A camera on my helmet is O.K. then?
Ummm.......
......O.K. as you were........
1606 publicly visible posts • joined 25 Jan 2007
I think you missed an item from your list.
If the Feds hacked the computer this demonstrates there was outside access to the computer over the Internet so ownership of or physical access to the computer is not absolute proof that anyone actually accessed the site.
This seems more of a get out clause than proof.
Just shows how hard it is to police the Internet.
For all those companies who have scaled back on phone line based support, generally ignore emails and only respond to Twitter.
Well, free init!
Worth what they paid for it, probably.
Edit: going to make it hard for El Reg to fill those column inches if Twitter goes Mammaries Sunwards and they can't publish Tweets any more.
ISTM that someone has written software that works well enough to take out DNS over a large atea.
So they are in the clear, then?
Oh, you probably need to make consumer access to compilers and interpreters illegal as well, and ban the sale of small development platforms like the Raspberry Pi.
Back in the good old days you had Trading Standards who could track and sieze unsafe products, bogus foreign imports and the like.
Where are they now?
Just when their workload has increased exponentially they have been cut to the bone and much of their work has been offloaded to the Citizens Advice Bureau.
Legislate that devices must be secure and updated for 5 years? Who is going to enforce this and block the import of non-conforming products?
We don't even have a police force to enforce most of the current criminal law.
Customs has been cut to the bone as well (fine if you only have to worry about non-EU imports, but.....).
Who is going to enforce and police?
Are we talking smart fridges and toasters, or anything which has built in Internet access?
Virtually all TVs, set top boxes, video players/recorders now have added functionality for iPlayer and Netfix. You connect them to a local network (wired or wireless) and they go and talk to the Internet. Roku? Apple TV? Sonos for streaming music? DAB radio with added streaming?
I have a couple of Humax STBs for satellite and there is no obvious sign of a remote management interface or a security password to change, but who knows?
On the "small devices" front the time to market and competition means that you have to get your kit out there FAST! This doesn't go hand in hand with rigorous security models and extended testing and reworking. You need to get kit out and selling to secure your second round of funding. Each month of running a development team burns money with no immediate return.
This means that "bugger me, I just talked to the fridge" means "Ship it. Ship it now!".
Then if it starts selling you have to make a case for putting more time into the software development instead of paying back the VC funding. Good luck with that.
Cowboys will be clanking their spurs for another 5-10 years before maturity rears its ugly head.
In my limited role as computer support for the non technical I have helped with two upgrades in the last few years, both to laptops to replace old XP desktops. No point in trying to keep the old kit running as they both wanted the flexibility of a laptop.
First was W8.1 (subsequently rolled back from W10 for indignant friend) and the second was W10. The version of Windows the PC shipped with was never an issue.
Classic Shell and the automatic tool to migrate from XP kept them both happy. Recognisable menus and their old desktop wallpaper made it all familiar enough not to be too daunting.
On the home front, Core 2 Duo and Core 2 Quad both running cheap upgrade from Vista to 8.1 with no problems. i2500k and W7 going like a train. Cheap netbookish thing from HP chuntering along on 8.1.
I've just upgraded from a really ancient AMD single core to a more recent 6 core on a new motherboard, but that must hsve been going on 15 years old. I have upgraded everything to SSDs.
The 18 month refresh cycle is dead. Along with first world people not having (enough) PCs.
So we are presumably in for years of articles from the department of the bleeding obvious reporting ever contracting sales.
At least, in the area of trading algorithms.
I was ready to welcome our new robot overlords but they haven't turned up again.
Seriously, though, what counts as robotics? People are constantly banging on about CNC milling machines with ancient software which still do the job. To me this is robotics. So perhaps there isn't an economic case for replacing existing kit and we would need greenfield sites to push forward with new kit.
Ship building for the UK armed forces, perhaps?
Those with wide industry experience (not just in IT) may well have noticed that like recruits like.
One striking example was a marketing team I worked with who looked like an experiment in cloning. All approximately the same height, build, hair colour and looked as though they shared a single wardrobe. Oh, and spookily they were the same gender. Male, as it happens. I think they spent a lot of thought on fashion issues.
Bias exists everywhere, mainly unconcious but sometimes actively encouraged. It takes a broadness of view and moral integrity to rise above this. Now consider how many members of management you have encountered majored in these two attributes. Consider the involvement of those who fall short in this area with recruitment. The issue is how to circumvent or change the situation.
Positive discrimination is one way. This is unfair in the short term but may be effective in the long term. Hopefully if/when there is gender equality the need will go away and it will cease to exist. Not good if you are a victim, though.
I do note that many commentards are gender neutral in their aliases. Given the tone of some of the comments here this may be an effective way of getting a less biased hearing.
On the education front, my daughter wanted to do an IT course at secondary school. She realised that there was an institutional bias but was willing to give it a go. However at the open day we met the IT guy who supported all the kit and contributed to the courses and he was (in my humble but industry honed view) such a hopeless technically clueless antisocial dipshit that trying to learn anything useful would be counter productive. We discussed it and decided to give the course a miss.
She took an IT related course at University and after working in a number of roles both IT and non-IT she is working as an awesomely paid Business Analyst. Making Daddy very proud. So natural ability can get you there regardless, but I reckon that the problems really lie within schools. Things may have changed, of course.
TL;DR he was, unfortunately, mostly logically correct in his analysis. Don't shoot the messenger. Don't force people to recant their genuinely held beliefs. This smacks of religious bigotry, not reasoned debate.
Still have some branded items of clothing.
An all singing all dancing email gateway back in the days of ccMail and MSmail before Microsoft Exchange developed the capability to act as a gateway and wiped out the oposition.
People with a downer on Exchange probably don't remember quite how dire email was before it was available.
Unfortunately they no longer fit because I seem to have shrunk. Still, happy days.
Grumble, grumble......spotty yoof....grumble.....
Speaking as a pensioner if the thermostat turned itself down I would (1) turn the bastard up again (2) light the log burner (3) give the router a good seeing to (4) use the over ride on the boiler controller
From sad experience, those of declining lucidity are not likely to be open to this style of attack because they will already have turned the thermostat down to save money, then put on a couple of electrc fires to keep warm, then opened a window or two because it is a bit hot with their overcoat on.
More likely to get a yuppie by disabling the electronic door lock.
Admittedly a long, long time ago.
There was no work in my degree subject when I left University so I had a look at anything.
They were advertising locally for computer salesmen (shudder) but part of the initial interview was a programming aptitude test. I aced this, to the considerable amazement of the guy interviewing me (apparently he had never seen such a high score before). I was obviously not a budding salesman, though.
I was passed on to a software house and eventually scored a programming job elsewhere.
Some people have an aptitude for logical thought and problem solving. Others have a knack for languages, or for art, or for music. Most people can succeed at non-instinctive tasks if they try long and hard but they can never really compete on even terms with the "naturals".
As an aside, a proficiency at Cluedo may be an indication of programming/problem solving potential.
So if I understand this report to say that there is no natural talent, just hard work, then I respectfully beg to differ.
What about all the startups which go mammaries skywards after a year or so?
Who maintains their kit?
You have paid a shed load of cash to fully automate your home with bleeding edge technology and the manufacturer goes bust. It all works. Do you say "Ah, well, that's life." and rip it all out and start again? Do you buggery. You keep it running until something fails. In fact until enough things fail that you are seriously inconvenienced.
You cannot rely on the device or the manufacturer for long (or even short) term support. The security has to be external to the device, and constantly evolving. Something which can be configured to provide a buffer between the Internet and your in house devices. The home router already has the basics there. It should certainly be able to detect if your home network is helping in a DDoS attack and mitigate.
However the main problem remains; how do you get people to give a shit about security?
This drifts into the whole issue of PCs enrolled in botnets. If a botnet is discovered and taken over it is perfectly possible to trash the PCs involved. This would be a wakeup call but illegal in most countries. Until there is a realistic penalty for running a compromised device nobody is going to give a shit about security.
There have been various technical sounding explanations about how NAT doesn’t really act as a firewall. I am not a current networking expert but please bear with me.
(1) To accept an incoming call on any port, there has to be an active listening process. NAT routers by default should have no active listening processes on any port; think of a NAT router where the only PC on the network is turned off. The network stack sees the incoming request but has nowhere to send it. A touch of firewalling just drops the incoming call instead of helpfully responding with a failure message.
(2) Most Internet access from within a NAT fronted network (at least home ones) is likely to be email or web browsing (or Microsoft Update, I suppose). These connections are initiated from the PC to a known host, and generally have bits of protocol included to ensure that the conversation proceeds as expected. Granted that while one of these connections is active an incoming packet from a 3rd party can hit the open port (if you randomly spray all possible port addresses for all possible IP addresses) but isn't the most likely result that the packet will be dropped as not part of the established session? Some DOS potential but not much compared to other routes. If the connection is encrypted (as hopefully most are these days) then there seems even less scope for disruption. Of course, I don't know enough about the subject to be sure what a web browser will do if it receives an incoming GET/POST from a random 3rd party. Saying you are vulnerable to your ISP is taken as read; that is the obvious Man In The Middle. However as far as I can see your ISP also handles your network traffic so sees your IPv6 connections and so can subvert them anyway.
(3) If I am more or less on track so far then the most obvious vulnerability is online gamers. NAT has, as far as I know, had frigs added for years to acept incoming calls on ports with no outgoing connections. However I think that the game still has to enable this feature at the NAT router; else how does the router know where to send the call?
So I think that NAT acts as an (unintentional) firewall against incoming calls, and that the main use of a firewall is to catch outgoing calls to suspect/dangerous addresses (such as the above mentioned Windows Update server if you are running W10 and ad networks and data loggers).
More details of credible exploits through unsolicited incoming calls to NAT routers welcome.
I will note that i use my ISP supplied router in "modem" mode because i don't trust them to tinker and the firmware was crap anyway. However that isn't an IPv4 vs IPv6 thing. You are always vulnerable at some level to ISP network engineers.
I love a good old snark along with most commentards but isn't this whole thing trivial?
(1) Having no password on the WiFi absolves the provider from all responsibilty for user actions.
(2) However the provider can now be sued and forced to put a password on the Wifi.
This then removes the protection from (1) and opens the door for further litigation.
Or have they (as is so often the case) tried to be clever and added in another little feature or two to make the second round of litigation that bit easier and managed to include all current closed Wifi services (that is, ones which already have passwords) in their new vision of closing down pirates?
Thus moving a very focused decision aimed at people deliberately punting "anonymous" Wifi services to deliberately circumvent current legislation and sweeping up not only poorly configured old home routers but all public WiFi services?
Well, yes, I wouldn't be at all surprised.
Just had a quick look and it isn't supported natively by Windows 10.
One way round the update which broke some OpenVPN clients last year was to use the built in PPTP client.
So which solution "just works" for Windows platforms, is still secure, and is easy to set up on a home server?
I am a little constrained on an upgrade path because I have a noddy VPN running on a Pi for occasional use by people travelling who need to seem to be in the UK and I need to have them all in the UK at the same time to avoid breaking the access for those abroad. Running PPTP because it was easy to set up and it was also supported natively in Windows.
Thankfully I have no IOS users. Oops; should be iOS. Could be a Cisco kid in there somewhere.