et al can be inspected, as it's a known protocol. If the packet's going up/down said wires turn out to contain encrypted stuff, that's WAY beyond the OpCo's wires, and the Telco's will simply go "meh" as it's not in their domain to control, unless they start doing DPI and being ordered to block anything they can't decode.
In which case we'll see digital steganography of another kind. Stuff will look like/be valid traffic, and just be nonsense, with anything relevant buried in some way that'll be harder to spot.
Friday 5th May 2017 08:44 GMT
Re: So where is the problem here ?
"Are end users going to be forced to install ISP root certificates ( to allow HTTPS MITM attacks ) before they are allowed to use an ISP's services ? I can't see this. That would require touching every endpoint connected to the ISP, it would be a nightmare for the ISP's, and pinning complicates even this."
Erm, not quite. A nice nudge to Google & MS and hey-presto, your next s/w or OS update contains new certs.
Chrome already overrides machine level certs, as I found out when I was using a CA it opted to distrust (warnings ahoy, even though the root CA was trusted).
Unless you keep tabs on EVERY cert in your machine, with fingerprints, something could merrily install and opt to use one.
Pinning also only works if the apps respect it (or are allowed to)...
I'm sure someone will be along shortly to insert an obvious comment about not using Windows, or Google, or <other large well known app> - but for the masses, it's not going to be that hard to do...
Nielsen, eat your heart out: TiVo woos admen with prediction engine
Tuesday 21st March 2017 12:24 GMT 
You clearly missed the "experiments"
A while back, if you paused on VM TiVo, an ad popped up on the pause bar (for Tetley, IIRC) - so you may have something foisted on the screen even if you ignore it. It got slammed and went away (for a bit).
Also - do you not find it very suspicious that 99% of the channels on VM TiVo (other than terrestrial) seem to have magically sync'd their advert breaks? Get bored and channel hop? More ads...
Google mass logout riddle deepens: OAuth token fumble blamed
Thursday 2nd March 2017 16:57 GMT
WTF?
I saw all of my G devices logout, and this was timed when one of my 5X handsets had died, and I was in the process of recovering data and then RMA'ing it.
Mostly this was an inconvenience, and did initially raise an alarm as I was the account section checking if I'd gained another login elsewhere (I'd hope not, I use 2FA).
What worries me more is the OnHub resets! I don't have one, and personally this just adds to why I won't get one. "Key" infrastructure devices, ala routers should not be subject to the whim of an external 3rd party at all, error or otherwise. At worst I'd expect them to sever connections with the Cloud and request you log back in again, but NOT reset and take all the config with it....
The Register's guide to protecting your data when visiting the US
Soz fanbois, Apple DIDN'T invent the smartphone after all
Monday 9th January 2017 10:06 GMT
Sendo X did e-mail, and let you lug around your own music (on a card, or via USB no less!). We were even looking at cloud services. The X2 even had a nice VR game, but never got off the blocks, as Sendo went "phoom", cue Moto entering stage left. Moto had already tried to lure fanbois with the (ahem) MotoRokr back in 2005 - but that wasn't a smart phone. But who cared? Fun glowy LEDs! But then, out of Brum, came the (ring ring ring ring ring ring ring) Banaphone Z8.
The Z8 did do some very nice things, was nicely specced, had that fun form factor (although WTF marketing managed to do with that "horse" advert I have no idea) - although it was a potentially risk dalliance with UIQ over S60.
But then "Oh hai, iPhone" with it's large screen" and "touchscreen" and "bai bai" everything....but seriously, ignore the fact it happened to have "Apple" on it, the larger touch enabled screens are pretty much what won it...
Samsung SmartCam: Yes, those eyes really are following you around the room
Tuesday 13th December 2016 15:00 GMT 
They have their places...
We've got a PTZ ethernet (or optionally, WiFi) camera with microphone (but no speakers), which we have dual purposed - in the night as a baby monitor (using a now aging Nexus 7 as the monitor) and in the daytime, it can be used to keep an eye on outdoors (via a window).
It's "LAN only", doesn't connect to t'internet - or allow connections from t'internet - if we're "off LAN" we access it via a VPN - but we're probably not the target market Samsung are addressing here...
Google may just have silently snuffed the tablet computer
Wednesday 5th October 2016 09:27 GMT
Already said above, but the Pixel-C is a lovely bit of kit (although I can recommend NOT dropping it, as whilst the screen survived, trying to 'undent' the metal case is challenging!)
I've got a Nexus 7 (2013), which won't go beyond Android 6, and is a bit slow, but it's used for some games, and principally a baby monitor (IP Cam viewer) at night.
The Pixel-C is just a joy to use when you CBA with a phone. A bit heavy, but sometimes heft is good.
I was considering a Pixel Phone to replace the 5X, but £599 or £820? They're having a giraffe.
NASA starts countdown for Cassini probe's Saturn death dive
Delete Google Maps? Go ahead, says Google, we'll still track you
Tuesday 13th September 2016 11:10 GMT
Nexus 5X here with Android 7.0 on.
Location for the Store is "off" and I didn't' turn it off, it's just "off". I didn't see any request to enable it either....
The only thing I did note was that I had Developer mode "uncovered" before the 6.0-7.0 upgrade, but it was disabled. Post upgrade, it was ENABLED and "Automatic system updates" were enabled...
Google swats Nexus 5X vulnerable fastboot memory dump flaw
Monday 5th September 2016 11:02 GMT
A link to other materials here would be useful :)
The 5X has an encrypted file system, however other sources on this vuln show the password is left sitting "unguarded" in the extracted image, so someone with the image could unlock the device, or clone it.
Hopefully Google have either salted this passphrase now, rather than just stopping the panic enabling extraction.....
'I'm sorry, your lift has had a problem and had to shut down'
YouTube breaks Sony Bravias
Monday 5th September 2016 08:28 GMT 
Meh.
I decided I'd never have a Smart TV, until the only way I could get a larger panel with 3D support was a Smart TV.
So I had a play, and while the interface isn't super whizzy, it works - although the unit has the most stupid design flaw - I can turn if OFF via Ethernet, once it's OFF, it doesn't respond to WoL, so you have to resort to a pinky interface, or good old IR. Well done there, that manufacturer.
But still, as it the box supports YouTube, Google Play Movies, Talk Talk TV/BlinkBox & NowTV. If any of those fail, those apps all support Chromecast, and I've got one of those too. £25 isn't a lot to shell out. Or, as mentioned, I could resurrect the Pi2 I have lying around...
'Nigerian scammer' busted after he infected himself with malware
Tuesday 9th August 2016 12:20 GMT
Re: Amazingly
I've got one of these (and scanned it for posterity) if El Reg would like to run an expose on it...
It ticked all the boxes:
1) Shiny company name
2) Shiny company address (Geneva) - which, if Streetviewed, is a cinema and hairdressers....(presumably a unit above it)
3) Webmail email address
4) "Phone" number that points to a REGUS FAX number
5) Offer of lots of good investments
Windows 10 Anniversary Update is borking boxen everywhere
Tuesday 9th August 2016 08:24 GMT
The upgrade has had some fun with my machine.
a) Restart after updating - well, no, it powered the machine off
b) ICMP (inbound) ping/response was disabled, after I'd explicitly enabled it
c) Jumbo Frame support magically got disabled
d) System Restore - also magically turned off - I created a Restore Point FIRST, and when I ran some diags/checks afterwards, System Restore on C: was disabled.
I'd advise you to check all your settings, just in case...
Windows 10 Anniversary Update: This design needs a dictator
Thursday 4th August 2016 14:03 GMT
It landed on my PC.
"Restart to install updates" - except it shutdown and powered off. Nice.
It also disabled incoming ICMP (which I'd explicitly turned ON before). Nice. That upset my elementary monitoring.
It turned off my Jumbo Frame support, which upset my file transfer speeds, and me.
I'm also using a local account, but it said it required access to my MS account "for something". It then showed up under Account again (since removed and logged out and it's not come back. Yet).
It enabled Windows Ink without asking. It got turned off.
Cortana is absent, as I'm using a local account. Good.
Facebook to kill native chat, bring opt-in crypto to Messenger
Friday 3rd June 2016 10:29 GMT
Re: Article short on details
^^ This. Use the mobile app, get requested to install Messenger. Use the mobile website, get diverted to install Messenger. Cancel, and you can use the mobile website. If you use a mobile with "desktop view" it kind of works (but Android & Facebooks auto scrolldown/refresh keeps confusing it).
Important messages still go via SMS, and some friends have already migrated to Signal.
'Windows 10 nagware: You can't click X. Make a date OR ELSE'
Thursday 2nd June 2016 11:21 GMT
IANAL, but doesn't that constitute Misuse of Computers somewhere along the line?
Or do the terms of Win7 (et al) basically state you absolve your self of any/all choice? Or (worse) that the wording regarding "updates" is that they are offered without warranty, and WinX gets labeled as an "update" to get them around it?
Disclaimer : I have WinX (Home & Pro) on two machines, and don't hate it. Only gripe is the "Oh hai, buy Office 365 plz" self installing appvertisement...
