* Posts by john.jones.name

166 posts • joined 1 Aug 2017


Arm, Vodafone flex their muscles to show Cisco they’re fighting fit on the edge


would that be a 16 core machine ?


16 Cortex-A72 CPU cores, running up to 2.2GHz

18MB cache/on-chip memory

Up to 16 Ethernet ports

Supported Ethernet speeds include 1, 2.5, 10, 25, 40, 50, and 100 gigabits per second

114Gbps Layer 2 Ethernet switch

Up to 24 PCIe Gen3 lanes, supporting ports as wide as x8

50Gbps security accelerator

100Gbps data compression/decompression engine

University of Cambridge to decommission its homegrown email service Hermes in favour of Microsoft Exchange Online


Re: less than ideal

There are no T&C's on the William Gates Building stop being provocative and spreading misinformation

The mail being delivered solely through Microsoft networks is an issue.


less than ideal

Security wise it would be less than ideal if they transitioned all their MX records to exchange online, some dept's would have T&C's they could not use i.e. software security research into vulnerability of Microsoft products means data can be compromised when flowing through Microsoft's network...

plus Microsoft while it has said they will support DANE for some office365 they have not committed for all which would disavow some grant applications while Exim has supported that option for years.

All of Cambridge's email data transmission would flow through Microsoft and they can use that Meta Data... if you think adverts targeting you are creepy...

Bored binge-watchers bork beleaguered broadband by blasting bandwidth: Global average speeds down 6.31%


data from measurement lab

The actual data came from measurement lab and is open for anyone you don't need to use their report

you can test yourself here :


its actually interesting to see what people get

the data is actually here with a map already :


John Jones

Barclays Bank appeared to be using the Wayback Machine as a 'CDN' for some Javascript



Adding to Barclays issues list:

1/ Servers allow client-initiated renegotiation (DOS risk)

2/ http://Barclays.co.uk not DNSSEC signed (MitM allowed)

3/ Use messagelabs and Agari so USA get all messages

(most industries need not care but when your a bank it is a bad thing)

Working from home on Virgin Media's broadband? Too bad. Outage hits English capital


actually you pay for it

yes the upgrade might be risky but the reward is you can sell a higher bandwidth package... thats how it works... people vote with their wallets

personally I would prefer if ISP's would charge the contract owner if they got notified of bad traffic just like they do with corporate contracts.

that would force people to actually put some effort into not have infected virus laden machines lingering on their home wifi and incentivize people

having a network that supports things like DNSSEC and IPv6 would be useful not only for scalability but for network admins helping the end user track down which machine was the problem & billing, much like mobile networks do now (most mobile networks are IPv6 )

There are DDoS attacks, then there's this 809 million packet-per-second tsunami Akamai says it just caught


Solution, Billing = $

Quite easy

Bill the endpoint

This incentivizes both the ISP and the End User

The ISP can do it easily enough within the existing T&C's because their was "effort" to process the IP logs, say $10 which is waived instantly if they phone/email and declare they have cleaned up their network/PC/router

That would be attractive to the ISP (sicne people are lazy they get to keep a portion) and reward people who take care... (while educating people to the cost)

honestly I don't know why they don't do it...

Electronic health records firm Epic Bristol bags £454m in UK deals as creaking care sector chases digital transformation


another closed system with no upgrade path

whoever was on the pannel should be taken out and given some tea because clearly they cant be sane

A 2014 report by the RAND Corporation described Epic as a "closed" platform that made it "challenging and costly for hospitals" to interconnect with the clinical or billing software of other companies.[18] The report also cited other research showing that Epic's implementation in the Kaiser Permanente system led to efficiency losses.

does it link to anything else without costly "variations" ?

good luck

Australia's contact-tracing app still basically borked on iOS, says new bug report – and GAPPLE API version tested


Re: some tech journalism please

actually I rather like someone in the tech press actually following up on stories

(I used to call it journalism/professionalism)

if your actually interested in the background I suggest you research using the information in the article as a starting point, that's what I did and found this :

COVIDSafe's new payload encryption scheme :


Scottish cops dangle £6m for help understanding 160TB treasure trove of structured and unstructured data


a single rack

not exactly a data lake if your requirements is a single rack of storage and CPU even if data doubles this is not high amounts of data infact do they not have camera's in those police cars ?

An Internet of Trouble lies ahead as root certificates begin to expire en masse, warns security researcher


start using DANE and CA if you must

honestly yes many systems use a certification authority and its time to move on to a DNS based system where you can choose your CA (self signed or with a CA) it also nicely describes what legal system ( jurisdiction ) applies, .uk or .de


easy to deploy today with your existing certificate with usefulness for SMTP and in the future HTTPS

British Army pulls up its SOC: New regiment to do infosec work even civvies will recognise


sort out STIX and DNSSEC

Can they please sort out DNSSEC deployment so that devices can actually verify the host names of what they are connecting to ?

Namesco email 'scripting error' has last bastion of Demon Internet holdouts scratching their heads


buy a real domain or/and use https://mailbox.org

I miss demon internet... move yourself to your own domain and maybe use https://mailbox.org a secure hosting company

Had a bad weekend? Probably, if you're a Sectigo customer, after root cert expires and online chaos ensues


TLS cert in DNS -> DANE

"integrate the CA functionality into their external DNS server"

you can do that now with DANE for example backward compatible for browsers :



the whole ecosystem is clownish becuase of Certification Authority (CA)

honestly depending on where your certification authority (CA) is located is where the law applies and what help legally they can be compelled to provide...

personally I would prefer a system that is tied to DNS so that you know what law applies...

Coronavirus didn't hurt UK broadband speeds in March. Call of Duty: Modern Warfare, on the other hand...


beliving the operators...

the stats come from BT and Virgin media routers... and I would bet not a entirely random sample nor include any outliers

personally I would have more faith on the tests here :


what your experience of the above independent speed test ?

Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm 'hack'



wonder if they have insurance... at least malpractice... details might well be in the breach material which means they know exactly how much to ask for...

Australian contact-tracing app sent no data to contact-tracers for at least ten days after hurried launch


its done now and not in a good way... they break the GPL


see comments

Fancy some post-weekend reading? How's this for a potboiler: The source code for UK, Australia's coronavirus contact-tracing apps


Re: Australian Gov legal team can not read it seems

True for a license, but not for copyright... Australian Gov claim Copyright.

(they could transfer ownership and then license it back to Singapore... I do not see it... they messed up)


Australian Gov legal team can not read it seems

honestly I dont think Australian government legal team have a clue what they are doing...

They released the source code and although they copied from the opentrace repo (Singapore gov funded) which is under GNU General Public License v3.0

(Section 2 of GPL says that modified versions you distribute must be licensed to all third parties under the GPL.)

The Australian gov dept tried to license it under a new license and claim copyright... which is not how this works...

Incompetent legal dept would be a nice way of putting it...

I also love that they "archived" the github versions... no issues can be filed...

In a Australian gov public hearing the dept also refused to acknowledge that AWS could be (and very likely already is on regular basis) forced to hand over data based on United states courts (United States Foreign Intelligence Surveillance Court FISC, also called the FISA Court) the Australian Attorney General office cited that the advice was confidential (again rather petty and silly).

The only way they can turn this around is to pivot to using the Apple/Google decentralised model and say the app was a placeholder, trying things out... wipe most of the current data in the store and start distributing the list of tested confirmed codes that people can check securely on the phone uploaded by the health Dept after they confirm things with the individual via a medical diagnostic test (which is open to anyone now).

hell to really right their wrongs the best way would to host the data on secure Australian servers by an Australian company or Gov Dept.

Australia's contact-tracing app regulation avoids 'woolly' principles in comparable cyber-laws, say lawyers


"experts" should be ashamed

Honestly this goes to show how clueless or double standards people like cannon brookes are...

First of all No DNS security... what does that mean ?

DNSSEC would be part of the way to prevent middle box's at schools/gov depts etc from intercepting traffic CovidSafe app has No protection.

(you can host your domain on a DNSSEC aware Name server and still use AWS)

Secondly No TLS cert declaration... what does that mean ?

Things like HSTS mean that putting a TLS proxy would be harder to intercept, Manipulate and account for CovidSafe. The app has NO protection.

(this is basic webserver security that high school students are capable of)

Thirdly it does not work in the background for at least 40% of the Australian population.... what does that mean?

iPhone etc do not allow the gov or anyone for that matter to broadcast in the background so you have to use the Apple API to broadcast continuously, there are several privacy preserving app's that do that however they are not deployed yet as Apple/Google is not active yet... Australian Gov pushed ahead anyway while the German gov went with a private approach... https://github.com/DP-3T/documents

Honestly I want them to do this right so I hope they fix the errors in server infrastructure deployment and change the app to use matching on the client rather than server. The App can still request data from users but it should not be the default or required for the app to work.

Glossing over errors is not helpful, maybe, just maybe Australians deserve better and our leaders will deliver in the future because the "tech billionaires" are not helpful.


John Jones

You have one job, Australian PM tells contact-tracing app, and that’s talking to medicos


Australian Gov

while all the above on Scotty from marketing is true one thing that this Covid-19 era has prompted :

The Prime Minister of Australia now Listens and refers to actual science and qualified people in press briefing...

That would have been unheard of previously... simply by doing that he's gone up in a lot of peoples estimations...

All they have to do to gain trust is open source the app and make the database of ephemeral ID's under the control of the health department (which it has to be since they are going to be the ones allowing the upload from a infected person (prevention of false positives) then signing the download to your device )

If they adopt the Apple/Google API (which they have to otherwise they loose 50% of the population target of phones without which it becomes increasing irrelevant) then they have to use it in that manor they just cant do it any other way...

it's if they open source it to prove they did not screw up other parts along the way which would be the interesting thing...

also if it was open source then to be honest I would use it, although I have very little trust in this government at least I could see how it was working myself.

This hurts a ton-80: British darts champ knocked out of home tourney by lousy internet connection


here's something to do :

instead of everyone just moaning here is a couple of constructive things to do :

Do a speed test that instead of your data being sold is freely available to researchers and anonymized (they do keep your IP like every webpage you visit at least they acknowledge it) :


test and Complain to ofcom :


if you can’t get a download speed of 10 Mbit/s and an upload speed of 1 Mbit/s,

TEST ABOVE ON THE TWO SPEED TESTS you can request an upgraded connection. You can make this request to BT, or to KCOM if you live in the Hull area. You do not need to be an existing customer of BT or KCOM to apply.


Microsoft finds itself in odd position of sparing elderly, insecure protocols: Grants stay of execution to TLS 1.0, 1.1


burning CPU and bandwidth with old protocols - think of the enviroment

why someone like Microsoft doesn't simply disable the old protocols across their own server environment I don't know...

if your seeking information keep it plain http everything else submission of forms and login etc then https modern... this would reduce CPU and if your running farms of servers this is significant in terms of cost i.e. power

Get in the C: Raspberry Pi 4 can handle a wider range of USB adapters thanks to revised design's silent arrival



multiple power rails are the solution to this problem and most professional designs use them...

the raspberry Pi should have its own input seperate from the power to the peripherals but hey lets not let good engineering practice get in the way of complaining

raspberry pi trading finally applied the standard to their product... I wonder if they tested it using the apple store across the road...

'Windows Vista' spotted doing a whoopsie over EE's signage


Re: Why use Windows - outsourcing


ironically the reason that teamviewer has had problems is that it cant contact the teamviewer server


the issue is connectivity - it has none... I'm going to bet EE is the problem

Google's OpenSK lets you BYOSK – burn your own security key


only good if you carry one... watch ?

WHY cant we have this on the iWatch apple ?

if they care about security then why do mac people have to use third party app's for industry standard security keys ?

the iWatch has bluetooth and NFC but they are hobbled in the name of security... yet Apple does not provide for real standard security...

InLinkUK collapse: Ad market, planning woes, £20m debt and drug dealers using booths to blame, say admins


small cell...

well others have been deploying small GSM cell's into their phone box's... 5G here we come...

any of the phone companies with phone box's still left well have now become an asset !

(previously companies like telstra used them to build out a Wifi network but GSM cell is much more lucrative as avoids nasty planning permissions since they are usually in places where people want phone reception and its hard to provide it)

advertising via radio waves....

What is WebAssembly? And can you really compile C/C++ to it? And it'll run in browsers? Allow us to explain in this gentle introduction


security security security

choose one...

they are going to end up fighting about path formats the same way libc implementations have...

call me when they figure out how to load resources via HTTPS with DNSSEC and a SRI hash

This is also a system for GPs, right? UK doctors seek clarity over Health dept's £40m single sign-on funding


WTF are they doing ?

basically all the vendors should either be given a carrot (money) or stick (fined/no procurement) to have all the app's all use the same SSO

Maybe they should look at what the JISC built for all the Uni's in England : https://openathens.org/single-sign-on/

Updated your WordPress plugins lately? Here are 320,000 auth-bypassing reasons why you should


security as default

I wish wordpress would include better security:


DNSSEC checks




it really is not that hard to fold into the core

World's richest bloke battles Oz catastro-fire with incredible AU$1m donation (aka load of cheap greenwashing)


Re: Nothing new

kidman was the same as bezos, all talk no donation but at least he had to pay tax...

how about you never charge the fire service for their AWS usage ? oh yeah thats what I thought...

LG announces bold new plan for financial salvation: Trying to actually make phones people want to buy



honestly LG you own the premier battery chemistry

make a Flip phone with 3x21700 user replaceable batteries in it out of metal (case) with a SD card and large android touch screen (as well as the physical keypad )

you could afford some great camera's on it as well... it would only have to be 4G

I know it would be HUGE in every way but honestly if it would last a week and people could treat it badly it would sell bucket loads

your welcome

John Jones

Cisco slips on a Tolkien ring: One chip design to rule them all, one design to find them. One design to bring them all...


great single source...

why would I pay cisco when they cant ship high bandwidth designs now in the future ?

Ericsson, Nokia and Infinera are shipping SDN like products now and thats what customers want...

Forget sharks with lasers, NASA kits out an elephant seal with a sensor-studded skullcap


they use a french satellite system

NASA have no system to track animals or weather globally...

ironic really

This week, we give thanks to Fortinet for reminding us what awful crypto with hardcoded keys looks like


fortinet did nothing for 6 months !

take a look at the timeline... they had to hassle them on twitter and even then it took a conf call to convince them they should do something...

NOT good fortinet... you have lowered your reputation considerably by not responding promptly...

Here's a starter for 10 on smartphones: Who grew in Q3? A) Everyone. B) Asian vendors. C) Apple



actually it will be the camera that changes things...

while most people think they are "good enough" once they see photo's from a penta pixel camera with a good ISP then things change...

( for example a 108 MP (7P lens), f/1.7, 25mm (wide), 1/1.33", 0.8µm, PDAF, Laser AF, OIS)

Samsung knows it and has invested the right way in my opinion by selling the camera sensor to other manufacturers who deal primarily in the largest smartphone markets Sony had better watch out !

8k video with 360 ability in a phone would be a nice selling point and would stop people turning phones around... you just need a front facing 34 Megapixel the same for the back and some nice software...

Xerox: Prepare to say cyan-ara, HP Inc. We're no paper tiger. We're really very serious about that hostile takeover



it is no-longer "a persons" company. Facebook is not Zuckerberg's company...

sorry thats VERY misinformed

in the case of Facebook it has a DUAL class share holding... same for Google

Bob Pisani at CNBC estimated earlier this year that Zuckerberg and the group of insiders control almost 70 percent of all voting shares in Facebook. Zuckerberg alone controls about 60 percent.

for google it has dual-class structure that included class B stock with 10 votes per share for existing investors, and class A stock with one vote per share for the public so guess who controls google...

the same can be said of companies like VW in germany where the workers union has a "golden ticket" so no matter what happens they get an outsized say in what happens

ALWAYS look at the class of share your getting...

London has decent 5G availability but speeds lag behind Birmingham and Cardiff – research


network speed to locations outside their networks

great scott you want to access networks and such that are not located on EE and Vodafone ?

these pitiful speeds are to resources inside and close to the networks at EE and Vodafone which mean exactly NOTHING try accessing real world resources that actually CONSUME BACKHAUL bandwidth and this will be a very different number I'll bet

until someone actually does decent testing i.e. a good methodology then I will pass, if they show 100Mbps on a train ride / Commute to actual networks then I'll pay them money...

Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol



the problem is that end point (slab or phone or actual so called personal computer ) mostly have terrible resolvers which on a PC is most often down to Microsoft

So firefox decided to bypass the system (in the USA) and setup a TLS connection to cloudflare and send all the traffic to them (effectively over a SSL tunnel).

the BOFH who setup all those internal websites was none to pleased since support calls came in...

the BOFH who monitored for p0rn was none to pleased when everyone bypassed the controls...

solution from networking types was use a standard DoT which phones work with(modern android and MDM'd iPhones)... and respect the BOFH while still giving privacy if the BOFH allowed it... which they wont but then they will block DoH anyway via fancy DPI so that solves nothing either

my issue is that NONE of this infrastructure actually verified the answers they are getting.. how dumb is that ?


Microsoft realise that they have to do some engineering on their resolver I hope they realise verification is important...

Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it?


speed test

they ship with a speed test built in... that pretty much gives the game away...

Open wide, very wide: Xerox considers buying HP. Yes, the HP that is more than three times its market cap


they had unions

Porsche was making its profits based on Volkswagen shares then the unions woke up and realised they had Volkswagen golden shares...

all a little different primarily because of unions, of which HP and xerox don't have those shareholdings

Xerox could easily get this done on a financial level however the competition watchdogs would understand printing and there is no way the EU would let it happen without heavy concessions which they are not going to make...

easy way would be for HP to say YES put your money in escrow and we want a break up fee...

HP SHAREHOLDER get deal breakup fee and increase in stock price !!! awesome job...

Antarctic researchers send an SOS to the world: Who wrote this message in a bottle?


oh come on

all they had to do was xray it... they are on a ship with a full medical bay and sonar operators...

Revealed: The new icon you'll click to download an alternative browser, and more from Microsoft



phone screen ?

has microsoft discovered VNC for android does not need bluetooth ?

truly scary

ProtonMail shoves its iOS app's source code on GitHub for world+dog to rummage around in


its a service...

they publish a lot of source https://github.com/ProtonMail

it's a service so in the end you have to trust them to do the right thing...

I was impressed that they actually updated to include DANE records not so long ago so at least you can tell when they are MITM

Mobile operators to be stung for 10% of annual turnover if coverage falls short, digital sec warns


Re: Toothless

exactly... completely pointless

the only people who have any chance are those who still ironically have a public phone box still...

those make exceptional nano broadcast towers...

ironic after BT desperation in pulling them all out...

john jones

Mysterious botched code upgrade breaks voicemail for unlucky AT&T punters for weeks


emergency services / first responders ?

do any emergency services have AT&T voicemail ? (they do) I wonder if they tested them (not sure)

It's Orphan Data in Backup Hell: No, it's not a Netflix series about storage admins...


Re: Enter Mickey Mouse..

spot on, banks/business care about recovery and vmware has some of the answers... which is enough for sales people...

Bezos DDoS'd: Amazon Web Services' DNS systems knackered by hours-long cyber-attack


no dns security this is what happens

if salesforce can manage to sort out DNSSEC why cant AWS ?



Biting the hand that feeds IT © 1998–2020