£350 for a locked phone?
I'm assuming this is locked to Vodafone? In which case, count me out.
Shame - the design looks brilliant.
Posts by clanger9
144 publicly visible posts • joined 27 Jan 2010
The Palm Palm: The Derringer of smartphones
Ticketmaster tells customer it's not at fault for site's Magecart malware pwnage
Wednesday 12th December 2018 12:57 GMT
Re: Offsite scripts GAH!
Have a look at the TSB login page. Offsite resources include:
we-stats.com
clicktale.net
online-metrix.net
tiqcdn.com
facebook.net (!)
This is on a bank login page FFS! How many trackers do you need??
At least they've removed the references to internal test servers that were present when they had their big meltdown earlier this year...
Internet overseer ICANN loses a THIRD time in Whois GDPR legal war
Tuesday 7th August 2018 12:52 GMT
Re: Mind you I'm more than a bit uncomfortable
I love the idea of providing a premium rate contact phone number! Why didn't I think of that??
I have had to put up with idiot spam calls for years thanks to ICANN (on the basis that I already pay 'em enough for the domain, I'll be damned if I have to pay extra to have then not publish my phone number...).
Australia wants tech companies to let cops 'n' snoops see messages without backdoors
Apple grounds AirPort once and for all. It has departed. Not gonna fly any more. The baggage is dropped off...
Saturday 28th April 2018 08:34 GMT
Re: There may be some good out of it
Time Machine works perfectly on the new apfs if you know where to look.
On High Sierra, Preferences > Sharing > File Sharing > right click Advance Options, check "Share as a Time Machine backup destination"
That's why they've abandoned the Time Capsule: they'd rather sell you another Mac to do the same job...
Who will fix our Internal Banking Mess? TSB hires IBM amid online banking woes
Thursday 26th April 2018 16:37 GMT
HOW THE FUCK WAS THAT NOT PICKED UP IN TESTING?
Indeed. More examples:
- The account list page is titled "holding list" (yep, in lower case).
- The pages are trying (and failing) to load resources from internal test domains.
This is pretty basic stuff that even cursory testing would pick up.
I'm sure there'll be plenty of blame to go around, but it does look like they went live with software that wasn't sufficiently tested. On the up side, the website is more-or-less working again now, so hopefully they're over the worst...
UK 'meltdown' bank TSB's owner: Our IT migration was a 'success'
Tuesday 24th April 2018 17:06 GMT 
18:00, day 4, still broke
So much for "we hope to be back up later this afternoon"! It looks like it's getting worse, not better.
While it was (briefly) working yesterday I managed to complete a payment from the app (not the website), but both have been down all day today.
I wonder if there's a point of no return? As more and more backlogged transactions pile up, the more the the pent-up demand is likely to flatten their systems when they are eventually fixed...
Brit bank TSB TITSUP* after long-planned transfer of customer records from Lloyds
Monday 23rd April 2018 18:25 GMT
Re: 18:00 on Monday, still not working
Well, I can't log in at all now. It's claiming invalid credentials, even though my credentials are correct.
Ah, there it is: "https://test1.int.uk.tsb/14562512/SbtlTsbr_t.js" - clearly flagged up on the login page console.
I get the impression someone, somewhere is frantically restoring "direct_debits.xls" from last week's backup tape. I had no idea banking IT was so shonky...
Monday 23rd April 2018 17:34 GMT
Re: 18:00 on Monday, still not working
You're lucky.
My Direct Debit screen says "You don't have any Direct Debits set up for this account". Which is gonna come as one hell of a surprise to my mortgage company...
The web page title for the list of accounts screen is "holding list" - yes, in lower case.
It's a total clusterfsck. This is pretty basic stuff. Did they do ANY testing??
Apple's magical quality engineering strikes again: You may want to hold off that macOS High Sierra update...
Saturday 21st April 2018 08:03 GMT
There is an issue with obsolete, unsigned .kexts
It can manifest itself in crashing, inability to complete install, inability to reboot etc.
High Sierra is supposed to mark existing .kexts as "safe" on install as part of the new-fangled (and annoying) SKEL system. Unfortunately, that process seems to crap out on some machines, leaving them unbootable (other than via System Recovery).
Try system_profiler SPExtensionsDataType > ~/Desktop/kextList.txt
If that process crashes & dies, you definitely have a duff .kext
Look in the output from that command to find any unsigned .kexts
They live in /Library/Extensions - remove anything old/suspicious here and try the upgrade again.
At last, someone's taking Apple to task for, uh, not turning on iPhone FM radio chips
Apple exits music player biz by killing iPod Nano, iPod Shuffle
Friday 28th July 2017 10:36 GMT
Shame, really
I've had several iPods and I love my 16GB gen 6 (the little 1" square one with a touch screen). It's even survived being put through the washing machine. Hopefully it'll last a while longer, as it's tiny size means it's much more convenient than a phone for music for music listening.
Back to the future: Honda's new electric car can go an incredible 80 miles!
Tuesday 18th April 2017 10:43 GMT
Re: 80mile range?
@Commswonk good question, because it's not obvious from the manufacturer literature how they solve the "heating problem".
I have a PHEV and it appears to have both a ~2kW heat pump and ~5kW resistive heating. The heat pump doubles up for air-conditioning duty in summer. Add in headlights, rear demist and heated seats and it can be pulling 8kW before it turns a wheel. That sounds like a lot, but it's still pretty small compared to the power needed to drive it along (max power on mine is 108kW, average is more like 20-30kW at speed).
The heating system makes for a nice, toasty warm cabin in winter (you can even pre-heat the cabin before you set off if it's really cold), but it does reduce battery range. My car manages 40+ miles in the summer on battery power, but this will fall to 25 miles or so in the winter (on a 10.5kWh charge). All because of the heating system. Granted, I can put the system into "eco" mode to save energy, but hey life's too short...
Different manufacturers seem to have different ways to solve the heating problem. I believe early Nissan Leafs only had resistive heaters, which aren't as efficient as a heat pump. I don't know how Tesla do it - they've got 85kWh+ to play with, so maybe heating efficiency is less of a concern...
'Mafia' of ageing scientists, academics and politicos suck at picking tech 'winners'
Wednesday 1st February 2017 15:47 GMT
I'm all for policy-bashing
...but the article seems a it light on the usual level of El Reg insight.
What about the other (potentially promising) areas of the policy doc around energy systems and battery tech? We've got some good, successful companies in this space, may of whom are located in the North-West. Are you saying these sectors NOT worthy of support? Less worthy than "innovative pallets"?
Also, there's a bit of a weird Mersey fetish going on here. You Mancs and Scousers seem to be perpetually at each other's throats. This is a UK strategy, so how about dropping the regional rivalries for a bit.
New state of matter discovered by superconductivity gurus
Tuesday 22nd November 2016 15:08 GMT
Re: using liquid helium or liquid nitrogen, which is expensive.
It's not the the cost of the liquid nitrogen. It's the cost of keeping it liquid!
The energy (currently) needed to keep even a high-temperature superconductor cool is more than the energy that is lost by a normal conductor. Add in the extra cost of the superconductor itself and that's why we seldom use superconductors to transport electricity.
End all the 'up to' broadband speed bull. Release proper data – LGA
Tuesday 13th September 2016 15:10 GMT 
Still not enough to filter out incompetent ISPs...
Switching to SSE fibre (they're a reseller of Daisy) has been a disaster for me.
Sure, I get the advertised ~38Mbps EARLY IN THE MORNING.
Evenings? Forget it, Daisy's backhaul is so hopelessly saturated I'm lucky if I get 2Mbps.
Complete waste of time - and it seems there's nothing SSE can do about it.
My own fault, I should have realised the deal was too cheap, but even if there had been postcode-level mapping available, I would still have been suckered. I'm currently arguing with them to escape from my 18-month contract, on the basis that what they're providing isn't worthy of the term "broadband" :-P
WhatsApp is to hand your phone number to Facebook
Thursday 25th August 2016 19:34 GMT
Yes, you're right (and I already grok all of that).
However, the article seems to imply that they will add your WhatsApp mobile number to your Facebook account profile - something FB has nagged for for years and I've always resisted. No means no, right?
I realise/accept/hate the fact that *they* are able to identify "me", but I will also be very pissed off if they add my mobile number to my FB account without asking.
Thursday 25th August 2016 16:10 GMT
Assuming you have both, how can they link your WhatsApp profile (that has a phone number) which your Facebook account (which doesn't)?
Are they linking using the email address or what? I have a different one for both. I've never associated my mobile number with my Facebook account and have no intention of doing so...
Lester Haines: RIP
TeamViewer denies hack after PCs hijacked, PayPal accounts drained
Friday 3rd June 2016 20:18 GMT
Re: Possible attack vector?
I has a quick check with a clean install of the TeamViewer client. There is no need to set up a TeamViewer account. First of all, it asks if you want to set an "unattended access" password. Hmm: I wonder if some people set this on first install with a memorable (possibly re-used) password and then forgot about it? This is clearly a different password to the TeamViewer account password (which is what you use to log in to the service if you set an account. It has 2FA etc).
Next screen implies remote control is now possible with a 9-digit ID (presumably set by the TeamViewer servers) and a 4-digit PIN (presumably randomly set by the client). A quick look with Wireshark shows it opens an SSL connection to integratedchat.teamviewer.com every 5 minutes - presumably to announce its presence to the TeamViewer servers. It defaults to allowing "Full Access".
Nothing looks obviously insecure, but that "set unattended access password on install" combined with "default allow full access with 4 digit PIN" suggests that there are a couple of ways a default installation might be compromised.
I agree with psychonaut that you seem to need the 9-digit ID to connect (rather than just an IP address as I said earlier). Perhaps someone found a way to get that ID from the TeamViewer servers? Or maybe you can just try random IDs with a brute-force on the PIN until you get lucky?
Friday 3rd June 2016 18:13 GMT
Possible attack vector?
Just joining together a few threads:
- Apparently you can connect to TeamViewer clients by IP address. It's not restricted to the registered account (by default)
- Apparently TeamViewer sets a less-than-random 4-digit one-time use password for remote access (by default)
I did not know either of these things. It seems you have to go into the settings to remove the OTUP if you don't want it and enable whitelisting to prevent connections by IP address.
So, if you can somehow get a list of IPs using TeamViewer (using a DNS DDOS, perchance?) and you've semi-cracked the "random" OTUP generator, then you're in.
Does this sound feasible? I'm unconvinced that this is a simple password re-use problem, despite what TeamViewer are claiming.
Friday 3rd June 2016 08:19 GMT
Re: Nope, Teamviewer is the tool, not the source
"a Windows Trojan disguised as an Adobe Flash update that's doing the rounds using TeamViewer to backdoor machines."
Hmm, you got any evidence for that? While you can never be 100% sure when people claim not to have installed a rogue Flash update, the fact that one of the first actions for some of the TV attacks is to dump the Chrome password list suggests (to me) that they don't already have the user's passwords.
Why would they dump the password list via TeamViewer (not the most subtle approach) if the machine is already compromised by a Flash trojan?
Thursday 2nd June 2016 14:29 GMT
Re: I could be wrong but
Probably naive.
I understand TeamViewer has the ability to start (privileged?) executables remotely. A number of the posts on Reddit report the upload and running of "webbrowserpassview.exe" (for example) that dumps saved passwords from Chrome.
You can still do harm with TeamViewer without gaining control of the desktop...
Thursday 2nd June 2016 14:21 GMT
Re: It's not the accounts that got hacked, it's the client
Maybe, maybe not. My guess is that it's not unrelated to recent attacks on their DNS. Something possibly involving hijacking responses/chatter between the client and the TeamViewer account servers.
Without knowing how TeamViewer authentication works, it's hard to be sure...
Thursday 2nd June 2016 08:40 GMT
It's not the accounts that got hacked, it's the client
The TeamViewer service accounts seem to be OK: 2FA, no evidence of a hack anywhere.
What seems to be happening is that miscreants have found a way to connect to TeamViewer clients, somehow bypassing the authentication. This has happened to a guy at work last week: TeamViewer account fully secure, unique password, 2FA, etc. While using his laptop, someone connected via TeamViewer and started clicking around. Fortunately, it wasn't a serious hack attempt, seemed more like a skiddie.
TeamViewer now uninstalled everywhere here until we find out more. The software client is broken somehow.
Pure speculation on my part, but that's my take on it.
Air-gapping SCADA systems won't help you, says man who knows
Friday 3rd June 2016 11:31 GMT
Excellent
The myth of air-gapped SCADA needs to die once and for all.
On a closed secure site: fine, give it a go. If you can manage to operate efficiently without any link to the outside world then I'm happy for you. Most business don't work that way.
For anything remotely distributed (i.e. most utilities) the air gap WILL be breached somewhere and no, you won't know about it - until it's too late...
Mitsubishi 'fesses up: We lied in fuel tests to make our cars look great
Thursday 21st April 2016 08:05 GMT
Re: Only 10%?
"measure a vehicle's emissions whilst it achieves its stated 0-62 time for example"
Now there's an idea to put the fear of God into the motor manufacturers. Have you ever been behind a modern performance car while it accelerates on full throttle? *cough* *splutter*. The muck that comes out of the back of these things on full tilt is amazing.
You get the impression that the pollution control gear is there solely for the purpose of getting through the tests and does pretty much f-a the rest of the time...
BT dismisses MPs' calls to snap off Openreach as 'wrong-headed'
Tuesday 26th January 2016 11:18 GMT
Re: Publicly owned business
This is the nature of nationalised public services. They are uniformly awful. The socialist ideal is fine but when it hits the buffers of reality it all falls apart. Like every socialist ideal.
Counter-example: Vienna's public transport system. Fully integrated tram/bus/rail. Cheap. Everything runs on time, regardless of the weather. The tube runs all night and there's a fill-in night bus service that can get you to more or less anywhere on the network at 4am if you don't mind waiting around. They regularly extend the network with major construction projects through densely populated areas and these projects seem to mostly run to time and budget. And it's state owned, using the 'silent owner' approach described above. Like in London, public transport is seen as a strategic asset for economic wellbeing of the city, not something to make a quick buck from.
https://en.wikipedia.org/wiki/Wiener_Linien
I don't know how or why it works, but it does. Heck, it's not even inefficient: 900 million passenger journeys and 8,000 staff compares favourably with TFL's 2.4bn journeys with 28,000 staff!
Bone-dry British tech SMBs miss out on UK.gov cash shower
Wednesday 20th January 2016 13:32 GMT 
Good to see this on El reg
Terrible proofreading aside, it's good to see this kind of thing getting some media coverage.
In fairness to Innovate UK, if you are lucky enough to get an award from them, they are pretty supportive and easy to deal with - a far cry from the bureaucratic nightmare that was the Technology Strategy Board (TSB).
The funding criteria and awards process are truly bizarre, though. They have funded all sorts of ¡Bong! 'digital' nonsense, but seem really wary of anything vaguely industrial. The placing of the Energy Systems Catapult in the Midlands was another huge missed opportunity, especially when most of the industry and backers for it are located in the North West.
Definitely lots to complain about, but also a potential force for good. We all need to keep the pressure on...
LastPass in 2FA lock down after 'fessing up to phishing attack
UK's super-cyber-snoop shopping list: Internet data, bulk spying, covert equipment tapping
Thursday 5th November 2015 08:08 GMT
Re: Please explain this.
I think it's trying to say:
"We will keep a history of all connections by default. We will trawl this history whenever we feel like without a warrant and if we find anything interesting, we'll get a warrant to look at any new content"
So, it's storage of connection records and access (on demand) to new content. Historic content is not stored by default, but you can put a warrant in place and then just hit "Save".
As someone said above, goodbye end-to-end encryption...
Wednesday 4th November 2015 14:56 GMT
Re: The devil is in the detail ...
...aaaand there you have it:
"...a record of the communications service that a person has used"
"a record" - could contain anything, as a minimum likely to be who it's from, who it's to, a timestamp and probably a geographic location. "See, it's just metadata. No content data at all, m'lud!"
"the communications service" - Email, Whatsapp, Skype, Facebook, Instagram, Snapchat, dating sites, your online banking service, the works basically.
"a person" - no fuzzy IP addresses here, mate, none of that rubbish. We're talking RealID (TM), backed up by biometrics and the FORCE OF LAW. Ha ha!!
Sheesh. It would be helpful if someone (anyone?) in the mainstream media could get out there and explain this stuff properly.
Wednesday 4th November 2015 14:40 GMT
Re: I haven't heared so much bull$h1t since the last time she stood up...
Worse than that, I don't see how this "itemised phone bill" could possibly be used to work out who is talking to whom (if it's just a "list of websites"). Who the hell communicates via a "website"??
If they really want to know who is talking to whom, they are going to need to go MUCH deeper. This really suggests logging at the service/protocol level.
It'd be helpful if someone could explain what the Bill actually says as it appears to be in foreign. If it requires communication providers to provide such a log, then it would effectively outlaw any end-to-end encrypted service (as well as P2P).
I suspect this is not the "watered down" Bill you are looking for...
Licence to snoop: Ipso facto, crypto embargo? Draft Investigatory Powers bill lands
Wednesday 4th November 2015 12:32 GMT
Websites != "communication"
Does anyone understand what is being proposed here?
On Radio 4 they were saying that they need to know which "websites" people visit. In the next breath, they're saying that this is so they can find out "who is communicating with who, like we used to be able to do with telephone records".
How the hell is a list of FQDNs going to tell them that? Who communicates via a "website" anyway (apart from grandparents on Facebook, I mean)?.
If they want to know who is talking to whom, they're going to need to compromise every comms platform out there and/or mandate some sort of server-side comms logging. Heck knows how they'll deal with P2P comms. Will P2P just be made illegal? Yeah, that'd "solve" a few other problems along the way, wouldn't it? Hmm.
There must me more to this legislation than the party line of "It's just a list of websites blah blah blah". Can anybody fine the /really/ relevant clauses?
Jeremy Corbyn: My part in his glorious socialist triumph
Hyundai ix35 Fuel Cell: El Reg on the hydrogen highway
Monday 24th August 2015 10:05 GMT
Re: Fuel tank rated to 10,000psi
"whereas a fuel cell can offer over 90%... "
Hate to break it to you, but fuel cell conversion efficiency is actually much, much less than that: about 30%, not 90%.
The 90% figure you're quoting includes the waste heat (for CHP schemes and the like). Yes, fuel cells are usefully better than an internal combustion engine, but not by much.
Sadly, end-to-end process efficiency for H2-powered vehicles is "a bit pants".
Just look at all the cooling ducts on the BMW's i8 fuel-cell prototype. That tells you everything you need to know...
Watch out Sonos! Here's the second coming of Yamaha MusicCast
Thursday 20th August 2015 11:02 GMT
Looks nice, couple of questions...
These multi-home streamers tend to have a few underlying niggles which they may have kept quiet about the the demo.
1. Will it handle gapless playback? This is just about possible with uPnP (but not always). Linn added some (proprietary but open) extentions to produce OpenHome (http://www.openhome.org/wiki/Oh:Overview), but only Linn seem to use it.
2. I presume it does multi-room synchronous playback? This is hard to do reliably over wireless, especially if you also deal with issue #3. Sinos has this pretty well covered.
3. What is the buffering delay/lag like? AirPlay has huge delay, which means it's not much use for directly connected video. Linn get around this issue by reducing the delay (at the expense of reliability) for video sources.
Anti-privacy unkillable super-cookies spreading around the world – study
Global spy system ECHELON confirmed at last – by leaked Snowden files
W3C's failed Do Not Track crusade tumbles to ad-blockers' Vietnam
Amazon cloud threatens to SMASH the fundamental laws of PHYSICS
Friday 27th March 2015 13:53 GMT
Re: 30 Days to back out - there's your limit
I think there's a local sync app (a la Dropbox). So you can maintain the mirrored files locally and the sync app should diff the changes to the cloud.
That also helps get around the problem of getting your data back if you cancel the service: maintain a local mirror. The storage limit is then the size of local storage array.
Friday 27th March 2015 13:38 GMT
Note the free 5GB service has now gone
OK, no sympathy for freetards etc, but my Kindle 3G now won't accept any new personal documents because my (previously free) Amazon Cloud account is now deemed "over quota".
Among all the hoopla about the new unlimited storage, most news outlets have forgotten to mention that the old "5GB for free" service has been removed.
Unfortunately, the only way for me to access my account to bring it under quota is by signing up to the trial. Something I don't particularly want to do (having been nearly burned by an accidental "free" Amazon Prime trial in the past...).
Note to self: never *EVER* buy hardware that is tied to cloud specific services. Especially free ones...
Biting the hand that feeds IT
