* Posts by gnarlymarley

143 posts • joined 2 Jul 2014


Google takes a page from Microsoft of old and revives browser ballot on Android


price attached to seach?

Judging by the comments it appears folks are not concerned with a "dollar amount" that google attached to the search. Apparently, google only makes $40 off me if I use their search?

We'll help you get your next fix... maybe, we'll think about it, says FTC: 'Right to repair' mulled


ownership and who is liable for issues

I understand this article is about "responsibility", but it also begs the question: 'once a product is "purchased", who owns it?' I miss the old days where I could do whatever I want after the warranty expires, but if I do anything before, the warranty is void. That void warranty was done by a void sticker that if broken was easy to tell if the warranty was void. With newer hardware, that warranty void sticker seems to be gone.

2 weeks till Brexit and Defra, at the very least, looks set to be caught with its IT pants down


I don't get it. The local rules do not need to change. The UK would have made rules governing itself locally. Those rules should still be the same. The only thing I see with the brexit is now there is a border change. This "should" only affect people visiting from other countries. However, brexit "should not" affect UK citizens, unless they are traveling remotely. All the UK needs to do is pass an agreement that the border stays the same as it is now, until they can agree on how to limit it.

TalkTalk kept my email account active for 8 years after I left – now it's spamming my mates


report spam

Solution is simple. Just have all recipients report the spam. If they use a reporting service such as http://spamcop.net, then talk-talk will be forced to deal with the problem or else face a possibility of being put on multiple email black lists. This should get some action.

How to make people sit up and use 2-factor auth: Show 'em a vid reusing a toothbrush to scrub a toilet – then compare it to password reuse


Re: Wanting to use 2FA is one thing...

Furthermore, the phone is something you carry with you already.

Not everyone carries a phone with them.

Also, the phone is not as secure as you think. There is the sim card swap which means hackers can put in your number and get texted your username. Then repeat it to reset your password. So effectively by trying to implement the 2FA as it is today means less security than then without it.

When 2FA means sweet FA privacy: Facebook admits it slurps mobe numbers for more than just profile security


windows virus

Wow, now the windows fake lying virus people can connect to you on facebook, all just because they called you. There is a reason why facebook, google, yahoo, and anyone else that tries these tactics will never have my phone number.

Jeez, what a Huawei to go: Now US senators want Chinese kit ripped out of national leccy grid



Sounds like the demosquats are not getting their way with Trump, so they are trying to bite anyone to start a war? The demosquats will probably go so far that they are the only ones that are dead in the end.....

Roses are red, Facebook will pay, to make Uncle Sam go away: Zuck, FTC in $bn settlement rumor


lump sum?

Who are we kidding here? Facebook would just rework the numbers and mysteriously make $16bn this next quarter. Business are just tax collectors and in this case Facebook would rework the system so that they would get a tax discount as well as making the money paid to the ferals back. As with all crooked corporations, this "settlement" will change nothing.

You like JavaScript! You really like it! Scripting lingo tops dev survey of programming languages


craplet out of javascript

What do you call a craplet written in javascript instead of java? I call it Service Now. A better name is needed.

Arm wants to wrestle industry into a seat on the UK.gov's £70m hardware security train


Intel reborn?

“With businesses having to invest more and more in cyber security, ‘designing in’ security measures into the hardware’s fabric will not only protect our businesses and consumers but ultimately cut cybersecurity costs to businesses,” said Business Secretary Greg Clark MP, in a canned quote announcing the move. The project is led by a government body, UK Research and Industry (UKRI).

And what happens if it has problems like Intel? Software you can change, but hardware would need replacing. If someone makes a mistake, I can see another Intel patch coming to the ARM series....

Facebook didn't care if your kids ran up gigantic credit card bills – lawsuit


Re: Is there a scammier corporation

Don't steal. The USA government hates competition.

$24m in fun bux stolen from crypto-mogul. Now he fires off huge fraud charge. Like, RICO, say?


Re: All the King's horses ...

Cell phone based 2nd factor is convenient but cell phones are really, really easy to attack.

And there lies the reason why 2FA might not be as awesome as we think it is all that cracked up to be. Most people are authenticating 2FA using cell phones.

It WASN'T the update, says Microsoft: Windows 7 suffers identity crisis as users hit by activation errors


Re: Windows is Close to Unusable

it's not normal to take 90min for an update, nor grinding to a halt with simple software installed.

Actually, I am reading the comments for this article on a windows vista machine. Seems a while ago the machine kept blue screening, until one day I disabled windows updates and all the blue screens went away. My windows 7 and windows 10 machines both take about forty minutes to install their updates. It is about 15 minutes for the patching, around 14 minutes for the shutting down "Do not power off your machine" screen, and about another 12 minute for the starting up "do not power off your machine" screen. This does not count the downloading due to United States slow internet, nor the login after the patching is supposedly done.


Once it's activated, it should remain so forever... no further license checking, ever.

Good in theory, but how do you deal with a license thief? People have made image copies of their windows installs to new computers, so that they activation would be already accepted. They did so at a previous job of mine in 1997 with windows 95. This is why when microsoft enabled the windows updates, they did so with the license check at the start, to stop thieves from getting away with that stuff. As much as I do not like the windows activation check, it did show up for a reason. It was not until around 1999 where that company acquired software to clear the activation key when they did the image copy.


Then enterprise can kill the beast that is Windows in one swoop - anything that runs a browser will do.

And you forgot to mention that the company I work for says "as long as that browser is internet explorer". They firewall everything and force it through a proxy, so good luck trying to get around using something like edge or firefox or chrome or opera or seamonkey or........... Yes, there are idiotic companies out there that require computer use on "windows".

Due to this, since I am not ready to leave my employment just yet, I would say if you purposefully try to write an app that does not work with IE then I will be forced to go to your competitor. Either that or I quit my job and no longer have need to go to your IE breaking app.

Staff sacked after security sees 'suspect surfer' script of shame


Re: And that's why...

I'm pretty sure the commentards here would know how to tunnel their OpenVPN link through port 443. Maybe using stunnel. How is anyone gonna detect, let alone stop, that without banning almost all internet access to https websites?

My work has both 80 and 443 blocked. To get to those, you must use the proxy. Of course, port 22 is open, but when you have windows logging setup for the browser to pass all the websites back (using a microsoft domain policy) to the mail logging server, why would you even chance something like this. If you manage to get past the proxy, then the browsers will report you anyway.

American bloke hauls US govt into court after border cops 'cuffed him, demanded he unlock his phone at airport'


Re: Like many laws, a smokescreen for dominance

That's the way America has always worked.

This is not the America I grew up with. This has been introduced in the 1990s with the advent of terrorism. Before that, the United States was always a "don't tread on me" and they will leave your country alone. Thanks to "terrorism", now almost every country in the whole world has the same "terroristic" mentality and limiting laws as the United States.

I couldn't even take an almost empty tube of toothpaste out of Heathrow last month, because the pack size was over 100ml.

I rest my case.

If most punters are unlikely to pay more for 5G, why all the rush?


Re: it will be a genuine game-changer.

5G maybe awesome from the phone to the tower, but the big problem with all 5G, 4G, and 3G networks is the limitation on the back haul connection. Sure, they can add spectrum on the front end, but while the current business model of the limited back haul connections (where businesses only buy as much as they thing they will need) will always be the bottleneck of the issue. Which businesses are not going to buy a large and fast if nobody is going to use it. The problem shows up when the "rush to" the next big thing comes, not all businesses are prepare for that "rush".

This is why we may see regular trips for the vans with a constant pulling of new long distance cables.

One year on after US repealed net neutrality, policymakers reflect soberly on the future


Re: It hasn't hurt the internet yet

It took a while for Verizon to start throttling Netflix once they were able to do it last time, there's no reason to believe they'll be quick about it now.

How do we know that they stopped the throttling? Some companies still did throttling while net-neutrality being a law. They are probably still doing it. If they did turn it off, they probably left the equipment inline so they didn't have to visit every tower, which means they can just flip the switch and turn it back on.



"It didn't hold a single public hearing, and allowed for millions of fake comments to be lodged, which it then refused to analyze."

So, is the comment I made considered fake?

Bulk surveillance is always bad, say human rights orgs appealing against top Euro court


fire hose

Bulk surveillance is like drinking from a fire hose. When you get too much, it is much harder to find the impurities in the water. The more data is collected, the more the real criminals go free. If we want real security, we would try to limit the data so the bad guys could be caught.

The curious tale of ICANN, Verisign, claims of subterfuge, and the $135m .Web dot-word


Re: Alternate system

I think this is vanishingly unlikely. Who is going to convince multiple big ISPs to switch off the real DNS root to an alternate one at the same time?

The problem with the alternative, is that this same problems happens in politics. Not everyone will agree what it should be or who will run it. Everyone has some sort of disagreement when it comes to this kind of stuff. If everyone can agree, then what happens when the alternate one does the same thing, you run away again?

What a meth: Woman held for 3 months after cops mistake candy floss for hard drugs


Re: How many constitutional rights were violated ?

. . . but the authorities won't learn from it.

The problem here is folks want tighter restrictions for lawbreakers, but want looser restrictions for themselves. Most of us know there is some gray area where the two lines cross. We cannot get rid of this gray area just by saying so. It will always be here. Your choice is to capture the innocent OR to release the guilty. You cannot have the gray area be smaller than it currently is. Now if only folks could realize that, they would probably lean on the side that folks might actually be innocent rather than guilty first.

A side note, that this idea actually applies to the whole world and not just Georgia or the USA.

YouTube supremo says vid-streaming-slash-piracy giant can't afford EU's copyright overhaul


Re: Too hard

Naw. It's more like a community that decides to ticket/tow illegally parked delivery vehicles being warned by a delivery company that if they start doing so, no one will make deliveries in their community.

Ummm, deliveries will still happen. The catch is that they will be by someone like the mafia who will enjoy the higher pay. There are a lot of thrill seekers out there that will attempt to deliver and try to get away with it.

Of course, in this case, google may just block all IPs in Europe and withdraw its presence, just like it is heading for the android EU stupidness. The VPNs will need to stay out of Europe and even if they are breaking the law there, they will never be caught. This lack of presence means the jobs move to other parts of the world, so less employment in Europe.

So what would be the point of a law that does not stop copyright criminal activity?


"The police should catch bad drivers, instead of giving me speeding tickets"

Ummm, isn't speeding considered aa act of a "bad driver"? The speeding ticket is only an issue if you were not actually speeding.

Now I was going the flow of traffic one day, and a cop pulled me over and claimed I was speeding. Now I drive under the speed limit instead of going the speed limit. (And yes, I will admit that going slightly slower that traffic could be considered impeding the flow, but better to be "safe than sorry". If you don't like it, then stop calling the cops on me.) By adding more laws, we make it easier to catch the innocent in some sort of trap and we miss catching the guilty. It would be nice if we could actually catch the guilty without involving the innocent. (Also by guilty, I mean someone that broke the law, not someone that annoyed you.)


Re: "A badly thought out copyright rule may remove"

Any video that isn't pirated will stay there, and you will be able to keep on watching it. Instructional videos that don't infringe copyright - and remember there are a lot of fair use exceptions - they will stay there, just like any promotional video uploaded there with full rights, so what are your you talking about?

Under the current laws and current system setup, there are instructional videos that fall under fair use that is getting removed. I will name EEVblog as one of them due to some of his video which catch "bad actors" on the fundraiser sites. So are you saying that by adding more laws, we will start having actual fair use treated properly? I think what you would actually see is that more people would abuse your new law to their personal advantage.


Re: @ pascal monett

The problem for YouTube is that cleaning it up, will destroy their business model.

They get more adverts from a bootleg of the latest music hits, than they do from a video of me repairing a walkman. If they clean it up... then the income goes down the pan. That's the problem.

The reason for this is that some people seek it out. Back in the day (a few decades ago) the music industry tried to block MP3s, and when they started to release their content on MP3 instead of CD, mysteriously folks started getting their content from the music industries instead of the pirates. For me, I have no need of anything from the music industry (as I have already purchased any CD that is of interest to me). I imagine that folks will keep doing this as it appears to be the reason why folks upload pirated content up to youtube. One thing that folks have not accounted for is the "free advertising" from those of us would would run across pirated stuff and then seek out the original source.


Re: So what?

I watch a lot of YouTube videos - and as far as I am aware none of them are pirated. A badly thought out copyright rule may remove one of my best forms of entertainment (certainly better than the rubbish on TV). There are also a lot of instructional videos on YouTube - if they are removed because of the EU copyright rubbish then that will harm a number of people who use them.

Sorry Duncan, I have to agree with you.

There have been a number of original youtube artists that I watch that have been labeled as copyright violations. In the firewall world, there are two kinds of packets, false-positives and false-negatives. One means you get a copyrighted video through and the other means you block something that is not copyrighted. If as msknight says we will have a fine line that will never have any false catches (and I mean either direction), then the blocking would be okay. The problem is that there are always false catches and some of us that completely avoid the copyright music, pictures, or videos, keep getting caught in its cross hairs.

Also, I have to partially disagree with msknight. Mainly because the above where I note that catch all rules everything, youtube would need to hire 24,000 people (400 hours of video uploaded each minute) just to track all the videos. Also, due to human error, might need to double that so we can have atleast two people check every video. Now you can argue that they need blocked until otherwise specified, but that would mean the end of live streaming, even from Alex Jones as one would not be able to trust that he himself is not uploading "copyrighted content".


Re: So what?

Shed loads of content on YouTube is pirated.

There maybe lots of pirated junk on youtube, but there are some of us folks that do not have the time to seek it out, so we do not see it. All of the youtube videos that I see, all make some sort of comment about copyright and attempt to silence videos or blur background pictures. This means that I do not see the content.

Now back in the day when I would see something of interest, I would attempt first to see out a legitimate channel before finally giving up and going to the reupload. Any more these days youtube has raised the cap on how many viewers needed before you can "monetize" your videos, so it should no longer be worth it unless you can nab enough stuff to get youtube to pay you money for it.

Strewth! Aussie ISP gets eye-watering IPv4 bill, shifts to IPv6 addresses


Re: Not el Reg

Hang on! Is el reg starting to go IPv6? I just noticed that nir.regmedia.co.uk has been IPv6 for a while. I finally decided to look up what they had that was connecting to IPv6 when pages would load and I found atleast one domain that was connecting over IPv6.

>nslookup nir.regmedia.co.uk

Non-authoritative answer:

Name: nir.regmedia.co.uk

Addresses: 2606:4700::6812:fb87





It's been a week since engineers approved a new DNS encryption standard and everyone is still yelling


third parties?

DoH or DNS-over-HTTPS is a way of encrypted DNS traffic to make it hard for third parties to see where people are coming from and where they are going to online.

Just who are we kidding? The DNS provider will be able to log it on their side after it is unencrypted. This means that a "third party" will see what and where you go. Anyone that hacks in will see where you go.

I will call this DNS encrypted farse what it is, security through obscurity.

Sorry friends, I'm afraid I just can't quite afford the Bitcoin to stop that vid from leaking everywhere


Re: I've seen a definite uptick in these

These emails say all the same thing, even though both my phone and computer have no camera on them.

That malware make your front-facing camera capturing video

The other thing I find interesting is that they are sending it to an alias account for automation that has never had a password. Oh well, I guess they will keep sending it directly to my spamcop forwarding script.

Mozilla grants distrusted Symantec certs a stay of execution, claims many sites yet to make switch


Re: Who, and how much?

I guess they're trying to hang on to users. Firefox Quantium seems to have made some monthly active users move somewhere else. There was a summer slump that never went back up. Odd that...

And this is the reason why to try and keep your users happy. In the past, firefox has attempted stuff like this only to have the users complain to the website administrators. Now that the users are more wise, they are switching browsers instead. This means administrators may not be getting notified that there is a problem and folks are switching instead. I am one of those people that switched.

It also means that firefox lost their power (their ability to say what I do on the internet by forcing changes) over me and my browser.

New Zealand border cops warn travelers that without handing over electronic passwords 'You shall not pass!'


Security by Obscurity

Reminds me of the US where they have successfully sold this stuff as keeping people safe (I.E. preventing crime), but strangely enough I have not heard of one single case where the searching of electronic device prevented a crime. I have heard of numerous where it "caught the criminal" after the fact. Me thinks that too much information can get in the way of actual crime prevention, especially if the parser does not know what to look for....

'This is insane!' FCC commissioner tears into colleagues over failure to stop robocalls


Re: Poor FCC Commisioner Rosenworcel. She will now be inundated and the carriers will laugh.

I get 1-2 per day. Try blocking before the repeat calls come in.

Blocking calls is not an option. The scammers are laughing now as they are using every legitimate (callerID information ties to real people, mostly my neighbors) phone information in your local area. So are you stating to block legitimate people? When I told one of them that I was going to report them on the do not call list, they laughed at me and said go ahead. So instead I started asking for more information from them, such as a call back phone number or email address that I could add to the report. It seems that the callerID information is automated, so the actual person on the phone is does not know what it always is.

Just yesterday, we had a call where the callerID was my own. Kinda weird talking to yourself on the phone, where there is someone else on the other end of the line that is not you, but appears to be using your phone.

Microsoft 'kills' passwords, throws up threat manager, APIs Graph Security


Re: Phones ? really ?

I applaud the move away from passwords. Or I would, if I didn't think something relying on phones wasn't outright stupid.

This is not really a move away from passwords since you still have to remember a pin along side having the phone. So, what happens if you phone dies? You might as well keep a password as a backup for when the hardware dies.

In a race to 5G, Trump has stuck a ball-and-chain on America's leg


standard stabilization?

Maybe this will stabilize the standard. I realize that most of us prefer to purchase new phones every two months, but I would like something that lasts. If the Tariffs work, maybe we can get something that might last longer and the rest of us can actually purchase a cell phone that will last twenty years.

Microsoft pulls plug on IPv6-only Wi-Fi network over borked VPN fears


Re: Two questions if I may

They are actually behind Cloudflare, which means v6 is just a toggle away. It also means that, with appropriate hosts file entries, you can talk to El Reg over native v6 even without them explicitly enabling it. The last time I tried this, it worked fine except that attempting to post a comment didn't work. The post just disappeared into the aether, and never showed up.

Yes and any properly designed back end will just use any protocol in front of their web server without issues. Why log the IP inside the database post, when there are a few IPv4 providers change addresses using dhcp more than once a day. A system that is properly designed, I.E. uses the username to track anonymous posts and such, should work successfully with the flick of that switch.

As it stands, SSL and such work the same over both IPv6 and IPv4. Shouldn't be that hard for dual stacking the server.


Re: Two questions if I may

2. I don't know what their hold up is. Many sites get IPv6 by simply asking their CDN provider to switch it on. But at least where I sit, El Reg doesn't seem to use a CDN. So maybe it's their server load balancer that can't handle IPv6. Most of them can.

Me neither. If most people's CDN do not support IPv6, they do support the ability to get a tunnel. Took me about ten minutes to set it up and then another two weeks to realize that the concepts behind IPv6 and IPv4 were very similar. IPv6 is really not that hard. And like other folks have mentioned, on cloudflare, it is just the click of a button to enable.

Euro bureaucrats tie up .eu in red tape to stop Brexit Brits snatching back their web domains


why not a forwarder?

The eu could charge for them to keep it, but use a forwarder instead. That way all their old links could be URL swapped to the new domain and presto, they could still charge and maintain their control over the .eu domains. Even just a rinetd or iptables would allow them to spy on all traffic through the ip forwarder.

A boss pinching pennies may have cost his firm many, many pounds


time is money

When you think about the math or saving rails, each person would have a cost of about $100 (about twice the salary of $50 because of office space, lights, computer, and such.) per hour. Lets say it only took about five minutes (even though it would probably be more like fifteen to an hour).

Now that would be about $8/person for that five minute period. The weight of the servers would probably require four people. So this means that *each* server lift would be at least $32 worth of time. Do that once per server ($35 is what I see they approximately cost for new rails) and the rails could have paid for themselves.

Now, if I just do the math alone, I would be saving money by *having* rails just in man power alone!

Europe's GDPR, Whois shakeup was supposed to trigger spam tsunami – so, er, where is it?


Re: lots of people pay for privacy service for whois info

And so nothing really changed except that, with GDPR, it's theoretically possible to get the same level of service FOR FREE.

Except that the registrar becomes the middle-person. With private domain registration, the registrar had a hidden email forwarder setup, so email sent to the whois contact previous went directly to the domain admin email via a secret forwarding address. Now if that information may not present, then the registrar can hire additional people who can interface between the said domain owner and the complaintee.

As long as the issue is taken care of, I don't not care who fixes it. My guess is that this may not be as big of a deal as we all originally thought it would be.

We've found another problem with IPv6: It's sparked a punch-up between top networks


Re: IPv4 Address Pool Has Been Expanded Significantly

The main reason that IPv6 has not been rolling out smoothly is because it ignored the first rule of engineering in upgrading a working product / system, i.e., the backward compatibility to IPv4. Had it done so, the transition would have been completed a long time ago without even being noticed.

Both NAT64 and NAT46 provide backward compatibility. Maybe you mean the IPv6 mainstream idea that NAT *cannot ever* work with IPv6? It is the ideas of the NAT haters have have *tried* to force IPv6 without NAT, which has taken out the idea of any possibility of backward compatibility. Funny, the NAT haters can unite, but will always lose their poor battle, all because the rest of us have been using this backward compatibility for many years now.

Hackers clock personal deets on 'two million' T-Mobile US subscribers


Now is the time for the loads of fake IDs to head into the stores and have them get new sims. Yeah, maybe no financial data or social security numbers were nicked, but names and other data that would be used in the fake ID scams would have been.

Bitcoin backer sues AT&T for $240m over stolen cryptocurrency


Re: A Fool And His Money..

well what does AT&T have to dispute they violated there own rules on there own security practices (if any thing that store employee should be fired fined and jailed for bypassing a high risk security measures )

If this is true, then AT&T, while maybe not liable for the bitcoins directly, will be liable for the false sense of security.

Also, (again if true) this may encourage AT&T to start block 2FA, to prevent further liability. Even if the guy was to walk away with only a few dollars, I would still think about the damage a case like this could make for 2FA.


Re: So much for the "what you have" 2nd factor...

I agree though that SMS is not a secure form of 2FA. Too easy to compromise, whether through social-engineering, theft or SS7 attacks.

And this is why SMS will *never* be a secure method of authenication in my mind.


If I do not have a working phone with that number, the text is still sent and I have to wait 24 hours before corporate will make the SIM and send it to my registered home address.

Anyone desperate enough to hack this will still make it through. They just might be watching your home address for incoming mail. The IRS scams have seen fake police cars waiting outside a person's home, so by saying for corporate to send the SIM to your home address can be pointless if the hacker knows to watch your mailbox.

When's a backdoor not a backdoor? When the Oz government says it isn't


NSA going to leak your "not-a-backdoor"

I am surprised that more folks are not against this based solely on the grounds that the NSA will leak the backdoor to the bad guys. Note that the USA NSA is able to get backdoor stuff in the past from other governments, so no matter which country you belong too, it will be leaked. The question is a matter of time, not "if" but "when".

If all governments get their way, there goes your bank account's security.

IPv6: It's only NAT-ural that network nerds are dragging their feet...


Re: "the world is clinging stubbornly to IPv4"

When a business feels it is pressured enough to have an IPv6 website, that business will ensure that it can still get money from the IPv4 holdouts.

It very well could be that the holdouts are avoiding IPv6 due to its IPv6 built in rotation of addresses, which can make it harder to track who is who than just normal NAT.


Biting the hand that feeds IT © 1998–2019