back to article Google logins make JavaScript mandatory, Huawei China spy shock, Mac malware, Iran gets new Stuxnet, and more

This week there were Hacked Home Hubs, buggered BBC Bits, and PortSmash privilege punch-ups. But that wasn't all that happened – here's a weekend roundup just for you. Huawei helped China with hacks, says Australia So it turns out all those governments weren't just being paranoid when they barred Huawei from working on …

  1. frank ly

    Wait

    "... Stuxnet was able to physically destroy uranium subterfuges, ..."

    I thought it was the Stuxnet subterfuge that destroyed the uranium centrifuges. Have I misunderstood what happened?

    1. steelpillow Silver badge
      Joke

      Re: Wait

      A subterfuge is a subterranean centrifuge. Don't you know anything? (sorry)

    2. diodesign (Written by Reg staff) Silver badge

      Re: Wait

      Nah, just a typo, mate. Obvious. Don't forget to email corrections@theregister.co.uk if you spot anything wrong.

      C.

      1. Claptrap314 Silver badge

        Re: Wait

        You have to understand. Open-sourcers are in it for the glory. Unpaid editors want some kind of compensation. Emailed corrections get no upvotes.

        1. Anonymous Coward
          Anonymous Coward

          Re: Wait

          There is such a thing as just being a helpful person, but I guess that's so last century.

  2. steelpillow Silver badge
    Flame

    So not, Google

    "we recommend that you keep JavaScript on while signing into your Google Account so we can better protect you."

    No No No you bunch of hypocrites. Turning off javascript is what I do to protect myself - especially FROM YOU!

    Google's active Captcha-style login ("click through a bunch of images that show a storefront", etc) is ubiquitous on the web. On many sites now it is impossible to log in without enabling much of Google's javascript. We are forced to let Google track our movements wherever we go, even to harvest our login details should it so desire. Even outfits like Dropbox will just go "oh, well, we use Google's captcha system now, so we don't care about our users or our security ownership any more."

    Sick, sick, sick.

    1. devTrail

      Re: So not, Google

      "No No No you bunch of hypocrites. Turning off javascript is what I do to protect myself - especially FROM YOU"

      If you use Google account you are not willing to protect yourself anyway.

      1. Anonymous Coward
        Anonymous Coward

        Re: So not, Google

        If you use Google account you are not willing to protect yourself anyway.

        I do use the gmail stuff to protect myself. That's where I keep my spam accounts.

    2. Anonymous Coward
      Anonymous Coward

      Re: So not, Google

      > Google's active Captcha-style login ("click through a bunch of images

      > that show a storefront", etc) is ubiquitous on the web.

      One particularly crazy example is Ordnance Survey. In order to download their OpenData free maps data you have to do a Google Street View “click on the storefronts” test, i.e. you have to help their competitor to improve their product.

      Another annoying one is the Pensions Regulator. Businesses are legally required to supply them with information about automatic pension enrollment, and this has to be done online, and it requires that you enable Google Javascript and complete a street view captcha.

    3. #define INFINITY -1

      Re: So not, Google

      The thing that really struck me is the association of 0.1% with the word 'tiny'. Design-by-telemetry will make 'advanced technology' a big fucking joke, and we'll be wondering why we gave up the simple life of cattle, spears, a warm fire--no stupid decency laws requiring us to bow down to Gucci and the likes--and periodic wars when the good life increased our numbers excessively (where we can die a soldiers death instead of being subjected to mental examination because we haven't elbow room to enjoy the fruits of nature), before the year 2030.

      Dear Google,

      Normal developers are happy with 1 user of their software. You are willing to turn your back on--at a guess--close to a million users who think Javascript is a piece of (I'd say codswallop but I'd feel compelled to look that up first) whatever is left over after the vultures (hi El Reg, no offence) and hyenas have had to look for other prey.

      Sincerely,

      Someone who needs a better alias

    4. Warm Braw

      Re: So not, Google

      we can better protect you

      I have cookie persistence disabled which means I get regular warnings from Google that I'm logging in from an unknown device. And now this. They could do with some sort of "I'm not mad enough to store anything of value on a Google server" setting for those of us who don't really care about their "protection", but do find their throw-away services of temporary use from time to time. Sorry, I could do with it, it's clearly of no interest to Google to help me protect myself.

      1. steelpillow Silver badge
        Facepalm

        Re: So not, Google

        The Google mindset; "If we don't see it, it doesn't exist."

        Actually no, Google. The reason you see so few visitors running NoScript is that so many of us privacy-savvy netizens USE DUCKDUCKGO and only turn to Google as a last resort.

        Exercise for the Google staffer: and why do we use DuckDuckGo? All together now; "BECAUSE WE DON'T NEED TO ENABLE JAVASCRIPT".

        1. bombastic bob Silver badge
          Mushroom

          Re: So not, Google

          and if I _DO_ use google, it's with javascript TURNED OFF. I don't need their SLURP or TRACKING, either.

          Whatever clueless DIM BULB up at Google headquarters *FELT* that the world *MUST* bow to their demands, and enable scripting _JUST_ for _THEM_, deserves the backlash. And that includes *ANYTHING* that uses 'google metrics' or any OTHER such CRAP.

          If for some reason I _MUST_ use a web site that has this *GOOGLE* *SCRIPT* *SLURPY/TRACKY* *CRAP* in it [after sending a nasty complaint letter] I _ONLY_ do so in a browser that _ERASES_ _ALL_ _HISTORY_ _AND_ _COOKIES_ _AND_ _OFFLINE_ _DATA_ after I close the window.

          'googleanalytics' - who needs that again?

          1. Mark 85

            Re: So not, Google

            "'googleanalytics' - who needs that again?"

            Google and their customers who want to sling ads at users.

            1. Pen-y-gors

              Re: So not, Google

              "'googleanalytics' - who needs that again?"

              Google and their customers who want to sling ads at users.

              True, but there are other more reasonable use cases. e.g. for someone who has built a website using AHRC funding, they really like to know how many people visit the website, from where etc. Same with local authorities justifying spend on websites - how many people actually visit them? Even businesses justifying costs to bean counters need numbers. It's not just ad-slinging.

              1. Anonymous Coward
                Anonymous Coward

                Re: So not, Google

                @Pen-y-gors

                You can use locally hosted Matomo instead of Google Analprobe, so that the only people who know about your web traffic is your organisation, rather than nefarious third parties.

                https://matomo.org/

                1. onefang

                  Re: So not, Google

                  "You can use locally hosted Matomo instead of Google Analprobe,"

                  Other software for counting users is also available. It may even be built into whatever you used to build your website.

              2. Anonymous Coward
                Anonymous Coward

                Re: So not, Google

                Same with local authorities justifying spend on websites - how many people actually visit them?

                There's a lot of good freely available (and even non-JS!) analytics software that doesn't rely on google analtics or another rubbish from them.

          2. Anonymous Coward
            Anonymous Coward

            Re: So not, Google

            >Whatever clueless DIM BULB up at Google headquarters *FELT* that the world *MUST* bow to their demands, and enable scripting _JUST_ for _THEM_, deserves the backlash.

            Oh but they were not clueless. Rather they learned from FB that the vast majority simply do not care and that is where most of the money is. So they will continue earning billions.

            For my part I installed Vivaldi and use Duckduck go which also happens to be the default search engine in Vivaldi.

          3. Anonymous Coward
            Anonymous Coward

            Re: So not, Google

            Sadly, Google is probably now big enough that they can (mostly) tell the world to bow to their demands nowadays.

            (Which is of course why I don't use any Google services if I can possibly avoid it, but with some friends who have GMail accounts and Android phones, and all those annoying half-baked web developers who like to stuff their websites with Google Analprobe, and scripts and fonts needlessly hosted by Google (rather than hosting their own), it is almost impossible to stay clear of this plague...)

      2. RegGuy1 Silver badge
        Happy

        I have cookie persistence disabled

        Yes indeed. Tell your browser to delete ALL cookies when you close it. Then close it NOW.

        Ok, back again after opening it? That wasn't too bad, was it. And now all those connections are with NEW cookies, so less tracking. Of course, you could have rebooted your router so you got a different IP address. That just helps to make the analytics that little bit more complex.

        None of this is foolproof. But you can remain the 0.1%[1] who are doing something extra to protect themselves.

        [1] 0.1% of a very BIG number is still a BIG number.

    5. Shadow Systems

      Re: So not, Google

      I was wondering what all the fuss was about. My browser doesn't have JS enabled, Google Analytics is blocked by my HOSTS file, & I'm not getting any whining from Google about logging in to Gmail. Then I read elsewhere it's specific to SmartPhone visitors & it made more sense.

      Dear Google. I refuse to allow JS on my browser because it's a security hole large enough to do doughnuts through with something small like the Milkyway Galaxy. Your CAPTCHKA system is in violation of the ADA/international disability regulations, & stops me from accessing my account, but if I turn JS off then suddenly I can get in just fine without the artificial & illegal hurdle. So please tell me again how you're trying to make my experience more secure, the other one has bells on!

    6. Pascal Monett Silver badge
      FAIL

      JS ? Are you mad ?

      Given that JavaScript is used in 99.9% of all malware attacks these days, telling me that I should enable JavaScript "for my protection" is so pitifully wrong that it is not even laughable.

      1. Adrian 4

        Re: JS ? Are you mad ?

        Sure, but there's form.

        How many banks tell you to use their 'security software' - that runs on Windows ?

    7. Anonymous Coward
      Anonymous Coward

      Re: So not, Google

      Strangely the gmail login works for my spam accounts.

      Kinda surprised actually.

      And no, no JS BS especially from google. I make sure they're blocked as much as I can.

      (And yes, I use gmail for spam accounts and why not? Not like I'd put anything valuable there!)

    8. WolfFan Silver badge

      Re: So not, Google

      Google ate my gmail account recently. I was told that they "could not verify" that I was the "owner of the account". Basically, I had that account since 2005 and very rarely logged in using the web interface. This last time I tried to set it up using MS Outlook. Apparently Google really hates it when they can't get all the info they want.

      I'm now, temporarily, on Zoho. I will have my very own domain with its very own email shortly.

      And I use DuckDuckGo and usually have JavaScript turned off. Bite me, Google.

  3. Milton

    "uranium subterfuges", O Joy

    "Stuxnet was able to physically destroy uranium subterfuges"

    Some typos—or perhaps quasi-Freudian slips—are things of beauty. Who doesn't now want to read "The Centrifuge Subterfuge", a gripping thriller about Israeli intelligence? If, that is, it hasn't already hit the waves as Big Bang episode title ...

    ... anyway, to the writer of this article: whatever was going on in your head, cherish it forever.

    (I also eagerly await the post-impeachment tome by the WaPo team, "The Trump Dump".)

    /coat

    1. steelpillow Silver badge
      Coat

      Re: "uranium subterfuges", O Joy

      Puts a new spin on plot subterfuges, doesn't it.

      1. The Dogs Meevonks Silver badge
        Happy

        Re: "uranium subterfuges", O Joy

        You appear to have made a typo of your own... It should be 'plot centrifuge' :)

    2. diodesign (Written by Reg staff) Silver badge

      Re: "uranium subterfuges", O Joy

      Friday pub o'clock editing strikes again. Sometimes the mind wanders after editors have a few pints or tequila shots. Oops, I've said too much.

      C.

      1. Agamemnon

        Re: "uranium subterfuges", O Joy

        I was at a company Eng lunch where 104 shots of Cuervo were on the reciept...as a line item...it was a long receipt.

      2. WolfFan Silver badge

        Re: "uranium subterfuges", O Joy

        'Tequila', eh? So you're saying that the Trumpanzee is correct to blame the Mexicans for, well, everything?

        Vlad disapproves, too. You should be drinking vodka. Russian-made vodka, of course, so that the Shirtless One can get his rake-off... ah, 'taxes and duties', that is.

    3. Shadow Systems

      Re: "uranium subterfuges", O Joy

      It already has a theme song: You spin me right round!

      *Ducks & runs*

      1. This post has been deleted by its author

  4. onefang
    Black Helicopters

    "a Down Under government source in reporting that on at least one occasion Huawei was pressed by the Chinese government to provide access to a foreign network."

    Isn't that the sort of thing recent Aussie legislation is trying to make sure the Aussie government can do? You know, the legislation that world+dog is saying is a really bad idea.

    1. The Central Scrutinizer

      Yeah we're getting ready to eat a really big shit sandwich.... but the sheeple don't seem to care, or even know about it.

      1. John Brown (no body) Silver badge

        "but the sheeple don't seem to care, or even know about it."

        Well, yeah, Australia. Aren't there more Sheeple than people there anyway? Especially on the big outback stations where men are men and sheeple are scared.

    2. Woza
      Joke

      "Isn't that the sort of thing recent Aussie legislation is trying to make sure the Aussie government can do? You know, the legislation that world+dog is saying is a really bad idea."

      Oh, don't worry, we don't have a communist government, so it's ok!

      1. Tom Paine

        Correct.

    3. Tom Paine

      At the risk of stating the bleedin' obvious, apart from the obvious stuff like the ethnic cleansing of hte UIghers - there are concentration camps right now, on this planet, and your phone (and mine)was made in the same country - the thing is that Australia's our ally and China is a hostile foreign superpower.

      Is it really that big a stretch to find spying by the one to be a bad thing, and the other to be a good thing?

  5. sitta_europea Silver badge

    "Another annoying one is the Pensions Regulator. Businesses are legally required to supply them with information about automatic pension enrollment, and this has to be done online, and it requires that you enable Google Javascript and complete a street view captcha."

    Well on the bright side, at least I don't have to install Adobe crapware to do my tax returns any more...

  6. Anonymous Coward
    Anonymous Coward

    If the 'tiny' 0.1% of users were not significant to Google, they wouldn't be pushing Javascript as mandatory, I suspect that the 'tiny' amount has in fact grown to 0.1% and they are mandating Javascript in an attempt to prevent it becoming a whole number percentage...

  7. PaulVD

    If Google can prove it is human...

    ... then I will submit myself to its ReCaptcha test.

  8. Anonymous Coward
    Anonymous Coward

    Gmail alternatives

    Remember Gmail is not the only email provider in town. I use 1337.no (no commercial interests, it is a free service) for that extra Bazinga. Oh, and it gives you a free license for that exclamation mark when you sign off "Right on, commanders!"

    1. Lomax
      Alert

      Re: Gmail alternatives

      > it is a free service

      Then you are the product.

      1. Anonymous Coward
        Anonymous Coward

        Re: Gmail alternatives

        >> it is a free service

        >Then you are the product.

        It is clear that none of the 9+ down voters even tried checking out 1337.no as it is free. I use this and also nyx.net, both of which are run on a volunteer basis by people who believe in freedom, including standing up to heavy handed governments. The infamous "garden ornament" case that sent Secret Service crashing down the doors at Nyx should be proof enough. Nyx was started by a university professor who declared that Internet access should be a human right and then proceeded to assemble Sun servers and dial up modems to follow up on that. Today they have a volunteering lawyer on board to make sure the government is keeping the correct distance.

        So yes, cautiousness is all well and good but actually checking out the truth is also worthwhile.

        1. Anonymous Coward
          Anonymous Coward

          Re: Gmail alternatives

          It is clear that none of the 9+ down voters even tried checking out 1337.no as it is free.

          Would check it out but...Can only register from a Norwegian IP address.

          At least I think that's what the error says...

        2. Tom Paine

          Re: Gmail alternatives

          >>> it is a free service

          >>>

          >> Then you are the product.

          >>

          >I t is clear that none of the 9+ down voters even tried checking out 1337.no as it is free

          I seem, so a wealthy philanthropist funds the servers, the software, the network transit, the admins to look after it --- and all because he loves us, and wants us to send a lot of email.

          Yeah. right.

    2. Crazy Operations Guy

      Re: Gmail alternatives

      Or, you know, you can spin up a VPS and throw some simple IMAP / SMTP software on it. I've been doing this for a while, I built an IMAP server running OpenBSD with Dovecot installed on top. Cost me a whole $8 a month of a pair of machines running on opposite ends of the earth (Oslo and Auckland and using two different providers) syncing their mail with each other. Certificates are provided via Let's Encrypt (There is a client included into OpenBSD's base along with an SMTP daemon that supports encryption and authentication).

      For the $60 a year it costs me for the machines and the domain name, I get peace of mind that at my mail is safely hidden from advertisers. Plus I get as many email addresses as I want and use whatever the hell protocols I feel like using.

      1. Kevin McMurtrie Silver badge

        Re: Gmail alternatives

        It's pretty easy to do at home if you can get your ISP to turn off their port blocking. I've had almost no downt... Wait, there are 9000 porn sites?

        1. Anonymous Coward
          Anonymous Coward

          "Wait, there are 9000 porn sites?"

          Probably a couple of orders of magnitude more. I just wonder how log he took to find and access so many - at work. Who knows, maybe he also asked to work overtime, because he was really busy with a research about some deep, mysterious caves, and wobbling hills under the "thrusts of an earthquake"... maybe he also presented the results to his supervisor, which immediately asked for a copy... really, nobody found him before?

    3. Anonymous Coward
      Anonymous Coward

      Re: Gmail alternatives

      I use BlackBerry Hub because I feel sorry for them.

      When I switched off gmail on my phone and changed to BB, the battery usage dropped about 20%. It would be interesting to know why.

    4. Anonymous Coward
      Anonymous Coward

      Re: Gmail alternatives, 1337.no

      The 1337.no website attempts to make requests to google.com, googletagmanager.com, fonts.googleapis.com, and maxcdn.bootstrapcnd.com.

      Oh, and connect.facebook.net too.

      Nowhere near as l33t as they might think they are :(

  9. vtcodger Silver badge

    Quis custodiet

    we recommend that you keep JavaScript on while signing into your Google Account so we can better protect you.

    As they used to say in the old country back before the Romans (unwisely) pissed off the Visigoths Quis custodiet ipsos custodes?

    1. This post has been deleted by its author

      1. Stevie

        Re: People called Romanes they go the house?

        And what have they ever done for US?

        1. Zolko Silver badge

          Re: People called Romanes they go the house?

          "And what have they ever done for US?"

          the Internet ?

  10. Steve Graham

    delete malware

    "admins would be well advised to make sure they are running the latest version of SystemD"

    No, no... I have a better idea...

    1. steelpillow Silver badge
      Pint

      Re: delete malware

      Icon for Mr Graham, there.

    2. rnturn

      Re: delete malware

      Lennart and company won't be happy until Linux is saddled with its own version of Patch Tuesday featuring Systemd security fixes. It won't suffice to turn off security-plagued services if Systemd has insinuated itself onto your systems. I'm already using Slackware on several systems and considering switching others to that or to Devuan to avoid this fiasco.

      1. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      Re: delete malware

      I'm starting to think this systemd thing might not be all it's cracked up to be.

      1. Anonymous Coward
        Anonymous Coward

        Re: delete malware

        I'm starting to think this systemd thing might not be all it's cracked up to be.

        Well, you got the "cracked" part right.

  11. GrapeBunch
    Big Brother

    Marvin was an optimist

    Is it just me, or is this particularly depressing? The claim by google that the web is safer with JavaScript on than with it off, sounds like something RHH would tweet. And aside from a few snide remarks in the comments, nothing going the other way. What could it be? A recipe for using google in a VM? Starting fresh every time like a library or cafe computer?

    Here's another instance of behavioural engineering, if you like. Facebook now hides more of the comments on a thread. "View 2 more replies ", "More ...". Sometimes you have to click dozens of times to read an entire thread. Before, it was PgDn. They want to keep us clicking, automatically, the first step towards unfortunate results, and I wasn't thinking of RSIs.

    In the title, it is Douglas Adams's Marvin, though perhaps Limeliters's Marvin would be a better thought.

  12. Jamie 14

    Google - FBI

    Wait a mo! Didn't the FBI. Recommend that Java script should be disabled some years back!?

    1. holmegm

      Re: Google - FBI

      >Wait a mo! Didn't the FBI. Recommend that Java script should be

      >disabled some years back!?

      Yep. Just like everyone used to recommend that you keep the family computer in the living room.

      I still do ... while everyone else's kids carry internet connected computers in their pockets. Funny what people get acclimated to.

  13. Sierpinski
    Terminator

    Javascript will protect you

    protect you, from the terrible secret of space. Please go stand by the stairs.

  14. m-k

    a tiny minority of our users (0.1%) choose to keep it off

    who cares about the tiny minority (was it up to 50%?) who run one (or dozens) of ad-blockers, including java-killers!

  15. mhenriday
    FAIL

    The Australian/Bellman

    A report from The Australian (paywalled) cites a Down Under government source in reporting that on at least one occasion Huawei was pressed by the Chinese government to provide access to a foreign network.
    Just the place for a Snark! I have said it twice:

    That alone should encourage the crew.

    Just the place for a Snark! I have said it thrice:

    What I tell you three times is true.

    Henri

  16. Doctor Huh?

    Heroic Horny Geologist Does Favor for Fans of Solo Sex

    I'm shocked that there are 8,999 safe porn sites. The USGS might recoup some of its costs by publishing the list.

  17. Cuddles

    Static content

    "Chances are, JavaScript is already enabled in your browser; it helps power lots of the websites people use everyday. But, because it may save bandwidth or help pages load more quickly, a tiny minority of our users (0.1%) choose to keep it off," Google offers.

    "This might make sense if you are reading static content"

    Static content like search results or email, for example? I suppose maps might need some clever stuff going on somewhere, but I can't think of anything else Google provides that isn't entirely static content with no use for Javascript. Maybe advertising and tracking would need it, but they said they're doing this to protect their users, not to make it even easier to steal everyone's data. Right?

  18. Pen-y-gors

    Prawn and malware

    It's interesting that the user visited 9000 prawn sites and only got infected once. I remember an article a while back that suggested that said sea-food purveyors tended to be some of the safest and malware free, as they are really, really keen to encourage visitors to come frequently (I could probably express that better), and if they get an electronically transmitted disease every time they call they will visit a different emporium next time.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like