* Posts by Richard Boyce

374 posts • joined 8 Aug 2007

Page:

CSI: Xiaomi. Snappy Redmi Note 9 Pro shows every fingerprint, but at least you get bang for your buck

Richard Boyce

Re: The most important feature to mention...

If they're doing one very dodgy thing, it's a prudent assumption that they're doing more. It's reports like yours that help inform my purchasing decisions. Many reviewers, like many consumers, don't care or have the time to care.

I've had one Samsung phone, and privacy and security concerns over what Samsung has done on that, with basic functionality tied needlessly to granting access to contacts, not taking no for an answer, background Samsung processes of unnannounced functionality that you can't uninstall or disable. etc, mean that I'm unlikely to buy another Samsung phone.

I won't buy Apple because of cost. Are there other good brands for those that want basic respect for privacy and security without paying through the nose, and without having to consider replacing the firmware?

Someone got so fed up with GE fridge DRM – yes, fridge DRM – they made a whole website on how to bypass it

Richard Boyce

Reminds me of Linksys owned by Cisco

Cisco decided it was a good idea to use the patch update system of their retail customers' routers to sieze control of them, and make commercial demands of the owners in return for allowing them to configure their property again. After the scandal that erupted, they did a U-turn and sold the Linksys brand. People do remember these things, even years later, as this post shows. Don't treat your customers with disrespect after purchase if you want repeat custom.

Bloke rolls up to KFC drive-thru riding horse-drawn cart only to be told: Neigh

Richard Boyce

Would you want to clear up the horse shit afterwards?

Moore's Law is deader than corduroy bell bottoms. But with a bit of smart coding it's not the end of the road

Richard Boyce

Fundamental problem

Businesses often regard external costs as irrelevant. For example, how much has been wasted by Microsoft because it's cheaper to produce inefficent products when it's the users who are paying for the megawatts of power and waiting for something to happen.

Even within a company, a manager can get rewarded if his department produces something quick and dirty for some other department to use. The costs are coming out of someone else's budget.

More competition helps, but we also need user education to accentuate the negative feedback, especially when mother nature is on the receiving end of planned inefficiency.

Western Digital shingled out in lawsuit for sneaking RAID-unfriendly tech into drives for RAID arrays

Richard Boyce

Silly way to drive customers away

I specified WD Reds for a recent small business 4-drive NAS, having had no problems in the past. I now know the business got SMR drives. It's impractical to replace the working drives until failure. However, when that happens, the replacement drives wll not come from WD. WD are now blacklisted, as far as I'm concerned.

What a stupid way to gift future business to a rival.

NASA renames dark-energy telescope after its first Chief of Astronomy and Mother of Hubble: Nancy Grace Roman

Richard Boyce

Re: "The Coronagraphic Instrument is an exoplanet hunter"

So now we know who created the virus. It was NASA.

I was about to post the above on its own, but there are at least two possible pitfalls:

1. Someone will find the message with Google in the future, say "OMG, it all makes sense", and start sending this message to lots of people who have the same reaction, and it will be all be traced to me. Gulp.

2. Someone will find the message with Google, say "OMG, we're not going to employ this idiot / give this guy a visa".

So for the aforesaid people, this message is a joke. Laugh. Open your mouth and breath out in rapid pulses while making silly noises.

It is unclear why something designed to pump fuel into a car needs an ad-spewing computer strapped to it, but here we are

Richard Boyce

"you probably don’t take any notice of the add for AA or Direct Line"

You noticed enough to recall who the ads were for. Job done.

There's a black hole lurking within 1,000 light years of Earth – and you can see stars circling it with the naked eye

Richard Boyce

Re: Dark Matter

I think black holes have been ruled out as the whole contributor to dark matter. Black holes are concentrations of matter that would produce more gravitational lensing than is noticed, especially inside our own galaxy.

The Great British anti-5G fruitcake Bakeoff: Group hugs, no guns, and David Icke

Richard Boyce

Income

It's easy to laugh at Icke but the poor guy has a serious mental health problem.

What disturbs me the most is that someone making videos with crazy ideas can make a good living using YouTube etc. It encourages sane but ruthless people to spread disinformation to the gullible while laughing all the way to the bank. The damage done is just an externality.

Vietnam alleged to have hacked Chinese organisations in charge of COVID-19 response

Richard Boyce

I'm concerned about the long term consequencies. Poorer contries have lower life expectancies, and we're going to be a lot poorer as we pay back all the money the government has borrowed, plus interest. It was politically impossible to allow a huge peak of infected to overwhelm our health system, and maybe it has saved enough life-years this year to compensate for the reduced life expectancy in the next decade. We'll see.

Zero-click, zero-day flaws in iOS Mail 'exploited to hijack' VIP smartphones. Apple rushes out beta patch

Richard Boyce

Kernal level exploit

These bugs are used in conjunction with a kernal level expliot, but I see no mention of a fix for that level of vulnerability. That would seem to be very important. Does that require more work, or is there a problem with disclosing the nature of that?

COBOL-coding volunteers sought as slammed mainframes slow New Jersey's coronavirus response

Richard Boyce

Not just COBOL

There are probably also old systems still happily running PL/I, which was the main language I used in the 70s and 80s. I'd love to work in that langauge again; it was a very nice and powerful language.

NASA's classic worm logo returns for first all-American trip to ISS in years: Are you a meatball or a squiggly fan?

Richard Boyce

Re: Meatball

The heroism is real but often needless. Uncrewed missions are far cheaper, and deliver more science. Failures may be personal disasters for the people behind the missions, but they'll live to explore another day.

Remember that clinical trial, promoted by President Trump, of a possible COVID-19 cure? So, so, so many questions...

Richard Boyce

Reader beware

Some publications are reputable, but many are just designed to professionally masquerade as such to the unwary. There's no shortage of people willing to pay to promote their quackery in a "prestigous" journal, so the market meets that demand.

Password killer FIDO2 comes bounding into Azure Active Directory hybrid environments

Richard Boyce

Get rid of the commercial middlemen

FIDO is designed to require a commercial middleman. Then there's SQRL, which is (at long last) ready, unencumbered by IP rights, and gives no one secrets to keep. See grc.com/sqrl .

This is now supported by an increasing number of clients and platforms. What is really needed is for a major company to decide that it there is an indirect business benefit to endorse and use such a solution. Word of mouth, technical excellence, and use on private intranets is not sufficient.

Relying on AT&T, Verizon and T-Mob US to protect you from SIM swapping? You better get used to disappointment

Richard Boyce

The weakest link

"SIM-swapping attacks conducted by phone, which represent only 1 per cent of SIM-swapping requests"

Why would a criminal use a different method, when you make it so easy and don't care?

Love T-shirts, but can't be bothered to wash them? We've seen just the thing!

Richard Boyce

On a serious note....

Astronauts need all the help they can get.

I spy, with my little satellite AI, something beginning with 'North American image-analysis code embargo'

Richard Boyce

Ridiculous

It seems to me that any software manufacturer could modify the software it sells faster than the government could modify its restrictions to keep up.

Xbox Series X: Gee thanks, Microsoft! Just what we wanted for Xmas 2020 – a Gateway tower PC

Richard Boyce

Noise

So, how much noise from the cooling system, when it's under full load? Any numbers anywhere?

Stand back, we're going in: The Register rips a 7th-gen ThinkPad X1 Carbon apart. Literally

Richard Boyce

Fingerprints

I read the part about the computer being a fingerprint magnet, and immediately wondered if that made it simpler to break into after stealing. Could you just take a close-up picture and present a mirror image to the reader, or is the security more sophisticated than that?

Absolutely smashing: Musk shows off Tesla's 'bulletproof' low-poly pickup, hilarity ensues

Richard Boyce

I guess the acceleration would likely be limited by the traction of the four wheels in Super-Ridiculous-Destroy-the-Batteries mode.

Richard Boyce

Cost saving?

Did they put the expensive glass only on one side, and then point the car the wrong way?

NASA spanks $34bn on a disposable rocket – likely to top $50bn by 2024 moon landing

Richard Boyce

Re: Disposable

"What better place could there be if you are researching Ebola or another dangerous virus?"

Earth orbit would be better than a lunar base for that. It's cheaper and more expendible. Plus we already have the ISS. I also think that a purpose-built level 4 containment lab on Earth would be better still.

Astroboffins baffled as Curiosity rover takes larger gasps of oxygen in Martian summers

Richard Boyce

Re: Can anyone think of a chemical process?

There was no mention of how the concentration of CO changes during the seasons. That's unstable in the presence of oxygen, which suggests a chemical source for that too, and possibly a related one. I also note that the concentration of CO is lower than that of O2.

Haemoglobin comes to mind. There are a lot of iron compounds in Martial soil. Could there be some naturally-occuring compounds that loosely bind both CO2 and CO, and which are being heated and irradiated with UV to release some oxygen while continuing to bind some CO?

I've had it with these motherflipping eggs on this motherflipping train

Richard Boyce

Re: Pre-chicken?

Actually, from the point of view of the chicken that laid it, it's a post-chicken, the next generation. Now, we could get into a long debate about what came first, but that's for another comment. :)

Don't trust the Trusted Platform Module – it may leak your VPN server's private key (depending on your configuration)

Richard Boyce

Intel "hardware"

When you need monthly security patches for "hardware", something is very, very wrong.

Socket to the energy bill: 5-bed home with stupid number of power outlets leaves us asking... why?

Richard Boyce

Mains gangs or wall sockets

I suspect many families have quite a few mains gangs in the living toom. Those can be positioned close to the devices, and are usually less visible on the floor. So, it's not really the number of sockets, it's the visibility and immobility of them that's the main issue, especially for those who hate the sight of cables.

Running on Intel? If you want security, disable hyper-threading, says Linux kernel maintainer

Richard Boyce

Re: Buying Intel

That's not scary, it's annoying. Big difference. A fix is also being distributed.

Richard Boyce

Buying Intel

Is it time, or past time, to fire people for buying Intel?

Europe's digital identity system needs patching after can_we_trust_this function call ignored

Richard Boyce

Why the change?

The flaw seems to be in a critical part of the system. If the flaw wasn't present a year ago, how did it get introduced? Was there a significant change in the spec that required this part of the system to be changed?

We can go our own Huawei! Arm says it can flog chip blueprints to Chinese giant despite US trade embargo

Richard Boyce

Applying sanctions is costly to both sides

So I guess ARM will be making very sure that they exclude US input from future efforts, even if US sanctions are lifted. They won't be the only ones.

Hundreds charged in internet's biggest child-abuse swap-shop site bust: IP addy leak led cops to sys-op's home

Richard Boyce

Blaming the tools

I'm glad that these people have been caught. Despite the bluster about the size of the operation, I suspect it was just a tip of an evil iceberg.

However, blaming Tor and Bitcoin is just blaming useful tools that the accusers have yet to make use of themselves, or cynically, because they know that the majority of listeners have yet to do so. The same people might have blamed the Internet a few years ago.

Virtual inanity: Solution to Irish border requires data and tech not yet available, MPs told

Richard Boyce

Re: An interactive map of the border

Is there a danger that organised crime gangs from the two communities will start fighting over control over smuggling? Could that lead to the Troubles V2?

Talk about a calculated RISC: If you think you can do a better job than Arm at designing CPUs, now's your chance

Richard Boyce

Re: "I did not know that ARM actually prohibited adding instructions"

I guess you could add instructions that have to be used by each thread, to prove authorisation. Any use of the processor by unauthorised code would then be detectable.

Switch about to get real: Openreach bod on the challenge of shuttering UK's copper phone lines

Richard Boyce

Re: Minor technical nitpick

Well, below that individual electrons. You might call that digital, in a weird quantum way.

I guess whether it's digital depends on the resolution of the sensors. It's functionally digital if you are able to detect increments; if you're reading instead of just measuring.

Rolling in DoH: Chrome 78 to experiment with DNS-over-HTTPS – hot on the heels of Firefox

Richard Boyce

They'd be crazy to bypass the hosts file, so I think we can assume they won't.

Anatomy of an attack: How Coinbase was targeted with emails booby-trapped with Firefox zero-days

Richard Boyce

Re: Discovered 'simoultaneosly', or leaked?

I imagine that Project Zero are required to report their findings to other people/groups and need permission from those others to do anything with what they've found. In which case, there's plenty of scope for insecurity.

Former UK PM Tony Blair urges governments to sort out online ID

Richard Boyce

Re: SQRL

There is nothing to stop a SQRL user from providing other information such as name and address. When a government agency has this info, and has tied it to a SQRL public key, noone else can readily impersonate the user.

Richard Boyce

SQRL

SQRL is a decentralised authentication system that has now, after five years, reached the point where it's ready for widespread use. It trusts no government, no commercial interest, and gives the websites that use it for authentication no secrets to keep. It is not encumbered by IP rights. There is a reference client for Windows, and clients for other platforms. There is also a SQRL server API that can be used by existing websites to quickly add support. This should make FIDO dead in the water.

Details at sqrl dot grc dot com .

RIP Dyn Dynamic DNS :'( Oracle to end Dyn-asty by axing freshly gobbled services, shoving customers into its cloud

Richard Boyce

FreeDNS

My simple needs have been reliably met by FreeDNS (https://freedns.afraid.org) for many years.

Must watch: GE's smart light bulb reset process is a masterpiece... of modern techno-insanity

Richard Boyce

Re: They missed the obvious fucking solution

Apart from the fact that not everyone uses a screw fitting, you also have to consider that the bulb will have to remember without power that it has already reset itself, and you might want to reset that. The article's suggestion of electrocuting yourself with a paper clip is another good solution.

Frontiersman Cray snags $50m storage contract for 'largest single filesystem'

Richard Boyce

I like it...

but I think I'll wait until there's a buy one, get one free offer.

Own goal: $280,000 GDPR fine for soccer app that snooped on fans' phone mics to snare pub telly pirates

Richard Boyce

Re: Data Spoof

So many so-called privacy policies say at the begining that they will never take or sell any personal data without your permission. Many, many pages later, it will say that by using their software/service you're giving them permission to do anything they wish. That sort of professional dishonesty is still standard in many jurisdictions.

US Air Force probes targeted malware attack, blames... er, the US Navy? What?

Richard Boyce

Active emails

It's not unusual to recieve emails that attempt to download all or part of their content from a remote server, which implicitly gets to see all the IP addresses of the recipients, and to record the time when the email was read.

It's always good security and privacy practice to only use the plain text content of emails and to disable the fetching of new content.

'Nigerian princes' snatch billions from Western biz via fake email – Interpol

Richard Boyce

Re: Let's give them a hand

Our local police do this too. Google now treats their emails as spam.

One-time Mars InSight Lander engineer scores $1.5m redress over whistleblower sacking

Richard Boyce

Costs?

I imagine the legal costs were substantial. Did the plaintiff have to pay any of those costs?

NASA boffins show Moon water supply could – er, this can't be right? – come from the Sun

Richard Boyce

The numbers

The numbers are everything and, unfortunately, this article doesn't give us any.

We've had lunar rocks brought to Earth to study, so I would be surprised if we didn't have a pretty good idea about the level of hydration in the common minerals in areas that are exposed to sunlight, at least close to the surface. Perhaps a dedicated drilling mission would throw up some surprises. It would be fortunate if there were usable quantities of water in areas other than the poles.

Core blimey... When is an AMD CPU core not a CPU core? It's now up to a jury of 12 to decide

Richard Boyce

Recent security lessons

Aren't we now running processors that have had to be hobbled because of the resources they intimately share? Are the people who paid extra for hyperthreading and similar still getting the benchmarks they paid for?

Fake broadband ISP support scammers accidentally cough up IP address to Deadpool in card phish gone wrong

Richard Boyce

Re: Useful telephone number.

Better to direct them to your MP's home number.

DNAaaahahaha: Twins' 23andMe, Ancestry, etc genetic tests vary wildly, surprising no one

Richard Boyce

Re: Boffins or Bafoons?

I gave you a thumbs up because you're making people think and raising quality standards by playing devil's advocate.

If a lawyer defends a well-known criminal, the lawyer may strongly suspect that his/her client is guilty, but it would be in *everyone's* interest that the evidence be tested very carefully.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020