* Posts by 142

295 publicly visible posts • joined 26 Oct 2010


Russian hacktivists vow mass attacks against EU elections


Re: ha

In EU: Currently pay rougly that for rock-solid 1000/100.

How Apple Wi-Fi Positioning System can be abused to track people around the globe


> The point of this article is that, for this new capability, this risk-control option has NOT been provided by Apple.

I would contend that the risk control is most appropriately provided by the people responsible for the broadcasting, as mentioned in the second half of the article.


If it's a statically located router, this issue is essentially spurious. Basically it allows someone to say "oh, there is a wifi access point in this house", and absolutely nothing else.

It's only an issue when the access point moves e.g. for travel routers, or for people who have relocated to be in hiding, etc.

OpenAI slapped with GDPR complaint: How do you correct your work?


Before you even start using ChatGPT, you're presented with the following, clearly and unambiguously presented, in bold:

> Check your facts

> While we have safeguards, ChatGPT may give you inaccurate information. It’s not intended to give advice.

And then, for every query you make, you are typing directly above the following warning:

> ChatGPT can make mistakes. Consider checking important information.

JetBrains' unremovable AI assistant meets irresistible outcry


It does nothing of the sort!

You have to actively enable, subscribe, and pay them a fortune for the f'n thing before it does anything.

These complaints are beyond deranged.

It's akin to being afraid you're going to find yourself locked on a cruise ship just because the shopping mall you go to added a travel agent...

Nearly 200 Boeing 737 MAX 9 airplanes grounded after door plug flies off mid-flight


Re: Cockpit voice recorder

They don't want the CVR to establish the cause, but rather they're concerned because they suspect (based on testimony so far from the pilots and flight attendants) that severe in-plane communication breakdowns occurred due to the noise and chaos, that may have led to additional potentially dangerous situations if the incident was subtly different.

The tapes would allow them to analyse the nature of the comms, and develop recommendations for procedure changes in these scenarios, etc.

Irony alert: Lawsuit alleging Chrome’s Incognito Mode isn’t will settle on unknown terms


Re: I'm shocked!

> literally everything about the way that feature is implemented and marketed by Google in Chrome seems designed to make the user think that it is truly private

What version of chrome are you using?

Every newly created incognito tab has a full-window message that clearly states that the people who use your device won't be able to see what you've visited, but that your activity will be visible to "websites you visit, your school, or your ISP". It's had that for a decade. Possibly even since it the feature was added.


Firefox slow to load YouTube? Just another front in Google's war on ad blockers


> Yes, I know I could pay for Youtube Premium, but it costs a lot, and from what I've been told, creators don't get as much as they would if you watched ads.

No - that's not the case at all. It's the opposite in fact, and drastically so. 50% of your subscription goes to the creators of the viewers you watch. You'd have to watch an absolutely absurd number of videos in a month (literally in the thousands) for that cut to be outweighed by the income the creator would have got from ads.

Even in niches where advertisers are throwing stupid money at ad slots, like videos targeted at kids or affiliate marketing tutorials, someone would need to watch 500 videos-per-month before ads would be better for the creator.

Control Altman delete: OpenAI fires CEO, chairman quits


Re: Scandalous revelations coming out in 3...2...1

> 1) Even more loss-making than we thought?

Certainly possible

> 2) Even bigger illegal data grab than we thought?

I can't see that being the case. They clearly are leaning on the argument that training is equivalent to data-mining thereby giving them that fair-use carve out. And there is no feasible data grab bigger than what they've already publicly acknowledged - they have said they trained on the entire internet.

> 3) There is more truth to the analysis that GPT4 performs worse than GPT3.5 than we thought?

That's definitely no longer true with gpt4 turbo. It's pretty damn capable.

> 4) Sam Altman knew all this time about the fundamental issue with transformers, the core of LLMs, being incapable of ever becoming intelligent, as Google research revealed this week?

I don't see that being a major issue: you bypass that limitation by linking LLMs with different approaches, and there really isn't that much preventing OpenAI from doing so.

> 5) Something more mundane such as lying about his actual remuneration?

Certainly possible.

> 6) An office affair?

Possible, but would it have been phrased like that?

I can't help but notice how the board talk in the statement about protecting the company's mission. I wonder was there a severe undeclared conflict of interest.

This legit Android app turned into mic-snooping malware – and Google missed it


Re: Pulling an app form the store will do nothing

They used to remotely remove apps back in the early Android days: https://android-developers.googleblog.com/2010/06/exercising-our-remote-application.html?m=1

They invoked that in 2010 and 2011 for similar malware to this incident, though I can't find a more recent case. Perhaps they just rely on Google Play Protect's more traditional virus scanner approach.

I remember the remote deletion being an extremely controversial move at the time... Heh. Have a read of the comments here:


Too big to live, too loved to die: Big Tech's billion dollar curse of the free


Re: GMail ensures users are logged into their Google account when they access the web

You still can install it local only during a cold install. It requires a little gymnastics with the network connection, but you can make the local install button appear eventually.

Ad blockers struggle under Chrome's new rules


Re: Advertising weary?

> Big sites could probably do something similar to bigger YouTube channels and actively search out sponsors for ads within videos.

The interesting thing to take from YouTube is that it's not just the big channels.

The sponsors are generally more enthusiastic about buying slots on smaller, niche channels, as viewers generally trust the small channels more.

The same should hold for smaller websites.

Brave, DuckDuckGo to unplug Google's AMP where possible


Re: Do know evil.

It was competitive pressure.

AMP, for all its privacy flaws, at the time was dramatically better in performance than the lethargic news publishers were capable of themselves.

Google's comment (added as an update to the article) about load time isn't an exaggeration - it went from dozens of seconds for a typical major news site to load on mobile, to about 2 or 3 seconds. News sites were forced to use it if they wanted to compete, due to their own ineptitude.

It stopped being an issue some years ago, of course, as publishers and their ad networks eventually copped on to themselves. But at the time, it was a major factor.

OVHcloud datacenter 'lacked' automatic fire extinguishers, electrical cutoff


> electric arcs of more than one meter

> "electric arcs of more than one meter around the exterior door of the energy room"

You need an awful lot of volts to make a 1+ metre arc...

Apologetic Audacity rewrites privacy policy after 'significant lapse in communication'


Re: Let's take the following at face value...

They do state elsewhere in the document that the only data now transmitted/stored is the ip address for auto-update requests, which isn't included in the linux builds, and can be disabled in the windows one.

It should be relatively trivial to verify if this is the case.

I have absolutely no confidence they won't pull more bullshit again next week, but it does seem that at least for now, it's a reasonable rollback.

AWS launches BugBust contest: Help fix a $100m problem for a $12 tshirt


Re: Avoidance

For a change, not this time!

It's not Amazon's software that's being fixed. It's their customers' own software.

They're just encouraging their customers' staff to use AWS-powered tools for bugfixing their codebase, and throwing hats and tshirts at them if they do.

The Audacity: Audio tool finds new and exciting ways to annoy contributors with a Contributor License Agreement


Frankly, I think a much more likely outcome is that a new, better, open source audio editing program comes to the fore, rather than a successful fork.

Audacity's good, but it's not that great.

Apple announces lossless HD audio at no extra cost, then Amazon Music does too. The ball is now in Spotify's court


Re: Can you tell the difference?

If you get no joy from the infernal retailer, try and see if you can boost 6kHz on the TV's eq. It might help even if the rest of the freq response is awful.

A quite severe and narrow notch that develops at that frequency in people's hearing responses as they get older tends to be the one most related to speech intelligibility differences vs younger people. (Without enough 6kHz, things like 's' and 'f' sound the same, etc).


Re: Since it is lossless

It won't be convenient, but yes.

This doesn't seem to be MQA-based, so there's no bullshit going on. It's just straight up lossless. So if you're on a Mac, just ensure Apple Music's output is at -0dBFS, and use loopback software like audiohijack or soundflower to route the audio into audacity or something, being sure to match the sample rates.


Re: Yay!

Depending on when the original digital remaster was, there's a decent chance the masters are actually stored at 24bit in a record company vault somewhere. For quite some time now, they tend to be printed at both resolutions during mastering, even if the record company doesn't release the 24bit or SACD versions.

But in the Apple Music context, they won't be converting anything. On the highest tier, you'll get the highest res available for a given album, if that happens to just be CD quality, that, sadly is all you'll be provided. This is how the other providers handle this.


Re: Yay!

Going from analogue source medium to analogue storage medium is way worse, to an absolutely comical degree.

I guarantee any half-trained ear will hear the degradation between the analogue master tape source and any analogue storage medium it's put on.

I wouldn't bet on any mastering engineer I've ever worked with reliably telling the difference between an analogue tape source and a playback of a 96kHz/24bit digital recording of that tape, in an A:B.

Yes. Records often sound better than their digital counterparts. But that's down to idiocy by record labels. It's got nothing to do with digital conversion.

Microsoft's Edge browser for Linux hits the Beta Channel ... if you're into that kind of thing


It really is a shame. There were some very nice aspects to the Edge rendering engine, before they abandoned it and switched to Chromium..

Twilio's private GitHub repositories cloned by Codecov attacker, cloud comms platform confirms


Jesus H...

See title.

CD Projekt Red 'EPICALLY pwned': Cyberpunk 2077 dev publishes ransom note after company systems encrypted


Re: I reckon they are taking the right approach based on the article.

There was a completely separate cyberpunk multiplayer game. If the source code for that has been leaked, that will be a major problem for that game's progress.

Putting the d'oh! in Adobe: 'Years of photos' permanently wiped from iPhones, iPads by bad Lightroom app update


> I only learned very recently that even three copies isn't enough. Lost five years of data.


Care to share any more details from your tale of woe? What went so wrong that that happened you?

Have I Been Pwned to go open source – 10bn credentials, not so much, says creator Hunt


Re: Huh, does it log searches?

> I always wondered about entering your personal info on a site like this

It does require trust, but I think you can usually tell by how they talk about the potential issues. This guy's always been open about that worry, and it's always been clear he actually understands people's concerns in that respect.

HIBP's policy:

> When you search for an email address

> Searching for an email address only ever retrieves the address from storage then returns it in the response, the searched address is never explicitly stored anywhere. See the Logging section below for situations in which it may be implicitly stored.

> Logging

> Only the bare minimum logs required to keep the service operational and combat malicious activity are stored. This includes transient web server logs, logging of unhandled exceptions using Raygun, Google Analytics to assess usage patterns and Application Insights for performance metrics. These logs may include information entered into a form by the user, browser headers such as the user agent string and in some cases, the user's IP address.

Ok, you still have to trust him that's true, but I've met plenty of people who would gleefully hoard people's data, and they'd never in a million years phrase their lies like that.

It's when they talk vaguely, or that dismiss concerns outright that I'm wary of. I don't even have to go looking into that Genderify outfit to know their privacy statements would have been meaningless waffle, exaggerated promises, or doublespeak...

Ardour goes harder: v6.0 brings 'huge engineering changes' to open-source digital audio workstation


Professional graphics folk can easily import any jpeg they want to help them with layout, etc... it's a core part of the workflow for many. E.g. designers build with low quality placeholder images, and replace with the high quality licensed version once they've been purchased and cleared.

Software doesn't handhold them and forbid them from doing so just because someone might use one in final output to the client. They're treated as adults and are trusted that they know what they're doing.


It's not about whether you can hear the difference between MP3 and Lossless. It's always blindingly obvious.

But you're assuming your use case applies to everyone, and that the reference is always being used for the fine details.

It never really should be for most mixing and especially recording contexts.

Once you get down to the fine detail, what's happening on reference track X has absolutely no real bearing on the track you're working on. You just end up chasing shadows if you chase that while you're recording. The differences in context between the two songs far, far out weigh the accuracy lost by using an MP3 as your comparison.

It's bigger picture calls that references are usually most useful for, at least in my experience, and for that an MP3 will always work. If the artist gives me a 128 mp3, then fine! 128 mp3 it is.

Similarly, if I'm using a temp track for overdubbing, why do I care about the fine details in quality? It doesn't make a blind bit of difference - again, the accuracy lost is outweighed by the fact the mix balance is going to change - so again, if it effects my recording judgement slightly it doesn't matter.

Would I request an MP3? No. But similar to the guy arguing back in 2012, I'm not going to push it back at a client either, unless it's actually being used in the output.


> MP3 import and export is now fully supported – the developers were formerly opposed to MP3 import because it is a lossy format and not intended for this use

Jesus H Fucking Christ. That was absolutely infuriating thread to read. The attitude and complete disconnect from actual real world workflows is jawdropping.

In 15+ years, I don't think I've worked a single day where I didn't have to drag in an mp3 at some point for some reference or temp purpose.

No wonder Ardour has gained absolutely zero traction in the music world if it took 8 years to relent.

For the devs here, imagine if Microsoft forcibly prevented you from pasting text that came from outside your Visual Studio project, because "copying and pasting code leads to poor quality", and if you really need to do it for some reason, you can type it all in manually as a workaround.

It's that utterly insane.

It wasn't just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victims


Re: Just to point out

> the information included the CVV, which I think means that Easyjet are not PCI DSS compliant.

That depends on if they were stolen from Easyjet's systems. Speculation appears to be that it was malicious code inserted into the website that siphoned off the details client-side.

I've seen things you people wouldn't believe. Black hole quasar tsunamis moving at 46 million miles per hour


Re: Mindboggingly fast

46 million miles an hour is about 770 thousand per minute and 12800 per second.

So it's about half a second or so per earth diameter.

I'm not sure if this makes it any more comprehensible. Nor if this makes it more amenable to El Reg units.

'An issue of survival': Why Mozilla welcomes EU attempts to regulate the internet giants


Re: We really need Firefox alive

On quite a few of these CSS3 issues, it's that Firefox adheres to the actual CSS spec, but the spec is an ass. Chrome and several others deviate from the spec with proprietary undocumented cludges, that give behaviour that's much more intuitive, and makes FF look "broken" in contrast. Certainly this is the case with a lot of Flexbox oddness, not as certain about grid.

Worked on a site recently where I just relented that it will look different on FF and Chrome... I didn't have the energy to franken-div it.

Eco-activists arrested by Brit cops after threatening to close Heathrow with drones


There was no danger to life in the manner they chose to go about this: informing days in advance that the drones would be there, which gives sufficient time not only to close the runways, but to rebook passengers. It's massively disruptive, yes, but not dangerous. Hence the public nuisance charges, not terrorism or similar.

WTF is Boeing on? Not just customer databases lying around on the web. 787 jetliner code, too, security bugs and all


Re: They could stream flight info to the passenger info system, one way through an opto-isolater.

This was my thinking as well. All Boeing has to say was: "the connection is a one way data stream, through opto-isolators", and they would have stopped the concern about this in its tracks. That they're not saying it means they're clearly doing nothing of the sort.

Firm fat-fingered G Suite and deleted its data, so it escalated its support ticket to a lawsuit


Re: I call BS!

This is the kind of thing that can happen with a misconfigured mail client. The mails were most likely being copied elsewhere, like an old forgotten outlook express, but without the deletions on Gmail being properly mirrored, and then suddenly resync'd for some reason. I've seen this kind of thing happen a few times... It's an absolute pain in the ass to tidy up, as you found.


Re: So...

> Accept the delete request, lock the account, and put a stay on final execution for a month or two.

If anything, that covers Google's ass in case they have screwed up authentication at their own end, and accepted an invalid delete request.


Re: surely there must have been multiple "are you sure/are you really sure/you...

They didn't necessarily actively "delete" the account.

I'm not sure about Gsuite specifically, but these sort of linked accounts can end up orphaned or mangled in certain edge-cases, such as removing the wrong user, etc. especially at smaller scales where it may have evolved from someone's personal account.

UK taxman falls foul of GDPR, agrees to wipe 5 million voice recordings used to make biometric IDs


Re: WTF?

> It is hardly beyond the wit of Big Blackhat to commission a system which, when spoken to in one voice, repeats the same words down the phone in another

It's not outside the wit of a small blackhat, either. That'd be easy with consumer software.

One would hope they have a secondary system to listen for the hallmarks of modified/synthesised speech, but why am I skeptical?

Naming your company 101: Probably best not to have the word 'Oracle' anywhere near branding


> If such a change isn't made, then the adjudicator, who was in this case Susan Eaves, will determine a new company name.

Section 73(4) of the Companies Act...

Do any business/trademark lawyers here have any examples of what names adjudicators have chosen when it's gotten this far?

I wasn't having luck finding any on Google.

Google's stunning plan to avoid apps slurping Gmail inboxes: Charge devs for security audits


Re: When will using GMail (or any Google Service...)...

There are plenty of alternatives, but it's clunky to use the multiple alternative services together, in the way you need to do to replicate what you get with Google's integrated services. And you also have to find the good alternatives, because half of them are like moving to Gimp from Photoshop. Google's consumer facing services (if you ignore their Docs stuff, perhaps), "just work".

Now, I'm not saying we shouldn't ditch Google entirely - I'm in the process myself - but it's annoying to do so once you've got used to them. And people don't generally voluntarily do things that annoy them.


Re: So paying for a sticker takes the curse off ?

Devs aren't expected to pay Google in this model - they pay the auditors.

The fee listed in the article is simply a de facto price for getting approved, because there are only a couple of auditors approved.

So Google can certainly decide to fuck over either the customer or the developer at their complete discretion, without worrying about audit-related refunds or income streams.

Things that make you go .hm... Has a piece of the internet just sunk into the ocean? It appears so


Re: .UK or .GB??

Oh, they complained alright, but couldn't propose a solution.

Given the unusual collection of territories competing in the team, there's no accurate name for the organisation without it being about 40 characters long...

Furious Apple revokes Facebook's enty app cert after Zuck's crew abused it to slurp private data


Re: other developers pulling this stunt would have had their App Store apps banned too.

I suspect they thought of it.

I wonder will we get to the point that Apple kick FB to touch once and for all.

It would be very Apple to kill a feature their users view as sacrosanct, and yet somehow increase sales.

Mark Zuckerberg did everything in his power to avoid Facebook becoming the next MySpace – but forgot one crucial detail…


Re: Is this libel?

No. Facebook have given away any chance of that by going back on their previous categorical statements, meaning they either lied before, or they're lying now.

UK.gov is not being advised by Google. Repeat. It is not being advised by Google


A lot of probably justified cynicism here.

But I think it's possibly slightly misdirected.

Hassabis has never appeared like a Google drone. He's kept DeepMind as something of a rogue entity within Alphabet, and he's refused to take on other roles in Google.

He's taken this role as an honour (the guy's "for king and country" in a 1930s sense) and for DeepMind. I very much doubt he's pushing Google messaging in these meetings as such.

Whether this is better or worse, I'm not sure. DeepMind's is a hell of a lot more unnerving in the long term than mainstream Google.

Facebook suspends, investigates CubeYou, another data-harvester


Re: It's as if...

> If that is all they got, someone in their propaganda operations should be sacked. I would have expected them to have ~ 95%+ of profiles in line with what Zuk has confessed to as "accessed by one or more bots".

That's somewhat apples and oranges:

The stuff that CA got is from people who were tricked into giving them permission, via the "personality testing app" stuff, so they got huge amounts of detailed info on those 80 million people.

The bots FB describe for the 95% figure were different: There were just auto searching based off phone numbers and email addresses, and so were essentially just scraping info the user had already chosen to make public.

I suspect FB put out the "95% of public info was accessed by bots" thing to cloud the issue, and take people's focus off the more serious fuckery.

FYI: There's now an AI app that generates convincing fake smut vids using celebs' faces


Re: It's one way to get it watched

Actually, a great use case here is to make homemade porn with your partner, and use this to faceswap your faces out with someone else's, rather than, say wearing masks or whatnot.

Netflix US Twitter account hacked


Re: "Not enabled 2FA" ???? FFS ?

SMS-based 2FA relies on the user's messages being secure. This isn't always the case. Some phone networks allow you to send and receive SMSs through their website, for example. So if the hackers get on there first, 2FA no longer matters.

Drops the mic... Hang on, hackers could be listening through my headphones?


Re: "take advantage of the physical properties of the connected equipment"

I'll agree there's little risk to the public from untargeted malware and scams.

But for more targeted attacks, especially corporate focused ones, it would be very useful.