Posts by big_D

Re: Gained?

The 480 also had a sealed battery.

Re: I won't hold my breath

Yes, I get between 300bps and 1kbps here at the moment. Vodafone's own speedtest tool tells me there isn't a data connection at all.

Re: Why on earth would this be a problem for GDPR?

The Dutch Government has already declrared Windows 10 and Office 365 as non-compliant. The report was fairly detailed and covered by El Reg.

MS should provide a fixed version of Office 365 by April. But no news on Windows 7, 8 or 10.

Re: Paranoia?

If they are worried, then don't connect the damned things to the Internet! If it is a large solar plant, it shouldn't be on the Internet anyway, it should be using its own private network and at worst, a dedicated, isolate WAN to connect several plants together.

Either way, it should be isolated from the Internet. If they set it up properly, there is no risk.

Re: You realize that "Made in America" doesn't actually mean what it says?

Yes, but Huawei's kit doesn't go anywhere near the USA mainland, so it is hard for the NSA to put their spyware on the kit, before it is delivered to their allies.

It's just sour grapes.

Re: Toilets, health trackers, sexual innuendo

I must admit, I was expecting to see your by-line when I opened the story...

Standards are falling, old boy.

Re: The other side of the coin

One of the best sales pitches I saw was a mainframe supplier.

The rep turned up with a massive machine, it was duly installed and he handed us a tape with source code. We should load it onto our existing system (a VAX) and on the new mainframe, compile it on both (using the optimization on the VAX) and to call him back in a week or so, when the mainframe was finished.

An hour later, when he got back to the office, there was a message that he should call us...

The test software was running fine on the mainframe, but the VAX was already finished!

It turns out that he had been too optimistic. The compiler checked the code:

1.) Input into the program: none.

2) Processing : check

3) Output from the program: none.

Optimization = processing is redundant, optimize it out of the executable. The program loaded into memory and quit immediately.

The mainframe, on the other hand, was busily building a multi-million point multi-dimensional array and filling it with randon numbers...

Re: Protecting their own industry AND their involuntary intel sources

Look at the Reg archives, a couple of years back, the NSA was caught intercepting switches and routers from HP and "updating" the firmware, before it was delivered to customers on foreign soil.

Re: Funny

Okay, thanks. A search threw up the references I listed.

In Germany, "Make America Great Again" isn't a thing you hear very often.

Re: Why bother with 5G if you cannot get 1G right?

It is the same where I work, my LTE contract with Vodafone Germany say 500/100mbps maximum speed, but at work I get about 360bps (no, I didn't forget the M!) and at home I get 5mbps.

It is so slow at work that Vodafone's own speedtest app fails, because it says it can't get a data connection.

Re: 5G vs 4G

Vodafone Red M (11GB data / LTE 500/100)

https://www.vodafone.de/media/downloads/pdf/VF_RedM_Mobil_Okt-2017.pdf

Maximum download speed 500mbps, maximum upload speed 100mbps.

Re: Well done Samsung

Yes, it is an interesting pointer towards the future, just like the Nokia Communicator back at the end of the 90s...

It will be interesting to see where the technology is in a few years, when it has had time to ripen.

Re: This is why you need a dedicated hardware-token for things like this.

That is the point of the article, it seems like the developers have overseen how some of the system clean-up functions work and haven't enforced rigorous clean-up (E.g. overwriting the memory before releasing it).

The clipboard, browsers and other applications are beyond their control, but the safes should be ensuring that the passwords held in their memory are held safely and not leaked. Passing them on to the required application is a known risk that has to be taken into account, you can't really do anything about it with current operating system and application architectures. You'd need a new OS written from the ground up to be secure and handle information securely.

At least the developers seem to be taking it seriously, with at least LastPass have reacted and closed the hole.

I used to love reading his column.

Man, that brings back fond memories.

Re: Yet more open-source litigation FUD

And all the companies that got sued for using GNU/Linux at the beginning of the Century, because it also breached patents and included proprietary code?

A fair few companies settled, many for 6 figures, some for 7. It is rare these days, but not unheard of.

And that explains that ARM, Sparc and other processor architectures are also affected, how exactly?

It is an industry wide problem. It is something that dates back to the 90s, when processors weren't used for virtualization and weren't connected to the Internet. The processor designers had taken a line for designing performant multi-threading processors, then the industry decided virtualization was a thing and that connecting to the Internet was a thing.

Instead of going back to basics (and temporarily crippling the performance of new processor generations), they built out the current architectures (PowerPC, ARM, Sparc, Intel, AMD etc.) to allow these new features, but without ensuring that such side channel attacks could be blocked.

Intel does have the most problems, as they have Meltdown as well as nearly all Spectre variants, whereas the other chip designers / producers only have certain Spectre variants to deal with, but none of them come up smelling of roses.

Re: "it also makes it more difficult for America to be present"

What he means is, because the hardware wasn't sent from a US company, they have no chance to interdict it and add their own "presence" to the kit before it is delivered, so they can't be "present" on it.

Re: On the other hand...

Interestingly, in a report in the news this evening, more Germans find the USA and Trump a threat than Putin and Russia or China and Xi.

Re: Source of the NAStiness?

All of my QNAPs are up to date and have not been infected, at least the hosts file hasn't been tampered with.

Re: Remember Y2K?

I remember spending a long summer in the early 90s re-writing hundreds of COBOL modules of an ERP system to be Y2K compliant. ISTR that they kept 2 digits on the input masks and database and used a sliding window technique to work out the century part for reporting and prefixing dates on the forms.

Yes, early 90s. My employer saw the event coming and wanted everything in and tested long before the final date.

Re: WTF?

In Germany it is clearly defined. Any person, in public or private who is "featured" in a photo has to give their explicit permission before a photo can be loaded onto the internet or published.

If they are part of a crowd in the background, that is okay, but if they are in the foreground, you need permission.

That has been the case for a long time.

When I buy something on Amazon from a British seller, I still need an invoice with their German tax ID.

The seller can sell in any land of the EU without restriction, as long as they are registered for VAT / sales tax in that country.

Amazon had to change a few years back to comply as well. Especially as more and more businesses were buying through Amazon and required a valid Tax Ident. to claim the tax back.

I've had to send a few products back, because the seller on Amazon charged the German 19% MwSt, but didn't have a valid German tax number, so I couldn't reclaim the tax, so I couldn't put it through the books, so the product had to go back and I re-purchased from another seller that did have a valid tax code.

Amazon S.a.r.l can now only charged reduced tax on certain "virtual" items, but even that is limited.

Re: Tip of the Iceberg

For those born after 2000, maybe. For those born in the 20th Century, the aftermath of facism and communism still runs very deep.

For those that grew up in the East, it is especially deep ingrained.

I have a friend who was a teacher at a school in the DDR and lost her Job because one of the other teachers was a Stasi spy and reported her less than euphoric opinion of the Party - she didn't say anything negative, she just wasn't positive enough on that one occassion. She lost her job and could never work as a teacher again.

For people who grew up not knowing whether their parents, their spouse or their children might be spying on them for the Stasi, it is easy to see how the population in general has a hard time coming to terms with governments or corporations spying on them.

That is why drones can't be flown over industrial or residential areas, why number plate recognition cameras are illegal in most states and why CCTV is generally frowned upon and only allowed under certain circumstances.

Dashcams are quasi illegal - you can only use them to record the last 30 seconds before an accident and you (theoretically) can't upload it to YouTube, you can't use it to report someone and if you do upload it, you have to make the numberplates unrecognisable.

Given that background, it is easy to understand why people are reticent to let Google & Co. track them.

My better half is a native German and when she is at a party and people make photos, she explicitly states that they do not have her permission to upload any photos with her in them to the Internet. No tech is allowed into the house with a microphone or camera, with the exception of a smartphone, the laptop and tablet have their cameras taped over.