* Posts by Ole Juul

2726 publicly visible posts • joined 27 Apr 2007

'Facebook without sin' attracts 0.00006 times as many users as Facebook

Ole Juul

Re: Surprise!

The site vows to terminate users who offend "morals and good manners."

No selfies then.

Hacking Team havoc shows even 'security experts' suck at security

Ole Juul

Re: Live by the sword,

Backups are also important. For example, having another job lined up would be prudent.

Les Américains order a MEEELLION doughnuts ... from French baker

Ole Juul

how the baker is going to deliver

If the baker is in France, I would say that delivery is not possible in a timely manner if they are going to be up to French standards where day old bakings are unacceptable. Doughnuts basically go stale shortly after they cool down and even in North America are not considered prime if they're old.

US Feds investigating Prenda Law, say Pirate Bay co-founders

Ole Juul

Re: Karma

I Second that.

One thing about Prenda Law though, is that they've provided more free (non DRM) entertainment than you're likely to find from any other content generator.

PureVPN calls pure BS on VPN insecurity study

Ole Juul

Re: my VPN wasn't on the list

It's a very small list. Basically a random sampling of some of the bigger ones. It is nothing to go by if you're comparing VPNs. As for DNS leakage, regardless of what your VPN does, you should be checking that yourself - and looking after it if need be.

Ole Juul

important discussion

That research paper did look like it was rather out of the loop regarding what's happening right now. I think they took too long to get it out. This kind of study seems to be something which has to be fresh since they're talking about a fast moving and growing market. So in this case the end result is that it comes across more as an opinion piece. The good news is that it brought an important discussion to the fore.

Good for PureVPN for jumping on this, but there is a problem in that they need to sell their service as an easy solution. Users need to know that there isn't an easy way. PureVPN may well be a stellar service, but the user needs to understand what they're doing or they will fail to achieve the security they may have been expecting.

This box beams cafes' Wi-Fi over 4kms so you can surf in obscurity

Ole Juul

Re: Self destruct?

Triggered by bad vibes.

Ole Juul

Yes 900 is still open for lots of things. In this area it's used for wireless internet. I also just got a smart meter installed, and they use the spectrum between 902-928 MHz for their mesh.

Protecting users against advanced threats and the human factor

Ole Juul

2. Force them to wear mittens at work

Can we have some nice red ones with the El Reg logo please?

YouTube is responsible for user content, says German court #1

Ole Juul

Sounds like garbage

The court said:

“. . . if a service provider is notified of a clear violation of the law, it must not only remove the content immediately, but also take precautions which ensure that no further infringements will be possible.”

So it's possible to take down content based on a "clear violation". Everything to rights organizations is "clear", that's just how they see things. And to ensure no further infringements would require YouTube to shut down, otherwise it wouldn't be really ensured. None of this makes any sense.

Privacy watchdog ICO slashes its fines in half

Ole Juul

50% off

Or is that two for one?

Facebook unveils SECRET logo furtle – in a TWEET

Ole Juul

Re: ??

...and why does it appear to be printed on a rolled up towel?

Because a rolled up newspaper would be threatening to dogs.

VPNs are so insecure you might as well wear a KICK ME sign

Ole Juul

"The story here is that VPN providers need to support IPv6 not that IPv6 should be disabled on the host. The VPN should allow IPv6 or IPv4 for the tunnel transport and IPv6 and IPv4 for the encapsulated user traffic. When the VPN is brought up both IPv6 and IPv4 default routes can be pointed into the VPN and the DNS servers should be assigned by the VPN provider."

You're entirely right. It's just that few ISPs support IPv6 natively and the user needs to look after all that - which is not so easy. In my own case, when I'm doubting my own skills I think it is better to do what I know than what I think I know. Since my first post in this thread I've actually spent some hours reading about IPv6 and how to better implement it here. Like many people, my situation is with an ISP that uses carrier grade NAT, so I had to get a static address from them in order to even get any IPv6 to work in the first place.

Ole Juul

Re: Hmmm

I don't know what he's got, but Proxy.sh has those features.

- disable ipv6 (for obvious reasons)

- registered in Seychelles (because it requires local lawyer to sue there)

- no actual office (to make it difficult to attack users with suits)

- no logging, ever (because with non-disclosure threats you can't have it any other way)

- warrant canary (whatever ... it may, or may not be useful)

- and so on

They had some bad press which I interpret differently than many other people. They seem a bit hokey which I prefer to slick. The really slick companies always leave me wondering if they've really honest of if they just got a good writer. My theory is that if you have pimples, you're real. Anyway, there's my testimony - I don't get any affiliate points or anything for this.

Ole Juul

Re: VPNs are not designed for privacy

If you want privacy, there's TOR. It's been designed for privacy and even in the worst case is _much_ better than any VPN solution could be in the best case.

Tor and VPN do different things. To what ever level it is a achievable, privacy is gotten by carefully choosing the right tools at the right time.

I use both Tor and VPN in different ways at different times. Sometimes together or in a different order. These are choices one has to have a long hard think about. Just saying one is more private than the other doesn't even make sense.

Ole Juul

Configuration

It's not that easy to think this through and set up your computer to be private. It's not something a common user is likely to do. One should probably turn off IPv6. Set some non logging DNS servers (Not your ISP!) in case the one from the VPN is compromised or fails. Obfuscate your mac address perhaps, but most definitely spoof your OS and browser version as that is probably a clear ID for your computer. All this takes a bit of looking at, and I don't think the VPN provider can be expected to provide everything for their users. But as someone suggested, many people just want to download stuff without easy identification, or geolocation, of their IP address.

But looking at that chart, I see one company using Google DNS. That's just not good. Google logs all DNS lookups and they can be gotten by any 3 letter agency. Another thing to look at is how much the VPN company itself logs. Personally, I think they should run entirely in RAM and not log anything. They should also not keep a record of your payment details. I chose a company which has all the above specifications and more. However, even after looking at all those things, it still comes down to trust. You never know what they really do.

Ole Juul

Re: Do the users of these services care?

I use VPN all the time and sometimes I care a lot, but most of the time it's not so important to be really secure. When I care a lot is when I'm trying to learn how this works and how to be private in the best possible way. That's mostly educational as I don't have life/career threatening issues to protect in this regard.

Most times it's a matter of obfuscating my IP for the purposes of accessing the free and open internet. I have no interest in media downloads. However, I've come to see just how censored Google search is because they give me results as if I'm located in some specific area. That's censorship. I prefer to get a wide range of results from all over the world. Moving my IP around is an easy way to achieve that.

That's just plain practical stuff. But as a matter of principle, when I'm using a browser it's nobody's business where I live. It certainly doesn't need to be advertised to Google or other on-line giants. If some person wants to find me, they can take a moment to look me up by my real name and they'll have my address. I welcome human visitors. Robots, not so much.

NSA continues mass slurping of Americans' phone metadata

Ole Juul

Foreign Intelligence Surveillance

Since when did Americans become foreign in the USA?

Script-blocker NoScript lets in ANYTHING from googleapis.com

Ole Juul

Re: Chrome and uMatrix

" . . . use Lynx and you're really set."

Use Lynx in DOS on bare metal and you're really, really set. (It works like a charm, by the way.)

Small change to Medium takes large axe to passwords

Ole Juul

Medium is just an extension

I got tired of waiting for medium.com to respond so went to Wikipedia instead, and saw this:

Users can only create accounts or log in to Medium with a Twitter or a Facebook account.

From my perspective, if they can't operate independently, they don't get my participation. In other words, I won't be needing any password anyway.

Generous EU Commish gives Google SIX MORE WEEKS to respond to antitrust charges

Ole Juul

"Argh - That's the creepy version of "Charlie and the chocolate factory", it's just WRONG."

I take it you're part of Google's legal defence.

Cunning goldfish avoided predator in tank for seven years

Ole Juul

goldfish rulz!

As a kid I was not a good candidate for looking after pet fish and ended up inadvertently subjecting them to unusually difficult conditions. I'll spare the (now embarrassing) details, but goldfish are real survivors.

WikiLeaks docs show NSA's 10-year economic espionage campaign against France

Ole Juul

With friends like that

Who needs enemies?

Google harms consumers and strangles the open web, says study

Ole Juul

Ad block and VPN for all

Perhaps user education would be helpful here. I avoid Google services and I avoid ads. I also discovered that by using a VPN I can get search results which are more "neutral". It puts the world (and wide) back in WWW. The average user won't know how to do that stuff, but there is no reason why vendors like Firefox can't help people get a better experience. Or is there?

Smart meters set to cost Blighty as much as replacing Trident

Ole Juul

Re: Cost Benefit Analysis?

total failure, as we have no reliable mobile phone signal here, so that option was out of the door.

No cell coverage here either, but that's not needed for this to work. In our case they decided to use satellite. Apparently it costs a bit more for them to do so, but it's well worth it them. (Their cost benefit analysis is almost 600 pages so I won't link to it.)

Sophos' putrid patch snuffs Citrix kit, kills call centre

Ole Juul

security

He says that upgrade would normally be planned and coordinated in advance.

So there's a vulnerability in their planning and coordination which needs to get patched as well.

Tesla says Model 3 is still on schedule, despite being delayed again

Ole Juul

Love the red, and love the Reg logo. Perhaps I'm the only one who notices which way things are facing, but couldn't the image or the logo have been flipped so that we didn't have a backwards looking logo? (Not that I wouldn't be grateful to receive the givaway, mind.)

Germany says no steamy ebooks until die Kinder have gone to bed

Ole Juul

Re: So, Herr Regulator

Herr Regulator does not travel much and believes the world is flat. One could though, imagine him in a Los Angeles restaurant demanding breakfast at midnight while emphatically insisting that it is 8 a.m.

California über alles? Is MEP Reda flushing Euro copyright tradition down the pan?

Ole Juul

Re: Limit the term

I never quite figure out why a creator suddenly isn't allowed to get the profit of his or her actions throughout his/her lifetime.

They are allowed to get profits. They can press records or make medicine or build and make profits on their own creation. Many people, when they get older, continue to do what they figured out how to do when they were younger. However, when you die, you personally don't get paid any more.

Ole Juul

I made a mistake

I realize that the Pirate party is young and consists mostly of young people newly awakening to politics, but have felt that they were on track to help us into a new era in the digital and general rights world. Now I seriously worry that we may have a generation of kids who have been bought. My "get off my lawn" comment might refer to too much TV. Just yesterday I commented on the Reg to the effect that I thought that Reda was our best chance. Now I'm seriously doubting that. Great article Andrew.

EU legal eagles to vote on lonely pirate Reda's copyright report

Ole Juul

Go Reda Go!

She's in a tough position, but she's the best we got.

Chancellor Merkel 'was patient zero' in German govt network hack

Ole Juul

selling newspapers

". . . it is alleged." and "German newspaper Bild claims Merkel's computer was one of the first systems to be infected with malware linked to miscreants in Russia."

Instead of discussing the veracity of Merkel's computer skills, it might be more fruitful to question the source of the story. What kind of credibility does the Bild have?

Belgium privacy commish ambushes Facebook with lawsuit

Ole Juul

Re: You know...

I'm surprised it hasn't gone that far already. Facebook is outrageous in their stalking tracking behaviour.

Dossiers on US spies, military snatched in 'SECOND govt data leak'

Ole Juul

. . . details are classified.

Yes, they're classified as American.

Ole Juul

Re: Great

"if you havent gotten it off bit torrent or some tor site yet...."

BitTorrent is a protocol, you don't get things "off" it. And what's a tor site?

PS: I didn't give you a downvote, but this is an IT site. :)

How much info did hackers steal on US spies? Try all of it

Ole Juul

Re: Lots of people have to fill this out

One stop shop? In a shop you usually have to pay.

It's a loss leader.

US mega-hack: White House orders govt IT to do what it should have done in the first place

Ole Juul

won't hold water

Even the Navy has decided to check out the "cyberwarfare" pork barrel.

'Nothing to see here', says ECJ as Safe Harbour opinion delayed

Ole Juul

nerve

". . . judicial redress rights for European citizens equivalent to those enjoyed by Americans."

It sickens me that this sort of thing even needs to be discussed.

Poison résumé attack gives ransomware a gig on the desktop

Ole Juul

just thinkin'

"specifically by way of an Adobe Flash exploit"

So, in the same way that BitTorrent enables "illegal filesharing", and Tor enables "terrorism", so Adobe enables extortion. Something doesn't compute.

4 new twists that push the hacker attack on millions of US govt workers into WTF land

Ole Juul

They gambled - and lost

"the attack carries with it a significant monetary cost"

One cost will be installing the security measures they never had.

Scientists love MacBooks (true) – but what about you?

Ole Juul

Yes, it depends

Someone with a penchant or motivation for learning things will deal with whatever computer they need to and a Mac is probably a sensible choice for most scientists.

For me the problem with Macs is actually Mac users. Many are no problem, but I don't believe that users who struggle to figure things out are helped by using a Mac. They still struggle. I'm always getting non-standard files from them (dot pages anyone?) and e-mail attachments which can't be opened on any other system.

Bitcoin blackmail gang start hurling DDoSes at Scandinavia

Ole Juul

The internet is so confusing

"We do bad things, but we keep our word."

So they're good guys then?

Obama issues HTTPS-only order to US Federal sysadmins

Ole Juul

Re: So we cant trust HTTPS then.

Actually, you can trust everything or everybody if you want. You just have to live with the consequences thereof.

What a Zuckin' drag! 'Frisco queens protest outside Facebook HQ over 'real names' policy

Ole Juul

Facebook?

Is that their real name?

OK Google, how much of my life do you observe and disturb?

Ole Juul

Redefining private

The Google announcement contains some interesting lines which reveal an alternate universe.

"people think it’s important to control access to their personal information"

Access my personal information? I don't "access" my personal information. I have it. If they (or anybody) has it, then it's not personal.

"When you trust your personal information with us, you should expect powerful controls that keep it safe and private"

I do. But not by Google's inverse definition of private. It goes on and on, but the bottom line is that Google keeps a profile on its users which is comprehensive and they make the assumption that it is OK for them to do so. But it isn't.

Phished IT bod opens door to 40,000 finance folks' personal details

Ole Juul

Reassuring

"I would like to reassure you that this is not a breach of our IT system, but we fell victim to a devious confidence trick on an unsuspecting member of the support team."

Oh, that's ok then.

Long, sticky summer ahead: Win 10 will be with OEMs by 31 August

Ole Juul

Re: system requirements:

You don't have to buy it.

That, in fact, is one of its more endearing features. Have an upvote!

Unmasking hidden Tor service users is too easy, say infosec bods

Ole Juul

Re: "legitimate sites like Facebook."

Despite the fact that it's sometimes used by journalists, whistleblowers, and security researchers.

FCC to crack down on robocall spammers' beloved loophole

Ole Juul

Re: @Ole Juul But some people just don't care!

How is the "push 9 to connect" thing arranged? It sounds useful.

My phone company is CallCentric who has it on their extensions option menu, but other companies are implementing similar features. If you run a PBX you should be able to do it on any line. My axe to grind is say good buy to the featureless and overpriced old companies and take control of your own phone.