We take your privacy, seriously.
Most debian users will be familiar with the ASCII “moo” easter egg in apt-get. I have just stumbled upon a more elaborate piece of ASCII art by one Professor Toyoda Masashi who wrote a joke program to reprimand those command line users who misspell “ls” as “sl” (it happens). I installed it on my desktop …View full post
My recent explorations of how to strengthen the ssl/tls certificates I use on both trivia and my mail service have given me cause to look for tools to help me test my configuration. The Calomel firefox plugin and sslabs site are very useful for checking HTTPS configurations, but they are fairly specifically aimed at that …View full post
I value my privacy – and I dislike the increasing tendency of every commercial website under the sun to attempt to track and/or profile me. Yes, I know all the arguments in favour of advertising, and well targeted advertising at that, but I get tired of the Amazon style approach which assumes that just because …View full post
For some time now I have protected all my own connections to trivia with an SSL connection. I do this to protect my user credentials when managing trivia’s content or configuration. In fact my server is configured to force any connection coming from my IP address to a secured SSL connection so that I cannot …View full post
I’m still having a variety of problems with my sheevaplug. Not least of which is the fact that SDHC cards don’t seem to be the best choice of boot medium. I have had failures with two cards now and some searching of the various on-line fora suggests that I am not alone here. In particular, …View full post
I am in the process of changing passwords on a bunch of different systems/applications and have been pondering my algorithms, so to speak. Like my friend David, I have an internal model of varying password schemes which I can use in different places. This means that I can happily pick a password for a low …View full post
I noted in an earlier post that Linksys were ceasing production of the NSLU2. There are now a variety of NAS systems coming onto the market which might make good replacements – but most of them look expensive when compared to the slug. However I’ve just seen a review of a box which looks as …View full post
Some enterprising chap, possibly called “Chris Fisher” if the whois record is correct, has registered the domain name nsa.org. He now appears to be selling email accounts on that domain. The accounts are quite pricey too at $142.00 considering that he is only giving 2 Gig of store. Mind you, his FAQ is quite honest. …View full post
At about the time I decided to move trivia to my own VPS, there was a lot of fuss about a new worm which was reportedly exploiting a vulnerability in all versions <= 2.8.3. Even the Grauniad carried some (rather inaccurate) breathless reporting about how the wordpress world was about to end and maybe we …View full post
You could regard this as another pointless entry to go alongside the webcam. But hey – so what. I had cause to check the uptime on my slugs a little while ago now that they are largely stable and providing the services I want. After doing so I thought it would be good to be …View full post
Recently you may have seen adverts in a wide variety of publications for a USB turntable. This product is aimed at people (like me) who have a collection of old vinyl recordings but no longer have the means to play them as they have moved to CD and/or digital recordings. Most of the turntables I …View full post
The volume of spam backscatter I am receiving at the baldric.net domain currently runs at around 18-20,000 emails per month, nearly all of which is aimed at the info@ address I have mentioned before. My mail server is currently configured to reject mail to non-existent users at the SMTP level with a permanent failure message …View full post
I run two tails mirrors. One in NYC, the other in SanFrancisco. They each serve around 2-3 TiB of data per month. In common with my other servers, occasionally I need to interrupt those VMs in order to effect a system upgrade. I had to do this very recently with my upgrade of all my …View full post
The Tor network does not just provide anonymous internet access, it also provides for so-called hidden services. These services are not visible outside the Tor network and are only reachable over Tor. The servers are given Tor specific addresses of the form “xyz123.onion” (actually, the addresses are a little more complicated than that because the …View full post
Steve Bell’s If… cartoon in yesterday’s Guardian was wonderful, and wonderfully opportune in its timing given my letter to Jeff Bezos. I wanted to include a copy here so I emailed Steve this morning asking for permission. Astonishingly he replied, saying yes, only minutes after I had sent my request (clearly he wasn’t very busy…..) …View full post
but I just can’t resist it. The Cabinet Office has launched a trial version of a new central government portal called alpha.gov.uk (snappy title). This trial site is a taster for what the designers hope could be a “new, single UK Government website”. I cannot help but be amused by the fact that one of …View full post
In my post about the astonishing speed of the DigitalOcean network compared to the appalling service I was getting at ThrustVPS, I mentioned that the free bandwidth model didn’t look sustainable in the long run. Indeed, DigitalOcean told me themselves that they would move to a more normal commercial model when they had a better …View full post
In the past couple of days I have received some amusing email spam. I own ten different domain names, mostly in the .net TLD. The spam emails in question all offered to sell me the domain “exnic.com” on the grounds that I already own “exnic.net” (not an unreasonable sales pitch). It turns out that this …View full post
Recently I have been faced with the need to wipe a bunch of hard disks removed from some old (indeed, in one or two cases, very old) PCs before disposal. Normally I would have used DBAN to do this because it gives me a nice warm feeling that I have taken all reasonable steps and …View full post
I can’t resist this. El Reg today points to a blog post by a guy called Dan Farrall who has commented on his experience of receiving a plain text reminder of his GCHQ recruitment site password by email after filling out its forgotten password form. Farrall’s blog post is worth reading. Whilst he acknowledges that …View full post
Any half decent sysadmin will routinely test the security of his or her own systems. A good, and sensible, sysadmin will follow up those tests with an independent security audit by a professional company – preferably one which is a member of a recognised industry body (such as CREST). Finding the holes in your security …View full post
I bought another new toy last week – a D-Link DNS 313 NAS. Actually, this was a mistake because what I really wanted was the DNS-323. I just wasn’t careful enough at the time. Quite apart from having space for two 3.5″ SATA hard drives instead of just one, the 323 is a very different …View full post
The guys at gnucitizen have posted details of another vulnerability in the BT home hub (and related Thomson routers). This vulnerability allows a remote attacker to reconfigure the router using the UPnP functionality which is turned on by default. UPnP is an authenticationless protocol designed to allow local devices to reconfigure the router – typically …View full post
I have commented in the past how I prefer lighttpd to apache, particularly on low powered machines such as the slug. I used to be a big apache fan, in fact I think I first used it at version 1.3.0 or maybe 1.3.1, having migrated from NCSA 1.5.1 (and before that Cern 3.0) back in …View full post
My daughter saw my netbook the other day and decided that she wanted UNR on her Tosh laptop to replace the 8.04 hardy I had installed for her (no-one in my family is allowed a proprietary OS – this occasionally causes some friction). Anyway, the old Tosh she uses (which has seen various distros during …View full post
This post is partly for my own benefit. It records some of the most useful references to bios updates for the AAO. My own AAO is actually running a fairly early bios (3114) and deliberately so. I upgraded to 3309 in (yet another futile) attempt to get sony memory sticks to work but found that …View full post
This is nasty. There is a remotely exploitable bug in openssl which leads to the leak of memory contents from the server to the client and from the client to the server. In practice this means that an attacker can read 64K chunks of memory on a vulnerable service, thus potentially exposing security critical information. …View full post
As an unashamed gadget freak I suppose I should applaud the rise of the e-book in all its wondrous forms. But actually I much prefer the “real thing” (TM). Some while back I became involved in a series of email exchanges about e-books in general and the Amazon Kindle in particular. That exchange made me …View full post
I have just run a search for further evidence of the possible compromise at thrustvps and found threads on webhostingtalk, vpsboard, freevps.us and habboxforum amongst others. All of those comments are from people (many, like me, ex-customers) who have received emails like the one I referred to below. So, I guess thrust /do/ have a …View full post
As a Guardian reader I find the Daily Mail distasteful and I would not normally refer to it in trivia. However, a friend of mine has just sent me a link to a random Daily Mail page generator which manages to lampoon the rag quite successfully. Further investigation of the author’s blog reveals another random …View full post
Permanent link to this article: http://baldric.net/2014/07/28/punctuation-matters/
Jul 23 2014
Like most ‘net users I get my fair share of spam. Most of it gets binned automatically by my email system, but of course some still gets through so I am used to hitting the delete button on random email from .ru domains offering me the opportunity to “impress my girl tonight”.
Most such phishing email relies on the recipient being dumb enough, naive enough, or (possibly) drunk enough to actually click through the link to the malicious website. I was therefore more than a little astonished at an email I received today from the open rights group. That email is given below in its entirety (I have obfuscated my email address for obvious reasons).
From: Department of Dirty
Subject: Cleaning up the Internet
Date: Wed, 23 Jul 2014 07:14:18 -0400 (EDT)
Ever thought the internet was just too big? Want to help clean up online filth?
*Welcome to the Department of Dirty*
Watch the Department tackling its work here: www.departmentofdirty.co.uk and share our success, as we stop one man try to get one over us with his ‘spotted dick recipe’:
Department of Dirty Video: http://www.departmentofdirty.co.uk/
The Department of Dirty is working with internet and mobile companies to stop the dirty internet. We are committed to protecting children and adults from online filth such as:
*Talk to Frank: This government website tries to educate young people about drugs. We all know what ‘education’ means, don’t we? Blocked by Three.
*Girl Guides Essex:
They say, ‘guiding is about acquiring skills for life’. We say, why would young girls need skills? Blocked by BT.
*South London Refugee Association:
This charity aims to relieve poverty and distress. Not on our watch they don’t. Blocked by BT, EE, Sky and VirginMedia
This is just the tip of the iceberg.
We need you to help us take a stand against blogs, charities and education websites, all of which are being blocked . It’s time to stop this sick filth. Together, we can clean up the internet.
Your Department of Dirty representative
 You can find out what we’re blocking at this convenient website: https://www.blocked.org.uk/
[DISCLAIMER] This email has come from the Open Rights Group. This email was delivered to: firstname.lastname@example.org If you wish to opt out of future emails, you can do so here.
Now, I’m an ORG supporter (i.e. I am a paying member) and I am sure that someone, somewhere in ORG thought that this email campaign was a great idea. After all, it follows up the ORG’s earlier research on the fairly obvious stupidities arising from the implementation of Dave’s anti-porn campaign, it looks “ironic”, and it uses a snappy domain name which has shades of Monty Python about it. But I’m sorry, in my view this most certainly is not a good idea and I’m sure that ORG will come to regret it.
One of the most fundamental pieces of advice any and every ‘net user is beaten up with is “do not click on links in unsolicited emails”. In particular, the advice normally goes on – “if that email is from an unknown source, or has in any way a supicious from address you should immediately bin it”.
This email comes from an unknown address with a wonderfully prurient domain name. Even if it is successful and gets to the intended email inbox , it then relies on the recipient breaking a fundamental security rule. It does this by encouraging him (this looks to be male targeted) to click on a link which the naive might believe leads to a porn video.
How exactly is that going to help?
( Note. It got to my email inbox because the email system at e-activist.com which sent it is allowed by my filters.)
Permanent link to this article: http://baldric.net/2014/07/23/department-of-dirty/
Jul 21 2014
I get my domestic ADSL connectivity from the rather excellent people at Andrews and Arnold.
They also happily take (and similarly reply to) GPG encrypted support questions.
Good guys. Thoroughly recommended.
Now can you /really/ see BT doing any of that?
Permanent link to this article: http://baldric.net/2014/07/21/drip/
Jun 30 2014
I have been travelling a lot over the last few months (Czech Republic, Scotland, France, Germany, Austria, Slovenia, Croatia, Italy). That travel, plus my catching up on a load of reading is my excuse for the woeful lack of posts to trivia of late. But hey, sometimes life gets in the way of blogging – which is as it should be.
A couple of things struck me whilst I have been away though. Firstly, and most bizarrely I noticed a significant number of tourists in popular, and hugely photogenic, locations (such as Prague and Dubrovnik) wandering around staring at their smartphones rather than looking at the reality around them. At first I thought that they were just checking photographs they had taken, or possibly that they were texting or emailing friends and relatives about their holidays, or worse, posting to facebook, but that did not appear to be the case. Then by chance I overheard one tourist telling his partner that they needed to “turn left ahead” whilst they walked past me so it struck me that they might just possibly be using google maps to navigate. So I watched others more carefully. And I must conclude that many people were doing just that. I can’t help but feel a little saddened that someone should choose to stare at a google app on a small screen in their hand than look at the beauty of something like the Charles Bridge across the Vlatva.
The second point which struck me was how much of a muppet you look if you use an iPad to take photographs.
Permanent link to this article: http://baldric.net/2014/06/30/inappropriate-use-of-technology/
May 30 2014
My newspaper of choice, the Guardian, has for some time produced its own android (and iOS of course) app. I have often used the android app on my tablet to catch up on emerging news items at the end of the day. I also read the BBC news app for the same reason. Yesterday I received an update to the Guardian app. That update was a complete rewrite and gives the user a very different experience to the original app. For example, in the old app I could tailor the home screen to show me just the news categories I wanted (i.e. no sport, no fashion, but plenty of politics, business and UK news). In the new app I can only do that if I subscribe to a paid version. Sorrry, but no, I already pay for the newspaper, I just want this to give me updated headlines, I don’t want to have to buy the newspaper all over again.
In today’s paper (and on-line of course) there is an editorial comment on the new app explaining its background. The writer opens:
Today I am proud to announce the launch of our redesigned Guardian app. It’s been a ground-up reworking to bring you a new, advanced and beautiful Guardian app. For the first time you will have a seamless experience across phones and tablets, with a cleaner, responsive design that showcases the Guardian’s award-winning journalism to our readers around the world.
The article goes on to explain the history of the original app and the thinking behind the redesign. It continues:
We’re also thrilled to announce that GuardianWitness – the Guardian’s award-winning platform through which readers can contribute their own pictures, videos and text – is now integrated into the app, meaning readers can now contribute to assignments seamlessly and directly within the main app.
Other new features include:
- A new flexible layout so we can display different stories in different ways, and show readers which stories are the most important in one glance
- Breaking news and sport alerts and up-to-the-minute live coverage
- Increased personalisation: readers can personalise their home screen depending on what topics they’re most interested in, and create notifications to follow favourite writers, stories, series and football teams
- Improved photo galleries and inclusion of interactives for the first time
- Off-line reading – with intelligent caching readers will now be able to save articles to read later and have more content at their fingertips wherever they are
- Open journalism has been built into the app, with even easier ways for readers to contribute comments, videos, photos via our new GuardianWitness integration, as well as a better commenting experience
- New opportunities for advertisers.
I particularly like that last bit.
And of course the app needs access to my location.
(P.S. The app called “UK Newspapers” by Markus Reitberger gives access to all the UK news sites you could want – and all it asks for is network access.)
Permanent link to this article: http://baldric.net/2014/05/30/a-new-app/
Apr 16 2014
In February of this year, Poul-Henning Kamp (a.k.a “PHK”) gave what now looks to be a peculiarly prescient presentation as the closing keynote to 2014′s FOSDEM.
In the presentation (PDF), PHK posits an NSA operation called ORCHESTRA which is designed to undermine internet security through a series of “disinformation” or “misinformation”, or “misdirection” sub operations. ORCHESTRA is intended to be cheap, non-technical, completely deniable, but effective. One of the opening slides gives ORCHESTRA’s “operation at a glance” overview as:
- Reduce cost of COMINT collection
- All above board
- No special authorizations
- Eliminate/reduce/prevent encryption
- Enable access
- Frustrate players
PHK delivers the presentation as if he were a mid-ranking NSA staffer intending to brief NATO in Brussels. But “being American, he ends up [at FOSDEM] instead”. The truly scary part of this presentation is that it could all be completely true.
What makes the presentation so timely is his commentary on openssl. Watch it and weep.
Permanent link to this article: http://baldric.net/2014/04/16/nsa-operation-orchestra/
Apr 16 2014
For any readers uncertain of exactly how the heartbleed vulberability in openssl might be exploitable, Sean Cassidy over at existential type has a good explanation.
And if you find that difficult to follow, Randall Munroe over at xkcd covers it quite nicely.
My thanks, and appreciation as always, to a great artist.
Of course, Randall foresaw this problem back in 2008 when he published his take on the debian openssl fiasco.
Permanent link to this article: http://baldric.net/2014/04/16/more-heartbleed/
Apr 16 2014
The Guardian and the Washington Post have been jointly awarded the Pulitzer prize for public service for their reporting of Edward Snowden’s whistleblowing on the NSA’s surveillance activities.
The Guardian reports:
The Pulitzer committee praised the Guardian for its “revelation of widespread secret surveillance by the National Security Agency, helping through aggressive reporting to spark a debate about the relationship between the government and the public over issues of security and privacy”.
Unfortunately that debate seems to be taking place in the USA rather than in the UK.
In typical Guardian style, one correspondent to today’s letters page says:
Congratulations to all. Can’t wait for the film. All the President’s Men II? Johnny Depp as Alan Rusbridger?
I’d pay to see that. But I’m not sure how it ends yet.
Permanent link to this article: http://baldric.net/2014/04/16/pulitzer-guardian/
Apr 15 2014
I was contacted recently by a guy called Andy Beverley who wrote:
Hope you don’t mind me contacting you about one of your old blog posts “what gives with dban”. Thought I’d let you know that I forked DBAN a while ago, and produced a standalone program (called nwipe) that will run on any Linux OS. That means it will work with any Live CD, meaning much better hardware support.
It’s included in PartedMagic, as well as most other popular distros.
“No I don’t mind at all” is my response. In fact, since DBAN seems to be borked permanently, it is nice to see an alternative out there.
Andy’s nwipe page says that he could do with some assistance. So if anyone feels able to help him out, give him a call.
Permanent link to this article: http://baldric.net/2014/04/15/boot-and-nuke-no-more/
Apr 08 2014
This is nasty. There is a remotely exploitable bug in openssl which leads to the leak of memory contents from the server to the client and from the client to the server. In practice this means that an attacker can read 64K chunks of memory on a vulnerable service, thus potentially exposing security critical information.
At 19.00 UTC yesterday, openssl bug CVE-2014-0160 was announced at heartbleed.com. I picked it up following a flurry of emails on the tor relays list this morning. Roger Dingledine posted a blog commentary on the bug to the tor list giving details about the likely impacts on Tor and Tor users.
Dingledine’s blog entry says:
Here are our first thoughts on what Tor components are affected:
- Clients: Tor Browser shouldn’t be affected, since it uses libnss rather than openssl. But Tor clients could possibly be induced to send sensitive information like “what sites you visited in this session” to your entry guards. If you’re using TBB we’ll have new bundles out shortly; if you’re using your operating system’s Tor package you should get a new OpenSSL package and then be sure to manually restart your Tor.
- Relays and bridges: Tor relays and bridges could maybe be made to leak their medium-term onion keys (rotated once a week), or their long-term relay identity keys. An attacker who has your relay identity key can publish a new relay descriptor indicating that you’re at a new location (not a particularly useful attack). An attacker who has your relay identity key, has your onion key, and can intercept traffic flows to your IP address can impersonate your relay (but remember that Tor’s multi-hop design means that attacking just one relay in the client’s path is not very useful). In any case, best practice would be to update your OpenSSL package, discard all the files in keys/ in your DataDirectory, and restart your Tor to generate new keys.
- Hidden services: Tor hidden services might leak their long-term hidden service identity keys to their guard relays. Like the last big OpenSSL bug, this shouldn’t allow an attacker to identify the location of the hidden service, but an attacker who knows the hidden service identity key can impersonate the hidden service. Best practice would be to move to a new hidden-service address at your convenience.
- Directory authorities: In addition to the keys listed in the “relays and bridges” section above, Tor directory authorities might leak their medium-term authority signing keys. Once you’ve updated your OpenSSL package, you should generate a new signing key. Long-term directory authority identity keys are offline so should not be affected (whew). More tricky is that clients have your relay identity key hard-coded, so please don’t rotate that yet. We’ll see how this unfolds and try to think of a good solution there.
- Tails is still tracking Debian oldstable, so it should not be affected by this bug.
- Orbot looks vulnerable; they have some new packages available for testing.
- The webservers in the https://www.torproject.org/ rotation needed (and got) upgrades too. Maybe we’ll need to throw away our torproject SSL web cert and get a new one too.
But as he also says earlier on, “this bug affects way more programs than just Tor”. The openssl security advisory is remarkably sparse on details, saying only that “A missing bounds check in the handling of the TLS heartbeat extension can be used to reveal up to 64k of memory to a connected client or server.” So it is left to others to explain what this means in practice. The heartbleed announcement does just that. It opens by saying:
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop communications, steal data directly from the services and users and to impersonate services and users.
During their investigations, the heartbleed researchers attacked their own SSL protected services from outside and found that they were:
able to steal from ourselves the secret keys used for our X.509 certificates, user names and passwords, instant messages, emails and business critical documents and communication.
According to the heartbleed site, versions 1.0.1 through 1.0.1f (inclusive) of openssl are vulnerable. The earlier 0.9.8 branch is NOT vulnerable, nor is the 1.0.0 branch. Unfortunately, the bug was introduced to openssl in December 2011 and has been available in real world use in the 1.0.1 branch since 14 March 2102 – or just over 2 years ago. This means that a LOT of services will be affected and will need to be patched, and quickly.
Openssl, or its libraries, are used in a vast range of security critical services across the internet. As the heartbleed site notes:
OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. Your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL. Many of online services use TLS to both to identify themselves to you and to protect your privacy and transactions. You might have networked appliances with logins secured by this buggy implementation of the TLS. Furthermore you might have client side software on your computer that could expose the data from your computer if you connect to compromised services.
That point about networked appliances is particularly worrying. in the last two years a lot of devices (routers, switches, firewalls etc) may have shipped with embedded services built against vulnerable versions of the openssl library.
In my case alone I now have to generate new X509 certificates for all my webservers, my mail (both SMTP and POP/IMAP) services, and my openVPN services. I will also need to look critically at my ssh implementation and setup. I am lucky that I only have a small network.
My guess is that most professional sysadmins are having a very bad day today.
Permanent link to this article: http://baldric.net/2014/04/08/heartbleed/
Mar 31 2014
I bought my first netbook, the Acer Aspire One, back in April 2009 – five years ago. That machine is still going strong and has seen umpteen different distros in its time. It currently runs Mint 16, and very happily too.
The little Acer has nothing on it that I value over much, all my important data is stored on my desktop (and backed up appropriately) but I find it useful as a “walking about” tool simply because it is so portable, so it still gets quite a bit of use. I am planning a few trips later this year, notably to Scotland and later (by bike) to Croatia, and I want to take something with me that will give me more flexibility in my connectivity options than simply taking my phone to collect email. In particular, it would be really useful if I could connect back to my home VPN endpoint whilst I am out and about. This is exactly the sort of thing I use the Acer for when I’m in the UK. I (briefly) considered using my Galaxy Tab, which is even lighter and more portable than the Acer, but I just don’t trust Android enough to load my openvpn certificates on to it. There is also the possibility that the Tablet could be lost or stolen (I shall be camping quite a lot). So the Acer looks a good bet. The downside of taking the Acer is the need for mains power (for recharging) of course, but I shall be staying in the odd hotel en route, and I have an apartment booked in Dubrovnik so I figure it should cope. However, I am not the only fan of the Acer – my grandson loves to sit with it on his lap in my study and watch Pingu and Octonauts (parents and grandparents of small children will understand). Given that I recognise that I might lose the Tablet, I must also assume that the Acer might disappear. My grandson wouldn’t like that. So the obvious solution is to take another AAO with me – off to ebay then.
Since my AAO is five years old, and that model has been around for longer than that, I figured I could pick up an early ZG5 with 8 or 16 Gig SSD (rather than the 160 Gig disk mine has) for about £20 – £30. Hell, I’ve bought better specced Dell laptops (I know, I know) for less than that fairly recently. I was wrong. Astonishingly, the ZG5, in all its variants, appears to still be in huge demand. I bid on a few models and lost, by quite some margin. So I set up a watch list of likely looking candidates and waited a few days to get a feel for the prices being paid. The lowest price paid was £37.00 (plus £10.00 P&P) for a very early ZG5 still running Linpus, another Linpus ZG5 with only 512Mb of RAM and an 8 Gig SSD went for £50.00 plus £9.00 P&P), most of the later models (with 1 Gig of RAM and 160 – 250 Gig disks went for around £70 – £90 (plus various P&P charges). In all I watched 20 different auctions (plus a few for similar devices such as the MSI Wind and the Samsung NC10). The lowest price I saw after the £37.00 device was £55.00 and the highest was £103.00 with a mean of just over £67. That is astonishing when you consider that you can pick up a new generic 7″ Android tablet for around £70.00 and you can get a decent branded one for just over £100. And as I said, old laptops go for silly money – just take a look at ebay or gumtree and you can pick up job lots of half a dozen or more for loose change.
So – despite what all the pundits may have said, clearly the netbook as a concept still meets the requirements of enough people (like me I guess) to keep the market bouyant. Intriguingly, the most popular machines sold (in terms of numbers of bidders) were all running XP. I just hope the the buyers intended to do as I did and wipe them to install a linux distro. Of course, having started the search for another ZG5, I just couldn’t let it go without buying one. I was eventually successful on a good one with the same specification as my original model.
The only drawback is that it is not blue…..
Well, at least I don’t think it will be stolen.
Permanent link to this article: http://baldric.net/2014/03/31/the-netbook-is-not-dead/
Feb 28 2014
Back in June 2008 I noted Craig Wright had posted to bugtraq reporting a “remote exploitation of an information disclosure vulnerability in Oral B’s SmartGuide management system”. I found it faintly amusing that a security researcher should have been looking for vulnerabities in a toothbrush.
I should have known better.
A report in wednesday’s on-line Guardian points to the release of a new smart tootbrush from Oral B. Apparently that toothbush will link via bluetooth to an app on either an iPhone or Android and report back to your dentist. It seems that Oral B “sees the connected toothbrush, launched as part of Mobile World Congress’s Connected City exhibition, as the next evolution of the smart bathroom.” Wayne Randall, global vice president of Oral Care at Procter and Gamble reportedly said:
“It provides the highest degree of user interaction to track your oral care habits to help improve your oral health, and we believe it will have significant impact on the future of personal oral care, providing data-based solutions for oral health, and making the relationship between dental professionals and patients a more collaborative one.”
That’s just great. GCHQ have plenty of other personal data feeds already without giving them access to our bathrooms.
Permanent link to this article: http://baldric.net/2014/02/28/the-spy-in-your-bathroom/