* Posts by Raumkraut

424 publicly visible posts • joined 12 Aug 2009


Badass alert: 1 in 5 Brits don't give a damn about webpage crypto-miners


Re: Considering what the "legal" Javascript malware does...

Mining requires you to allow arbitrary code to execute on that machine. That code could do anything at all.

Nothing special about mining here. Many websites already require javascript, aka the ability to execute arbitrary code on your machine, just to view the page content. And quite often they already use 100% of your CPU, just to automatically start playing a video at full volume.

I really hope that this trend of in-browser mining continues, and the browser makers get a clue and start giving the user more control over CPU allocation per website. That's the only real fix that we need or should be asking for, as guidelines and regulations will always be ignored by the "bad guys".

Facebook, Google, IBM, Red Hat give GPL code scofflaws 60 days to behave – or else


Re: Translation please

Maybe it's the flu, but I've read that article three times and I still don't have a clue what it's on about.

I believe that the crux of the matter is, once a GPL infringement has been discovered, how long does the infringer have to rectify their mistake and come back into compliance, before they lose any right to redistribute to the software?

Under the GPLv3 they have 60 days. The granted rights then can be regained if they do eventually come into compliance.

Under the GPLv2 there is no grace period at all. Further, the license does not specify any way for an erstwhile infringer to regain those granted rights.

Open-source defenders turn on each other in 'bizarre' trademark fight sparked by GPL fall out


Re: "Having given the world our software on the most liberal of terms..."

1) A statement of fact, that the GPL is intentionally illiberal, in that it forces contributors to redistribute under the same terms, with no value judgement on this fact

Well that depends on your personal definition of "liberal", and the implied connotations of the phrase "illiberal".

While permissive licenses do attempt to maximise personal liberty, copy-left licenses are liberal in the sense that, though they do make some small sacrifices to personal liberty, it is to the end that liberty is maintained for all.

I would certainly classify copy-left as "illibertarian" though.

2) A statement of opinion, that commercial open source developers today probably prefer Apache/MIT for its simplicity and compatibility with *aaS business practises (cf. VMWare's woes).

Correction: Copy-left and permissive are, with the exception of AGPL, of equal utility in a *aaS environment. This is because copy-left licenses such as the GPL only apply on distribution. If you're operating purely as a service, and not distributing the software itself, the GPL confers no meaningful additional requirements over using Apache.

Manic miners, hideous hackers, frightful flaws, vibrating mock cock app shock – and more


Re: Bitcoins?

Could a similar accident to the Ethereum case potentially affect Bitcoin and other crypto-currencies?

Short answer: No.

As I understand Ethereum, its nature is that it provides a distributed programming platform with in-built support for a crypto-currency ("ether"). Anyone(?) can upload arbitrary scripts, which can then be executed by anyone else with an ether wallet.

The serious vulnerabilities found/exploited so far have been bugs in scripts running on the Ethereum platform, rather than problems with the platform itself. No other crypto-currency that I'm aware of provides similar functionality.

MEPs vote to update 'cookie law' despite ad industry pressure


Re: "Content that must be given away for nothing will ultimately end up being worth nothing."

Let me know how much you're paying for El Reg content...

Well that's half the problem really, we don't know. There's no way for me to know what of mine is being sold, nor for how much, nor to whom.

From what the business model narrative has been, and as far as most end-users are concerned, the content *is* free. The advertising industry apparently now claim that currently the content isn't free (including that which the end-users themselves provide), but continue to do their darnedest to prevent people from knowing what the actual price they're paying is.

What’s the real point of being a dev? It's saving management from themselves


Re: what a load of Tosh!

I wonder if the irony was lost on the author, that they were rolling their eyes at using OO in development, but were happily using UNIX on the servers. UNIX, of the creed "do one thing, and do it well"; the bunch of self-contained, independent bits of code, easily bolted together through stable interfaces to provide complex functionality.

Want to keep in contact with friends and family without having to sell your personal data?


Re: Who handles the video streams and pictures, and how?

Yes but... what actual details will they have?

I didn't go digging deep, but from their FAQ:

Does Loop store my photos and videos for me?

Yes, Loop backs up all your content in the cloud and provides up to 2gb of free storage.


How do I know my photos and videos are safe?

All Loop data is transmitted over a secure and encrypted connection so your content is always safe and private.

Since they only discuss transmission, I think it's fair to assume that all your information would be stored more or less in the clear on their servers, for easier analysis and monetisation.

So yeah, it seems like you'd still be selling your personal data.

Spanish govt slammed over bizarre Catalan .cat internet registry cop raid


Re: Basque complication

I didn't think that there was any overlap between the Catalonia and Basque regions, and if the maps on Wikipedia are anything to go by, there isn't. They're pretty much on the opposite coasts of the "neck" between Spain and France, with a strip of land belonging to neither culture between, so I'm not sure where that assertion in the article comes from.

Hi Amazon, Google, Apple we might tax you on revenue rather than profit – love, Europe


Re: @Ledswinger "Its an excellent idea......"

Taxing Amazon on its revenue will increase its costs, so Amazon will increase its prices to compensate, and hey presto...

...local companies, which aren't set up to implement the massive international tax "avoidance" schemes that Amazon & co use, can now more realistically compete with Amazon's prices. This helps drive native businesses, keeps more money circulating in the local economy, and thereby makes these countries more prosperous.

Brazilians waxed: Uni's Tor relay node booted after harvesting .onions


Re: Self-important little pricks

If that relay node had been compromised, it would have made one hell of a "listening post" for pretty much anybody with an interest in intercepting Tor traffic - law enforcement, three-/four-letter security agencies, hostile foreign powers, criminals, take your pick.

What makes you think "law enforcement, three-/four-letter security agencies, hostile foreign powers, criminals" aren't already harvesting this exact same information? So long as a relay does its job as a relay, there's no way to know that it isn't also recording all the traffic.

The only reason this research project got shut out was because they were honest and public about what they were doing.

None of those other groups give two hoots about the Tor Project's ethical guidelines, and aren't likely to admit that they're running any relay or exit nodes, let alone what additional functionality has been added to them.

Apache says 'no' to Facebook code libraries


If your startup *uses* open source software, you're much better off with BSD / Apache


If your startup *sells* open source software, you're much better off with GPL

Err, I think you got that the wrong way round.

Copy-left (eg. the GPL) is all about ensuring freedom for the user of the software (to use, study, modify, and re-distribute), whereas permissive licenses (eg. BSD, Apache) are about maximising freedom for the developer - including the freedom to put limitations on the use of the software.

Feelin' safe and snug on Linux while the Windows world burns? Stop that


Re: about 12 per cent of servers run non-Windows OSs!?


That doesn't smell right at all.

Check the source, and the data set.

That 12% figure comes from Spiceworks, who provide server monitoring software. Server monitoring software which can only be installed on Windows.

So it's far more likely that what this particular statistic is actually indicating, is that Windows-centric companies use something other than Windows on 12% of their servers.

Amazon squares up to Walmart over boycott calls: Talk sh!t, get hit


Re: Wal-Mart has a long history of anti-competitive tactics.

you seem to have the apparently deluded impression that Amazon would be operating at a loss if not for their cloud business.

Amazon are well known for operating at near zero net profit as a whole. AWS provides a highly profitable business unit for the company - reportedly about 56% of the total operating income.

Without that direct source of income, Amazon would have two options:

1. Operate at a loss - which is a well-used tactic for well-funded businesses to attemt to drive out their competition (ie. not the product of delusions); or

2. Raise prices on other goods - in which case Amazon would become less competitive in the retail space, compared to its competition (eg. Walmart).

Linux kernel security gurus Grsecurity oust freeloaders from castle


Re: WindRiver?

However, you are not obliged to re-distribute

While this is technically correct, if a company sells devices which include the GrSecurity kernel patches, then that is re-distribution, and they are therefore obliged to provide the source code to any recipient who requests it.

GrSecurity could be well within their contractual rights to cancel that company's subscription to their future patches, but the alternative is for the company to be in violation of the GPL, and lose any right to redistribute the Linux kernel at all.

So if GrSecurity do take that position, then the only legally tenable use for their patches that I can see, are for hosted services where the machines in question never leave the control of organisations with direct GrSecurity contracts.

Pure Silicon Valley: Medium asks $5 a month for absolutely nothing



This is effectively the same model as Patreon (a site which allows content creators to accept subscription donations from their audience), but implemented themselves, rather than relying on a third-party.

Patreon really does seem to work for people who produce quality content. However, whether it would work for an organisation as large in size, or as general in scope, as Medium is more doubtful.

Effort to fire Euro Patent Office president beaten back – again


Sleeping with the Battistelli

If the situation is so bad, why are the ordinary staff still working there? Can't they quit? Is the EPO also immune to constructive dismissal suits?

I'd love to see how he and his management cronies would cope with having to do all the actual work themselves, or trying to find replacements skilled and willing (and uninformed) enough to take up the jobs.

Rap for chat app chaps: Snap's shares are a joke – and a crap one at that


Anyway, trading is absolutely nothing like gambling in a casino. For a start, just because you don't understand why prices for some asset or instrument move in a particular way, it doesn't follow that it's done to nothing more than pure luck.

It's maybe a more apt comparison than you give credit for. For example, even roulette wheels are governed by the laws of physics, and just because you can't calculate all the physical interactions of the ball and wheel during a spin, doesn't mean that the end result is pure chance.

With all the independent actors in the financial markets, all doing their own thing with their own thoughts, it is more or less impossible to predict what is going to happen in any one stock, any more than it is to predict where the roulette ball will land. Unless, that is, you are already in a position to control enough of the variables yourself.

Facebook scoffed at $500m damages. Now Oculus faces nerd goggles injunction


Re: Why VR is doomed to be nothing more than a Niche within a Niche

I'll put it in simple terms... ANYTHING which makes the user look silly is historically doomed to failure.

I would agree with you, but I remember a time when people looked at you funny for walking down the street talking to yourself. But now, I see people doing that every day, and talking hands-free on your mobile is simply something that people do now.

Fatal flaws in ten pacemakers make for Denial of Life attacks


Re: I see a market here

Seriously though when are manufacturers going to realise that there is an expected minimum in the products that they design ?

As soon as there is a legally enforcible expected minimum, which won't happen until someone in power is affected. Fortunately, people in power tend to be older, so are more likely to have a need for such devices, and so be affected by these vulnerabilities.

No matter who becomes US president, America's tech giants are going to be quids in


Re: How do bandits make out?

I have a picture in my head of a couple of bad hombres tongue wrestling. Is this another British usage that doesn't cross the pond very well?

Apparently not. At least Merriam Webster lists it as a US idiom: http://www.merriam-webster.com/dictionary/make%20out%20like%20a%20bandit.

Euro politicians are hyping the terror threat to steal your privacy


Privacy is a basic right in European law. It is not in US law. In the US, companies cannot access their customers email addresses. ...

I don't understand the above quote, at all. ...

If you replace the second "US" with "EU" it makes sense, so I assume it's a typo on someone's part.

Mozilla tells Firefox OS devs to fork off if they want to chase open web apps vision


Re: so they want to continue gecko..

but last I heard anyway the future of firefox browser is the engine that runs on chrome ??

Err, I don't know where you heard that, but it's nonsense. Maybe you read it on April 1st?

AFAICT, the future of Firefox is some kind of Gecko/Servo hybrid, as there are already Servo features and code making their way into Firefox.

Apple killed OS X today and binned its $10,000 BlingWatch too


Re: Sorry pedants, your time has come to an end.

So is the new name pronounced "macos" or "mac O S"?

Hollywood offers Daniel Craig $150m to (slash wrists) play James Bond


You're a spy, Harry

Upon first reading the headline, my brain got Daniel Craig mixed up with Daniel Radcliffe.

Chubby Chinese students refused top bunk


Re: High BMI not necessarily blimp

Can't really beat simple "pinch tests" to give a quick & easy estimate of actual flabbiness, simple way to detect someone false flagged by flawed BMI.

For use in such situations, I would hereby like to officially coin the term:

"False flabbed".

Having offended everyone else in the world, Linus Torvalds calls own lawyers a 'nasty festering disease'


Re: So?

These sweary Linus rants have popped up in Linux news occasionally since the beginning, we never see the background messages or much of the provocation behind them.

He's got a point about Lawyering up over problems, sometimes its akin to getting your neighbour locked up for letting his dog crap on your lawn when it could be sorted out amicably.

It's the same thing though: You don't hear about the GPL infringements which are wrapped up amicably, because publicising it is generally not in the interests of either party, and not really interesting enough to make the news. So you only hear about those that don't cooperate, and miss out on the background messages and provocation, and assume that the lawyers have gone straight to the courts.


Re: So, to sum up...

I would guess that Bradley Kuhn is trying to become some sort of an important "High Priest" in the community. Having them too involved is a risk hardly worth taking, easily poisonous indeed.

If you don't attempt to enforce the GPL, then you may as well have used the BSD license in the first place. Some people might be fine with that outcome (eg. permissive license proponents), but for the GPL to have any practical meaning in the real world, someone has to bring the legal actions necessary to hold to account those who breach the terms of the license.

Whatever you might think of their personal motives (and I, having followed these issues for many years, think you're completely wrong), Bradley Kuhn and the SFC are doing the dirty, apparently thankless, job that no-one else seems to want to do.

Sex ban IT man loses appeal – but judge labels order 'unpoliceable'


Re: downvote here

Precrime doesn't exist yet.

Actualy, yes, it does. However, it doesn't appear to be working too well as of yet: Chicago’s predictive policing tool just failed a major test

VMware shipped public key with its Photon OS-for-containers


A private key is an identity, and indeed that should be kept secret.

A public key can be used to remotely access a server, for those with the right private key.

So in this case, a particular public key was automatically deployed to every virtual machine created using the VM image they distributed. That essentially means that, since VMWare was the holder of the private key, they had backdoor (or undisclosed front-door, if you prefer) access into every installation of Photon OS, by default.

Bit of an oopsie.

How the HTTPS-snooping, email addy and SSN-raiding HEIST JavaScript code works


Re: "HEIST requires ... the victim to have enabled ... third-party cookies."

Sadly, and as noted in the article, 3rd party cookies are *still* enabled by default in most browsers. And most people don't know their browsers have options, let alone what they should set them to. So the default setting abides for most users.

Which is a good thing, of course, because without third-party cookies being enabled, advertising revenue might be affected in some way to some extent, and therefore the interwebs will implode and the terrorists will have won. Is that what you want?

West country cops ponder appearance of 40 dead pigeons on A35


Oi've got a brand new pigeon harvester

My first thought was that the birds were trapped/roosting in some farm machinery, unknown to the driver, who then took it out on the road. After a while the driver hears some funny noises, pulls over, checks the contents of the hopper (feathers, feed, and perhaps some distressed survivors who fly away), and dumps the remains before trundling away from the scene.

AFAIK, churning things around, and dropping them down at regular intervals is well within the purview of farm machinery.

Chatbot lawyer shreds $2.5m in parking tickets


Automated Interface

If it follows a set procedure, with a fixed set of outcomes, then it's not an AI, it's just an algorithm.

AFAICT this is pretty much the same kind of thing as the government's "register to vote" website, which similarly just automates the process of filling out and sending a form. Except in this case it's being called a "bot", because reasons.

Watch as SpaceX's latest Falcon rocket burns then crashes



For the purist, yes I know rockets are always loaded with a slight deficit of oxidiser, so if the tanks are run bone dry, there's no chance of spraying pure oxygen on white hot engine parts and setting them on fire. This is why Elon Musk said they ran out of oxygen rather than fuel.

Ah, good explanation! I was wondering why, after running out of fuel, it went KABOOM rather than just THUNK.

Voter registration site collapse proves genius of GDS, says minister


We'll get back to you

In fact, many of the voters who were panicked into entering their details last week had already been registered.

I'm not surprised by this. I registered about a month ago via the gov site. The resultant emails said I would be contacted by my local authority once I had been registered, or if they needed more information.

Never heard a peep from anyone.

But at least my council were responsive when I later (aka close to the deadline) emailed them asking about my status.

This is how the EU's supreme court is stripping EU citizens of copyright protections


If you write "Don't steal things", and then a few hundred pages later on write "Well, just on special occasions you can steal things", then you are in contravention, even though you definitely did write "don't steal things" at the start.

Well now, legally speaking, it depends on how one defines "steal" and "things". And possibly "don't".

Get outta here, officer, you don't need a warrant to track people by their phones – appeals court


You are free to do as we tell you

"For the Court has long held that an individual enjoys no Fourth Amendment protection 'in information he voluntarily turns over to [a] third part[y]'," the judges said in their ruling.

Can it really be considered "voluntary", if the alternative is essentially cutting yourself off from a large part of modern life?

These days, to many segments of society, it seems somewhat akin to cutting yourself off from the electric grid, and going back to cooking beans with a bicycle-powered hair dryer.

Bitcoin to be hammered – in an auction, that is


Re: Duh

However, it would be a strong optimist who bids so close to market value.

IIRC, bitcoin prices recently went up ~21% in a short time. That's a lot. Very easily, an auction "winner" can turn into a financial loser if the market price undergoes a correction.

SWIFT CEO promises security improvements


Re: SWIFT is guilty of...

The facts are known; the hacking came from INSIDE THE BANK, not inside SWIFT.

This is true, however a similar stance could be (and likely was, in many cases) also taken by consumer banks when phishing became common: Those hacks came from the *user*, not from the *bank*; ergo, it's the user's problem.

But just because it's "user error" didn't stop many (most? all?) consumer banks from improving their procedures and processes to require additional confirmation (eg. 2FA) when such questionable or unexpected transactions are encountered.

They DO need to modernize in order to continue to be a trusted money middleman, when all the banks could develop another system to replace their service. Perhaps with a distributed system that works in a modern way; B2B.

Indeed! If an inter-bank consensus can be reached for implementing a transaction blockchain, SWIFT could very well find itself on borrowed time - existing only to serve the dwindling number of banks which have not yet migrated to the shared blockchain.

FBI's Tor pedo torpedoes torpedoed by United States judge


Re: A legal work around?

pulling a small image file from their servers while posting the machines MAC address to the server

1. MAC addresses are not included in HTTP requests

2. Browsers do not offer MAC address information to websites

3. Tor acts as a local network proxy, so the browser wouldn't know what MAC address was being used

4. MAC addresses are arbitrary and can be changed on a whim by the user

The FBI already owned the server in question, so they already had all the information normal browser usage divulges.

Grab your Hammer pants – it's the '90s again: Facebook brings Virtual Reality back


"Nostalgia is the most toxic impulse"

Back in 1995, the public had no exposure to 3D computer graphics, except in the cinema

Tosh! We 1993-era Brits got to experience the (thankfully short-lived) televisual wonderment that was: Cyberzone!



Bundling ZFS and Linux is impossible says Richard Stallman


Re: Stallman is a loon

I don't know if he's a loon, but as far as I know, he's not a lawyer. So while his opinion is sure interesting - it's not a legal opinion, and apparently, lawyers disagree.

Except the last time we heard about this issue was when some Free-software specialist lawyers claimed that Canonical's lawyers were wrong in their interpretation: http://www.theregister.co.uk/2016/02/26/canonical_in_zfsonlinux_gpl_violation_spat/

So *some* lawyers disagree, where as some *other* lawyers agree. Sky is blue, bears catholic, etc.

FBI: Er, no, we won't reveal how we unmask and torpedo Tor pedos


Re: I know that pattern.

That's just TCP. They've used a very roundabout way to say their software establishes a quick TCP connection.

If it's just TCP, and they apparently use the least number of packets needed to perform the operation, doesn't that imply that the connection was entirely unencrypted?

So doesn't that mean that there's no real way for the FBI to guarantee that those connections had not been interfered with en-route?

Web ads are reading my keystrokes and I can’t even spel propperlie


Real-time massaging

now I won’t have the chance to correct it before it gets read. So my friends and family can look forward to real-time messages from me

Oh, I don't think you have to worry. I'm sure your family will continue to only receive the final - edited - message.

The only people who will see the initial drafts are Facebook. And by extension; their advertising partners, and *their* advertising partners, and the insurance companies, and the credit checking agencies, and the security services, and the police, and the government, and your local council's bin-watchers.

But probably not your family, so you'll be okay.

Mozilla burns Firefox on old Androids


Re: Tab Groups

Also, when restarting Firefox, only the active tab in each window is fetched. REALLY cuts down on bandwidth and thrashing.

I don't know if it's TreeStyleTab, or a setting I tweaked yonks ago, but my Firefoxes (Iceweasels) only load the tab contents the first time you actually view that tab. So there's no bandwidth thrashing unless you manually get it to reload all tabs.

I do remember Firefox doing what you describe at one point, but that was a long time ago now.

With Facebook shafted, India now belongs to Google


Your delivery of Internet is on its way!

Don't forget that Facebook/Internet.org also have their own Internet-by-drone project - using actual high-altitude drones, rather than RC quadcopters as the term is commonly understood. And I think they were also playing with satellites as well?

Neither of these projects have been shot down, and both are more directly comparable to Google's Project Loon, as all these projects are about providing generic Internet access, rather than piggy-backing on existing, but slow, mobile infrastructure.

Canonical accused of violating GPL with ZFS-in-Ubuntu 16.04 plan


Re: Bugger these obstructionist troublemakers

What Oracle has to do with it ? They can release their code under any license they want or do not release at all, end of the story.

Except it's not Oracle that would be distributing the combined/derivative work. It's Canonical.

By the SFC's reasoning (which, having read, I am inclined to agree with) Canonical would need to either infringe the GPLv2 by distributing the Linux kernel under CDDL, or infringe the CDDL by distributing ZFS under GPLv2.

Oracle don't like having their copyrights infringed.

Bomb hoax server hoster reportedly cuffed in France


Re: Pushing it ? Why ?

If he's not actually logging anything useful, then why refuse to hand over the keys ?

Are you sure he was asked for the keys to the server?

El Reg says "decryption keys for his computer", which usually means his personal computer. If it were the server's keys in question, IME articles would usually describe it as "decryption keys for the server".

Women devs – want your pull requests accepted? Just don't tell anyone you're a girl


Re: Peer review

This is a phenomenon that's already well researched in the area of recruitment. When it comes down to a close-call decision, men favour male candidates and women favour females.

The last report I saw indicated that both male and female managers preferred hiring men for STEM roles.

Here's an article from '14: http://www.eetimes.com/document.asp?doc_id=1321681.

Uber rebrands to the sound of whalesong confusion


Call a spade a shovel

driver on demand app thingy Uber

It's just a taxi-dispatch agency, isn't it?

A RAT and a spammer both avoid the slammer


Re: Going soft?

The punishments were likely proportional because:

1) Nobody in government was affected, and

2) No large corporation had their copyrights infringed.