* Posts by dca1

13 publicly visible posts • joined 19 Nov 2018

MSI hit in cyberattack, warns against installing knock-off firmware

dca1

Surely 'use proper channels' is not the issue.

But it is more now 'don't let anyone near your hardware'. I imagine that a signed bios is more likely to be used in a physical attack than remote.

Hacking is not a crime – and the media should stop using 'hacker' as a pejorative

dca1

Re: Bloody ignorant media types....

I came here to say the same thing

Apple, forced to rate product repair potential in France, gives itself modest marks

dca1

Re: Extend to cars

I think we digress here. Is it so much about the time or about the incidental cost applied to minor repairs?

The issue is that on a £1,000 laptop if you want more ram, or your ram fails, or one other tiny piece of your logic board fails then you are either paying about £800 to replace the entire logic board and discard the remaining working components, or you are paying £1,000 for a shiny new [insert current year] macbook.

If my suspension fails and in order to replace only the suspension I have to have a mechanic spend 12 hours disassembling to get to it and replace it, in this case only the suspension is discarded. It might take longer, I definitely won't have to buy a new car and my old car will carry on just as it was before.

I thought the goal was to get to the latter position with consumber electronics. Specifically those consumer electronics which could and have been made modular but are now being made as single units, glued or that do not have parts made available for the purposes of the upgrade cycle.

Nominet boardroom battle may already be over as campaign to oust management hits critical milestone

dca1

I wonder what the articles say about abstentions counting toward the total. I could picture some large names abstaining to bring the total up and therefore the 3% cap to a higher number. Not exactly a vote of approval but serves the purpose of providing a few more which are. Either way I'll be here with my popcorn.

Don't be fooled, experts warn, America's anti-child-abuse EARN IT Act could burn encryption to the ground

dca1

Policing either needs to adapt to modern day constraints or modern day constrains need to be neutered to allow prior day policing to keep up. The solution proposed here is the latter answser. The only way to solve with the former is to throw NSA style funding and recruiting at regular police work.

In the olden days if you wanted to find out what a group of criminals were up to you tapped their analog phones, bugged their houses when they were out, mayble rilfled through documents in drawers or you just sat at a table near them in a restaraunt. These things were easy because the only policing skills required were to have working ears and short term memory, you were up against criminals who had more or less the same skillset.

Current day policing is up against the skillset of the criminals and the skillset of those who make the tools that they use, so Police are up against criminal enterprise and also legitimate enterprise - as those legitimate enterprises now provide the tools which they use (yes, I know they don't specifically make them for this purpose).

Unless regular everyday policing budgets allow for them to employ staff who can intercept traffic OTA, who can MITM a 4G network or who can remotely read and decrypt device contents then the balance of skills has moved greatly.

Microsoft joins Google and Mozilla in adopting DNS over HTTPS data security protocol

dca1

Re: not going to work

DPI is the only true solution but for now I'm doing as you do with 53/853 only allowed by pihole. I also manage a list of ip's on my router that are dropped for 443. The list updates weekly based on resolving the ip's of all the rel="nofollow" links on this page https://github.com/curl/curl/wiki/DNS-over-HTTPS to get me ip's for known DoH servers. It's not ideal, mine also isn't the best implementation (made it when I was just pondering DoH) but it catches enough right now, is more or less zero maintenance and is better than nothing.

Virgin Media dumps BT's mobile network to hop into bed with Vodafone

dca1

Been with Virgin Mobile for 3 years now

Unlimited calls, texts and 6gb data which rolls over. £8.20/month. I think I've had down time twice in those 3 years. I can't really complain about their service, especially for the price.

I'm happy to sit on this plan forever as it goes up by inflation, or to grab another one whenever they next have an appealing deal. I rarely use the 6gb though.

Lights, camera, camera, camera, action: iPhone, iPad, Watch, chip biz in new iPhone, iPad, Watch, chip shocker

dca1

Not even parity

The US price excludes Sales Tax, the UK price includes VAT at 20% which makes it £833 before tax, which makes it $1,029 at todays rates. Granted nowhere in the states has sales tax at 20% so it will always be cheaper there but the bump in price is down to the UK Treasury and not down to Apple.. unfortunately for the narrative of this story.

The purple SIM of fail: Virgin Mobile punters left in the dark with batch of borked cards

dca1

Am I the only person i nthe world who doesn't have problems with Virgin services?

Use them for mobile, £8 a month for 8GB data + calls, texts. Always works. Still on red sim card though.

Use them for broadband, no downtime despite others in my area saying they have it. Granted I use my own router.

Huawei new smartphone won't be Mate-y with Google apps as trade sanctions kick in

dca1

Surely Huawei can just facilitate the user adding these?

Could there not be an app installed on the phone which pulls the various gapps at the users request? Nothing on the phone at time of delivery, Google Apps are only installed once the user chooses to do so. No clue if there is an official location where Play Store and Google Play Services can be downloaded from though.

Google relents slightly in ad-blocker crackdown – for paid-up enterprise Chrome users, everyone else not so much

dca1

Re: Is it time....

Anyone that can't/won't shell out the cost of a Pi for this is likely not interested (yet) in their privacy. The time will come when using things like Pi-hole is the norm for a home network and people understand that they should control where their data goes to from their house.

For now though your friends could run a docker container quite easily, I'm sure that pulling together a .bat to install and launch the container then to create a service and set dns isn't too much.

I'm not going to bother suggesting to people though, everyone is still of the mind that I'm paranoid.

Brazil bested by hackers, Virgin plugs hub bugs, and France surrenders… records

dca1

Could have been useful

To implement some basic functionality which is missing from the SH3. I would have liked to get past the hubs port 25 forwarding block among other things.

Scumbags cram Make-A-Wish website with coin-mining malware

dca1

Re: Is it me

I reset my password after maybe 5 years of lurking to back this up.

I read el reg pretty much daily but I don't come here to read this daily mail style crap.

I went through the article and took this from it:

1. sysadmin for make a wish hasn't patched a 5 month old bug.

2. most likely some script found the ip as vulnerable.

3. malware distributors do not have a magic blacklist of addresses to skip by which may belong to charities.

I think I already knew about 2 & 3, which makes this article about a sysadmin having not patched a server. Really interesting reading... Thanks for taking my time.