* Posts by 142

286 publicly visible posts • joined 26 Oct 2010


This legit Android app turned into mic-snooping malware – and Google missed it


Re: Pulling an app form the store will do nothing

They used to remotely remove apps back in the early Android days: https://android-developers.googleblog.com/2010/06/exercising-our-remote-application.html?m=1

They invoked that in 2010 and 2011 for similar malware to this incident, though I can't find a more recent case. Perhaps they just rely on Google Play Protect's more traditional virus scanner approach.

I remember the remote deletion being an extremely controversial move at the time... Heh. Have a read of the comments here:


Too big to live, too loved to die: Big Tech's billion dollar curse of the free


Re: GMail ensures users are logged into their Google account when they access the web

You still can install it local only during a cold install. It requires a little gymnastics with the network connection, but you can make the local install button appear eventually.

Ad blockers struggle under Chrome's new rules


Re: Advertising weary?

> Big sites could probably do something similar to bigger YouTube channels and actively search out sponsors for ads within videos.

The interesting thing to take from YouTube is that it's not just the big channels.

The sponsors are generally more enthusiastic about buying slots on smaller, niche channels, as viewers generally trust the small channels more.

The same should hold for smaller websites.

Brave, DuckDuckGo to unplug Google's AMP where possible


Re: Do know evil.

It was competitive pressure.

AMP, for all its privacy flaws, at the time was dramatically better in performance than the lethargic news publishers were capable of themselves.

Google's comment (added as an update to the article) about load time isn't an exaggeration - it went from dozens of seconds for a typical major news site to load on mobile, to about 2 or 3 seconds. News sites were forced to use it if they wanted to compete, due to their own ineptitude.

It stopped being an issue some years ago, of course, as publishers and their ad networks eventually copped on to themselves. But at the time, it was a major factor.

OVHcloud datacenter 'lacked' automatic fire extinguishers, electrical cutoff


> electric arcs of more than one meter

> "electric arcs of more than one meter around the exterior door of the energy room"

You need an awful lot of volts to make a 1+ metre arc...

Apologetic Audacity rewrites privacy policy after 'significant lapse in communication'


Re: Let's take the following at face value...

They do state elsewhere in the document that the only data now transmitted/stored is the ip address for auto-update requests, which isn't included in the linux builds, and can be disabled in the windows one.

It should be relatively trivial to verify if this is the case.

I have absolutely no confidence they won't pull more bullshit again next week, but it does seem that at least for now, it's a reasonable rollback.

AWS launches BugBust contest: Help fix a $100m problem for a $12 tshirt


Re: Avoidance

For a change, not this time!

It's not Amazon's software that's being fixed. It's their customers' own software.

They're just encouraging their customers' staff to use AWS-powered tools for bugfixing their codebase, and throwing hats and tshirts at them if they do.

The Audacity: Audio tool finds new and exciting ways to annoy contributors with a Contributor License Agreement


Frankly, I think a much more likely outcome is that a new, better, open source audio editing program comes to the fore, rather than a successful fork.

Audacity's good, but it's not that great.

Apple announces lossless HD audio at no extra cost, then Amazon Music does too. The ball is now in Spotify's court


Re: Can you tell the difference?

If you get no joy from the infernal retailer, try and see if you can boost 6kHz on the TV's eq. It might help even if the rest of the freq response is awful.

A quite severe and narrow notch that develops at that frequency in people's hearing responses as they get older tends to be the one most related to speech intelligibility differences vs younger people. (Without enough 6kHz, things like 's' and 'f' sound the same, etc).


Re: Since it is lossless

It won't be convenient, but yes.

This doesn't seem to be MQA-based, so there's no bullshit going on. It's just straight up lossless. So if you're on a Mac, just ensure Apple Music's output is at -0dBFS, and use loopback software like audiohijack or soundflower to route the audio into audacity or something, being sure to match the sample rates.


Re: Yay!

Depending on when the original digital remaster was, there's a decent chance the masters are actually stored at 24bit in a record company vault somewhere. For quite some time now, they tend to be printed at both resolutions during mastering, even if the record company doesn't release the 24bit or SACD versions.

But in the Apple Music context, they won't be converting anything. On the highest tier, you'll get the highest res available for a given album, if that happens to just be CD quality, that, sadly is all you'll be provided. This is how the other providers handle this.


Re: Yay!

Going from analogue source medium to analogue storage medium is way worse, to an absolutely comical degree.

I guarantee any half-trained ear will hear the degradation between the analogue master tape source and any analogue storage medium it's put on.

I wouldn't bet on any mastering engineer I've ever worked with reliably telling the difference between an analogue tape source and a playback of a 96kHz/24bit digital recording of that tape, in an A:B.

Yes. Records often sound better than their digital counterparts. But that's down to idiocy by record labels. It's got nothing to do with digital conversion.

Microsoft's Edge browser for Linux hits the Beta Channel ... if you're into that kind of thing


It really is a shame. There were some very nice aspects to the Edge rendering engine, before they abandoned it and switched to Chromium..

Twilio's private GitHub repositories cloned by Codecov attacker, cloud comms platform confirms


Jesus H...

See title.

CD Projekt Red 'EPICALLY pwned': Cyberpunk 2077 dev publishes ransom note after company systems encrypted


Re: I reckon they are taking the right approach based on the article.

There was a completely separate cyberpunk multiplayer game. If the source code for that has been leaked, that will be a major problem for that game's progress.

Putting the d'oh! in Adobe: 'Years of photos' permanently wiped from iPhones, iPads by bad Lightroom app update


> I only learned very recently that even three copies isn't enough. Lost five years of data.


Care to share any more details from your tale of woe? What went so wrong that that happened you?

Have I Been Pwned to go open source – 10bn credentials, not so much, says creator Hunt


Re: Huh, does it log searches?

> I always wondered about entering your personal info on a site like this

It does require trust, but I think you can usually tell by how they talk about the potential issues. This guy's always been open about that worry, and it's always been clear he actually understands people's concerns in that respect.

HIBP's policy:

> When you search for an email address

> Searching for an email address only ever retrieves the address from storage then returns it in the response, the searched address is never explicitly stored anywhere. See the Logging section below for situations in which it may be implicitly stored.

> Logging

> Only the bare minimum logs required to keep the service operational and combat malicious activity are stored. This includes transient web server logs, logging of unhandled exceptions using Raygun, Google Analytics to assess usage patterns and Application Insights for performance metrics. These logs may include information entered into a form by the user, browser headers such as the user agent string and in some cases, the user's IP address.

Ok, you still have to trust him that's true, but I've met plenty of people who would gleefully hoard people's data, and they'd never in a million years phrase their lies like that.

It's when they talk vaguely, or that dismiss concerns outright that I'm wary of. I don't even have to go looking into that Genderify outfit to know their privacy statements would have been meaningless waffle, exaggerated promises, or doublespeak...

Ardour goes harder: v6.0 brings 'huge engineering changes' to open-source digital audio workstation


Professional graphics folk can easily import any jpeg they want to help them with layout, etc... it's a core part of the workflow for many. E.g. designers build with low quality placeholder images, and replace with the high quality licensed version once they've been purchased and cleared.

Software doesn't handhold them and forbid them from doing so just because someone might use one in final output to the client. They're treated as adults and are trusted that they know what they're doing.


It's not about whether you can hear the difference between MP3 and Lossless. It's always blindingly obvious.

But you're assuming your use case applies to everyone, and that the reference is always being used for the fine details.

It never really should be for most mixing and especially recording contexts.

Once you get down to the fine detail, what's happening on reference track X has absolutely no real bearing on the track you're working on. You just end up chasing shadows if you chase that while you're recording. The differences in context between the two songs far, far out weigh the accuracy lost by using an MP3 as your comparison.

It's bigger picture calls that references are usually most useful for, at least in my experience, and for that an MP3 will always work. If the artist gives me a 128 mp3, then fine! 128 mp3 it is.

Similarly, if I'm using a temp track for overdubbing, why do I care about the fine details in quality? It doesn't make a blind bit of difference - again, the accuracy lost is outweighed by the fact the mix balance is going to change - so again, if it effects my recording judgement slightly it doesn't matter.

Would I request an MP3? No. But similar to the guy arguing back in 2012, I'm not going to push it back at a client either, unless it's actually being used in the output.


> MP3 import and export is now fully supported – the developers were formerly opposed to MP3 import because it is a lossy format and not intended for this use

Jesus H Fucking Christ. That was absolutely infuriating thread to read. The attitude and complete disconnect from actual real world workflows is jawdropping.

In 15+ years, I don't think I've worked a single day where I didn't have to drag in an mp3 at some point for some reference or temp purpose.

No wonder Ardour has gained absolutely zero traction in the music world if it took 8 years to relent.

For the devs here, imagine if Microsoft forcibly prevented you from pasting text that came from outside your Visual Studio project, because "copying and pasting code leads to poor quality", and if you really need to do it for some reason, you can type it all in manually as a workaround.

It's that utterly insane.

It wasn't just a few credit cards: Entire travel itineraries were stolen by hackers, Easyjet now tells victims


Re: Just to point out

> the information included the CVV, which I think means that Easyjet are not PCI DSS compliant.

That depends on if they were stolen from Easyjet's systems. Speculation appears to be that it was malicious code inserted into the website that siphoned off the details client-side.

I've seen things you people wouldn't believe. Black hole quasar tsunamis moving at 46 million miles per hour


Re: Mindboggingly fast

46 million miles an hour is about 770 thousand per minute and 12800 per second.

So it's about half a second or so per earth diameter.

I'm not sure if this makes it any more comprehensible. Nor if this makes it more amenable to El Reg units.

'An issue of survival': Why Mozilla welcomes EU attempts to regulate the internet giants


Re: We really need Firefox alive

On quite a few of these CSS3 issues, it's that Firefox adheres to the actual CSS spec, but the spec is an ass. Chrome and several others deviate from the spec with proprietary undocumented cludges, that give behaviour that's much more intuitive, and makes FF look "broken" in contrast. Certainly this is the case with a lot of Flexbox oddness, not as certain about grid.

Worked on a site recently where I just relented that it will look different on FF and Chrome... I didn't have the energy to franken-div it.

Eco-activists arrested by Brit cops after threatening to close Heathrow with drones


There was no danger to life in the manner they chose to go about this: informing days in advance that the drones would be there, which gives sufficient time not only to close the runways, but to rebook passengers. It's massively disruptive, yes, but not dangerous. Hence the public nuisance charges, not terrorism or similar.

WTF is Boeing on? Not just customer databases lying around on the web. 787 jetliner code, too, security bugs and all


Re: They could stream flight info to the passenger info system, one way through an opto-isolater.

This was my thinking as well. All Boeing has to say was: "the connection is a one way data stream, through opto-isolators", and they would have stopped the concern about this in its tracks. That they're not saying it means they're clearly doing nothing of the sort.

Firm fat-fingered G Suite and deleted its data, so it escalated its support ticket to a lawsuit


Re: I call BS!

This is the kind of thing that can happen with a misconfigured mail client. The mails were most likely being copied elsewhere, like an old forgotten outlook express, but without the deletions on Gmail being properly mirrored, and then suddenly resync'd for some reason. I've seen this kind of thing happen a few times... It's an absolute pain in the ass to tidy up, as you found.


Re: So...

> Accept the delete request, lock the account, and put a stay on final execution for a month or two.

If anything, that covers Google's ass in case they have screwed up authentication at their own end, and accepted an invalid delete request.


Re: surely there must have been multiple "are you sure/are you really sure/you...

They didn't necessarily actively "delete" the account.

I'm not sure about Gsuite specifically, but these sort of linked accounts can end up orphaned or mangled in certain edge-cases, such as removing the wrong user, etc. especially at smaller scales where it may have evolved from someone's personal account.

UK taxman falls foul of GDPR, agrees to wipe 5 million voice recordings used to make biometric IDs


Re: WTF?

> It is hardly beyond the wit of Big Blackhat to commission a system which, when spoken to in one voice, repeats the same words down the phone in another

It's not outside the wit of a small blackhat, either. That'd be easy with consumer software.

One would hope they have a secondary system to listen for the hallmarks of modified/synthesised speech, but why am I skeptical?

Naming your company 101: Probably best not to have the word 'Oracle' anywhere near branding


> If such a change isn't made, then the adjudicator, who was in this case Susan Eaves, will determine a new company name.

Section 73(4) of the Companies Act...

Do any business/trademark lawyers here have any examples of what names adjudicators have chosen when it's gotten this far?

I wasn't having luck finding any on Google.

Google's stunning plan to avoid apps slurping Gmail inboxes: Charge devs for security audits


Re: When will using GMail (or any Google Service...)...

There are plenty of alternatives, but it's clunky to use the multiple alternative services together, in the way you need to do to replicate what you get with Google's integrated services. And you also have to find the good alternatives, because half of them are like moving to Gimp from Photoshop. Google's consumer facing services (if you ignore their Docs stuff, perhaps), "just work".

Now, I'm not saying we shouldn't ditch Google entirely - I'm in the process myself - but it's annoying to do so once you've got used to them. And people don't generally voluntarily do things that annoy them.


Re: So paying for a sticker takes the curse off ?

Devs aren't expected to pay Google in this model - they pay the auditors.

The fee listed in the article is simply a de facto price for getting approved, because there are only a couple of auditors approved.

So Google can certainly decide to fuck over either the customer or the developer at their complete discretion, without worrying about audit-related refunds or income streams.

Things that make you go .hm... Has a piece of the internet just sunk into the ocean? It appears so


Re: .UK or .GB??

Oh, they complained alright, but couldn't propose a solution.

Given the unusual collection of territories competing in the team, there's no accurate name for the organisation without it being about 40 characters long...

Furious Apple revokes Facebook's enty app cert after Zuck's crew abused it to slurp private data


Re: other developers pulling this stunt would have had their App Store apps banned too.

I suspect they thought of it.

I wonder will we get to the point that Apple kick FB to touch once and for all.

It would be very Apple to kill a feature their users view as sacrosanct, and yet somehow increase sales.

Mark Zuckerberg did everything in his power to avoid Facebook becoming the next MySpace – but forgot one crucial detail…


Re: Is this libel?

No. Facebook have given away any chance of that by going back on their previous categorical statements, meaning they either lied before, or they're lying now.

UK.gov is not being advised by Google. Repeat. It is not being advised by Google


A lot of probably justified cynicism here.

But I think it's possibly slightly misdirected.

Hassabis has never appeared like a Google drone. He's kept DeepMind as something of a rogue entity within Alphabet, and he's refused to take on other roles in Google.

He's taken this role as an honour (the guy's "for king and country" in a 1930s sense) and for DeepMind. I very much doubt he's pushing Google messaging in these meetings as such.

Whether this is better or worse, I'm not sure. DeepMind's is a hell of a lot more unnerving in the long term than mainstream Google.

Facebook suspends, investigates CubeYou, another data-harvester


Re: It's as if...

> If that is all they got, someone in their propaganda operations should be sacked. I would have expected them to have ~ 95%+ of profiles in line with what Zuk has confessed to as "accessed by one or more bots".

That's somewhat apples and oranges:

The stuff that CA got is from people who were tricked into giving them permission, via the "personality testing app" stuff, so they got huge amounts of detailed info on those 80 million people.

The bots FB describe for the 95% figure were different: There were just auto searching based off phone numbers and email addresses, and so were essentially just scraping info the user had already chosen to make public.

I suspect FB put out the "95% of public info was accessed by bots" thing to cloud the issue, and take people's focus off the more serious fuckery.

FYI: There's now an AI app that generates convincing fake smut vids using celebs' faces


Re: It's one way to get it watched

Actually, a great use case here is to make homemade porn with your partner, and use this to faceswap your faces out with someone else's, rather than, say wearing masks or whatnot.

Netflix US Twitter account hacked


Re: "Not enabled 2FA" ???? FFS ?

SMS-based 2FA relies on the user's messages being secure. This isn't always the case. Some phone networks allow you to send and receive SMSs through their website, for example. So if the hackers get on there first, 2FA no longer matters.

Drops the mic... Hang on, hackers could be listening through my headphones?


Re: "take advantage of the physical properties of the connected equipment"

I'll agree there's little risk to the public from untargeted malware and scams.

But for more targeted attacks, especially corporate focused ones, it would be very useful.

Missile tech helps boffins land drone on car moving at 50 km/h


You can get exemptions, though they require masses of proof and paperwork.

Trumped? Nope. Ireland to retain corporate tax advantage over the US


Re: From across the pond

Edit: Sorry Brandon, I missed your mention of "moving to Ireland". The following instead refers to setting up in Ireland for tax, but still working from the US, but I'll leave the comment up. Guus has answered your question accurately.


Corporation tax *RATE* isn't necessarily the main draw for companies to solely use Ireland for tax purposes. It's a draw for companies to use Ireland as a genuine base, but those doing it exclusively for tax are using it for a different reason than the rate.

Rather, it's traditionally been due to weird incompatibility between Us and Irish/EU tax and IP licensing laws. In particular, different views on who should be taxed for income generated in different jurisdictions, which can be played off each other to say neither the US nor Ireland have any reason to deserve the tax.

These loopholes are slowly getting closed, so you may have missed the boat, but it would have been potentially a viable tactic for you, depending on the nature of your contracting work, had you considered this a few years ago. You'd want to have had substantial income though to cover the costs of the tax lawyers to set it up, as you'll need a couple of Irish companies.

As mentioned, you'll get hit for US tax when it gets repatriated, but if you only take a small fraction of your income back to the US to live off, and use the rest to buy tropical islands, then you're probably ok. Apple has billions upon billions in Ireland or Irish linked companies that it can't repatriate to its shareholders, due to the tax bill it will get. You would be in a similar boat.

‘Alan Turing law’ to give posthumous pardons to 59,000 men for 'gross indecency'


Re: Gong

Yes. He was given an OBE by King George in 1945 for "Secret Wartime Service in the Foreign Office".

The details of why he got it were, of course, not made public.

An interesting anecdotes here, in relation to how he handled the title: http://www.bbc.co.uk/news/technology-18541715

Spinal Tap’s bass player sues former French sewer


Re: I wish I...

But you will do if you licence your work rather than working for hire.

LG’s V20 may be the phone of the year. So why the fsck can’t you buy it?


Re: "a 32-bit DAC, part of a burgeoning partnership with Bang & Olufsen"

> useless, in double-blind A/B comparisons (that was for 24-bit versus 16-bit).

Not really in this context.

Whilst this is absolutely true in controlled circumstances, with calibrated sound levels, you need 24 bit converters for these sort of applications (or at least 20bit).

At 16 bits on a consumer output like this, with different headphone iimpedances and different use cases and gain structures, it's very easy to encounter a situation where you'll clearly hear the dither/quantisation noise. You quickly end up in a situation where you're only using 13 bits, rather than the full sixteen available.

That out of the way... As for 32bit. That's insanity, if it's PCM. I had thought it was physically impossible to produce measurable results from a 32bit DAC at these sort of voltages.

Boy, 12, gets €100k bill from Google after confusing Adwords with Adsense


Re: it seems pretty easy to get all of these things mixed up

Yeah. It's an absolute pain. I'm sure for people who are using Google's ad backend regularly, it's becomes clear, but for someone who just has a couple of monetised vids, and places an ad or two it's an absolute mess. And I'm used to dealing with complex systems.

It's like they've made no effort to distinguish sections relating to ads you host and ads you're paying for. *Never the twain should meet!*

Matt LeBlanc handed £1.5m to front next two series of Top Gear


Re: EJ

EJ definitely does like *racing*, whatever about liking cars as such. He was a former F3 and F2 driver, and (according to wiki) a McLaren tester, before being a team boss.

I wonder if they're using him the right way? I didn't watch much of him on the new Top Gear, but there should be plenty of scope for hilarious stories based on the old pro running rings around the new guys, especially if they got their hands on some old F3 cars from the 70s.


Re: If it sells he'll be worth the money

Evans was sabotaged, by himself bottling it, the previous team refusing to adapt, or BBC management being idiots. Someone refused to change up the show, and I can't figure out which.

It was blindingly obvious that he was never going to work in a slow paced, wink-and-nod, show like Jeremy and co's Top Gear. He's just not that kind of presenter. He's the king of facepaced, chaotic shows.

Why he didn't transform it to his strengths, I'll never know. It would have been great, and it would have alienated plenty of people I'm sure, too! But at least it wouldn't have been that trainwreck!