security as default
I wish wordpress would include better security:
CSP
DNSSEC checks
X-XSS-Protection
Referrer-Policy
X-Content-Type
it really is not that hard to fold into the core
Posts by john.jones.name
235 publicly visible posts • joined 1 Aug 2017
Updated your WordPress plugins lately? Here are 320,000 auth-bypassing reasons why you should
World's richest bloke battles Oz catastro-fire with incredible AU$1m donation (aka load of cheap greenwashing)
LG announces bold new plan for financial salvation: Trying to actually make phones people want to buy
Friday 10th January 2020 04:14 GMT
HUGE BATTERY FLIP PHONE
honestly LG you own the premier battery chemistry
make a Flip phone with 3x21700 user replaceable batteries in it out of metal (case) with a SD card and large android touch screen (as well as the physical keypad )
you could afford some great camera's on it as well... it would only have to be 4G
I know it would be HUGE in every way but honestly if it would last a week and people could treat it badly it would sell bucket loads
your welcome
John Jones
Cisco slips on a Tolkien ring: One chip design to rule them all, one design to find them. One design to bring them all...
Forget sharks with lasers, NASA kits out an elephant seal with a sensor-studded skullcap
This week, we give thanks to Fortinet for reminding us what awful crypto with hardcoded keys looks like
Here's a starter for 10 on smartphones: Who grew in Q3? A) Everyone. B) Asian vendors. C) Apple
Wednesday 27th November 2019 02:44 GMT
camera...
actually it will be the camera that changes things...
while most people think they are "good enough" once they see photo's from a penta pixel camera with a good ISP then things change...
( for example a 108 MP (7P lens), f/1.7, 25mm (wide), 1/1.33", 0.8µm, PDAF, Laser AF, OIS)
Samsung knows it and has invested the right way in my opinion by selling the camera sensor to other manufacturers who deal primarily in the largest smartphone markets Sony had better watch out !
8k video with 360 ability in a phone would be a nice selling point and would stop people turning phones around... you just need a front facing 34 Megapixel the same for the back and some nice software...
Xerox: Prepare to say cyan-ara, HP Inc. We're no paper tiger. We're really very serious about that hostile takeover
Wednesday 27th November 2019 02:21 GMT
actually
it is no-longer "a persons" company. Facebook is not Zuckerberg's company...
sorry thats VERY misinformed
in the case of Facebook it has a DUAL class share holding... same for Google
Bob Pisani at CNBC estimated earlier this year that Zuckerberg and the group of insiders control almost 70 percent of all voting shares in Facebook. Zuckerberg alone controls about 60 percent.
for google it has dual-class structure that included class B stock with 10 votes per share for existing investors, and class A stock with one vote per share for the public so guess who controls google...
the same can be said of companies like VW in germany where the workers union has a "golden ticket" so no matter what happens they get an outsized say in what happens
ALWAYS look at the class of share your getting...
London has decent 5G availability but speeds lag behind Birmingham and Cardiff – research
Tuesday 19th November 2019 13:14 GMT 
network speed to locations outside their networks
great scott you want to access networks and such that are not located on EE and Vodafone ?
these pitiful speeds are to resources inside and close to the networks at EE and Vodafone which mean exactly NOTHING try accessing real world resources that actually CONSUME BACKHAUL bandwidth and this will be a very different number I'll bet
until someone actually does decent testing i.e. a good methodology then I will pass, if they show 100Mbps on a train ride / Commute to actual networks then I'll pay them money...
Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol
Tuesday 19th November 2019 12:42 GMT
exactly
the problem is that end point (slab or phone or actual so called personal computer ) mostly have terrible resolvers which on a PC is most often down to Microsoft
So firefox decided to bypass the system (in the USA) and setup a TLS connection to cloudflare and send all the traffic to them (effectively over a SSL tunnel).
the BOFH who setup all those internal websites was none to pleased since support calls came in...
the BOFH who monitored for p0rn was none to pleased when everyone bypassed the controls...
solution from networking types was use a standard DoT which phones work with(modern android and MDM'd iPhones)... and respect the BOFH while still giving privacy if the BOFH allowed it... which they wont but then they will block DoH anyway via fancy DPI so that solves nothing either
my issue is that NONE of this infrastructure actually verified the answers they are getting.. how dumb is that ?
VERY
Microsoft realise that they have to do some engineering on their resolver I hope they realise verification is important...
Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it?
Open wide, very wide: Xerox considers buying HP. Yes, the HP that is more than three times its market cap
Thursday 7th November 2019 00:04 GMT
they had unions
Porsche was making its profits based on Volkswagen shares then the unions woke up and realised they had Volkswagen golden shares...
all a little different primarily because of unions, of which HP and xerox don't have those shareholdings
Xerox could easily get this done on a financial level however the competition watchdogs would understand printing and there is no way the EU would let it happen without heavy concessions which they are not going to make...
easy way would be for HP to say YES put your money in escrow and we want a break up fee...
HP SHAREHOLDER get deal breakup fee and increase in stock price !!! awesome job...
Antarctic researchers send an SOS to the world: Who wrote this message in a bottle?
Revealed: The new icon you'll click to download an alternative browser, and more from Microsoft
ProtonMail shoves its iOS app's source code on GitHub for world+dog to rummage around in
Mobile operators to be stung for 10% of annual turnover if coverage falls short, digital sec warns
Mysterious botched code upgrade breaks voicemail for unlucky AT&T punters for weeks
It's Orphan Data in Backup Hell: No, it's not a Netflix series about storage admins...
Bezos DDoS'd: Amazon Web Services' DNS systems knackered by hours-long cyber-attack
Deus ex hackina: It took just 10 minutes to find data-divulging demons corrupting Pope's Click to Pray eRosary app
In solidarity with its broken email hosting, 123-Reg's '24/7' support lines also fall over
Wednesday 16th October 2019 23:24 GMT
no DANE record for email
comparing the two 123reg and Mythic Beasts from a technical standpoint
actually 123reg have a valid DMARC record and Mythic beasts do not...
123reg.co.uk do not have IPv6 while Mythic beasts do
123reg do not have DNSSEC while Mythic beasts do
neither have DANE records... which is frustrating, time to fix that ?
Ofcom probes EE over 4G outage that may have stopped folk contacting emergency services
Wednesday 25th September 2019 13:33 GMT 
weird...
VoLTE is IP based i.e. SIP and all phones would switch to 3G for any sort of voice interaction let alone Emergency call so this makes this a non investigation...
unless they somehow managed to make sure the phones never switched to 3G and routed the calls into /dev/null
does anyone know how to tell if a phone sends a SMS when they make an emergency call ?
Switch about to get real: Openreach bod on the challenge of shuttering UK's copper phone lines
My Little Bromium: HP Inc inks security deal to slurp micro-VM slinger
Exim marks the spot… of remote code execution: Patch due out today for 'give me root' flaw in mail server
A Pivotal moment for VMware: Software biz gobbled up along with Carbon Black for $5bn
Salesforce takes the multi-signer DNSSEC ball and runs with it
Friday 16th August 2019 13:52 GMT
salesforce know...
salesforce hold an enormous amount of data and people are constantly spoofing them... they didnt want to be held to only one provider and did "the right thing"
(salesforce implementing DNSSEC gives me hope that somewhere in the money making machine is a couple of people who know what they are doing its a pity el reg cant flip the cloudflare switch themselves...)
the single vendor who could change everything is microsoft... they only have to implement DNSSEC validation on windows 10 (they do for windows server) and it would improve security and benefit all sorts of places...
Maybe suing them would help...
I miss him already, says judge as Mike Lynch's court marathon ends
Monday 5th August 2019 12:54 GMT
emails not stored on the server ?
does nobody else finds it ironic that Mike Lynch made a point of not "storing" his emails on the Autonomy/HP server
Its like he didnt have a backup either...
he founded a discovery company and now in court is relying on the fact Autonomy didnt keep a record... If I was HP barrister I would at least point that out and at the same time be asking for a full transcript of all the emails and backups from Autonomy/HP and putting them into encase etc for a full search...
scary
Bored of laptops? Love 200Gb/s interconnects? Then you're going to hate today's Intel news
Saturday 3rd August 2019 03:33 GMT
IO IO off to....
the mind has adaptable IO...
pity Intel who has to ratchet up their Cache size to achieve good IO
at least they have put the USB-C on chip so that at least means good IO speed to the monitor
personally I wish they would put a radio receiver that is capable of being programmed for AM/FM/DVB-T/AIS/GPS i.e. a decent SDR front end now that would be KILLER !
Somebody is working on a $600m data center in Lincoln, Nebraska, could rhyme with schmoogle
OK, it's fair to say UK's botched Emergency Services Network is an emergency now, right?
Saturday 20th July 2019 02:35 GMT
maybe maybe just invest in a new mobile phone...
everyone complaining about their coverage (even in Papworth) is pretty silly
the old GSM phones power requirements where poor and the battery life terrible, get a decent LTE endpoint and you wont those problems... just others...
Yes the commercial providers provision less bandwidth to old networks now since everyone wants more bandwidth on LTE / 3G
Current Emergency Services radio equipment are terrible for long distance. Plenty of evidence of that.
the solution is to get manufacturers to do LTE Device to Device (D2D) so that when your in a hole you can talk to the person 40 meters away from you...
since finland are going to be shifting to LTE for emergency network from Tetra it might be worth finding out what they are doing :
https://www.erillisverkot.fi/en
the sooner we all get Peer to Peer message passing on LTE/5G networks the better
Weather forecasters are STILL banging on about 5G clashing with their sensors. As if climate change is a big deal
Wednesday 26th June 2019 11:59 GMT
FCC is stil a committee
what they are worried about is the spectrum for things like Doppler radar
you know those images that take up the most internet bandwidth on the internet excluding pornography
the problem is that the weather people are frankly useless at making their case because some of it is not really proven and the FCC is calling their bluff
personally I would like a real study conducted into the interference and how the weather radar could be improved with the spectrum rather than using the old "its not broken please do not fix it"
the FCC needs to harmonise with the rest of the world and should worry when NOAA etc turn up at their door
The Great IoT Protocol War may have been won: Thread's 1.2 release aims at business
Tuesday 25th June 2019 10:39 GMT
Simple question ?
Do you need to run Thread 1.2 router on a seperate RF network or can it be solely IPv6 and Bluetooth ?
the natural place for Thread is the gateway router but you wont be able to upgrade that hardware any time soon however if you can provide a nice software upgrade then it might have a chance... otherwise its DNS Service Discovery and IPv6
When two tribes go to war... Intel, AMD tease new chips at Computex: Your spin-free summary
Monday 27th May 2019 04:42 GMT
benchmarks ?
any actual benchmarks would show that for server workloads (with security patches applied for Side Channel Attacks) it looks like Intel is toast...
that combined with custom design projects means that AMD is taking most of the data center and embedded design wins so intel is left with laptops and desktops... not much growth there...
they had better build that irish fabrication plant quick...
EE switches on 5G: Oi, where are your Mates? Yes, we mean the Huawei phones
Thursday 23rd May 2019 01:33 GMT
2 good things about 5G
it actually makes the operators think about their radio frequency and coverage
that means actually planning how they are going to ditch 2G and refarm the frequency... typically 3G gets a slice of the lower frequency (goes further) so those with 3G handsets get more coverage.
the real A-LTE then gets more bandwidth also so again you get more coverage
5G is nothing more and nothing less than a solution for the "last mile" rather than those bell wires that BT rents you can now actually bypass them and connect your house on a multigigabit connection without having to dig the road between you and the exchange up !
plus finally we can ditch all that silly 3G infrastructure and move to a IP based network and everything becomes infinitely easier to manage. 3G becomes legacy and the speed is delivered via LTE and 5G handsets with the network not being forced to have capacity on 3G frequency.
OK, Google, please do a half-hearted U-turn: Stay of execution for smart home APIs after Big G goes cuckoo in the Nest
Friday 17th May 2019 08:34 GMT
google login vs works with nest
they are two things...
frankly the nest login should die
works with nest api is not fully served by google assistant (by design the nest api leaks private details like when the occupant is home and away useful for a thief)
the problem is that COMPANIES who pay google bill's and have "account managers" complained...
to assume that google cares and deals with feedback is very misinformed...
US-Cert alert! Thanks to a massive bug, VPN now stands for 'Vigorously Pwned Nodes'
Microsoft unzips Zipline, lets world+dog have a go with cloudy storage compression tech
Saturday 16th March 2019 13:09 GMT
compatibility
Brotli can’t quite keep up with faster internet connections. For instance, a fast internet connection can upload several megabytes per second, but Brotli may require up to 20 seconds to compress just 4 megabytes of data. As an alternative to the Zopfli compression, using a greedy algorithm like gzip -9 to do the compression can waste up to 10% of the space but can keep up with almost any line speed.
TalkTalk kept my email account active for 8 years after I left – now it's spamming my mates
Thursday 7th March 2019 23:32 GMT
security test of ISP
Zen - actually pretty decent protect visitors to website against attacks with e.g. cross-site scripting (XSS) or framing only failure (and its big) is lack of DNSSEC and DANE to lock in TLS certificates on mail servers
AAisp - pretty decent again but has the advantage of IPv6 however lacks DNSSEC and DANE which is a fail
Thursday 7th March 2019 13:22 GMT
security best practices ?
Talk Talk Failures
Mail :
NO DKIM
NO DMARC policy
insecure SSLv3
insecure RC4-SHA cipher suite
hash algorithm that is not secure on the certificate
NO DNSSEC
NO DANE
Their website has :
NO DNSSEC
NO X-Content-Type value
NO Content-Security-Policy (CSP)
Does not offer Referrer-Policy
Does not offer an HSTS policy
Allows for client-initiated renegotiation
We're not throttling you, says Vodafone, claiming slow vid streaming is down to the 'cards'
Friday 1st March 2019 11:45 GMT
idiots have no clue about speedtest
this drives me nuts...
you actually need to test without a VPN and then with using exactly the same traffic
and check the links along the way... https://en.wikipedia.org/wiki/Measuring_network_throughput
basically go and download Wehe: Check Your ISP for Net Neutrality Violations http://bit.ly/2IAdbmD
How do you solve a problem like Galileo? With a strap-on L-band payload, of course!
Get in the bin: Let's Encrypt gives admins until February 13 to switch off TLS-SNI-01
NHS England's chief digital officer goes full digital, ditches health service for GP app biz
Sunday 13th January 2019 01:51 GMT
STOP using 'apps' and start using a "webpage"
app's are just a waste of time if your providing a free service
they are only useful if your charging someone....
but what about video conferencing ? have you ever heard of WebRTC... these people have not a clue about how to deliver digital services.
if the NHS or GP's published a web site with video embedded they could bundle it in a app container for those that...
just look at rocketchat they have all the regulations etc...
Who cracked El Chapo's encrypted chats and brought down the Mexican drug kingpin? Er, his IT manager
Welcome to 2019: Your Exchange server can be pwned by an email (and other bugs need fixing)
Wednesday 9th January 2019 04:32 GMT
exchange better than office 364 which still needs DNSSEC and DMARC
at least you can control exchange and hide it behind a firewall or inspection service...
e.g. office365 lacks DNSSEC and DMARC (even though Microsoft consume this information themselves customers are not to be trusted with actual security)
Happy new year, readers. Yes, we have threaded comments, an image-lite mode, and more...
Friday 4th January 2019 09:02 GMT 
security ?
why oh why... since you use cloudflare...
how about adding a IPv6 address ?
how about enabling DNSSEC ?
These are simple to enable...
also your web developers could do with getting a better score than a F for Fail
https://observatory.mozilla.org/analyze/www.theregister.co.uk
https://observatory.mozilla.org/analyze/forums.theregister.co.uk
honestly the most important is DNSSEC
1. Log in to your Cloudflare dashboard.
2. Open the DNS app.
3. Scroll down to the DNSSEC module.
4. Click Enable DNSSEC.
5. A pop-up will open with instructions for how to add the DS record to your registrar.
Copy the DS record and paste it into your registrar’s dashboard.
Once your registrar publishes the DS record, your domain will be DNSSEC-enabled.
Amazon's homegrown 2.3GHz 64-bit Graviton processor was very nearly an AMD Arm CPU
Wednesday 28th November 2018 01:46 GMT
how clueless
I bet the team at AWS / Annapurna love this:
"It does poorly benchmarking our website fully deployed on it: Nginx + PHP + MediaWiki, and everything else involved. This is your 'real world' test. All 16 cores can't match even 5 cores of our Xeon E5-2697 v4."
complete and utter garbage...
how many optimizations does the ARM Compiler emit/use vs the number for Xeon ? NONE
same with the geekbench its all garbage... until AWS / Annapurna actually get GCC to emit / optimize for basic things like AES then they don't have a chance and you cant get it into the mainline tree until you want to announce it. so lets see the code...
so the question is how much has it been optimised for floating point and what is the IO bandwidth like
IF and its a BIG IF they have a decent IO speeds that can compete with the Intel Xeon THEN it will be more than a negotiating tactic with Intel
john jones
Biting the hand that feeds IT
