* Posts by Simple Simon

26 publicly visible posts • joined 30 Jan 2012

Here's how we got persistent shell access on a Boeing 747 – Pen Test Partners

Simple Simon

Run old systems for better security

The big takeaway for me was that the system was so difficult to hack because it was so old.

So, to maintain systems that can't be hacked, rather than upgrading internet facing servers, we should all be *down*grading them.

Openreach out and hike prices on legacy fixed-line products: Broadband plumber pulls trigger after Ofcom gives the nod

Simple Simon

Re: We've switched to LTE

Honestly, OpenReach have no such plans that they're able to share with us.

Simple Simon

Re: We've switched to LTE

Nice idea - and thanks for the thought. We already looked into it. Coverage is intermittent, price is high, and deployment is impossible (most of Edinburgh city centre is a conservation area).

Simple Simon

Re: We've switched to LTE

Thanks for the suggestion. But, I checked. No coverage, and no plans.

Simple Simon

We've switched to LTE

We have premises in the city centre of Edinburgh. The only fixed line connectivity that is available to us is ADSL. We get 6Mbit/s down and 0.5Mbit/s up. On a good day. There is literally no other connectivity available from any provider on any infrastructure - and no roadmap or plans for that to change.

This is not some remote community. This is in the centre of the capital city of Scotland!

We finally gave up, and have recently installed a fixed LTE [1] modem. We get between 10Mbit/s and 20Mbit/s up and down. Bye-bye fixed line...

[1] it turns out there aren't yet any sensible options for fixed, external 5G modems.

UK's National Audit Office warns full-fibre rollout strategy is leaving rural Britain behind. Again

Simple Simon

Never mind “rural areas”

In the city centre of Edinburgh - Scotland’s capital city - we get about 5Mbits/s down, and about 0.2 up. On a good day. The connection is “full price” ADSL. There is no unbundled availability. There is no VDSL availability. There is no cable availability.

It seems that there are not enough wires.

Netflix starts 30-day video data diet at EU's request to ensure network availability during coronavirus crisis

Simple Simon

What about the CDN?

It seems like a great idea to be sensible about consuming bandwidth, but I don't understand this measure.

Netflix have a pretty cool CDN (search: Netflix Open Connect) - of which they are very proud. It intelligently caches content very close to the edge at "hundreds of ISPs". So, when you're streaming from Netflix, you're not really streaming over the internet at all - you're streaming from a server in your local exchange.

Is this more about people streaming over mobile networks - where even when the Open Connect server might be in the telco's data centre, there may still be congestion on "the last mile" to the handset?

This is a genuine question. Does anybody know why this is a measure worth taking?

Calling all the Visual Basic snitches: Keep quiet about it and so will he...

Simple Simon

Sounds Awful

Sounds awful - but isn't that pretty much how the whole software-as-a-service thing, and indeed the automatic-update thing of today works? You will be updated, whether you like it or not...

Airbnb host thrown in the clink after guest finds hidden camera inside Wi-Fi router

Simple Simon

What’s with the hate?

What’s with the hating on AirBnB, guys?

We own and run a couple of holiday lets in major UK city centre. We use AirBnB as just another listings site. Our properties are fully compliant with local regulations - for example, wired and interlinked smoke and heat detectors, fire fighting equipment, and regular gas and electricity inspections, etc. They’re properly insured, and we pay all our taxes.

And yes, we supply WiFi - but with enterprise grade kit. It’s WPA protected, with a captive portal to force acceptance of simple Ts and Cs. And, all connecting clients are segregated and have bandwidth limitations for QoS.

And no, we don’t have any cameras installed.

Not everyone is a crook.

ML fails: Loyalty prediction? Not really. And bonus prediction? Oh dear

Simple Simon

Re: Fails at basic logic...

Yes. But.

The last time you bought something online (eg. App, auction site, mail-order, hotel, etc) - did you go for the supplier with 3 stars out of 5, or 5 stars out of 5?

As consumers, we should be satisfied with a supplier who has a score of 3 out of 5. But, we're not. We see that as a failure. As business owners, we have to ensure that our feedback score is always 5 out of 5 - or we lose business.

So, we find that the scale has been re-calibrated. Maximum score doesn't mean "God Like". It now means "Everything went OK. The parcel arrived on time, and wasn't broken - and I received the item I paid for".

Dell computers bundled with backdoor that blurts hardware fingerprint to websites

Simple Simon

Genuine Question

It's a genuine question - so don't go flaming:

How does this work? You can't do a cross domain JS call in the browser. Calling localhost is calling cross domain, surely?

SCRAP the TELLY TAX? Ancient BBC Time Lords mull Beeb's future

Simple Simon

Unfair Tax?

No.

It's the fairest tax of them all. It's the only tax where all the money goes exactly where you think it goes. And if you don't want the service, you don't have to pay the tax.

Don't crack that Mac: Almost NOTHING in new Retina MacBook Pros can be replaced

Simple Simon

Genuine Question:

Does glueing (rather than screwing) stuff together make it easier and cheaper to recycle? If you want to reduce a screwed-together item to its constituent parts, you have to pay someone to sit there with a screwdriver. If it's glued, could you just heat it up and watch it all fall apart?

Writing as someone who's replaced batteries, hard drives, memory and logic boards in my own Apple laptops and desktops, I'm very disappointed to note that I won't be able to do this if I buy another machine. However, if we accept that the modern consumer likes to have new shiny-shiny every couple of years, does this method of construction make the disposed items more recyclable?

Like I say, it's a genuine question.

WD unveils new MyBook line: External drives now bigger... and CHEAP

Simple Simon

Re: Encrypted?

Nope. It's encrypted. And no, I didn't just plug it into a Windows box. And yes, I spent a considerable number of hours on this.

For reference, see here:

https://www.net-security.org/secworld.php?id=8054

Even if the user does not set a password in the UI, the data is encrypted with a "null" password - and whatever salt WD have in the hardware.

Simple Simon

Bad Experience

Seeing as this seems to be an advert, let me share my bad experience.

The thing is, they drives are encrypted. They're encrypted even if you set "no encryption" in the UI. And, the encryption is done in hardware on the controller PCB.

I was asked to try and recover some data from a MyBook that had been dropped. The drive was fine, but the controller card was broken. I could read the disk by putting it into a caddy - but couldn't retrieve anything from it.

And, you can't buy replacement controller cards.

And, they keep changing the controller cards, so finding a donor is almost impossible.

In the end, I had to give up.

iOS 6.1 KNACKERED our mobile phone networks, claim Vodafone, Three

Simple Simon

Re: Strange

Just to re-iterate that point:

We have servers running Postfix (SMTP), Dovecote (IMAP), CalDAV and CardDAV - serving a mixture of iOS, OSX, and Android (all of multiple versions). They all talk, and they all sync.

Sure, the iOS devices are bound to an iTunes account, and the Android devices are bound to a Google ID, but we don't use any of the cloud services from anyone.

Mystery X-37B robot spaceplane returns to orbit on Tuesday

Simple Simon

Hovering over China?

The only way to "hover" (ie. not move relative to the ground) is to be in geostationary orbit. And you can only be in geostationary orbit over the equator (or thereabouts, if you accept a wobble) - at an altitude of about 22,000 miles. I don't think there's any part of China on the equator.

It may well have been doing all sorts of slurping, but I guess it would have been on a different (probably lower) orbit, passing over points of interest, rather than hovering.

Apple ships 'completely redesigned' iTunes 11

Simple Simon

Re: ...hover over info bar

The trouble with UI elements that appear when you hover the mouse, is that there is no hover event in a touch UI.

I think designing UI elements that require onmouseover is a little short sighted. I'm certainly finding that I'm rethinking my approach to UI design, and noting the general move towards supporting touch interfaces, I wonder whether hover events (should) have had their day?

APPLE: SCREW YOU, BRITS, everyone else says Samsung copied us

Simple Simon

Responsive Design

It's not that the link on the home page is small, it's that some jolly clever responsive design always has it sitting under the fold. As you make your browser window larger, the image (currently of the iPad mini) grows. The footer is *always* off the bottom of the screen, and you always have to scroll down to see it - however big the page, and however high the resolution of the screen.

I may have got my court rulings mixed up, but didn't this one stipulate that the link had to be *above* the fold???

Why is solid-state storage so flimsy?

Simple Simon

Best of all worlds?

I've swapped out the internal optical drive of my laptop for a caddy that holds a spinning disc. I have a (only 128GB!) SSD as the boot/applications/user folder/working files drive. The spinning disc is partitioned - with one partition being a target for a scheduled daily clone from the SSD, and the other being a place to store larger files (eg media).

I think I'm having my cake, and eating it - but I'll wait for the inevitable correction...

Scottish brainiacs erect wee super-antenna

Simple Simon

Whatever the impact on battery life, isn't it just a good thing that the RF output is (possibly) reduced, and (possibly) directed away from your head?

Nominet mulls killing off the .co from .co.uk

Simple Simon

Who Cares...

about domain names?

Don't most people just use a search engine anyway? Even more so now that browsers seem to have done away with the separate field for search.

The point being, that you just type what you want in the URL field, and and your search-engine-of-choice takes you there with just one further click.

And, when was the last time you saw a domain name on a print or TV advert?

JK Rowling's adult novel arrives on ebook full of FAIL

Simple Simon

Re: 3% VAT

Nope.

Under EU VAT law, for "Business to Consumer" transactions, and where the deliverable is "not physical" (eg. services, software, or electronic books), the VAT is charged where the vendor is based. In the case of Amazon (and iTunes, and the rest) that's Luxembourg. The VAT on electronic books (and anything else a consumer in the UK downloads from Amazon, iTunes and the rest) goes to Luxembourg, not to the UK.

For "Business to Business" transactions, and where the deliverable is "not physical", the VAT is charged where the purchaser is based. So, as a business purchaser, if you can demonstrate to the vendor of "non physical" items that you are indeed a business and are VAT registered, they should not charge Luxembourg VAT (and you will instead have to account for the VAT on your UK VAT return). However, try telling that to iTunes, Amazon and the rest...

For all transactions where the deliverable is "physical" (eg. a piece of hardware you bought from Amazon), the VAT is charged where the purchaser is based. Which means that, if a consumer buys a physical DVD of a piece of software from Amazon, they pay UK VAT, and if they buy a download of the same piece of software, from the same vendor, they pay Luxembourg VAT.

Oh, and BTW, if you've paid Luxembourg VAT, you can't claim it back on your UK VAT return.

Great, aint it?

Why lock your digits to a phone? Telefonica to flog cloudy numbers

Simple Simon

I genuinely don't understand. Help please.

But, unless I completely misunderstand it, I've been doing this myself for years.

I have a VOIP number (from Sipgate, but that's not important) - and that number rings on whatever device I use to log on to the VOIP service at that time. When travelling overseas, that's usually via a locally bought data-only SIM, and a VOIP app on my smart phone.

So, I am "subscribing to a number" (from my VOIP provider), and simply using the data service of the telco of wherever I happen to be.

What's new with this offering? The only thing I can think of is that there's some kind of QoS for the VOIP traffic?

Dot-word TLD registration closes tonight, maybe for many years

Simple Simon

Pedantic Point

Actually, it'd be 00.59 BST on the 30th.

However, I think it's irrelevant - and a waste of money for most. Actual domain names matter increasingly little I think (unless you are Pepsi, Nike, or the like). It's more about getting your brand high in the search results that counts.

Google spews out 'privacy' email to Sky punters too

Simple Simon

DIY

It's fashionable to outsource to the cloud. But you pay the price.

We stubbornly refuse to do so, and run our own mail server. We enjoy all the benefits that the cloud providers offer, with push syncing to iToys, Androids and desktop apps, webmail, and infinite storage. And the cost really is minimal.

But crucially, we control the data. For us therefore, it's a no-brainer.