TLS cert in DNS -> DANE
"integrate the CA functionality into their external DNS server"
you can do that now with DANE for example backward compatible for browsers :
Posts by john.jones.name
152 posts • joined 1 Aug 2017
Had a bad weekend? Probably, if you're a Sectigo customer, after root cert expires and online chaos ensues
Tuesday 2nd June 2020 06:55 GMT 
the whole ecosystem is clownish becuase of Certification Authority (CA)
honestly depending on where your certification authority (CA) is located is where the law applies and what help legally they can be compelled to provide...
personally I would prefer a system that is tied to DNS so that you know what law applies...
Coronavirus didn't hurt UK broadband speeds in March. Call of Duty: Modern Warfare, on the other hand...
Thursday 14th May 2020 10:06 GMT
beliving the operators...
the stats come from BT and Virgin media routers... and I would bet not a entirely random sample nor include any outliers
personally I would have more faith on the tests here :
https://speed.measurementlab.net/
what your experience of the above independent speed test ?
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm 'hack'
Australian contact-tracing app sent no data to contact-tracers for at least ten days after hurried launch
Tuesday 12th May 2020 05:12 GMT
its done now and not in a good way... they break the GPL
https://www.theregister.co.uk/2020/05/09/coronavirus_tracing_app_source_code/
see comments
Fancy some post-weekend reading? How's this for a potboiler: The source code for UK, Australia's coronavirus contact-tracing apps
Saturday 9th May 2020 04:45 GMT 
Australian Gov legal team can not read it seems
honestly I dont think Australian government legal team have a clue what they are doing...
They released the source code and although they copied from the opentrace repo (Singapore gov funded) which is under GNU General Public License v3.0
(Section 2 of GPL says that modified versions you distribute must be licensed to all third parties under the GPL.)
The Australian gov dept tried to license it under a new license and claim copyright... which is not how this works...
Incompetent legal dept would be a nice way of putting it...
I also love that they "archived" the github versions... no issues can be filed...
In a Australian gov public hearing the dept also refused to acknowledge that AWS could be (and very likely already is on regular basis) forced to hand over data based on United states courts (United States Foreign Intelligence Surveillance Court FISC, also called the FISA Court) the Australian Attorney General office cited that the advice was confidential (again rather petty and silly).
The only way they can turn this around is to pivot to using the Apple/Google decentralised model and say the app was a placeholder, trying things out... wipe most of the current data in the store and start distributing the list of tested confirmed codes that people can check securely on the phone uploaded by the health Dept after they confirm things with the individual via a medical diagnostic test (which is open to anyone now).
hell to really right their wrongs the best way would to host the data on secure Australian servers by an Australian company or Gov Dept.
Australia's contact-tracing app regulation avoids 'woolly' principles in comparable cyber-laws, say lawyers
Monday 27th April 2020 02:29 GMT
"experts" should be ashamed
Honestly this goes to show how clueless or double standards people like cannon brookes are...
First of all No DNS security... what does that mean ?
DNSSEC would be part of the way to prevent middle box's at schools/gov depts etc from intercepting traffic CovidSafe app has No protection.
(you can host your domain on a DNSSEC aware Name server and still use AWS)
Secondly No TLS cert declaration... what does that mean ?
Things like HSTS mean that putting a TLS proxy would be harder to intercept, Manipulate and account for CovidSafe. The app has NO protection.
(this is basic webserver security that high school students are capable of)
Thirdly it does not work in the background for at least 40% of the Australian population.... what does that mean?
iPhone etc do not allow the gov or anyone for that matter to broadcast in the background so you have to use the Apple API to broadcast continuously, there are several privacy preserving app's that do that however they are not deployed yet as Apple/Google is not active yet... Australian Gov pushed ahead anyway while the German gov went with a private approach... https://github.com/DP-3T/documents
Honestly I want them to do this right so I hope they fix the errors in server infrastructure deployment and change the app to use matching on the client rather than server. The App can still request data from users but it should not be the default or required for the app to work.
Glossing over errors is not helpful, maybe, just maybe Australians deserve better and our leaders will deliver in the future because the "tech billionaires" are not helpful.
Regards
John Jones
You have one job, Australian PM tells contact-tracing app, and that’s talking to medicos
Thursday 23rd April 2020 09:55 GMT
Australian Gov
while all the above on Scotty from marketing is true one thing that this Covid-19 era has prompted :
The Prime Minister of Australia now Listens and refers to actual science and qualified people in press briefing...
That would have been unheard of previously... simply by doing that he's gone up in a lot of peoples estimations...
All they have to do to gain trust is open source the app and make the database of ephemeral ID's under the control of the health department (which it has to be since they are going to be the ones allowing the upload from a infected person (prevention of false positives) then signing the download to your device )
If they adopt the Apple/Google API (which they have to otherwise they loose 50% of the population target of phones without which it becomes increasing irrelevant) then they have to use it in that manor they just cant do it any other way...
it's if they open source it to prove they did not screw up other parts along the way which would be the interesting thing...
also if it was open source then to be honest I would use it, although I have very little trust in this government at least I could see how it was working myself.
This hurts a ton-80: British darts champ knocked out of home tourney by lousy internet connection
Sunday 19th April 2020 02:14 GMT
here's something to do :
instead of everyone just moaning here is a couple of constructive things to do :
Do a speed test that instead of your data being sold is freely available to researchers and anonymized (they do keep your IP like every webpage you visit at least they acknowledge it) :
https://speed.measurementlab.net/
test and Complain to ofcom :
https://checker.ofcom.org.uk/broadband-test
if you can’t get a download speed of 10 Mbit/s and an upload speed of 1 Mbit/s,
TEST ABOVE ON THE TWO SPEED TESTS you can request an upgraded connection. You can make this request to BT, or to KCOM if you live in the Hull area. You do not need to be an existing customer of BT or KCOM to apply.
Microsoft finds itself in odd position of sparing elderly, insecure protocols: Grants stay of execution to TLS 1.0, 1.1
Thursday 2nd April 2020 05:20 GMT
burning CPU and bandwidth with old protocols - think of the enviroment
why someone like Microsoft doesn't simply disable the old protocols across their own server environment I don't know...
if your seeking information keep it plain http everything else submission of forms and login etc then https modern... this would reduce CPU and if your running farms of servers this is significant in terms of cost i.e. power
Get in the C: Raspberry Pi 4 can handle a wider range of USB adapters thanks to revised design's silent arrival
Monday 24th February 2020 04:50 GMT
POWER RAIL...
multiple power rails are the solution to this problem and most professional designs use them...
the raspberry Pi should have its own input seperate from the power to the peripherals but hey lets not let good engineering practice get in the way of complaining
raspberry pi trading finally applied the standard to their product... I wonder if they tested it using the apple store across the road...
'Windows Vista' spotted doing a whoopsie over EE's signage
Google's OpenSK lets you BYOSK – burn your own security key
Tuesday 4th February 2020 12:30 GMT
only good if you carry one... watch ?
WHY cant we have this on the iWatch apple ?
if they care about security then why do mac people have to use third party app's for industry standard security keys ?
the iWatch has bluetooth and NFC but they are hobbled in the name of security... yet Apple does not provide for real standard security...
InLinkUK collapse: Ad market, planning woes, £20m debt and drug dealers using booths to blame, say admins
Saturday 1st February 2020 02:24 GMT
small cell...
well others have been deploying small GSM cell's into their phone box's... 5G here we come...
any of the phone companies with phone box's still left well have now become an asset !
(previously companies like telstra used them to build out a Wifi network but GSM cell is much more lucrative as avoids nasty planning permissions since they are usually in places where people want phone reception and its hard to provide it)
advertising via radio waves....
What is WebAssembly? And can you really compile C/C++ to it? And it'll run in browsers? Allow us to explain in this gentle introduction
This is also a system for GPs, right? UK doctors seek clarity over Health dept's £40m single sign-on funding
Updated your WordPress plugins lately? Here are 320,000 auth-bypassing reasons why you should
World's richest bloke battles Oz catastro-fire with incredible AU$1m donation (aka load of cheap greenwashing)
LG announces bold new plan for financial salvation: Trying to actually make phones people want to buy
Friday 10th January 2020 04:14 GMT
HUGE BATTERY FLIP PHONE
honestly LG you own the premier battery chemistry
make a Flip phone with 3x21700 user replaceable batteries in it out of metal (case) with a SD card and large android touch screen (as well as the physical keypad )
you could afford some great camera's on it as well... it would only have to be 4G
I know it would be HUGE in every way but honestly if it would last a week and people could treat it badly it would sell bucket loads
your welcome
John Jones
Cisco slips on a Tolkien ring: One chip design to rule them all, one design to find them. One design to bring them all...
Forget sharks with lasers, NASA kits out an elephant seal with a sensor-studded skullcap
This week, we give thanks to Fortinet for reminding us what awful crypto with hardcoded keys looks like
Here's a starter for 10 on smartphones: Who grew in Q3? A) Everyone. B) Asian vendors. C) Apple
Wednesday 27th November 2019 02:44 GMT
camera...
actually it will be the camera that changes things...
while most people think they are "good enough" once they see photo's from a penta pixel camera with a good ISP then things change...
( for example a 108 MP (7P lens), f/1.7, 25mm (wide), 1/1.33", 0.8µm, PDAF, Laser AF, OIS)
Samsung knows it and has invested the right way in my opinion by selling the camera sensor to other manufacturers who deal primarily in the largest smartphone markets Sony had better watch out !
8k video with 360 ability in a phone would be a nice selling point and would stop people turning phones around... you just need a front facing 34 Megapixel the same for the back and some nice software...
Xerox: Prepare to say cyan-ara, HP Inc. We're no paper tiger. We're really very serious about that hostile takeover
Wednesday 27th November 2019 02:21 GMT
actually
it is no-longer "a persons" company. Facebook is not Zuckerberg's company...
sorry thats VERY misinformed
in the case of Facebook it has a DUAL class share holding... same for Google
Bob Pisani at CNBC estimated earlier this year that Zuckerberg and the group of insiders control almost 70 percent of all voting shares in Facebook. Zuckerberg alone controls about 60 percent.
for google it has dual-class structure that included class B stock with 10 votes per share for existing investors, and class A stock with one vote per share for the public so guess who controls google...
the same can be said of companies like VW in germany where the workers union has a "golden ticket" so no matter what happens they get an outsized say in what happens
ALWAYS look at the class of share your getting...
London has decent 5G availability but speeds lag behind Birmingham and Cardiff – research
Tuesday 19th November 2019 13:14 GMT 
network speed to locations outside their networks
great scott you want to access networks and such that are not located on EE and Vodafone ?
these pitiful speeds are to resources inside and close to the networks at EE and Vodafone which mean exactly NOTHING try accessing real world resources that actually CONSUME BACKHAUL bandwidth and this will be a very different number I'll bet
until someone actually does decent testing i.e. a good methodology then I will pass, if they show 100Mbps on a train ride / Commute to actual networks then I'll pay them money...
Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol
Tuesday 19th November 2019 12:42 GMT
exactly
the problem is that end point (slab or phone or actual so called personal computer ) mostly have terrible resolvers which on a PC is most often down to Microsoft
So firefox decided to bypass the system (in the USA) and setup a TLS connection to cloudflare and send all the traffic to them (effectively over a SSL tunnel).
the BOFH who setup all those internal websites was none to pleased since support calls came in...
the BOFH who monitored for p0rn was none to pleased when everyone bypassed the controls...
solution from networking types was use a standard DoT which phones work with(modern android and MDM'd iPhones)... and respect the BOFH while still giving privacy if the BOFH allowed it... which they wont but then they will block DoH anyway via fancy DPI so that solves nothing either
my issue is that NONE of this infrastructure actually verified the answers they are getting.. how dumb is that ?
VERY
Microsoft realise that they have to do some engineering on their resolver I hope they realise verification is important...
Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it?
Open wide, very wide: Xerox considers buying HP. Yes, the HP that is more than three times its market cap
Thursday 7th November 2019 00:04 GMT
they had unions
Porsche was making its profits based on Volkswagen shares then the unions woke up and realised they had Volkswagen golden shares...
all a little different primarily because of unions, of which HP and xerox don't have those shareholdings
Xerox could easily get this done on a financial level however the competition watchdogs would understand printing and there is no way the EU would let it happen without heavy concessions which they are not going to make...
easy way would be for HP to say YES put your money in escrow and we want a break up fee...
HP SHAREHOLDER get deal breakup fee and increase in stock price !!! awesome job...
Antarctic researchers send an SOS to the world: Who wrote this message in a bottle?
Revealed: The new icon you'll click to download an alternative browser, and more from Microsoft
ProtonMail shoves its iOS app's source code on GitHub for world+dog to rummage around in
Mobile operators to be stung for 10% of annual turnover if coverage falls short, digital sec warns
Mysterious botched code upgrade breaks voicemail for unlucky AT&T punters for weeks
It's Orphan Data in Backup Hell: No, it's not a Netflix series about storage admins...
Bezos DDoS'd: Amazon Web Services' DNS systems knackered by hours-long cyber-attack
Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope's Click to Pray eRosary app
In solidarity with its broken email hosting, 123-Reg's '24/7' support lines also fall over
Wednesday 16th October 2019 23:24 GMT
no DANE record for email
comparing the two 123reg and Mythic Beasts from a technical standpoint
actually 123reg have a valid DMARC record and Mythic beasts do not...
123reg.co.uk do not have IPv6 while Mythic beasts do
123reg do not have DNSSEC while Mythic beasts do
neither have DANE records... which is frustrating, time to fix that ?
Ofcom probes EE over 4G outage that may have stopped folk contacting emergency services
Wednesday 25th September 2019 13:33 GMT 
weird...
VoLTE is IP based i.e. SIP and all phones would switch to 3G for any sort of voice interaction let alone Emergency call so this makes this a non investigation...
unless they somehow managed to make sure the phones never switched to 3G and routed the calls into /dev/null
does anyone know how to tell if a phone sends a SMS when they make an emergency call ?
Switch about to get real: Openreach bod on the challenge of shuttering UK's copper phone lines
My Little Bromium: HP Inc inks security deal to slurp micro-VM slinger
Exim marks the spot… of remote code execution: Patch due out today for 'give me root' flaw in mail server
A Pivotal moment for VMware: Software biz gobbled up along with Carbon Black for $5bn
Salesforce takes the multi-signer DNSSEC ball and runs with it
Friday 16th August 2019 13:52 GMT
salesforce know...
salesforce hold an enormous amount of data and people are constantly spoofing them... they didnt want to be held to only one provider and did "the right thing"
(salesforce implementing DNSSEC gives me hope that somewhere in the money making machine is a couple of people who know what they are doing its a pity el reg cant flip the cloudflare switch themselves...)
the single vendor who could change everything is microsoft... they only have to implement DNSSEC validation on windows 10 (they do for windows server) and it would improve security and benefit all sorts of places...
Maybe suing them would help...
I miss him already, says judge as Mike Lynch's court marathon ends
Monday 5th August 2019 12:54 GMT
emails not stored on the server ?
does nobody else finds it ironic that Mike Lynch made a point of not "storing" his emails on the Autonomy/HP server
Its like he didnt have a backup either...
he founded a discovery company and now in court is relying on the fact Autonomy didnt keep a record... If I was HP barrister I would at least point that out and at the same time be asking for a full transcript of all the emails and backups from Autonomy/HP and putting them into encase etc for a full search...
scary
Bored of laptops? Love 200Gb/s interconnects? Then you're going to hate today's Intel news
Saturday 3rd August 2019 03:33 GMT
IO IO off to....
the mind has adaptable IO...
pity Intel who has to ratchet up their Cache size to achieve good IO
at least they have put the USB-C on chip so that at least means good IO speed to the monitor
personally I wish they would put a radio receiver that is capable of being programmed for AM/FM/DVB-T/AIS/GPS i.e. a decent SDR front end now that would be KILLER !
Somebody is working on a $600m data center in Lincoln, Nebraska, could rhyme with schmoogle
OK, it's fair to say UK's botched Emergency Services Network is an emergency now, right?
Saturday 20th July 2019 02:35 GMT
maybe maybe just invest in a new mobile phone...
everyone complaining about their coverage (even in Papworth) is pretty silly
the old GSM phones power requirements where poor and the battery life terrible, get a decent LTE endpoint and you wont those problems... just others...
Yes the commercial providers provision less bandwidth to old networks now since everyone wants more bandwidth on LTE / 3G
Current Emergency Services radio equipment are terrible for long distance. Plenty of evidence of that.
the solution is to get manufacturers to do LTE Device to Device (D2D) so that when your in a hole you can talk to the person 40 meters away from you...
since finland are going to be shifting to LTE for emergency network from Tetra it might be worth finding out what they are doing :
https://www.erillisverkot.fi/en
the sooner we all get Peer to Peer message passing on LTE/5G networks the better
Weather forecasters are STILL banging on about 5G clashing with their sensors. As if climate change is a big deal
Wednesday 26th June 2019 11:59 GMT
FCC is stil a committee
what they are worried about is the spectrum for things like Doppler radar
you know those images that take up the most internet bandwidth on the internet excluding pornography
the problem is that the weather people are frankly useless at making their case because some of it is not really proven and the FCC is calling their bluff
personally I would like a real study conducted into the interference and how the weather radar could be improved with the spectrum rather than using the old "its not broken please do not fix it"
the FCC needs to harmonise with the rest of the world and should worry when NOAA etc turn up at their door
The Great IoT Protocol War may have been won: Thread's 1.2 release aims at business
Tuesday 25th June 2019 10:39 GMT
Simple question ?
Do you need to run Thread 1.2 router on a seperate RF network or can it be solely IPv6 and Bluetooth ?
the natural place for Thread is the gateway router but you wont be able to upgrade that hardware any time soon however if you can provide a nice software upgrade then it might have a chance... otherwise its DNS Service Discovery and IPv6
