Posts by Detective Emil

About Apple's proposal

Apple's scheme [PDF] took care to address many of the issues raised by other posters. In particular, it was designed to have no impact on any aspect of end-to-end encryption. However, its Achilles heel/Trojan horse was that it flagged only images matching a pre-cooked list of hashes of CSAM image hashes provided by some external agency. The independence of any such an agency would be open to question: hashes for anything considered unacceptable for any reason could potentially be crowbarred in by authorities. A review, before alerting the authorities, by (unfortunate) Apple personnel of the images causing the threshold to be exceeded on a particular device, was proposed as a backstop. But nevertheless … Apple has in the past deferred to authorities in a variety of markets in a variety of situations.

As for the on-device detection of nudity in photos a child's about to share or receive, that's already there in Anglo-Saxon-type markets only (if enabled by a parent who has got around to setting up a family group).

"On-device auctions"

Oh, great. So Google thinks it has the right to run my battery down to preserve my privacy (from third parties, anyway — I'll bet it's written itself an exception).

Mitigates against bugs like Spectre and Meltdown??

How can Pluton, a hardware root of trust, protect against hardware shortcomings thar result in information leakage from branch prediction, or a race condition that discloses protected memory contents, either of which can be exploited from unprivileged code?

[Yes, I know: if Pluton is used to allow only approved and signed applications to run, as on iOS. But Microsoft has never managed to retrofit that model into Windows.]

Nice drafting

Congratulations to the US and the UK on producing a joint statement that mentions none of the following: GDPR, EU, adequacy, Max Schrems …

"Things" fall apart; the server can't be polled

Some industry sources [suggested] the regulations [could] set a standard that was too high or costly for IoT device importers and vendors to meet.

Oh, good. No possibility of buying crap that hardly interoperates now, and won't operate at all in the future.

Because of stuff like this [New York Times], I'm very wary of security advice from spying organizations — among which I number Google.

Please, Sir …

What's LoRa?

Where's the problem?

If supply-chain difficulties mean you can't get end-point kit that needs networking, then you won't need networking kit in a hurry. So everything's fine!

Mine's the one with the cable tester in the pocket.

And it costs … ?

€14.99 a month for us mainlanders. I'd rather spend that on ==>

Here's that PiHole list

From GitHub. Samsung's list of no-no addresses is the longest by aome way.

_My_ glass is half empty

I do hope that this does not spur FB to bulldoze through a "fix" to DNS that just happens to serve its interests at the expense of everybody else's (cf. Google's AMP).

I'm for it!

Giving tax breaks to telcos always works out well.

Add a pinch of salt

IDC is the outfit that predicted Windows Phone would outsell iPhone. [Wired]

I hold no brief for Sonos*, but …

… as El Reg itself reported, they did, after months of withering fire, stop remotely bricking trade-ins.

* Indeed, as an early customer for seven of their Things, I won't be buying anything else from them.

I hold no brief for SOAS graduates, but …

Some of this lot surely have some understanding of something.

Irony alert

A privacy-preserving device promoted using a video on YouTube.

TTFN?

Totally Too Favored Nation?

"… allies … like Criteo, NextRoll, Magnite, and RTB House"

I've never heard of these outfits and will do all I can to prevent them from hearing much of me.

Bolton [said] "There is never a circumstance where satellite … should be subsidized …"

Well, he would, wouldn't he?

If you want to block (some of them) by hand:

You can find most of the culprits' destination domains in the reasonably-frequently-updated NextDNS CNAME Cloaking Blocklist on GitHub, and add them to the blocklist of your choice.

Compared to a colonoscopy …

… I can say from personal experience of both procedures that mailing off a self-collected stool sample is greatly to be preferred.

[Apple & Google] have been on the record as saying that the UK app … is a world first

Citation needed [Gratuitous promo for XKCD merch]. I have not been able to find any.

NIC?

AFAICT, those devices that have a USB-C port do not have NIC behind it — if ther were, the datasheet should mention, or more likely, crow about it. Seems to me that this would be an obvious thing to do, because it would allow a connected laptop to use a single cable for power and network.

FaceBook, champion of small business

Like the fine, this particular case is a drop in the bucket.

Triple-F?

Well, I know what 4-F means, but Triple-F has got me beaten.

Like a creepy uncle

Don't you just hate those matey messages from Windows 10? Where I live, I also have to put up with them tutoyer-ing and duzen-ing me.