* Posts by PaulVD

58 posts • joined 28 Jul 2010


'A' is for ad money oddly gone missing: Probe finds middlemen siphon off half of online advertising spend


A special offer to advertisers

If I read the article's terminology right, I am on the demand side of the online advertising business.

So I have a deal for the advertisers: I will stop demanding ads if you will stop supplying them. Everybody happy now?

We're going on a vuln hunt. We're going catch a big one: Researchers find Windows bugs dominate – but fixes are fast


Re: Howabout a breakdown of OS vs Browser bugs maybe?

Preferred safe browser: Firefox + Noscript, with cookies discarded whenever I close the browser (which is several times a day).

And every now and then I turn off Noscript while visiting el Reg, and click on any ads that appear.

Oh ****... Sudo has a 'make anyone root' bug that needs to be patched – if you're unlucky enough to enable pwfeedback


It's okay - Lennart Poettering is on to it

A sudo replacement is the next feature to be added to systemd.

Are you getting it? Yes, armageddon it: Mass hysteria takes hold as the Windows 7 axe falls


Why are you being mean about my Win10 phone?

See title.

H0LiCOW: Cosmoboffins still have no idea why universe seems to be expanding more rapidly than expected


Re: Riddle me this:

The Hubble constant is the reciprocal of the age of the universe, about 1/(14,000,000,000 years). Since my height is rather less than 2m and my age about 70 years, over my lifetime the expansion of the universe has increased my height by about 2*70/14,000,000,000 m, that is 10^-8 m or 100 Angstroms.

Of course, local space-time is heavily distorted by all of the matter around me, so this calculation is only illustrative.

Kiwi tax probe squeezed $25m out of Microsoft – now it's Oracle's turn


Re: Alternative Minimum Tax

NZ has an interesting wrinkle, which is probably what gave the taxman leverage in these cases: if the authorities consider that a tax arrangement unduly lessens the tax otherwise payable, they can simply set it aside and work out the tax differently. In principle, this is a horrible idea, because it means that no one can really work out with any certainty what tax is due. But it means that people who try to be too clever by half are likely to wind up on the wrong side of a big bill.


Staff that work in NZ pay tax in NZ on their salaries, just like staff employed by any other firm. This issue is about how much tax the company that employs them should pay in NZ (instead of in other countries).

Bad news: 'Unblockable' web trackers emerge. Good news: Firefox with uBlock Origin can stop it. Chrome, not so much


Re: I'm forced to wonder

Firefox has had this for years. Options > Privacy & Security > Cookies and Site Data. Check "Delete Cookies and Site Data when Firefox is closed" then click "Manage Permissions" and note any sites that you want to "Allow" to retain cookies after you close Firefox.

You will no doubt need to clear all existing cookies to start fresh.

Voila! All functionality (logins, shopping baskets, whatever) works during a session. But when you close Firefox everything is gone unless you agreed to retain it. No distinction between first-party and third-party.

It does not solve every problem - you probably need NoScript to block fingerprinting, for example - but it consistently wipes out persistent cookies that you did not ask for.

Fairphone 3 stripped to the modular essentials: Glue? What glue?

Thumb Up

On my shopping list

For when Microsoft stops supporting my Windows phone in a few months (yes, that says what part of the market I occupy!)

Not so much for repairability, as for its ethical sourcing of materials and components.

Fix LibreOffice now to thwart silent macro viruses – and here's how to pwn those who haven't


Re: Defaults...

Ditto on Linux Mint 19 / LibreOffice 6.5.2. Logo is available as an extension, but not installed by default.

God DRAM you! Prices to slide more than 40% in 2019 because chip makers can't forecast


Re: Crystal ball

No doubt the number was truncated for publication: if the fall had been 20% in the first 173 days of the year (to 22 June), then extrapolating to the full 365 days would have given 42.1965% for the full year. But presenting a forecast to that much precision would have been silly.

Red flag: Verify to be marked 'undeliverable' by gov projects watchdog


I am already able to safely and securely access both private and public online services

I use a password manager.

SpaceX reveals chain of events that caused the unplanned disassembly of Crew Dragon capsule


That's why we do the test

To explore how the real world differs from our understanding of it.

(Icon shows test result in this case.)

I don't have to save my work, it's in The Cloud. But Microsoft really must fix this files issue


Re: I could train 1st line to be fluent in 'user'

Forget AI - what the world needs is Artificial Users.

Switchzilla rolls out Wi-Fi 6 kit: New access points, switch for a standard that hasn't officially arrived

Black Helicopters

The backdoor is not required by the standard, but is allowed in the implementation.

Northern Virginia cements spot as bit barn capital of the world with jigawatt capacity


Re: Jigawatts? Only for flux capacitors in DeLoreans. . . .

(1) "rare and archaic pronunciation of Gigawatt with a soft 'g' sound". Also such rare and archaic words as Giant, Giraffe, ....

(2) "Jigawatts are often referred to in Internet forums in order to make fun of someone's electrical knowledge." So that's why El Reg used the word, of course.

Aussies, Yanks may think they're big drinkers – but Brits easily booze them under the table


I call bullshit on these statistics

"... each additional chain outlet is associated with a 35.3 per cent increase in intentional injuries, including assaults, stabbing, or shooting ..."

Some years ago, New Zealand allowed wine and beer to be sold in supermarkets. There are several hundred supermarkets in New Zealand. Conservatively supposing that this increased the number of chain outlets by 200, then 1.353^200 means that intentional injuries must have increased by a factor of more than 10^26. I am sure we would have noticed even a much smaller increase in injuries (say a factor of 10^5, which would leave everyone in the country injured every day).

But when an alcohol academic can quote a frightening number in support of his wowserism, the fact that the number is nonsense is no consideration. After all, modern journalists can safely be assumed to be innumerate (always excepting our favourite Vultures, of course).

"Rum: Generically, fiery liquors that produce madness in total abstainers." Ambrose Bierce, The Devil's Dictionary.

Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs


There are 203 passwords in my password manager

Most of them unique, and many of them used maybe a couple of times a year.

No rules for password complexity, passphrases, or other similar solutions come close to dealing with the problem that I have to remember 203 of them, and I have to remember which memorable phrase was used for which site or account login. It ain't going to happen.

One of my banks supplies a dongle for two-factor authentication, and a few sites offer my phone as a second factor. But carrying round a keychain full of dongles is not going to happen either.

There is simply no alternative to a password manager.

Oz auditor: Number of times failed government biometric project met a milestone = None


So, how much is PwC going to be sued for in respect of their incompetence in working out the requirements?

Tens to be disappointed as Windows 10 Mobile death date set: Doomed phone OS won't see 2020


Actually, I still think the phone is quite nice. I will certainly keep using mine up to the end. Having previously owned a couple of slurp-phones Android devices, I am not looking forward either to returning to them or to paying the Apple tax.

IBM: Co-Op Insurance talking direct to coding subcontractor helped collapse of £55m IT revamp project


Agile waterfall

It is a new development methodology known as Agile Waterfall. This is also the technique adopted by people who go over Niagara Falls in a barrel, and the success rate is similar.

Google logins make JavaScript mandatory, Huawei China spy shock, Mac malware, Iran gets new Stuxnet, and more


If Google can prove it is human...

... then I will submit myself to its ReCaptcha test.

'He must be stopped': Missouri candidate's children tell voters he's basically an asshat


Re: It's Missouri

Sounds like a good precedent: maybe the Democrats could nominate a dead man (or woman!) as their next Presidential candidate.

Yes, Americans, you can break anti-piracy DRM if you want to repair some of your kit – US govt


Re: Status?

Go back and read the story. Congress delegated this specific power to this specific agency - to be exercised only once every 3 years.

Ex-UK comms minister's constituents plagued by wonky broadband over ... wireless radio link?


Spokesperson was telling the exact ruth

"We're sorry to hear about the issues with broadband in Fernham, and we'd like to reassure residents that we’re doing all we can to resolve the matter."

(1) We are indeed sorry to hear about this. We had hoped that nobody would tell us, so that we would not need to do anything about it. We are not, of course, sorry that there is a problem.

(2) We would like to reassure residents. However, we are not in a position to reassure them, because we are doing as little as possible.

HTC U12+: You said we should wait and review the retail product. Hate to break it to you, but...


Re: 40 Year Old Lesson?

"But the Chinese consumer industry is relatively young and so is going to recycle ideas that never made it to commercial production in the West,"

Except that HTC is from Taiwan, not China. I know, China says there is no difference; but when it comes to experience of consumers, there should be.

Windrush immigration papers scandal is a big fat GDPR fail for UK.gov



"their dog stumbles across the shredded Windrush documents blowing around in a skip somewhere."

What makes the author think they were shredded rather than just dumped? It would be consistent with the rest of the sorry mess if they were just dumped in the skips with the other construction rubble.

Cyber-coin crackdown continues: Commission charges couple crypto-currency company chiefs concerning 'conned' customers

Thumb Down

He always needs insurance against the loss from his calf dying (or he takes the risk himself). The hedging contract gives him insurance against changes in market prices, nothing else. If he hedged the risk with an option, he can walk away from it at no cost. If he took out a futures contract, then with no calf to sell he becomes a speculator: he pays out for the difference between the contracted price and the market price at the intended delivery date (and if that is in his favour he wins money back).

Security pros' advice to consumers: 'We dunno, try 152 things'


That's lousy advice too. I have 209 different passwords currently in my password manager. Even if I had 209 individually memorable passphrases, I am never going to remember which one belongs to The Register. Much safer to copy and paste "pYsuuRM-jr5q".

Linux kernel community tries to castrate GPL copyright troll


Re: Non-GPL feature

You don't want to use the GPL'd library? Be my guest - nobody forces you to use it. Write your own code for those functions, and you can do whatever you like.

But if you want to re-use code that somebody else has written to save you the cost and bother of re-doing all their work yourself (and doing it properly, which is often hard), then you do it on their terms. If they are fans of open source, their terms may include that you have to add your new product to the open source pile. Like it or lump it.

Or pay damages, of course.

Review pins blame for Medicare ID breach on you. All of you

Big Brother

Simple, except for a slight legacy issue

Withdraw all existing numbers, and issue everyone with a 256-bit code, unstructured except for a check digit or two. Record the new numbers as a QR code on a plastic id card, so that they can be read by standard handheld scanners.

Make it a criminal offence for anyone (including the Government) to store these numbers. Instead, require the number read to be salted with the organisation's name and then stored as a SHA-512 hash value only. The hashed value works just as well as the raw number as a key in the database records for the organisation.

Then (1) the numbers can be used freely within one organisation but records cannot be linked from one organisation to another; the authorities cannot correlate your tax records with your health data using this code. (2) Stolen hashes are of no value to anyone. (3) If a dump of stolen hashes comes to light, it is possible to identify with certainty the organisation whose security was at fault. (4) Banks or other organisations can use the identifier if they like, but cannot link data acquired from elsewhere to expand their knowledge about you.

From a consumer protection point of view, what's not to like? There is, of course, the slight problem that legacy databases will have to be restructured to use a different key. Also, it shifts power away from bureaucrats and corporations to consumers. Oh, that's a fatal disadvantage; it will never fly.

Has AI gone too far? DeepTingle turns El Reg news into terrible erotica


Re: so this is automated buzzword bingo ?

It was Richard Strauss. Google says that the story was "Art Work" by James Blish, in Science Fiction Stories 1956. I am not quite that old, so it must have been anthologized somewhere.

Far out: Dark matter bridges millions of light-years long spotted between galaxies


False false colours

Surely the colour should be black where the density of dark matter is greatest?

New Zealand puts the bite on Apple over taxes


Please use the right sheep

If you are running a story on New Zealand, and decide that you really need sheep to illustrate Apple's tax affairs, please source a stock picture showing Romneys or Correidales. And they should be on hillsides rather than in a European farmer's lane.

Other than that, NZ has Goods and Service tax instead of sales taxes and, yes, it is a tax on consumers not on Apple.

For corporate tax, NZ has the same laws as most countries (but not the US) - companies pay tax where they are incorporated/resident. If Apple runs its NZ affairs through an Australian firm, it pays profit taxes in Australia. Likewise, when I sell consultng to a US client, my company pays taxes in NZ, not in the US.

Windows PC spy nasty dormant for three years, mutates and resurfaces


Patched long ago

The original vulnerability was patched in 2012; the later one was patched by MS15-033 in April 2015.

So this nasty affects stupid people and stupid organisations only. Apparently such targets can be readily found in the US and Africa, as those are the currently affected regions.

Geo-boffins say 'quake lifted bits of New Zealand by 8 metres, moved at 3km/second


Re: So how was New Zealand created?

Oh yes, there is a long history of earthquakes. And don't forget the volcanoes in the North Island. The Oruanui Eruption (26,500 years ago) was the biggest eruption anywhere for the last 70,000 years. Auckland is built on a volcanic field: lots of pretty little hills, with new ones popping up every now and then. The last was about 600 years ago.

But tsunamis seem to come most often from quakes elsewhere in the Pacific, typically Chile.

Google Pixel pwned in 60 seconds


Re: Four Seconds

Easy: if you could patch all of the flaws in Flash, Flash would not work at all.

Even in remotest Africa, Windows 10 nagware ruins your day: Update burns satellite link cash


Maybe I missed it...

But I didn't notice anyone saying they had sent a few bucks to help this outfit with their bandwidth needs in protecting wildlife in one of the most godforsaken parts of the world. (And the various people with guns are variously Muslims, Christians, and Animists; poaching and murdering game wardens is an all-faiths activity there.)

So, for the record, they have $50 from me. Any other takers? Just follow the link in the story.

Insure against a cyberwhat now? How the heck do we crunch those numbers?


Many commentards don't understand insurance

Look at your fire insurance policy; it will exclude, for example, acts of war. The last time Britain got into a big war, half [sorry, lots of] the houses in London caught fire. No insurer can actually pay out that scale of losses, so they exclude them from the risk covered. Somebody else, the insured or the Government, has to bear these risks.

The insurance spokesman no doubt understands this about insurance, but does not understand cyber security. It is perfectly possible to insure against the odd idiot who leaves a laptop in a taxi, because this is standard idiot behaviour and the industry has lots of data on that. But cyber attacks are much more like warfare, in that people are actively working to create losses. If some unknown vulnerability is discovered and exploited, half [sorry, lots of] the companies in Britain could suffer big losses. The insurers cannot actually pay out for this, and last year's data on cyber attacks is pretty much useless for predicting next year's losses due to new kinds of attacks.

So the insurers want data that actually won't help them, and that will create new risks. The insurers will either have to become cowboys, making promises that they cannot honour, or will have to exclude liability for most active attacks. That would rather defeat the purpose of cyber insurance.

Earthquake-sensing smartphone app fires off early alerts of disaster


Done this already

I was part of the Quake-Catcher Network for several years - small sensor mounted on the floor with my desktop analysing accelerations and sending packets to Stanford. Apparently proved the concept well, and my setup reported on several quakes, but maps of user locations showed that the network was over-represented where lots of tech people live and under-represented where most earthquakes happen. It seems that the grant ran out, and the network is no longer really active. Maybe this will replace it.

The Mad Men's monster is losing the botnet fight: Fewer humans are seeing web ads


How many clicks is fair payment?

El Reg won't let me pay directly (as I do for various other websites) and with Firefox/NoScript I can't see any ads. So I started up IE, found a couple of ads (only for things I would never buy, unfortunately) and clicked on them in order to feed the vulture.

I don't mind doing this now and again, but it raised the question in the title. Presumably clicks are more valuable than just views - so does a couple of clicks a month provide fair support?

Verisign warns new dot-word domains could make internet unstable

Big Brother

Context: the law is an ass

The point is that this is a regular filing to the Securities and Exchange Commission, as part of which the company has to discuss any material risks to its business. These boilerplate filings are written by corporate lawyers, and their purpose is to ensure that no matter what happens "we warned you of that risk, so you (investor) can't sue us."

This does not mean that anyone technically competent at Verisign actually expects a problem, just that the lawyers get paid for imagining possible problems.

Microsoft cracks personalisation without prying


Firefox does it better

I set Firefox to accept all cookies - no questions asked - and then to discard them all automatically at the end of the session regardless of their expiration instructions. Voila, no tracking, except for sites which I am comfortable adding to my whitelist (such as theregister.co.uk, of course).

IE's cookie handling is intrusive and complex; if I reject cookies for a site, it may not work during the session, and if I accept cookies then they are retained unless I hunt them down manually afterwards. Bloom cookies seem designed to reduce the impact of this poor UI design; not a good approach for the user, although it may suit MS's commercial interests.

Files aren’t property, says US government



Then keep them on your own computer.

Ten netbooks


Re: Windows is not the enemy of netbooks

An afterthought: in case of theft, my netbook's hard drive is completely encrypted using TrueCrypt. So everything, including the operating system files, has to be decrypted on the fly, which is a tax that I don't impose on my desktop machines. Even with that overhead, the netbook's performance is perfectly adequate.


Windows is not the enemy of netbooks

I don't understand the complaint about netbooks being underpowered. My old Samsung N140 (Atom N280 at 1.6GHz, 2GB RAM) runs Win7 Ultimate 32-bit just fine. The original Win7 starter + crapware quickly got annoying, and I eventually replaced the 250GB(?) disk with an 80GB SSD, of which I use less than half - this improves battery life a lot and improves performance a little. I run Office including Access, statistical analysis with Mathematica and R, VBA programming, and basically all the same stuff that I run on my desktops. Yes, some operations that take 10msec on a fast desktop take 30msec on the netbook, but you usually need a timer to notice the difference.

Of course, I could have bought a full laptop for the money I spent upgrading, except for two points: (1) Every manufacturer seems to supply Windows + crapware preinstalled, and there is no way to thoroughly remove the crapware and get decent performance from Windows except to install a clean copy direct from Redmond. So that upgrade is necessary on a laptop anyway. (2) Laptops are too big to fit properly in front of the next seat on a train/plane/bus, where I do much of my work.

Modern machines, even netbooks, seem easily powerful enough for the things I do. I wouldn't try video editing on one, of course, and I don't play games. My complaints are the crippled screen resolution and the fact that opening a Sammy case to upgrade is difficult and dangerous. But this line-up shows that there are netbooks out there now with reasonable screens, so maybe it's time to upgrade. (I'd still transfer across my SSD and my proper Windows, though.)

Finally some QUALITY apps for Android: PalmOS emulator ported


Re: Just needed a leaf from the Palm

Ta, Bill. It hadn't occurred to me to search for a graffiti app. Just installed it, and my HTC One X is now finally usable!

Secret US 'Jedi' ghost-copters kept out of bin Laden raid


This post has a black helicopter logo

But its stealth technology is so good that you can't see it.

Boffinry summit names 3 new elements


Prenaming elements

We already know the atomic numbers of the elements that have not yet been created. So why did the committee not clear the decks while it was meeting anyway and announce the names to be assigned to the next dozen or so?

Open-sourcers suggest Linux secure boot block workarounds



You won't get your money back, because the computer WAS fit for purpose. It was sold to you as a machine that runs Windows 8, and it did that. Wanting it to run Linux (or XP, for that matter) is like buying a petrol-engined car and expecting to run it on diesel. (Anyone managed to get a refund on an iPhone because it won't run Android?)

The problem is that some of us will want to buy machines that are not tied to Windows 8, and it is not at all clear that enough manufacturers can be bothered supplying that market. The Windows 8 logo will be really important to them, and they can get that without the extra fiddling needed to support other operating systems.



Biting the hand that feeds IT © 1998–2020