Issue 687

Wednesday, 25th July 2018

In This Issue


Chrome has started marking websites lacking HTTPS as "Not Secure"

The day has finally come - the latest version of Chrome (which auto-updates for most people) now displays any website lacking HTTPS as insecure, hopefully scaring users into asking their favourite website's administrators to implement HTTPS already. So if some of the sites you visit suddenly pop up as "Not Secure" in Chrome, that's why. Nothing has changed with the websites, it's just Google highlighting the fact you're accessing the site over a non-secure connection. In the next version of Chrome, due in September, HTTPS sites will no longer be referred to as secure and will just show a padlock. Then some time in the future, Google will remove all HTTPS notifications all together and only show an icon or words next to the URL when a site has problems (i.e: no HTTPS).

Greg Hunt gets facts about My Health Record multiple times, doesn't care

The Australian Parliamentary Library has contradicted all the government stooges going around saying that the cops can't look at the contents of your My Health Record without a warrant. Yet despite this impartial, respected and authoritative voice saying so, health minister Greg Hunt is still saying there's nothing to worry about because MHR's internal policy doesn't allow it and (incorrectly) over-rides what the actual law says. There's also issues around who precisely has access to the stuff in MHR. The minister reckons it's only people you allow, but the official MHR documentation says healthcare professionals do not need consent to view a patients MHR records - another contradiction. The Australian Medical Association (aka the doctors union) want the rules changed so law enforcement can't access medical records without a warrant and the AMA's current and former presidents have opted-out of MHR because they doesn't trust it. Opposition leader Bill Shorten wants My Health Record put on hold while everything is sorted out (reminder, MHR was set up by Julia Gillard back in 2012 as opt-in only).

S&P report claims NBN will be worth bugger all due to cheap 5G plans

The NBN's massive cost was always defended by it not being a grant or an expense, but an investment in a business that'll be worth heaps of money one day. According to a report from Standard & Poors, the government's investment is a dud and a return on the billions spent will be "difficult to achieve". S&P claim due to the NBN's high cost for end users, telcos with 5G networks will chip away at the most profitable low-end users by offering cheaper & faster internet plans than NBN can whilst making a profit. This means that when the government goes to sell NBN (as it always planned to), the amount telcos will offer to buy it will be way, way less than what it cost the government to build, resulting in billions pissed down the drain.

Apple releases update to fix i9 MBP throttling

Apple has acknowledged the new MacBook Pro has performance issues and released an update to fix it. Apparently the issue lies not with the CPU getting too hot and slowing itself down to prevent damage, but with the VRM modules overheating and not supplying the CPU with the power it needs. Apple claims its a "missing digital key in the firmware that impacts the thermal management system" (Reddit has lots of technical detail on the issue). The good news is that performance is improved on the i9 model and on par with the rest of the industry. The i9 MBP still not much faster than the i7 though and slower than thicker laptops with better cooling systems using the same CPU. It's also a bit upsetting this kinda thing slipped through Apple's testing - a common theme in new Apple products lately.

Misc news items

Not News, But Still Cool

New Xiaomi Android One smartphones

Xiaomi announced new phones using Android One (aka clean Android with monthly updates) today - the Mi A2 and Mi A2 Lite. The Mi A2 is the faster phone, with a 6" display, Snapdragon 660 SoC and various RAM & storage options. The Mi A2 Lite has a Snapdragon 625 SoC, slightly smaller 5.84" screen, but weirdly a notch on the front. Both have dual cameras, with the Mi A2 getting the superior specs. Why does the lower end phone get a notch, but the higher end one does? That's kinda weird. Kimovil already has listings for the Mi A2 (starts at ~A$350) and Mi A2 Lite (starts at ~A$300). When stock levels improve and prices stabilise, it wouldn't surprise me if you can get the Mi A2 for $300 delivered. What a fucken ripper bargain of a phone with such specs. The closest local competitor would be the Nokia 6.1 for $399 at JB I reckon.

MotionEyeOS - a Raspberry Pi distro for video surveillance

MotionEyeOS is a Linux distro for the Raspberry Pi (and some other single board PCs) dedicated to video streaming. It turns your little computer into a fully fledged security camera, with motion detection, email notifications, time lapse videos, uploading of media files to Dropbox/Google Drive and support for USB webcams. I haven't tried it out yet, but it looks pretty nifty.

An introduction to decrypting hashed passwords

When a website is hacked and someone scores a big haul of passwords, they're usually described as "hashed", aka, encrypted. To decrypt your sweet stash of passwords, you need to run them through an app like hashcat, that applies some patterns, then brute force, to try and get the juicy passwords inside. TrustSec has a blog post going over how an attacker might go about doing that. It's not that hard, particularly with more and more power GPUs that make mince meat of weak and short passwords. It really highlights how important a non-dictionary password with a variety of characters inside it is to be safe from this sort of attack as GPU power increases.

That's it, see ya tomorrow!

No Doubt - Ex Girlfriend