* Posts by Dan 55

8310 posts • joined 13 Jun 2009

Permissionless data slurping: Why Google's latest bombshell matters

Dan 55
Silver badge

Re: So, if I want the benefits of a smartphone, without the (opaque) slurping....

Plane/train ticket?

You run out of battery or the app updates and suddenly starts going wrong on your model or your phone gets stolen or something and you're screwed.

Paper ticket every time.

1
0
Dan 55
Silver badge

Re: You can accuse Oracle of many things but it isn't an ad-slinger...

Every company they sign a deal with means their data is added to their "Data Cloud". So if a company signs a deal with Oracle to prove that their TV ads work, Oracle joins the dots to people's credit card purchases (they did a deal with Visa last year).

Did anyone in the US give Oracle permission to slurp their CC usage and cable viewing habits?

I'm not defending Google, but Oracle certainly isn't going to make things great for the little people.

7
0
Dan 55
Silver badge

Re: "Google received the data....even if you didn't have a SIM card in your phone..."

In what way don't we know that the GCM/FCM client is buried in the Play Services binary blob?

0
0
Dan 55
Silver badge

Re: Are we surprised?

why are DVLA having to have an ad campaign to try and frighten road tax dodgers to go and pay their road duty?

As well as the inevitable number of people trying their luck, I think it's more a case of not having the expiry date stare you in the face every time you walk towards your car before getting in.

I guess the DVLA could do without the extra bureaucracy generated by fines and corrections. They dropped tax discs in their endless search for cuts and probably fired a few people too but I bet the workload generated by people's mistakes has gone up.

10
0
Dan 55
Silver badge

You can accuse Oracle of many things but it isn't an ad-slinger and has no interest in becoming one

That was true until recently...

Oracle Makes Another Major Data Move, Inking a TV Ad-Targeting Deal With Charter Communications

Oracle is quietly becoming the most intriguing company in advertising

16
1
Dan 55
Silver badge

Re: Are we surprised?

The CCTV cameras aren't joined together and operating to map your path across this Green and Pleasant Land.

ANPR.

37
0

Abolish the Telly Tax? Fat chance, say MPs at non-binding debate

Dan 55
Silver badge

Because it's a part of their penance for inflicting Boris Johnson on the nation week after week on HIGNFY.

1
1
Dan 55
Silver badge

Re: @ Dave Filesystem

So the ones who are willing to pay for the content they want to watch are losers? I agree. They also have to cough up for the BBC even if it provides nothing of interest to them and are of no benefit to them. In that way we certainly are losers.

Why do you claim that Sky subscribers don't watch the BBC? If some IoT virus were to go around which removed Freeview and Freesat channels from the their Sky box EPG, people might realise how little they're really getting for 60 quid or more.

6
1
Dan 55
Silver badge

Netflix bought the UK streaming rights to The Expanse which is not the same as making The Expanse. The Expanse was made by Syfy which is a subsidiary of NBC.

This template reply can be repeated for a load of other things that it is claimed Netflix make but don't, but not the terrible excrement that Netflix really do make that people somehow forget to mention.

2
0

To fix Intel's firmware fiasco, wait for Christmas Eve or 2018

Dan 55
Silver badge

Re: Who/What does the "secure" in Secure Boot refer to?

Secure Boot is in the UEFI which is another pile of festering exploits waiting to happen.

UEFI is in ring -2, ME is in ring -3. Both run while the OS is running and thinks it's in charge of things.

7
0
Dan 55
Silver badge

The PSP on an AMD Opteron is the same thing with a different name.

4
0
Dan 55
Silver badge

Re: Who/What does the "secure" in Secure Boot refer to?

Google are trying to remove it (or reduce it down to something harmless). They want the data, nobody else.

5
0

Wizarding World of Harry Potter awaits Microsoft Office exam winners

Dan 55
Silver badge
Coat

Re: Excel Eramus

No, it's Windowium Descendosa.

I.e. the Windows computer is down.

3
0
Dan 55
Silver badge

Re: The Dementors of Azkaban

And I thought the Dementors were Microsoft Licensing.

So what term should I be using? A Cerberus?

9
0

Stick to the script, kiddies: Some dos and don'ts for the workplace

Dan 55
Silver badge

Blocking e.g. github fixes the symptom, not the cause

In the absence of documentation, toolchains, process management, and central repositories, people will try anything they can find.

3
0

Wait, did Oracle tip off world to Google's creepy always-on location tracking in Android?

Dan 55
Silver badge

Re: So your mobile operator does this too

Well, they do where you are but that's not an excuse not to call out Google.

0
0
Dan 55
Silver badge
Facepalm

Re: Meanwhile in other news…

Google have nothing apart from your location... your Google account ID... all the data used by services associated to that account ID... and the other Google account IDs that are normally near you... Nothing personally identifiable at all.

7
0
Dan 55
Silver badge

Re: So your mobile operator does this too

I'd have thought it's a pretty obvious case of "Render unto the mobile network the things that are the mobile network's, and unto the OS manufacturer the things that are the OS manufacturer's".

9
1
Dan 55
Silver badge

Re: The Quartz report

But since we don't actually know the details, everything is just a random guess. We don't know if it's really part of google services. We don't know if it's a backdoor in AOSP. We don't know if it's hardware. The Quartz report reported no real information except for just trust us.

Firebase Cloud Messaging is the new name for Google Cloud Messaging. Most Android app notifications go through FCM (Android 8 tightens the noose even more with regards to Doze mode). The Play Services binary blob includes the FCM client. The FCM client uploads this stuff to Google. If you don't install gapps on a plain AOSP then notifications don't work because you simply don't have the client which talks to Google. It is known.

2
0

Budget 2017: How to make a downbeat forecast sound better. Say 'tech' a lot?

Dan 55
Silver badge
Flame

Re: Truly, truly shit.

And the additional £350m to see the NHS through the winter was also a politically chosen figure.

The worse things get, the more it seems to encourage them.

3
0

Microsoft's memory randomization security defense is a little busted in Windows 8, 10

Dan 55
Silver badge

You don't seem to know what you are talking about. Win32 is now fully supported on ARM by emulation. Microsoft have had Windows server running internally on Arm since 2014.

And you don't know what vapourware means, AC.

Unless I can buy it, it doesn't exist.

1
1
Dan 55
Silver badge

As with most bugs found in MS software lately, it's not a bug, it's a feature.

The reason for this is that EMET on Windows 7 enabled mandatory ASLR using a different setting versus what is now used on Windows 8 and above.

0
0
Dan 55
Silver badge

Windows has grown an Arm variant quite recently,

Yes, one that restricts the Win32 API and is trapped a range of hardware that is being neglected by MS. Didn't work for Surface RT and isn't working for Windows Phone.

When they come out with something that's more than vapourware perhaps we can say that Windows isn't trapped on Intel.

4
1
Dan 55
Silver badge
Meh

Which OS is stuck on x86?

6
2
Dan 55
Silver badge
FAIL

Can you set ACLs on individual fields in a text file?

You can't do that in the registry either. The finest grain thing you can set a permission on is a key. A text file in the user's home directory is the key. That has permissions and ACLs.

Or easily audit changes only to specific settings by specific users?

Only the current user should be able to change a setting in HKCU anyway. Are you saying it's good thing that any user can change stuff in another user's HKU or HKLM instead of an administrator?

Registry ACLs came along later to try and bring some degree of control to the registry free-for-all.

Or find a setting without having to parse the file?

You use a library dedicated to the task. In the Windows world I assume it's much better because you can use a magic unicorn to parse the registry?

That's a Windows 3.11 level legacy solution and Windows moved away from that type of rubbish text file solution for most OS configs a long time ago...

The registry was in Windows 3.

Of all the things you could choose to like about Windows, you chose the registry. It's monolithic, corruptible, binary, is not removed when the app is removed, and even MS would rather you used %APPDATA%. Now excuse me, there's a popup advert vying for my attention saying I need to run a registry cleaner.

21
2

Iranian military hacker fingered for 'Game of p0wns' HBO leak

Dan 55
Silver badge

Re: Forever?

It would look a bit stupid to try an nonagenarian ex-hacker for something like this, sixty years from now, would it?

It would, but then Mickey Mouse goes into the public domain in 2024 so the only way copyright law is going to go is more ridiculous.

3
0

'Gimme Gimme Gimme' Easter egg in man breaks automated tests at 00:30

Dan 55
Silver badge
Coat

Re: Aha!

Knowing me, knowing you. If this were Windows there'd be nothing we could do.

Ahaaa.

38
2

Once more unto the breach: El Reg has a go at crisis management

Dan 55
Silver badge
Devil

Re: Moral. Preparing for when, not if, this happens stop "headless chicken" syndrome.

But how many other companies will do it?

Not mine.

"Here's the phone, we'll call you if it goes wrong, welcome to on call."

5
0

Uber: Hackers stole 57m passengers, drivers' info. We also bribed the thieves $100k to STFU

Dan 55
Silver badge

Microsoft says Win 8/10's weak randomisation is 'working as intended'

Dan 55
Silver badge
Trollface

Re: Back in your box!

It's not a bug. It just doesn't do what it did before and what people expect it to do unless you furtle around somewhere in the biggest control panel of them all, the registry. This is works as designed. Nothing to see here, please disperse.

1
1
Dan 55
Silver badge

Re: Glad to be sticking with Win Vista

After you applied the platform update, Vista was basically Windows 7 with widgets.

6
2

As Google clamps down, 'Droid developer warns 'breaking day' is coming

Dan 55
Silver badge

How do you think GCM works?

IMAP IDLE also works in the same way as GCM, in both cases no data is sent down the connection until the server wants to notify the client. The radio could be idle with GCM and an IMAP IDLE connection established at the same time, until either server wants to send data.

6
0
Dan 55
Silver badge

IMAP IDLE won't work with Doze. The way Google want it done is some server backend which connects to the mailbox for you and notifies Play Services via GCM.

You can disable battery optimisations for K9 so it's allowed to keep the IMAP connection open, although on Android 8.0 (depends on phone) that might not work.

10
0

Arm Inside: Is Apple ready for the next big switch?

Dan 55
Silver badge

If they didn't care they wouldn't have made developers upload bitcode to their App Store.

You might need to wait a bit before Non-App Store apps and Steam games are available on the new machines though. I guess universal binaries will return for third party developers but Rosetta probably won't.

9
0

Intel finds critical holes in secret Management Engine hidden in tons of desktop, server chipsets

Dan 55
Silver badge

Re: Niche Market

If that's above your budget you could try a Beowulf cluster of Raspberry Pis.

0
0
Dan 55
Silver badge

Apple computers don't have AMT, as reported by this esteemed organ in May this year.

The hidden web server test (http://localhost:16992 or http://other.lan.ip:16992) fails on my Mac, whereas if you were to try that on e.g. a Dell Wintel aimed at business it'll probably work.

Not that the web server is the only way to exploit it.

0
1

Back to the Fuchsia: The next 10 years of Android

Dan 55
Silver badge

Re: anarchic, fragmented, insecure, with a user base that lags far behind the latest code.

Do Google really still patch all the way back to 4.4 even if they themselves restrict their own updates for their own devices to two years?

Here are some more devs having trouble finding security patch backports.

8
1

It was El Reg wot won it: Bing banishes bogus Brit bank banner ad

Dan 55
Silver badge

Re: What worries me

Edge's home page is a Bing search box in the middle of the page with the cursor blinking in it and an invisible address bar, herding people towards whatever ad is top.

I guess that's okay if there's actually some control over advertising, but there so obviously isn't.

6
0

DNS resolver 9.9.9.9 will check requests against IBM threat database

Dan 55
Silver badge

Re: IoT?

Spanish fibre routers usually don't allow you to modify DNS either.

1
0
Dan 55
Silver badge

Presumably it won't let the malware on compromised devices resolve their C&C server's address before phoning home. It'll return 127.0.0.1 or a honeypot or something.

So if this becomes popular malware will evolve by not using DNS and just using IP addresses.

But it's free. As they say, if a service is free then you're not the customer... Who's the customer?

8
5

User experience test tools: A privacy accident waiting to happen

Dan 55
Silver badge

Re: Javascript Exception-List - Why none in Firefox?

There is an image exception list in Tools > Page Info > Permissions.

JavaScript's permissions have been completely hidden. We can't allow Web 2.0 to be broken, can we?

SettingSanity works on Firefox ESR and brings the JavaScript and images settings back to the options screen.

2
0
Dan 55
Silver badge

Re: Designing software to create computer illiterates

I've often wondered why the design geniuses at Mozilla never thought to put a toggle switch in the settings which changes between basic and advanced views, like VLC or Kodi.

Never mind, I think I've answered my own question.

6
0

UK private sector joins public in... Escape from DXC Max

Dan 55
Silver badge

Re: "[Centrica's] CIO wanted to do something more cloud-based and sexier."

Better take it up with the author of the article then.

0
0
Dan 55
Silver badge
Facepalm

"[Centrica's] CIO wanted to do something more cloud-based and sexier."

Eh? How could a CIO even think that? They're both data centres, only I guess one's all for them and the other isn't.

DXC or Azure + HCL staff. Not much to choose between them, apart from the staff. I'd have gone with DXC.

4
1

Windows Update borks elderly printers in typical Patch Tuesday style

Dan 55
Silver badge

Re: KB2952664 - "Is it because Windows is a curate's egg?"

I'm feeling generous today.

7
0
Dan 55
Silver badge

Re: KB2952664

Why would it even try to mess with the printing subsystem?

Is it because Windows is a curate's egg?

Who the hell knows what affects what any more. Certainly not MS who put out the patches.

28
2

Inside Internet Archive: 10PB+ of storage in a church... oh, and a little fight to preserve truth

Dan 55
Silver badge

Re: distributed knowledge?

Doesn't ipfs.io do this?

Of course the danger with that is is that it's a start up so it's transient.

0
0

Does UK high street banks' crappy crypto actually matter?

Dan 55
Silver badge

The main website could use cyphers which cover everything and do any redirection with user agent detection but the online banking website could forego older cyphers.

(I didn't downvote.)

0
0
Dan 55
Silver badge

Banks may try to prove negligence by saying something like "the thief used your PIN therefore you told him or wrote it down in your wallet or it was obvious (your birthday)" and "you didn't use VbV or MSC when buying online". Why should using an ancient browser be any different?

4
1

The Quantum of Firefox: Why is this one unlike any other Firefox?

Dan 55
Silver badge

Re: The Quantum of Firefox

XUL was a great idea that was never fully realised. It allows you to create full-featured cross-platform local or remote GUIs that match the platform's native look. You can tell when apps have a Qt, GTK, or Swing look, but can't with XUL. Pretty much the holy grail of any Web 2.0 website, only not crap.

The reason why it was allowed to die is Mozilla never really got a community off the ground and then employees with XUL knowledge left so they couldn't maintain it themselves and decided to knock it on the head.

1
0

Forums

Biting the hand that feeds IT © 1998–2017