Posts by 142

Re: Pulling an app form the store will do nothing

They used to remotely remove apps back in the early Android days: https://android-developers.googleblog.com/2010/06/exercising-our-remote-application.html?m=1

They invoked that in 2010 and 2011 for similar malware to this incident, though I can't find a more recent case. Perhaps they just rely on Google Play Protect's more traditional virus scanner approach.

I remember the remote deletion being an extremely controversial move at the time... Heh. Have a read of the comments here:

https://forums.theregister.com/forum/all/2010/06/24/google_lifts_two_apps_from_android/

Re: GMail ensures users are logged into their Google account when they access the web

You still can install it local only during a cold install. It requires a little gymnastics with the network connection, but you can make the local install button appear eventually.

Re: Advertising weary?

> Big sites could probably do something similar to bigger YouTube channels and actively search out sponsors for ads within videos.

The interesting thing to take from YouTube is that it's not just the big channels.

The sponsors are generally more enthusiastic about buying slots on smaller, niche channels, as viewers generally trust the small channels more.

The same should hold for smaller websites.

Re: Do know evil.

It was competitive pressure.

AMP, for all its privacy flaws, at the time was dramatically better in performance than the lethargic news publishers were capable of themselves.

Google's comment (added as an update to the article) about load time isn't an exaggeration - it went from dozens of seconds for a typical major news site to load on mobile, to about 2 or 3 seconds. News sites were forced to use it if they wanted to compete, due to their own ineptitude.

It stopped being an issue some years ago, of course, as publishers and their ad networks eventually copped on to themselves. But at the time, it was a major factor.

Re: Let's take the following at face value...

They do state elsewhere in the document that the only data now transmitted/stored is the ip address for auto-update requests, which isn't included in the linux builds, and can be disabled in the windows one.

It should be relatively trivial to verify if this is the case.

I have absolutely no confidence they won't pull more bullshit again next week, but it does seem that at least for now, it's a reasonable rollback.

Re: Avoidance

For a change, not this time!

It's not Amazon's software that's being fixed. It's their customers' own software.

They're just encouraging their customers' staff to use AWS-powered tools for bugfixing their codebase, and throwing hats and tshirts at them if they do.

Frankly, I think a much more likely outcome is that a new, better, open source audio editing program comes to the fore, rather than a successful fork.

Audacity's good, but it's not that great.

Re: Can you tell the difference?

If you get no joy from the infernal retailer, try and see if you can boost 6kHz on the TV's eq. It might help even if the rest of the freq response is awful.

A quite severe and narrow notch that develops at that frequency in people's hearing responses as they get older tends to be the one most related to speech intelligibility differences vs younger people. (Without enough 6kHz, things like 's' and 'f' sound the same, etc).

It really is a shame. There were some very nice aspects to the Edge rendering engine, before they abandoned it and switched to Chromium..

Re: I reckon they are taking the right approach based on the article.

There was a completely separate cyberpunk multiplayer game. If the source code for that has been leaked, that will be a major problem for that game's progress.

> I only learned very recently that even three copies isn't enough. Lost five years of data.

Eeek.

Care to share any more details from your tale of woe? What went so wrong that that happened you?

Re: Huh, does it log searches?

> I always wondered about entering your personal info on a site like this

It does require trust, but I think you can usually tell by how they talk about the potential issues. This guy's always been open about that worry, and it's always been clear he actually understands people's concerns in that respect.

HIBP's policy:

> When you search for an email address

> Searching for an email address only ever retrieves the address from storage then returns it in the response, the searched address is never explicitly stored anywhere. See the Logging section below for situations in which it may be implicitly stored.

> Logging

> Only the bare minimum logs required to keep the service operational and combat malicious activity are stored. This includes transient web server logs, logging of unhandled exceptions using Raygun, Google Analytics to assess usage patterns and Application Insights for performance metrics. These logs may include information entered into a form by the user, browser headers such as the user agent string and in some cases, the user's IP address.

Ok, you still have to trust him that's true, but I've met plenty of people who would gleefully hoard people's data, and they'd never in a million years phrase their lies like that.

It's when they talk vaguely, or that dismiss concerns outright that I'm wary of. I don't even have to go looking into that Genderify outfit to know their privacy statements would have been meaningless waffle, exaggerated promises, or doublespeak...

Professional graphics folk can easily import any jpeg they want to help them with layout, etc... it's a core part of the workflow for many. E.g. designers build with low quality placeholder images, and replace with the high quality licensed version once they've been purchased and cleared.

Software doesn't handhold them and forbid them from doing so just because someone might use one in final output to the client. They're treated as adults and are trusted that they know what they're doing.

Re: Just to point out

> the information included the CVV, which I think means that Easyjet are not PCI DSS compliant.

That depends on if they were stolen from Easyjet's systems. Speculation appears to be that it was malicious code inserted into the website that siphoned off the details client-side.

Re: We really need Firefox alive

On quite a few of these CSS3 issues, it's that Firefox adheres to the actual CSS spec, but the spec is an ass. Chrome and several others deviate from the spec with proprietary undocumented cludges, that give behaviour that's much more intuitive, and makes FF look "broken" in contrast. Certainly this is the case with a lot of Flexbox oddness, not as certain about grid.

Worked on a site recently where I just relented that it will look different on FF and Chrome... I didn't have the energy to franken-div it.

There was no danger to life in the manner they chose to go about this: informing days in advance that the drones would be there, which gives sufficient time not only to close the runways, but to rebook passengers. It's massively disruptive, yes, but not dangerous. Hence the public nuisance charges, not terrorism or similar.

Re: They could stream flight info to the passenger info system, one way through an opto-isolater.

This was my thinking as well. All Boeing has to say was: "the connection is a one way data stream, through opto-isolators", and they would have stopped the concern about this in its tracks. That they're not saying it means they're clearly doing nothing of the sort.

Re: I call BS!

This is the kind of thing that can happen with a misconfigured mail client. The mails were most likely being copied elsewhere, like an old forgotten outlook express, but without the deletions on Gmail being properly mirrored, and then suddenly resync'd for some reason. I've seen this kind of thing happen a few times... It's an absolute pain in the ass to tidy up, as you found.

Re: WTF?

> It is hardly beyond the wit of Big Blackhat to commission a system which, when spoken to in one voice, repeats the same words down the phone in another

It's not outside the wit of a small blackhat, either. That'd be easy with consumer software.

One would hope they have a secondary system to listen for the hallmarks of modified/synthesised speech, but why am I skeptical?

Re: When will using GMail (or any Google Service...)...

There are plenty of alternatives, but it's clunky to use the multiple alternative services together, in the way you need to do to replicate what you get with Google's integrated services. And you also have to find the good alternatives, because half of them are like moving to Gimp from Photoshop. Google's consumer facing services (if you ignore their Docs stuff, perhaps), "just work".

Now, I'm not saying we shouldn't ditch Google entirely - I'm in the process myself - but it's annoying to do so once you've got used to them. And people don't generally voluntarily do things that annoy them.

Re: .UK or .GB??

Oh, they complained alright, but couldn't propose a solution.

Given the unusual collection of territories competing in the team, there's no accurate name for the organisation without it being about 40 characters long...

Re: other developers pulling this stunt would have had their App Store apps banned too.

I suspect they thought of it.

I wonder will we get to the point that Apple kick FB to touch once and for all.

It would be very Apple to kill a feature their users view as sacrosanct, and yet somehow increase sales.

Re: Is this libel?

No. Facebook have given away any chance of that by going back on their previous categorical statements, meaning they either lied before, or they're lying now.

Re: It's as if...

> If that is all they got, someone in their propaganda operations should be sacked. I would have expected them to have ~ 95%+ of profiles in line with what Zuk has confessed to as "accessed by one or more bots".

That's somewhat apples and oranges:

The stuff that CA got is from people who were tricked into giving them permission, via the "personality testing app" stuff, so they got huge amounts of detailed info on those 80 million people.

The bots FB describe for the 95% figure were different: There were just auto searching based off phone numbers and email addresses, and so were essentially just scraping info the user had already chosen to make public.

I suspect FB put out the "95% of public info was accessed by bots" thing to cloud the issue, and take people's focus off the more serious fuckery.

Re: It's one way to get it watched

Actually, a great use case here is to make homemade porn with your partner, and use this to faceswap your faces out with someone else's, rather than, say wearing masks or whatnot.

Re: "Not enabled 2FA" ???? FFS ?

SMS-based 2FA relies on the user's messages being secure. This isn't always the case. Some phone networks allow you to send and receive SMSs through their website, for example. So if the hackers get on there first, 2FA no longer matters.

Re: "take advantage of the physical properties of the connected equipment"

I'll agree there's little risk to the public from untargeted malware and scams.

But for more targeted attacks, especially corporate focused ones, it would be very useful.

You can get exemptions, though they require masses of proof and paperwork.

Re: From across the pond

Edit: Sorry Brandon, I missed your mention of "moving to Ireland". The following instead refers to setting up in Ireland for tax, but still working from the US, but I'll leave the comment up. Guus has answered your question accurately.

-------

Corporation tax *RATE* isn't necessarily the main draw for companies to solely use Ireland for tax purposes. It's a draw for companies to use Ireland as a genuine base, but those doing it exclusively for tax are using it for a different reason than the rate.

Rather, it's traditionally been due to weird incompatibility between Us and Irish/EU tax and IP licensing laws. In particular, different views on who should be taxed for income generated in different jurisdictions, which can be played off each other to say neither the US nor Ireland have any reason to deserve the tax.

These loopholes are slowly getting closed, so you may have missed the boat, but it would have been potentially a viable tactic for you, depending on the nature of your contracting work, had you considered this a few years ago. You'd want to have had substantial income though to cover the costs of the tax lawyers to set it up, as you'll need a couple of Irish companies.

As mentioned, you'll get hit for US tax when it gets repatriated, but if you only take a small fraction of your income back to the US to live off, and use the rest to buy tropical islands, then you're probably ok. Apple has billions upon billions in Ireland or Irish linked companies that it can't repatriate to its shareholders, due to the tax bill it will get. You would be in a similar boat.

Re: Gong

Yes. He was given an OBE by King George in 1945 for "Secret Wartime Service in the Foreign Office".

The details of why he got it were, of course, not made public.

An interesting anecdotes here, in relation to how he handled the title: http://www.bbc.co.uk/news/technology-18541715

Re: I wish I...

But you will do if you licence your work rather than working for hire.

Re: "a 32-bit DAC, part of a burgeoning partnership with Bang & Olufsen"

> useless, in double-blind A/B comparisons (that was for 24-bit versus 16-bit).

Not really in this context.

Whilst this is absolutely true in controlled circumstances, with calibrated sound levels, you need 24 bit converters for these sort of applications (or at least 20bit).

At 16 bits on a consumer output like this, with different headphone iimpedances and different use cases and gain structures, it's very easy to encounter a situation where you'll clearly hear the dither/quantisation noise. You quickly end up in a situation where you're only using 13 bits, rather than the full sixteen available.

That out of the way... As for 32bit. That's insanity, if it's PCM. I had thought it was physically impossible to produce measurable results from a 32bit DAC at these sort of voltages.

Re: it seems pretty easy to get all of these things mixed up

Yeah. It's an absolute pain. I'm sure for people who are using Google's ad backend regularly, it's becomes clear, but for someone who just has a couple of monetised vids, and places an ad or two it's an absolute mess. And I'm used to dealing with complex systems.

It's like they've made no effort to distinguish sections relating to ads you host and ads you're paying for. *Never the twain should meet!*

Re: EJ

EJ definitely does like *racing*, whatever about liking cars as such. He was a former F3 and F2 driver, and (according to wiki) a McLaren tester, before being a team boss.

I wonder if they're using him the right way? I didn't watch much of him on the new Top Gear, but there should be plenty of scope for hilarious stories based on the old pro running rings around the new guys, especially if they got their hands on some old F3 cars from the 70s.