* Posts by Ben Tasker

1638 posts • joined 23 Oct 2007

Scumbags cram Make-A-Wish website with coin-mining malware

Ben Tasker
Silver badge

Is it me

Or does this article feel a bit more Daily Mail than El Reg?

> The time of year might also have had something to do with the filth choosing Make-A-Wish as their target

To be honest I'm not used to hearing "the filth" in a context that doesn't mean the Old Bill. In any case, doesn't feel very El Reg, and reads more like a Daily Mail outrage piece.

18
1

Court doc typo 'reveals' Julian Assange may have been charged in US

Ben Tasker
Silver badge

> so its taken the US 8 years and a change of president to charge him in secret? It took weeks to tey to get snowden.

As others have noted in the thread, it's more than likely this charge relates to the Mueller investigation rather than Assange/Wikileak's earlier antics. It's in the right district to be related, and the timing's right (rather than years late).

But, yeah, either way, he's never going to shut up now. But then, he never was

1
0
Ben Tasker
Silver badge

Re: Meh

> Too bad people judge him for the character he is and not for what he has done.

Or to put it another way, it's too bad that Assange took something good like the ideal of transparency driven by Wikileaks and then tainted it horrendously with his own character.

8
2

Facebook quietly admits role in Myanmar killing fields – but fret not, it will do better next time

Ben Tasker
Silver badge

Re: Ethnic cleansing?

> So basically a rohingya militant group (aka terrorists) attacked the authorities, and the result of this is military intervention. Any country in the world would react in the same way,

Maybe go have a read of what's actually been happening.

And then have a think on how you, as a dictator, might also call it a "military intervention" in response to "terrorists" rather than use the term genocide.

There was an attack by Rohingya terrorists. The response seems to have been to go into villages and execute women and children, along with the men. And not always directly. They've also reportedly been going to non-Rohingya villages and encouraging the people there to go and do the dirty work instead.

In the first month, they managed to kill at least 730 children under the age of 5. There's also something of a tendency towards rape by the military too.

This isn't some justifiable security operation with a bit of collateral damage, it's an out and out clearance operation.

> Assuming this is correct, killing 25,000 and allowing 14 times more (700,000) to escape doesn't sound like very successful ethnic cleansing

It doesn't need to be successful to be ethnic cleansing, and it doesn't need to be successful to be wrong.

12
0

Dutch cops hope to cuff 'hundreds' of suspects after snatching server, snooping on 250,000+ encrypted chat texts

Ben Tasker
Silver badge

Re: Oooh, clever !

> You don't NEED to put backdoors into encryption if you do it the way the dutch system was setup

Yup, if anything, this is an argument for why backdoors aren't needed.

11
0
Ben Tasker
Silver badge

Re: "End-to-end encryption" isn't?

> So, not only were the comms not encrypted end-to-end

It's quite possible they were end-to-end encrypted *before* the Dutch Police got their hands on it, but relied on the server to aid in key exchange (or perhaps to specify some other important element).

If that's the case then they may have adjusted the server so that the client's unknowingly did KEX with the server instead (so that it could MiTM).

Even then, though, you'd hope that 2 clients that had seen each other before would then warn their owners that the other ends key seemed to have changed. The various "standard" OTR plugins you get for various apps all do at least that

> if I understand correctly, there was no way to securely exchange encryption keys, e.g., at a personal meeting between Alice and Bob, to prevent MITM.

I read it that way too - or at least, if there was a way it wasn't widely used (and probably wasn't the default).

That's fairly common amongst OTR libraries though, some won't even let you import keys from another system (so if you have multiple devices you end up with multiple 'identities'), so probably not too surprising.

Most, though, do provide a fingerprint for you to verify out of band, others let you use a challenge/response mechanism (again, out of band), and would show the fingerprint as unverified until you've told it otherwise. Perhaps that got dropped while they were customising it?

Can't find an awful lot of information on their implementation on the net, but with the very limited information that is available it does sound like they customised OTR and made it worse.

5
0

HSBC now stands for Hapless Security, Became Compromised: Thousands of customer files snatched by crims

Ben Tasker
Silver badge

Re: There's no excuse...

So how many tokens do you carry around with you? I would change banks if I had to carry around a card-reader or token just to do everyday transactions

That, I think, is a big part of the problem/annoyance. If they'd all just agree to use something standard, whether a U2F token, TOTP or something else like that so that I can carry one dongle to rule them all it'd be much simpler.

I'd also be less worried about losing/breaking it because I could buy a second one and register it then keep it somewhere safe.

I do use 2FA, but the banks seem to have done a wonderful job of making it as inconvenient as possible without actually gaining much over other routes they could go.

Hell, some of them (cough HSBC) are trying to make it worse. When the battery ran low on my dongle, I had to fight them to get a new one because they wanted me to install their crapware on my phone to generate codes instead. And the HSBC app aint just a code generator, it's full access to your account. Fuck.... Right.... Off.

7
0

It's been a week since engineers approved a new DNS encryption standard and everyone is still yelling

Ben Tasker
Silver badge

Re: The whole thing is just utterly depressing

> I'm sorry but that is the exact purpose of DoH, to take control away from the network operator and give it to the user, and to make inspection harder and more expensive.

>

> In your case as you are the one doing the snooping it is going to make things harder, but that doesn't make DoH bad for users.

And how's that aim going to be achieved when networks at Schools, Universities and Businesses all start intercepting HTTPS traffic?

If you haven't got their CA installed, you'll get a cert warning and have a choice - proceed with everything visible to a man in the middle, or don't access whatever you were trying to access. If you have got their CA installed, you won't even get that.

From a user's perspective, I'd say that's a pretty fucking bad outcome either way.

And as a home user, I potentially still don't gain anything. My ISP partners with Google and has some of their kit on-net, so when my DoH request hits that PoP, and a plain query then goes out from that (with ECS information attached, so they can see which subnet the query originated from), they're still going to know what I was querying if they're bothering to watch.

8
1
Ben Tasker
Silver badge

Re: where are the implimentations ?

And what if you're doing split horizon routing? (Yeah, yeah, I know, I don't like it either).

4
1
Ben Tasker
Silver badge

Re: Doh.....

For all the "but it looks like HTTPS" arguments, it's still fairly trivial to block the ones that are most likely to be used by the majority of people (i.e. Cloudflare etc). Block TCP 443 to 1.1.1.1 and any others you can find on the net.

You don't, for a second, have to block everything. If you block enough to be inconvenient then users will likely start turning TRR off.

I'm not saying I support that approach, just that claims it's unblockable because it just looks like https are crap. A good traffic profiler will probably be able to start picking out likely TRR destinations too, so you could even auto-populate an ACL if you're willing to accept occasional overblocking.

11
0

The Chinese are here: Xiaomi to bring phones to the UK next month

Ben Tasker
Silver badge

Re: Proud owner of a MI Max 2

Yup, I've got a Mi Mix 2 and it's probably the best phone I've had in quite some time. It's predecessors were all Samsung at a considerably higher cost.

As other's have said MIUI can be a bit quirky at times though

3
0

London flatmate (Julian Assange) sues landlord (government of Ecuador) in human rights spat

Ben Tasker
Silver badge

Re: Devious masterplan?

> Are the Ecuadorans going to give him diplomatic protection to stop him being nabbed for bail jumping on the way?

They already tried/discussed reportedly, and failed, because the UK rejected it.

Remember, a country only *nominates* someone as a diplomat, the host country has to approve it. Funnily enough in Julian's case, that approval isn't likely to be forthcoming.

17
0
Ben Tasker
Silver badge

Re: Lets Get Real

> Also he should consider that self-imposed incarceration "time served".

From his filings, he does consider this time to be "time-served".

But no judge will, or should, agree with that. It's self-imposed incarceration at a location of his choice, and the accused doesn't, and shouldn't get to call the shots. At the far more extreme end of that, you could murder someone and then go live in an embassy (hopefully a more luxurious one) for 30 years then walk out and claim time served. Would anyone agree that was right?

I wonder if there's a risk that a judicial review of his current circumstances in Ecuador could in fact result in a conclusion that there's no grounds for offering him asylum, and that that offer should be withdrawn? Seems a bit dangerous to play whos-cock-is-bigger with the government that's providing the walls between you and arrest.

40
0

Congrats from 123-Reg! You can now pay us an extra £6 or £12 a year for basically nothing

Ben Tasker
Silver badge

Re: Was on 123, moved to FreeParking, then to Heart Internet

> Heart Internet are another part of the GoDaddy Hydra along with 123.

Indeed. In fact, if you look closely, you'll see they even use the same VAT number :)

1
0

Find these, er, appealing? UK.gov takes red pen to spy court rules, asks for Parliament's OK

Ben Tasker
Silver badge

Re: But not the European Court of Human Rights.

@codejunky

I suspect he was thinking more of things like asking where our employment rights have gone post-brexit, and when the NHS will see the funny money promised to it, and why farmers are worse off.

6
3

China's clampdown on Tor pushes its hackers into foreign backyards

Ben Tasker
Silver badge

Well Done

So in clamping down, what the CN Government have done here is help ensure that data stolen from Chinese businesses is now available to an international audience instead of being largely restricted to a domestic market (of sorts), so non-Chinese actors have easier access to data they can use to target Chinese citizens and businesses (and, potentially, the Gov itself)

That sounds like a goliath step backwards to me, though it'd obviously be spun as "we caused 90% of Chinese hacker forums to close" instead. Another lesson in why it's important to target the behaviour and not the medium.

6
0

Super Micro China super spy chip super scandal: US Homeland Security, UK spies back Amazon, Apple denials

Ben Tasker
Silver badge

Re: Who gains by this ?

> What would a country gain by hurting Bloomberg ?

I'm not saying it definitely is this, but if a country were already engaging in a trade war with China in an attempt to bring manufacturing home, then using a credible(ish) story like this to undermine confidence in the Chinese end of the supply chain could prove rather beneficial.

There's a rather large country in that position, who's administrations over time have been known to be less than bothered about generating misinformation to achieve perceived gains. Such an immoral administration would probably have no issues in conjuring up some credible 'sources' too - particularly when those sources are simply talking about having seen reports, pics etc rather than providing them to the targeted news organisation.

By all accounts, it would not be the first time Bloomberg has been played by Govt leaks.

30
3

Google is still chasing the self-driving engineer that jumped ship to Uber

Ben Tasker
Silver badge

Re: Spazturtle

> But he isn't calling his burger a McBurger to use your comparison, he is using his knowledge of how McDonald's make their burgers taste good to make good tasting burgers at his new job.

Having walked off with copies of all their recipes and designs for any proprietary cooking kit they've developed.

If I go to a new job and use my experience, that's fine. If I turn up with a copy of the ticketing system, the revision control system and future design plans from my old company, that's not fine.

They're not hounding a guy that's simply using his experience, they're chasing a guy that downloaded drives worth of their internal documents and then, effectively, tried to flog them onto a competitor (throwing himself into the bargain). Had he worked for someone else and tried to gain the same information, the phrase that would have been used is Industrial Espionage.

51
0

That syncing feeling when you realise you may be telling Google more than you thought

Ben Tasker
Silver badge

Re: Well, that's it

So your recommendation is that he does nothing and continues to feed data directly into their system?

It may not make a different to Google, and doesn't stop them using the data they've already gleaned (and the bits of data they will still manage to glean), but being an arse and criticising someone for deciding to stop wilfully handing over data does no one any favours, least of all you.

1
0
Ben Tasker
Silver badge

Re: Well, that's it

> I have killed my Google Play Store account.

Music or videos?

If the former, have a look at Subsonic. I got pissed off with Play Music a few years ago, so spun up an instance of Subsonic on a VM and haven't really looked back. The only thing is, the free app for Android is was a bit shit, so I paid £3 for an app called Dsub instead - there's probably some iOS alternative if the subsonic app for that misbehaves

1
0

'Incommunicado' Assange anoints new WikiLeaks editor in chief

Ben Tasker
Silver badge

Re: "Legal ways"

After penalties, subject can then make his own way to the country of his choice, with whatever extraneous risk (not our problem) that might entail.

I think we tend to prefer to deport people in Assange's position after they've finished their porridge. Assuming there isn't a new EAW in the meantime, that means we'd ship him back to the country he's a citizen of - Australia.

Of course, the egotist would probably take to Twitter and claim we've brought back transportation as a punishment, but what are you gonna do?

7
0
Ben Tasker
Silver badge

Re: installed a jamming device ????

You can't just jam "inside" the embassy easily as radio waves typically go through walls unless you've redecorated with a layer of tinfoil behind your new wallpaper. That'd make an "effective enough" faraday cage which would screw with a laptop or phone enough without actually inconveniencing people inside the embassy too much by stopping the use of wireless totally.

Want my guess?

I don't think they are jamming in the true sense of the word.

If you want to keep him off Pret's wifi, there's a far easier route. Get some CISCO (less extortionate brands are available) wifi access points and configure them to send disassociate packets for any SSID which isn't yours. Then don't let him on your own wifi.

Given large hotel chains used to do this at conferences, I don't see any reason why an Embassy wouldn't also consider it.

It wouldn't help with 3G/4G, but then the patchy coverage we get from the mobile telcos might be sufficient enough for that. Though, I guess you could run a Femto to provide connectivity in the embassy (overpowering the main signal) and strictly control what devices can associate to that.

0
0
Ben Tasker
Silver badge
Joke

Re: "Held"

<conspiracy> Maybe the Ecuadorians are now preventing him from leaving and no one has realised? </conspiracy>

You're right. They have cut off his comms, so how's he supposed to book an Uber now?

3
0
Ben Tasker
Silver badge

Re: Dumb question maybe, but didn't see it mentioned yet...

Presumably, the Ecuadorians

17
0
Ben Tasker
Silver badge

Re: "Held"

More to the point, even if you accept that he's being arbitrarily detained by the UK (I don't), they'd be the ones holding him. But it's Ecuador who let him in, and would totally let him leave, that have cut off his comms.

So even in his own distorted world he's being held AND kept incommunicado, not being held incommunicado. The "captors" in his tale aren't stopping his communication.

But, then he's never been able to acknowledge his part in any of this - it's all about trying to twist the view to convince people he's some innocent being picked on. It's that constant spin that makes it increasingly clear what a heap of bullshit it is he's been shovelling the whole time.

34
5

US cities react in fury to FCC's $2bn break for 5G telcos: We'll be picking up the tab, say officials

Ben Tasker
Silver badge

Re: Pronunciation

> So how exactly do you pronounce Pai?

I believe it's generally pronounced as /kʌnt/ or Kor-Upt

19
0

Trump shouldn't criticise the news media, says Amazon's Jeff Bezos

Ben Tasker
Silver badge

Re: Poor Jeff is so right, nobody takes his leftist hate pamflet seriously anymore

> I see you didn't reference the Washington Post article itself anywhere, so let me help:

I see much like the referenced article, you didn't bother to read the rest of my comment given that I did reference it, including providing a URL.

> Regardless of what the article might say,

Strangely, when discussing the written word, it tends to matter what those words say.

> I'm not sure that the last two years over-rides everything that has happened since the industrial revolution began. But maybe it does, maybe he is the evil god of hurricanes.

You seem unable to grasp that there's a difference between "He's complicit" and "He's the root cause". You can be complicit in a crime without being the one to commit a crime, for example.

6
0
Ben Tasker
Silver badge

Re: Poor Jeff is so right, nobody takes his leftist hate pamflet seriously anymore

> That's what Bob was alluding to in his admittedly florid prose.

It was Naive who posted it originally ;)

> It's a well-known tenet of the Left that those who "deny" global warm... excuse me, "climate change" have the blood of future billions on their hands,

Well, yes. If we as humans are impacting the climate - which looks damn near certain - those who try to deny it (particularly those who do so in pursuit of short term profit) do potentially have blood on their hands. It might even amount to the blood of billions, in a worst case scenario.

You can try and make this a left and right thing if you want, but the actual differentiator is that those who seek short term profit by denying climate change do not give a fuck about what happens to future generations. It really is that simple. That the feckless, money driven sociopaths seem to be drawn to the American right is an ancillary point - I don't think being right wing makes you one of them, but being one of them probably does make you lean heavily right.

Then you've got the feckless idiots who listen to these profit driven feckers. A good number of whom fall in demographics where (outside of lottery wins, strokes of luck) their descendants will be more heavily impacted by climate change (not being rich enough to protect themselves more).

So yeah, they potentially are complicit. Needing to be punished is something else, of course, but only a complete moron would deny that those people are complicit if it later turns out they were not only wrong, but knew it and were lying to make money.

15
3
Ben Tasker
Silver badge

Re: Poor Jeff is so right, nobody takes his leftist hate pamflet seriously anymore

> Washington Post claims president Trump is a sorcerer creating storms.

That is nuts

> https://www.breitbart.com/big-journalism/2018/09/13/nolte-from-terrorist-hurricane-creator-wapo-ramps-hate-campaign-against-trump/

Oh wait, that's your source?

OK, I put my internet condom on and followed your link into the stink.

Brietbart claim this - https://www.washingtonpost.com/opinions/another-hurricane-is-about-to-batter-our-coast-trump-is-complicit/2018/09/11/ccaed766-b5fb-11e8-a7b5-adaaa5b2a57f_story.html - is blaming Trump for the storm.

What is actually says is Trump is actively trying to downplay human-caused climate change, which is capable of increasing the severity of weather events.

At no point does it suggest Trump is a "sorcerer creating storms", just that he's a callous cunt who tweets semi-sympathetic stuff whilst laying waste to stuff that might help reduce the impact. That is, when he's not busy tweeting about himself in the aftermath.

Of course the Washington Post article is quite long, so it's no surprise that a Brietbart dweller might not bother reading it, even if the basis of it is only one paragraph long

Yet when it comes to extreme weather, Mr. Trump is complicit. He plays down humans’ role in increasing the risks, and he continues to dismantle efforts to address those risks. It is hard to attribute any single weather event to climate change. But there is no reasonable doubt that humans are priming the Earth’s systems to produce disasters.

62
4

UK.gov finally adds Galileo and Copernicus to the Brexit divorce bill

Ben Tasker
Silver badge

Re: To anyone pro-Brexit

> But the cost to trust in politics would be massive.

The cost to trust of screwing up implementing Brexit is also huge too though. For all the shit May has pulled, there's no denying she's in a fecking awful position.

6
0
Ben Tasker
Silver badge

Re: Remind me...

> I would suggest the current crop of MPs carefully consider their actions in the last few years and those to come, if they fail to keep their promises

There was a column written fairly recently suggesting that _if_ Brexit goes really badly wrong, and unrest spills out into the street, it might be unwise to be in the country for some of the more visible/memorable Brexiters. Particularly if those who are rioting used to support your position.

Hopefully it's not going to get anywhere near that bad, but if I was Boris (in particular), I'd be giving it long hard thought.

5
1

Redis does a Python, crushes 'offensive' master, slave code terms

Ben Tasker
Silver badge

Re: Reality check

Further up the thread, someone linked to the case of "Brainstorming" being termed politically incorrect.

Within the results of that statement is something that really underlines your point:

> However, in the survey, 93 per cent of people with epilepsy did not find the term derogatory or offensive in any way and many felt that this sort of political correctness singled out people with epilepsy as being easily offended.

The knee-jerk "we must protect them" without giving them any say, is itself potentially offensive.

I try not to offend, and will apologise if I have legitimately offended, but I never try to judge what might and might not offend someone else beyond the bleeding obvious.

9
0

Do not adjust your set, er, browser: This is our new page-one design

Ben Tasker
Silver badge

Re: Next change in line

This.

There's too much white on the frontpage (and on the site in general). Let me choose a dark design and it's less likely to strain my eyes when I'm just barely woken up.

Not sure I like the borders on the tiles either. But again, might look better with a dark theme.

12
1

First it was hashtags – now Amber Rudd gives us Brits knowledge on national ID cards

Ben Tasker
Silver badge

Re: "people already hand over masses of info to private firms"...

> Quite possibly but the key point to remember about this is that data taken in this way is taken by force. It was not voluntary.

If anything, her observations are arguments on why Governments should clamp down *more* on this data collection, rather than arguments for the Gov joining in.

9
0
Ben Tasker
Silver badge

Re: "people already hand over masses of info to private firms"...

> I rather fear that the reality is that you have handed over more data than you think.

The wise position for any privacy-conscious person to take is to assume that that is in fact true. They've already collected unknown data, so be aware that anything you let slip - however innocuous - could be used in combination with that unknown data.

For me, it's basically the same mindset as when dealing with security systems. It's not IF there's a breach, it's WHEN.

34
0

It's September 2018, and Windows VMs can pwn their host servers by launching an evil app

Ben Tasker
Silver badge

Re: So adblockers are now strictly necessary

>you must block all adverts.

And images. The site your one might be malicious, and one image is all it takes.

In fact, to play it safe, find a windows build of Lynx and be done with it.

0
0

Python joins movement to dump 'offensive' master, slave terms

Ben Tasker
Silver badge

Re: Brain-dead

> No, Client/Server is not the same as Master/Slave.

To be fair though, "Primary" and "Secondary" is not the same as Master/Slave either. Primary implies that it'll be used first (say by a front-end), which isn't necessarily true. You may in fact spread your reads across a Master/Slave.

Parent/Child is also different to Master/Slave in some instances, as it implies that the "child" was spawned by the parent. If you've got Master/Slave replication on your database instances (for example) that's almost certainly untrue. For processes we already tend to use parent/child anyway.

I'm not opposed to the discussion as such, it's just I think it's a bit of a waste of time - especially given the "improved" replacements don't seem to apply nearly as broadly.

9
0
Ben Tasker
Silver badge

> Fifty years ago, people missing a leg, or an eye were called "cripples".

FWIW, I still refer to myself as a cripple (though my leg is faulty rather than missing). That's unlikely to change either - I have had people tell me I should refer to myself using different terms, but they never seem able to explain how it *isn't* offensive to tell me what terms I can use to refer to myself.

31
0

Conference alert: Think you can save money by going Serverless?

Ben Tasker
Silver badge

> You still need to pay for the same capacity with the other company, plus their profit margin.

And factor in that prices will rise whenever they need to show "growth", or otherwise please the shareholders.

3
0

Lyon for speed, San Francisco for money, Amsterdam for fun: the best cities to be a techie

Ben Tasker
Silver badge

Re: Are electric car charging points that important?

> I would have thought 'adequate parking space' and/or 'cost of parking' would have much more relevance. It is no good being able to charge your green statement if you can't then park it,

Seems fair to me. But, in that case, a high number of charging points should probably detract from a cities score - the more charging points there are, the more spaces have been effectively dedicated to leccy cars and are unavailable for you with your ICE.

2
0

Chap asks Facebook for data on his web activity, Facebook says no, now watchdog's on the case

Ben Tasker
Silver badge

Re: @AC 'Facebook: Information in Hive not readily accessible'

Subject access requests aside, it may be worth remembering that from FBs point of view , the "service" is providing advertisers with as much targeting data as possible.

And from the law's point of view (i.e. the PoV that matters), the service is providing users with, well, Facebook. That's the service being provided to the user.

It doesn't matter that Facebook's customers are the advertisers, their data collection should be minimised based upon the service provided to users.

2
0
Ben Tasker
Silver badge

Re: @AC 'Facebook: Information in Hive not readily accessible'

Yes the information in Hive is readily accessible. However the queries will suck up quite a bit of resources doing full table scans.

You seem to think this lack of resources should be the user's problem. It's not. If Facebook cannot comply with the legal requirements of GDPR then it's very much their problem. At the very least they'll need to start working towards an architecture that does allow them to comply (because, let's face it, they're not going to stop collecting that data in the first place).

Who ever peddled this story is hoping that there aren't people reading it who actually know Hadoop or FB's internals.

If you read the article it addresses the GDPR related aspects of the difficulty in gaining access to the data, in various places including this:

Moreover, he pointed out that if the request is excessive, it is only because the amount of data collected and sent to Facebook is too large for one of the biggest companies in the world to retrieve.

"Which seems to be a breach of [GDPR's requirement for] data minimisation rather than my fault as a data subject requesting this data," he observed.

If Facebook are collecting reams of data, so much so that it's almost impossible for them to fulfil an access request for it, then that has connotations about whether they're actually collecting the bare minimum required to provide their service.

They've also rendered themselves unable to fulfil a legal requirement, so of course there will be an investigation. Rightly or wrongly, the internals of Hadoop are largely irrelevant to the law - if it means you can't comply, the view will likely be you should use a technology that _does_ allow you to comply.

6
0
Ben Tasker
Silver badge

Re: @AC ... The article confirms why Zuck acted so naive / dumb in-front of EU / US lawmakers

The only solution is for regulators worldwide to force Zuck to purge the HIVE from day-zero to now.

Uhm... easier said than done.

Data stored on HDFS (including HBase) is not mutable.

He said purge all the data. That's fairly straight forward: hdfs dfs -rm -r "/*"

If they want to keep specific bits of data, then yes that's trickier, but that's explicitly not purging from day-zero to now.

7
0
Ben Tasker
Silver badge

The ICO has issued a number of flawed decisions, but an ICO decision is far from the end of the line - it's not even precedent setting on the NEXT decision they make (never mind they're not a court of law).

Not to mention the complaint has gone to the Irish Data Commissioner, so the ICO are entirely irrelevant here anyway.

6
1

Spies still super upset they can't get at your encrypted comms data

Ben Tasker
Silver badge

Re: Too stupid and too late

> What about code or software outside the 5-eyes countries?

What about those within the 5-eyes countries? How many people here would stop working on encrypted stuff? I certainly wouldn't.

> What if you tunnel your encryption over HTTPS (443)?

To be fair, there are DPI solutions which can run pattern analysis on connections and predict whether it's likely to be web browsing, video streaming, IM style traffic etc inside. They also look at the handshake and fingerprint it to help identify Tor (for example). Not bullet proof, by any means, but simply sticking something on 443 isn't enough.

> Too stupid and too late. The 5-eyes Panopticon is dead.

The problem they have is they've taken a position that they cannot easily now back away from. They seem to have assumed that they'd be able to force their way of doing things, and completely underestimated the industries view of them once the Snowden leaks made it clear that you cannot trust these people with anything.

Want to collect intel on terrorists? Then maybe don't record and store anything and everything you can find. Don't push for (and get) Bulk Interference powers so that you can legally pop my router on the basis that a terrorist might be using that model somewhere. Don't push for (and get) powers requiring ISPs to record my internet browsing behaviour, and *definitely* don't try and shrug it off with "it's just metadata, harmless, honest guv".

They had a chance and they pissed it up the wall. Encryption is on the uptake, even in areas where it wasn't traditionally present, and long may it last.

21
0

As porn site pounds hard on piracy laws, Cox pulls out prematurely

Ben Tasker
Silver badge

Re: Who cares ?

> The only thing keeping it from being even more damaging than it already is is the safe harbor exemption.

^ That.

The DMCA is, and always has been a consumer hostile clusterfuck of legislation. It's (ab)used again and again in order to shut down things that should be legitimate - particularly in areas where there is no safe harbour or similar defence - circumventing technical measures for example. As an example, there's currently a hard-won exception to the DMCA so that you can legally root your phone (but not your tablet).

That exemption's only good for 3 years, and then it'll have to be fought for again (and again, and again). In 2013(ish) the exemption that allowed you to unlock your phone to another carrier (without your original carrier's permission) expired.

The fact there's even a hint of them reviewing the DMCA, much less at rights holders behest, should worry you greatly, whether you're in the US or not. Like it or not, our industry tries to follow the Septics, and they're potentially about to get fucked over again.

33
0

Keep yer plastic, says analyst: eSIMs aren't all they're cracked up to be

Ben Tasker
Silver badge

IIRC the US networks tried very hard (and may have succeeded) to have a "lock" included in the e-SIM spec so that they could network lock the e-SIM itself, rather than just the phone.

Ah, here we are, they even (allegedly) managed to get the GSMA to go along with it.

0
1

Porn parking, livid lockers and botched blenders: The nightmare IoT world come true

Ben Tasker
Silver badge

Re: What exactly is the Internet-of-Things?

I recently got fed up of explaining _again_ why I'm not having Alexa in my house. So I ended up writing this and just send people a link when they ask

Edit: make clicky

8
0

Basic bigot bait: Build big black broad bots – non-white, female 'droids get all the abuse

Ben Tasker
Silver badge

Re: Last time I checked Spain was in Europe...

> US racists can be really strange. A friend of mine is black in the UK but in the US he is English.

That reminds me of a reddit thread a while back (not the first) where a black British guy got into an argument with an American who was insisting that he (the black guy) was African-American. It's the sort of argument that you'd hope would end with "firstly I'm British, so you're at least half wrong", but the yank doubled down and carried on insisting.

I always found the term African-American a bit weird to begin with, it's not like the white americans are referred to as "European-American" or "Caucasian-American" after all.

30
2

Forums

Biting the hand that feeds IT © 1998–2018