Exactly, every vendor has default passwords. If you are doing things right all default credentials are changed or disabled. Access to any service is firewalled off or better yet only accessible out of band on a dedicated management network.
This is changing. I've seen a number of ISPs no longer have default passwords. Each router or modem has a random password string set to the device, it's printed out and pasted as a sticker on the modem (or some print directly to the plastic). A lot of big name devices do this now too.
Sure it's a password written on the device, but it's random, you need physical access to see it, and people who are security conscious can change it.
This bad practice isn't excusable, especially not by a company as big as Huawai, not if they want to be taken seriously.
It's definitely a good development that ISPs have started to deploy routers and modems with randomized passwords. However, please do keep in mind the deployment of consumer equipment and enterprise hardware is different. Or at least it should be, in theory.
Enterprise equipment is usually not supposed to be just dropped into place, without oversight. It usually needs proper configuration/management, by qualified people.
Whether this also happens in practice can be a different story altogether. Still, the security of enterprise equipment usually involves more policy and procedure than it does with consumer equipment. With the latter, security has to come more or less by default, because the people handling the devices usually have little expert knowledge.
From what I have seen where I live, printed passwords on things like home routers and VDSL/Fiber modems provided by major ISP's are for 802.11 stuff (WiFi passwords) and not for the devices management interface. This may have changed since I last looked into it a few years ago though. There was also the whole Netgear router "backdoor" port thingy (a device shipped by a major ISP) which I actually had to exploit to recover my password after forgetting it once, which was kind of amusing.
Cisco never requires a passsword to be set. iOS prompted for a password during the easy configuration but if you dropped in, via console or Tftp, a config over you can configure it without a pw.
Later versions did not allow passwordless ssh but still allowed it via telnet. Cisco’s ACI platform enforces password on the initial account, then with some smarts you could disable it in OpenLDAP
If you consoled into easy mode you defo could set a pw there, or skip it.
I still don't get why they don't make you set at least one password, but some of it also stems from the architecture of the OS AFAIK.
I agree, I bought a yubi key ages ago and have tried to set it up for ssh, windows auth and various online services but I find it either just doesnt work, or works poorly enough that I don't use it and instead rely on classic TOTP instead.
I have a hard time imagining an electric car working for me. There are two charging points within a 2-mile radius and I cannot park within about 15 meters of my house so it is just impossible to charge one.
Hydrogen or something where I can still go to a "filling station" might work. Right now I view electric cars as a tax break for anyone lucky/rich enough to have a driveway.
This might all change in a few years but I doubt there will ever be enough charging points on local roads.
But you still can't put the cart before the horse. Tax people who don't switch to a viable, cleaner alternative from dinosaur-burning vehicles, but not before you've made that alternative viable in the first place. Much (most?) of the UK is not ready for full switchover yet.
2032 is still 14 years away which is a long time. And according to the article it’s even then just about banning the sale of new vehicles. This should be completely doable if the UK puts half a mind to it.
Unfortunately the UK does not have half a mind to spare, and won't for a few years at least. One of the less noticable side-effects of Brexit is that it totally dominates the entire political landscape, to the exclusion of other issues.
In a news magazine I read[1], they had an infographic where they measured the average number of comments below articles on a number of unrelated topics it took for Brexit to be mentioned. The figures were mostly below 10 (and look at me, bringing up Brexit in this unrelated issue!)
I agree that the government shouldn't be meddling with this, I just don't agree that the prospect of ever switching to an electric car is "unimaginable".
Is there a fuel station at your home or within two miles etc?
Why are you happy for the filling station to not be on a local road but the charging point must be? Because of time? 30 minutes will get you 80% charge on must current super chargers. Next gen ultra chargers will probably bring that down to 10 minutes.
80% is enough for maybe 200+ miles in the latest EV - so in 14 years I'm reasonably confident that'll still be available or better.
Also, why do you drive? To get to work? Petition for chargers at work perhaps? 14 years to get them onside. Charging doesn't have to happen at home.
I just feel like using a VPN, while legal, might already put you on some list of "suspicious" users. Surely, if you have something to hide, then you are worth investigating closely.
Which is why we need to push as many people as possible to use VPN's, they already have too much straw and too few needles so lets give them even more straw.
The reality is that no one in the know thinks this has anything to do with terrorism and everything to do with political control.
If you don't have the right to privacy then all other rights are subverted, previous governments have used the state security apparatus to monitor perfectly legal political activities, they've proven again and again they can't be trusted with this kind of power and we let them give themselves more (and legalise all the illegal shit they where already doing).
The reality is the UK (which traditionally has been a less free society for a 'free' society) is rapidly sliding into something you can't realistically call a free society.
You've lost sight of any balance when you start claiming that terrorism is just an idea used to justify state oversight and not an actual problem of organised harm/killing of peaceful civilians.
I think one can acknowledge that terrorists and terrorist attacks are definitely a real thing that exist, and at the same time one can think that the current reaction is completely out of proportion, where the whole society is giving away its freedoms to prevent a really minor threat?
I'd happily live with the lightning strike probability of being involved in a terrorist attack than the certainty that the government will abuse this data to subvert opposition.
Trading the rights of millions of people to combat terrorism hurts more people than the terrorists could ever hope to touch.
This doesn't even factor in solutions terrorists can use to avoid surveillance, or answer the question of if all this surveillance even reduces terrorism in the first place.
52 people killed in those bombings, eleven years ago.
More people than that died in 1 week of road accident deaths in the same year, and in 2 weeks of road accident deaths in 2013 [1]
Talking about numbers and causes of deaths in the UK, for comparison:
The UK Office of National Statistics (ONS) published that death registrations increased from 2014 to 2015, saying "There were 24,065 more deaths registered in the first three months of 2015 compared with the same period in 2014, with 11,865 of these extra deaths registered in January alone, when flu was circulating at its highest levels." - totals, 501,424 deaths in 2014 and 529,613 deaths in 2015. [2]
ONS also published: "In 2014, nearly a quarter of all deaths (23%; 116,489 out of 501,424) in England and Wales were from causes considered potentially avoidable through timely and effective healthcare or public health interventions."
and "In 2014, just under a third of deaths (32% or 1,443 out of 4,571) in children and young people aged 0 to 19 years in England and Wales were from causes considered avoidable through good quality healthcare" [3]
In the news today, NHS people are warning that there isn't enough money to provide all the services it needs to, even with the planned budget increases. [4]
There just isn't any comparison in the numbers. Terrorism is not fiction, the hugeness of terrorism is fiction - at least, it appears to be, absent any concrete details of numbers of plots discovered and averted, which we'll never get.
But if 52 dead is one of the biggest attacks in the UK in decades, how likely is it that avoided attacks would even approach 1400 children per year who die of preventable causes, let alone 11,000 people/1 year who apparently died of flu while flu vaccines exist?
OK and the highest rate of murders in large countries around the world is something like 30 per 100,000 .. so we should just let people commit [other] murders because they're low incidence compared to cancer say?
How do you think that murder rate will change if you don't seek to address it at all?
We were talking specifically about terrorism in the UK, not murders in the USA.
USA should ban private gun ownership, obviously. This would do a lot for their murder rate, it would do a lot for their "people killed by toddlers" rate, and it would be a lot cheaper and less invasive than ISPs logging 300M internet access records for a year.
Prioritize things which have high impact, are easy to address, and have specific good outcomes. Not "anti terror" metrics which are vague, difficult and expensive to address, and have extremely low impact.
TSA isn't a good system. And it doesn't become a good system just because 'we have to do something about some crimes'. Sure. Do something better, and do it about more important problems.
Trying to avoid getting caught in a 'lets see who visited this random page in the past YEAR because it recently added some "illegal" content, so all who visited must be punished' situation.
I'm using SOCKS over SSH. SSH is kinda part of my job, so it shouldn't be suspicious, right? Oh. I forgot. I'm a linux user, who runs custom firmware on his router, probably already treated as dangerous.
Been using these guys for a few years now, best use of $40/yr. You'll occasionally get blocked on certain sites (which you can often fix by simply changing location), but their infrastructure is definitely impressive. I get to use the full speed of my connection, which ironically is not always the case when I'm not connected through PIA (there's definitely some selective throttling going on, even though my ISP pretends there isn't).
So sure, I'm probably on a bunch of watch lists, but at this point it's hard to care anymore, it feels like everybody is in one way or another, everybody will be found guilty should someone decide so... I actually have legitimate reasons for using VPNs, but moves like this from governments around the world just give me even more of an incentive to use VPNs.
One can only hope that politicians will be done in by the very same rules they're blissfully pushing through.
Unfortunately, Netflix doesn't work through PIA, they apparently aggressively block IP ranges from most major VPN providers, so the issue isn't specific to PIA. This is a bit of a "screw you" to privacy-conscious people, but then again Netflix have their own issues to deal with (whether legitimate or not is a different conversation). Two things I do on occasion: have a box dedicated to watching Netflix, that isn't on a VPN (which might not help if you're trying to bypass national licensing restrictions), the other is to tunnel my connection to one of my servers through the VPN, which works fine, though it's a bit of a pain.
I've had PIA, AirVPN, and now iVPN. Definitely a fan of iVPN. They are organizational members of the EFF (for what it's worth), and their service has been the fastest I've used thus far. A bit pricey though.
That would be a very hard fight for them since enforcing it without fundamentally breaking the way the internet works would be very expensive to a lot of very wealthy companies and sadly in this 'democracy' the people with the money are heard the loudest.
Not at all. It's enough to point the finger at commercial VPN providers and claim the the users are doing suspicious things including filesharing, and encourage ISPs to block VPN providers by address block.
Many ISPs would love to do that because they want to inspect cleartext traffic and sell metadata.
Of course corporate VPNs would be left untouched. There.
> It's enough to point the finger at commercial VPN providers and claim the the users are doing suspicious things.
The problem there is we live in a containerised world, how would they stop someone running a 'recipe' that creates a VPN on something like AWS/Digital Ocean and uses that as the VPN exit point.
The only way to deal with that is to have a central licensing authority for VPN's where you have to hand over the keys, that's going to be a massive and expensive fight for them.
> how would they stop someone running a 'recipe' that creates a VPN on something like AWS/Digital Ocean
They don't need to. Even if 10% of citizens were able to do that, controlling and censoring information for the 90% is way more than enough to manipulate people perceptions and ideas, and thus, democracy.
Not even Stasi or the "great firewall" of China aimed at 100% success rate - they simply don't need to.
>controlling and censoring information for the 90% //
What you appear to be alleging is that by being able to access the threads I saw on Al-Jazeera or Reddit or what-have-you that the government can somehow control the information I'm receiving enough to manipulate me to serve their political ideals. Freedom of the press may not be perfect in the UK but it seems close enough that a government can't manipulate democracy simply by monitoring internet use.
UK population is 65M. Reported crimes (which includes littering and traffic violations AFAICT) is about 1 per mille in the UK [1]. There's no way the gov are using the criminal justice system to control the population to a significant extent, they certainly can't control the criminals. The prisons are full. The establishment can try to jump up crimes but the scale they need to do that to control the population seems enormous compared to the resources available.
If you can write a lie on the side of a bus and have the country vote against their best interests then why on Earth would you try and carefully contrive criminal activity in order to stop people from visiting websites you don't like to subtly alter a few people's perception of the political situation. Seems entirely bonkers.
Throughout the last 100 years there has been examples across many dictatorships and engineered democracies where incredible amount of efforts has been spent on achieving information control.
Dragnet surveillance proved many times to be effective at chilling free speech and intimidating dissenters.
Did those places have a strong rule of law, free press, legislation giving human rights freedoms, very open government. We're not really talking about information control either, it's data gathering. I hear you on the chilling effect but can't really believe that anything i say in my lifetime will be sufficient to prompt a judge to allow a warrant against me.
Sure, with a huge regime change this sort of law could later prove troublesome but we'd have to have changed our entire way of life first it seems.
Your reaction seems reasonable if you're in a malevolent dictatorship, despite its problems I don't find the UK being anywhere close to that politically.
then people would just resort to steganography. it wouldn't be terribly difficult to mask asymmetric traffic that appeared to come from a youtube-like "site", or symmetric traffic that looks like skype video but with encrypted packets inside the compressed video transport layer. This is an unwinnable fight and I can't believe anybody would be stupid enough to try.
No, due to browsers leaking data and state actors controlling tor end points.
They still know know someone out there is doing something, and can build ad profiles and threat profiles on them, they just can't link those profiles to you easily: that is anonymity.
Privacy would be inability to build useful profiles.
Interesting. But if someone could remain anonymous, even with a profile being created for that "anonymous entity" and there is nothing tying that anonymous profile back to a real person, that would still seem to be private to me. If the anonymous profile could be connected to a real person, that would seem to be neither anonymous, nor private.
There is no single method of protecting privacy; VPNs are privacy against commercial-level actors.
Tor has its own bounds, but people should use that, too. I generally think the internet is barely usable over TOR, but I don't need state-level privacy.
My point being is that these are valid tools with valid uses, and people should understand and use them, NOT that VPNs are anything other than a way of encrypting and proxying traffic.
>I generally think the internet is barely usable over TOR //
I've only used tor browser (adding to the noise!), nothing beyond web. Could you go in to what makes the internet "barely usable" over TOR, do you mean speed or is there other things you're trying to accomplish that can't be done?
A VPN like Private Internet Access is among the best things a consumer can do to protect their privacy.
PIA is $3.33/month. My internet bill is $50/month.
I like to think of it as a $3 upgrade from an open line to a secure line. It's a no-brainer for me. Really it should be a default option from your ISP, only they can make a hell of a lot more than $3.33/month from you if they can read all of your data.
It also depends on how you define "Worlds fastest car" While there is no doubt this is a fast car and that time is a stonking 0-60 time. I am lead to believe it can't complete a full flat out lap of the Nurburgring as constant high speed/full throttle use heats up the battery to the point where performance has to be limited.
So while it will be great to "hoon about" in and should be a win at the traffic light gran prix there are probably much better track day cars.
Note also that Tesla has also been called a bit "optimistic" with their 0-60 times as compared to other manufacturers (e.g. by Top Gear when testing P90D against Audi RS6 this year).
The _current_ 0-60 time, you mean. Especially with this:
"And Tesla only compares with cars currently in production."
considering this is only a teaser tweet, there's a slight hint of irony there. "Currently in production" is also very different from "fastest production cars". Very selective.
This happened last time Tesla announced something like this - people fell over themselves to install it in the Wikipedia page for fastest production cars. Even though it was: 1) not yet available, 2) not verified, and 3) described even by Tesla themselves as an "expected result". i.e. a press release.
When that didn't work, they took to the page to add a new column to the list of accepted results, to add, effectively "manufacturer projected results", with the end result looking entirely silly and forced - a top 20 chart with Tesla being the only one to have a result in a "not real, not yet" column.
One of the meanings of "old" is "former or previous."
And I see no irony. The teaser tweet is stated using the future tense. It will be the fastest car in production once it comes, unless some other car maker has a big surprise between now and then.
As for the Wikipedia stuff, I offer no defense of it, but I'm not surprised. Wikipedia suffers from plenty of fanboyism.
Car and Driver just compared another 20 or so cars at their resident Lightning Lap track a few months ago, including a Tesla. The Tesla was not fast, approx. 30 sec slower on a track that fast cars were finishing in the 2:45 range.
The fact is anything below 5 seconds 0-60 is a damned speedy car that you really won't get to push in day to day driving... As it is, I've been in a few Model S's and they are fun. I'll keep my Scat Pack Challenger though, far less expensive, only a second lower, and a higher top speed. Not to mention looking quite a bit cooler imho.
But then can you run Docker on top of OpenVZ? Oh yes, technically you can starting from version x, but I've been told (by a VPS provider) there are a lot of issues in practice.
Of course, I'd love to hear if the opposite is true.
I actually wonder if Airplane! is where people got the idea that "autopilot" means "the plane entirely flies itself." The bit where it's an inflatable doll is obviously satire, but maybe people thought the capabilities were real and the satire was just the doll part?
This is so cool. My bosch vacuum cleaner has a hepa filter, I'm going to duct tape my RC car to it, turn it on and call it a "Bio-weapon defense drone"
But apparently that HEPA filter is nothing like the Tesla filter. I believe I saw a comparison where the Tesla filter blocked something like 100x smaller particles than your typical vacuum cleaner HEPA.
