* Posts by Someone

137 publicly visible posts • joined 25 Oct 2007

Page:

The e-waste warrior, 28,000 copied Windows restore discs, and a fight to stay out of jail

Someone

Counterfeit packaging

If you were caught with 28,000 counterfeit perfume boxes, stating that they were all empty and you were intending to sell them on at cost wouldn’t be a very good defence.

Having a pressed CD or DVD with screen printed logos on it will add to the appearance of legitimacy where Windows has been activated without a valid licence. So, the discs definitely have a value over and above the software on them, just like empty counterfeit boxes.

What was this guy truly thinking? I have to wonder if he saw the efficient recycling of hardware as more important than worrying about what others were doing with installs of Windows. In the great scheme of things, maybe it is. Illegal, but morally justifiable.

Of course, the sentencing doesn’t fit. The American courts must have ample case law for valuing small counterfeit parts of a much larger whole. This also appears to be crazy American mandatory sentencing preventing any discretion. One would hope in England it would be: Good character; single instance of bad judgement; slap on wrist; don’t do it again.

Your top five dreadful people the Google manifesto has pulled out of the woodwork

Someone

Strengths and weaknesses

diodesign wrote, “Damore blundered pretty badly in the way he brought up the issue: the memo is contradictory, and so poorly thought out. He can apparently code but he can't string together a coherent line.

“And yes, we did read the memo. I still can't get my head around it. It just doesn't make any sense. People claiming we've misread are, I suspect, projecting their own opinions onto it to fill in the blanks, so to speak, and warp it to fit their narrative.”

Another commentard has mentioned autistic spectrum. Damore's CV and memo are consistent with someone with a high autism score. The memo is difficult to follow and not well argued. The writer has failed to consider the mind of the reader. This is a defining characteristic of a high functioning autistic. Absent a formal diagnosis, let’s assume that he is.

Damore is aware of his strengths and probably very well aware of some of his weaknesses. In what he does, his weaknesses are not a problem. Or they weren’t, up until that memo. Chess and coding are very formalised means of expression that don’t require you to get into another’s mind. And, if you’re in an office surrounded by other socially awkward people, being social awkward is less of an issue.

https://www.wired.com/2001/12/aspergers/

The TV show The Big Bang Theory often used a method of contradiction, with embarrassment for others, to generate humour. Seemingly identical behaviour can be caused by very different thought processes. If Sheldon Cooper did or said something that appeared, say, racists or sexist, it would be the result of a personal failing on the part of Sheldon. But, that failing wouldn’t be one you would naturally class as racism or sexism.

The memo was a very cack-handed way of saying don’t forcibly change the people and hope that changes the environment, change the environment first. Some of his assumptions are odd, to say the least, but ideas like more part-time positions with equal status to full-time positions seem completely uncontroversial.

The irony is that, in calling for more accommodation of others’ needs, Damore has been fired for his own weaknesses. Maybe the geek shall not inherit the earth. Google has fire one of its geeks for being, well, too geeky.

Dell to patch AMT-vulnerable systems

Someone

Published fixes?

Those release dates look decidedly in the future.

Lose the onion tears, Tor fanboys: CloudFlare may consider binning CAPTCHAs, says CEO

Someone

Everyman or woman

Some of the CAPTCHAs are unanswerable because they don’t contain any of the item you’ve been asked to select. However, almost every time you can get through to a site by answering one or two CAPTCHAs. I’ve learnt the hard way that the answer you need to give is not necessarily a good one. For a single image containing road signs, for example, I would want to select the squares with road signs in the distance, the backs of road signs and any square even slightly impinged by a sign. This isn’t the answer that’s going to get you through. Just like the word-based CAPTCHAs before, it seems your answer is going to be compared with those given by others, so your answer must be what someone with an average IQ is going to give – an everyman or woman. Choose only those squares with road signs face on to the camera that are a third or more filled by a sign. For every deviant answer you give, you’ll be made to answer two or more extra CAPTCHAs. Hence, you can easily end up with a sequence of ten or more. Appelbaum is probably suffering here because he is “a very smart guy.”

The word-based CAPTCHA worked more consistently because it relied on common knowledge – something that was taught to you. At least CloudFlare or Google have dropped requests like “select all the salads” or “select all the soups.” What is a salad or soup is going to vary from culture to culture, and even within the same culture can cause long arguments.

The problem with El Reg is that the images are hosted on a completely different domain, regmedia.co.uk. This means that even when you solve the CAPTCHA for the main Register site, www.theregister.co.uk, the image server can’t see your CloudFlare cookie and you’re left with a text-only page, and wondering if Ars Technica has an article covering the same story. Please, please, please change the domain name of regmedia.co.uk to media.theregister.co.uk.

Linux Mint hacked: Malware-infected ISOs linked from official site

Someone

SHA256 was provided

A file of SHA256 message digests for the ISOs was provided, and Lefebvre produced a GPG signature for that file. This has been the case since Linux Mint 17.0.

http://mirror.bytemark.co.uk/linuxmint/stable/17.3/

gpg: Signature made Wed 09 Dec 2015 16:09:06 GMT using DSA key ID 0FF405B2

gpg: Good signature from "Clement Lefebvre (Linux Mint Package Repository v1) <root@linuxmint.com>"

Primary key fingerprint: E1A3 8B8F 1446 75D0 60EA 666F 3EE6 7F3D 0FF4 05B2

Checking the authenticity of the ISOs could have been strongly emphasized on the Linux Mint website, but Linux Mint goes for ease of use, and checking GPG signatures isn’t ease of use. And, this is unlikely to help someone downloading Linux Mint for the first time. If your website gets hacked, the hacker can probably remove or change the recommend verification steps.

Even the Tor Project says that the number of downloads of hash and signature files is a tiny fraction of the overall downloads for Tor Browser. If the users of Tor Browser don’t care, users of Linux Mint are going to care even less.

Microsoft's Windows 10 Torrent-U-Like updates GULP DOWN your precious bandwidth

Someone

+1 for Linux (Re: And sharing malware in 5 4 3)

Which distros provide this? Anything for Debian? I'm sitting here looking at a lot of packages in /var/cache/apt/archives. There's apt-cacher and apt-cacher-ng for Debian and derivatives, but those involve explicitly setting up a server and clients. There are also various ways to mirror repositories.

I'm wondering how easy it would be to get apt-cacher running on pfSense, but that seems like a lot of effort for a home LAN – not that many instances of Linux and a reasonably fast Internet connection. If there's a simple setting I can change, or a package I can install, to get peer-to-peer sharing that would be worth it.

Be wary of that Russian. He might HAMMERTOSS a software nasty at you

Someone

Mr Saito explains.…

It seems fairly clear to me, unless I've got it wrong.

The malware looks at the posts made by certain Twitter accounts. The account usernames/handles may be fixed or may be generated algorithmically. I'll agree that the use of the word "beacon" isn't clear. The malware could be looking for either public tweets or direct messages that already exist, or it could make tweets or direct messages itself and then wait for responses.

It looks for posts containing certain hashtags and links. Similarly, the hashtags and the format of the links may be fixed or generated algorithmically.

It uses the information in those posts to create links to images stored on Github. The links may have been placed directly into the posts, or the links may be constructed algorithmically from parts of one or more post. It fetches the images from Github. The images contain commands hidden within them.

Some commands will tell the malware what data to exfiltrate, what cloud storage service to send that data to, the account name on that cloud storage service and the password for that account.

The tweets or direct messages, images and cloud storage accounts are created by members of APT29, to be picked up and used by the malware.

In principle, none of this is hard to get working. What's hard is to make it reliable. The software is trying to behave like a user. There are likely to be lots of horrible edge cases. And if one of the services changes slightly, a user will normally take it in their stride. Software is much more brittle. You don't want all your hard work to crumble because Twitter decides to reformat some of its HTML or tweak an API.

Post-pub nosh neckfiller: Smažený sýr

Someone

Tartar sauce or stronger

Yes, mayo doesn’t have enough bite. Following on from the call for some chilli, a good alternative is some sort of fruit and chipotle sauce, jelly or jam. The fruit being red currant, raspberry, blackberry or similar.

Bitcoin blasts past $1,000 AGAIN after Zynga accepts cryptocurrency

Someone

Land Banking on Planet Bitcoin

Oh the irony. The purchasing and holding of bitcoins is like land banking on the virtual planet of Bitcoin. Investments are being made in Bitcoin land in the hope that someone will come along and do something with the land that justifies the current price. While there’s no deception – buyers are not being sold prime Californian real estate, yet receiving Florida swap – the illusion is that there’s a finite amount of cryptocurrency land. It’s virtual, so of course there is not. Gavin Andresen and the small group running the big mining pools could decide that, in the interests of mining stability, they’re going to stop reducing the number of Bitcoin acres given as a block reward on planet Bitcoin. If it were to remain fixed indefinitely, or even go up, plant Bitcoin would become unbounded in size.

Then, there’s planet Litecoin, planet PPCoin, planet Feathercoin, planet Dogecoin… and, in an effort that even the Magratheans would be proud of, planet Coinye West is under construction. In fact, an unlimited number of planets. And, being virtual planets, there’s no light-years journey to get from one to the other. BitPay unwisely chose the ‘bit’ part of Bitcoin. Coinbase more sensibly chose the ‘coin’ part. Either way, once you’ve invested in the hardware, software and staff to handle bitcoins, the extra cost needed to handle an altcoin is minimal. The cost of handling any number of altcoins is minimal. The only exception would be if these start ups decide that, to ensure they have a say in the future direction of any cryptocurrency, they’re going to need to pour a good chunk of their venture capital into mining hardware.

Stewardess first to book $250k Virgin Galactic 'space trip' with BITCOINS

Someone

Ryan Galactic

Virgin Galactic becomes Ryanair. You find out, just before take off, that you paid twice as much as the person sitting next to you. You both paid the same amount in bitcoins, but you paid on the wrong day.

As the article suggests, it’s not just a PR stunt. Branson is, first and foremost, a businessman. It’s about releaving these young, suddenly-rich people of some of their money before the next Bitcoin crash, and they stop feeling so rich.

Russian Zuckerberg to Snowden: 'Come work for книга лиц  VKontakte'

Someone
Headmaster

Thanks go to whoever improved the title’s Russian grammar.

Microsoft introduces warning on child abuse image searches

Someone
FAIL

Absolute stupidity

By all accounts, it doesn’t include search terms you would think it should. Presumably because they have duel use; you could be looking for the news reports and debate surrounding blocking and pop-ups or they have perfectly innocent uses. Then, if you’re Peterborough Town Sports Club, you can get a box stating “Warning! Child abuse material is illegal,” slapped near the link to your website on a Bing results page.

So, we have a warning that’s only going to pop up on the most obscure of search terms. I had no idea what might be on the CEOP “blacklist,” so had to do a search to find a list of search terms that someone else had tried. Even then, it’s going to have false positives, and I don’t think the warning is shown if you set your Bing country code to anything other than “gb.”

The solution is to remove offending links, which has been going on for years. Why has a warning not been tried before? Because it’s absolute stupidity. There must be many engineers at Yahoo!, Microsoft and Google banging their heads on the table.

Ubuntu without the 'U': Booting the Big Four remixes

Someone

VirtualBox Guest Additions

In Ubuntu, Software & Updates (formerly Software Sources) has a new Additional Drivers tab. You can install VirtualBox Guest Additions from there. In previous recent versions, Additional Drivers (jockey) would pop up automatically and ask you. The problem with the repository drivers is that they're never the latest. Raring Ringtail currently has 4.2.10, compared with the latest version of VirtualBox, which is 4.2.12.

Without OpenGL drivers, the CPU is left doing the job of a GPU. Memory bandwidth makes a big difference. I ended up getting DDR3-2400. In many circumstances, it's possible to forget that GPU acceleration isn't enabled. Ubuntu 13.04 isn't one of them. It's a bit laggy but useable without OpenGL, and it can still be a bit laggy with OpenGL. If you're using Kubuntu and want to turn the compositing off, just hit Shift-Alt-F12.

Bitcoins: A GIANT BUBBLE? Maybe, but currency could still be worthwhile

Someone

Heisenberg-coin

Investing in Bitcoin changes the nature of Bitcoin. If people don’t invest in it, and use it like a currency, it has value. As soon as people start investing in it, it stops functioning like a currency, and no longer has any value. Given that some nation states have failed to control their currency, it was hopelessly naïve to think that a very simple money supply algorithm could.

Everything new is old again

As a distributed currency, not only does it not work very well as a currency, it won’t be very distributed. We’re seeing mining become increasingly concentrated in those with the money and expertise to invest in banks of single-purpose computing devices. Remember, its the majority of mining power that controls what happens to Bitcoin. Now, it appears, with the Winklevoss brothers, it’s big money cornering the market; the rich using something overvalued to become even richer. That wasn’t the basis of the 2008 financial crisis, was it? I can’t imagine this is the brave new financial world, the cypherpunks were promised.

Can we fix it? No we can’t

The majority of mining power could change the underlying supply to try to fix Bitcoin’s problems, but this brings its own problem. Big money has for company big lawsuits. If the supply of new bitcoins is made variable, to stop hoarding and to try to make it work as a viable currency, the price is going to drop dramatically. Partly because of the necessary increase as Bitcoin gets new adopters, but also because of the short-term uncertainty and loss of confidence. If the Winklevoss brothers feel this has caused them to not make quite as much profit as they thought they were going to, what will they do? Find everyone they can who’s associated with the change, and sue them for millions.

The measure of a bitcoin

If we look at Bitcoin’s value over its history, we can see two different parts. There’s the bubble part and an underlying part. In the middle of 2011, Bitcoin went through its first bubble, and we’re currently in the middle of a bubble now. So far, the current bubble looks the same as the first one. The spike on the graph is taller and slightly wider, but it’s basically the same shape. The algorithm hasn’t changed and neither has people’s reaction to the idea of making a quick buck. Every time Bitcoin bubbles, it’s going to be the same, until everyone gets bored and loses interest.

If you take away those two spikes, you get a general trend showing its utility to drug users and American gamblers. Doing this, you get an underlying value for one bitcoin somewhere around twenty dollars. Which is fine, until those who imbibe drugs or gamble in countries where the government would rather you didn’t, move on to “Bitcoin 2.0”, whatever it is, that fixes some of Bitcoin’s negatives.

Study: Gay marriage support linked to pr0n consumption

Someone
Paris Hilton

Physical to virtual

The acquittals of Simon Walsh and Michael Peacock might seem to support this hypothesis in Britain, but I believe there’s a better Internet-related explanation. In the past, communities would be based on physical locality. People would want to be physically surrounded by other like-minded individuals. With the move to virtual communities, especially now we have mobile connectivity, it matters less what others around you are doing.

I think I caught Peter Tatchell on the telly saying how parliament’s vote to legalise same-sex marriage shows that we give gay love the same value as straight love. The truth may be less affirming. Is it consensual? Yes? Just get on with it, we’re not that interested any more.

PayPal crawls after messaging glitches

Someone
Headmaster

To Make Whole

I’m sure you really know that’s American lawyer speak. It means to return to a financial position as if the event had never happened. There are going to be some situations that can’t be fixed by refunding a duplicate transaction. Where buyers made a second purchase from a different seller or not using PayPal, there won’t be duplicate transactions. If ‘refund’ means ‘reverse’, that could leave some sellers in a mess, if they’ve already shipped or started bespoke work on duplicate orders. I assume sellers are PayPal customers too. While the word ‘compensate’ would be more meaningful to most people, it’s less legally specific and PayPal is avoiding using it.

I’ll go along with the sentiments of the Anonymous Coward above. PayPal is a mess. I keep seeing the following error message.

We are not able to process your payment using your PayPal account at this time. Please return to the merchant’s website and try using a different payment method (if available).

Which is bloody useless when you’ve come to PayPal from eBay Checkout.

PGP, TrueCrypt-encrypted files CRACKED by £300 tool

Someone
Boffin

Solution: TRESOR

http://www1.cs.fau.de/tresor

Although, it’s limited* and fiddly to use. We’re really waiting on CPU manufacturers to provide explicit on-die solutions.

For all the talk of on-site digital triage and making memory dumps, of the accounts I’ve read, the police power everything down as soon as possible. The current thinking is to preserve any disk-based evidence and prevent remote access, with encryption rarely being encountered. If the police have surveilled you enough to know they should leave your computer switched on, they probably already have enough information that they don’t need Forensic Disk Decryptor.

*There’s a version for x86 without AES-NI, but it has a speed penalty and is limited to AES128.

http://www1.cs.fau.de/filepool/projects/tresor/tresor-patch-3.6.2_i686

Virgin Media spanked for 'we've already cabled up your house' mailshot

Someone
Flame

A triumph of style over substance

Ever since ntl:Telewest got weirdy beardy’s Virgin branding, the claims have been getting more grandiose, while the broadband service has stagnated.

I’m sick of the throttling, and I’m sick of the shitty upload speed (one twentieth of the download). There was a recent article on Ars Technica suggesting that business cable broadband could be a better alternative to residential cable broadband. So, I thought I’d see if any of it applied here in the UK.

The first bullet point on the Features page for Virgin Media Business broadband reads, “no usage restrictions or caps…” This is promising, I thought. However, click through, and buried in over one thousand words of “legal stuff” is a link to the same traffic management page that applies to residential services.

I know the ASA definition of ‘unlimited’ means ‘limited.’ It must also be that the ASA definition of ‘no’ means ‘some.’ Virgin Media’s small business broadband is exactly the same as residential, only it’s more expensive and has a funky, stylish name – “The Biz.” Did I say something about style over substance?

In a few years, cable broadband in this country has gone from being the technically superior product, to one that is still theoretically technically superior, but due to underinvestment, languishes behind FTTC.

In the past, I wouldn’t have hesitated in recommending cable, despite the flakey customer service, and a small risk you’d end up on an oversubscribed UBR. Today, I’d suggest looking at FTTC first.

Lancashire man JAILED over April Jones Facebook posts

Someone
WTF?

The public is pathetic and useless…

…or so must think Bill Hudson, Chairman of the Magistrates bench.

He said, “The reason for the sentence is the seriousness of the offence, the public outrage that has been caused and we felt there was no other sentence this court could have passed which conveys to you the abhorrence that many in society feel this crime should receive.”

Why does Hudson think that that part of the public who were outraged are not capable of conveying abhorrence? The lynch mob that turned up at Woods’ home clearly were. It’s why the American First Amendment doesn’t lead to anarchy. When individuals step out of line, society makes them look silly. When businesses step out of line, society hits them in the wallet. It doesn’t need the heavy, dead hand of the law.

I’ve been doing ‘April Fool’ jokes, based on the premise that it’s not unknown for parents to falsely claim their child is missing as a way of seeking attention. Thank god, I never put any of them online.

Carbonite disputes ASA censure of cloud storage ads

Someone
WTF?

What can the ASA do?

This is an American company offering an American backup service. The only possible sanction would be to take away its .uk domain name. Can the ASA even do that? If Carbonite were to redirect http://www.carbonite.co.uk/ to, say, http://www.carbonite.com/uk/, wouldn’t that be the end of the matter? While I would see that as no change – both domain names currently resolve to the same server in America – the information would no longer be associated with the .uk domain, and so must push it outside the ASA’s jurisdiction.

As its first run in with the ASA, Carbonite wouldn’t have realised that all it takes is an asterisk to make it better. As has already been commented, an asterisk can make ‘unlimited’ mean whatever you want. It makes good sense to manage customer expectation anyway. It doesn’t take too many unhappy customers badmouthing you around the Internet to do more harm than the ASA ever can.

Why GNOME refugees love Xfce

Someone

Ubuntu + Xfce, not Xubuntu

This is what I’ve done too. Starting with Ubuntu and adding Xfce. The first attempt was to start with Xubuntu and add what was missing. That didn’t go very smoothly.

FBI asks for help to crack mystery code in 12-year-old murder case

Someone

Dyslexic

I’d also go with profound dyslexia. It looks like the preparations for an event, with the two pages starting “Monday make new...” and “All pint glasses…”

N → and

WLD → would

FLRSE → flowers

MTLSE → motels

HTLSE → hotels

MRE → more

PLSE → please

NCRSE → increase

MUND → Monday

I’d love to know what NCBE represents. I assume that Ricky would have taken an extra large in what ever attire he was going to be wearing.

I think the FBI wants an educational specialist, not a cryptanalyst.

Spotify splattered with malware-tainted ads

Someone
Happy

Can block ads

The ads may appear within the Spotify client, but at least some are displayed using Internet Explorer. This is how malicious adverts could utilise Java. You can increase the security of Spotify by increasing the security of Internet Explorer. If you don’t use IE to browse the web directly or use another application that embeds IE at the same time you use Spotify, set IE’s security level for the Internet zone to High. That should block active content.

Better yet, don’t use Windows. Use Linux, BSD or Solaris and run Spotify using Wine. Just don’t install any Windows browser plug-ins under the same WINEPREFIX as Spotify.

Nasty IE 0day exploit hosted on Amnesty International site

Someone
Joke

@garethfcompton

Can someone please DDoS Amnesty off line? I shan't tell Yasmin Alibhai-Brown if you don't. It would be a blessing, really.

Ubuntu 10.10: date with destiny missed

Someone

Dual-boot RAID

Similarly, I wish they’d sort out BIOS-compatible software RAID. When it goes wrong, as a first-time Linux user, you’re left to wade through these two pages.

https://help.ubuntu.com/community/FakeRaidHowto

https://help.ubuntu.com/community/Grub2

It’s not that the underlying Debian distribution doesn’t support it, because it does. Once you’ve learnt how to install GRUB 2 manually, you find that dmraid works perfectly.

Someone

Re: X has been tinkered with...

This is a known problem. If you use the PUEL version, download VirtualBox 3.2.10. This has a version of Guest Additions that is compatible. From reading the VirtualBox forum, I understood that Oracle held off releasing this until they could check it against the release version of Maverick.

However, if you’re using VirtualBox OSE, this shouldn’t be an issue. The version of Guest Additions in the Maverick repository has been updated for the change in the X server. In fact, prior to the release of 3.2.10, users of the PUEL version could bodge it by installing virtualbox-ose-guest-x11 from the repository.

There may be a problem with 3D acceleration in version 3.2.10 of the Guest Additions. It took me two attempts at installing, before 3D acceleration worked. At least one other person has reported a problem.

http://forums.virtualbox.org/viewtopic.php?f=3&t=35218

Russia launches Cyrillic top-level domain

Someone

First?

You’ve got to love that Russian propaganda. That’s ‘first’ as in a week behind Egypt.

http://blog.icann.org/2010/05/idn-cctlds/

Microsoft wants pacemaker password tattoos

Someone

Insulin pumps?

While some pumps can be controlled by RF, you will always need physical access. You need to frequently refill an insulin pump with insulin solution. But, if you know any different, please say.

Mandybill: All the Commons drama

Someone

Wot, no statutory licensing?

Andrew, all this time, I’d honestly thought you’d been advocating compulsory licensing. That’s the only way I can see your vision of lawful, licensed and monetised file-sharing happening. With it, Virgin Media’s offering wouldn’t still be on the drawing board. It’s not a negative. It’s a positive. It would force things forward. And, in a few decades’ time, people would find it hard to think of copyright being any other way, just as there’s a failure to think beyond the copyright laws of today.

With regards Stop43, they had a much easier task. Even if you’d managed to convince the MPs that the quoted losses from the content industries are out by an order of magnitude, which they quite possibly are, even if you could convince them that the direct and indirect costs of clamping down on file-sharing will be similar to those true losses to the content industries, they’d still want extra legislation to hammer file-sharers.

That MPs could perceive of file-sharing as an exuberance of youth is important. Their stance is partially a moral one, brought on by envy. When we were young, we taped stuff off the radio and from vinyl records. And with vinyl, we got both the crackles from the record and the hiss from the tape – it’s all so unfair. We couldn’t infringe copyright so flagrantly when we were young, so the youth of today aren’t doing it either.

I still, however, agree with you about the Open Rights Group. There’s a touch of the Electronic Frontier Foundation about them. While often a force for good, sometimes Americans wish they’d be a little less ‘helpful.’

LibDems drop net blocking, blame activists

Someone

Legislative Bullseye

It’s like some hellish parliamentary quiz show.

“Think about the Clauses you’ve won. Clauses 4 to 17, you take home whatever. You’ve got the time it takes the House to dissolve to decide what you’d like to do about that new Clause 18. Remember what it is: the start of wide-ranging Internet censorship in the UK. Two readings and a wash-up in six weeks, if you’d like to gamble it against tonight’s mystery Clause hiding behind Mandy.”

And, as for the Open Rights Group. I should be just the sort of person who’s inclined to support them, but even I have a problem with their homepage. Some of those many instances of the word ‘stop’ need to be replaced with more positive ones.

FBI calls for two year retention for ISP data

Someone
Boffin

Technical inaccuracy in CNET article

Only the origin and destination IP addresses are easy to log. If you want the host name, you have to look inside the HTTP stream for the Host header.

You could also try logging all DNS requests, but that is fraught. The DNS request might come well before the HTTP request; might be sent to something like OpenDNS, requiring DPI anyway to look at those; or might not happen at all, being hard-wired into the requesting machine.

Where an ISP uses intercepting web proxies, logs of URLs may already be available. The use of an intercepting proxy isn’t a violation of the Wiretap Act. The history of the Act means that courts have ruled it doesn’t extend to servers, and the proxy is an integral part of providing the service. While intercepting proxies are prevalent on mobile broadband, they have fallen out of use with fixed lines. They also tend to apply only to traffic on port 80.

Our own Home Office Voluntary Code of Practice on Data Retention was written at a time when there was greater use of web proxies, and the Code of Practice asks that host names be briefly retained from these.

Google doppelgänger casts riddle over interwebs

Someone

@James R Grinter: Security boundaries

Similarly, it ensures that cookies are kept separate, allowing Google to say that, although they could link everything up, they don’t.

The domain name doubleclick.net could be replaced with tracking.google.com, and google-analytics.com with more-tracking.google.com.

Firefox-based attack wreaks havoc on IRC users

Someone

The road to hell…

…is paved with good intentions. I can only see this type of problem getting worse, as browsers are extended piecemeal, in an attempt to remove the need for plug-ins.

Another one for the preference network.security.ports.banned.

RockYou hack reveals easy-to-crack passwords

Someone

As so often, it’s length that counts

You can tell the advice from Microsoft and Sophos has come from computer scientists. To remember your passphrase, you need to work through the algorithm you used to generate it, flawlessly. Once a passphrase has been used a few times, most people are much better at remembering a list of words than a list of letters and symbols; words are an intrinsic part of brain function. If you want a stronger passphrase, just add another word. There’s much better advice on The Diceware Passphrase Home Page [1], including a measure of strength.

Unfortunately, you still come across websites with instructions like “Choose Password (6-10 characters):”

BTW, your example passphrase may not be as strong as you think. It’s a sentence fragment, not a list of random words, so the words are interdependent

[1] http://www.world.std.com/~reinhold/diceware.html

US makes travellers go online, before getting onboard

Someone
Black Helicopters

IP address

Don’t worry, the Department of Homeland Security just wants to confirm your IP address for their files. [1] Then it can be matched up with all the Internet data hoovered up in Room 641A and elsewhere.

[1] http://current.newsweek.com/budgettravel/2008/12/whats_in_your_government_trave.html

U2 frontman bitchslapped by TalkTalk

Someone

Bono, go and live in China

Bono’s examples of control, and it’s debatable how successful they are, are not control through technical measures, but control through fear. Fear that the state will bring sufficient resources against you, mostly manpower, that you’ll be caught out, and the punishment will be severe.

Some rights holders would like the Chinese method applied to individuals consuming pirated Internet content. Dana White, president of the Ultimate Fighting Championship, has said, “when people start going to jail, people will stop doing it.”

For someone who appears to want to liberate the world, Bono is surprisingly willing to trample over democratic freedoms in an attempt to further protect copyright.

Critics aim to sink Titanic ice cubes

Someone
Pint

Brian, the Twin Towers didn’t sink

If you want an analogy, think Twin Towers skittles/bowling pins. Anyway, in this country, don’t alcoholic beverages and thoughts of the dearly departed go together?

3 billion have suffered Slade's 'Merry Xmas Everybody'

Someone

Scarred for life

It doesn’t get any better with time. Years have passed, and still the only Christmas tune I can bear to hear is Fairytale of New York. The UN should appoint a Special Rapporteur to investigate Mr Holder.

Steel-woven wallet pledges to keep RFID credit cards safe

Someone

More than similar

I don’t know about similar. I’d say it is a Stewart/Stand product. Is yours one of the original designs, without the strengthening on the hinged area? I’ve always assumed he made the change because some wallets had suffered metal fatigue. Fortunately, that wouldn’t have been a problem for me. I rarely open my wallet.

Unused phone lines to be taxed for rural broadband

Someone

A tax on talking

In explicitly referencing VoIP, the Treasury has made it clear that it’s a tax on the use of the human voice. Watch out lungs, the breathing tax is on its way.

Google shrinks its door to free WSJ stories, slightly

Someone

Re: Cookies

Which is why Google are not being prescriptive in how publishers implement user counting. A publisher might use a more sophisticated algorithm based on cookies, Flash LSOs and IP addresses. Any publisher who wanted to minimise ‘cheating’ would also want to limit the number of false positives to a level that Google find acceptable.

Security boss calls for end to net anonymity

Someone

The typewriter licence

The Internet isn’t a means of conveyance. It’s a means of communication. It’s not like driving. It’s like telephoning. In all the decades we’ve had the telephone, has any democracy suggested a telephone licence?

The country that gave us the Internet would be a major stumbling block for such a plan. US courts generally take the position that anonymous speech is constitutionally protected.

Kaspersky’s had this crazy idea for some time. He outlined the same principles on the BBC’s Click programme, last year. [1] While Kaspersky may be as mad as a Russian president, his company produces the best anti-virus software for Windows. So, telling him to stick it up his Bering Strait isn’t very helpful.

Child porn threat to airport's 'virtual strip search' scanners

Someone
Boffin

Compton Scattering

Maybe the spokesman for Manchester Airport got a bit confused. The product blurb for the Rapiscan Secure 1000 says, “The system produces high resolution images…”

The Protection of Children Act refers to photographs and pseudo-photographs, with a pseudo-photograph being defined in terms of an image. Is there an external legal definition of an image; don’t we rely on the dictionary definition and common sense? I could understand the argument that the X-ray scanners do not produce a photograph. Compton scattering is a specific physical phenomenon and is different to the way photographs are produced.

This would be where ARCH’s pseudo-photograph argument would kick in. If it’s not a photograph, but looks like a photograph, then by definition it’s a pseudo-photograph. The spokesman could have been arguing that they’re not photographs and don’t look like photographs. Unfortunately, the images look like photographic negatives.

An Anonymous Coward wrote, “even Level One requires ‘obscene posing’. Now I don’t imagine a child will be doing that in the scanner.” The CPS page whose URL you’ve given points out that this relates only to sentencing guidelines. It is not necessary for a conviction.

Police drag feet following DNA law change

Someone

Re: Exceptional Case my a***

I can understand why Green has fully exploited his ‘exceptional’ position to get his DNA sample and profile destroyed. Your DNA is some of your most personal information, and, if you want off the database, you want off immediately. I agree, politically, it stinks. The police already view the population’s DNA has their plaything. Green’s DNA could have also been a political football, in the run up to the next general election. Provided the Tories get in, Green could then have been just one amongst those 850,000. Or, once in power, would the Tories take nearly as hardline a position against the ECtHR ruling as New Labour?

Rogue iPhone app stores raking mazuma

Someone
Headmaster

Re: Jailbroken, is that a word?

Americans certainly seem to think so. Ars Technica have been irritating me for some time with the likes of ‘a jailbroken iPhone’, ‘a jailbroken iPhone app’ and worse still ‘a jailbroken app.’ The app hasn’t been freed from jail. I can only find jailbreak in the dictionary as a noun. English is very flexible, and we often turn nouns into verbs and adjectives. The author of your article has chosen to use jailbreak as a verb, which I believe is normal iPhone usage. To get the passive voice, he had to use its past participle. But, to go from the noun to a verb, and then on to an adjective is painful. If you ever feel inclined, please use the noun as an adjective directly. This gives us a jailbreak iPhone, a jailbreak-iPhone app and a jailbreak app.

ISP redesign unites the web in nausea

Someone

Ryanair web designer gets retinopathy, moves to Be?

The old website was very swish – money had been spent. Be are now claiming the new one was a very bad design choice, rather than the result of penny pinching. Therefore, I don’t get the use of a ‘cheap’ SSL certificate that requires Firefox users to manually download the CA cert.

https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=91

Plod offered SIM confiscation powers by Tories

Someone
Boffin

Re: @ someone 14.33

SuperTim wrote, “They can dial 999 and 112 from a sim-less mobile.”

While the GSM standard allows handsets to make emergency calls without a SIM card, a network can refuse to set up the call. No UK network allows emergency calls without a SIM card. [1] Because it’s seen as increasing hoax or test calls, more countries are removing the facility. Germany changed to requiring a SIM card, at the start of this month. [2] The UK doesn’t even have national roaming for emergency calls. [3] If you can get a signal from another network but not from your home network, it’s tough.

[1] http://www.redcross.org.uk/standard.asp?id=91109 (Answer 5)

[2] http://www.handelsblatt.com/technologie/mobile-welt/kein-notruf-ohne-sim-karte-mehr;2389707 (in German)

[3] http://www.ofcom.org.uk/about/accoun/reports_plans/annrep0809/empower/ (§ An emergency roaming mobile service)

Someone
FAIL

Problems too numerous

A few minutes’ thought is all it takes to realise just how many problems there are with this. Adding to what’s been said, here are my five quickies.

1. How many years has it been since mobile handsets have come set to store all numbers and SMS messages in the handset’s memory by default?

2. Some mobile handsets have been sold with a SIM card glued in.

3. The networks pay you to take their pre-pay SIM cards. They post them to you, in multiples, for free, with a nominal positive account balance on each.

4. The SIM card doesn’t belong to the yoof. It remains the property of the network at all times.

5. A yoof receiving their now SIM-less mobile handset back from PC Plod won’t even be able to call 999 in an emergency.

Kent Police clamp down on tall photographers

Someone
Black Helicopters

Phew… I’m still safe… for the moment

I’m short, lacking confidence [1] and anxious [2].

[1] http://www.guardian.co.uk/commentisfree/2009/feb/03/civil-liberties-stop-and-search

[2] http://gizmonaut.net/blog/uk/creative_use_of_the_dpa.html

Police told to use Wikipedia for court preparation

Someone
Paris Hilton

Gist-level encyclopedia

Machine translation of human language is sometimes called gist-level translation. It will give you a feel for what the original is about, but it would be extremely unwise to rely on the accuracy of specific details. Wikipedia is a gist-level encyclopedia. It’s absolutely great at giving you an overall idea of a subject area you know nothing about, but no single detail should be trusted. The CPS need to think whether they’d suggest presenting a translation by Google Language Tools in court.

Page: