/ Community, Technology

Tech Talk with Which? Computing

Welcome to our tech talk area! This is your place to discuss all things tech, get updates on Which? Computing, and discuss the latest goings on with our Computing editor, Kate Bevan.

Hello, world. Welcome to my tech talk area on Which? Conversation.

It’s been six months now since I took over the editorship of Which? Computing, and one thing I’m particularly keen to do is find ways to meet, chat with and learn from Which? members and our community.

I want to be able to be a bit more nimble about reacting to, commenting on and explaining what’s going on in the wider tech news world, and so we thought that opening up this space would be a great way to do that.

A tech space for everyone

This space is as much for you as it is for me. I’m not only keen to share with you what we’re working on in Which? Computing, but I very much want to hear what you’re doing with your technology; what you’re thinking about technology-focused news, and what you’re considering building, buying and tinkering with.

I’ll be posting here in the comments on a wide range of topics. Next week, for example, is Google’s annual event at which they launch their latest consumer devices. Sadly, I won’t be going to New York for that, but I will be at the London event, and I’m planning to report on that as it happens.

I’ll also be letting you know what we’re up to with planning the Computing magazine; I’ll be sharing news stories and – hopefully – helping those of you outside of the tech bubble make sense of everything that’s going on.

But most of all I’m here for the community. It’s a conversation, not a broadcast, and I hope you’ll be joining in and helping to shape it. I’m really looking forward to it.

From the Convo team

This tech-focused area of Which? Conversation is the first of its kind from a Which? editor.

Much like the Lobby, it was born out of an idea from our community – we’ve been asked for a more tech-focused discussion area in the past, and this can act as just that. This area isn’t only for Kate’s updates, but for you all to discuss the latest tech news, reviews and issues you’re interested in.

Kate will continue to write separate Which? Conversations for the ‘big’ tech stories, which we’ll also link to here for reference.

09/10/2018 All the latest from Google’s annual hardware launch

02/10/2018 Was your Facebook account accessed by attackers?

29/09/2018 A brief history of tech: what got you into computing?

16/08/2018 Do we really spend too much time on our phones?

Otherwise, for all things general tech chat and questions for Kate, feel free to get inolved!

Guidelines

To ensure the Computing Corner remains a healthy and friendly place for you all to share your thoughts and musings, all of our Community Guidelines apply.

Comments

This comment was removed at the request of the user

Thanks Duncan, that is interesting news, see:

eff.org/press/releases/eff-wins-dmca-exemption-petitions-tinkering-echos-and-repairing-appliances-new

I note that EFF themselves only see this latest win as a small step along their way, so I wonder if your benefit statements above may be exaggerating the immediate impact of this victory for consumers?

When US Customs stop working on behalf of Apple, by impounding 3rd party spares intended for the likes of Louis Rossman and Jessa Jones (and other 3rd party repairers), then the war may be over.

This comment was removed at the request of the user

Duncan, OK – please can you post the full text or even better, a link to its source, as I just did?

It could be this, Derek – posted last week.

https://www.theregister.co.uk/2018/10/26/right_to_repair/

Seems to be a very broad ruling which those who feel DRM is being used as a club to control the innovative have been pushing for. Not all that wonderful, however.

“But the Copyright Office rejected proposals from many people to simplify the exceptions so that ordinary people can use them without lawyers. EFF proposed to expand the exemption for vehicle maintenance and repair to cover all devices that contain software, and to cover legal modification and tinkering that goes beyond repair. We cited a broad range of examples where Section 1201 interfered with people’s use of their own digital devices. But the Office expanded the exemption only to “smartphone[s],” “home appliance[s],” and “home system[s], such as a refrigerator, thermostat, HVAC or electrical system.” This list doesn’t come close to capturing all of the personal devices that contain software, including the ever-growing “Internet of Things,” for which people need the ability to repair and maintain without legal threats. And the Office has again refused to expand the exemption to lawful modification and tinkering.”

This comment was removed at the request of the user

Thanks Duncan – that link presents a much less triumphant view and seems consistent with the link that I found.

If I’ve understood this, it only affects areas whether DRM is used to obstruct owner or 3rd party repairs, and does not remove any of the other obstructions that some OEM’s use.

This comment was removed at the request of the user

This comment was removed at the request of the user

Hard to know how reliable that report is, Duncan, since there’s only the one report in a Hacking mag, and the other two or three reports are lifted directly from the original. I’ll wait to see what the Reg says.

This comment was removed at the request of the user

No, Duncan; but that doesn’t make it true, either. Allegations of this and that are hurled around with monotonous regularity. All I’m saying is that when there’s only a single source for the information it’s better to treat it with caution until more reputable sources confirm it independently. And as we know from the Bloomberg issue in this topic even the reputable sources don’t always get it right.

Edit: read the other reports – they’re all taken from a single original.

I am not into all this, but it makes me wonder how circulating comments that an update might be dodgy helps. There seems to be an element of being first with the story. Who is actually vulnerable to such a problem?

This comment was removed at the request of the user

A quick “Google” showed me that, allegedly, iPhones have had problems like this before. I also know already that there are (or have been) similar flaws in some Windows and Linux OSes, but it has been a long time since I’ve bothered (or needed) to exploit any of them myself.

If this hack is as easy to do as described, then it would be easy for any Apple fan out to verify its existence, if they have have access to a phone running the new OS and another Apple device.

As Ian said, there are a lot of news websites sharing these claims, but none of the few that I looked at seemed to have bothered to directly verified the feasibility of the hack themselves.

Indeed. And Duncan, these websites are generally not run by altruists. In the main they seem to be run for one reason: so that the writers / owners can get more money. This is done either through advertising or, as in the case of some, so that the ‘discoverers’ of bugs can become well known, adding to their future career prospects.

Nowhere have I said, BTW, that this ‘bug’ does not exist, so why you’re berating me I’m not sure, Duncan. But you should also be aware that a total of fourteen potential malware package penetrations were ‘discovered’ over the past five years for Macs, and yet none – none whatsoever – of those 14 have ever been discovered in the wild or even mounted.

Now, you say “I will keep repeating faults in big companies merchandise” but that’s not what you do; you simply repeat what someone else has said without checking it first to ensure it’s correct. That’s not defending the Public. That’s scaremongering.

Duncan, I have to say I largely agree with Ian here.

As a cautious and sceptical person, I often find the nature of your “IT bug share tweets” here tends to suggest scaremongering (if not darker motives) and I, too, often conclude that you have made no significant efforts to verify the material before re-tweeting it here.

For me, a classic example was the time you discovered ReactOS and immediately (or so it seemed) advocated its use as a like-for-like Windows replacement. Approaching that post with an open mind (in spite of my previous experiences with that OS) I then spent several hours trying (but always failing) to install and then boot ReactOS on any of my collection of assorted PCs.

Those of us who write or use complex software should never be surprised by the statements of the form “bugs exist in item x” because we should always expect that to be the case. But, before release, quality software should always have been tested, to see if it really read for use by ordinary users. Even then, those users will manage to stress the software in ways that it authors never imagined and, like as not, will find new bugs doing that.

A few days ago, foul ups in the 1809 Windows 10 update caused widespread deletion of user files. I don’t think I was affected, but I am tempted to wonder how M$’s software QA programme allow that to occur. (Possibly, it is all my fault, because I am no longer active as a unpaid beta tester for Windows 10.)

This comment was removed at the request of the user

Duncan, I think “getting ALL your info from high tech websites” is EXACTLY the flaw that I’m commenting on here.

You could choose to own “reference hardware” and then use it try out potential exploits (as I sometimes do) and then tweet your findings – but you don’t.

As Ian pointed out, many of these websites just re-tweet the work of others, with no added value of their own.

Also, many of these blogs are either run as banner-ware for security products and services – or for their direct advertising revenues (as some YouTube channels are).

Hence, spreading sensational news is an effective way of increasing these sites’ hit counts. And, when that is the case, the “first law of journalism” – “never let the facts get in the way of a good story” is likely to apply.

Then you say you don’t want to be blamed for encouraging hackers – but then why post this information at all?

Also – please don’t tar all hackers with the same brush. Not all hackers aim to do malicious deeds – “white hat’s” and “pen testers” enjoy the challenge of breaching systems, so they can call in those defects and get them fixed.

That said, professional “white hats” expect to get paid for doing so and jilted freelance “white hats” may run blogs such as the ones you cited here, e.g. to drum up business and/or to embarrass companies that won’t hire or pay them, e.g Apple here.

I made no comment on the veracity of your message, Duncan, I merely question how it helps to broadcast it.

Every product on this earth is imperfect. Which? and its contributors and supporters give priority to the defects that are hazardous or life-threatening, as confirmed by rigorous testing.

This comment was removed at the request of the user

Duncan, if you make claims to anything, you need to give the source so people can read the whole story and make up their own minds.

If I state facts I have found online, I always start with:
According to…..

I then follow my excerpt with a website link to the whole story.

This comment was removed at the request of the user

Duncan, your reasoning is mired in the realm of fantasy debate. You’re not reading what we are saying here. If you were you would notice three things:

1. All software has bugs. All programmers know that.
2. Simply repeating what others – often from dubious sources – have said is no more than rumour mongering.
3. Believing blogs without testing things for yourself is short sighted and lacking in discernment.

Notice that we’re not debating whether this news is true or not; it may well be, as all software has bugs. But this topic is about ‘tech talk’, which by its very nature will preclude most folk from becoming involved and reading it. So repeating what you’ve seen on a blog could be an invitation to being mocked.

Oh – and when you say Through the hack, the attacker can see all the private conversations on a locked iPhone. that’s also incorrect, since it only reveals the contact list and requires the attacker to have another iPhone as well as physical access to the potential hackee iPhone.

Many of us will have gained knowledge from others on computer forums.

One of the first things you learned was never believe the first thing you read.

If you are going to mess around with the internals of your PC, confirm actions from different sources written by different people and not just copied from one site to another.

I was reading one forum and poster A asked a question that was answered by a very knowledgeable sounding poster B. Poster A asked poster B how they knew it was the right solution and Poster B answered he had found the answer on another forum!

The same goes for any ‘news’. What you say may or may not be true, but without a source, are we just supposed to believe you without question Duncan?

It could be only half the story or now out-of-date, but without the source, how can we make an informed conclusion?

As Ian says, all software has bugs. I always try to wait a couple of weeks before applying updates so any major bugs might have been rectified by then.

It helps the presentation of a point of view, whether one you believe in or one that is interjected to jolly a Convo along, to give a link to information that most will not know. Then we can make up our own minds. Simply being told something is fact does not satisfy many people. Rather like we question (well some of us) surveys when we don’t know what information was given, what questions were asked, and why they seem to rely on paid respondents. But that’s another story…….

Just as a minor point, I think referring to Red Hat as “hackers” is technically inappropriate. If Red Hat are “hackers” then, presumably, the makers of all other operating systems also qualify for that name.

This comment was removed at the request of the user

This comment was removed at the request of the user

Short answer: No

…and certainly not on the basis of that somewhat selective weblink.

Here’s how I think Red Hat see themselves:

redhat.com/en/about

As alfa said, it is a mistake to believe everything we read on the internet, just as we should not believe everything we read in the newspapers. For example:

My next statement is correct.

My previous statement was incorrect.

Duncan: Marxism and “Far right” are polar opposites, as I imagine you know. And ‘forum’ is the generic term (now) for any internet-hosted, socially-based discussion milieu.

This comment was removed at the request of the user

How do we know that the “data” we are presented with is “unbiased”? Anything we are told is likely to carry some bias. News, data, survey results….. We have to use what experience, if any, we have to try to decide what to believe and to what degree. Difficult, when we cannot even believe our own eyes…… 🙁

Duncan – So far as I can see at no point has Alfa said that you only get your tech information from computer forums. What she said was “Many of us will have gained knowledge from others on computer forums. One of the first things you learned was never believe the first thing you read.“.

That applies to all aspects of life. It certainly does not mean that nothing written on forums is true or that everything you find there is false. The absence of a denial does not prove a truth, and it is well known that strong denials can be issued in order to conceal the truth. So everything is open to interpretation, nothing can be relied on, and there is no point in anyone getting het up about what they read here or anywhere else.

On the other hand, some sources are more reliable than others. So in technical matters, on which you suggest people should take your word for it in making their decisions [e.g. don’t install this update yet], failure to give a source does not invalidate it but it is not helping people to have confidence in what you say.

Your reaction to people’s comments suggests that you expect people to have confidence in what you say, and that you are aggrieved if they don’t. If you sincerely believe that people need to know what you have learned for their own benefit and safety on-line then your advice needs to be seen to be authoritative.

This comment was removed at the request of the user

Fair enough, Duncan. I therefore suggest that you either circulate everything critical that you discover affecting commonly used devices or nothing at all since otherwise something will fall in the gap and damage your reputation.

This comment was removed at the request of the user

duncan,

Further to the FACT that your PC seems to have probed its analogue connections and determined that an Arcam amp is connected, is it really reasonable to conclude that someone like GCHQ may be responsible?

I’d have thought that those responsible for the Linux Alsa sound system would have been much more likely to have implemented this kind of hardware probing, e.g for system tuning or diagnostic purposes.

I’ve just checked my system files under /proc/asound – were those the ones affected on your PC?

Duncan – Is there any chance that you could have entered details of your amplifier when setting up the system?

…yes, indeed, that would be one potential explanation 🙂

Occam’s razor would seem to apply.

This comment was removed at the request of the user

I was just guessing, Duncan. I look forward to learning the solution to your puzzle.

Duncan, it looks to me as though the file you mentioned is now provided as part of Arch:

archlinux.org/packages/extra/x86_64/alsa-plugins/files/

If so, when I suggested “I’d have thought that those responsible for the Linux Alsa sound system would have been much more likely to have implemented this kind of hardware probing, e.g for system tuning or diagnostic purposes.” I would have been on the right track.

Alternatively, if I were setting out to hack the linux sound system on behalf of any given spy agency, e.g. perhaps so that linux PC’s could become covert listening devices, do think I would actually leave such an obvious forensic trail as to put files with obvious and meaningful names and contents around in obvious places like the alsa configuration directories?

This comment was removed at the request of the user

Cheers Duncan.

When I was at uni, my amp would sometimes accidentally pick up local taxi radio messages. I’m sure MI5 (and other security services) now have decades of experience in covert listening devices. I’ve always thought the laser based ones that just reflect a beam off a window pane in the target room were particularly clever.

As regards booby traps, SECRET FILE is a bit of an obviously made up teaser name, I’m sure README would look look more innocent and be at least as effective.

My current move to Linux was encouraged by a fake Adobe update a few years ago. As far as I know that was the second time that I have suffered any kind of virus attack on Windows. The other time was long ago in my Windows 98 dial up via damp string internet days and I think involved email malware, but I do not remember any details.

This comment was removed at the request of the user

It’s great when mysteries have a simple explanation.

On the subject of MI5 and covert listening devices… has anyone been watching The Little Drummer Girl on BBC1? I’m a big Le Carre fan, personally, and would recommend it.

I’m re-reading the book at the same time. I’m a fan too and so far the beeb are doing a good job onb this, like they did on The Night Manager. We’ll watch the previous episode on iplayer the day before just to remind ourselves of the details to date.

Did you enjoy the (fairly) recent film adaptation of Tinker, Tailor?

Yes. I also enjoyed the BBC series from 1979 with Alec Guiness and always think of him as the George Smiley – I suppose, like some, think of Sean Connery as the James Bond. Smiley’s People (1982) was also enjoyable. Have them as a DVD sat and re-watch them from time to time.

So far I’ve enjoyed all the TV series and films but you have to pay attention!

I was disappointed with this. Guiness & co took six episodes to tell the story, the acting was superb and I continue to watch the DVD with pleasure. The film contracts everything into around two hours. Oldman (in my opinion) lacks the charisma of Guiness and seems to float around without doing very much. One look at Sir Alec’s spectacles and the power behind them radiates. He takes the character from the book foibles and all. Equally gripping is the BBC adaptation of Smiley’s People. I haven’t watched The Little Drummer Girl, but I have the book and may well buy the DVD when it arrives.

Ah, I’ve never seen it, Vynor, but I have heard good things. I’ll find a copy of the DVD and give it a go.

Malcolm and Vynor, I’ve now watched the 1979 Tinker, Tailor… and agree: much preferred Alex Guiness as Smiley and it works much better given the space of 7 episodes rather than just 2 hours in the film. I also enjoyed Ian Richardson in it… knowing him from the later British version of House of Cards, which he’s really brilliant in.

I enjoyed the recent film – but I agree that it is hard to compress many good books into a single film.

I think Ian Richardson’s superb and excruciatingly enjoyable performance in House of Cards was in a direct line from Tinker, Tailor, Soldier, Spy via Private Schulz and Porterhouse Blue. He continued to cultivate and perfect the urbane and supercilious manner that was dramatic genius because it was not his natural form.

You may say that, but I couldn’t possibly comment 😉

This comment was removed at the request of the user

So what, exactly, is “Informed Delivery”?

Informed Delivery® by USPS®

Digitally preview your mail and manage your packages scheduled to arrive soon! Informed Delivery allows you to view greyscale images of the exterior, address side of letter-sized mailpieces and track packages in one convenient location.*

* Images are only provided for letter-sized mailpieces that are processed through USPS’ automated equipment “

And the charge for use of this facility? The idea that every morning I shall get up and check on-line to see what the post-person will be bringing me in an hour’s time is fanciful.

It might be useful if, after previewing my mailpieces, I could reject, discard or return to sender any that I do not want. In this country few letter-sized mailpieces have any indication on the address side of the sender’s identity.

There must be a considerable logistical operation involved in separating out the mailpieces for those who have subscribed to this service and running them through a scanner for access by the subscriber. Perhaps automated mail-sorting technology can handle that and return it to the correct delivery round without holding up the process but to make it profitable to the postal service the user charges would need to considerable – and for what real benefit?

Duncan says this service would be hard to opt-out of, but I don’t know why. And I cannot see what hackers would gain from it either. They would have to waylay the post-person and steal my packets in the hope of finding my monthly postal order.

Duncan: when you say “the power of the media mesmerises again and “tomorrow ” in the UK we will again copy US bad practice for the sake of commercialism.” you raise several issues and draw unjustified conclusions.

There are many issues on which we don’t ape the US (tried ordering a .35 Magnum by post, recently?) and your blanket assumption that everyone in the UK will be “mesmerised by the media” is, I believe, wrong. Many of us can see the media for what it is and how it operates.

You delight in telling everyone about the latest ‘hacks’ which, BTW, are usually nothing of the sort, but that’s another discussion, but in the same breath you fail to mention the more serious issues: the UPnP vulnerabilities in routers built by Billion, D-Link, Linksys, Technicolor, TP-Link, ZTE, Zyxel, and Australian supplier NetComm, plus a bunch of devices supplied under ISP brands like CenturyLink, the impacts of which are far more serious and far reaching.

It’s a fact that countries around the globe are always seeking new ways to create more profit and if technological innovations arrive which seem to promise that, they’re often adopted. And with the inexorable rise and rise of the TransNats tht’s only going to become more common.

This comment was removed at the request of the user

This comment was removed at the request of the user

As ever, the more we rely on computers, the more vulnerable we potentially become to hacking.

Earlier this week, someone told me “I’ve never been hacked”. I thought “no – you can only say that you’ve never KNOWINGLY been hacked” but didn’t say anything. Put simply, like any other robbery, the whole point of a well executed hack is to get in, get data and get out again undetected.

If we’re going to promote the safe and sensible use of technology here, we should welcome INFORMED discussions on relevant hazards, their potential consequences and the resulting risks.

Duncan, I think Ian and John were pointing out that you don’t seem to be able to distinguish between hazards and risks when you post hacking factoids here.

For example, a while ago, I think you advised us all to stop using USB data storage, because its firmware can can hacked. [ I know it can be – I’ve even done it once 😉 ]

I think then many of us then responded along the line that, OK but so what? Aren’t the risks negligible in relation to the benefits of such storage?

Duncan: I honestly don’t know of anyone among the ‘regulars’ who’s criticised you for being too ‘tech’. And this, after all, is the topic in which to post technical details.

The real issue is as Derek identifies: it’s important to distinguish between what is a possibility – no more – and what can cause serious harm.

Hey Duncan, as Ian suggests, this thread is for tech discussion, so do feel free to discuss the intricacies and technical details of products — obviously just try to keep it as accessible as you can 🙂

Derek, I had to think about this for a second as the two words are used so interchangeably in everyday speech, but then a GCSE science lesson came back to me: a hazard is something that could possibly happen; a risk is the likelihood of it happening. Is that about right…?

I’ll also insert an oar here to say that risk is always explained via percentages, but all too often the baseline figure is never inclued making the percentage by itself largely meaningless. After all, if the risk of being killed by a TseTse fly bite in the UK is around 0.00008% an increase of 400% in the risk is still going to leave the bite mighty unlikely to ever happen.

This comment was removed at the request of the user

Oscar / Ian – sorry I was deliberate posting in concise (“Google – what’s that?”) mode…

In formal Engineering terms, not least for safety and security assessments:

A “hazard” is a potential “bad”, unwanted, undesirable outcome or consequence;

A “risk” is the product (or aggregated product) of frequency x consequences, where frequency is the expected rate at which consequences are expected to occur. If bad events, e.g. tumble dryer fires, are actually happening regularly, it is reasonably easy to quantify the required frequency data, but that is not always the case.

It was good to hear that GCSE science covers this 🙂

Correct dimensions (or units) for risk are “bad things per unit time” (e.g. deaths from tumble dryer fires per year)

Duncan you just posted “I am surprised at you Derek with your knowledge backing up the flashy commercial line the public are fed when it takes 6 months for big business to admit they -quote -made a “mistake ” and thats after having no option but to admit it” – I did not say (or intend to say) that at all!

If you think I did, please would you post a quote of my actual text from the above thread together with your explanation of why you think it supports your above statement?

This comment was removed at the request of the user

Duncan, I did not make any blanket statement above that the overall risks from hacking were negligible.

I did say that, at least for myself, I consider the risk that any of my USB devices might have hacked firmware to be negligible in relation to the benefits that I get from their use.

I agree that the public should face the truth and not be deceived into a false reality.

But this exactly why I feel the need to challenge many of your statements here.

For example, only a few days ago, you were telling us of a “suspected hack” to your PC, when it transpired the “hack” was performed when you made a certified and approved update to your OS. If we’s all taken your first post at face value, we might now be in a false reality, in which someone has hacked the ALSA sound system on Manjaro.

This comment was removed at the request of the user

Duncan,

My point was that, after your first post on that thread, appropriate challenges and comments by both wavechange and myself directed you away from your initial incorrect explanation to the correct one.

So, in short, your first post there was INCORRECT but comments and challenges here helped you towards the TRUTH.

This comment was removed at the request of the user

Duncan, I know I’m not perfect. That’s why I’ve learnt to listen to comments and challenges from others, think on them, and then revise my views and behaviours accordingly.

But I still do think you exercised poor judgement then, by jumping to the conclusion that a credible explanation was that you’d been hacked.

After all, ARCAM are still in business, so why wouldn’t a popular sound system include support for their products?

This comment was removed at the request of the user

Duncan – Earlier today you asked me “why don’t you read the reason why the US SS gave in reference to data gathering of every US citizens postal communications ?”

(a) I knew nothing about it,
(b) I assumed if it was relevant you would have mentioned it, and
(b) I am not really interested in what happens in the US mail system.

Your comment on Informed Delivery was so vague and unclear that Ian had to provide an explanation.

It was the fact that you alerted us to what you thought was an imminent implementation in the UK of an American procedure, employed by the United States Postal Service, that sparked my interest. It seemed that this procedure was for previewing our mail deliveries and enabling us to see what was coming.

I can see the justification for this in the States because a lot of bad things are sent through the postal service and the authorities need to be able to identify it and search for it. So far as the ordinary law-abiding citizen is concerned it seems harmless enough to me. I expressed doubts about it, though, and I can’t imagine it’s coming here soon. It is unlikely to be secure from hacking but, as I pointed out, I could not see how hacking the data would be very beneficial to anyone anyway.

This comment was removed at the request of the user

Read the entire thing and it appears uniquely American at the moment. For a start, it seems it really only works well under two conditions:

1. The users have mail boxes. We don’t.
2. UPS simply don’t use decent authentication methods for new account start ups.

Other than that. however, it seems like just another scam.

This comment was removed at the request of the user

Duncan,

I agree that, as far as I can see, the only specific ALSA package to name a given amp is the one for the ARCAM AV 300.

Here’s what its read-me file says:

“***************************************************************************
Arcam AV Amplifier ALSA Control plugin
======================================

This plugin exposes the controls for an Arcam AV amplifier
(see: http://www.arcam.co.uk/) as an ALSA mixer device.

To use this plugin you will need to connect the amplifier
to the PC using an RS-232 null-modem cable and use the
following ALSA configuration:

ctl.arcam_av {
type arcam_av
port /dev/ttyS0
}

The “port” parameter is required and indicates the serial
port to be used to communicate with the amplifier. There is
an optional “zone” parameter, which accepts a value of
either “1” (default) or “2”, that indicates which of the
amplifiers zones should be controlled.

NB: You must ensure that any user accounts that are to use
this plugin have both read and write access rights for the
configured serial port.

This plugin was developed and tested using an Arcam AVR 300
amplifier. I believe most Arcam amplifiers use a sufficiently
similar control system to be compatible with this plugin but
your mileage may vary.
“***************************************************************************”

This module seems to have been added to ALSA by Peter Stokes and was added to the project in 2009.

As someone who’s not an audio buff, I couldn’t tell you if any other audio amps have digital interfaces.

Even so, I still think your suggestion that,

because no others are specifically supported by bespoke named drivers, an apparent package for an “odd-one -out” ARCAM might reasonably be regarded as “suspicious”

is still a bit daft, because:

a) given the nature of open source projects, if one or key players in the project are ARCAM fans, you’d quite likely see better support for those devices than for every available device on the market,

and

b) as I also said before, a skilled hacker setting out to hack all the ARCAM amps out there wouldn’t need to do it by means of files with obviously purposeful sounding names like “great_hacked_your_amp.dll” in obvious locations like driver file directories.

One of the bug-bears of Linux is often the lack of device drivers for fancy hardware, especially if the hardware OEMs will not release the data needed for the writing of device drivers by others. So ARCAM themselves may have either volunteered this project, or agreed to collaborate, after being approached by Peter Stokes.

BTW you also said that “You seems to forget I am on high quality audio websites , I get emails from them as well as emails from high end audio companies in the UK”. How could I have forgotten what I never knew in the first place? It’s not as if I’m monitoring your internet and email usage – or even reading everything you posted here or on other forums.

This comment was removed at the request of the user

I could not see where the Informed Delivery Service was imposed on people. The report described the service as an “offering”. To me that means people have to opt-in not be locked in and unable to opt out. I don’t see why we should worry too much about this or even come to terms with the details. We can cross that bridge if and when it happens.

In the UK credit and debit cards either have to be collected from the bank branch and signed for with proof of identity, or cannot be used until they have been validated in a branch, again with proof of identity. This might not be totally foolproof but it is a reasonable security step. I think some years ago with one bank a new credit card arrived in a plain manila envelope with a handwritten address and a postage stamp. That’s a simple way of confounding the fraudsters.

Ian – Did you mean UPS [UnIversal Parcel Service]? This is about the United States Postal Service [USPS].

The USPS registration process for uptake of the Informed Delivery service appears quite thorough with an on-line verification process [or, in default, in person at an identity verification facility].

The following is from the USPS website –

“Informed Delivery is a free and optional notification service that gives residential consumers the ability to digitally preview their letter-sized mailpieces and manage their packages scheduled to arrive soon. Informed Delivery makes mail more convenient by allowing users to view what is coming to their mailbox whenever, wherever – even while traveling – on a computer, tablet or mobile device. To automate the sortation and delivery of mail, the United States Postal Service® (USPS) digitally images the front of letter-sized mailpieces that run through automation equipment. USPS is now using those images to provide digital notifications to users in advance of the delivery of physical mail. Informed Delivery benefits the entire household, ensuring that everyone has visibility into mail and package delivery each day. Informed Delivery allows users to take action before important items reach their mailbox, while offering mailers an unprecedented opportunity to engage users through synchronized direct mail and digital marketing campaigns.”

As can be seen in the final sentence, there is a commercial spin-off which presumably compensates for the free service [which is a simple by-product of the automated sorting process].

The service is available at present only to eligible addresses – those where the individual unit in a multi-unit building has been individually coded. That covers one of my original concerns about properties without a separate postal plate, enclosure or mail box for each unit of accommodation. The service will be offered to residents in such buildings as and when the coding has been carried out.

Given the optional nature of the service, and the fact that many people will be excluded from it because their residence cannot be individually coded, I cannot see how this has been introduced at the insistence of the Secret Service, although it is possible that the Secret Service might have supported, or possibly requested, the digital imaging of mail in the sorting system when the technology was updated and new equipment was designed. That would have been a few years ago I would expect. I do not know whether the Royal Mail has the same type of sorting system involving digital imaging.

The USPS does not have an absolute monopoly on postal services in the USA. UPS, FedEx and DHL are also major courier services and are possibly not involved in any form of Informed Delivery service involving scanned images of the letters, packets or parcels that they deliver. They tend to require a signature on delivery or additional security for special consignments.

Had a good chuckle when I saw the innumerate Diane Abbott – potential future Home Secretary – was taken in by the old ‘You computer has been hacked’ scam.

You’d think a savvy politician would have more sense than to post like that on twitter…

Ah – but then you remove responsibility from the equation, don’t you? Don’t forget, she could become responsible for cyber security in a future administration. If nothing else, is she setting a good example? And posting about it, on Twitter – of all places – does, I believe, cast even more doubt on her capabilities. Must admit, that’s what I found so amusing.

Personally I think there’s a degree of courage involved in publicly admitting that one was taken in by such a scam, some of which can be precisely targeted and very professionally executed. Let’s not forget – the most common victims of scams are higher level professional men in their forties and fifties, which isn’t really the stereotypical hapless/vulnerable profile often portrayed. I really don’t see that being open deserves mockery – if only more people would admit they were caught out and remove the stigma of reporting…

This comment was removed at the request of the user

I think the problem with twitter is that enough details can never be given and anything you can be be twisted against you and then re-tweeted.

But, given that broadcast and social media seem to have haken on the role of modern day opium for politicians, they all seem compelled to use all available media 24/7/365, as moths might be drawn to a candle flame.

For example, just watch Ted Cruz in this clip:

youtube.com/watch?v=GJ8VV6TqeXI

He must know he’s going to be made of fun of, but, rather than risk losing the oxygen of publicity, he bravely participates.

And, of course, he did (eventually) get the last laugh – because he won the election.

We’re wandering a bit. Can we attempt to keep the focus on this specific incident?

“The UK Shadow Home Secretary admitted to handing over control of her computer to a stranger after a random caller asked her to install Remote PC. It’s a common scam.”

So – here’s a potential Home secretary, who hands over control of her computer to someone she’s never met, for a scam with which she should be extremely familiar. And that sounds like the work of A clever scammer (who) can be very convincing? I’m not convinced.

I’m not sure I believe we should be commiserating with and applauding someone in her position whose gullibility and sheer stupidity have been exposed. Would she hand over her silver badge to a man pretending to be a detective? Or transfer money to somone’s account on the word of someone she’d never met?

The point is that we expect – and have a right to expect – that people who can end up in charge of our secret services understand how to behave and how to react.

This isn’t some middle-aged housewife; this is the person who could end up controlling MI5, MI6, GCHQ and the Government’s entire cybersecurity apparatus. That’s what we need to remember when saying we shouldn’t be nasty to her for being so stupid.

So, Adam: have you ever fallen for a scam? Have you, Kate?

Ian, I expect most of us have fallen for scams of one kind or another at some point in our lives.

It may even be that falling victim in that way is a useful life lesson that helps us evolve from “that could only ever happen to stupid people and not to me” towards “better take care I don’t get scammed here”.

Indeed, you might say that anyone who has ever bought any goods that weren’t exactly as described or exactly as expected has been scammed to some extent.

There are even old songs about getting scammed:

azlyrics.com/lyrics/genesis/theladylies.html

“The UK Shadow Home Secretary admitted to handing over control of her computer to a stranger after a random caller asked her to install Remote PC.“.

If this is an accurate and complete report, in summary, of what happened then yes, it might be a typical scam people would fall for. However, doing so shows a lack of knowledge and awareness of what goes on in the computer world, and a lack of caution in how to deal with your computer responsibly. All politicians and public servants having access to sensitive information should be properly educated in the precautions they need to take, let alone those in the higher positions, whether in government or opposition. Those unable and not equipped to handle this kind of responsibility should be removed from such positions and replaced by more reliable people.

The serious point about all this is that, as well as any material to or from the Labour Front Bench, or the Party machinery, and her constituents [some of which might be highly confidential], the Shadow Home Secretary’s computer might also have classified government information on it as certain matters of national security, criminal activity, and constitutional matters are shared confidentially, on a need-to-know basis, with the Opposition to obviate them having to ask for information publicly in the House.

With luck, whoever hacked Diane Abbott’s device was not savvy enough to grasp the potential of what they had done, and that the computer was immediately cleansed of any malware.

Civil servants and Ministers have a shocking record of a casual attitude to the protection of confidential material. Laptops are left on trains, classified documents are left on benches on the river bank, e-mails are sent to the wrong people, addressees are not entered in the Bcc box, and people wander along Downing Street with their files open and everything on show.

Indeed; it’s rare a year goes by without around 50 laptops being left on public transport.

This comment was removed at the request of the user

Yes, some are quite clever but they always get something wrong – or not quite right – and that rings alarm bells. The more correct data about the target in the initial approach the more likely it is that the target will suspend their disbelief, and that is how telephone call scams work and are quite effective in getting people to drop their guard.

There is less excuse nowadays for falling for the e-mail scams as they have been well-publicised, but every minute a new internet user gets going so there is a never-ending supply of phish to be caught.

Quite, Kate; same here, but we don’t fall for them – probably because we’re sceptical by nature.

This comment was removed at the request of the user

I expect banks and other financial institutions affected by a hack must immediately notify the Financial Conduct Authority and the Information Commissioner’s Office who will give guidance on how to handle the problem and provide customer reassurance. They will also be cooperating with the police if a crime has been committed.

As with many crimes, there is some merit in not revealing that it has been discovered while there might still be a chance of apprehending the perpetrators or recovering the situation. Without knowing the full details of the October 2018 data breach at HSBC Bank it is not possible to make any useful comment on the bank’s action in response to it.

I believe it only affected a small number of US customers: “HSBC would not give the exact number of online banking accounts crooks rummaged through, but it would say the hack affects “less than 1 per cent” of what reports estimate are 1.2 million US customers”. Nothing to do with the UK.

It was reported two days ago in the Reg.

That is fair comment Kate, but the larger the database the bigger should be the capacity available to deal with a breach, either in-house or under contract or some of each.

Obviously, if customers have got to check their bank accounts etc to prevent any misappropriations, time is of the essence. The precise scale of the data breach is not important at the outset but every person potentially affected should be warned. Where this is in conflict with detection activity I feel that should take precedence since all personal losses must be recompensed thus ultimately protecting the customer – seriously inconvenient though that might be.

Staying Safe Online – Here’s some advice to consumers that I received today. As it may have wider applicability I thought I’d share it below:
*****************************************************************************************
“Hello Derek

At Morrisons, we take your security very seriously. As Christmas approaches, we’d like to provide you with some tips to protect your online security.

If you have used the same password that you use to log in with Morrisons com on any other websites, or may have shared your password with someone else, we recommend that you change your password, to stay safe.

You can do this right now by visiting Morrisonscom and log in to update your details.

Top tips for password safety:

Use a different password for each website that you use.
Keep your password secret.
Ensure the password is at least 8 characters in length and uses at least one capital letter and one number.
We will never ask you to share your password with us.

Top tips for email safety:

We will never ask you to respond to any email with personal data such as your bank details, date of birth or phone number.
From time to time we may ask you to check or update your address details. We will do this by directing you to the Morrisonscom website and logging on to update your details.
With most email service providers you can inform them when you receive a spam email through a ‘report as spam’ button. Doing this when you receive a spam email helps to track spam email senders and stop them getting into your inbox the next time.
Genuine Morrisons emails only come from the following email addresses:
info@emailmorrisonscom
customerservices@morrisonsplccouk
morrisonsonline@groceriesmorrisonscom

Thank you,
Your Morrisons Team”
****************************************************************************************

Other supermarkets are available, so I do not present the above to advertise or endorse Morrisons. In fact, since they closed their local store on the Barnwood Road, I seldom ever shop with them, other than if I’ve mysteriously disappeared into the Gloucester triangle 😉

That said, it is good to see retailers putting this kind of advice, in a simple and accessible form.

Trouble is, it doesn’t address the real problem, which isn’t insecure passwords per se but crims (often insiders) who sell on your access details. And it’s fine them telling you where genuine emails originate, because we know crims can’t spoof email addresses. Can they?

I’d rather they’d said something on the lines of “We will never send an email with hyperlinks in.” But I agree it’s good to see some companies making an effort.

Ian, some good points there.

As we’ve probably discussed before, many different websites control logins via user email addresses and passwords, so not using a different password for each different site is a substantial security weakness.

Now that many internet users have mobile phones, a lot of good sites are using SMS message to send out “one time pad” style authorisation codes for each login. So hackers should not be able to login unless they can also intercept those codes.

I tried a password manager once. Never again. Mac has keychain, which is pretty darned good, but I supplement that by keeping an encrypted document on the desktop with every password I ever use.

This comment was removed at the request of the user

This comment was removed at the request of the user

This comment was removed at the request of the user