* Posts by Sebby

117 publicly visible posts • joined 20 Jul 2009


In the three years since IETF said pervasive monitoring is an attack, what's changed?


Re: IPsec

Hell of a job getting it through NATs, without the addition of NAT-T, and often not at all on particularly brain-dead networks that don't handle large frames properly or don't support anything that isn't the web. Hope yet for IPv6, as IPsec becomes seriously viable.

Anyway, look, this grand plan will fail because Google will undermine it. They hate DNSSEC with a burning passion because it adds a whole, like, 200 ms to your DNS requests or something, and occasionally doesn't get through due to some shitty middlebox somewhere. And it's Google's view that if they broke the web, it's their fault, rather than the fault of the networks we live with today. So we all have to suffer with a known-broken CA model and LetsEncrypt, together with a pretty lame-duck approach to detecting (but not necessarily protecting against) the cowboys, yeah?

Opportunistic encryption is good but mandatory encryption is better. I need a better DNS resolver protocol though; one not dependent on TLS and hostnames. Must look into this. For the origin authentication, DANE is what I'd root (route?) for, as it has immediate upward compatibility with the existing CA system. And for IPsec, "Better Than Nothing" (BTNS) upwards anonymous key exchanges are probably the simplest and most invisible way to turn on encryption for public services, with almost no added cost, for use by any upper-level protocol that would otherwise not be secured, so that at least passive attacks can be warded off.

A lot is possible, if we unshackle ourselves from today's broken networks ...

No surprise: Microsoft seeks Windows Update boss with 'ability to reduce chaos, stress'



• Investigate and understand customer scenarios and expectations in depth, using telemetry/data, anecdotal evidence, personal experience and market perceptions.

No! That's precisely where the problem is: using bad data to paper over the cracks instead of actually testing their shit properly in the first place.

Guess it confirms what I'd hoped would never happen too: now we'll be force-fed the telemetry updates I've been trying so hard to avoid, whether we want to contribute to M$'s giant sludgepile of ill-gotten crap data or not.

Google killing app format used only by The 1%


Re: well that's annoying

Those who never use packaged apps will not miss them. For those who do it will require some thinking on how to rework things for non-Chrome OS users. Developing for Chrome OS made sense when packaged apps also catered for cross platform deployment, but when that is gone it is likely to be back to native app development and tough luck for Chrome OS users.

Precisely. The worst part of this is the network effect it will have on ChromeOS, which needs a packaged app ecosystem of some sort to be credible. Maybe native offline web apps is the replacement, but I'm afraid it'll probably be more along the lines of the ARC and Android portability.

Well, anyway, probably no more gamebooks for me for when the Internet isn't there on my ChromeBook for a bit. Guess I'll just have to turn to my iPhone for exactly the same apps, and pay more for the privilege.

Google is very good at this sort of thing, isn't it?

Apple gets judge to hit ctrl-alt-delete on $625m FaceTime patent troll


Re: Theft and Infringement

Bollocks! This company VirnetX, and its patents, are without merit. Details here.

So unless you think companies should be awarded patents for doing nothing at all very special, Apple most definitely should win. And yes Apple are bullies too; that makes no difference. Virnetx are trolls, plain and simple.

Windows 10 still free, even the Anniversary Update, if you're crass


Re: Missing option in survey @alain williams

AFAIK there are some blind people roaming these forums, have they got any input on this?

Yes: even the fairly rudimentary improvements to Narrator (which is still no match for the commercial screen readers on Doze) are not enough of a reason to upgrade. My privacy, as with many of you, is too important for such trifles. Moreover, the "upgrade" seriously degrades accessibility in many ways. Redmond know this; they’ve had to extend the offer precisely because their lacklustre accessibility wasn’t adequate. Example: you can’t use Edge in third-party screen readers. It’s great that they’re willing to acknowledge that much, but perhaps not so great that they’re still willing to help people get a worse experience. I guess it’s good PR, it’ll give more people the opportunity to “upgrade” (and everybody should make use of assistive tech if they need it) and people who really don’t want it can now stop being forced onto it. But as a blind person I don’t want it.

As to the alternatives, I use the Mac most of the time, and have done since 10.5 or so. The experience started out very promising, got better, really great, became the benchmark for the AT industry, and then, as many Mac users are finding about the whole OS, got gradually worse as the iOSification set in and iOS itself became the priority. Including the screen reader in the OS was a masterstroke, but it only works when you’re keeping that screen reader on par with the competition, and sadly Apple aren’t even trying to hold the ball at the moment. I’ve been thinking about going back to Windows 8.1 with Classic Shell and tweaks with a commercial reader more and more (I never really had any great love for versions of Windows past 2000 or maybe XP classic), and have decided that if Apple don’t pull their finger out very soon that’s what I’ll do. People certainly deserve better than what Apple’s sanctimonious PR bullshit conveys they should be getting from their screen reader. It will be a shame: I really prefer OS X overall, it’s a much more rational desktop experience (menus, not ribbons, no touch fetish), and it has great first-party support for apps (including the browser) and third-party support for its Cocoa toolkit. Even the installer works with sound support, so I can do independent system maintenance. But I have the hardware to last until 2023 with Windows 8.1, so that’s what I’ll do if need be. The bugs in Windows screen readers actually get fixed more than once a year, and I can use themes and tweaks to hide the ugliness and use alternative browsers, etc. Desktop Linux isn’t really feasible—the work just hasn’t been done, and while I don’t fault the volunteers, the fact is that a freshly installed system has a good chance of not working even with the necessary software installed as part of the base system. Accessibility really does require some commitment, however little. ChromeOS is still a bit rough, but it’s getting better quite rapidly; no doubt their entry into education had something to do with that. iOS is always preferable to Android, while Google continue to make only a half-hearted effort. And no, the source won’t help if you have to be using it to improve it, obviously. No platform preference can change that, alas ( not even if you downvote this post :) ); I’d use desktop Linux and hardened Android if I could. I do use textmode Linux quite a bit in a VM with braille support and use Linux on servers, of course. That’s great. But on the whole I think blind people are just choosing the least worst option, with Windows being the most mature, but yucky and exclusionary, option that can be fixed somewhat to be a pretty ruthless and efficient option, and Mac being the nicer one that gives the user more independence, a technically superior and inclusionary design and a largely pleasant experience, but fewer choices of software and no choice of screen reader, and maddening bugs to boot. There’s maybe hope for the Mac, a dead end for people who care about privacy in contemporary Windows, and degradation either of the overall experience on Windows (touch, ribbons, busy UIs) or the screen reader (long-lived Mac OS and VoiceOver bugs). Most people just go on price, and therefore Windows, but a lot of the blind people I know have the dual-boot scenario on a Mac, or a Windows VM. I’ll continue to recommend and use Macs for now, but if the next release of the system doesn’t stamp out some bugs, I’ll make the switch to the dead-end platform.


AirPort owners: Apple's patched a mystery vuln


The problem is in mDNSResponder, details here. If you were paying attention to your AirPort updates, then you already installed 7.6.7/7.7.7, and already have the fix, whatever it's fixing.

TLS proxies: Insecure by design, say boffins


Re: Man in the middle for your security....

Why? Because they're corporate idiots, of course. They don't care about your personal security, only their corporate (i.e. financial) security.

Concur with El Reg: I can't wait to hear just how utterly braindead these corporate MITM solutions are. The only use for SSL/TLS inspection is protocol debugging; everything else is sacrosanct.

China leaves Apple books, movies on the cutting room floor


Re: Encryption-related?

Nah. In fact, iTunes would now be the only way to get movies/books onto the devices, and encrypted local backups don't go anywhere even with the user's key in hand.

Hmm. Now there's a thought. If only people could download books/movies from elsewhere on iOS without needing iTunes. They can't only because of silly Apple's no-compete restrictions. Heh, own goal.

LaCie bigs up 5big array: Desktop hot storage box gets fatter drives


Re: Big POS?

Yeah, it's the drives, obviously. LaCie is clearly making big money from Mac users using Thunderbolt, and taking a seriously big piece of piss by shipping such crappy SGT drives inside. I wish they'd've sold me the unit without drives in it. Looks like they've taken the hint since then, at least by supplying better drives.

I have the first-gen 5Big without RAID, and the Mac Mini is now running Linux (which recognises the PCIE chipset in the enclosure) and doing software RAID6. Works very well. The software stack is all standard, and the machine and drives warm-swappable (Linux doesn't know how to do hot-swap Thunderbolt yet, sadly). It wasn't quite what I'd planned, but OS X's SMB support is seriously fucked up, and Linux is terrific for choice of server software, so it worked out in the end. We got a second (much less powerful) Mini for the Mac-specific stuff, and of course have an encrypted off-site backup.

Lose the onion tears, Tor fanboys: CloudFlare may consider binning CAPTCHAs, says CEO


Even more remarkable when you consider that CloudFlare was born out of work done on Project Honey Pot, a completely voluntary service which helped webmasters in the coordinated catching of spammers and related infrastructure. Then the CEO got his MBA.

Apparently, business really is more important than ethics.

Windows 10 overtakes Windows 8.1's market share


Re: Ah. Windows 8 users

Not if they have Classic Shell installed.

Funny, how the aftermarket start menus made Win8.1 a force to be reckoned with. I won't take Win7 now.

Safe Harbor 2.0: US-Europe talks on privacy go down to the wire


Re: Can somebody clarify....

Correct, AFAIK (perhaps their third-party cloud storage providers). As a bona fide fanboy, I can assure you I'm not happy about it either.

The best option available is to just reduce the amount of data you put up there, which Apple of course punishes you for by not supporting other, compliant services as well or at all. Then of course they add salt to the wound by not allowing you to (easily) delete data from your account, or close it.

I will be very happy when they fall under the axe. I love the products, but not the company.

Eric Schmidt, for one, welcomes our new robot overlords


Share and enjoy!

Facebook to Belgian data cops: Block all the cookies across the web, then!


Re: Eh

Quite so. I already block all Facebook domains at DNS-level, effectively separating me from Facebook and the mountains of crud on it. So far, all I see is an improvement in page load time across the net, as well as my overall spiritual wellbeing, and the only news I've missed is that letter FB's chief wrote to his sprog, which El Reg quoted enough of to reassure me that I really didn't want to see the rest of it anyway.

So it's all good. FB can go to hell and take their tracking and we-don't-give-a-toss-about-privacy attitude with them. They are indistinguishable from an ad network--perhaps because they are an ad network--and I treat them with the same intense loathing.

EU copyright reforms to be 'gradual, balanced and targeted', says Ansip



I'm going to continue breaking the law, for entirely the right reasons.

Apple supremo Tim Cook rules out OS X fondleslab, iOS merger


Only Half The Story

He's right, combining the two form factors is very silly.

But I bet you will still end up with one large Apple device anyway, and it will be the one running iOS, on account of OS X being slowly and carefully deprecated through sheer neglect, and iOS slowly being improved to add the necessary keyboard support and other niceties of a productive work environment, until nobody wants or needs a Mac anymore (except those with discerning hardware tastes and/or a continued need to run Mac OS).

MS Future Decoded conference, or The Empire Strikes Back


Re: Helping the Blind?

Aha, thanks.

So, yes, presently commercially unavailable. I can hope, but the biggest challenge is getting enough beacons to make it workable. MS are so far saying that most of the info comes from the cloud, and in fact we are often getting waypoints from other services like 4Square now.


Helping the Blind?

How, exactly. As a blind person I've seen* no suggestion that MS are "helping" much at all; in fact they are woefully behind the competition at this stage--even Google, for heaven's sake. No Windows Mobile accessibility, a free Windows screen reader only available with Office subscriptions (one of the originally commercial ones, naturally), a primitive (but very slowly improving) integrated screen reader that only works with the touch interface, and a 3D headset that's completely theoretical. A great help. :(

* You know what I mean, dammit.

UK govt sneaks citizen database aka 'request filters' into proposed internet super-spy law


Re: Can someone explain this?

Best guess: I think they're talking about address sharing / CGN. In which case UK.gov should consider the potential long-term benefits of not trousering dishonest money given to them by ISP lobbies from the short-term implementation of unsustainable and unjust IP address extension plans, and instead get this dank little island on to IPv6--that is if they can find the time between spying on everyone and making them bankrupt through cuts.

But I could be wrong.

Mostly Harmless: Google Project Zero man's verdict on Windows 10


Re: Windows security is like a heavily armoured gate...

I don't think users are empowered enough on Windows or, really, on any platform. We are not sandboxing by default, leaving the gatekeeper (of which there should always be more than one) to define only the recommended default set of minimum privileges an app needs. Nor can users specify alternative gatekeepers or no gatekeeper at all, with different capabilities and entry requirements. And users have no power to bypass the sandbox selectively, with user interfaces that leave no room for ambiguity about what exactly is being permitted and why. We should get that first, then we can judge the appropriateness of various distribution models. Sadly, every vendor seeking to build a perfect app utopia always has an economic incentive to hold the keys to the kingdom, except FLOSS distributions of software, which may have different incentives but which are at least innumerable and provide enough scrutiny to be useful.

Windows users can check out Ninite and Chocolatey. Mac users can try Get Mac Apps, in addition of course to the FLOSS package managers such as MacPorts, pkgsrc and Homebrew. Apple themselves, of course, have long since failed to deliver a Mac App Store that actually delivers what people want.



When we asked Mr Forshaw if he had an opinion of the allegations that Windows 10 spied unreasonably on its users, he would say only, "LOL! Amateurs!"

German infosec bureaucrats want mail providers to encrypt


Yes, but that by itself is not ensure that the transaction is encrypted, and using the correct keying material. Without TLSA records * there is no way for the client ** to know for certain whether encryption is supported or that the key is correct; if an attacker in the middle strips away the advertisement of STARTTLS then offering it is useless because the client will helpfully fall back to plain text, or if the certificate is replaced by a compromised one, the client will just use that instead.

This is fantastic news, really. Both Exim and Postfix can do it now IIUC; get your DNSSEC-aware nameservers and your MTAs ready. :)

* TLSA records are secured using DNSSEC. I make no comment concerning the trustworthiness of an ultimately single-source root-anchored chain of trust, except to say that user visibility into that root, or any subordinate identified by domain suffix, is likely to be superior to the current CA regime.

** The client is an SMTP server delivering mail onward, for those unaware; this is not the same as a user agent authenticating to a mail server, which requires a private arrangement to ensure is safe.

Big biz bosses bellow at Euro politicians over safe harbor smackdown


Big Business Wrote the EU Because

Honestly, it's better this way. I can't delete my data from the datacentres of $USCORP. Better blame the EU for ruining the fun, rather than actually complying with a usefully strict standard of data protection. Sure US.gov finally broke the deal, but now companies will actually have to pull their fingers out and respect peoples' rights instead of just promising to keep data safe.

Faked NatWest, Halifax bank sites score REAL security certs


>>> A green address bar with a company name shown in it provides assurance that "they are the company they claim to be". (That's an EV certificate). However, they may still be a scammy company that's going to run off with your money / go bankrupt / get hacked and expose all your personal information etc.

Of course, it could also just be a scammy CA—one who has got tired of all the losses incurred in the verification process and, spurred by the same perverse economic incentives as the original CA contract, fails to do their due diligence in issuing those EV certs correctly. Then the industry needs another, even more outrageous excuse to make large sums of money by doing absolutely nothing they should not already be doing, which they will pretend is providing truly legitimate security this time, honest guv, and it will be called “Extended Extended Validation” (E2V). The great thing about this scheme is that, any time the plebs rise up and demand security for lower cost, they can just increment the digit in the acronym again, and maintain the same prices. Awesome.

The CA model is past its prime. Let us move to DNSSEC already. Meanwhile, CAs cannot legitimately be accused of providing “Domain Validation”; it is what the people want. These same people will simply have to learn what that padlock really means: security for the site indicated in the address bar.

TCP is a wire-centric protocol being forced to cut the cord, painfully


He's certainly right that TCP could perform better with random non-systematic losses or delays, though as said we have now got pretty good at fast recovery and extensions like SACK make it easier to go very far very fast with minimal overhead.

However before we start dicking around with TCP, first kill one of the worst bloodsuckers of TCP performance in mobile environments or anywhere else: NAT. Mobile operators were quite happy roping people into their walled gardens back then, and news flash the Internet turned out to be important, so most of us are now talking to the Net by way of IP translation. Because of NAT we are using stupid tricks to keep TCP sessions alive, and wasting precious resources (energy, bandwidth) doing it. The state management and scaling issues are surely quite substantial in an increasingly mobile world, and the time spent translating is not spent shoving bytes around. Certainly the current situation leaves a lot of room for layer 4 manipulation, so I have to imagine that this research is way above the level of deployment. Still, NAT is evil and should be stamped out.

Just my thoughts.

Another root hole in OS X. We know it, you know it, the bad people know it – and no patch exists


I don't think it was proper for him to disclose if he had intended to do the "Responsible" disclosure dance.

But that's OK, because I believe in full disclosure anyway. Really, it's about time, else this industry isn't going to improve. And dealing with Apple security is a PITA, so yeah, he probably did himself and the world a favour, by exposing the increasing mediocrity and simultaneously saving himself a lot of headache.

Notable is that many of these security holes are seemingly appearing in Apple's later (perhaps less well-tested) code, and are being fixed in subsequent (but beta) builds. The shiny-shiny is where all the work is going now. :(

Mt Gox's Mark Karpeles arrested in Japan


Well, yes. Hopefully people will stop giving their money to random strangers on the Interwebs for safekeeping and look after it themselves after this. Not hard, and there are wallets that expressly avoid holding the keys in the clear (notably, blockchain.info).

No, Microsoft: Your one-billion Windows 10 goal is just sad ... really sad


Re: Beg to differ

Really? I always thought it was because people found it easier to justify being cheap instead of evaluating a platform to see if it would meet their needs *, and the power in numbers just ensured that maximum compatibility would fall to Windows long after its genuine enthusiasts had given up hope for it.

But I could be wrong.

You might consider a Mac, BTW. Well-built, quiet machines that run more generally-available commercial software. UI is also far more polished and uniform, and the tools are better certified. You can build or run your FLOSS apps on it too, or run Linux or Windows on them. Yeah, a bit less control under OS X, but much sweeter than Windows, and none of the attendant nonsense.

* I accept that Apple's pricing is disagreeable. But there, you gets what you pays for ...

Windows 10 marks the end of 'pay once, use forever' software


Re: OS X upgrades "cheap"?

Nearly; RAM and Bluetooth hardware. Admittedly Apple are no longer selling just the minimum on new models anymore, but let's be honest, hardware is now the driver, just like iOS.

I should wait 'til El Capitan and see though. It could just be Yosemite being crap. I've liked what I've seen thus far.


Re: OS X upgrades "cheap"?

And the hardware requirements correspondingly less forgiving ...

Yes, I use Macs. I still think they're a better deal, just now anyway.

Don't want Windows 10 FILTH on the company network? Step this way


Windows Management 101

Nice to have that confirmed.

No. I will not purchase server licences just so I can manage clients or say which updates and where these updates come from. Far easier to just not use Windows, or run it disconnected or in a VM or remotely or keep some WSUSoffline DVD images around.

Macs do allow you to update the OS, yeah. But the installers are delivered as apps, managed separately. You can't update the OS and end up with an entirely new one. There are Mac management issues for dealing with the stupid ads that pop up urging you to install, however. Hiding an update can be done by just option-clicking it.

Microsoft's Windows 10 Torrent-U-Like updates GULP DOWN your precious bandwidth


@The_Idiot Re: Sharing such files over the LAN should help...

+1000 this.

Inconsiderate, arrogant fuckers. That's my metered bandwidth your sharing; ask me first.

BitTorrent asks me first.

OS X Caching Service asks me first.

Linux caches and proxies ask me first.

Even Flash asks me first IIRC, FFS!

Yes, local network caching is a good idea. I think Macs should do that too, without you needing a server. But this M$ behaviour puts Apple's hubris to shame.

Notice here that the peer-to-peer aspect means you can't really control any client once you've given it access. So, together with Wi-Fi Sense, you have even more good reasons to refuse Windows entry.

UPnP IGD (or the nicer NAT-PMP/PCP) isn't evil. It's broken hosts and NAT that are. Fix and get rid of those so your apps can't open up backdoors or fail to function, respectively.

PagerDuty hacked ... and finally comes clean 21 days later. Cheers


I'm More Surprised

That it didn't happen sooner. PagerDuty is a great big bullseye.

I mean, they've got access to the pager messages of all manner of businesses. Whether collected in transit or after the fact, some of that stuff surely has to be very valuable to somebody somewhere for gaining entry or espionage. I can't imagine that many sites will have thought about obscuring sensitive information in pager messages, just in case PagerDuty were busted.

Windows 10: A sysadmin speaks his brains – and says MEH


Re: What about 8.1?

>>> As has been clearly said in this thread, there is something fundameltally wrong with the OS if you have to add something like Classic Shell to even make it half usable for people who don't use a touch screen.

I agree, but if you are destined to do that anyway, for whatever reason, then why not use Win8.1? OP is right, IMO; going back to 7 after 8.1 feels like volunteering to have your teeth pulled out without gas. So fussy and mediocre. It's incredible, as others have observed, that the best reason to recommend something crap is that it could be worse, but there it is: either mediocre Win7 or super-spy no-more-updates-control Win10.

Thanks Trevor for the write-up. Win10 isn't for me yet. I think Win8.1 is where I'll be. It may be suboptimal for desktop users, but until M$ learn to listen to their customers and give them what __THEY__ want, then I'll just have to make the best of a bad job.

Chat about Safe Harbour all you like, the NSA's still the stumbling block


Re: Just ban Facebook.

>>> Why was the Joke Icon necessary, the comment actually seems quite valid.

“{just leave access to this site alone ok}”

Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet


Re: The real culprit

Mmm, I'm not the OP, but much as I'd love to, no, I can't agree.

Setuid/setgid is an elegant solution, but only if you overlook the lack of granularity in the *NIX security model. Their existence is proof of a failed security model, incapable of expressing a set of privileges for a process's execution. The fact that many setuid/setgid programs are or have been vectors of attack, including particularly complex ones such as mail transfer agents or sudo which otherwise have no means of performing their required duties *, does appear to suggest that while in theory setuid/setgid bits should provide the means for programs to be "Gatekeepers", as you put it, frequently they appear incapable of it. That's why we have the (I would argue still insufficient) POSIX "Capabilities" and the ACLs which make it possible for programs to limit the damage they can cause by setting up their privileges at startup.

I agree with you that Apple made a stupid mistake here; it was probably a silly oversight of a development feature or something, as suggested elsewhere in this thread. Modern OSs now ignore LD_LIBRARY_PATH or similar when the program is setuid/setgid; they also forbid signals or tracing. The kinds of mistakes made in setuid/setgid programs are probably only noticed at all because, let's be honest, so much of the remaining, unprivileged code (that is not setuid/setgid) is written with such a rosy view of the world, and the knowledge that a mistake really *can't* result in complete system compromise.

* I refuse to use sudo on non-Apple systems, and I believe MTAs should use the submit protocol to accept mail and the traditional "sendmail" binary should be a regular program, sans setuid/setgid.

Even Microsoft thinks Outlook is bloated and slow



More poorly-formatted and rudely-replied-to email. I can hardly wait.

Universal Pictures finds pirated Jurassic World on own localhost, fires off a DMCA takedown



Everybody knows that ::1/128, fe80::/10 and fc00::/7 are where all the real criminals are hiding. If they haven't found those yet, it's because they just aren't looking. Come on guys, fire up those scanners, time is money you know, and this could take a while ...

PS any pirate sites entirely hosted over IPv6 yet? Might be a good way to vastly accelerate deployment ...

WHOA! Windows 10 to be sold on USB drives – what a time to be alive


Re: Mac OS X

Even when Apple did supply the sticks, they emulated USB DVD-ROM drives; hideously ironic considering what they (and the App Store) were supposedly replacing.

It'll be interesting to see how it plays out in the Wintel scene though. I wonder if M$ will also deliver read-only media, and how the various quirky PC BIOSes will cope. I expect the demand for DVD will still be there for the machines that don't USB-boot, or do so in a way not compatible with the drives being put out. On the plus side we might see more uniformity in BIOSes.

iPod dead? Nope, says Apple: New Touch has iPhone 6 brains


Re: where's the click wheel?

Click wheel? I prefer the Shuffle's control pad myself. Wish they'd done work with that; 2GB in 2015 FFS, and crazy prices.

But I'm warmed by this new Touch. MIA is Touch ID, surprisingly, but otherwise it's very sweet. Nice to see Apple taking it a bit more seriously than previous models. Lasts forever with "Airplane mode" turned on; put all your stuff on and enter paradise. Really the soul of iOS, compared to the much bulkier iPhone.

Apple snuggles closer to IPv6

Thumb Up

Finally! When Apple first introduced (their version of) "Happy eyeballs" they made the critical mistake of choosing whichever version of the protocol was faster without regard for the future of either protocol, specifically the harm that behaviour would do to an increasingly NATed IPv4 network. Now it looks like they've got a clue (for whatever reason) and are now preferring the protocol that will actually grow the network going forward.


Google says its AI will jetwash all traces of malodorous spam from your box


Re: GOOD NEWS from jdavid000@she.com

I guess the takeaway is that you get excellent spam filtering, as long as your with Google. If you're not then Google thinks you can just FTFO.

'The server broke and so did my back on the flight to fix it'


Interesting story, but I still think the real mistake was putting a dreamer in front of a Mac server. Those things just aren't built for idiots, no matter how much they promise to be (and I'm sure many a sysadmin would wish otherwise). I don't think Apple knows how to build servers that aren't overcomplicated and full of moving bits that break if you breathe a bit too hard on them; you really need a Unix head in front of it. Or better yet, just shred all that complexity and put Unix/Linux on the server and raise the bar, accordingly (and sadly).

North America down to its last ~130,000 IPv4 addresses


@1980s_coder: Agree with you 1000%. The only point I'd disagree with you on is the RFCs--those really are very unforgiving for your typical ordinary sysadmin-person. Wikipedia is a good starting point, and several books (Draytek has a very practical one published called "Real world IPv6" or something). People should seriously get moving; it's different, perhaps a little steep, but once you've learned it and understand it you'll be wondering what all the hate and fuss is about. Come on commentards, you can do it! :)

And my sincere apologies to those net engineers living in parts of the world who have already made the leap and are being inconvenienced by those of us in affluent regions who seem to think that neoliberalism solves every problem that needs solving. Those of us with a clue are trying to spread the faith as fast as we can before real damage is done, honest.

VPNs are so insecure you might as well wear a KICK ME sign


Re: Why did the IPv6 rollout have to be such a mess as to encourage these problems?

>>> Because interop with IPv4 was never part of the IPv6 design philosophy! The idea was to "throw a switch" and hey presto the old IPv4 Internet simply disappeared to be replaced by a fully functional, highly secure IPv6 Internet. This is probably the main reason why there is so little IPv6 support and usage.

No, that was not the idea at all. The IETF made the conscious decision to ultimately choose a non-backward compatible transition plan, it's true, but they did so because they had faith in homo sapiens to deploy IPv6 at the earliest opportunity possible (hint: we are in 1996) with the goal of having it fully deployed by the time it was actually necessary (hint: IANA ran out in 2012) so that, at the time IPv4 was retired, it would not be a problem for the Internet. Homo sapiens proving itself to be more concerned with making lots of money and watching cat pictures, this plan did not bear fruit, and that is why we don't see much IPv6, and are now paying the price for our collective apathy. :(

Get READY: Scientists set to make TIME STAND STILL tonight


Re: Having a single time is a nonsense

Nah. We're human beings--we'll adapt.

Abolish "Mean Solar Time", and move to TAI ("Atomic" time). I can refer to any future time, correctly and accurately, always. Time goes forward at a fixed rate, all the time.

Then drop time zones, and move to the 24-hour time format. The world is a big place, and there's plenty of understanding in it: Australians just happen to get up at 18:00, that's all. And no bloody "Daylight savings", neither.

Then drop relative time: every time is expressed as an absolute, and people become good at mental arithmetic so we can express durations, and swiftly add them together, or recognise time periods such as 86400 seconds equating to a day.

Now stop insisting on having significance of day and night: time is used at whatever interval suits, and day and night are merely observable events. Efficiency may very well be improved. The problem of natural illumination can be solved, somehow *, but in the event that it can't, then sunrise and sunset are merely accurately-recorded points on the absolute timeline, by which means relative offsets may be expressed for the purposes of coordination.

Then switch to a decimal system of time units, of suitable complexity to allow very accurate time scales but of sufficient manageability for everyday use.

Not interested? But it's the future! Ah well, thought I'd just suggest it ...

* I'm blind, so I don't have this problem, happily.

MAC address privacy inches towards standardisation


Re: IPv6 addresses

Not really relevant because we're talking about tracking that occurs on the local link. Privacy addresses are available for the non-local link case, in which case you just derive your interface identifier (host portion) of the address randomly so people can't track your single device across locations.

Hi-res audio folk to introduce new rules and weed out impure noises


First move to lossless CD quality.

If consumers don't have equipment (headphones/speakers, DAC) that can reproduce lossless material of good provenance with a reasonable degree of fidelity then it really doesn't matter how good the recording is or what bit depth/sampling rate it's recorded at. So let's get them to at least CD quality first, before worrying about anything else. I'm positive that even the best recordings are let down by shitty postprocessing work, lossy encodings, cheap DACs/resamplers and headphones.

Then we worry about whether or not HRA is of any use to anyone. Personally I'm of the belief that you can never have too much information, and yes, beauty is in the ear of the listener--so some people may simply never notice, honestly, and that doesn't have to be a bad thing.

Auto-playing video ads? People love auto-playing video ads – Twitter


Doh! That didn't quite scan right. :(

But ... but iOS 9 could BLOCK my Ad-Block, dev squeals


Re: This is great news...

The strategies for ad-blocking on iOS right now are: a completely custom browser that knows about ad blocking itself; a proxy-based or VPN-based approach where the filtering is done remotely on another machine (bad idea unless the machine belongs to yourself); a proxy-based or VPN-based approach with the filtering done locally by simply blocking access to hosts either with a profile or PAC (Webblock et al); or a block of hosts done outside the iOS device, on your own network using DNS. I choose the last option, using a number of excellent hosts files out there including Peter Lowe and MVPS, a script to download them, and Unbound to serve NXDOMAIN for any blocked host or domain.

Notice that any solution based purely on host name has no capability to filter inline resources (no style or div blocking, no blocking of subresources by URL). The PAC or proxy method increases granularity to URLs but still causes gaps, and fails with HTTPS resources (which is the primary reason I think the DNS approach is the only credible one going forward).

This API looks like the plug we've all been waiting for. It's going to be very interesting to see how Apple reconciles the obvious use for this extension point as an aid to ad-blocking with the apparent lack of other obvious uses for it. But I'm very happy they're including it. :)