* Posts by Richocet

90 posts • joined 24 May 2017


Oracle: Major ad scam 'DrainerBot' is rinsing Android users of their battery life and data


Re: Liability ?

If you look at the history of the printing press, there is a parallel with what is happening with the wild west of internet publishing.

Rampant publication of false critical stories about kings, queens, and those in power triggered the creation of libel laws. This may be how the internet gets cleaned up. Get your popcorn and wait.

Oregon can't stop people from calling themselves engineers, judge rules in Traffic-Light-Math-Gate


Re: What an engineer does in the UK

I nominated an employee fill the role of "Secretary" in a governance group. She took offense that this implied a "type up dictation" responsibility. None of the secretaries of other governance groups took it that way. I still can't tell if she was genuinely offended or was winding me up.


What you describe is tinkering with electronics. Don't worry, it won't be outlawed.

I don't know the type of designs you have worked with. My recollection of electronic engineering at university includes solving equations that didn't fit onto a single side of a piece of paper.

From my personal experience of getting an engineering degree and working as an engineer, this can mostly be assessed by evaluating your designs, and ability to troubleshoot problems. As the person gets closer to a professional engineering qualification, looking at the projects they have completed while working as an engineer, comparing them to their peers, and maybe interviewing peers who they worked with.


Re: Restrict engineering

Yes, it's not just about being competent at the core aspect of your job, or thinking you are competent because you haven't been fired yet (but nobody has evaluated your work in detail to quantify your skill).

For many people in this situation they don't know what they don't know, e.g. the ethics; and handling the situation where what your employer tells you to do isn't safe or ethical.


Restrict engineering

While in this case I agree that this is a sensible outcome, in general I think it shouldn't be fine for anyone to call themselves an engineer. The principle is the same as (medical) doctors.

While not everything (professional) engineers do is life or death, a manor benefit to laws requiring registration is: You need someone qualified and registered to sign off on something significant like a bridge or a new airplane control system. The legal system and professional body surrounding engineering provides a strong incentive and a degree of protection so that the engineer signing off on something important will do an expert and unbiased job.

Otherwise you have a situation like at Facebook and Google where thousands of people with 'engineer' in their titles bowed to their employers wishes and developed large scale devious, manipulative and privacy violating systems, and misled authorities about it.

Professional engineers are in a better (but not perfect) situation to resist this sort of pressure.

HMRC: We 'rigorously tested' IR35 tax-check tool... but have almost nothing to show for it


I agree. Ever since I worked in the UK IT industry 20 years ago the HRMC assumption is that all sole-trader contractors are only doing it to avoid tax.

However they are doing the same sorts of work as the bigger IT outsourcing operators and consultancies who never get questioned about their IR35 tax status. It is massive hypocrisy.

So either do HRMC staff either have no idea of what IT contractors actually do (probably) or are they just going after easy targets?


Re: Were...

Taking this right off topic: Devs who do this sort of thing should not be calling themselves engineers.

If this was common practice in construction, we'd have bridges collapsing frequently and the engineers who designed them saying "it's not my fault, the client made me do it that way".

Boffins debunk study claiming certain languages (cough, C, PHP, JS...) lead to more buggy code than others


Re: And they get paid money to do this?

I'll concede your point about people who can get things done, but having worked alongside academics with PhD's for many years, I think this is more a case of "You don't know what you don't know".

It is amazing what some of them know after having spent multiple decades specialising in one area.

I'm not a PhD myself - I'm an engineer. I made a similar comment in response to a Reg Thread about what do "registered engineers know that developers who with the job title Engineer don't".

Forget snowmageddon, it's dropageddon in Azure SQL world: Microsoft accidentally deletes customer DBs


Re: Holy crap, Microsoft....

C) Presumably this took MS a little while to figure out what had happened (as it seems to me to be an obscure issue), and then wake up someone senior enough to sign off the communication to customers + maybe get a lawyer to check the wording.

B) 5 minutes isn't much for some customers - it is a lot for others. For perspective all the banks I worked in over the years decided that 24 hours was the maximum acceptable loss of data in the case of a database being restored from backup.

A) Yes this should have been tested. I don't know a lot about sysadmin work, but my thinking would be that an automated script that deletes databases after such a short time would be risky. Maybe flag the database for deletion and give a chance for a person to see this on a report before it gets actioned. Hundreds of these suddenly appearing on a report unexpectedly would have a good chance of triggered an intervention before the deletions.

Wow, fancy that. Web ad giant Google to block ad-blockers in Chrome. For safety, apparently


Concerning big brother move

Quick thoughts and experiences on adblockers and privacy extensions:

I installed Adblocker 2 years ago and find it is a good productivity tool be getting rid of the distractions.

With the amount of sites that show scam ads (Your computer has a virus) or run crypto-mining scripts, I think everyone should be entitled to block ads and other website elements. I find it hypocritical of websites that are full of scammy ads that complain about adblockers because "they need the revenue". That has never been a legitimate defense for aiding criminal activity!

After thinking about it more, I came to the conclusion that I was more concerned about people collecting and trading private data about me, so I installed privacy badger and uBlock Origin. I have been happy with them. About the same time I installed Firefox and installed the same extensions on it.

I find Firefox and Chrome about equally convenient as browsers. So if Chrome changes to disable privacy blockers, I will rapidly change to Firefox only browser.

I hope this is helpful to anyone considering what to do now.

Man drives 6,000 miles to prove Uncle Sam's cellphone coverage maps are wrong – and, boy, did he manage it


Re: A good pro-bono opportunity for Google

If Google hasn't already done it.

Remember the news when they were logging everyone's WiFi access points with the cars that shot the Google street view photos.

Huawei's horror show 2019 continues as Taiwanese research institute joins banhammer club


Re: Accusations

I think that instead of 'publishing it in a flash' they would share it with select allies' intelligence agencies, and use the threat of publishing it as leverage in diplomatic and trade negotiations.

Senator Wyden goes ballistic after US telcos caught selling people's location data yet again


Re: CEO jail time

Maybe. Apparently in US prisons people have a awful time if they are not a heavyweight boxing champion or wealthy.

So in the unlikely event that wealth won't be enough to buy their way out of a prison sentence, it will make for a pleasant prison stay.

Ho ho ho! Washington DC sends Zuckerberg a sueball-shaped present


Re: There is morality and there are laws

I agree. Readers of the Reg have above average understanding of technology.

The average person who wants to stop having their location tracked would expect that "location services" = off will do that for them.

Then there are people on the other side of average. Those unfamiliar with technology, people in the early stages of dementia, people with learning disabilities. How is it OK to mislead and deceive them?

Does the digital industry have a broader cultural problem where they are seen as fair game?

Fire chief says Verizon throttled department's data in the middle of massive Cali wildfires


Re: All Verizon need now is a fire...

I was thinking along the same lines:

When a fire threatens Verizon property, phone them up and negotiate for a better deal on their data plan.

Pentagon 'do not buy' list says нет to Russia, 不要 to Chinese code


Re: Protectionism vs. security

Hickvision LOL

Google leaps on the platform formerly known as Firefox with $22m splurge for KaiOS


Re: More money equals more good

Unlimited data + 20GB.

How do you know when you have used up the unlimited data and and started consuming the 20GB?

Reminds me of number theory... https://en.wikipedia.org/wiki/Infinity_plus_one



Re: How spoiled and lazy we've become

That what is needed to hold the encryption keys these days :-)

nbn™ CEO didn't mean to offend gamers, just brand them unwelcome bandwidth-hogs


As a gamer I use a lot of bandwidth

My wife went to EB games and bought the online game Elder Scrolls Online Morrow-wind. After inserting the game disk into the XBox it proceeded to download 76GB of data over the course of a few days before the game could be played, followed by a few more GB of patches and updates.

She decided this is a good game and we should both play it, but we only have one XBox so we will need to buy 2 PC versions of the game (a long story). So after updating Steam we did this. Steam started downloading the game on both PCs. 2 days later it got to 46GB and 62GB downloaded and then restarted the download. We were not impressed by this and switched to downloading to one PC and copying to the other. 3 days and another 76GB later we had it installed and running. Just 2x2 patches to be downloaded and installed after running the game for the first time.

Now we are playing it the data use is small but it took 260GB of downloads over 10 days to get set up.

Most other games are similar.

In conclusion: we use a lot of data for gaming. Are we the only ones?

Uber robo-ride's deadly crash: Self-driving car had emergency braking switched off by design


What could they do to be even bigger arseholes?

Try to attack the reputation of the deceased victim by investigating her toxicology.

The video clearly shows that the pedestrian with the bike didn't jump in front of the car or do anything erratic.

I am appalled.

Oracle tells tales about Google data slurps to Australian regulator


Re: Oracle playing the Knight in shining armor

Well, in 2012 I updated my phone OS and then it suddenly began using cellular data at a rapid rate. Especially when I drove or traveled - when it got hot to the touch.

My suspicion was that the phone was monitoring my movements and activities and sending back this data, and the update had included a bug or sent the information hundreds of times more frequently than intended. Why else would a smartphone burn through so much data while not being used?

I closed all the apps and used the phone sparingly. It made no difference.

In 10 days it had used my full 2GB data allowance.

Look, we're doing stuff: Facebook suspends 200 super slurper apps


Re: Dubious.

Mark Zuckerburg has been quoted in the early days of Facebook (the Facebook) of describing his users as suckers for providing information about themselves to his app. This is hardly a new problem.

Will he ever grow up and change this attitude?

Shocker: Cambridge Analytica scandal touch-paper Aleksandr Kogan tapped Twitter data too


That's the scenario we often hear about.

This is an equally valid scenario for for a betting business: A former customer of the business is suspected to have experienced gambling addiction when they became depressed in the past. An analysis of sentiment in this persons tweets and facebook posts shows that they are making many negative comments. So lets target them with advertisements to encourage them to gamble.

The technology exists to do this.

Is the business justified in the logic that the customer will probably begin heavy gambling soon and it might as well be with us rather than a competitor, so we should show these adverts?

Facebook previews GDPR privacy tools and, yep, it's the same old BS


FB could make plain what information it will sell

"The web giant could also make plain what information it will never provide to anyone else."

They did. The answer was "none".

So they didn't bother creating a page. Which is why it isn't there.

Apple store besieged by protesters in Paris 'die-in' over tax avoidance


Re: The root cause

They are doing many things that are in legal gray areas and a few things that are illegal but can't be proved, such as lying about costs and licensing fees.

Changing the laws isn't a silver bullet.

Enforcing existing laws is another option that would help. Although that would require paying people to do the work, which is politically unpopular. And I think there is little political will to tackle this as long as those companies keep donating to political parties.


Re: But!


Yes and no.

Most of what they do could be argued to be legal (but is in a gray area since it goes against the intent of the law). And they get to keep the money while the legality is debated. And if they are found to owe the money in the end, it is already in a tax haven and impossible to get back.

However most of these schemes involve a step in a secrecy jurisdiction such as in the Caribbean or Switzerland where the ownership or value of something is recorded and hidden, then the value or ownership is falsely declared to non-secret governments (as something else). This is why the Panama papers are so important - they prove that many big companies and wealthy individuals were lying and therefore evading tax rather than avoiding it.

The sad part is the lack of action. Perhaps that is related to 4 prime ministers being revealed as having secret offshore accounts.

Facebook back in court fighting claims it nicked British data centre IP


Re: Reputation

The execs refused to endorse this corporate motto about 10 years ago. Even though it is in their corporate code of conduct in a document somewhere, if powerful members of Google refuse to accept it, it isn't really their motto IMHO.

Bot-ched security: Chat system hacked to slurp hundreds of thousands of Delta Air Lines, Sears customers' bank cards


Re: GDPR Fines may help - But its not enough...

I wish I could upvote your comment twice.

PCI is a very strong framework to prevent these types of issues. If major corporations are not following these practices them someone senior there is incompetent or negligent.

There is no need to reinvent the wheel.

ACCC clamping down on Premium Billing Direct payments


Re: Why so greedy????

Interesting observation.

Does this mean that all businesses will eventually become fraudulent and criminal?

Banks used to be quite trustworthy (a long time ago), and when you see what has come up in the Australian Royal Commission into banking so far, the misconduct, deception, and fraud is substantial. It got me wondering about dishonesty in business, and I see the inevitability of your answer.

Perusing pr0nz at work? Here's a protip: Save it in a file marked 'private'


Re: The real story

If you could supply me with a link to the news article about this I would like to learn more. I'm sure such an incident would have made for lots of interest in the news.

Western Digital has cloudified the NAS and shoved it in a trendy box


Re: And why are NAS boxes now called "personal clouds"

I have finally got mine up and running, and it seems to me that the answer is that WD apps and software attempt to upload the data to the device via the INTERNET.

Hopefully I am wrong, or I can mod this device to just be a NAS. Because I was shocked that a device that is physically in my house and connected to my LAN would work by uploading the files from my PC to a 'who knows how secure' WD cloud drive so that it could be downloaded onto the NAS that is located 1m from the PC.


Is this an NSA sponsored project?

South Australia bins emergency alert app, contract


You get what you pay for

$250,000 per year is not a lot of money to operate a service that is at times critical and people's lives depend on it. Compare this to running air traffic control.

It might be an adequate amount though. So for me it's not clear if the developers and operators of the contract stuffed up, or if such an important service was done without adequate ongoing investment.

As with many government projects, it would be most cost effective to operate a fire warning service nationally, not have an app for each state. That means all the cross-device testing, and upgrading for new devices and OS version updates goes much much further.

Italy leans on Amazon to retrieve €100m in unpaid tax


Re: Still cheap for Amazon

Employing people is an important benefit of having businesses in the economy. So is paying tax.

But let's not view employment as a charitable act. The workers have to work in return for their wages. Business shouldn't have to be paid or rewarded through tax breaks to employ people.

Google lies about click-fraud refunds and tried to destroy us – ad biz


Re: Don't Do Evil

Google employees came up with that slogan. The CEOs and senior management refused to adopt it. Clearly they didn't buy into it.

Microsoft emergency update: Malware Engine needs, erm, malware protection


Re: Wider issue

That is how the software is designed (compartmentalised).

The issue is that if the file being analysed contains some arcane pattern of data that causes the analyser to crash, then all bets are off about what happens next. That is a common tactic that hackers use on any software.

It is not possible to test the software against every combination of data that could ever be fed to it, so the software would be vulnerable to this risk, as is the case for a lot of software.

Some data and calculations or logic on that data need to be fed into the processor together. There is no way around that.

Google to crack down on apps that snoop


Re: This will affect 99.999% of apps out there


Apps you pay good money for can be rampant spies.

Then you are faced with the ultimatum to allow it access to excessive un-needed info or else the app will spitefully refuse to operate.

But you have paid and can't get that money back.


Re: Stop Snooping - That's our job - [Google]

...anyone who pays.

What are the odds that they have sold this data to organised crime syndicates already?

It is inevitable that this will happen at some stage thanks to the only criteria in place being the ability to pay for the data.

Federal police didn't delete all copies of journalist's metadata


Re: This is what you get...

Are you kidding?

Free press and an independent judiciary are a fundamental requirement of democracy.

Permitting govt/police to spy on journalists kills the free press.

If you need any recent case studies, try Russia, Turkey and Ethiopia.

These are countries that have only recently become totalitarian, and in each case it is clear that neutralising or eliminating the media is necessary to stop democracy.

'Break up Google and Facebook if you ever want innovation again'


Breaking news - laws won't apply to tech giants

I just read this news


Am interested to hear what commentors think in relation to the El Reg topic.


Re: but lack of innovation is not one of them.

Google did have some tech innovations such as non-locking distributed data updating. Basically their crawlers updating the search database while large volumes of queries were being run against that data.

Their labs projects were quite innovative too.

They shut most of that down now years ago but their profits continue to grow, their deceitfulness about spying/data collection grows, and their tax avoidance activities flourish.

Permissionless data slurping: Why Google's latest bombshell matters


Re: Are we surprised?

I'm not following UK politics, but “The definition of insanity is doing the same thing over and over again, but expecting different results”. Albert Einstein.

Haven't the Tories been in power the majority of the last 20 year?


Re: "Nobody suspected Google did this practice..."

Google buy the traffic information from Telco providers who give them a data set about the rate at which devices enter and leave each 'cell' in the network. From that and the government supplied CAD files for the road network they can calculate the volume and speed of traffic flowing along each road.

The telcos collect this data for every SIM device that is powered on, which explains why there is so much data.

I know this because the digital map company I worked at was offered the ability to purchase this service before Google back in the day.


Re: Are we even bothered?

Of course they will look through the data cherry picking information.

Every person has confirmation bias, so they will be looking for data which supports their position. Hopefully you have a defense lawyer looking through the data for information that exonerates you.

Because there is nobody whose job it is to look through all the data and form an impartial opinion about what they find.

User experience test tools: A privacy accident waiting to happen


Use of these things

While these services are designed for honourable purposes, there are still risks: that if cost wasn't a barrier they could be abused for spying and keylogging, that rouge individuals at the vendor or the customer organisation could abuse the data obtained, that the data they obtained could be accessed by hackers, or if a company providing these services was bought by a criminal organisation and systematically abused without the other parties being aware.

What can go wrong can be seen in examples like the advertising syndicates that collect as much personal data as they can and sell it to anybody that they can; and Facebook whose platform was used for unintended malicious uses plus Facebook's greed in doing business with anyone who would pay.

I gather this type of data for my work to improve websites. After years of working in the field I have settled on an approach: I invite user in for a session, ask them to sign a release, observe them in person, and record the screen and sound. I pay them for the effort, and provide a written guarantee that the information will only be used for improving the website.

Using online interaction recording services is an attempt to get the data cheaply, and I don't think it is worthwhile overall. Because it costs more to run online observations, the privacy situation e.g.consent, and the quality of the information is lower than in-person studies. Online tools are only useful for running analysis across large numbers of sessions, or meeting (unecessary) requirements to include hundreds or thousands of people in astudy.

WikiLeaks is wiki-leaked. And it's still not even a proper wiki anyway


Re: Shower of shites!

Re: Shower of shites!

"Isn't it getting a bit old trying to change the subject. Every time more evidence is found about Russian collusion all we hear from Big John is "what about the democrats?" "

This is not Whataboutism because no one is being accused of hipocrisy.

The accusation is that the subject is being changed - which is a red herring argument.

At the risk of creating an misleading analogy, that logic of fairness is not applied to most areas of life:

Why aren't organised criminals and ordinary citizens both investigated by the police?

Why don't all employees get the same bonus irrespective of how good they are at their jobs?

Why don't conspiracy theorists and qualified experts get the same amount of airtime?

Because equal treatment and fair treatment are not the same.

God save the Queen... from Donald Trump. So say 1 million Britons


Re: Diagnosis...

Thanks for the link. I bought the book and read it because I had a nagging feeling that mocking Trump and shaming his supporters might be ineffective or even counterproductive.

A fascinating read - I learned a lot and have plenty to mull over about how to interact with people with certain personality types.

Remember how you said it was cool if your mobe network sold your name, number and location?



Let's hope some effective legislation is put in place to tackle this and they are enforced.

I rate the chance as less than 50%. And the chances are lower in the US than EU.

An effective tactic to sabotage this behavior is to feed bad data into these systems. They have been designed around the principles of obtaining as much data as possible, and just assume that the data they collect is accurate. Then it is freely sold, shared, compiled between the data companies.

If 20% of the data was poisoned this would make intelligence drawn from the data too inaccurate to use. Correlation would produce significant numbers of false positives. The compilers of data wouldn't know which data was bad or when bad data started entering their systems. It would be unfeasible effort and time intensive to clean up the data.

Web tracking cookies, ad tracking, and email tracking are all vulnerable to spamming junk data into the databases.

A botnet would take this to another level with diverse geoip information spamming.

OnePlus privacy shock: So, the cool Chinese smartphones slurp an alarming amount of data


Re: To be honest

Well you best not by a Tesla then.

For Facebook, ignorance is the business model: Social net is shocked – SHOCKED – that people behave badly


Re: Duh gee George

I read somewhere that the court and the lawyers agreed to donate it to a bunch of legal organisations including law schools of prestigious universities. There was concern that this was not a very equitable distribution of the money.

I can't remember where that was posted.

Facebook ran $100k of deliberately divisive Russian ads ahead of 2016 US election


The solution to fake news and fake accounts is not as hard as claimed

Since algorithms clearly aren't remotely good enough to spot fake news, scams and fake accounts on Facebook, it is clear that actual people need to be hired to do this.

Facebook can afford to do this.

Zuck is probably concerned that the cost of employing people to do this on a long term basis will reduce profitability too much.

But hiring an army of people to do this will have a rapid impact on those who are currently abusing the weaknesses and loopholes in FB. It won't be as easy to adapt their activities to fool people as it has been to fool algorithms.

This will make it too hard for most abusers to keep going because they need a broad reach and low cost to achieve their goals. They can't be as confident they will succeed in that environment.

This will have the effect of driving them to other platforms where policing|moderating is weaker e.g. Twitter. The cost of human oversight for FB then falls, and FB have a lot more examples to feed their AI to create Zuck's dream solution of automated moderation (if that is actually possible).

Employing lots of people might also be good for FB PR, unless Zuck's zeal to eliminate jobs is too strong!

If a competitor does it first, the dodgy operators will move their activities to other platforms e.g. Facebook, making their current problems worse.


Biting the hand that feeds IT © 1998–2019