IP filtering is a valuable factor for security. I know which IPs belong to my organisation and these can be a useful factor in allowing access.

I've written rules which say that access should only be allowed when the client has both password and MFA and comes from a known IP address. Why shouldn't I do that?

And there are systems which only support single-factor (password) authentication so I've configured IP filtering as a second factor. I'd love them to have more options but pragmatically this works.

But the Times article also says:

> A spokeswoman for Leicestershire police said crimes under Section 127 and Section 1 include “any form of communication” such as phone calls, letters, emails and hoax calls to emergency services.

So I think the categorisation is a mess, and probably not even consistent across forces

Not all of them are online posts, in fact probably a minority

If you really want to check every time someone clicks on a link then you can do this in the client and keep the visible link the same for the end user.

But instead there are different teams working on this in Outlook, Teams, Exchange, Defender and god knows where else.

(I'm one of the people in corporate IT trying to turn this off and often struggling)

https://imgur.com/a/mulled-wine-pc-WW1pW

It could get to 60°C which is a bit low for coffee but was great for mulled wine

If you embed a URL in emails then a lot of corporate email gateways will blindly follow the link, trying to check it for malware.

This may or may not be a useful security measure but it has many issues. One of which is that it could look like spying.

But what's the threat model here?

I didn't think of 2FA as being protection against password reuse. People should still avoid reusing passwords and change them if they know of a breach.

Are there really attackers who are picking up breach databases and then sim-swapping to get the 2FA as well?

The "1-click login" links are a concern and just having access to the SMS would be enough to take over things like WhatsApp.

But 2FA codes seem notably less worrying. They are the second factor and require an attacker to have the password too. For these cases I'm much more relaxed about the use of SMS and the risks of interception.

But when my daughter hasn't got home on time if I can check her GPS and see that she's in the park then I can relax a little.

If she needs to say she's staying out late, using a group chat to let the whole family know is easier than trying to phone mum, then dad, then grandma.

Or she can include a photo showing how much fun she's having.

My life is richer because of communication on things like family group chats. It would be a shame to throw the baby out with the bathwater and lose that

A few years ago Apple blocked[1] some parental control apps because "they put users’ privacy and security at risk"

This actually came up with our school. They tried to use an app to control student phones but it was fundamentally limited by these Apple restrictions.

[1] https://www.apple.com/uk/newsroom/2019/04/the-facts-about-pa...

1. Use of phones in classrooms 2. Having phones present in schools, but unused 3. The impact of social media on schoolchildren

(1) is undeniably bad and should be banned everywhere.

(2) raises some issues. I don't want (1) but I would like my child to have a phone for the journey to and from school. And a smartphone is much better at this than a dumb phone (group chats are really good!)

(3) is a concern but it seems almost totally unrelated to the other issues. The children who are banned from having a phone at school will use the same social media when they're at home and schools will still have to deal with bullying.

Our school current bans (1) and is consulting on more bans. But from parent discussions it feels like both the school and parents are mixing up these issues and just coming back with "phones are bad".

If I've just entered "0.21" then when the confirmation screen reads "21" it's not immediately obvious that it's wrong.

A typical pump will contain enough for several days. My pump right now has 100 units and is only half full.

To my understanding this isn't the same type of bug. Tandem are just saying "it can be confusing to enter fractional rates".

This bug is for a different pump and is "when you enter a fraction rate it will change the rate". That is much worse

https://twitter.com/Tims_Pants/status/1730515134731182490

It's wild that this sort of bug got through testing.

As a diabetic it feels like our insulin pump software is very conservative and lacking in features especially compared to what some of the "closed loop" things would like to do.

That seems reasonable if the manufacturers are having to do lots of safety testing.

But if bugs like this are getting through then the testing obviously isn't anywhere near as robust as we'd like.

Last year my kids wanted to go collecting conkers and I used a similar website (https://www.treetalk.co.uk/) to find a local place with lots of horse chestnuts.

It worked brilliantly and the kids thought I was some kind of genius for finding so many.

The primary interface is through their app and I think you might need to use this to get it up and running initially. But they have a supported local API feature[1] that has so far worked as I'd expect. In the end I've been happy with their app so have primarily used that so far. The data seems good.

They're quite expensive new. But they were involved in some sort of cryptocurrency (!) that failed. So there are a lot of them available as nearly-new on eBay. In the UK I picked one up for about £60, I think.

[1] https://support.getawair.com/hc/en-us/articles/360049221014-...

I agree that this is a potential risk.

But if the cameras themselves can't route to the internet in this scenario then how are they infecting the recording server? Is the suggestion that they come shipped from the factory with code to compromise common recording servers? It seems like that would be very significant and something that we'd be able to see in action.

My biggest concern with CCTV networks that I manage is some sort of backdoor access to the cameras themselves. So the dual-homed server design is exactly what I'd choose in order to control things.

TFL do have some quite good APIs so you could use those rather than scraping the HTML.

https://tfl.gov.uk/info-for/open-data-users/api-documentatio...

I think you need to register but they seem happy to have amateurs and enthusiasts using them and they work quite well.