* Posts by James Ashton

74 posts • joined 10 Nov 2008


FYI: Yeah, the cops can force your finger onto a suspect's iPhone to see if it unlocks, says judge

James Ashton

Re: Forced password entry not possible

Yes, they can jail you indefinitely, but they still can't force you to enter your password. That was my point. Jail doesn't force you to comply; it's merely coercion.

James Ashton

Forced password entry not possible

the state's higher court unanimously decided that there wasn't a difference and the cops could force a suspected pimp to unlock his phone by typing in the passcode

I can see how cops could physically force someone to swipe their fingerprints, though a determined suspect could make this quite difficult, with a serious risk of damaging the device. But there’s no way to force someone to enter a password, whatever a court may rule. You can coerce them with threats of fines and imprisonment, but you can’t actually compel compliance. That’s an advantage passwords have over biometrics.

Party pooper Microsoft pulls plug on Party Cluster

James Ashton

Re: users required a Facebook login or GitHub account to join the party

What's the betting there was a kick-back between Microsoft and Facebook?

Cache of the Titans: Let's take a closer look at Google's own two-factor security keys

James Ashton


is a pain for non-corporate use. You really need to buy two or three keys to deal with one being lost, stolen or failing. It's better for companies but I'm sure they're still not looking forward to their staff being forced to physically visit the helpdesk instead of just resetting their passwords over the phone. Of course, all those over-the-phone resets are a major attack vector which they should be closing anyway. Security costs money!

Galileo, here we go again. My my, the Brits are gonna miss EU

James Ashton

Re: Fgs

Are you expecting us to be at war with the USA any time soon?

The issue is not being at war with the US but being at war with someone with whom the US doesn't want you to be at war. Remember the Suez Crisis or, more recently, if the US was feeling more pro-Argentina and less pro-UK than in the 80s. Having Galileo means there's one less rug the US can threaten to pull out from under the EU in the future.

Amazon can't or won't collect sales tax in Australia

James Ashton

I dont really understand your objection.

Yes, the GST is great, etc., etc. What we're complaining about here is that Amazon appears to be refusing to collect Australian GST on the huge range of products in their overseas stores; instead, they're outright refusing to ship these to Australian customers. We can't get them even if we were willing to pay the extra ten per cent or, indeed, for any price through Amazon. It seems that Amazon is trying to aggravate Australian customers to spite our federal government.

Still, I'm not completely sure that the gloom and doom is all justified. The wording suggests that at least some of the products from international stores will be available via the Australian Amazon site somehow.

Time to ditch the front door key? Nest's new wireless smart lock is surprisingly convenient

James Ashton

Re: Bluetooth

In 99.9% of cases something usually needs to be put down in order to open the door by the handle

Lever handles for the win. Then you can use your elbow or your shopping to open the door.

Virgin spaceplane makes maiden rocket-powered flight

James Ashton

Re: SpaceShipTwo is great, less overhyped than SpaceX

No, SpaceShips One and Two are overhyped. Assuming equal mass, the energy required to reach orbit is more than forty (40) times greater than the energy required to reach an altitude of 100km. They're not playing in the same league.

Patch LOSE-day: Microsoft secures servers of the world. By disconnecting them

James Ashton

Re: Oh dear

> Very poor practice to rely on static IPs

Except in many cases ... and the DHCP server would commonly be one of those.

Sneaky satellite launch raises risk of Gravity-style space collision

James Ashton

"have the DoD destroy them with some air-to-space missiles"

Exploding anti-satellite missiles would be a *much* more serious source of space junk than a few tiny satellites.

US state legal supremos show lots of love for proposed CLOUD Act (a law to snoop on citizens' info stored abroad)

James Ashton
Big Brother

Re: Wow.... just... wow!

"You host anything, with a US based company, regardless of where the physical iron sits, Uncle Sam can Go Shoulder deep into your data and pull anything out he wants."

Bad news for you: it's not limited to US-based companies. Say you're a UK university with a small presence in the US for the purposes of purchasing, marketing, etc. What's to stop the US subpoenaing data held on a UK campus? You probably don't want to end up in a situation where university employees can't travel to the US.

Getty load of this: Google to kill off 'View image' button in search

James Ashton

Re: Bad bargaining

"Copyright infringement is a crime. It isn't stealing, but it is still criminal."

Nope. It varies by jurisdiction but commonly you have to be profiting from your copyright infringement for it to be a criminal act. Using a Getty image for your school assignment isn't going to result in any criminal penalty, even if you use the high resolution versions.

$14bn tax hit, Surface Pro screens keep dying – but it's not all good news at Microsoft

James Ashton

Re: But...

"Microsoft's agreement of purchase prevents class action law suit."

That might fly in the US: there are precedents there for software at least. I don't that kind of clause is going to be effective to many other jurisdictions though, especially for hardware.

What a Hancock-up: MP's social network app is a privacy disaster

James Ashton

"May" bad for privacy.

' "May" being a word that European data privacy watchdogs have strongly discouraged companies using'

"May" also being a name they probably feel strongly about as well.

SpaceX delivers classified 'Zuma' payload into orbit

James Ashton

Rumours of ZUMA Failure

There are now multiple conflicting rumours of ZUMA failure, all vague and unverified due to ZUMA's secret nature. Was it SpaceX's fault? Are the rumours misdirection aimed at obscuring ZUMA's real nature and continued existence?

UK security chief: How 'bout a tax for tech firms that are 'uncooperative' on terror content?

James Ashton
Thumb Down

Just Like Cars

This is just like how they tax car companies for the costs of all the traffic cops. And, linking with the terror angle, I propose they up these special taxes on car companies now that the government has to pay for all those new bollards to stop terrorists mowing down pedestrians.

Boffins craft perfect 'head generator' to beat facial recognition

James Ashton
Big Brother

Great for Passport Photos

I wonder how long it will be before the government makes it illegal to use a tool like this on your passport photos. They probably think it is already but catching people at it and successfully prosecuting them is going to be challenging.

DNS resolver will check requests against IBM threat database

James Ashton
Big Brother

'Quad9 won't “store, correlate, or otherwise leverage” personal information.'

And if the above is a lie our legal recourse is what? It's a free service so no contract exists. And I assume it's legal for police in the UK to lie to encourage people to incriminate themselves, the same as elsewhere in the world. I think there's going to be a large overlap between the likely users of such a service and the tinfoil hat brigade who won't be touching it with a barge pole.

DJI bug bounty NDA is 'not signable', say irate infosec researchers

James Ashton

Re: Why not post a copy of the NDA?

How do you know the NDA isn't itself protected by copyright, or have you seen it, in which case, why not post a copy? There's a good chance that DJI only sends out the NDA to people who apply and there's nothing to stop them controlling distribution using copyright law.

If your websites use WordPress, put down that coffee and upgrade to 4.8.3. Thank us later

James Ashton

Re: It's better than Windows

The 4.7.7 update is just exactly the same patch as the 4.8.3 patch. WordPress appears to apply security patches to older versions going back a long way, which is nice. Updating from a 4.7 to a 4.8 release is not necessary for security reasons and will probably change the way your site looks, or even break it if you use customisations or plug-ins.

Best practice would be to have a test site to try any upgrade first, before upgrading your production site. I usually just risk it and allow auto-updates for patches that only increment the third part of the version number but changes in the second number are too dangerous to skip testing if your site is commercial.

Call the doctor! WDC's new 14TB spinner has shingled write scheme

James Ashton

Re: What I'm stuck on is how data can overlap! Crazytown!!

The heads can read a narrow track but only write a broad track. So the writing partly overlaps within a "zone". Reading is as before but, if you want to write a track, you have to write all the overlapping tracks.

Obviously, don't use these in a write-intensive and/or random-IO environment. They're ideal for things like steaming video where it's almost all read-only, and the writes are huge files, i.e., mostly sequential.

Commonwealth Bank: Buggy software made us miss money laundering

James Ashton

Mistakes = Liability

I'm pretty sure that if the bank made a mistake whereby it lost $1T of funds it would be on the hook and the old "computer error" defence would not stop them being bankrupted. Also, I'd be very surprised if AUSTRAC needs to demonstrate criminal intent to nail the bank; incompetence alone should be enough.

Disney mulls Mickey Mouse magic material to thwart pirates' 3D scans

James Ashton

Photocopier Déjà Vu

Remember when they had stuff they really didn't want you to photocopy they'd print it in black on red or something? Because colour copiers and even scanners were not generally available. This 3D printing DRM seems about as stupid as that. It may annoy a few people at home trying to make a copy or two for their own use. It will have zero impact on the serious counterfeiters who know what they're doing and who will trivially work around this.

More to the point, as far as I can see the wide availability of cheap photocopiers has still not killed off the printing industry; ebooks are having more of an impact. The nearest equivalent for toys I can think of is VR headsets so maybe Disney should be concentrating on VR games featuring their characters. Kingdom Hearts III VR anyone?

UK surveillance law raises concerns security researchers could be 'deputised' by the state

James Ashton

Re: I see your warrant, GCHQ,

"Anti-slavery legislation might trum [sic] warrant. It could be an interesting situation."

Anti-slavery legislation is just legislation, open to being overridden by subsequent legislation. We're not talking about the US where they have an anti-slavery clause in their constitution which will trump (with a small "t") any legislation.

James Ashton
Big Brother

Re: Warrant Canaries

"I expect to see a lot of researchers putting up warrant canaries if this ever happens."

This is not a problem for the government. Australia has already outlawed warrant canaries for some situations. If your legal system allows the government to outlaw revealing the existence of warrants then outlawing the revealing of the non-existence of warrants is but a short step.

"And what happens if they are asked a direct question about vulnerabilities? Are they legally required to lie? Even knowing that people will suffer loss due to their false reassurance?"

You don't have to lie; "I can't answer that for legal reasons" would probably be a legal response. If further asked what those legal reasons were then "I can't answer that for legal reasons" is, again, going to get the job done. It's going to convey much the same kind of impression as the phrase "helping the police with their enquiries".

Dell BIOS update borks PCs

James Ashton

Ding Dong Dell

Seems more apt than usual at this time.

TVs are now tablet computers without a touchscreen

James Ashton

Hardware Acceleration Required

Updating the software won't help. Decoding H.264 in software for even Full HD content, much less 4K, will be beyond the ability of any Android CPU. Going up to H.265 (HEVC) will be worse. Unless the graphics chip can provide hardware acceleration for a new codec (not going to happen) then you can forget decoding on that system. The sad reality is that forwards compatibility isn't worth attempting.

The move to increase the bit-depth (per channel) to 10 in the 4K H.265 standard is another example of why forwards compatibility won't work. Even if the processing unit could decode the video, there would be no way to display the 10-bit colour-depth on an old 8-bit display.

US military's latest toy set: Record-breaking laser death star, er, truck

James Ashton

Re: Still not seeing this

Making targets reflective is surprisingly ineffective against lasers. Only a small amount of heating starts to darken the surface and then it's all over.

Germany, France lobby hard for terror-busting encryption backdoors – Europe seems to agree

James Ashton
Big Brother

Make the Government Use It

Ask the government to encrypt government documents using only the same cryptography that has been used to backdoor everyone else's documents. Ask them why they're not comfortable publishing encrypted versions of, say, the minutes of recent cabinet meetings.

Alert! The dastardly Dutch are sailing a 90-ship fleet at Blighty

James Ashton

Commemorate the Bombardment of Flushing

If the Dutch get too out of hand after sailing from Vlissingen, seems like an appropriate response would be some kind of return visit a few weeks later to celebrate the 208th anniversary of the bombardment and capture of the French port of Flushing. Surely they've got the mosquitoes under control there by now.

Brit cops can keep millions of mugshots of innocent folks on file

James Ashton
Big Brother

Nobody Mention Backups

Surely this monster database is backed up to tape offsite securely, essentially forever. Explain to me how they can delete selected images from those backups. Thought not.

The Mail vs Wikipedia: They're more alike than they'd ever admit

James Ashton

Wikipedia's not dependent on "showbiz trivia"

"both depend heavily for their traffic on showbiz trivia"

Wikipedia lives on donations, not advertising; therefore they don't depend on page views for cash. I'm going to go out on a limb and suggest that their donations are not predominantly coming from people interested in "showbiz trivia".

Ransomware brutes smacked 1 in 3 NHS trusts last year

James Ashton

Evil: yes; Cretins: doubtful

It doesn't seem likely that these criminals are cretins; I doubt they'd spend their time with ransomware if it wasn't turning a profit. Some people must be paying up. Even it none of the NHS trusts are paying up, this just means that the evil ones could improve their targeting, assuming they have any, but it doesn't make them cretins.

HBO slaps takedown demand on 13-year-old girl's painting because it used 'Winter is coming'

James Ashton

DMCA or Trademark?

The talk of notices and counter-notices does sound like the DMCA is being used but this is claimed to be a trademark issue. My understanding is that the DMCA is for copyright only and not for other forms of intellectual property. As noted "Winter is Coming" is way too short to qualify for copyright protection.

Adobe Australia drops SaaS tax dodge

James Ashton

Re: Laughing all the way to the Bank

Yes, apparently all the "Big 4" Australian banks decided just a few months ago that anything looking like an international transaction, even if entirely involving Australia dollars, was worthy of a full 3% bank fee. Any clues on avoiding this rip-off would be appreciated. Apparently some "platinum" credit cards are immune but gold and below are fair game :-(. It's particularly annoying because it's impossible to tell in advance whether international vendors like Adobe will generate the charge or not.

Australian government urges holidaymakers to kill two-factor auth

James Ashton

Bean Counting?

Could this be some kind of attack of the bean counters? Maybe their SMS gateway costs them more to send messages overseas. Also, they (and other sites that do 2FA via SMS) seem to have some kind of priority deal since the SMSes always arrive very promptly. I wouldn't be surprised if message validity expires before they are delivered overseas in some cases. Still, it's a stupid move to rate convenience over security.

Oz Defence Dept 'not punitive' with crypto export controls

James Ashton

Crypography of Mass Destruction?

'nor will those who publish crypto software, with the exception of when the technology applies to "weapons of mass destruction" '

How can cryptography apply specifically to weapons of mass destruction? If I publish general-purpose cryptographic software and a third party uses it to massively destroy stuff, am I on the hook? If not, what's the point of trying to control this stuff? If so, Defence's "not punitive" claims aren't very credible.

Export control laws force student to censor infosec research

James Ashton

Well don't export it then

Why not just simply not export the research? Print copies, hand electronic copies to the examiners, but do not publish it online. Now you haven't exported it; problem solved. Surely exporting is not a requirement for the research to count towards assessment, or are some of the examiners overseas?

Now, if someone else maliciously (or this a strict liability law, no mens rea required?) exports it afterwards I can't see how it's your problem (or the university's, unless the other party was also part of the university). Does the law require this type of research to be kept secret or just not be exported? Is it an offence to recklessly or negligently reveal munitions research which might then be exported by others?

VPNs are so insecure you might as well wear a KICK ME sign

James Ashton

Re: Hide My Ass

What's the good of hiding your IPv4 ass when it leaves your IPv6 bollocks exposed?

Wheely, wheely mad: Petrolheads fume over buggy Formula One app

James Ashton

Re: Laws of physics aren't suspended for F1...

"Presuming the cars are tracked via GPS the car has to get its position"

You'd like to think that. I paid the more reasonable cost for the app last year and quickly concluded that the car position was probably being guessed ("interpolated" if you want to be generous) from just the three detection points they have around each circuit (at the end of each "sector"). The app was garbage that frequently showed up nonsensical information. It was marginally useful in seeing how non-front-running cars were doing, and during the ad breaks, but the bad experience made mine an easy decision when they drastically upped the price for this year. Now I'm feeling smug about this story.

Back to the GPS concept: if the cars do have GPS, and it would be so easy, cheap and useful that they probably do, then the telemetry is going to the teams, not to the F1 organisers. The teams get the timing data from the organisers and not the other way around.

Virtual reality pr0n on the Rift? 'Why not?' says Oculus founder

James Ashton
Thumb Up

Re: What a coincidence...

Nominative determinism in action.

Swedish Supreme Court keeps AssangeTM in Little Ecuador

James Ashton

Statute of Limitations

I understand that there's a clock ticking in Sweden so Assange doesn't have long to wait to forget about that mess due to a statue of limitations on his alleged crimes. His real problem will remain in the UK where he's clearly skipped bail.

Australia mulls dumping the .com from .com.au – so you can bake URLs like chocolate.gate.au

James Ashton

Re: Dot Oz?

Long ago, like in the 80s, there was ".oz" for Australia but it didn't survive the move to use the international standard for two-letter country codes so we changed, with a brief transition via ".oz.au". Only ".uk" seems to have managed to break the rules in that respect.

The content business wants Netflix out of Australia

James Ashton

Re: Sony/Netflix contract

> As media transitions to digital

"As"! It's happened. I've been to plenty of Australian cinema venues in the last year and they've all been purely digital so my guess is that at least 90% of cinemas receive their films from the courier on 3.5" hard disks. Cost of the hardware is going to be around $100. Gone are the days of celluloid and silver.

The only reasons for staggering releases now are things like alignment with varying holiday dates in different countries. In fact there must be an incentive to align releases since surely people are less likely to go if they've already heard spoilers.

Mozilla piles on China's SSL cert overlord: We don't trust you either

James Ashton

Beware of the Man in the Middle (Kingdom)

I'd much rather have an adhoc system of someone publishing what hash THEY see for Facebook, and what I see for Facebook and then if they match I have a semblance of security.

How are these published hashes going to reach you? Over the Internet? So the man in the middle is just going to intercept your request for these hashes and replace them with hashes for their bogus certs. In China in particular, the government controls your Internet connexion so this would be trivial for them. You could try downloading the hashes over SSL but, whoops, chicken meets egg. What you're suggesting is just an alternative or secondary system of trust that's really no different from what we have already.

Metadata laws pass so it's time to STOP READING LISTICLES

James Ashton
Thumb Up

Spam the database

"I wonder if enough people ran a background process that randomly walked the web with their spare bandwidth"

This seems too heavy-weight. If they have to record every IP number we communicate with, why not just ping IP numbers randomly. You could do this at a fairly high rate before it impacted your performance or traffic costs but it would hit their database fairly hard.

Australia's social media censorship law – for the children - all-but passes

James Ashton

Re: Canute Syndrome

If you seriously think that a company that takes as many advertising dollars for Australian consumers as, for example, Facebook doesn't have a business presence here well ... Trust me, the Australian government would be able to extract the fines if it comes to that. See: https://www.facebook.com/FacebookAU/info?tab=page_info

Cisco simplifies software licences, by selling them under three programs

James Ashton


There's only one, yet there are three. Last time someone tried to deal with a paradox of this kind they came up with the catchy chant "the Father, the Son and the Holy Spirit". Amusingly this time it's "the Access, the WAN and the Data Centre" which has exactly the same rhythm. No, I don't want to hear any Latin.

Apple v Ericsson: Yet ANOTHER patent war bubbles over

James Ashton

Accented Letters in IOS

If you want accented letters in IOS, just hold down the relevant letter key and all the accented options will pop up.

Australia's Akamai ranking has nothing to do with the NBN

James Ashton

Re: I just want 5mbs, relaiably

Your ISP service is not good so Akamai's stats are wrong?


Biting the hand that feeds IT © 1998–2019