I cant see a single Qualcomm 5G modem CPE win
I see Balong 5000 modem everywhere
if they are serious they need to do a Home office modem
(its not like there is a pandemic and people are working from home or anything)
235 publicly visible posts • joined 1 Aug 2017
when someone reefers to security I always want to scream that's your job... The Base not an extra that you should be praised for...
For example the nominet web server does not even enforce its own cipher preference so maybe just maybe you should fix that BASIC thing.
This is a public facing supposedly security conscious root of trust type organisation and it cant even get its website security right... who knows whats going on behind the scenes.
I have no pity
5G is a joke you only have to look at a coverage map of Australia to understand that they can only install Antenna masts where there is Fibre... your essentially sharing a Fibre connection
Maybe the current bunch of bastards (Australia slang for members of parliament) get in again the NBN might well be sold off to the highest bidder and the highest bidder will maximise the shareholder value by doing what telstra has done for the last years, the bare minimum to keep the money rolling in (nothing but repair and slow upgrades to existing infrastructure) there will be NO INVESTMENT.
if australia wants to be connected then INVESTMENT is the only way things will IMPROVE.
Vote for the bastards that INCREASES investment and provide for a way to EARN money in diverse places rather than just in the city (which has plenty of fibre).
Dublin tried to entice ECMWF to relocate it was only recently that they renewed the UK Government commitment to build new headquarters and research facilities for ECMWF on the University’s Whiteknights campus, as confirmed by the UK Science Minister, Amanda Solloway, on 10 December.
“We welcome the clear statement from the UK Science Minister Amanda Solloway, which highlights the strong UK commitment to relocate ECMWF’s core work to new premises at the University of Reading.
“Reading is one of the world’s leading scientific centres for weather, climate and environmental science. The combined power of researchers based at the University of Reading, including units of the UK Met Office and the Natural Environment Research Council, plus the core work of the European Centre for Medium-Range Weather Forecasts, will continue to represent a scientific force that benefits the whole world.”
this is general purpose mid range ARM stuff that is cheap hence why they are putting it into a NIC yes it can run linux and do offload for the main general purpose processor.
really this is general purpose processor being pushed into places to replace application specific integrated circuits that used to do offload, basically the complete opposite of what the exec is talking about...
dont let the details get in the way of a good story for the executive...
its the reverse from what you think it is... its not about the ability to remove meta data its about ADDing
if you want to be able to prove that the photo was taken by bob and has not been altered i.e. hash signature preservation even after editing (prove you just altered the white balance and nothing else)
its all meaningless if websites strip the metadata
until websites support correctly:
http://www.embeddedmetadata.org/social-media-test-results.php
Instagram is the worst offender and could be turned around easily...
make sure your websites correctly attribute images/text and do not strip metadata.
the operators can easily see if the scooter is lying on its side (they have a gyro in the tracking package) and also can obtain the location via GNSS / Wifi / Bluetooth
they could start to report users or at least warn them to prop it upright in a safe place...
but thats ot really in the companies intrest and they will only do it if regulated to do so...
gbfs is pretty much useless for the regulator and gives no feed of the routes taken nor if it was dumped on its side vs standing upright it has things like android pay which is not really relevant for a regulator...
how is software called Kodiak supposed to work if the handsets are all IP ala 5G stand alone and they go out of range then do they create their own network no matter the provider they where using ?
someone clearly does not understand how networks actually work... unless I'm missing something ?
Have customer details such as people who are authorised to have access been compromised ?
(i.e. my details )
I have a sneaky suspension they have and the longer they deny it the more customers that will swear never again...
Reputations are everything and this is not the time to fudge or use a play book for a security investigation.
they have not benefited security
they have not benefited the domain holders
they have not benefited the networks (domain registrar is not a network)
they have benefited themselves.
I would love to see a well thought out legal challenge to their "oversight" I suspect that the legal dept has a greater payroll budget than their technical dept...
payroll say's everything
its a tool built in java to search across information sources... nice but realistically this is what perl was created for, you have to wonder why the gov agencies did not do this themselves if they have that sort of budget but it's the American way... expensive consultants.
If they can spend that sort of money to get into gov contracts then maybe just maybe they can live of the fat of maintenance although with things transitioning it's going to be hard regardless of the politics.
1/ they are a patent troll and infact boast about it with 16 employees and no products. What it does have is a portfolio of more than 2,000 patents, mostly acquired from Ericsson AB.
2/ I wonder if they paid for the courts time ? otherwise the UK tax payer forked out for exactly nothing...
Features
16 Cortex-A72 CPU cores, running up to 2.2GHz
18MB cache/on-chip memory
Up to 16 Ethernet ports
Supported Ethernet speeds include 1, 2.5, 10, 25, 40, 50, and 100 gigabits per second
114Gbps Layer 2 Ethernet switch
Up to 24 PCIe Gen3 lanes, supporting ports as wide as x8
50Gbps security accelerator
100Gbps data compression/decompression engine
Security wise it would be less than ideal if they transitioned all their MX records to exchange online, some dept's would have T&C's they could not use i.e. software security research into vulnerability of Microsoft products means data can be compromised when flowing through Microsoft's network...
plus Microsoft while it has said they will support DANE for some office365 they have not committed for all which would disavow some grant applications while Exim has supported that option for years.
All of Cambridge's email data transmission would flow through Microsoft and they can use that Meta Data... if you think adverts targeting you are creepy...
The actual data came from measurement lab and is open for anyone you don't need to use their report
you can test yourself here :
https://speed.measurementlab.net/
its actually interesting to see what people get
the data is actually here with a map already :
https://datastudio.google.com/s/tA4mKm65BqY
John Jones
yes the upgrade might be risky but the reward is you can sell a higher bandwidth package... thats how it works... people vote with their wallets
personally I would prefer if ISP's would charge the contract owner if they got notified of bad traffic just like they do with corporate contracts.
that would force people to actually put some effort into not have infected virus laden machines lingering on their home wifi and incentivize people
having a network that supports things like DNSSEC and IPv6 would be useful not only for scalability but for network admins helping the end user track down which machine was the problem & billing, much like mobile networks do now (most mobile networks are IPv6 )
Quite easy
Bill the endpoint
This incentivizes both the ISP and the End User
The ISP can do it easily enough within the existing T&C's because their was "effort" to process the IP logs, say $10 which is waived instantly if they phone/email and declare they have cleaned up their network/PC/router
That would be attractive to the ISP (sicne people are lazy they get to keep a portion) and reward people who take care... (while educating people to the cost)
honestly I don't know why they don't do it...
whoever was on the pannel should be taken out and given some tea because clearly they cant be sane
A 2014 report by the RAND Corporation described Epic as a "closed" platform that made it "challenging and costly for hospitals" to interconnect with the clinical or billing software of other companies.[18] The report also cited other research showing that Epic's implementation in the Kaiser Permanente system led to efficiency losses.
does it link to anything else without costly "variations" ?
good luck
actually I rather like someone in the tech press actually following up on stories
(I used to call it journalism/professionalism)
if your actually interested in the background I suggest you research using the information in the article as a starting point, that's what I did and found this :
COVIDSafe's new payload encryption scheme :
honestly yes many systems use a certification authority and its time to move on to a DNS based system where you can choose your CA (self signed or with a CA) it also nicely describes what legal system ( jurisdiction ) applies, .uk or .de
https://tools.ietf.org/html/rfc7671
easy to deploy today with your existing certificate with usefulness for SMTP and in the future HTTPS
"integrate the CA functionality into their external DNS server"
you can do that now with DANE for example backward compatible for browsers :
honestly depending on where your certification authority (CA) is located is where the law applies and what help legally they can be compelled to provide...
personally I would prefer a system that is tied to DNS so that you know what law applies...
the stats come from BT and Virgin media routers... and I would bet not a entirely random sample nor include any outliers
personally I would have more faith on the tests here :
https://speed.measurementlab.net/
what your experience of the above independent speed test ?
https://www.theregister.co.uk/2020/05/09/coronavirus_tracing_app_source_code/
see comments
honestly I dont think Australian government legal team have a clue what they are doing...
They released the source code and although they copied from the opentrace repo (Singapore gov funded) which is under GNU General Public License v3.0
(Section 2 of GPL says that modified versions you distribute must be licensed to all third parties under the GPL.)
The Australian gov dept tried to license it under a new license and claim copyright... which is not how this works...
Incompetent legal dept would be a nice way of putting it...
I also love that they "archived" the github versions... no issues can be filed...
In a Australian gov public hearing the dept also refused to acknowledge that AWS could be (and very likely already is on regular basis) forced to hand over data based on United states courts (United States Foreign Intelligence Surveillance Court FISC, also called the FISA Court) the Australian Attorney General office cited that the advice was confidential (again rather petty and silly).
The only way they can turn this around is to pivot to using the Apple/Google decentralised model and say the app was a placeholder, trying things out... wipe most of the current data in the store and start distributing the list of tested confirmed codes that people can check securely on the phone uploaded by the health Dept after they confirm things with the individual via a medical diagnostic test (which is open to anyone now).
hell to really right their wrongs the best way would to host the data on secure Australian servers by an Australian company or Gov Dept.
Honestly this goes to show how clueless or double standards people like cannon brookes are...
First of all No DNS security... what does that mean ?
DNSSEC would be part of the way to prevent middle box's at schools/gov depts etc from intercepting traffic CovidSafe app has No protection.
(you can host your domain on a DNSSEC aware Name server and still use AWS)
Secondly No TLS cert declaration... what does that mean ?
Things like HSTS mean that putting a TLS proxy would be harder to intercept, Manipulate and account for CovidSafe. The app has NO protection.
(this is basic webserver security that high school students are capable of)
Thirdly it does not work in the background for at least 40% of the Australian population.... what does that mean?
iPhone etc do not allow the gov or anyone for that matter to broadcast in the background so you have to use the Apple API to broadcast continuously, there are several privacy preserving app's that do that however they are not deployed yet as Apple/Google is not active yet... Australian Gov pushed ahead anyway while the German gov went with a private approach... https://github.com/DP-3T/documents
Honestly I want them to do this right so I hope they fix the errors in server infrastructure deployment and change the app to use matching on the client rather than server. The App can still request data from users but it should not be the default or required for the app to work.
Glossing over errors is not helpful, maybe, just maybe Australians deserve better and our leaders will deliver in the future because the "tech billionaires" are not helpful.
Regards
John Jones
while all the above on Scotty from marketing is true one thing that this Covid-19 era has prompted :
The Prime Minister of Australia now Listens and refers to actual science and qualified people in press briefing...
That would have been unheard of previously... simply by doing that he's gone up in a lot of peoples estimations...
All they have to do to gain trust is open source the app and make the database of ephemeral ID's under the control of the health department (which it has to be since they are going to be the ones allowing the upload from a infected person (prevention of false positives) then signing the download to your device )
If they adopt the Apple/Google API (which they have to otherwise they loose 50% of the population target of phones without which it becomes increasing irrelevant) then they have to use it in that manor they just cant do it any other way...
it's if they open source it to prove they did not screw up other parts along the way which would be the interesting thing...
also if it was open source then to be honest I would use it, although I have very little trust in this government at least I could see how it was working myself.
instead of everyone just moaning here is a couple of constructive things to do :
Do a speed test that instead of your data being sold is freely available to researchers and anonymized (they do keep your IP like every webpage you visit at least they acknowledge it) :
https://speed.measurementlab.net/
test and Complain to ofcom :
https://checker.ofcom.org.uk/broadband-test
if you can’t get a download speed of 10 Mbit/s and an upload speed of 1 Mbit/s,
TEST ABOVE ON THE TWO SPEED TESTS you can request an upgraded connection. You can make this request to BT, or to KCOM if you live in the Hull area. You do not need to be an existing customer of BT or KCOM to apply.
why someone like Microsoft doesn't simply disable the old protocols across their own server environment I don't know...
if your seeking information keep it plain http everything else submission of forms and login etc then https modern... this would reduce CPU and if your running farms of servers this is significant in terms of cost i.e. power
multiple power rails are the solution to this problem and most professional designs use them...
the raspberry Pi should have its own input seperate from the power to the peripherals but hey lets not let good engineering practice get in the way of complaining
raspberry pi trading finally applied the standard to their product... I wonder if they tested it using the apple store across the road...
WHY cant we have this on the iWatch apple ?
if they care about security then why do mac people have to use third party app's for industry standard security keys ?
the iWatch has bluetooth and NFC but they are hobbled in the name of security... yet Apple does not provide for real standard security...
well others have been deploying small GSM cell's into their phone box's... 5G here we come...
any of the phone companies with phone box's still left well have now become an asset !
(previously companies like telstra used them to build out a Wifi network but GSM cell is much more lucrative as avoids nasty planning permissions since they are usually in places where people want phone reception and its hard to provide it)
advertising via radio waves....