* Posts by plunet

32 publicly visible posts • joined 14 Aug 2015

Google password resets not enough to stop these info-stealing malware strains


Re: Session cookie stealing is not an unknown thing

Perhaps it should be an option on the password change page, with perhaps the default to invalidate all sessions and an explainer to help users choose the right thing to do.

If you're just changing your password because you want to and not because any any specific risk, then forcing all sessions to reset might a sledgehammer to crack a nut in terms of user experience.

Driverless cars swerve traffic tickets in California even if they break the law


Re: How to improve AI training in one easy step

No you don't start with the owner in the UK. You start with the registered keeper which is the name or entity on the V5C.

The registered keeper is quite often different to who the owner might be (eg. leasing or finance company).

Suits ignored IT's warnings, so the tech team went for the neck


Seems like you missed out on a field trip to the errant laptop in Majorca to retrieve the so important missing emails.

Nobody would ever work on the live server, right? Not intentionally, anyway


The way that ntl:hell was sticky plastered together back in the day, I would imagine that the web server shutdown it also shut down all the transparent web proxies that ntl: never wanted to admit that they were using and caused a broadband duvet day.

Microsoft’s Dublin DC power plant gets the, er, green light


Re: more than 150 diesel generators

Surely the point is that they have both gas and diesel generators. They will have the option to mix and match between both to not only keep the bit barn going but also get paid for supplying power to the grid at considerable profit when needed.

Microsoft's Azure West Europe region blew away in freak summer storm


Re: Fibre underground is not effected by storms they strung it on poles...

Would not necessarily need to be an arial fibre run for bad weather and assoicated power failures to still cause impacts to fibre below ground.


Re: Never noticed

But as the article says, traffic to/from the front door of the region wasn't impacted. Only traffic being synced between DCs within the region for availability purposes was impacted. Perhaps you don't have any availability services, or you failed to notice that background syncs of data were failing.

WeChat makes facial recog payment systems talk to the hand


Re: I wonder who asked for this

Have you been to China? Using facial recognition for payment authorisation is not uncommon in shops kitted out with the relevent point of sale equipment.

They might not have asked for it, but its there, and it does get used, although I think it hit considerable problems with the masks the mandate for which were not removed earlier this year.

QR codes are still the main way to pay, but biometrics are there and are being used for day to day payments.

Britain's largest private pension scheme reveals scale of Capita break-in


It's the humans that are insecure here

It seems that it's not the actual pensions system/database that was compromised but some fileserver used by Crapita to do admin tasks on the pensions system. It appears this fileserver had various dump/export files from the pensions database for various clients probably used for massaging data and bulk updates, the problem is that they were left lying around and were not encrypted...

Microsoft breaks geolocation, locking users out of Azure and M365


IPv6 still the poor relation chez Microsoft

"Making matters worse, the IP addresses in question appear to be IPv4. Shame, Microsoft, get thee to IPv6!"

That's because last time I checked Microsoft offered no geolocation on IPv6. If you don't offer it you can't break it.

OneDrive back on its feet, but ongoing Skype credit problem hasn't gone away


Re: "international roaming is a lot more affordable"

Teams can absolutely make phone calls but maybe not at a sensible cost for the occasional outbound phone call.


"The Skype for Business product – once used by such venerables as particle accelerator boffins at CERN, which swapped it with softphone client CERNphone in June – was replaced by Teams in 2019 and reached end-of-life last year."

Errr, the author has conflated SfB with SfB Online.

SfB Online was retired back in 2019 in favour of Teams. But SfB as an onprem or hosted solution is still very much a thing and supported by M$.

Programming error created billion-dollar mistake that made the coder ... a hero?


Re: Worst code I ever saw...

Here in Switzerland, kids are being taught touch typing starting in 4th grade (approx 9-10 yrs)...

Factor in the options of QWERTY, AZERTY (French) or QWERTZ (German) keyboards and those yoofs must have a a bunch of fun.

Cloudflare finds a way through China's network defences


And the elephant in the room

Unfortunately this article is fairly useless as it fails to specify whether to make content available in China with this new cloudflare agreement needs the usual ICP licence. There are plenty of CDN providers that have reach into China, including Cloudflare even before this 'announcement'. The main issue for most is whether it's worth the effort and hoop jumping to get and probably more importantly maintain an ICP licence.

India seeks verified IDs to register email accounts


"with China's centralized virtual currencies WeChat pay and Alipay processing 294.6 trillion won"

Is that the won / wrong currency, it doesn't seem very Korea / clear to me...

Google Translate dropped in mainland China


It's my understanding that they would have had to maintain a registration / licence with the Chinese authorities to be able to operate that service with a .cn domain name presumably also hosted within China. The registration and licence needs a named individual in China to be legally responsible for the service and be answerable for its content. With the increasing scrutiny of online services in China perhaps there was no appetite for the paperwork and personal risk.

Outlook email users alerted to suspicious activity from Microsoft-owned IP address


I think you will find that an Azure AD P1 licence is sufficient for enabling Conditional Access.

Vital UK customs system outage contributes to travel chaos at its borders


Re: Sounds about right

"Updated to add at 16:00 on April 18, 2022"

Just after Easter weekend.... so maybe they discovered the Easter Egg that was left in GVMS by some contractors that got shafted by IR35.

Nottingham University awards cloud finance and HR deal in £29.75m deal 2.5 years after Unit4 upgrade


They do have CS courses and students. But I struggle to understand how getting the students to program up this requirement would make any sense? Assuming the students can pull it off, after they have graduated who would be keeping the product up to date to meet changing business and regulatory requirements, fix bugs, patch components they have used, and generally support the end to end solution. And you have also got the complication that you have student data subjects probably requiring admin access to the very backend systems that govern their fees, rent payments for halls, and all manner of other key business data. Yeh...

BT Wholesale wants the channel to give SMBs a nudge before copper sunset in 2025


South Korea?

Impromptu game of Robot Wars sparks fire in warehouse at UK e-tailer Ocado


Self-check out...

Unexpected hot bot in bagging area. Please extinguish bot and sell investments in Ocado before continuing.

Anyone still using cash? British £50 banknote honouring Alan Turing arrives


"note is due to become available in bank branches and ATMs over the coming days"

ATMs dispensing £50 notes? They must be in a parallel universe. Maybe in the lobby of Coutts & Co, and other wealth management instutitions.

If you can't log into Azure, Teams or Xbox Live right now: Microsoft cloud services in worldwide outage


As it was a DNS based outage, it's not entirely surprising that DNS is a separate infrastructure for Azure in China. DNS is one of the methods the motherland imposes at a technical to limit access to some internet resources outside the country. Other methods are also in use.

It's 2020, so let's just go ahead and let Amazon have everyone's handprints so it can process payments


So last decade...

Biometrics for payments.... Amazon just trialing this?

Try going to China where Alipay has been doing facial recognition for payment for quite some time now. When you realise that between then Alipay and WeChat pay now account for something like 90% of payments for most retail transactions in China, and you realise just how far ahead payments tech is in China and how the rest of the world is in serious catch up mode. No one forces you to use it, but most retails over there now frown on needing to handle cash - even the subsistence farmer selling their goods by the side of the road have their AliPay and WeChatPay QR codes printed out to take payment.

Breaching China's Great Firewall is hard. Pushing packets faster than 1Mbps once through is the Boss Fight


Re: 404

It's available on his Uni homepage at https://www.cs.ucr.edu/~zhiyunq/


Uni of London loses attempt to block mobe mast surveyors from Paddington rooftop


The Hilton Metropole just a few hundred meters up the road already has Vodafone (well, it was Clueless and Witless back in the day) assets on the roof - I had a microwave link from there for many years. I would imagine that could target Vodafone HQ as well. So I also guess it's to provide more coverage for the station and Sussex Gardens.

WeWork filed its IPO homework. So we had a look at its small print and... yowser. What has El Reg got itself into?



WeWork do apply for a premises licence for the sale and supply of alcohol at their premises in the UK. The fact that they give it away they still need one for supply.

March 2020: When you lucky, lucky Brits will have a legal right to a minimum of... 10Mbps


Re: Unfair comparison

And significant parts of central London would fail the new pledge. Openreach cabling from some of the older central london exchanges is directly cabled so no green cabinets. And no green cabinets = no FTTC. So a ADSL connection at Oxford Circus will be around 8-12M down and under 1M up. So it's pony up for a proper circuit, consider using 4G or a WISP, or wait around on a sub-optimal ADSL2+ service

UK chip and PIN readers fall ill: Don't switch off that terminal!


Seems like verifone have put up a statement but details are very sparse.


BT will HATE us for this one weird 5G trick


Take a look at China

The principle of using lamp posts for overlay networks is already well established in China, somewhere where the sheer density of devices and demand for bandwidth already outstrips the capacity of the spectrum.

In urban areas and some highways you can see that the two main networks - China Mobile and China Unicom have a box of tricks on alternate lamp posts that offer Wifi with 802.1x network auth or other picocell technology as an alternative backhaul for each networks subscribers.

Govt: Citizens, we know you want 10Mbps. This is the last broadband scheme for that


Re: All well and good but....

All is not well in the metropolis either.

Swathes of Mayfair have the peril of "Exchange Only" lines. This is where cabling from the Exchange to the premise doesn't pass via Green cabinets. And of course this cabling as been around since the early days of PO Telephones and isn't the best. Result: around Oxford Circus and Oxford Street you can either get normal ADSL or a leased line unless there is VM in the street. A small business owner located 50m from Oxford Circus is "enjoying" 6mbps ADSL with no plans for infinity.

So although it's probably not as bad as it might be for those rural hill farmers, it's not exactly great in the places where the general population think it must be great.

Ofcom coverage map: 7/10 – must try harder next time


Coverage? Cover up.

I tend to agree that these OFCOM coverage maps don't bear any relation to what happens in reality.

If they want to do this it really seems that they need to tap into something like rootmetrics, or slap some equipment onto a fleet of delivery vans / Google Streetview cars to actually monitor what the reality is.