* Posts by Ben Tasker

1918 posts • joined 23 Oct 2007

Google to pull plug on Play Music, its streaming service that couldn't beat Spotify, in favour of YouTube Music

Ben Tasker Silver badge

Re: I've just uploaded my music collection to...

> Anyone recommend any free alternatives for uploading your own music to the cloud?

I switched from Google Play Music to self-hosting Subsonic ages ago. There's a free-er fork of Subsonic now, but I haven't got around to trying it

There's also Ampache which does the same thing.

On the phone end, spend £3 to buy Dsub - it's better than the free subsonic app and will work with Ampache as well (so if you switch backends it's all good). It locally caches music so you don't need to always be able to reach the backend.

Depending on your needs, running it on the NAS at home should be more than sufficient

Network sniffers find COVID-19 did not break the internet – though it was behind a massive jump in outages

Ben Tasker Silver badge
Joke

Re: 5G protester outages?

We've got a few of those nutters round here, so I occasionally see posters on lampposts. I did toy with an idea...

You know in the IT Crowd they make "the internet" and lend it to Jen.

Similar basis - little box with an LED in the top, and a magnet in the bottom.

Sticker on the side - "5G wave amplifier, property of Microsoft" - or similar

Make a few of them, and then start deploying them onto cars around the houses of the nutters.

Technically, though, I guess you could find yourself getting done for criminal damage

You think the UK coronavirus outbreak was bad? Just wait till winter: Study shows test-and-trace system is failing

Ben Tasker Silver badge

Re: Thailand had 1 case yesterday

> Any idea how much plastic waste would be generated if a significant proportion of the world's population disposed of 1+ masks each day?

So don't use disposable masks?

The point in the masks/face-coverings is to reduce the spread of droplets if *you've* got it. Wrapping a scarf around your face isn't quite as effective, but is still more effective than nothing.

> It's very possible that damp masks could act to trap, concentrate and ultimately transmit virus particles from the environment to the wearer's nose and mouth.

It is _possible_. But, it's also extremely evident that the countries who least oppose wearing masks are the ones who've done best out of this. Rather than hedging on smart-sounding "buts" and follow the evidence that's available like an intelligent individual.

Ben Tasker Silver badge

Re: Thailand had 1 case yesterday

> Masks may help to reduce transmission, but they do not prevent it. Also, people from developing countries struggle to get clean drinking water let alone clean masks. Hence you will always have a reservoir of cases ready to reinfect disease-free countries.

Some might suggest then, that given that ever-present reservoir of cases, it'd be wise to take steps that reduce transmission, like wearing a fucking mask.

Ben Tasker Silver badge

Re: Thailand had 1 case yesterday

> I have no issues with mask wearing. My issue is a lockdown that doesnt seem to work in a positive way.

Which seems to put you into a minority of those who oppose lockdown.

A very good chunk of those who were against lockdown also now seem to be against wearing masks (oh, sorry, muzzles apparently).

The reality is actually fairly simple - either people need to take proper precautions, or we're going to have to lockdown again to try and protect NHS capacity.

Whether through stubbornnes, stupidity or something else, those precautions seem not to be being taken, so we'll ultimately reach a tipping point where the choice is to lockdown, or to have a massive increase in deaths because the NHS can't cope.

The government screwed a lot up in their response, not least through screwing adherence to lockdown by not observing it themselves, but the number of people bleating about the possibility of a lockdown, whilst not wearing masks is unbelievable.

You can see why some might be opposed to your position in the comments given that position is normally explained without benefit of a mask, and usually with some dubious figures about how it's "not that bad"

What the duck? Bloke keeps getting sent bathtime toys in the post – and Amazon won't say who's responsible

Ben Tasker Silver badge
FAIL

Re: Review stuffing

TFA *literally* mentions that and says Amazon have checked that it isn't that.

Russia tested satellite-to-satellite shooter, say UK and USA

Ben Tasker Silver badge
Joke

Perhaps it was a carefully aimed USB device loaded with BadUSB - far less suspicious if you're satellite is there but not currently responding than if it's missing

Sick of AI engines scraping your pics for facial recognition? Here's a way to Fawkes them right up

Ben Tasker Silver badge

> Interested individuals may wish to try cloaking publicly posted pictures of themselves so that if the snaps get scraped and used to train to a facial recognition system – as Clearview AI is said to have done – the pictures won't be useful for identifying the people they depict.

Presumably, though, adding this to pics that are already published might be harmful?

If someone could put together a set of known before/after's, could they then train their network to identify and discard tampered images? At least, assuming that running it against the same image twice will give two identical sets of output (it crapped itself on my machine, so can't test)

UK surveillance laws tightened up as most spying demands to be subject to warrants

Ben Tasker Silver badge

Step in the right direction

It's not massive, but at least it's a step in the right direction, and sets the tone for when we need to make massive changes because we (predictably) don't get a Adequacy decision from the EU after January because we allow too much state access.

See you after the commercial breakdown: Cert expiry error message more entertaining than the usual advert tripe

Ben Tasker Silver badge

Re: "Rather than seeing the same old adverts"

Funnily enough, my pihole was briefly blocking some of their ad domains actually.

It led to some *severe* misbehaviour. You'd be watching Four-in-a-bed, and it'd come to an ad break. The app would sit there for about 30 seconds, fail to load the ads and then dump the episode back to the beginning.

Just to make it worse, if you tried to skip forward (having to guess where you were up to, of course) it'd try and load a new ad break...

If you opened the app on your phone (I was chromecasting) while it was getting stuck, sometimes it would recover and play the next bit.

There's all sorts of unfair angst hits these forums about developers and the quality they churn out, but the more I use All4, the more I think their devs don't get nearly as many complaints as they actually should. It really is packed full of irritating behaviours, including an occasional - but persistent - refusal to record which episode you last watched (problematic now that some bright spark collapsed all of F-I-A-B into a single monolith series rather than seperating by year like they used to).

Ben Tasker Silver badge

Re: Context failure

But it's (usually) on the same network as devices that do have that data (potentially including a wide-open NAS in some households) and makes a convenient, and hard-to-deal with (for the owner) pivot point. And that's assuming that crooks are only interested in getting at your banking data - they're not, and are just as happy to enrol your TV into their DDoS service.

If you need help imagining a scenario

- Attacker manages to poison DNS for the advertising domain, or otherwise establish a MiTM position

- Serves up a video containing an stagefrightesque exploit

- TV opens reverse shell back to attacker's C&C and does whatever

With actual cert validation, the attacker would need to be capable of presenting a valid, publicly signed cert - not impossible, but presents a significant additional barrier. Without it, they can set up their MiTM using a snakeoil cert

Given the IOT industries famous lack of fucks for security, if anything, these devices need *more* care not less.

Ben Tasker Silver badge

Re: "Rather than seeing the same old adverts"

> That's the thing that bugs me with ITV player, its exactly the same adverts each break

All4 seems to be doing much the same at the moment, or at least, Apple seem to have paid them to absolutely saturate us with adverts for Greyhound (exclusive to Apple TV dontcha know). I hope the fuckers paid an absolute premium to over-advertise to the extent I'll definitely not pay to watch it now

Ben Tasker Silver badge

Re: At least here you have the option to proceed anyway

> However, with HTTP Strict Transport Security your browser developers decided you are not allowed to bypass the error screen

That's not actually true.

In Chrome, when you hit that error page, type badidea and it'll be bypassed. Not intuitive though.

But, to be fair, it's not actually the browser's fault that you can't bypass the screen, all they've done is implement the advice in the RFC - https://tools.ietf.org/html/rfc6797#section-12.1

Report: CIA runs secret cyberwar with little oversight after Trump gave the OK, say US government officials

Ben Tasker Silver badge

Re: Like they haven't already??

> Why is the US always expected to withstand the slings and arrows, and not do a damn thing about it?

Where did I say do nothing?

I said don't target civilians. And, by extension, don't be surprised when the result of you targeting civilians is your own civvies being targeted more by state level actors.

If the US wants to target foreign infrastructure, whatever. But leaking lists of individuals credit-card numbers? They're *supposed* to be better than that - doing it sends a serious message about their morals, their capabilities or perhaps both.

The individual citizen doesn't have an awful lot of say in their government's politics, even in the US. But the CIA seems to have decided it'll hold an unfortunate few citizens responsible all the same.

If they airdropped some seals into an Iranian high street who went around beating randomers up for an hour to teach the IR gov a lesson, would you defend that? It's the same underlying principle, states should act against states, military and high-level officials, not individual citizens.

Sorry, but it's reprehensible and utterly indefensible IMO.

Ben Tasker Silver badge

> If Iranian hackers posted details of millions of US bank accounts online

Yep...

It might be "cyber" (ugh), but choosing civilian targets is not OK, and setting a precedent for doing so is particularly unwise given that others will use that as an excuse to target US civilians.

Twitter says hack of key staff led to celebrity, politician, biz account hijack mega-spree

Ben Tasker Silver badge

If you remember, he was banned a while back by a Twitter staff member on his last day.

I would guess that to prevent a re-occurrence of that, they may have put some kind of special handling in for his account (and presumably the Whitehouse account too).

Although, given the messages were basically "I'm feeling generous and will double your money", perhaps they thought no-one would believe it of Trump and his friends?

Trump reveals US cyber-attack on Russian election-misdirection troll farms

Ben Tasker Silver badge

Re: Detracts from journo standards

I meant I assume its factual that he said/revealed it, not that it's factual he actually did authorize it.

The article's reporting on him saying he authorized it...

Ben Tasker Silver badge

Re: Detracts from journo standards

> Whenever I read your (The Register) things about the US Trump Administration it is inevitably from a heavily biased viewpoint that they are all bad to the bone.

Out of interest, has it occurred that maybe it's the administration's own actions that lead to that effect of it all being negative?

There isn't _much_ for them to crow about without relying on nuances of language (well, we built *some* of the wall and never said we'd build all of it).

But, I don't really see how your criticism applies to this article in particular:

- Trump revealed he authorized an attack on the troll farm - factual (I assume)

- He's made statements before that hinted action had been taken

- He's repeatedly said they should try to be friendly to Russia - true

- He's been criticised for that position by those who view Russia as an enemy - true

- Revealing the attack will likely help appease some of those who called him soft on Russia

- Russia now know with certainty it was the US

- Russia can analyse the attack to know how the US conducts attacks (because it now knows the US was behind it)

- It contradicts his previous claims that the win was solely due to him being great

Unless you're opposed to the idea that he's said the US should be more friendly towards Russia, or the idea that a troll farm being active (and sufficiently so to warrant counter-attack), it doesn't seem like there's any overt negativity/bias here

Apple: Don't close MacBooks with a webcam cover on, you might damage the display

Ben Tasker Silver badge
Joke

We've found through focus groups that people prefer these $100 bluetooth webcam lights that come in a snazzy case to charge them, so we think embedded LEDs are a thing of the past

Ben Tasker Silver badge

> Instead, Cupertino advises users to rely on the built-in features of macOS, such as limiting what applications have access to the webcam through System Preferences. It also suggests users keep an eye out for the green camera indicator light.

Concern about those things not being trustworthy/reliable is exactly why covers exist. Most RAT's include functionality to do it, and "oh it only affects Windows" isn't exactly a reliable risk-assessment, particularly when there are RATs for most platforms. Yes, Apple has mitigations in place, but the way you find out they aren't enough is retrospectively...

What Apple _should_ do, is design a sliding cover into future models

Oh what a cute little animation... OH MY GOD. (Not acceptable, even in the '80s)

Ben Tasker Silver badge

Re: All of these tales and comments...

I found a kernel module that had been 777'd on a system once - and yes, it was being loaded.

It was supposed to have been a vendor managed system too...

We've paused Sigfox roof aerial payments, says WND-UK, but we'll make you whole after COVID

Ben Tasker Silver badge

Re: I don't get it £840k a year for something you could do over LTE

I disagree.

At the border, if anything, there's an assumption of *bad* faith. That you don't have the resources to check everyone/everything is irrelevant, the point is you're assuming that someone is going to try and sneak stuff through and so perform spot-checks in order to raise the perceived risk for smugglers.

The system I'm talking about doesn't assume bad faith, and isn't designed to. If your lorry driver is bent, and takes a MRH off the back of the lorry somewhere, the system won't tell you where it is, just that it didn't arrive at it's destination. It's about keeping a view on the currently available inventory, not auditing human behaviour.

The difference is the acceptable failure rates - it's acceptable for something not to auto-check-in on the delivery, because it'll be found pretty damn quickly anyway when it's flagged as "absent".

The EU on the other hand would probably not feel the same about stuff that "slips" through the border because it didn't have a tag on (or whatever). There's an "acceptable" failure rate at borders too (because you can't stop everything), but it's much lower than at a warehouse, and a system based on electronic tagging just isn't going to achieve that bar IMO.

Ben Tasker Silver badge

Re: I don't get it £840k a year for something you could do over LTE

No, I can see why you'd jump to RFID but it wasn't that - the tags used were active rather than passive. They need to be because the lorry is only driving vaguely in the vicinity of the receptor, it's not like it's passing through a gate housing it or similar (plus RFID doesn't work so well when the tags are inside a big metal container, but the antenna isn't)

Still, the tags were very cheap in the scheme of things, yes.

Ben Tasker Silver badge

Re: I don't get it £840k a year for something you could do over LTE

Having used it, I'll tell you one thing for sure - if you want to try and use it for an electronic border, you really are on a hiding to nothing

I said we used it, not that it necessarily worked particularly well/reliably. I certainly wouldn't trust it to enforce border policy.

In a goods receiving context it's not too bad, because if something hasn't checked in you can get someone to go into the warehouse and physically check if there's an extra 1 in stock.

You can't do that with a border because it's going to end up god knows where, and the smugglers aren't going to put tags on in the first place (or will tag, but will declare it's something else).

Boris' electronic border suggestion is and was, complete bollocks, sorry. It only works where good faith is involved, and that's never the case at a border.

Ben Tasker Silver badge

Re: I don't get it £840k a year for something you could do over LTE

In the MoD we used to use something similar to this solution for tracking aircraft spares.

The lorry would drive past one of the antenna, and everything in the container would check itself in as arrived (at least that was the theory, sometimes the kit would be turned off, or a few bits wouldn't check in). Large/expensive items got a dedicated tag, smaller stuff may be put together into a container with it's own tag.

Using a LTE based solution for that just wouldn't scale financially. Whilst it's peanuts compared to the cost of a main rotor head, you don't really gain anything for the extra outlay, but get a "tag" that's bulkier and much more prone to damage.

This was a good few years ago though

TomTom bill bomb: Why am I being charged for infotainment? I sold my car last year, rages Reg reader

Ben Tasker Silver badge

Re: Simpler than I expected

> You're on a hiding to nothing if you expect a company to cancel a direct debit for you. I've seen plenty of stories of utility companies and Virgin Media continue to charge when people have left them.

True.

In the heady old days of Tiscali, I moved house and they failed to action the home move. After them telling me I'd now have to wait a month for an engineer I cancelled with them, and went with BT (who had me up and running 48 hrs later).

But... to my shame, I forgot to cancel the direct debit. Tiscali were still taking money 3 months later (when I noticed), then told me it might take 6 months for my money to be returned, so I used the DD guarantee to get back via my bank. Cue angry letters and debt collector threats, along with claims they could find "no record" of my home move request, or me cancelling (despite me sending them copies of their confirmation emails).

I had to take the sods through arbitration, whilst trying to ignore the constant letters saying they were going to sell the "debt". Quite aside from needing better service nowadays, I'd never go with a budget ISP again.

/anecdote

But my point wasn't so much that they should cancel it for you, as it was that Mazda could simply put "remember to contact Tomtom" in their manual to remind people selling their car. After all, you probably set the account up months (if not years) ago, so relying on people remembering for themselves instead of printing 1 extra sentence seems poor.

Ben Tasker Silver badge

Simpler than I expected

As I started the article I predicted another outcome.

I assumed it was going to turn out to be that TomTom billed based on an immutable identifier (say the device's serial number), so when he wiped his data from the car, it didn't change the billing identifier leading to Tomtom not knowing anything.

I think it's a bit too easy, though, to say that he should have known he needed to contact Tomtom and cancel his account. He set it up through the car's interface, so most "normal" people would probably assume it'd get killed when they did the reset, if they even thought of it. Either Mazda need to update their handbook "if you configured Tomtom, go to https://blah", or the reset should send a notification to TomTom.

Privacy watchdogs from the UK, Australia team up, snap on gloves to probe AI-for-cops upstart Clearview

Ben Tasker Silver badge

Re: Opt out ?

> So my photo may be available to the like of Clearview but how am I to exercise my right to "opt-out" if I don't know about the photo?

When Clearview first came on the radar, I had a quick look at their opt-out.

The way it works is you provide an image of yourself, they process it, store it and then ignore any images they feel are a good match for you.

Meaning they've now got an image which is verified as being you, and I'm sure some "upper tier" payment plan will allow that to be returned still despite claims to the contrary.

If you want to know what (if anything) they've got on you, then you need to do a data-access request. At which point they'll want a photo *and* ID

They'll let you deindex images/urls but only if they've been taken down from the net. They don't honour robots.txt either....

They come across as the sort of company where it seems like the safest thing to do is not contact them, and wait for the authorities to smoosh them instead

Keep it Together, Microsoft: New mode for vid-chat app Teams reminds everyone why Zoom rules the roost

Ben Tasker Silver badge

Re: Teams isn't just a video conferencing tool...

> Anyone complaining about having to use MFA to access a cloud based product that can be used to share corporate data?

I had to create a Teams account to join a call with a large ISP. Not knowing what I was letting myself in for, I selected "business" rather than "personal" when it asked what I was using Teams for.

The result, amongst other things, is them telling me I had 14 days to set up 2FA or they lock the account out.

An account with no access to anything, with the only 2FA they'd accept either involving me handing them a phone number and trusting them not to lose it, or installing their authenticator app (I don't use O365, so have no other use for it)

Sorry, but it's complete bollocks. I'm all in favour of 2FA, but if they want to take a principled stand maybe they can support some actual best practices? I've got yubikeys, U2F dongles and a TOTP app in my toolkit.

And before anyone points out you can convince their 2FA to use TOTP, maybe they should put that on the setup page rather than "ooooo install our app"?

I loathe Zoom, but it's like MS are deliberately trying to cripple Teams

Another anti-immigrant rant goes viral in America – and this time it's by a British, er, immigrant tech CEO

Ben Tasker Silver badge

Re: We hear these stories all the time

> I used to think that maybe a lot of racists would change views if they only knew a few non-white people and realized they were no different, and could be perfectly nice people. But even when they do, it does not seem to change their underlying view that somehow all the non-whites they don't know are a problem, and just use the fact they have some black/non-white friends to argue they are not racist.

Yeah, you seem to get that "get rid of all the forners, apart from the bloke in the kebab shop, he's alright" effect instead. It never occurs to them that what they're saying could also be reduced to "keep the bloke at the kebab shop here, but kick his entire family out, cos I like him, but don't know them".

Thankfully, a lot of those types of people tend to declare themselves quite early on, but starting sentences with "I'm not racist, but..."

Barclays Bank appeared to be using the Wayback Machine as a 'CDN' for some Javascript

Ben Tasker Silver badge

Re: Liability

You might want to go and have a read of what the Computer Misuse Act says about Mens Rea and think about just what a broad brush that is ;)

Ben Tasker Silver badge

Re: Liability

> Introducing a cryptominer: "Causing harm to our users". Changing the script to write "The site you're using didn't code properly and is pulling data from another possibly insecure site": "Defaming the organization". Blocking the script, meaning the page doesn't load right: "Deliberately impeding the functioning of the system".

The difference is their perception of it, and the level of motivation each act gives for them to pursue it.

If you block the page and their site stops loading, they'll be a little embarrassed.

If they've had customers contact them complaining of high cpu/battery usage and they discover it's because you inserted a crypto-miner, then it may be they want your scalp to show their customers.

Sure, they could launch a case claiming you impeded their site by blocking the script, but they'd likely realise that they come off looking bad, plus they'd recognise you can robustly defend a decision not to serve something.

Someone mentioning "computer misuse act" and pointing out you've used their user's CPUs "with one of those scripts crooks use"? Joe average is going to be shocked if it comes out they let it pass.

> It's not because I'm worried about their lawyers. As I see it, their lawyers are basically as likely to go after me no matter what I do.

For avoidance of doubt, the correct solution to that feeling of rock-and-hard place is never to go for the path of most-harm, particularly if your only defence is "it's my file, I can edit whatever I want into it"

Ben Tasker Silver badge

Re: Liability

> So the only way they would have a legal claim is if I agreed to host it for them.... So the only way they would have a legal claim is if I agreed to host it for them.

You seem far more focused on right and wrong than on reality.

What you mean here, is *in your opinion* the only way they could win, is if you agreed to host it. Anyone can make a claim about *anything*, and it'll cost you to defend it if there's any possibility of it being found against you.

If you host a file called "jquery.js", notice Barclays are hotlinking and deliberately change it to include a crypto-miner, then you're very likely to going to end up paying to defend an action. It doesn't really matter if you would have won it if you go bust before you reach that point, does it?

> I can argue that they were violating my terms of service by linking to the file,

You can, but it's going to cost you money, time and stress to do so.

> If they hotlinked to a file and I changed it to indicate they used without permission, they could get angry. If I blocked their request, they could similarly get angry. If they felt the need, they could have their lawyers sue me for breaking their service. However, if I blocked, edited to print a string, or edited to introduce a miner, I have the same rights to do what I have done

The other side would argue that those are not the same thing. In fact, they'd argue that instead of introducing a miner, you could (and should) have blocked access, or even put a harmless change in to note it was being used without permission (as well as could have contacted them etc). Instead, you went for the path of most harm - and they'll claim that that was a wilful act and why you should have to make reparation.

> I have the same rights to do what I have done and they have no basis to win the case.

The very fact you've written "and they have not basis to win the case" strongly suggests you don't know how court cases *actually* proceed.

You won't find a lawyer who'll tell you a case is a dead-cert - they'll tell you that you potentially have a strong case (or the claims *seem* without basis), but that *anything* can happen once you reach court, and it's impossible to predict outcomes. In fact, a good lawyer will probably advise you to try and settle the case.

And all of this, is stuff that could be avoided by just not being a clever dick, and blocking access rather than willfully trying to screw up their users. There are an awful lot of things that you're allowed to do, that change with context and intent and suddenly aren't permitted.

Ben Tasker Silver badge

Re: Liability

> For example, cryptomining scripts are not illegal, so you can put them up if you wish. If someone decides to link to a file and you switch it to a different file, that's their problem

I think you'd potentially have issues if you joined the two of these too.

Lets say you were hosting a copy of (say) jQuery. Then, you notice that Barclays have hotlinked it into their own site. If you now come along and stick a crypto-miner into that file, you're opening yourself up for a world of hurt.

Particularly, as it's not really about who's in the legal right - defending a case could still break you financially, and well before you actually get to the point of vindicating yourself (if in fact, you managed).

Particularly if the "victim" is someone large/with resources - if they perceive you've exploited their mistake to harm their customers, they may feel the need to "make an example".

If you notice hot-linking, your best bet is just to block it, and not to start screwing around with what you're serving up.

Euro police forces infiltrated encrypted phone biz – and now 'criminal' EncroChat users are being rounded up

Ben Tasker Silver badge

Re: Lies, damned lies and official statements?

> We know that all reports of "cyber crime" are bigged-up. Both in extent and sophistication.

I'm reminded of the reports of the way the Police report the "street value" of seized drugs. They assume that the entire weight will be sold in the smallest possible denominations (smaller measures usually costing more per gram than larger ones).

> Should we expect further reports of other "busts" in other countries - the USA being an obvious one. Or are those networks just better run and can avoid detection.

Already happened to some limited extent - https://www.extremetech.com/mobile/265465-phantom-secure-ceo-busted-selling-super-secure-smartphones-drug-cartels

Ben Tasker Silver badge

Re: Honey pot

> What I find interesting is that a service like this or, say tor, are like putting your name on a list when you sign up for them.

You don't sign up to use Tor, you just use it (and if you're worried about ISPs noticing you're using Tor, can use things like meek and snowflake to obfuscate).

It doesn't overly detract from your point, just if you have stumbled across some "sign up to Tor" site, it's all but certainly a scam site.

> Plain sight platforms plus your own encryption and you are more likely to be lost in the noise.

The problem with that, for many users, is the feasibility of doing so and (more importantly) the difficulty involved in securely exchanging keys. Even something (relatively) simple like installing OTR is too much for some, and a significant proportion of those that do probably don't verify keys properly.

Encrypted platforms abstract and automate that away from the user.

Even now, I'm sure the attention still mainly comes the other way round - you become "of interest" and they try and look at your comms, rather than you use an encrypted service and become of interest. There'll be exceptions of course

Dutch national broadcaster saw ad revenue rise when it stopped tracking users. It's meant to work like that, right?

Ben Tasker Silver badge

Re: There is one enormous benefit of targeted ads

Exactly this. My interpretation of behavioural/targeted ads has always been that they're less good, but provide a "unique selling point" for the ad-platform to shout about to advertisers: we can get you more relevant clicks... Like most marketing, the claim needn't actually be true.

Targeted ads, to me, always seem to consist of something you bought months ago, or something you decided against buying.

Consumer orgs ask world's competition watchdogs: Are you really going to let Google walk off with all Fitbit's data?

Ben Tasker Silver badge

Re: Depends

> every update to the Fitbit app causing flakier connections, adding pointless cruft and advertising services I don't want

No, they'll bring more of that.

But, good news! the end is in sight.... after all, Google have a habit of axing support for things they've brought on board, so within a couple of years they probably won't be pushing fitbit updates anyway

Spare some change, guv? UK's CCTV regulator pitches for £100k budget increase

Ben Tasker Silver badge

> In the SCC's legal submissions, barrister Andrew Sharland QC suggested it would be unlawful for police to take over existing CCTV camera networks and attach AFR recognition software to them.

The Home Office, presumably then, have already dispatched a missive demanding he's kicked out of the role. Can't have that kind of sense and reason encroaching on their AFR rollout.

Beware the fresh Windows XP install: Failure awaits you all with nasty, big, pointy teeth

Ben Tasker Silver badge

Re: Squirrel!

One of my colleagues had his fuel line chewed through by the squirrels in the office car park.

When one open-source package riddled with vulns pulls in dozens of others, what's a dev to do?

Ben Tasker Silver badge
Joke

Re: Minimize dependencies

> they are replicating stuff that's already available in the stdlibs or other imports.

Ah, you're being subjected to jQuery

US govt: Julian Assange tried to recruit hacker to steal hush-hush dirt and we should know – the hacker was an informant

Ben Tasker Silver badge

Re: Is the use of Agent Provocateurs legal in the US?

> If the alleged crime was instigated by the State, then surely there would otherwise be no crime but for the heated imagination of the State?

In this case, though, it wasn't instigated by the state was it?

Assange asked them for docs from those victims. It's not like they went to him and said "hey, we've got xxx, wanna buy it" and then have tried to prosecute him for being complicit.

Assange started it *and* the actual act was committed by people not involved with the state. It's just that those people were headed up by an informant (not an agent of the state, so different requirements would still apply).

Ben Tasker Silver badge

Re: They are doing this now?

Why would they do this earlier?

They hadn't started any public cases against him until much more recently, because he was hiding in his cupboard.

They may very well have been sat on this evidence for quite some time, partly due to there not being an appropriate venue to air it in, but also because of the "theatrics" that make up the US justice system.

Remember that they tend to like to sit on evidence, wait until you make a defense and *then* disclose the evidence that shows you're lying. That way they can discredit you, which may come in useful in other aspects of your trial when they refer back to it "so we're just to take the word of a liar?"

Laws on police facial recognition aren't tough enough, UK data watchdog barrister tells Court of Appeal

Ben Tasker Silver badge

Re: China's FR has been able to cope happily with face masks

I agree, you're reducing the number of identifying factors.

The important question, though, is the reduction sufficient to be effective? I.e. does the number of false outcomes increase significantly enough that you can't simply increase manpower when doing manual reviews and the like (i.e. when pulling out someone's locations)?

Given we're talking about a state's resources - and in this case a state that may not mind too much if it's occasionally incorrect, I don't _think_ the drop in accuracy is going to be sufficient.

There are plenty of other reasons we should all wear masks in public, but dodging FR tech likely isn't one - and as noted, if it did become widespread, would probably not remain effective for very long at all.

Ben Tasker Silver badge

I don't see where I said it was more accurate than anyone elses, you seem to have inferred that for itself.

What I said was that it's able to cope with facemasks.

In fact, the only time I implied theirs was better than others was when I pointed out that it's quite possible that our lot underpaid and bought an inferior product. That's not nearly the same thing as China being at the height of technology.

> They just have better propaganda promoting its use. It's a bit like the lie detector, which "works" only because the subect being tested believes that it works.

Possibly. Although the number of people being picked up despite wearing masks would tend to disagree with it being purely propanda. Of course, it may be that it wasn't FR which led to those arrests, and it's instead used as cover for an on-the-ground network.

I tend to think the false positive rate *will* increase with mask usage, but probably not so much so it can't be addressed with a bit of extra manpower put into checking the matches

Ben Tasker Silver badge

> COVID19 and the wearing of face masks have made the police use of facial recognition pretty useless anyway.

*If* that's the case, then it's only because the police have bought a less advanced product.

China's FR has been able to cope happily with face masks for a very long time now, it's certainly possible to do.

Aside from some very clever t-shirt printing - https://www.wired.co.uk/article/facial-recognition-t-shirt-block - the only way to really avoid it is to completely cover your head (and then you'll stand out if you're the only one doing it, and other techniques like gait analysis would probably be rolled out if it became widespread)

On the other hand, the accuracy rate the police achieved with theirs probably tells you quite a lot about the quality of the product they're using, so it may well flag false positives based on what colour of mask you're wearing...

There are DDoS attacks, then there's this 809 million packet-per-second tsunami Akamai says it just caught

Ben Tasker Silver badge

Re: Solution, Billing = $

What happens when I find out your IP, decide I don't like you and regularly flood Akamai with UDP packets with the source address being yours so that you get billed? Even if you say "I've cleaned it", your ISP is going to get dubious quickly.

Not to mention, there are a lot of ISPs who couldn't be trusted with that responsibility

After huffing and puffing for years, US senators unveil law to blow the encryption house down with police backdoors

Ben Tasker Silver badge

Re: OpenPGP

Honestly, they don't really care about OpenPGP, because relatively few people use it compared to the low-hanging fruit of E2E comms like WhatsApp/Signal etc.

The whole intent is to be able to go back to dragnetting comms - just as they were before they got caught by whistleblowers, triggering a large uptake in E2E comms.

If their investigation leads to your PGP encrypted files, they've the resources (and mechanisms) to be able to focus on you - including simply locking you up for refusing to hand over the decryption keys.

Basically, they shat in the pool and hoped you wouldn't notice. Now that you have noticed and everyone's got out, they're trying to mandate that you have to swim in it. As long as they can get the majority in, they don't care about the relative few who scale the fence and escape (for now).

Google isn't even trying to not be creepy: 'Continuous Match Mode' in Assistant will listen to everything until it's disabled

Ben Tasker Silver badge

> we discovered that running an action under development is impossible if you have the Web and App Activity permission, which lets Google keep a record of your actions, disabled.

Related:

Our boiler went bang, so needed a new one - we went with a Combi as that was on our "todo" list for the future anyway - along with that came a need for a new controller and thermostat.

After much soul-searching I decided to swallow my objections, and let them install a NEST thermostat, on the basis that it'd probably save me money on heating, and I could trivially segregate it away onto it's own restricted wifi.

So, one of the selling points of NEST is the app, and the ability to see why it's changed the heating etc (as it "learns" over time).

Which brings me back to "Web and App Activity"

You can't use the sodding NEST App with a google-apps domain, freebie google domains only. You _can_ share access to the app via the Google Home with a google apps user, but *only* if the entire domain has "Web and App Activity" turned On.

So, you get to choose between

- Giving Google Permission to record basically everything you do

- Not being able to use the main fucking selling point of the product

We went with option number 2.

In Hancock's half-hour, Dido Harding offers hollow laughs: Cake distracts test-and-trace boss at UK COVID-19 briefing

Ben Tasker Silver badge

Yeah, but then you wouldn't have been able to award a £260m contract to people you know in order for them to suffer from Not-Invented-Here syndrome and piss about with approaches that everyone else already know don't work.

The aim wasn't just to get a working app - that's easy - it's to get a working app whilst filling their mates pockets. Embarrasingly for them though, turns out their mates are as incompetent as you might expect from people who's work seems to be solely derived from knowing the right people

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020