* Posts by VinceH

3483 publicly visible posts • joined 26 Nov 2009

Your security is just dandy, Apple Pay, but here comes Android

VinceH

Re: Convenience?

"At least learn how it actually works before you troll - ApplePay automatically switches to the app when there is a payment to process."

Non-Apple user doesn't know the specific workings of an Apple system. In other shock news, it has been discovered that the Pope is indeed a Catholic.

"The amount to pay and list of cards (with a default) will be displayed automatically. "Unlock the phone" means "press the fingerprint reader"

All that does is shorten step 2 - but there is still a step there that wasn't included in the original sequence.

VinceH

Re: Convenience?

The "more than one card in my wallet" is a key point that fucks the notion of Apple (or other phone) Pay being more convenient.

I, too, have more than one card in my wallet - and the reason for that is I use different cards for different things. So, step 2 in your contactless* card sequence should be "select contactless card and remove from wallet" - and there therefore needs to be a similar step for Apple (or other phone) Pay: They need to be able to hold details for multiple cards, so the user needs to be able to select which card they are going to use. Which means:

Apple (or other phone) Pay:

1. Phone out of pocket.

2. Unlock phone, navigate to the app to select which card to use, and make the selection.

4. Phone against card reader.

5. Phone back into pocket.

I've been generous and bundled the necessary sequence into a single step 2.

And, of course, you could do this before going to the till to make payment - but, then, you could also do that with the relevant steps for using a card.

I'm assuming Apple (and other phone) Pay systems will allow multiple cards to be set up.

* Not that I use contactless payments, but that's beside the point.

EU probes Qualcomm over possible antitrust issues

VinceH

Re: The El Reg nickname for Qualcomm is?

Chipzookie!

eBay about to put part of self on eBay

VinceH
Alert

Optional

"The tat bazaar has slimed down substantially of late"

I'm not sure if I want to know what that means!

Sixty-five THOUSAND Range Rovers recalled over DOOR software glitch

VinceH
Terminator

Re: Why?

"One car I owned had some fancy computer controlled windscreen wipers with variable speed, automatic rain detection and such crap; it was fine until it started going on the blink then the wipers movement became so random they sometimes shot right off the windscreen and attacked cyclists."

I like that version of Skynet.

Blighty's BONKERS BANKING BONKING BONANZA: Apple Pay arrives

VinceH

Re: The article is wrong - there is no hard £20 limit for Pay payments

He was probably hoping the people on the tills would be so mesmerised by the classy erotica that they wouldn't notice the ink was still wet.

How many top-level domains are there now? 300? 500? No, it's 1,000

VinceH
WTF?

Optional

"And you probably know about six of them"

You honestly think El Reg readers will have only heard of six TLDs? Or are you just patronising us? Again.

Office 365 prices 'to rise by up to 13 per cent'

VinceH

Optional

"In these cloudy times, if Redmond adds some extra goodies, they're just part of the product and opting out looks nigh-on impossible."

Well, quite - and that applies to anyone providing cloudy-goodness (FSVO 'goodness'), not just Microsoft. It's one of the reasons I dislike cloud solutions - and I would imagine many other El Reg readers feel the same. The problem is, some people just will not be told.

As AC says above "Those who will not open their eyes will soon be opening their purses" - never heard that saying before, but it's one worth remembering (and AC's post has therefore been duly upvoted)

Facebook casts a hex with self-referential IPv6

VinceH
Facepalm

Re: Voting

That's why there was a 'both' option!

(Which was my vote)

Apple Watch sales in death dive after mega launch, claims study

VinceH

Re: Re:

"Temperature isn't a great feature as you need to take it off your arm if you want anything other than body temp."

Quite - mine's a Casio Pro-Trek, which features barometer, altimeter, compass, temperature, and it has a solar charging (and has the ability to tell the time) and the temperature is pointless precisely for the reason you give - it has to be removed from your wrist first (and, IIRC, left off for half an hour before it can accurately measure the temperature) if you don't want your own body temp. Everything else is great.

I've had it for a few years now and the strap appears to be breaking. :(

Bing Maps seen wearing creepy mask that makes it look a bit like ...

VinceH

Re: Ordnance Survey Maps vanished?

That's because, AFAICS, it's not there. The button to change map style is on the far right - the topmost one of the four circular icons about half way up the screen - but when you click on it the options are Road, Aerial, Birdseye, and Streetside. No OS option.

Behold the mighty Swiss SPACE JUNK NOSHER PODULE

VinceH

Re: It wasn't Drax, it was Blofeld!

"Many years since I saw either of those films (I much prefer the books), and memory had blurred them into one."

And if you remember Fleming's book, you'll remember that it was about nuclear missiles, not space shuttles.

VinceH

Re: Didn't Hugo Drax

"Drax had his own Shuttles. With frickin' lasers."

But there were no sharks, so it wasn't very realistic.

Planet killer: Ex-army officer's Welsh space-rock mission

VinceH

I'm not the only one who pondered that very narrow speciality, then!

Microsoft: Stop using Microsoft Silverlight. (Everyone else has)

VinceH

However (as I've only now realised) the triple click doesn't just select the URL if it's part of a paragraph - in that case, select it with a click and drag.

VinceH

Handy tip if you are using Firefox - which may work on other browsers as well:

Triple click on the URL. It recognises it as a URL, so you can then right click -> open link in new tab. Quicker quicker than messing around copying it, then opening a new tab and pasting into the URL field - but, yeah, El Reg automatically recognising links in comments would be handy.

Ford recalls 433,000 cars: Software bug breaks engine off-switch

VinceH

Re: And again ..

"there is an argument for a cut-out switch."

Or: pop the bonnet, disconnect the battery, get back in the car and stall it. (I had to do that on an old Suzuki SJ for a few days many years ago, and I assume it'll still work on modern cars!)

Facebook unveils SECRET logo furtle – in a TWEET

VinceH

Re: ??

"It has to be badly photoshopped on to a towel"

Indeed. The curvature and distortion of the lettering isn't right, and doesn't match the towel (or whatever it is) - but there is curvature and distortion to the lettering in that picture (look at the 'k' - it's most prominent on that one).

This suggests to me that the rolled up towel is part of the logo.

(Yet none of this is mentioned in the article?)

Windows 7 and 8.1 market share surge, XP falls behind OS X

VinceH

"Next month's numbers should be rather more interesting, because Windows 10 lands on July 29th and will presumably be adopted by a great many users not long afterwards. What share will Redmond's saviour have by August 1st?"

Well, unless they only base their numbers on usage in the last two days of the month, I doubt it'll have much of a share at all by 1st August. It's the August figures, published in September, that are really likely to show it.

And that's not taking into account other flaws mentioned upthread.

UH OH: Windows 10 will share your Wi-Fi key with your friends' friends

VinceH

Re: F**king Madness

"Android stores the passwords in plaintext. There are apps which will display them, or you can hoke through the file system."

Time to insult my family:

When it comes to technology, they are utterly clueless - they wouldn't have the first idea how to look for them through the file system (let alone know what a file system is), and I'd be amazed if they had the wherewithal to go downloading apps to reveal the passwords.

And the ones using iThings are even worse.

VinceH

Re: F**king Madness

"Our solution, family only, is I enter the nightmare from Hell password and lock it in."

I adopt the same approach - if a visitor (usually only family) needs wifi access, I enter the password for the guest network for them. They continue to have access with that device whenever they visit until, once in a blue moon, I change the password.

Most of them use Apple iThings, and some Android - so no real problem there - but the first time I see a Windows device, I'll increase the frequency of those password changes to monthly. (Or I could add the _optout to the SSID - which is a stupid idea*. Or both.)

* Because of the sheer number of people who simply won't know about this. Microsoft, you are idiots - the optout extension to the SSID is a token gesture, and nothing more.

Giant FLYING SPACE ROCKS could KILL US ALL, warns Brian May

VinceH

Re: Exit plan?

Just breed a race of giants, and put them on guard, equipped with massive tennis racquets.

BBC veterans require skilled hands to massage their innards

VinceH

"There are people doing some stunning stuff with BBC Micros. I bought a reconditioned unit which has a kit installed that can read CF cards (internal interface that treats the card like the Winchester disk) and also FAT formatted USB sticks ... among other tricks!"

USB port... on a BBC :)

That's a RetroClinic DataCentre - quite probably the same kit you are talking about

US police to throw big balls in criminals' faces

VinceH
FAIL

"Bounce Imaging CEO Francisco Aguilar says he got the idea for the device after hearing about the problems rescuers in the 2010 Haitian earthquake were having finding survivors in the rubble of ruined buildings"

Of course he did.

And slightly more recent, there's also this - that's the one I remembered, which is why I searched and found the one above.

Windows 10 is due in one month: Will it be ready?

VinceH
Facepalm

Previous commentards have discussed such things as how buggy the betas are, what is meant by the "supported lifetime" of the device, and so on. So I'll pick on something else from the article...

"Unfortunately there are yet sites that do not work correctly with Edge, where changing to IE (or an alternative browser) fixes the issue."

I suspect the problem is websites relying on browser sniffing to make certain things work, and either they don't recognise Edge (and/or they don't degrade gracefully when faced with something they don't recognise), or Edge is being recognised as something else (for example, a version of IE - perhaps in some cases, the site is just picking up on "Microsoft" in the browser string?) and being served [un]suitable HTML/CSS/Javascript as a result.

If so, the problem lies with the websites rather than the browser - although it's a problem that is (at least partly) of Microsoft's own making - and it is the sites that need fixing. If Microsoft 'fix' Edge, then it's just going to turn it into a new version of IE.

That man told me to stuff a ROLE up my USER ENTRY!

VinceH

Re: Login names

Anyone who's last name is fewer than six letters might have problems, too - unless it was up to six letters of the last name, rather than a strict six.

Space station cabbage: To boldly grow where no veg has grown before

VinceH

Re: Hell =

Gardens in space are no use at all until we have Huey, Dewey, and Louie to curate them when the humans kill each other and themselves in order to preserve them.

ICANN's leaving the nest, so when will it grow up?

VinceH
Thumb Down

"The fact you have probably never heard of them."

That seems a very odd - and quite patronising - thing to say in an article on a site like this.

We need to know about the Internet of Things, say US Senators

VinceH

Re: Smart TV

"My so called Smart TV complains everytime I switch it on that it can't connect to the MotherShip 'for vital security updates'. If it ain't connected to the network then why does it need those oh so important updates."

If there isn't an option to disable checking, I'd be inclined to take it back and complain that it is a [design] fault.

"However, this is the tip of the iceberg."

Quite. While Joe Public keeps lapping up all this crap, it's just going to get worse for those of us who can see the potential problems and therefore don't want it.

Facebook frees Messenger from its gilded cage

VinceH

"The move is designed to turn Messenger into its own social network, rather than leave it tied to the existing Facebook platform."

Not quite. The move is an attempt at mopping up people who have friends who are on Facebook but who aren't on Facebook themselves. Once they are on the Messenger platform, that means they've given more identifying information about themselves to Facebook than they were able to obtain previously.

Man in India claims his new iPhone 6 combusted in his car

VinceH
Mushroom

Re: Samsung exploding washing machines

"We have a Hotpoint WMD"

I had no idea Hotpoint made weapons of mass destruction. Do the TLAs know?

Amazon enrages authors as it switches to 'pay-per-page' model

VinceH

Re: Paranoia is its own reward

As I said in reply to someone else above, the Kindle platform keeps a track of where you've read up to in a book so that it can keep multiple devices/copies of the app in sync in terms of where you are in any given book.

It's done this for at least as long as I've been using it, and probably since the start.

VinceH

Re: Strange

" It's nasty enough that they know which books I own, now they also track what and which part of it I read how often."

You know how if you have a Kindle and the Kindle app on a phone or tablet, when you read up to a certain point on one the other is updated so you can carry on from the same point? That's what this is, and it's been part of the system for at least as long as I've had the app - which is a good few years now. Probably since the beginning, or as near as damn it.

Larry Ellison: Oracle's going to WAR against Amazon cloud prices

VinceH

DaaPR - Data as a Protection Racket.

Facebook and Twitter queen Taylor Swift: Facebook and Twitter are RUBBISH

VinceH
Thumb Up

Re: self undermining?

"(I'm not fat.... just cuddly :D)"

You know you're fat when a young nephew points at your stomach and says "Have you got a baby in there?" :(

"TBH I couldn't pick her out in an ID parade,"

And not only that, but I also wouldn't recognise any of her music.

"but she has done 2 things this week that make me think she's probably a very decent human being."

Agreed. A big thumbs up for Ms Swift.

Police robot duo storm Colorado house, end four-day siege

VinceH
Unhappy

Yeah, but they only did it for his own protection. They were saving him from himself.

Oz goes mad with the ban-hammer

VinceH

"According to Twitterer @RefusedC, only 77 games received the ban between 1995 and January 2015. Following the adoption of the IARC guidelines, that number has blown out to 241 games to March 18, 2015. That works out to be an average of 40 games banned per month."

Is that some creative maths, or is there some information I'm missing? As I see it, the 'per month' figure since January 2015 appears to be notably higher than 40 games per month - how much higher depends what point in January the 1995 to January 2015 figure actually ends.

Webmail password reset scam lays groundwork for serious aggro

VinceH

Re: So why

"The more important question is how did the crooks know the phone number associated with the account."

One example scenario where this happens is because people running small businesses are (necessarily) publishing their phone number and contact email addresses - but using an address@ gmail or whoever instead of an address at their own domain (if they even have a domain name to start with).

At last, switching between rubbish broadband providers now easier

VinceH

Re: When did it become a thing for illegal behaviour

"to get a fluffy name ?"

Whenever people want to refer to that specific illegal behaviour and have other people know what they mean.

"Surely all the elements of "slamming" add up to conspiracy to defraud, or gain pecuniary advantage by deception."

Indeed. But if I said to you that I'd been a victim of a conspiracy to defraud, or gain pecuniary advantage by deception, you wouldn't know the specific nature of the offence - whereas if I told you I'd been a victim of slamming on my internet connection, you would.

Names are handy.

DuckDuckGrow: Privacy search soars 600% after Snowden dumps

VinceH
Joke

I was wondering if that was a deliberate joke in the article, but then it should probably have been DuckDuckDuckDuckDuckDuckDuckDuckDuckDuckDuckDuckDuck-DuckDuckDuckDuckGo (if I've counted correctly*)

* The hyphen shouldn't be counted - I've added it to allow formatting to El Reg's width.

British banks consider emoji as password replacement

VinceH

Re: Optional

Ta. That's more or less what I'd guessed would probably be the case. :/

On the whole, I think I'd much rather they asked me for the full password, so they can compare the hashes - but I run a very clean computer (food in the keyboard aside), and I have to accept that this may not be the case for Joe Public, meaning a risk of key-logging malware. I suppose as long as they use 2FA, though, the flaws with both methods are mitigated.

"Either that, or HSBC has decided to hash each letter of your password individually for extra security. ;) :D"

Heh.

Actually, thinking about those systems that limit your password to n characters, perhaps that's why... ;)

Joking aside, I'm not talking about HSBC at that point. I haven't yet logged in and created a new password - so I don't know yet if they require the whole password when logging in after, or specific characters from it.

OTTOMH, a couple that do are Natwest (for Bankline) and Barclaycard. Bankline also uses a pin (for which three digits are required to log in - same as the password), and they do use 2FA via a dedicated security device, but not for the initial log in.

VinceH

Re: Optional

"Actually, I respect not wanting to disclose personal banking information, but it's pretty vague and useless"

I don't mind disclosing the bank. Not naming them was probably just instinctive - I wouldn't name a client's bank (at least not when specifically mentioning the client), so I expect that's rubbing off on me personally, IYSWIM. (Plus, if HSBC are doing it, I suspect others will follow)

"so I'm just going to go ahead and say that this is HSBC we're talking about. Their security has just taken a notable step backwards with this. Phone app and passeprd might be more convenient if you don't have the key fob on you, but it is NOT as secure."

Quite so.

What annoys me, though, is that they did away with the use of a password in the first place, adding in the silly security question in its place.

I tend to suggest to people that if a system doesn't offer a password as an option, and a question like that instead, treat that as a password prompt. I then have to stress the need to make sure it's unique because - not being a password from the site's point of view - I wouldn't like to bet on it being salted and hashed.

Speaking of which... I'm by no means a security expert, but I know more than most people I know, but one thing which has been bugging me of late:

'Please enter the 3rd, 5th and 8th letters of your password [ _ ] [ _ ] [ _ ]'

I see this on some banking websites. Surely, if you can enter a selection of characters and have them validated against your password, that means the password can't be salted and hashed?

VinceH

Re: Somebody please stop the planet...

"Why not just allow 8 digit pins?

Or has the general public became so dumb they can't remember 8 digits in sequence any more?"

I don't think the general public is too dumb to remember eight digits - but I do think some members of the general public are probably too dumb to be sensible about those eight digits in the first place, and you'll probably get people using the last 8 digits of their phone number backwards*, and stuff like that.

* This is already common in four digit pins for house alarms, based several I know. (Which, arguably, I shouldn't know, but that's a whole other problem!

VinceH

Optional

Meanwhile, what's actually happening with at least one bank...

Up until a few years ago, I logged into my personal accounts with an ID and a password. Then they decided to add 2FA using a dedicated security device - which is sensible enough, obviously.

However, when they did that, they decided to drop the use of a password on the website (you need a pin for the 2FA device) and add a security question, where you get to choose one of a number of questions (mother's maiden name, first school, etc) and put in your answer.

Fast forward to now.

"Online Banking is evolving" they say. "The next time you log on to Online Banking you'll be asked to create a new password"

To be fair, this doesn't do away with the security key - this password is so you can "access essential Online Banking services" without the 2FA device. I still find it quite amusing, though, that having done away with passwords a couple of years ago, they're now introducing passwords.

They're also introducing a new version of the 2FA device - which, apparently, is a new 'digital' one.

What do they mean by digital? They mean it's not a separate physical device - it's a smartphone app.

So when they say you can "access essential Online Banking services" without the 2FA device, for those who opt for the app* they mean "when your battery has run out."

* Customers have the choice of continuing with the separate device or using the app - so it's not compulsory. Yet.

VinceH

I can't wait to apply for a new credit card, open the letter with the PIN advice inside, and have it tell me that my new pin is"

Correct horse battery staple!

All of a sudden, xkcd 936 becomes relevant in a whole new way!

Cortana threatens to blow away ESC key

VinceH

"Not to mention HP, who decided it would be great for users to put another row of keys down the left hand side of the keyboard for quick access to things like calculator, print and a whole host of other stuff that we don't need keys for."

Not their only dumb mistake. My HP laptop came set up so that the Fn key was needed to use the actual function keys F1-F12, rather than Fn being used to access the extra functions such as volume up/down, wireless on/off, etc - those were the default actions.

A pain if you use software in which the F1-F12 keys are actually used, as I do. If it wasn't just a BIOS change away, it would have been given a lesson in how easily glass breaks, what gravity does, and how hard concrete is*.

* Umm. Or it might have gone back for a refund. On balance, in fact, this probably more likely.

VinceH

"Funny - my 'Escape' key is, thanks to Microsoft, now enjoying a great revival following a long period of disuse. It's the key that gets me out of that blasted full-screen "hey - your server has a touch screen interface, right? Well here are some tiles!" start menu."

It's also jolly handy as part of the Ctrl-Shift-Esc combo to conveniently call up the task manager. Replacing it is "a bit silly"(tm).

Mind you, it's just an assumption that they're going to replace it - on a decent keyboard, there is enough space between Esc and F1 for another key (though whether that's the case on gubbins supplied by Toshiba is another matter).

Amazon turns up spectacularly late to 'transparency' party, pours a large one

VinceH

...anthrax spores.

In memoriam: Christopher Lee, Hammer's Count Dracula

VinceH

Re: Dracula is dead at last... and I'm sad.

"Although he passed away yesterday"

This article was the first I'd heard about his death, and I somehow read the reference to Sunday as yesterday (my mistake was pointed out to me elsewhere).

Still, this being a Friday night, a horror double bill still seems appropriate. My choices in the end were Dracula, Prince of Darkness and Scars of Dracula.

INTERNET of BOOBS: Scorching French lass reveals networked bikini

VinceH

Re: That video ....

"and pause to examine the computer screens."

And you wouldn't have got any technical explanations from doing that - it was just GUI-related stuff AFAICS.