* Posts by hayzoos

187 posts • joined 2 Jul 2014


On this most auspicious of days, we ask: How many sysadmins does it take to change a lightbulb?


Re: Demarcation

My dad's cousin was an "electrician" who had worked his way up to power plants and grids from residential, mines, and industrial systems. He said to never touch or go near any downed power line even if it wasn't sparking. He said there were many reasons from a self resetting "circuit breaker" to a "small" short on a high power line may not do much to the earth but plenty enough to make for a bad day for anybody unprotected approaching or touching such a line.

Just wanted to get that out there for safety. Unless you are trained and are protected for it, stay away from downed power lines!

Restoring your privacy costs money, which makes it a marker of class


Poison the well - so to speak

It seems to me the situation has reached the point where nothing you do can effectively prevent the slurpage. I was thinking that instead of trying to resist, try to obscure. Rather than giving up, give freely and give often. Try to become the 26, 30, 52, 40, 80, and 77 year old male and female white, black, blue, purple, and green unemployed self-sufficient retired woodworker, buggy whip maker, designer, theologian, CEO, capitalist, volunteer that follows .... you get the idea, I hope. You become everything and nothing. Your advertising profile becomes both distinctly identifiable yet anonymous. In effect, poison the well from which advertisers drink.

Linux Mint 20.2 is a bit more insistent about updating but not as annoying as Windows or Mac, team promises


Re: Linux Bloatware

That sounds like the typical 32 bit Windows configuration. The Core2 Quad processor is a 64 bit architecture and 4 core. I cannot recall with certainty but I think XP 32 was license limited to 2 cores. XP-64 was a rare beast, I have only supported two, it seemed a bit unpolished more like server with a sprinkling of desktop config and look and feel. My wife's Vista laptop was a 64 bit processor but 32 bit OS. I think there were a lot of compatibility rumors which caused a lot of 32 bit installs on 64 bit processors back then. The 2GB RAM capacity was quite common for that situation. Even early Win 7 saw a lot of 32 bit installs on 64 bit machines, but at least many had 4GB RAM installed. Many 32bit *nix of that timeframe would state 2GB max for 32 bit but Windows 32 bit would go 4GB with the right license. Server installs are a different beast.

2GB RAM is very limiting for a 64 bit configuration which is most likely the Mint installed. Trying to compare that configuration with 32 bit XP (it's RAM sweet spot 2GB to 4GB) to a 64 bit OS with what would be considered the low end RAM is an apples to oranges comparison.

My laptop started with Win 7 64bit and 8GB RAM and is now running Linux Mint 19.x 64bit. It is an Intel Core2 Duo (two cores) and Linux Mint is better on this config.

Google herds FLoC back to the lab for undisclosed post-third-party-cookie ad tech modifications


Re: Privacy XOR Targeted ads

Targeted ads mean more profits for ad companies. They are not going to kill their cash cow. Advertisers are being lied to on everything about targeted ads so ad companies can keep selling them.

Targeted ads are largely ineffective. So all this infrastructure to support targeted ads is waste. And the infrastructure is enormous and inefficient. It is implemented in such a way as to minimize the cost to the ad companies.

Just look at the explosion of javascript in web pages. How many CPU cycles are wasted in all the inefficient javascript barfed upon web browsers? How much energy is wasted producing those cycles? How much percentage of "making a living" time is required to pay for that energy to power the CPU to run the dungheap of javascript to support cesspool of targeted ads?

There are efforts underway to convince policymakers and lawmakers that the real evil is targeted ads and the explosion of privacy invasions is merely a symptom. Cure the illness and the symptoms go away.

Seek out one or more of those efforts and add your voice. Just don't google it, I prefer the duck side.

After 15 years and $500m, the US Navy decides it doesn't need shipboard railguns after all


Re: Sharks

That would be an excellent name for a rock band!

The PrintNightmare continues: Microsoft confirms presence of vulnerable code in all versions of Windows


Re: Why are the US programmers so bad?

It's a one piece of the puzzle type of thing. A print spool no matter how implemented must accept input from any user allowed to print, i.e. write access for the user. Because of how printing has evolved, some of the "printout" may contain code intended for the printer i.e. postscript and it's close cousin PDF which further expands upon the code "features". Now all this is intended for printer control, but feature creep has the printspooler meddling with the data stream for various purposes.

So, "modern printing" in the "age of the paperless office" is not as simple as it may seem.


Windows printing

It's been a while since I have supported a Windows network so my memory may be skewed.

I thought any Windows machine which had an application that required printing, would have to have the local print spooler active. Then any Windows machine which had a printer attached would have to have the print spooler active. And there was the possibility of a print server with no printers attached acting as a centralized print manager which had to have the print spooler active. Print spooler was active by default in a Windows installation.

Non-traditional printing such as generic print to file or more specifically print to pdf, ps, txt, nul, xyz, cia, nsa, kgb, or whatever format or actual destination was still printing and required the spooler. Even save as pdf in some instances was implemented through the printing mechanism.

Granted, the big prize is executing as system on a DC, and getting there in fewer steps is better understood and easier. But, executing as system on any domain member can get you the big prize with the right incantations.

Huawei dev flamed for 'useless' Linux kernel code contributions


More to the Story?

My gut instinct tells me there has to be something more to the story. The gist of the comments seem to agree that blowing up over housekeeping submits is not right. The clue is the KPI reference and mention of a 996 work culture. One possibility I can think of is that submits from the huawei domain upon analysis have become mostly small numerous comment corrections or the like unnecessarily broken up into smaller submits but spread out over time so as to be less noticeable but produce high counts for KPI. Inefficiency at it's finest driven by phbs. Each submit may require a minimum time for administrativa be it one typo fix or all.

Would-be password-killer FIDO Alliance aims to boost uptake with new UX guidelines


People don't see the need

Ransomware is the cybercrime du jour. FIDO does not solve that problem. The problem FIDO does solve is not scary enough for people to want take the effort to use it. This applies across the scale at the individual and enterprise levels. For the implementors, SMS is king. In the US banking industry, SMS is good enough for regulators so banks generally offer only SMS as 2-factor whilst it is required by many banks. Other industries use the banking industry as their comparison with most seeing themselves as not needing more security than a bank. The threat landscape would have to change for those viewpoints to change.

'Google is present at almost all levels of the supply chain' for online ads: It's time for a competition probe, says EU


Re: Be careful what you wish for

Exactly my thought on the article. Targeted advertising is damn near impossible to implement without running afoul of privacy laws. Keep in mind targeted advertising is being sold by marketers also know as salesmen in earlier vernacular. The best of them can "sell a refrigerator to an eskimo", average ones can sell bottled air to you or I. Targeted advertising is the defacto standard for online ads. Targeted ads are not worth the bits they are made of. I have never purchased anything due to an online ad. Yet the targeted ad industry is spying on our every move to have data to develop targeting for ads.

Spyware, trade-secret theft, and $30m in damages: How two online support partners spectacularly fell out


Smoke and mirrors

[24/7, it's claimed, maliciously disrupted LivePerson technology on the websites of customers, misrepresented data related to LivePerson's technology, services, and system performance to promote its own competing service, and "[injected] spyware into LivePerson’s databases, through unauthorized use of LivePerson’s copyrighted code, in order to gather information regarding the operation of LivePerson technology—presumably to reverse engineer LivePerson’s technology."

"Once 24/7’s live-interaction software has been installed on a website that also contains LivePerson’s technology, it appears that 24/7 improperly injects 'spyware' into LivePerson’s systems," the complaint states. "24/7’s spyware appears expressly designed to capture confidential and proprietary information and data regarding LivePerson’s technology and client relationships."]

I have my doubts that LivePerson's databases were breached as claimed. The unauthorized use of LivePerson's copyrighted code is also questionable but plausible. "Presumably to" weasel words alert! And "reverse engineer" is a valid legal means of deriving trade secrets, but should have been covered in the agreement specifically. It can also be hard to prove reverse engineering as a defense if one has access to said secrets. "Appears" twice mentioned in claims is also a weasel word.

I think most of the implementation was using javascript. Javascript which runs in the web browser in the context of the website but hosted by other servers. Something called cross-site scripting which used to be considered a security issue. Web browsers have little to no sandboxing of javascript coming from the site's domain or other domains referenced from the site's domain. It is trivial to mess with javascript in a browser session when your javascript is executing in the same session. If LivePerson's trade secrets are represented by this javascript then there is essentially no protection of the trade secret. While the javascript itself may be protected by copyright the methods it embodies are not. Patent protection is better suited for that situation. Trade secrets rely upon confidentiality agreements prior to revealing them. But if the trade secret is being revealed to any web browser visiting the clients' sites, then confidentiality is questionable.

I know precedents in other cases went the other way for trade secrets in similar circumstances. I wonder if the court understood the technology well enough to make the decision. Or, did LivePerson's lawyers put on a good show while 24/7's dropped the ball.

New York congressman puts forward federal right-to-repair bill


Good, but more

In a statement, Congressman Morelle said: "For too long, large corporations have hindered the progress of small business owners and everyday Americans by preventing them from the right to repair their own equipment.

"This common-sense legislation will help make technology repairs more accessible and affordable for items from cell phones to laptops to farm equipment, finally giving individuals the autonomy they deserve."

I support the effort, being a Mr. Fixit myself. A couple of points need to be made on the statements. They are not preventing us they are taking away from us. Thus, they will not be giving autonomy, but returning it.

In some categories, the access to parts just may not happen. Tools are available and reverse engineering provides the knowledge. But if a manufacturer never repairs themselves and only provides a replacement under warranty, then there may be no spare parts available, they may not have affordable tools to offer. The economics of simply not repairing but replacing under warranty may be more than offset by the profits of continual replacement of "disposable" out of warranty kit.

I think the effort needs to be more about discouraging making/designing more and more products to be disposable. This includes things that generally get recycled like cars, trucks, heavy equipment, farm equipment. It's not just about keeping things out of landfills, but also keeping more money in the wallets of the working class.

Dealing with the pandemic by drinking and swearing? Boffins say you're not alone


Re: The 5 rules of problematic drinking

1. Check.

2. Nope.

3. There is no wrong container, try again.

4. By my definition, 7-12 units a week, good here.

5. I could, but why?

I just don't see these criteria as a good measure.

Shall we ask the Scots, or Irish, or Germans, or Polish, or Russians? We may appear to be lightweights in their measure.

Oracle hits UK reseller with lawsuit for allegedly reselling grey market Sun hardware


Claiming trademark infringement

The fine point is Oracle claiming trademark infringement. First thought of solution would be to strip all the badges before resale. Except, what about the software bits? Software also enjoys copyright protections which could be leveraged to protect removal of trademark badges. If you think about it both hardware and more recently, and to a lesser extent, software can be protected by patents and do not forget about design patent. Patents could be leveraged also to protect removal of trademark badges. So the argument could be that the trademark badges are an integral part of the kit thanks to the software copyrights, design patents, software patents, and hardware patents. Therefore all that has to be won is the claim that the trademarks cannot be sold/resold in markets not allowed by the trademark IP holder.

Brilliant! I should patent that legal manoeuver.

Cloudflare offers $100,000 for prior art to nuke networking patents a troll has accused it of ripping off


Re: No free money for me here...

"Also, unless Cloudflare has gone into the router and switch hardware design business, it stretches credulity to suggest that they have implemented even a single one of all the claims in those patents. These are not things you do in software."

Is this not how new patents are created. There was the peak of taking an existing patent and adding "on a computer" and voila, new patent. Since that peak has passed now the key phrase is "implemented in software". A rising star these days is "in the cloud"

If I could only foresee the next magic phrase I could patent a new business method of creating new patents with it.

After all everything that will be invented has been already.

NASA’s getting really good at this flying a helicopter on Mars thing



Now all they have to do is command the rover in a particular path. Then command the aircraft to view the tracks. The pattern should read "Hello World".

Computer security world in mourning over death of Dan Kaminsky, aged 42


Wow - RIP - We lost a fine one.

Origami... in spaaaaace: Inflatable folded objects discovery brings new meaning to blowing up buildings


Vogons may have something to say about that

"Moreover, the reduction of gravitational force — and the absence of building regulations — in space would also facilitate the use of the new origami technology," Adriaenssens opined."

I expect they would be visited by a Vogon code enforcement officer. Oh the paperwork required. Origami without a permit, Building without a permit, Inflating without a permit ... So much poetry, so little time.

UK.gov wants mobile makers to declare death dates for their new devices from launch


Re: Finally!

I wish my smartphone had a barely touched Android. My last two phones were emergency replacements for the previous ones wearing out after 5+ years of use. Both had copious amounts of touch to Android by not only the manufacturer, but also the carrier. I have used extensive measures to get back to generic Android as closely as I can without breaking thinks. I have tried the custom ROM route also. It's my phone not your spy tool or ongoing revenue generator. I use a smartphone for a handful of particular apps I use for my revenue generation.

FCC urges Americans to run internet speed app to counter Big Cable's broadband data fudging


Simple solution to that. Do all your internet in your ISP's cloud then. The only things that will seem slow are, ah wait a minute. . .

Most of what I use is not on my ISP's network. I'm pretty sure I only visit my ISP's network to obtain my "paperless" bill. And, because I use a VPN because I don't trust my ISP's penchant to slurp (and I travel for work), I visit their network from outside their network. My speed tests are skewed because of that on a number of factors.


Don't forget about aerospace, self reporting and certification. What could go wrong?

Apple begins rejecting apps that use advertising SDKs for fingerprinting users


This is all just privacy theatre

A serious statement and policy on privacy would be "No Tracking, Period." Anything less is just there for show. Make the market believe we cherish privacy. Strike a compromise between diminishing the revenue stream of customers and the revenue stream of advertisers. Just because the revenue streams are tapped differently, doesn't mean they are not doing it.

And such is my opinion.

Yep, you're totally unique: That one very special user and their very special problem


I guess sometime during the era of Win7, laptop manufacturers decided Function keys (i.e. F1 through F12) which had also previously taken on randomized secondary functions such as WiFi toggle, brightness, "media" control, cupholder deployment, and more; that long traditional F# functions should be secondary instead. I found this out a few years ago after having been off the MS cartel merry-go-round for a half decade. I was required to utilized spreadsheet Mark X (or was it March 10th 1900?) on nearly out of support Win7 laptops. I was attempting to use F2 to edit the contents of a cell since this had worked back in the days preceeding the existence of F11 and F12. The primary function of that key is now to dim the brightness on nearly all of those laptops. I am gradually rectifying the situation by rebooting, entering BIOS Setup, and changing the default back to the traditional behaviour. Nobody else has even noticed the changes.

City of London Police warn against using ‘open science’ site Sci-Hub


Copyright is not

Copyright is not about making money on on Intellectual Property, in spite of what so many greedy highly profitable organizations peddling copyrighted work would have you believe.

Copyright grants the IP creator exclusive right to each and every copy of their IP work with a few specifically excluded fair use exceptions. The intent was to allow creative types to earn a living. Benefit to the public was creative works which may not be if the creator had to do something else to earn a living.

There is no requirement that a copy of copyrighted work be compensated monetarily. Lack of monetary compensation does not turn a copyrighted work into public domain.

Creative Commons licenses are for copyrighted works. In fact, CC licenses are not worth a damn without copyright. If Elsevier has in fact sold a copy of a CC non-comercial licenses work, they have committed a copyright violation. The seriousness of that violation is just as much as any violation they may claim somebody else has made by copying a copyrighted work licensed for monetary compensation.

Sci-Hub is acting like a Robin Hood, questionable means for a noble goal. Legally, wrong. Esevier is also using questionable means for a um..., goal. Potentially, legally wrong or just wrong. Two wrongs do not make a right, three lefts do.

1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?


You should be using a password manager that encrypts and decrypts passwords only on your own devices and only you have the decryption key (aka master password) with well vetted strong encryption. If that is the case, you should have no problem storing the encrypted passwords anywhere. You should even be able to post the encrypted passwords publicly. If not, you are using the wrong password manager.

The good ones will be warning you that if you lose the master password, you are screwed, since nobody will be able to decrypt.


Re: Bitwarden does not track

I checked this aspect out when I switched to Bitwarden. With this news, I re-examined the situation. I did change to the F-Droid build to avoid the third-party code.

Not the best solution for the masses though. I had no trouble switching to the F-Droid build. Too many steps and unfamiliar actions for the typical end-user.

I also rethought my initial assessment. I did not know Firebase. I did not know HockeyApp. Even though the Bitwarden app may only be using the push functionality of Firebase to sync the database... What else did Google embed in the push code?

HockeyApp for crash analytics, okay, I can understand the need to have data to improve the reliability. Bitwarden is built using Xamarin which is part of the open source .NET and also a subsidiary company of Microsoft. A healthy amount of skepticism will suspect HockeyApp of the same.

I think I will try pressuring the devs to consider replacing both. Firebase would be easier to replace since it is only a component. HockeyApp itself may only be a component, but how about Xamarin?

Why has my last "Hello World" program measured 10 MB, while the first only measured under 512 bytes?

UK dev loses ownership claim on forensic software he said he wrote in spare time and licensed to employer


Waters are muddier now

Believe it or not, my career experience here in the US is that independently produced IP is yours. An employer can object on competitive grounds. Granted my sampling may not represent the whole.

A few of my jobs were paid hourly, so "on company time" was clear cut. If I was not being paid for the time it was mine and so was any work or creation during that time unless I used employer's resources.

I worked salaried jobs as well. Most of it was not work from home. "On company time" was scheduled work hours even if an irregular schedule.

I did have some work from home or hotel or client site or on vacation (holiday). I only did work on vacation because I overlooked completing a report prior to leaving (I was in a hurry), had to VPN in to crunch a few numbers and generate the report. "On company time" becomes a bit less clear cut when you can work from anywhere at almost anytime and are salaried.

My current job is hourly and only a very small part of it can be work from home and only if I bring company equipment home to do it since I "don't do Windows". I have only done that once for 1/2 hour for my own convenience.

With the major shift towards WFH, another of the factors helping to determine what belongs to whom is going away.

I have tools I have created on my own time, using my own resources, some while salaried. I even used some for the job. Some are software tools, some are tangible tools. I see no difference, they are mine. I have never had something so substantial as to have an employer want to market it to their customers.

Even under the US career environment I have experienced, I think the forensic software would belong to the employer after hearing the overall circumstances.

Dev creeped out after he fired up Ubuntu VM on Azure, was immediately approached by Canonical sales rep


Good joke

"private linkedin account" hilarious, ROTFLMAO! Oh, wait he was being serious wasn't he?

Terraria dev cancels Stadia port after Google disabled his email account for three weeks


Time to further excise the Google tumor

I have used Google services for a very long time. I have some backup plans, but I need to do better. I have been weening myself from full Google domination, but some things are hard to replace. I have to look into a Google Voice replacement (a call forwarding, voicemail, and SMS service). I have a grandfathered Google G-suite free level with a domain for my family including email hosting. I have paid android apps I use for work. It was so easy to get entangled, but when I started gmail was invite and I have over a decade (sheesh, maybe two) of email use and hundreds of sites and entities where I have to change email addresses. I have already taken some steps but have to coodorinate some and get the prerequisites correct. I keep chipping away though.

Buggy code, fragile legacy systems, ill-conceived projects cost US businesses $2 trillion in 2020


I can code (program)

I do not consider myself a developer, nor a coder, but a programmer. I will use a library if I know what it does inside, outside, topside...every side in every conceivable case I can muster. I will test it thoroughly as I test my own code. I am costly in both time and money, but strive to produce as correct code as I can; aka quality.

Many, many years ago, I was contacted to produce a payroll system for a company which had expanded from a single tax jurisdiction to multiple. They wanted the thing done in a month, they could not wait. I replied I would require no less than three months with one or two contingency until I could analyse the requirements. I did not get the job. Fast forward five years and I found out the "coder" the hire instead of me had delivered in two months instead of the agreed one. And, they were still working out bugs and had dozens of work arounds to process payroll including pre- and post- processing with a spreadsheet. They are now out of business.

The problem is unwillingness to pay for suitable quality. This goes far beyond software in IT. IT security is afflicted. It also does not help that the current trend of software is change for change sake and the abominations we are seeing is horrendous. There are losses due to abandonment of well reasoned user interface elements. How much time(money) is wasted when a form rejects input on submit when the input is formatted had been formatted in common form and only instructing the user of the expected form after the fact? Not really a rhetorical question, I just do not have the resources to make that determination. I can write a routine to transform input in common forms to the desired form for processing, I do not consider it to be time consuming or challenging. There are so many examples of poor programming, I could write an encyclopedia on the topic.

I agree training more developers is not the fix. The problem is deeper and requires a more complicated mitigation and is not likely to be accepted by those who make the decisions.

As Uncle Sam continues to clamp down on Big Tech, Apple pelted with more and more complaints from third-party App Store devs


Re: Another reason why

I feel guilty of helping to make this happen. I bought an Apple //c once.

Atlantic City auctions off chance to hit Big Red Button and make grotesque Trump Plaza casino go boom


Re: Good idea

Good idea in concept, but a controlled implosion calls for a fairly precise amount of explosives meticulously placed. I'm afraid if your plan were implemented, Pennsylvania would suddenly have beach front property.

Up yours, Europe! Our 100% prime British broadband is cheaper than yours... but also slower and a bit of a rip-off


Re: Speed is not the whole story

My ISP is Comcast at their 25Mbps service $55/mo. Next level up is $80/mo. which I think is 50Mbps which is what they tell me I need because it's an improvement to their revenues. There is a subsidized service at $25/mo. at 20Mbps but you have to qualify with a low income and cannot have been a customer for three months immediately prior.

All my other "options" according to the FCC are less bang for the buck. I cannot recall specific details, but none are fast, no fibre, DSL over neglected copper, satellite, and fixed wireless, (no 5G yet in case you are wondering). I just tried to check DSL availability, Verizon no longer seems to offer it, nor FIOS, nor LTE, nor 5G, but the FCC says they offer internet service here. When DSL was available it was same or only slightly less cost than Comcast but only 768Kbps. I had also checked landline phone service then and found it went from $25/mo. the last I had it to $40/mo. for no better, probably worse service, but they were happy to provide links to wireless service. Fixed wireless was twice the cost per bit, satellite was even more and still advertises 25Mbps for my location.

Right-to-repair warriors seek broader DMCA exemptions to bypass digital locks on the stuff we own



The DMCA in the most basic concept of circumventing copyright protection could be tolerable, maybe. But, the concept has been so twisted and the scope has crept, nay, launched so far beyond protecting copyright that it must be terminated with prejudice.

It's replacement has to place requirements on protection mechanisms to allow fair use, or it cannot be implemented. If a protection mechanism is found to be prohibiting fair use, then circumvention would be allowed. Any mechanism replacing one to have been found prohibiting fair use would have to be reviewed before being allowed to be implemented and would still be subject to possible circumvention allowance.

Protection mechanisms have to actually be protecting copyright. Carrier lock on cellphones does not qualify, and would not be afforded protection from circumvention under the law. Creatively designing a product to place copyrighted material in the realm of non-copyright material does not qualify. So making an ink or toner cartridge "smart" so it's protection mechanism extends to the the consumable does not qualify. Any design found to be artificially creating a revenue stream due to placement of copyright does not qualify. This is only a start, I'm sure others can contribute excellent ideas of reasonable constraints for a copyright protection mechanism law.

Copyright is important, but is has to be reasonable. Open source (which I prefer) depends on copyright to be able to enforce the source remaining open. Copyright allows creatives to earn a living, but extreme capitalism has twisted copyright to their benefit at the cost of creatives. It is this twisting that has brought us the DMCA in it's current form.

I understand the concept of a manufacturer simplifying to reduce cost and using the same platform for both the base model and top end and everything in between. I do not agree with using "locked" settings to achieve this. You leave out hardware or substitute lesser hardware to differentiate. My truck is very basic with few extra features, but is has the same wiring harness of the top model. All I have to do is purchase the trailer brake controller and plug it in to add that functionality, as it should be. I do not have to hack the settings to enable an already present trailer brake controller, and worry about a DMCA violation.

I have hacked (in the old MIT sense) the family coffee maker, some call it a Keurig, to use whatever coffee no matter how packaged, with or without a Keurig k-cup license, in any manner the machine can produce the beverage. I have sworn off any vehicle which required manufacturer permission to replace components non-essential to core functionality so the vehicle can remain functional. My main computer is over 10 years old, has had a few upgrades/replacements and still does most everything I need and/or want.

Oblivious DoH, OPAQUE passwords, Encrypted Client Hello: Cloudflare's protocol proposals to protect privacy


Re: Why DoH?

When are the rest of the Internet programs going to get DoH?


Purpose of VPN

Cloudflare on VPN:

["Why not use a VPN if you want privacy protection? VPN, said Graham-Cumming, is about remaining anonymous from the target you are connecting to, which is a different problem. "Your bank needs to know who you are," he said. Although a VPN also protects privacy, "it's better that we have a widely adopted standard that makes this possible for everyone," he said.]

So wrong. VPN is not about remaining anonymous from the target. VPN is about connecting through an untrusted network, such as public WiFi, Hotel WiFi, Comcast, AT&T, etc. I cannot remain anonymous to the target if I am providing my credentials to login. The problem Cloudflare has is they have a network tool so every problem to them looks like it needs a network solution. How are the ODoH proxies paid? It seems like it may have to develop into another point of data collection to obtain ad revenue to stay afloat.

If browsers already have their secure DNS solution (DoH), how likely are they to adopt another? As alluded to earlier in the article, DNS really has to be a system level service anyway or all programs using names instead of addresses will have to be updated. Leave DNS to the system, implement improvements (not just changes) there. Any increase in complexity has to be justified by great benefit to the system user/owner.

New study: DNS spoofing doubles in six years ... albeit from the point of naff all


For those who missed the sarcasm of the first post, a browser doing it's own DNS circumvents a system level configuration. Remember, the Internet is not the WWW. So now you have a system where DNS queries are going to different locations depending on how client software is configured, very messy, overly complicated, and ripe for failure.

I had a problem with Charter blocking DNS going outside their network. That is not OK for an ISP where endpoint equipment is owned by their customers who pay for internet connectivity. It's fine for a company that owns the endpoint equipment and the network. I managed to have that problem resolved in a single phone call, albeit a long phone call with many transfers.

Manchester United email servers remain offline amid what is being called a 'ransomware' attack


They seem to be on injury timeout.

I work therefore I ache: Logitech aims to ease WFH pains with Ergo M575 trackball mouse


I used a corded PS/2 trackball from Radio Shack for many years until it wore out beyond repair. By then it was no longer available for replacement. It differed greatly from the most popular trackballs. It was about the same size as a mouse. It had the ball about where the scroll wheel is on most mice these days. It was flatter than today's mice or even most mice of those days. The right and left buttons surrounded the ball most of the way around either side. Behind the ball was a small click lock button for click and drag simplicity. Ergonomically the motion was shared between fingers, hand, and arm so not very tiring or overtaxing of any particular appendage. It was symmetrical so suitable for left or right handed organic interface. I frequently used it on a reclining chair arm as easily as on a desk. If this was available again in modern connectivity, I would get as many as I could justify.

Comcast to impose 1.2TB-a-month broadband download limits across more of America from next year


$49.95/mo. Xfinity (Comcast) "Internet: Performance Starter" "Internet: Download as fast as 25 Mbps" direct from the latest bill.

Login at xfinity.com for more information. Such as upload speed or usage, but upload speed or speed of other levels are a bit scarce. You are directed to the sales portion of their website and have to spend a lot of time to try to track down the info. A speed test through a VPN does achieve download of 24.9 Mbps and upload of 2.9 Mbps.

I am averaging 90GB/mo. with a maximum of 119GB over last 6 months and no overage. Although I do not recall getting a notice of a cap applying to my service even though there is an overage column in the report.

Comcast is the lowest cost and best performing option I have. I can get DSL from Verizon, satellite, and there is a fixed wireless service, no fibre. All those cost more per bps some with lower speeds and caps. i.e. no real competition.

Linux Foundation, IBM, Cisco and others back ‘Inclusive Naming Initiative’ to change nasty tech terms


We must go on the offensive

In arguments we should point out every possible offence of the very words they are using to justify this effort. Every word can be offensive, some are just a little tougher to spin. We should endeavour to begin using their proposed replacement words in an offensive fashion, poison all words. I think we can poison faster than they can complete even a satisfying change.

I wonder how many of these people of tenuous membrane organ hold MBAs.

Google tells court: Our rivals gave US govt confidential dirt on us to fuel antitrust case. Now we want to see it


Re: IANAL....

The prosecution is willing to give Google's external counsel access to some of the information. Google being Google wants full access to all the information itself, it is a habit after all. The prosecution may have agreed to more than just one external counsel. Proxied access to the highly confidential information may have been possible, on condition the queries were not abused.

An information junky being denied a fix. It is for their own good. In a way, one can almost sympathize...NOT

Former Microsoft tester sent down for 9 years after $10m gift card fraud


Re: Bitcoin for crime

US Paper money has serial numbers. Drug residue detected on cash has caused people to be detained. Bloodhounds can detect an individual's scent on cash. Scent detectors are getting as good. How long before DNA can be detected as easily? I would say differently tracable, not untraceable.

Trump's official campaign website vandalized by hackers who 'had enough of the President's fake news'


Re: Like a Three-Card Monte game

OMG! It's all over facebook. I can't beleive you are so out of tuch. Gimme a brake. I bet yuo gonna tel me now they an't pedofiles and eat kids.

Do I really need the joke alert?

Scary thing is, I have heard/seen those responses given seriously, misspellings and all.

A cautionary tale of virtual floppies and all too real credentials


set permissions accordingly...

Sounds like the perfect setup to learn of Netware's execute only flag. Seems like the thing to do until you find out execute only means strictly execute only. This was the era when patches were in effect diffs written to files. Remember writing to the file is verboten when execute only is set so no patchy by viruses or updates. Any other action was prohibited on an execute only file. There was a secret incantation which could make such an execute only file mortal again, I just do not remember it.

Let’s check in with that 30,000-job $10bn Trump-Foxconn Wisconsin plant. Wow, way worse than we'd imagined


Re: Potemkin factory

Aaahhh! You mean like Atlantic City, NJ. Once home to a Trump casino property. I believe it closed due to losing money.

ICANN begs Europe: Please fill in the blanks on this half-assed GDPR-compliant Whois we came up with


Re: ICANN should provide them the answer

I'll have to check into that. It may prove useful beyond this one example. If not I may have to start a letter writing campaign to representatives to request a privacy law.


Re: ICANN should provide them the answer

I tried emailing the common aliases such as admin@ webmaster@ abuse@ only to receive non-deliverable bounce messages for each I tried.


ICANN should provide them the answer

It does deserve a kindly worded and sympathetic response. Such as: We have reviewed your message and after much re-reading and head scratching have concluded that you seem to be requesting our answer to your apparent quandary. As you seem to be stating that there is no easy or cost effective solution to maintain whois in compliance with GDPR, we have come to the conclusion that you must shut down whois. You have 30 days to shut it down. After 30 days we will verify shutdown and if we find it has not been shutdown, we will begin disciplinary actions as enumerated in the GDPR which includes fines.

Careful what you ask for.

I would find a non-anonymized whois record for a particular website to be useful at the moment. I am finding myself blocked from the website thanks to Cloudflare's firewall flagging my VPN as a risky access. I am told that the website owner has locked down a little too much and I should contact them. Whois would be a good way for me to find contact info for the company. I wish to opt-out of their publishing of my information under the guise of genealogy. I don't have the GDPR to help me either as I am in the US and so are they. Which probably also explains why their contact info is hard to find.

Windows 10 to let you know that your SSD is dying rather than throwing out a BSOD when it's already too late


Re: SSD Failure Warning: Only Fair

SSDs: Because of wear levelling, you do not want to defrag. Because of no moving parts you do not have to defrag.

I recall setting a fixed pagefile of 1 to 1.5 GB for a system with 1 GB RAM. Years later an 8 GB system was recommended to have 8 to 12 GB pagefile. Was tempted to setup a RAMdisk for the paging file. Allowing Windows to manage the pagefile, right, wait while it expands the file, fragmenting, and pages the RAM, it makes the system faster, ha.

There were some defrag utilities which could place the pagefile and hibernate file as single contiguous files at the beginning of the drive for the best performance. Sounded good in theory, but the rest of the files being access were all over the drive anyway.



Biting the hand that feeds IT © 1998–2021