* Posts by Graham Cobb

377 posts • joined 13 May 2009

Page:

Google kills off domain fronting – and so secure comms just got tougher

Graham Cobb

Re: Unsupported feature is unsupported

YES the privacy aspect was a bit of a sore spot, but the WAY that privacy was caused (by sending traffic to a different domain) was a problem.

NO, it was NOT a problem and is not a security flaw.

At no time does a user, app or web server end up confused about what site they are accessing -- all the secure steps (https, certificates, etc) use the correct host names. The hack just means that people spying on the unencrypted initial steps of the connection set up see a different, uncontroversial, host name.

I think it is a shame that Google have stopped it working. I suspect that if they really wanted to, they could actually offer this as a (paid for) feature for sites which want to be accessible without their users revealing that they are contacting it.

2
0

Facebook previews GDPR privacy tools and, yep, it's the same old BS

Graham Cobb

Re: "an opportunity to invest even more heavily in privacy."

I now have DuckDuckGo

I have now moved on to Searx (https://en.wikipedia.org/wiki/Searx). It finds more stuff than DDG (DDG is one of the engines it uses), although the tradeoff is that it really isn't so good at ordering the results. And you have to pick an instance to use (or run one yourself).

2
0

Facebook faces foe formation in facial fingering fight

Graham Cobb

Re: Seems like a direct correlation...

The obvious flip side is that any clever tech to help FB identify me and track me for cool reasons allows them to identify and track me for nefarious reasons... or for others to do so if FB deliberately or accidentally exposes this data.

Neither of those are the reasons this law exists. The reason this law exists is that the obvious flip side is that other people may have different things going on in their lives and for them the capability is not "bloody cool" it is "bloody scary" or maybe even "life threatening".

Bloody millennials ...I bet you think this song is about you...

6
1

Europe wants cloud giants to cough up data from anywhere in 6hrs

Graham Cobb

Re: Warrants

If warrants really are too slow (hint: I don't believe they are), surely the best answer is to impose the warrant requirement for secrecy: the Order is automatically disclosed to (all of the) victim(s) after12 hours, unless a warrant is received specifying a limited time (no more than 1 year, but renewable) during which the Order is not to be disclosed to the victims.

Seems reasonably fair and proportionate, and allows for "emergency" actions.

Of course, once the Order has been disclosed, it must be challengeable in court by the victim, with compensation for Orders found to be unfair or disproportionate (as well as mechanisms to force procedural changes and/or remedial training).

And, of course, "maximum sentence 3 years" does not represent serious crimes: 10 years max sentence seems a more reasonable measure. But I assume that term is really there for a future "compromise negotiation" with MEPs who pretend to care about civil liberties.

1
0

Google lobbies hard to derail new US privacy laws – using dodgy stats

Graham Cobb

Re: An arrest is not a conviction

The demand is to make the report, presumably a true one in most cases, harder to find.

Yes. Exactly right.

It is easy for those of us with a logical, IT approach to think that the law is like programming: a set of rules. It isn't. It is about goals and outcomes and justice and proportionality. And the just outcome changes over time.

That is particularly hard in RTBF cases.

There is a strong public interest in being allowed to quickly report arrests and charges: it can cause other evidence to turn up, it can protect or warn local people, it can comfort victims, etc. A rule preventing reporting until the case is proven would not be a good thing. On the other hand, everyone knows that "suspect acquitted" is never going to be as big a news item. That is the balance we live with as reasonably proportionate.

On the other hand, years later the public interest is different. The original reports in "Backwater Daily Journal" are not the ones that matter -- the ones that matter are the ones Google returns. Unless systems become smart enough to make sure that acquittals mean that all arrest reports are no longer visible (and spent convictions hide the original convictions where that concept exists) then the best compromise is to make sure the search engines delete the information. That is the proportionate thing to do.

The law isn't a machine: it is a series of compromises to try to work in the way society wishes in as many cases as possible.

1
0

Did the FBI engineer its iPhone encryption court showdown with Apple to force a precedent? Yes and no, say DoJ auditors

Graham Cobb

Re: No right to conceal information

The Constitution protects against unreasonable search and this is certainly not unreasonable.

But the Constitution failed to be applied for many years (see Snowden). US spooks and law enforcement trampled all over both the Constitution and international human rights. The people will not grant them anything near those powers again for at least a generation.

If you (FBI & CEO) can't do the time (without intrusive powers), don't do the crime (violating the Constitution and international law). Come back when you can demonstrate some trust.

A good first step would be shutting up about the fake "going dark": they have much, much, much more data than a few years ago, including enough electronic capability to put a continuous automatic "tail" on every person at least as good as the tails that used to require teams of people just for one target. What would the founding fathers say about a police force that can track everyone in the whole country all the time?

16
0

Meet the open sorcerers who have vowed to make Facebook history

Graham Cobb

Re: Please just don't care enough

Mastadon/Diaspora/<thing> in a box

That is part of the idea behind Freedombox.org. The harder part, though, is a good way to market it -- to get people to connect to you at sufficient levels that Facebook are forced to allow integration with other systems.

The issue isn't really the protocols, it is achieving critical mass to make it necessary for the walled gardens to open up and interoperate.

Maybe the current hassle facing Facebook will mean there could be actual political action this time to force them to open up the monopoly. Remind me, how much do the silicon valley monopolists contribute to political parties each year?

6
0

Transport for New South Wales told to stop tracking oldies, students

Graham Cobb

Re: as it should be

The gold & student cards are registered so that a name comes up & that name can be checked against the concession card.

Why should that be? I can see that the ticket inspector might ask for evidence that the person is eligible for the concession (just like they might when inspecting a single use concession ticket) but what has a name got to do with it?

Particularly as non-concession cards do not need names (so a restriction on transferability can't be the issue).

3
0

Your entire ID is worth £820 to crooks on dark web black market

Graham Cobb

What are these guys selling?

Our research is a stark reminder of just how easy it is to get hold of personal info on the dark web and the sheer variety of routes that fraudsters can take to get hold of your money.

No, it isn't a reminder of either of these things.

There is no evidence shown that the personal info is actually valid, and is for someone who is a valuable catch. And the quantity of information available is tiny compared to the population. The real killer is the apparently very low prices: if buying someone's ID would allow me to "get hold of their money" I would presumably be willing to pay more than a few pounds for it.

What it is a reminder of is how relatively useless personal info on the dark web is and how effective fraud protections are.

So what are these people trying to sell with this scare story?

3
0

'A sledgehammer to crack a nut': Charities slam UK voter ID trials

Graham Cobb

The only people that are worried about having to show ID are those that are up to no good and are looking to fraudulently affect the result of the vote.

No, the ones who are up to no good and looking to fraudulently affect the result of the vote are either supporting, or ignoring this. They use other, much more reliable, techniques such as postal voting fraud, pushing for internet voting and voting machines or just rewriting constituency boundaries.

The only people worried about having to show ID are those that have principles. They all have ID but recognise that that is no business of the returning officer as having ID is not part of the suffrage qualification.

1
0
Graham Cobb

Or you just choose a lifestyle that does not include those things. There is no law saying you have to travel or pay bills, or even socialise with other people, to have the right to vote.

8
0
Graham Cobb

Re: It's almost as though...

Then some bright spark went and actually *interviewed* the very people that were being used as part of that argument against requiring ID and all of them said they had no problem with it, in fact most of them welcomed it.

Citation please. I would like to examine how the study discovered the people to interview. As far as I know, the people who do not have ID are unlikely to be easy to find and would be very interested to learn how the researchers managed that.

Just because there may be disproportionate numbers of some ethnic groups within the group of people without ID does not mean that anyone is suggesting that most (or even many) of the members of those ethnic groups do not have ID.

The problem is that the suffrage is supposed to be universal: not restricted by money, belongings, lifestyle, habits, priorities or beliefs.

And this is addressing a NON-EXISTENT PROBLEM! So, there must be some other explanation.

9
2

Euro Commission gives tech firms an hour to take down terror content

Graham Cobb

There needs to be a balance

If there is going to be pressure (fines, or political threats) on platforms to remove illegal content, there have to be equal threats to them if they remove legal content. Otherwise, as the commission appear to acknowledge, the obvious impact (remove anything when there is any doubt at all) will happen.

Platforms should only be removing illegal content. So, if content is removed there should be a right to challenge the removal in a court. If the court determines it was illegal then you get hit with a significant fine paid to the platform for posting it. On the other hand, if it was not, the platform gets hit with a significant fine paid to the submitter for removing it when it was not illegal.

Make the two fines high enough and the system will not be overloaded. Although only rich people will be able to afford to take the risk involved in the challenge, it will at least give the platforms a business reason to invest in properly functioning determination processes, which should feed down to all of us.

Some may argue that as private companies, platforms must be able to remove anything they want to. I say that when acting as an arm of the government (under the sorts of threats made in this paper) they lose that right and have to accept any and all legal postings.

2
2

Google: Class search results as journalism so we can dodge Right To Be Forgotten

Graham Cobb

Re: This is the precise problem with this right...

All possibly true. But an argument to be made to your MP to get them to change the law. As it stands, parliament has decided that the public interest is better served by helping offenders to walk away from their past than it is in allowing us to know about it.

The points are irrelevant to this case, which should be about whether that law applies as much to Google as it does to everyone else.

7
0
Graham Cobb

Re: "its in the public interest to know of old business fraud"

My understanding is that if I am thinking of doing business with someone (or hiring them) and I pay someone to research them (could be a credit reference agency or a private detective) it would be illegal for that report to include any spent convictions. Whether that should be the case or not, that is the law, I believe.

If that is the law, then it should apply equally well to the dossier which Google produces when I enter a name. Otherwise the law is both unfairly preventing the research companies from competing against Google, and it is unfairly exposing spent convictions which parliament decided should be illegal.

So, no. It is a thorny issue but parliament decided that the public interest in rehabilitating prisoners outweighs the public interest to know of old business fraud. You can argue to change the law but, whatever it is, Google should be subject to it.

6
0

Voice assistants are always listening. So why won't they call police if they hear a crime?

Graham Cobb

Irony

I am disappointed that almost all the commentards here have missed the irony in the article. It is actually really quite thought-provoking.

Of course we are told that the devices are just listening for their wake-up keywords. And some of them probably are. But we have no way of knowing what undocumented wake up keywords are built in, or whether there are any other circumstances in which they will start to record, send and process audio.

There have been various rumours of Google, Amazon and Smart TVs listening in for shopping-related terms in order to target advertising. And if they aren't doing that today, they certainly will be just as soon as they can get good enough local processing (which won't be hard in mains-powered devices).

The article raises the question: if they are going to do that for their own commercial ends why wouldn't we require them to also do similar things for social good reasons? Good question.

It also highlights the fact that if that question is asked, the manufacturers will push back very hard because the last thing they want is for us to be reminded that they are listening all the time and could be processing anything we say. They either will want to make a virtue of not being advertising-driven (Apple) or they need us to forget all about them being there and being unguarded in what we say (everyone else).

And, of course, that is without even getting into the surveillance issues.

Good, thought-provoking article. Pity that we don't teach irony any more and people started discussing how a device would decide automatically whether to call the police (particularly as the answer is obvious: do what a human would do, ask "are you all right?").

0
2

US state legal supremos show lots of love for proposed CLOUD Act (a law to snoop on citizens' info stored abroad)

Graham Cobb

Re: Rapid legislation is never a good idea

Not only is it rapid, it is supported by Theresa May!

I am just waiting to see her insistence that the "bilateral agreement" between the US and UK for this is fair, symmetrical and based on human rights.

11
0
Graham Cobb

Re: Wow.... just... wow!

I would also expect such co-hosting situations, like the T-Systems owned and run Azure/Office365 installations in Magdeburg and Frankfurt, where Microsoft have no administrative or physical access to the servers, to mean that the CLOUD act would have no affect on the data held in those facilities.

I don't share your optimism. It will surely apply to any case where the US company has any access to the data at all, whether through its own employees or through contractual arrangements with third parties. It is nothing to do with ownership, or even control, of the servers.

Are you really sure there is nothing in the contract between T-Systems and Microsoft allowing Microsoft to access any customer data?

8
2

Australia joins the 'decrypt it or we'll legislate' club

Graham Cobb

Re: Sauce for the goose...

One of the problems with the whole debate is that Americans generally loathe and distrust their own government in a way that all other civilised societies don't.

Oh, how soon we forget.

I realise you are probably a Millennial, but my parents actually fought in WWII, and actually knew people who had been in concentration camps. Even I lived through a period where I expected nuclear destruction imminently.

I know why human rights such as the right to free speech, the right to free association and the right to privacy are critical to any functioning democracy.

Please read history. And, when you are holidaying in Germany please visit a Stasi museum.

16
0
Graham Cobb

It is important that we hold their chosen electricity company responsible when they use electric lights to plan unlawful activity.

As for the manufacturers of the vans used to deliberately run people down -- they are obviously accessories to the crime.

4
0

Opportunity knocked? Rover survives Martian winter, may not survive budget cuts

Graham Cobb

Robot manufacturing

As I am no expert on space (but very interested, ever since I read the Radio Times double page spread on how Apollo 8 would go around the moon, and watched the moon landing on TV), can someone who is, explain to me why we do not seem to be working on any projects to (learn how to) build autonomous manufacturing facilities somewhere convenient (as high up the gravity well as we can)?

It seems that sending squishies out for significant exploration is probably (i) very hard and (ii) very wasteful. So we need to send more unmanned devices. Surely some of the ones we should be concentrating on are those which would provide assembly facilities for others? Automated factories, if you will.

I don't know whether the best place to build stuff is on the moon (convenient for holding things still, maybe source for some material?), in moon orbit (not too hard to get to, reasonably stable and could be linked to static facilities on the surface if there is any advantage), geosynchronous orbit (convenient for comms but not sure it has any other advantage), low earth orbit (easiest to get to, could even be manned, but there is still significant gravity well to escape for whatever gets built), some Lagrange point?

Of course there are many hard problems to solve. But aren't these the sorts of problems we need to solve if we are to explore the solar system? They seem much more solvable and much more useful than just sending a tiny number of people to walk around briefly.

What am I missing?

9
1

Here we go again... UK Prime Minister urges nerds to come up with magic crypto backdoors

Graham Cobb

Re: Licensing of Operators

Except that the bad guys (terrorist groups, mafia, etc) have no need of collecting revenues for the service. So, they don't need a licence.

So, as always, the proposed restrictions just prevent safety for good guys and leave the bad guys untouched.

3
0
Graham Cobb

Re: Metadata

Bitmessage had some of those attributes. Its big downside was that it didn't scale as it effectively broadcast every message to every recipient as it has no idea who the destination was (if you could decrypt the message you must be the intended recipient).

I don't know if the bitmessage network is still running. It was an interesting experiment.

3
0
Graham Cobb

And I still don't know if I've forgiven the LibDems for this yet

For what? For killing off ID cards? Both Labour and the Conservatives were in favour of ID Cards but the Lib Dems killed it by making it a condition of supporting a coalition.

It is a shame they weren't able to get both that and no tuition fees as conditions but I think they made the correct choice. I realise others may disagree.

It is a shame that people chose to punish them for not achieving the impossible (killing both) and so have left us with this intolerable unrestrained Conservative government instead.

5
0

Blockheads changing company names to surf crypto wave get a warning from the SEC

Graham Cobb

Re: A bit like job ads with 5 years experience wanted of a 2 year old technology

Er, no. You may want to re-read the paragraph. All the early adopter needs to do is not "immediately offer securities, without providing adequate disclosure to Main Street investors about those changes and the risks involved".

All he is saying is... if you aren't an expert, and you decide to cash-in for some publicity, then you can't go fooling inexperienced investors.

3
0

The Reg visits London Met Police's digital and electronics forensics labs

Graham Cobb

Re: A question for all my fellow (and fellowess) El-Reg readers.

Three main reasons:

1. The inaccuracy problem and the fact that a hard-working and over-stretched officer is likely to attach too much weight to either a match or a rejection. Particularly as it may have the effect of meaning someone has to "prove they are innocent" instead of the other way around.

2. The massive increase in trackability. It becomes much too easy for a lazy (or over-worked) officer to assume that someone who has come to their notice (even if not convicted of any offence) is likely to offend and so should be tracked and watched. So, for example, someone stopped, questioned and free to go at a demonstration may find they are noted by an automatic system every time they appear on any camera and even prevented from accessing future demonstrations (in the interest of keeping out so-called troublemakers). This has already been a real and documented problem with vehicles (see the "John Catt extremism" case and also the Witney Cat Farm). Treating someone as a suspect before they have committed any crime is not how policing is done in a free society.

3. The general principle: one determining feature of UK society is that you are free to go about your business without explaining or identifying yourself, carrying any identification or even staying limited to one identity, as long as you are not committing a crime. In the 1960's there was a real danger of nuclear war and, as a small child, I was frightened by this. My parents didn't try to tell me not to worry, or that they would keep me safe, they explained why we would fight against communism, whatever the cost. The example they used was that communist police stopped people on the streets and demanded to see their papers: which would never happen in a free society.

14
0

Good lord, Kodak's stock is up 120 per cent. How? New film? Oh. It launched a crypto-coin

Graham Cobb

Re: Forget the Coin

an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way

Yes. The important parts are "open" and "distributed".

Closed and centralised ledgers recording transactions have been around since the invention of legal systems. The whole point of blockchain is to allow these ledgers to be open and decentralised. So, not owned by a particular company, or part of a particular service.

That is what 80% of these blockchain startup scams miss. It isn't an application for blockchain if the ledger is owned, controlled or operated by a single entity -- it is just an old fashioned business that wants to pretend to be something new to fool investors.

8
0

Woo-yay, Meltdown CPU fixes are here. Now, Spectre flaws will haunt tech industry for years

Graham Cobb

Re: 2020 vision

For Intel? You may apparently have missed out the step to "fund and recruit a team of managers and technical people with a clue", which may not happen quickly.

I am no lover of Intel (I have used AMD exclusively for many years because I believe it is important to support diversity) but I am absolutely certain that Intel have some of the very best managers and technical people in the CPU design business, and they also have strong links with excellent academics.

Of course, with hindsight, both Meltdown and Spectre expose "obvious" design faults but it has taken, what? thirty years? for these to come to light since speculative execution became a common design feature.

I am sure Intel have some of the world's best working on the various issues exposed: how to close the cache exfiltration side-channel specifically; careful review of all other (previously unnoticed) system state changes caused during speculative execution to find other side-channels before the world does; redesign of cache, branch-prediction, translation-buffer and other features to reduce the opportunities both for influence from one process/ring/core on another and to reduce their use as side channels for attacks; and a whole lot more which we (as not CPU designers) can't even think of.

My fear is not that Intel doesn't have clever-enough people to do this, but that they will do it in private and not share their results. As the industry leader, I hope they are willing to share their learnings with the industry.

10
0

Developers, developers, developers: How 'serverless' crowd dropped ops like it's hot

Graham Cobb

Re: Cloud, REST, HTTP, PHP, trendy NoSQL DB de-jour, blah blah, whatever...

If the new app can be built as small seperate RPCs (because thats all this really is) communicating via queues then its A) not realtime, B) inefficient C) become an unmanageable mess at any reasonable code size and far harder to debug than even the worst event driven program.

Complete rubbish. You have no idea what you are talking about.

Real-time, efficient, message-passing kernels have been around in embedded systems for over 30 years. Large real-time applications have been designed and built on them very successfully. I can tell you, from personal experience, that they are much more manageable and much easier to debug than integrated, event-drive programs.

Just the built-in, optional but always available, real-time message tracing makes it a breeze -- I never added a single debugging printf to a piece of professional code until I stopped using those environments! And the simulators we had which allowed us to simulate the message-passing kernel as a user process on a workstation with the full real services running and a full debugger attached allowed us to do easy debugging of complex kernel and driver-level code.

Of course, AWS Lambda is not a real-time, efficient, kernel for embedded systems. But the development process it enables is extremely powerful, friendly, efficient and already widely used. Only toy (or "enterprise") applications are built as monoliths.

5
1

European Commission intervenes in Microsoft Irish data centre spat

Graham Cobb

Re: I wish the European Commission luck in getting any US court to listen to it.

Clearly the US can make any laws it likes, US courts will enforce them, and US entities must follow them.

However, the result of the current laws are that US companies will be unable to do business in Europe (and maybe other parts of the world) due to conflicts of laws. This isn't the first time such laws have been made (for example, in 1977 the US passed a law preventing US companies complying with the Arab boycott of Israel, which impacted US companies' business in Arab countries). Usually these are then fudged. It is pleasing that in this case the DoJ has overplayed its hand and ended up likely to see a Supreme Court judgement supporting it but destroying the current fudge enabling US business in Europe.

I am guessing that as soon as the judgement is delivered, the real US powers (corporations) will call in the government and tell them to fix it.

4
0

Europe Commission thunders: Tech firms must do more to remove extremist content

Graham Cobb

On the contrary... I believe the platforms should have more protections: open debate and discussion are the answer, not censorship. The way to win is to win the hearts and minds: better education and understanding, less discrimination, better jobs and future, redirecting the energy and resentment from young people towards providing better lives for their community. Oh, and stopping feeding the foreign wars they feel compelled to support.

The war against terrorism is being won: terrorists are already reduced to running people over in vehicles. It will take a long time to win the war, because it requires turning around institutional problems, but it will be won by positive actions, not censorship. Think back to the Irish troubles and how long that took to resolve. It wasn't done by censorship.

7
0

London mayor: Self-driving cars? Not without jacked-up taxes, you don't!

Graham Cobb

Re: Missing the point.

I think this is the point. And I will be surprised if this isn't TfL's real main concern.

Driverless, electric cars will encourage people to not own them but use them like much-cheaper taxis. That will drive a lot of people away from much more efficient mass-transport (trains and even buses) to very inefficient (in terms of road space as well as other resources like energy) driverless cars with one occupant. Much more convenient, door-to-door, and no parking, insurance, capital, etc costs.

That will really screw up transport in London.

I think the only answer will end up being some form of congestion-based road-pricing (at very high rates in congested areas) for driverless cars. The tax revenues will be enormous but the personal freedom we all imagine that driverless cars will bring will be non-existent.

Presumably TfL aren't talking about this now because no one wants to point out that the automated cars emperor has no clothes. At least while there is money to be made from gullible investors.

1
0

For goodness sake, stop the plod using facial recog, London mayor told

Graham Cobb

Re: Of course the police dont want a national strategy

I am not particularly worried about crime. I am certainly not worried about terrorism -- terrorists reduced to running people over in vehicles and attacking with knives are no longer a serious threat to public safety.

I am worried, however, about political surveillance: surveillance of the people protecting my freedoms and way of life such as journalists, campaigning lawyers and even the many political activists I do not agree with. I need to be confident that the police are not returning to 1970's levels of involvement in politics.

Tracking, watching or recording people who are not already suspected of a crime (or their cars) interferes with our rights of free expression, assembly and political activity and must be illegal.

23
1

Anonymized location-tracking data proves anything but: Apps squeal on you like crazy

Graham Cobb

Re: Don't worry

To be fair, laws like this are important and do help with the many commercially-oriented concerns (most big consumer companies do not like to be caught out systematically breaking laws). So, this law is important to stop, for example, insurance companies de-anonymising data to drive health insurance premiums.

Of course, the law needs to be well-drafted, and include serious penalties for commercial infringement, while also protecting research. None of those apply in this case, unfortunately.

8
0

ATM fees shake-up may push Britain towards cashless society

Graham Cobb

It isn't just the government... I always pay by cash in supermarkets because I don't want the shop, or the card company, profiling me. Particularly if they are thinking of selling the data on ("this guy buys a lot of wine -- probably a good idea to put his health insurance premiums up").

When the shops & banks are willing to pay me for giving them useful data (I would require well over 1% cashback) I will consider using cards.

6
0
Graham Cobb

Re: Hang on a sec...

I suspect many of the ATMs round here (a rural area) do make a loss. They are mostly inside small shops and I suspect the shopkeepers tolerate a small loss in order to get the additional foot traffic (I have certainly gone to use the ATM and left having bought several things I hadn't planned). A really big problem with village shops is just getting volume of traffic so they can sell stuff before it hits end-of-life. This is the same reason some are still willing to have Post Office functions -- not to make money but to get people into the shop.

Even a small reduction in charges probably will cause several of those to disappear as the shopkeeper decides they can't afford the fractionally higher loss on already very small profits. Which is a shame as in these cases they really do provide an important service, often offering the only ATM in a village.

3
0

UK financial regulator confirms it is probing Equifax mega-breach

Graham Cobb

Re: What Exactly Was The Breach ???

As I said in an earlier thread, it is time we forced the credit reference agencies to clean up their act and severely limited their capabilities:

Reform should mean that data kept must be limited to a small number of permitted categories, all recent and personal (not hearsay or "linked"), with the sources clear, and limited to clear factual data which can be easily either confirmed or refuted and immediately fixed without the co-operation of the source.

Combine that with full control by the subject: full visibility not only of the data but history of all requests and responses (with future notifications if they wish) and full control over who may or may not make requests (able to be changed at any time).

Yes, this would mean credit checks would be less conservative, and there would be more bad debt. But the world won't end.

2
0

uBlock Origin ad-blocker knocked for blocking hack attack squawking

Graham Cobb

Re: disagree with Scott and Troy

I'm curious how your privacy is decreased by sending a CSP report, especially if that report is sent back to the same host.

I don't know. Possible issues may be discovering how I use GreaseMonkey, or DeCentralEyes.

But just because neither of us can work out how to abuse a new feature not widely in use at all yet, that does not give me any confidence that it cannot be abused. It hasn't been very long since no one realised that canvas was a privacy violation.

As a general principle, I do not permit anyone to receive anything except the most limited information. I don't use UBO (I have other tools) but certainly will not be permitting CSP reports to be sent to most sites. I might make a few exceptions if it seems particularly worthwhile for some site and I particularly trust them. Just like I make a few exceptions to allow some applications to report crashes.

2
0

Microsoft faces Dutch crunch over Windows 10 private data slurp

Graham Cobb

Re: Blaming North Korea?

So what happens when you need to open a very formatted MS Office documents.

Yes, the Microsoft Office software is good, if rather expensive. Particularly Outlook. I can certainly understand why medium-to-large businesses use it, and why it drives them to run Windows. Personally, I have MS Office running under PlayOnLinux for use when I absolutely need it, but I acknowledge that it took some effort.

Most consumers, however, do not need MS Office installed on their PC and are perfectly happy with LibreOffice and/or online tools. Small businesses have to make the choice: LibreOffice and Thunderbird (maybe combined with web-based tools) are probably fine for their needs. Unfortunately I think it is other tools (payroll, accounting, tax & HR software, SEO and marketing tools, photo & video processing, etc) plus cheap and easy support (local PC company) which drive them to use Windows.

8
2

UK Treasury Committee chairman calls on Equifax to answer for breach omnishambles

Graham Cobb

Regulation of credit references

The credit reference business needs some serious regulation. Yes, credit checks (for businesses and individuals) are important to keep our economy functioning but the processes and data behind that should be extremely heavily regulated (one level down from health data).

Reform should mean that data kept must be limited to a small number of permitted categories, all recent and personal (not hearsay or "linked"), with the sources clear, and limited to clear factual data which can be easily either confirmed or refuted and immediately fixed without the co-operation of the source. The data subjects must be able to see all data held on them, all requests made, and all analysis/reports made and the data subject must be able to put blocks on access to their data from certain sources or for certain types of requests (understanding that that might mean they are refused credit).

Yes, this would make credit reporting less useful -- with a higher risk of bad debt. But so be it -- the economy won't collapse over that. That should be the price paid by an industry which gets a free pass in terms of receiving, keeping, and processing, personal data without permission.

4
0

Seagate fires NASty volley of 12TB spinners with lifebelt for fried data

Graham Cobb

Re: Don't buy Seagate

On the other hand, I bought a Seagate 10TB IronWolf in July 2016, run continuously since, with well over 100TB of writes in that time and have had no problems with it at all. No reallocated sectors or uncorrectable errors at all. I am just replacing it with a 12TB drive and will move it to being a backup disk in my NAS.

I have several other Seagates with no problems with any. I don't believe they are any better, or any worse, than any other major manufacturer nowadays.

So, don't believe the anecdotes about one drive being more reliable than another. With current technology they all seem to be very close in reliability. Any drive can fail at any time; most will not fail until well after you have stopped using them; and no ordinary user will see any measurable difference between manufacturers.

2
0

Home Sec Amber Rudd: Yeah, I don't understand encryption. So what?

Graham Cobb

Who defines what is "terrorist material"? Government could decree any sites working on disrupting their plans are "terrorist material".

Or what happens when the government go all Spanish and decide that calls for Scottish independence are illegal?

Seriously, after this weekend, in a supposedly civilised, EU country with military levels of force against people expressing peaceful support of their elected representatives by just voting, I don't think the government have a leg to stand on when discussing supposedly anti-terrorist legislation.

19
2

How Apple is taming the ad biz. Just don't expect Google or Zuck to follow

Graham Cobb

Re: Logical move for Apple

As it said, Google is not really affected.

That is only true if you visit Google at least once a day.

Sure, most people do visit the search engine once per day, although not everyone searches for something every day - plenty of people spend whole days in Facebook, WhatsApp, Twitter and Instagram. if you miss a day does Google lose the info about what you were doing that day?

More interestingly, some people have switched to another search engine. For example, I search using Startpage. I don't use Gmail so that means I almost never visit Google at all!

So, does this mean that those trying to make big advertising less effective should push really hard for people to search using Startpage or DuckDuckGo? If a significant number of people using Safari did that, would that make a noticeable dent in Google's advertising capabilities?

6
0

More are paying to stream music, but YouTube still holds the value gap

Graham Cobb

What has UGC got to do with streaming?

46 per cent of on-demand music streaming is from Google's video website

OK. But how much of that is from UGC vs. uploaded deliberately by the musician/copyright holder/agent?

This is a genuine question. I imagine that it is a tiny proportion. Is it actually a significant proportion? How much? Pointers to published data, please.

I realise I am not in the target demographic (I don't stream or pirate music -- I buy it), but the (very small amount of) music I stream from YouTube is to check out something a friend has recommended to see if I am interested in buying more of it. And I don't think it has ever been UGC -- it has always been a clearly authorised upload, exactly for that purpose. Why would YT pay anyone for that advertising?

Of course, I know that people post video captured from concerts but, again, surely that is a tiny part of the "on-demand music streaming".

2
0

What's that, Equifax? Most people expect to be notified of a breach within hours?

Graham Cobb

At the time that I started my IT career (1978), Music was quite a common degree for other entrants. Personally I did Maths. Very few of my peers did a specifically computing degree.

I seem to remember that at that time Music was the most common non-STEM (we didn't call it that then) degree for computing professionals.

0
0
Graham Cobb

Re: How?

Or, maybe, Equifax can tell them which of their customers might cause them grief (lawyers, politicians and other rich people) and so should be dealt with politely, helpfully and efficiently and which ones (everyone else) can be ignored or sent to a useless website,

A strategy I am assuming they are using themselves.

10
0

Bloke fesses up: I forged judge's signature to strip stuff from Google search

Graham Cobb

Digital signatures

So when will all documents signed by judges also be given a digital signature (with public keys available from the official court website)?

There is no need to go all techy and stop judges really signing real documents, but every court should also issue a digital version signed by the judge's (or, at least, the court official's) electronic signature.

Recipients could then trivially check for authenticity.

8
0

Whoosh, there it is: Toshiba bods say 14TB helium-filled disk is coming soon

Graham Cobb

I don't believe them

Two manufacturers announced 12TB He drives about New Year, saying they would be available mid-2017. Then 3-4 months ago they announced they were now available. Except they aren't. You can't buy them anywhere, that I can find.

A couple of suppliers have had them listed for a couple of months, but with no stock and no sign of when they will receive any stock. For the last month or so I have been checking major retailers and even comparison sites almost daily but no one has any available (even though the couple of sites that list them keep changing their prices slightly every day).

So, I don't believe these 14TB drives will be available by the end of the year.

1
0

15 'could it be aliens?' fast radio bursts observed in one night

Graham Cobb

Re: Bad news travel fast!

If only it hadn't taken them quite so long to charge up their 10 million trillion trillion joules the warning from their model of the end of the universe 3 billion years into their future might have arrived on time.

4
0

Page:

Forums

Biting the hand that feeds IT © 1998–2018