* Posts by Donn Bly

302 posts • joined 10 Jan 2008


Poor people should get slower internet speeds, American ISPs tell FCC

Donn Bly


You might be confusing the quote (the part in italics) with my post, because I don't make such assumptions.

In addition, I don't have to imagine investing my own money. I used to own a wireless ISP back in the time-frame with WISPA was starting, and some of my friends/friendly local competitors were even among their officers. I am quite aware of the market and its challenges. Some 12-15 years ago when the municipality where I live looked at doing their own fiber rollout I saw the writing on the wall and sold off the ISP, even though we were the ones supplying the municipality with their bandwidth, and signed up my home to be on the waiting list for the municipal network. It took a few years before it got connected (and I suffered with DSL in the meantime) but it was worth the wait.

I wasn't happy at the time with public money being used to compete with private enterprise, but today I would be among the first to admit that in my local situation it was the right thing to do -- even though I was one of the private enterprises with which they were competing.

Donn Bly

It isn't about being cheaper for themselves

Well ISPs in the US already get a subsidy to pay for them rolling out broadband to less well off areas. This whole article is about how they'd like to reduce the definition of 'broadband' to make it easier (and cheaper) for themselves.

Actually, this article was about a meeting with WISPA. WISPA is a trade organization of local independently owned ISPs that deliver services over license-free wireless. The problem is that license-free wireless does not support the speeds of "broadband" as currently defined, even though they supported broadband as it was defined when they first started. Most WISPA members don't currently get subsidies, so your premise is incorrect.

WISPA members' problem isn't that their networks are worse, it is that the definition of broadband changed. Since the definition changed, they are no longer eligible for the subsidies. Since they aren't eligible for the subsidies, their growth rate is slower and unserved areas still don't get any service.

The areas we are talking about here aren't cities and urban areas, they are small towns and farms out in rural America where the antennas go on top of tall buildings and grain silos. The networks are slow and fragile, but in many parts of the country they are the only thing short of satellite service or dialup for Internet access. Many of these areas don't even have reliable cellular service.

Part of their problem is they use obsolete technologies that were never originally intended for outdoor point-to-multipoint use, the other part of the problem is that the cost to change exceeds the price point that consumers will pay. In effect, they are the obsolete wagon makers being superseded by the automobile. In that sense they will die off by attrition on their own without outside life support, so the question then becomes should public money be used to support them?

If yes, then people complain about the subsidies, but if no then areas will continue to go unserved.

Any area in the United States that is currently unserved is because it isn't economically feasible to do so. Internet access is a commercial venture so the companies have to operate to make a profit, and they aren't going to willingly enter a market where they know that they are going to lose money. That's why you don't see cable companies or phone companies building in those areas.

Note that I use the term "unserved". Unserved and Underserved are two different things, and you cannot equate the two. Since the subsidies go for both unserved and underserved, the larger players are taking subsidies to build out in the "underserved" areas where they can make money, but not in the "unserved" areas where they cannot.

Quite frankly, none of the choices are a good ones. Either you put public money into a dead business model or citizens don't get any Internet access at all, and even if you spend the public money the citizens still don't get broadband. Is half a loaf better than none?

My hope is that newer technologies will evolve to fill this gap, but I've been waiting for decades. Technologies have improved, but they haven't outpaced the consumer demand in this area.

Let the downvotes begin by all of the people who are too ignorant to know that there are more flavors of wireless and more types networks than cellular.

Linux.org domain hacked, plastered with trolling, filth and anti-transgender vandalism

Donn Bly

Re: Ooooh...

It may be easy to steal domains from them, but it is a real pain in the @ss to try to transfer any away from them. Sometimes it is easier just to pay their extortion fees for another year than spend the amount of time it takes.

Cops called after pair enter Canadian home and give it a good clean

Donn Bly

Re: Ooooh...

In my college days I can remember one of my roommates going out on a cold and snowy morning to warm up their car, which also involved cleaning off about a foot a snow and digging it out from where it had been plowed in by the plow truck. However, when he went to leave for classes he noticed a problem in that the car he warmed up was a stick, while his was an automatic.

Alexa heard what you did last summer – and she knows what that was, too: AI recognizes activities from sound

Donn Bly

Re: Failure of Understanding

Your standard household land-line telephone had an always-on microphone. Your cell phone has an always-on microphone. Your bluetooth headset has an always-on microphone.

Just because it has an "always on" microphone doesn't mean that it can do the things they claim. In this case, the author implied that an echo "skill" has direct access to the audio as a background process. That is false, and it isn't how the equipment works.

That is not to say that someone cannot design such a system, just that the system named in the article doesn't have the hardware capabilities attributed to it, and the phone in your pocket is definitely a more attractive target than an echo or google home.

Donn Bly

Failure of Understanding

Alexa, informed by this model, could in theory hear if you left the water running in your kitchen and might, given the appropriate Alexa Skill

Once again someone doesn't understand how these things really work, and wants to impart into them capabilities that they don't really have.

1) Unless you say "Alexa" (or "Amazon", depending on model and configuration) first, the ambient sounds aren't even sent up to Amazon's servers for processing.

2) The "skill" only receives what Amazon's servers decoded in speech to text, they don't receive the raw audio.

Now, that being said, it is certainly possible to hack an Echo with different firmware and make it do something different, but with its underpowered CPU hacking a phone (or just writing and deploying an app without hacking its firmware) would give you access to greater computing horsepower attached to an always-on microphone.

"Hey Siri" or "Ok Google" are a much more likely attack vector.

Uncle Sam gives itself the right to shoot down any drone, anywhere, any time, any how

Donn Bly

Re: Inevitable

Only if it is unmanned.

So if you are sitting in it, no. If you get out and instruct it to park itself, yes.

Couldn't give a fsck about patching? Well, that's your WordPress website pwned, then

Donn Bly

Re: Ooooh...

It's not just "newer versions" automatic update - automatic update was introduced in version 3.7, which was released on October 24, 2013. FIVE YEARS AGO.

Take ANY five year old server OS and there are lots of security issues - why would you expect a web application to be any different?

If someone is still running something that old then it is obvious that they DON'T have a "web admin" so telling "web admins" that they need do update isn't going to do any good.

It does, however, create a market opportunity for someone who wants to scan websites looking for potential customers. Nothing illegal as it doesn't require a deep probe, just grab the index and see if there is a "<meta generator=" line with a version of wordpress that is old. If there is one, then you know that (1) they are using an old potentially vulnerable version and (2) they aren't using any kind of security plugin. All you then have to do is convince the site owner that they need an upgrade.

Microsoft gives Windows 10 a name, throws folks a bone

Donn Bly

Re: Java

Thank you, I was unaware that the Java requirements had been refactored out. The dependencies on Java were the reason I stopped using Open Office years ago and stopped following its forks and development. Looking now it appears that it is only required by the database and related functionality such as mail merge.

Donn Bly

Re: Java

Wow, already 11 thumbs down because I don't want to make my OS which is already riddles with security holes any worse by voluntarily installing Flash, Acrobat, and Oracle's Java runtime? I didn't realize that there were so many malware writers hanging out in these forums.

Donn Bly


Last time I looked LibreOffice still required Java. There is no way that I am going to allow the Java runtime and all of its security holes on my home machines - Just like I don't allow Flash and Acrobat.

I don't know the current percentage, but I banned them when those apps combined hit 90% of all commonly-used infection vectors. I mean, think about, Java is worse than IE....

AI biz borks US election spending data by using underpaid Amazon Mechanical Turks

Donn Bly


Popcorn isn't exactly nutritious, but it isn't fattening either. Just cut down on the butter and salt and you can continue to enjoy the spectacle without the guilt of indulgence.

No need to code your webpage yourself, says Microsoft – draw it and our AI will do the rest

Donn Bly


Great, for years I have been saying that the designs I've been forced to work with look like they have been derived from a crayon drawing -- now it may actually be true.

Security MadLibs: Your IoT electrical outlet can now pwn your smart TV

Donn Bly

Re: This bug cannot be used to infiltrate a network

The reason it cannot be used to infiltrate the network is, by the nature of the bug, that you have to ALREADY be on the network in order to trigger it. Can it be used to make things worse? Sure, but it can't be used for the initial infiltration.

Donn Bly

This bug cannot be used to infiltrate a network

This bug cannot be used to infiltrate a network, because the only way to trigger the bug is is you are ALREADY on the same network of the device.

If you are already on the same network you could just as easily send the commands to turn the TV on or off directly, or deliver any other payload, and with that level of penetration then hacking the Wemo switch is superfluous.

Ex-UK comms minister's constituents plagued by wonky broadband over ... wireless radio link?

Donn Bly

Re: A microwave link to populated areas?

if you have more than 10 people you're likely to run into capacity problems with microwave links, let alone reliability issues.

Properly spec'd and installed, a microwave link is reliable and you aren't going to have capacity issues. Remember "Microwave Link" and "WiFi" are not the same thing. Carrier grade equipment isn't cheap for a reason and that even at the low end there are plenty of gigabit+ options.

Microsoft: We busted Russian Fancy Bear disinfo websites

Donn Bly

Microsoft accuses the Russians - but just like most other accusations there is no credible evidence released to support the conclusion. Not to say that there isn't any -- but if there is they haven't released it for review.

Russia is the proverbial "boogeyman" in American cyber-threats these days - but I'm getting more than a little tired of the baseless accusations. A state-sponsored actor with enough skill to hack a website is certainly going to have the ability to hide the origination of their attacks - or to deflect evidence of origination to someone else.

Is Russia posting disinformation and propaganda trying to create dissent within America? Of course, but then again, so is almost every American political organization. Russians may have bought some facebook ads targeting Clinton, but Clinton probably outspent them in their ads targeting Sanders. The AFLCIO outspent them by more than 10x in their ads targeting Trump. None of the ads had much if any actually influence on the election itself, and they certainly didn't "hack" the election to change any vote once the vote was cast.

So do they have a "track record" or attacking politicians? No more than anyone else.

Donn Bly

Re: Why

The courts seem have forgotten that Microsoft has no jurisdiction or right of ownership -- just like they forgot it when Microsoft submitted perjurious and otherwise false affidavits to the court to STEAL 22 domains from No-IP a few years ago, taking down some 1.8 million websites that relied on those domains for DNS services and potentially intercepting their private email. At least then they were caught red-handed and the domains were returned within days.

So phar, so FUD: PHP flaw puts WordPress sites at risk of hacks

Donn Bly

Re: Does anybody use phar://?

Since phar:// is a PHP construct, not a Wordpress one, whether or not you touch the GOLIATH that is WordPress is immaterial. Like it or hate it, WordPress is the most commonly used CMS on the web and we all have to deal with it on occasion even if we don't want to do so -- even if just as a website visitor.

The framework itself is actually audited and pretty stable, but I shudder whenever one of my clients wants to add a plugin.

Haven't looked at this announced vulnerability yet, but since it requires users to be authenticated AND have the ability to upload a file (presumably an image since thumbnail generation is mentioned), the vast majority of sites aren't going to be affected.

Democrats go on the offensive over fake FCC net neut'y cyberattack

Donn Bly
Thumb Up

Thank you for a balanced article

Those who follow my past comments know that I have periodically pointed out what I felt was rather one-sided reporting by this reporter, that his articles on FCC matters often felt more like propaganda than technology press. This article, however, was much better -- Balanced and calling out the FCC on where they failed, but instead of jumping on the bandwagon correctly pointing out many of the current attacks against the FCC and Pai are partisan politics and not policy-related.

Kieren, thank you for a well-written and balanced article.

Windows is coming to Chromebooks… with Google’s blessing

Donn Bly

Re: It's happening...

Even with virtualization the chromebook has more computing horsepower than mainline desktop systems of 10 years ago. The problem isn't lack of beefy hardware, it is bloated applications.

Surprise, surprise. Here comes Big Cable to slay another rule that helps small ISPs compete

Donn Bly

Re: How to lie with statistics?

Competition certainly provides more options, and it may depress prices and lessen the amount of price gouging, but it won't really keep them from ripping you off unless the competition is organically generated through the free market.

If you have "no option" to any anything but Comcast, then what that really means is that there is a market opportunity for a new player. In a free market, that new ISP could put in their own lines and provide service, and if they can provide the same or better service for less money then they will win the market.

If a municipality or other government mucks with the free market by creating an artificial monopoly, it is rather hard for them to complain that there is lack of competition. Regulations should be put in place to ensure a free market, not limit it. Laws passed to keep Google or any other provider out of a city are bad, but laws that require an ILEC to let a CLEC use any infrastructure without the CLEC having to pay any build-out expenses can be just as bad because those laws not only discourage investment in overcapacity, they actively discourage rolling out new technology that has a high build-out expense but a low maintenance expense -- such as fiber.

Donn Bly

Re: What benefits does a "Nationwide" ISP give you?

The perceived service certainly isn't better. After all, customer satisfaction on cable and phone companies ranks at the bottom.

What it does give you, however, is that the nationwide ISP has more exit points. It has more diverse connections to the Internet "backbone" than a smaller regional ISP.

As such, the regional ISP may have better customer service, but be more susceptible to an outage caused by an upstream provider. With the nationwide ISP if there is an outage it is generally caused by an internal problem. In theory that should mean that they will be able to address and fix it faster, but of course theory and reality are often in disagreement.

Donn Bly


To get real competition municipalities need to re-take ownership of the last mile. When you don't own your infrastructure you are at the mercy of monopolistic corporations and their pet legislators

Have you seriously thought about this? You want to take the private property away from the companies that built it, only to then let the government control who can provide you with services? And you think you are the mercy of pet legislators now but won't be once the lines are nationalized?

All you would do is trade one monopoly for another.

Donn Bly

How to lie with statistics?

The article/report talks about ILECS and CLECs -- which are phone company manifestations, then switches years to cable without any correlation and acts as though they are equivalent. They are not.

The report talks about CLECs not having equipment in exchanges -- and that is blatantly false. CLECs often/usually have equipment in exchanges, as they use the incumbent lines but their own switching equipment which is how they can gain their competitive advantage.

I don't know if it is something that crept in as an editing error, whether the author just copied something from the report without reading it, or whether the author honestly doesn't know the difference between a CLEC, ILEC, and white label reseller.

The report talks about how CLECs have installed fiber in 8% while ILECs have installed in only 6%, and uses that as justification that ILECs don't make investment. The entire cable plant of the ILEC is an investment. For a CLEC a fiber run is an green-field buildout. A new line is always going to be implemented using now-current technologies. For an ILEC the fiber run is just maintenance and expansion because they ALREADY have copper plant installed. To compare one against the other is like saying that the guy who buys a car is making an investment but the guy who changes the oil on the car already purchased does not. It is not an equivalent comparison.

Likewise, saying that the newer, smaller companies have invested more in comparative terms than the established players ignores in newer and faster technologies ignores that ALL of the investments in a startup are going to be in new stuff, so of course the percentage of investment is going to be higher. Is the new carpenter that buys all new tools better than the guy who is already working and has been using the same hammer for the last 20 years? Tooling is not something that you can use to make an accurate comparison. You have to look at what they do with the tooling. From THAT you can say that the smaller companies are doing a better job at serving the consumer.

I am sceptical of the statement in the article that that there is no place in the country where an ILEC or cable company, in the absence of competitive carrier reusing their lines, offers broadband as currently defined by the FCC. If true, it says more about the FCC and their changing definition than it does about ISPs, because I've been on broadband for over 20 years.

And you really expect me to believe that an incumbent carrier only offers faster lines when they are pressured by competition? If that were true, we would still be on 128K DSL because the lack of competition would never have driven carriers to improve. Heck, we might even still be on dialup.

Consumer demand is what drives growth, not competition. Competition can SOMETIMES help drive consumer demand, but it does not directly drive company growth. Consumer demand is more than just the consumer wanting it, it is the consumer willing to PAY for it. When consumer demand exceeds the existing supply, a new supplier will form to pick up the slack. When consumers were willing to pay for service above what Sprint offered, Sonic was formed to take up that slack. Good for them, good for the consumer, and that is how the free market is supposed to work.

"Big Cable" is bad enough that you don't have to make stuff up to discredit them. It looks like the report on which this article was based would have been better subtitled "how to lie with statistics"

Bank on it: It's either legal to port-scan someone without consent or it's not, fumes researcher

Donn Bly

Re: Code

They are running code in my machine without my explicit consent for their own benefit..

That statement is correct for just about any website that you visit, including this one. If that alone were the problem then every website that uses and kind of browser scripting would run afoul.

You didn't explicitly give the site permission to validate that you entered a valid date before submitting the form? Then that would be a violation in your eyes.

I don't use the bank, but I can definitely see the utility of doing a mini-scan warning you of potential RAT or remote access software being active before you are given the chance to enter your userid or password. However, it should probably be put on the page as a first step, ie, a message displayed that says "click continue to run a prerequisite security check before entering your userid".

Alaskan borough dusts off the typewriters after ransomware crims pwn entire network

Donn Bly

Using Old Backups

Seriously? For most people having a recovery plan that involves using backups is not only normal, it is part of best practices.

The fact that some of the backups are a year old isn't abnormal either. If the source code of a software package hasn't changed in years, artwork for logos, etc. then why NOT use a years-old backup that you know is safe.

When restoring a backup in this situation you want the OLDEST backups that have the data you need, not the newest.

They had "disaster recovery" servers. I read that as hot spares with automatically replicated data. Unfortunately, automatically replicated data means a lack of air-gap, so they got infected with everything else because they didn't consider this type of "disaster". How do you recover from that? Well, you bust out your second-tier recovery solution which is generally archived backups.

Yes, this "security event" was enabled by insecure policies and practices. Most likely some administrator had made a decision that a network-wide share that housed executables needed to be read-write (or the applications used demanded it), and/or one or more people with admin access used their admin account daily instead of having a second account. Those two situations - found in the MAJORITY of small networks, cause this type of problem to go from "annoyance" or "major catastrophe"

Basic bigot bait: Build big black broad bots – non-white, female 'droids get all the abuse

Donn Bly

Re: A next step?


(1) The the voice used does not match the robot's visual characteristics and the lips aren't synced.

(2) The paper says that they took some of the comments from ADOLESCENTS when they deployed the robots as teachers.

(3) They claim racism but make no effort to categorize the racial diversity of the group making the comments.

(4) they put up a video of female-styled telepresence android and have a women give her a hug and grab "her" behind, and they don't expect to get sexualized comments?

Yes, the "study" is a joke.

Did you know: Lawyers can certify web domain ownership? Well, not no more they ain't

Donn Bly

Email from the same domain?

Since it is so trivial to spoof an email, how could they even CONSIDER email from the domain as a "secure" method of validation?

On whois information not being valid, while the whois system has imploded if someone puts false information in whois and gets a certificate with it, it certainly isn't any LESS secure than allowing them to authenticate with a DNS TXT record or place a file on a webserver.

I did notice about a month ago when I went to try to get a certificate for a new domain name that Comodo no longer accepted gmail email addresses as contacts, even though that was how the domain was registered. Since the domain wasn't going to be used for email we hadn't even considered setting up email for it, so I had to jump through some hoops to make dns changes to set up MX records and set it up on a mail server JUST so that we could get the cert - only for us to revert back to no email as soon as the certificate was issued. Not overly complicated, just an extra hurdle on a Friday afternoon for an already rushed job. For the next one after that we just used "Lets Encrypt" and didn't bother going back to Comodo.

Friday FYI: 9 out of 10 of website login attempts? Yeah, that'll be hackers

Donn Bly

Re: An honest question.

Dozens of websites are compromised every hour, let alone day. How many times a day do you want to reset all of your passwords?

Don't panic about domain fronting, an SNI fix is getting hacked out

Donn Bly

Re: Or we finally switch to IPv6

After further thought, I think you are right and SNI isn't necessary over IPv6 -- but it may not be for the reason you might think.

With IPv6 and every device having its own globally unique address, snooping on the packet for SNI would be pointless because the unique IPV6 address would have already given away any of the information you would have otherwise gained by snooping on the host header.

Congratulations, you just gave me another reason to dislike IPv6, and I didn't realize that was possible.

Donn Bly

Re: How does Encrypted SNI protect against censorship from DNS Providers?

I get that -- but that isn't what the article says. Encryption between you and the DNS provider is a good thing, but at the provider level censorship can still occur and SNI visibility has nothing to do with it one way or the other.

Donn Bly

Re: How does Encrypted SNI protect against censorship from DNS Providers?

But DNS over TLS does not prevent a DNS provider from censoring. The DNS provider still knows the hostname, otherwise they couldn't do the name resolution.

Donn Bly

Re: Or we finally switch to IPv6

So you think that forcing every web site on a single server to have its own, separate IP address is less of an ugly hack than SNI?

Donn Bly

How does Encrypted SNI protect against censorship from DNS Providers?

I've seen this mentioned a few times, including in this article, that SNI visibility can be used by DNS providers for censorship. I question the accuracy of that statement.

I fully get that a "man in the middle" can listen and censor, but that is someone in the middle, not the DNS provider. SNI visibility, or lack thereof, has no impact of the ability of a DNS provider to censor.

First, when talking about SNI we are generally talking about requests to the web server, and those do not go to the DNS server.

Second, in order to resolve the request the DNS provider has to know the host name. DNS protocol transmits the hostname in the clear, but even if the protocol was enhanced to send it encrypted to avoid a man-in-the-middle attack the DNS server would still have to be able to decrypt the packet in order to resolve or forward -- and either way it would have the hostname and could do whatever filtering or censorship desired by the operators.

'Fibre broadband' should mean glass wires poking into your router, reckons Brit survey

Donn Bly

Re: I suspect that as a percentage of the total the number is quite small.

Actually the survey clearly shows the exact opposite - that people DO NOT understand the details of the connection. The proof of that is that they think that "fibre" means fibre all of the way to the premises when in fact only 3% of the country has that infrastructure, and if they DID understand the details then they wouldn't be confused about the difference between FTTP and FTTC.

People may think that they care, and say that they do, but that is usually because they have been confused by the marketing hype. All they REALLY care about is that they can stream their cat videos and porn without interruption. The method of delivery is as meaningless as the video codec used - as long as the video flows they really don't care how it was encoded or compressed.

Yes, FTTP is nice. I have it as several of my locations. Every building can have their own light channel all of the way to the headend, on a circuit that is not subject to RF interference and new enough that the problems that face aging infrastructure such as water incursion aren't going to be a major problem.

However, most people don't actually want to PAY for it if less expensive alternatives that are "almost" as good are available.

In my experience if a consumer is provided with two choices, even if one is clearly superior to the other, then they will still usually choose the less expensive one (and then complain because it isn't as good as the more expensive one).

I am all for clear and accurate advertising so that consumers can make informed decisions. However, instead of worrying about HOW the product is delivered, why not concentrate on the product itself? Advertise true rates, have actual service level agreements with committed information rates, and let the consumer decide. If you have a 1 GB low-latency low-jitter circuit do you really care if it is handed off to you as fibre, coax, or twisted pair? If so, then you should ask yourself why, because the only difference is marketing hype.

Apple emits iPhone cop-block update – plus iOS, macOS, Safari patches

Donn Bly

Re: Preventing it from going into USB restricted mode

Why would the phone allow ANY connection via USB if it is locked?

I know that my Android phones don't. If I want to access them via USB, I must unlock them first.

Sueball claims Apple broke hacking laws with iOS batt throttling code

Donn Bly

Re: Trespass to chattels?

Well, if you run that OS you have already given your express permission - at least in their mind.

The reason this case should fail, however, is that the processor throttling code was designed to preserve the advertised functionality of the equipment to ensure that continued to meet the advertised fitness of purpose. They advertised battery life in hours, not how many iops the processor gives any particular app at any time. As part of basic system maintenance they extended battery life so that it came closer to that of when the unit was new, and did so without taking away any of the abilities of the device.

Contrast this to Samsung, who slowly killed off each of the features on my S6 Active that I used until the phone no longer performed the functions for which I purchased it.

Yes, Apple should have been more transparent - but when has Apple been transparent about anything other than their store furnishings?

They grow up so fast: Spam magnet Hotmail turned 22 today

Donn Bly

Re: GMail

You will need your GMail passwords once you replace the phone and the tablet - or need to do a factory reset.

And even the passwords might not be enough when you have turned on two-factor authentication. Guess what happens when your authentication device is the one that needs to be replaced, and you have to log into your account first in order to do it....

In my case luckily I had one machine that I had marked as "trusted" and was still logged in -- I had to drive to that location to turn off two-factor authentication, then drive back to the store to get the phone replaced. Back up SMS authentication? Well, that also went to the dead device... Back up phone number? That went to a land line whose anti-telemarketer protection rejected the calls from Google as spam.... Then I had to re-setup everything that I had using Google Authenticator for two-factor since you can't restore them or transfer them to another device....

USB-C for Surface owners arrives in form of a massive dongle

Donn Bly

Re: Ooooh...

I'll take it off your hands for you. I'll even pay shipping....

Microsoft sinks another data centre with Natick 2

Donn Bly

Re: Yeah ... international waters

As these units are Microsoft's, under current US Law then US Laws would apply to them even though they are in international waters.

However, if they are in International waters and not "flying the flag" of a country, then they also aren't going to be signatories to any international treaties or protected by them. As such, they are probably going to be fair game for whatever country wants to take a crack at them because, if for no other reason, there isn't going to be an ambassador from another country coming around to complain about the interference.

US websites block netizens in Europe: Why are they ghosting EU? It's not you, it's GDPR

Donn Bly

Re: Overreach

Its a little different, you are not visiting a site in a different jurisdiction, rather, that site is entering the EU and doing its business in it, subtle but big difference.

Actually, you have that a bit backwards. The site is NOT entering the EU. People are using the Internet to leave the EU and enter into wherever that site is hosted, and the site's legal compliance begins and ends with the jurisdiction where it is hosted.

If the operator of the site doesn't have a presence or assets in the EU, then the EU Laws (including GPDR) do *not* apply to them, regardless of whether the site users are from the EU or not. Just like the laws of Saudi Arabia or Iran do not apply to a company based solely in the EU or US.

Now, if the company does have a presence in the EU, even a minor one, or actively solicits business in the EU then the EU laws DO apply. The key is "actively". Just having a website that is accessible from the EU is not enough. Even having a multilingual site isn't enough. However, initiating a call to solicit business from someone inside the EU *IS* enough, no matter where they may be based, as is placing an advertisement in an EU publication.

There are many contradictory laws between different countries, and it is impossible to comply with all of them. As such, you only need to comply with the laws of the countries where you are based and do business. If you need to do business in a country that has laws that contradict your own, you set up a separate affiliate company that handles all of the business in that country, and you make sure that company follows all of the laws in the country in which you based it. Similarly, want to do something that is illegal in your home country then you just have to set up a company in a country in which that "something" is legal -- just make sure that any profits from that never make it back to your home country...

As for the news sites in this article, my guess is that they thought that they didn't need to worry about changing things because they weren't in the EU, until someone pointed out that they have correspondents in the EU and as such they need to comply with the EU laws...

You know that silly fear about Alexa recording everything and leaking it online? It just happened

Donn Bly

Re: How naughty have Amazon been?

Is it normally possible for a user to command Alexa to send a recording to one of their contacts?

Yes, It is normally possible for a user to CALL one of their contacts, provided that they have the free feature enabled. It is also a normal feature for a receiving party to have voicemail delivered as an attachment.

Donn Bly

What is the voice recognition version of "butt dialing" called?

Last year Amazon added hand free calling to Alexa, in preparation for their fall launch of their echo "show" line of video phones. You had to "opt in" to enable it, and again to give it permission to access your contacts, otherwise the feature is disabled. It looks and sounds like they enabled it, and voice recognition misunderstood something that was said and it called their friend leaving a voicemail message.

In other words, they did the Alexia equivalent of "butt dialing".

This is a wake-up call (pun intended) that these devices often have features and capabilities that one may forget and they can be accidentally triggered with less than favorable results.

In The Reg's article today Ubuntu 18 Scott Gilbertson makes some points about "click-baity headlines in this day and age of advertising-driven, small publishers" and how they generate and feed controversy. Though Kieren does a good job in handling the topic, the publicity surrounding this event in most other media sources is a prime example. Nobody would have thought twice about it if he had accidentally made the call using his cell phone instead of using his echo speakerphone.

President Trump broke US Constitution with Twitter bans – judge

Donn Bly

Re: First Amendment Violation?

The difference between this and those kicked out of public meetings for being rowdy, obnoxious or rude is that the court was considering those excluded based on the content of their opinions, not their behaviour.

Now that I've started reading the case document, I'm even more convinced the judge has erred. The judge jumps from blocking (which defendants do not dispute) to making an unsubstantiated assumption as to the reason they were blocked. Each of the blocked plaintiffs admit that they took actions over and above voicing their personal opinions, and those actions are just as likely if not MORE likely lead to their being blocked. As such, even his own finding of fact supports that it was behaviour and not just content of opinion.

Additionally, the convoluted reasoning and justifications used to establish an "injury" to the Knight Institute is laughable. Blaming Trump because Knight wants to read the opinions of someone else that they don't themselves follow. If Knight wanted to read the person's posting then they should follow them, not demand that someone else do it for them.

I also disagree with the reasoning saying that Twitter is a public forum. If his reasoning stands, then an official's own own email account could be considered a public forum as well, and if it is a public forum then Twitter is now obligated to publish everything even if it violates their terms of service.

You know all of those Russian accounts that Twitter dropped? Well, those fake accounts had someone's political opinions and as a public forum it would be illegal to drop them and their messages.

No, this finding is going to get at least partially reversed on appeal. If not, the unintended consequences / collateral damage will be quite significant.

(And no, don't take this as support of Trump - they should not have blocked the accounts and they should be unblocked - but the reasoning the judge used doesn't cut it)

Donn Bly

First Amendment Violation?

I have a big problem with this judges ruling and its consistency with the rest of US law. There is a big difference between silencing a person's views, and mandating that a specific forum be maintained to host those views. The first amendment says that they government may not pass a law preventing someone from speaking their mind about a political subject, but it does not say that every possible method be made available to them. They may not be able to post on Trump's own feed just as they can't spraypaint their message on the side of the White House - but they can certainly post on their OWN twitter feed. They can write a letter, start a petition, do ANY NUMBER of things. Their right to speak their opinion has not been blocked.

This is one of the reasons that I dislike mixing "social media" and "government". Social Media is conducted within the terms of service of a private sector organization. A private sector company has to be able to say what is, and what is not, allowed on their servers -- especially now that the law has changed so that they can be criminally liable for user posts even if they don't know about them. If Trump or some member of city council posts something on twitter, does that now mean that Twitter has to host it indefinitely and allow other people to comment on it?

If a politician posts something on their own website, such as a letter of comment from a constituent, does that mean that they have to allow ALL people to be able to comment on it and be forced to publish those views/letters as well? If not, how is that any different than posting something on Twitter or Facebook?

People who get rowdy, obnoxious, or rude get kicked out of public meetings all of the time, and repeat offenders get banned. How is that any different than getting blocked on Facebook or Twitter? Or is this judge saying that it isn't different, and that people can't be banned from speaking at public meetings or removed from the podium when their allotted time runs out?

As much as I hate Trump's obnoxiousness, especially on twitter, I don't agree with this judge and expect this to get flipped on appeal. As long as people can read his drivil, and the government doesn't forbid them from posting their own drivel well thought out opinions, I don't see the first amendment as written being violated.

One year late, US senators act on fake net neutrality comments that drowned the FCC

Donn Bly

They want to implement CAPTCHA? On an API?

CAPTCHA is an obsolete, broken technology. The solve rate of bots exceeds the solve rate of humans. If I have CAPTCHA on a form and the it passes, it is more likely to be a bot than a human.

An API is designed to be used by automated processes, and CAPTCHA defeats that purpose. There are ways to secure API's but CAPTCHA isn't one of them.

This is why politicians should stay out of the details on technology. They should define the objective and establish accountability, but let real technicians decide the details. They don't seem to have a problem defining objectives, but have a real problem on the accountability aspects.

Press F to pay respects to the Windows 10 April Update casualties

Donn Bly

Re: Wasn't it last year when MS put out an update that destroyed everybody's DHCP?

I don't remember - but it was only last month when they put out an update that destroyed static IP addresses

'Alexa, listen in on my every word and send it all to a shady developer'

Donn Bly

Re: Skills ?

The words "program" and "application", when first used in context of computing resources, had absolutely nothing to do with the meanings which you now impart upon them. Using your own logic, those words shouldn't have ever been used either.

In this case, Amazon has probably chosen "skill" instead of program and application (or "app") to differentiate them, because they are neither programs NOR applications. You CANNOT install any third party software on an echo.

That is one of the reasons why Amazon uses the word "Enable" instead of "Install" -- because unlike a phone or computer you can't install anything.

What an echo skill does is extend the abilities of the echo by applying a filter to the translated text stream and proxying it off to a another server for processing. It is trivial really. In the industry we would probably call them "plugins" or "processing rules" but the reality is that most of the product's target demographic thinks that a "plugin" is a air freshener made by Glade but DOES understand "skill". A "developed talent or ability" does in fact fit what they are trying to accomplish, even reinforcing the perceived anthropomorphic characteristics of the device that they are trying to market.


Biting the hand that feeds IT © 1998–2018