958 posts • joined 23 Oct 2007
Is it really metadata?
Is it really metadata, or is it actually the data (i.e. the log) that was used. Ever since various leaks, all I seem to see is the word metadata being used, even when it's not appropriate.
So did they use the logs, or did they provide some data about their source data (and if so why, given there was only one subject)?
Re: FUCK OFF
Did you RTFA or just the title?
The ICO having more funding and power is likely a good thing IMHO at it means they can chase the fuckers that don't take care with our data.
From a read of the title though, I thought it was going to be DRIP phase 2
Let alone the exchange of perl one-liners, clearly that mismash of symbols must be a secret code, could $_ be code for 'the attack'.
If I was exchanging semi secret stuff in the clear, I'd use brainfuck just to mess with them
You need to make sure you email the author of one of the blogs too (link on the right hand side) asking when service will be restored:
Yup, Mr Boscovich was indeed included in the recipient list.
Have ignored the temptation to add a comment to either post though, generally companies are less willing to just cough up if they feel you've gone out of you way to publicise/publically deride the issue.
Don't send it directly. First contact your law firm (if you don't have one I recommend Dewey, Suem, and Howe) and have them send the bill as an attachment to an official letter.
When I send 'gimme-money' letters (not that it's that regular), I tend to give a 14 day period to resolve it before I both the lawyers. Works for the most part (I've got a success rate of 98%, though I suspect MS will drag that down shortly), especially if I have the good sense to proof read and make sure I've not dropped a bollock somewhere in what I've written.
Slightly different if I was responding to a similar letter though, that'd always get looked over by a lawyer from the outset.
I figured I'd send MS an invoice for the time I've spent fixing the resulting issues, given that as a third party not covered/protected by my contract with NOIP, they've become the de-facto service provider and fucked everything up through sheer incompetence
"they've no idea about planning infrastructure to scale."
The existence / scalability of Azure (the world's second largest 'cloud' I believe) tends to disprove that.
Yes, because Azure has been so reliable. Size != reliability.
The fact that an worldwide outage was caused by MS forgetting to renew a SSL certificate, a week after a 5 day outage on one of their SQL components further reinforces the idea that big != reliable or good, especially when it comes to Azure.
An of course, we fall back to the current situation. If they're any good at planning things to scale, why aint their DNS infrastructure coping eh?
Re: Let's clear it up...
Remember it's not No-ip hosting the content either.
" Despite numerous reports by the security community on No-IP domain abuse"
I find the structure of this sentence interesting, to me it reads as though it's talking about Papers and articles (reports on), and not reports to No-IP. Given they are just hosting DNS records, without a list of affected subdomains what precisely are they supposed to do?
Microsoft claimed some of the subdomains use MS protected marks,
That's the bit that really baffles me. A number of subdomains get set up infringing a mark and the judge hands the entire domain over? That's bat-shit insane.
And that's before anyone starts on the fact that No-ip serves DNS records not content. The malware could have got the same content just by going to an IP address, and never touching no-ip (though DNS obviously makes life much, much easier from the malware authors PoV :) ), which makes the decision all the more bat-shit crazy.
Doesn't Microsoft produce infrastructure frequently exploited by cybercriminals?
If one thing's clear, they've no idea about planning infrastructure to scale.
Leaving aside the rights and wrongs of being given custody of the DNS, how the fuck have they managed to take custody so that they can filter out the 'bad' but fail to make sure their servers will stand up to the load so the 'good' is unaffected?
Re: WTF is anyone still using PayPal for?
Not to mention that whilst you may not use Paypal, most other people do (and don't use other services). So if you don't accept Paypal you're artificially (and quite severely) limiting your own market.
I had to provide them with ID a while back because the amount I'd received passed a threshold. Normally they do an 'online check' but it seems that I don't exist, wherever it is that they check.
Re: Eggs and Baskets
What amazed me about so many commentards on saturday morning was how many of them thought they were smart because they knew how to change DNS servers, but were still dumb enough only to point themselves at one DNS server.
And were 'smart' enough to change DNS servers, and tell everyone else it was a DNS issue, whilst completely failing to take note of the fact that changing DNS didn't help with accessing quite a lot of sites. There was a hell of a lot of the blind leading the blind on the net on Saturday
Re: Wasn't a DNS issue...
Yup, though as lots of people on social media were trying to be clever and tell others it was a DNS issue, I fully expect that if BT do cough to the root cause they'll blame DNS.
Was sat troubleshooting the loss of connectivity, and it looks like a couple of interfaces went down on a box near Telehouse based on comparison of traceroutes before and after. Possibly elsewhere too, but that's what we were seeing.
BT's DNS servers, inevitably, are the other side of that hop, so whilst there was an issue reaching BT's DNS, it wasn't _the_ issue.
Re: It would help an awful ****ing lot
Never thought I'd use this sentence - Ill give HSBC their dues on this one.
They phoned me recently and authenticated themselves rather than asking me to do the same.
There are still far too many bad practices that leave us exposed though. If verified by visa increases the likelihood that I'll be liable for a loss, they should damn well let me use special characters in my password *grumble*
Re: anonymized & agregate results
A great example being the NYC data that was released - Drivers for > 173 million trips identified from 'anonymised' NYC Cab data
Because in theory, they could identify an area that's likely to see an increase in demand and then build a mast nearby to give themselves a competitive edge (everyone else's masts being a bit further away). As well as capturing punters, they can rent some of that mast space to the other networks for a suitable price.
In reality, if that happens it's rare. At the moment the main focus seems to be on rolling out 4G in heavily populated areas rather than trying to eliminate blackspots (though as the former is potentially more profitable, you can't really blame them).
With tongue carefully in cheek, I'd also point out that having multiple companies, any one of which could be the owner of that brand new mast, probably (briefly) makes the network's life easier, as those wishing to complain of having headaches/illness from the radiation emitted by the (occasionally, not even turned on yet) mast will have to narrow down the owner before sending their emails.
Re: Just friend and unfriend
Yes, it'll also tell them to congratulate you every year for having been in the job for n years
Re: Who cost the taxpayer £6M?
6m does seem a bit high, but I guess theres some paranoia about letting him slip through the net, so plod have overresourced.
Of course, even if Sweden suddenly say 'ah, new information, no case to answer', he's still going to be arrested as a bail jumper the second he strolls out into the rain. Pretty much bang to rights too
Re: My network...
> Ooo bitchy, that hurt, handbags at dawn.
Wasn't actually meant that way.....
> You said it yourself, by not blocking something, you are allowing it.
True, but you used the word 'condoning'. Allowing something through inaction is not the same as condoning it.
Re: My network...
@AC - He said rules not responsibility.
"If you block one thing and not another then it can be interpreted as you condoning the latter."
Only by someone ill-informed enough to believe it's possible to actually block everything you don't like.
It's up to admins what they allow on their network, and you can police certain things without being compelled to police everything, it's really not an all or nothing situation.
Re: Precise time?
As they were at Dartmouth college in New Hampshire, I'd guess the timezone would be UTC-5
Don't be ridiculous, there's nothing sexist about wanting to see some jiggling boobies!
Are the Diet Coke ads sexist? A group of women gawking at a well toned man? Sexual attraction is a base drive, and 'objectification' flies both ways. There's plenty of objectification going on in mags for women as well, is that sexist? I don't think so, though I'd say that it's sexist to claim it's OK for one gender to gawk and objectify but not the other..
Is gawking suitable behaviour in a professional environment? Not really, but calling it sexist is completely ignoring the fact that many women do the same thing.
Giving a bloke a task because you don't feel a woman would do it properly/correctly would be sexist, gawking is unwanted attention but it's not and never has been sexism (unless you want to argue that only gawking based on your own sexual preferences shows prejudice).
So no, there's nothing sexist about wanting to see some 'jiggling boobies', though ideally it shouldn't be happening in the workplace. But then, I've also worked at places where the hula-hooping itself would be considered inappropriate behaviour, so ymmv.
I suspect, as well, that many would have far more sympathy if one of the hula-hoopers had complained, it does come across as someone being offended on someone elses behalf and the link someone posted earlier regarding the rug does suggest that she was perhaps over sensitive at times. It doesn't automatically mean she's wrong in this case, of course, but we all get judged by our past actions, especially when something relevant pops up on the net.
As a man I find other men making stupid claims about this ficticious war on men totally embarrassing... please do shut up.
It's not entirely fictitious though, some feminists do seem to be seeking more than equality, take the campaign against lads mags for example.
That's not to say we shouldn't all be aiming for equality, but we can't blindly accept that everything labelled as 'for equality' will actually lead to it - there will always be those (male or female) who want a bit more, or who unknowingly apply their own prejudices.
For most of the history of humanity, women have been denied basic rights and it is time we let women have a voice
I completely agree, but what we shouldn't do is deny anyone the right to criticise what's being said. It's supposed to be a debate not a "oh we oppressed you, you'd better call the shots for a bit".
WRT the story, the Hula-hoop thing strikes me as a minor thing, but innappropriate if the guys were sat there just short of drooling.
Re: John Smith IQ of 0.19 Mattie explains his PoV.
... fail to realise a network engineer (or hacker) can sniff (it's a technical term, it actually means copy off the bits from the data stream for analysis, not the actual physical action of sniffing that your lack of education would lead you to,believe it to be - wouldn't want you to be any more confused than you already are)
Sorry, but that made me chuckle.....
Of course, the rest of the argument is bollocks as having the ability to do something doesn't mean it's OK to actually do it, for any reason. Whilst packet capturing can be useful for diagnostics, that utility doesn't mean it's OK to sit and take captures from a core router just to see what nude selfies happen to fly by. It's possible, but also not OK to set up a port mirror, and run captures on the offchance they might capture an email that would prove your spouse was cheating.
Presumably it's OK for me to assault anyone who comes to my front-door because they might be thinking about robbing the house?
does the service provider (and any advertising bodies they pass your history to)
I suspect both bodies would argue that that happens with your consent (though some would disagree).
What customer wants to see only some games or sports during the year when they used to be able to watch it all. You now need to subscribe to at least 2, possibly 3 different providers to watch it all.
Sounds similar to the moan some of us were having when the paid networks started outbidding the BBC/ITV/C4 for sports (Cricket comes to mind).
Call me bitter if you want, but frankly Sky deserve a kicking for that one and I'm glad to see it happen - though I agree it's pretty poor for the consumer.
>If the youth had used his big chopper to spy on his cheating boyfriend in Nancy, then maybe it would be funny and clever.
>I have (had) the wonderful acquaintance with a friend of the family who when I pointed out that he was
> a down and out racist idiot (among his many other sterling qualities) rebutted with (after the shock of
> someone pointing this out to him) that I was being politically correct.
The fact that it's sometimes correct, doesn't render it impossible to be too politically correct.
Yes, we should be mindful of others, and shouldn't spread hate, but no one has a right not to be offended. Certainly no one has a right not to be offended on behalf of someone else.
As long as there's a distinction between an off-the-cuff remark and actually buying into real discrimination, there's no real harm - assuming we're not making those jokes to people who don't understand the distinction (yes, that was a 'think of the children').
I occasionally get called cripple, hop-along and various other things. It's all meant in good humour and it doesn't cause me any offence, other people it might. Frankly I'd rather have a rapport with someone than have them too busy worrying about saying the wrong thing.
Re: The other issue
IIRC CCTV is one of the exceptions to that right. Unless something has changed, you have no right to request access to the video that includes you.
The justification was a combination of two things, as I recall. One being the difficulty in locating the video, but the real killer was that the video would likely contain others and their 'personally identifiable information' (i.e. their image) would be being leaked to you.
Re: Serious question: why buy a new router?
> Would it do any good to be able to define alternate DNS servers; doesn't BT route all DNS requests to their own Mumsnet approved servers anyway?
You might be running your own DNS server on the LAN, no reason it couldn't use a VPN tunnel to go out and grab it's DNS from elsewhere (exactly what I do).
If the Content Filters are enabled, then you get a lovely blue screen whenever you try and access any page - if you're using Off-Network (i.e. non BT) DNS servers (see this screenshot. Though in true BT style even that's only half implemented - if you use TCP instead of UDP for your DNS queries it all gets through fine (or did when I was testing).
If the filters are 'Deleted' - i.e. NOT just Off - then they don't tinker with your DNS (as far as I can tell) though I trust BT about as far as I can throw them, so I've tunnelled mine anyway.
Re: Serious question: why buy a new router?
Ok so your parents aren't likely to need to do this, but you did ask what it was missing
- Static routes (useful if you're running a VPN server)
- Custom DNS address via DHCP (as mentioned above)
It's also a bit stingy, in that it has NTP but won't seem to share the love with the LAN.
It lacks Wake on Lan and various other (small but useful) bits. For quite a while (couldn't tell you if it's been fixed without checking).
Yes, QoS could be handy too.
Are these features worth an extra £100? Probably not, though as they're all quite small and the HH has an 'Advanced' section, you could also ask whether they could just have included them instead.
I agree on putting down extra cash though, so mines becom(ing) nothing more than an Internet Gateway, with a Pi taking over most of its duties.
The biggest issue I found with the HH though was that the Wifi was useless. At semi-regular intervals it just seemed to decide to discard all packets until you re-associated (tested on multiple devices). BTs response was that it must be something in my house causing interference, though strangely enough the AP on the Pi hasn't been exhibiting the same behaviour.
When mine turned on, I had to select a level from 'light, medium, strict' and then wait two hours to use the 'Off' option (can't make changes until it's updated itself). I then had to click 'Delete filter' to stop receiving a blue page tell me I was using an off-network DNS server.
So, unless I missed something (and I looked pretty closely), 100% of BT subscribers will activate the filter. What probably won't get reported is the percentage who then hit OFF as soon as they get a chance
So yeah, I had to opt in to opt out of opting in.
I also don't entirely trust BT not to fuck something up at somepoint, so most of my traffic (including DNS) is now routed over OpenVPN to a VPS that I wasn't making full use of before.
Re: Rats in a sack
Censoring everybody in case a few small-minded twats might pretend to be offended is an act of gormlessness on a colossal scale.
I'm offended by that, where's my 'Dear Mr MP' template........
The internet does not need any censorship.
I'm starting to think it needs some, we could do with some real world censorship/enforcement as well. Though the 'offensive' acts I'm thinking of are pretending the views of a tiny 'moral' minority are supported by the majority.
ISP level filtering should be an optional add on - as in Opt-In. Should also be a paid add-on so that the rest of us don't have to foot the bill. Not a big one for 'the market will decide', but if there're really that many people wanting it then the offerings would increase/improve.
If in fact nobody really wants it, the offerings will disappear through not being cost effective, at which point that minority will make a fuss, and we'll end up back in the current mess....... bollocks. Gave that less thought than an MP gives to the workings of the www.
Re: Heart Internet
That one surprised me too, but then I did kind of think - who in their right mind wouldn't change the root pass as soon as they have access to the box anyway?
Still going by the looks of things
I don't remember it being free?
IIRC correctly it was 60p a call (just before the breakout of the 118's).
Now, most seem to be in the region of 60p a call + 60p a minute. So yeah, IMHO the consumer has definitely lost out.
Re: I'm amazed people use premium rate numbers
They don't always make it clear that you're still paying £1.50 upwards a minute in the call after they connect you. An absolutely disgusting tactic.
There used to be (still is?) a service called Scoot, aimed primarily at mobiles (back in the good old days of 192). I remember using them to get the number of a motorcycle spares shop, and being asked if I wanted to be connected "at just 1p a second".
My first thought was 'awesome, calls are 2p a minute normally', until a second or two after saying yes, my brain re-parsed the sentence to identify that it was 60p a minute. Quickly hung up and dialled the number myself.
Struck me at the time that whilst they were being honest about their pricing, it was a bit of a shady tactic to quote the charge price in seconds just to make it sound a lot lower than it was.
Re: It's a question of trust -- @ DrXym
I would guess that most stopped reading at
The Pirate Bay is a web site which thinks nothing of facilitating the download of illegal content
To be fair to TPB, how many 'upstanding' advertisers are likely to want to be associated? The ads you see may well be there because they are the only ones willing to advertise there (incidentally, for some real treats, route your connection through Germany!).
I agree about the protocol/source being reviewed, but for slightly different reasons. If you're releasing a new protocol, I don't care whether you're TPB, Apple or Sir Tim Berners-Lee, it should be open so everyone can implement it.
Re: Two factor authentication
Whilst that's true, hardly an excuse for not using existing mechanisms is it?
Re: Try to set a strong password on outlook.com...
Surely that should be
... characters like an hyphen (-).
Yeah, sorry, felt like being an arse.
Why deny it to people who do need it?
Quite right, but why force it on everyone when a few need it?
Not had the 'choice' screen come up yet. But when it does it'll be going off.
I've got a toddler, and the only time he gets on the net is when he's sat on my lap (or hits an ad in Angry birds). Filtering/censorship is a parental role, so when the time comes I'll set up my own filters rather than expecting the Government to force it on everyone, and certainly well before I ever expect the Telco's to implement filters that get it almost right.
I can see why some people might find this kind of filtering helpful, but it should have been an opt-in choice rather than a 'lets turn it on for all' choice.
We're all going to pay for a filter that most of us don't want. As connection speeds increase, the capabilities of the nannynet system are going to need to improve as well to handle increased traffic. That either means our bills go up, or we get sold lower speeds (so pay more for less). The system could have been just as well implemented as a £5 a month add-on for those who want/need it.
> FACEBOOK TO BLAST YOU WITH AUTOPLAY VIDEO ADVERTS
The tone of the title strikes me as a bit rich considering readers have been subjected to the Dynamics advert
Just saying, is all
Re: Microsoft Dynamics advert
to excessively large ads to ones that seem to slow PCs down to a crawl.
Yep, a little while back I was forced into a choice between
- block all ads on El Reg
- Stop visiting El Reg
There was no inbetween, without ads blocked the site was unusable. Hardly likely to be good for advertising revenue that.
Re: Microsoft Dynamics advert
Then you could have a nice page that says, this ad was provided by such-and-such a network, and we're sorry they've buggered up our site. Thanks for reporting it, we're just despatching the advertising complaints team with the baseball bats with nails in now...
And to raise extra funds
... Send your £10 donation for the right to join the advertising complaints team on this outing
Re: Microsoft Dynamics advert
I've made a conscious decision not to allow ABP to do it's stuff on El Reg, it's a decision I'll soon be reconsidering if the Dynamics ad doesn't disappear soon.
Wasn't that long ago that I unblocked ads on El Reg, having blocked them as a result of a Dell ad slowing my system to a crawl. If I have to block them again, they're going to stay that way.
Fittingly enough, the ad in question is squatting at the top of the page as I type.
Yup, given you need to get the user to install something first, almost seems easier to create a 'game' that asks for every permission possible and just grabs as much as possible remotely, that way you don't need to go through the hassle of physical access (though you lose some of the benefits).
In all fairness to AC
x + Java = security nightmare
Where x could be Linux, Windows, Mac, a Jam sandwich.
If Java is involved, you can expect a security nightmare.
Not that I condone trolling of course, especially when the poster doesn't have the balls to at least post under their own name
Re: Stop wasting the Police & your ISP's time
2) People can choose to send email to any postbox they so desire. You, as the server admin, can choose to reject any emails that you choose. Again, not malicious, not DDoS, not 'hack attempts' - this is just simply the consequence of running a publicly advertised service.
Assume you missed the reference to backscatter then?
The original mail isn't being sent to Dom@example.com, it's being sent as though it were _FROM_ Dom@example.com. Receiving MTA is bouncing it, and it's coming back to his server (the mailserver for example.com).
Not DDoS or a hack attempt, but I can't think of a non malicious reason (assuming you consider spam malicious) to forge your email address...
Re: Am I better off not hiding
They'll know (or be capable of noticing), but aren't likely to care.
The question is, why spend out money on that when you can just as easily set up Tor yourself? That's all it's using.
Bear in mind the latency that Tor tends to introduce too
[B]y the end of 2014 all existing customers will have been presented with an unavoidable choice
So inavoidable that I bet most of those here won't even see it. Everything else BT try to make 'inavoidable' seems to be done with DNS hackery. Means I'll likely never be given the choice to take option 3
Re: It's only irresponsible if we remove any tariffs....we should put MORE in place.
Based on your comment you're a USain. How do you think the US did so well in the early days? You jumped across the ocean and announced that only copyright issued in the US was valid. There was plenty of gamesman ship then too.
Not that any of it's right, just a bit rich for a nation to complain about another doing exactly what it did, and in some cases continues to do ( use of the name scotch or champagne comes to mind).
Re: Off the top of my head.
It'd also be something of a pain for anyone who needed to receive data from you and others. Storing a (relatively) small key isn't too big an issue, storing half a fecking library because everyone you know uses a different book is a bit of a hassle.
Feels like an appropriate thread to mention double ROT13......
Re: Welcome to a world created by....
Totally agree with you though, parental responsibility these days seems to be "get others to take responsibility, and if something happens to my kids, it's THEIR fault!".
The problem is, this reinforces that too.
I've already had this conversation with wifey, and when we get asked the question the filters will be off. Littlun will grow up with the filters I put in place, filtering content that I feel is inappropriate. Alongside those filters will be the most important thing - discussions and parenting. Quite frankly, if he reaches the point that he's technically apt enough to get around my defences then he'll have earnt all the
wonders smut that awaits.
I'm treating it as a learning experience for him. Will be heavy on the logging, but the filters will start off easy and get harder and harder (*snigger*). Teenagers are always going to want to get at this stuff, so might as well take advantage (whilst teaching him not to) and make sure he learns a few things along the way.
As for going to a mate's to see it, didn't we all?
- +Analysis Microsoft: We're making ONE TRUE WINDOWS to rule us all
- Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
- Pics It's Google HQ - the British one: Reg man snaps covert shots INSIDE London offices
- White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
- The END of the FONDLESLAB KINGS? Apple and Samsung have reason to FEAR