* Posts by gnarlymarley

260 publicly visible posts • joined 2 Jul 2014


RIP FTP? File Transfer Protocol switched off by default in Chrome 80


You can still switch it back on via an option or command line flag (such as --enable-ftp) but, to be honest, why would you?

The answer is simple.anonymous FTP where people can download without a username or password is where I would care about plain FTP. Now, I can use HTTP instead to do the same thing. There have been some strides to get SSL working with compression, but until it gets good enough, FTP will suffice. Now if you ask further, any file that someone uploads to me that should not be public, has been using SFTP for a few decades now. The main reason why I prefer the plain over the secure is proxy servers can cache the files. Under secure, I do not believe anything should be cached.

ICANN't approve the sale of .org to private equity – because California's Attorney General has... concerns


who runs it?

Technically you can say I don't care who runs the .org as long as the price doesn't go up and the service quality doesn't go down.

Beware the Friday afternoon 'Could you just..?' from the muppet who wants to come between you and your beer


three button mouse

"I duly turned up at his home," recalled Will, "and booted up the beast, and right enough, the cursor was all over the place and unresponsive."

I had this happen with a three button serial mouse when it was switched to two button mode. Just switch that after boot up and the cursor would be weird and jumpy.

Relying on AT&T, Verizon and T-Mob US to protect you from SIM swapping? You better get used to disappointment


Re: In person show ID?

Is that really too much to require?

Ummmm, some of the criminals are making fake ID. Do you trust yourself to see the difference from identical ID, but with different pictures? I myself have not seen the actual IDs, but I have heard that they are very hard to tell the difference. I am not sure that picture ID will meet what the standards should be, but they will meet the minimum.


SIM swapping is only a major problem if you use 2FA. Without 2FA, an attacker has no need to try to do SIM swapping. Interesting that the attackers get the phone number to use with SIM swapping by hacking the original source.

Smart speaker maker Sonos takes heat for deliberately bricking older kit with 'Trade Up' plan


paid twice?

Why not allow these products to be resold or reused?

What and be paid twice? If someone gets the 30%, they are technically being paid for their old device. Then if they want to sell it, they would be getting paid again. Why should people be paid twice? If I take my old car in to get a new one, I am not able to resell the car to someone else after trading it in.

Cheque out my mad metal frisbee skillz... oops. Lights out!


His response? "It was due to me facing up to him, to be in his office to tell him when he arrived and that we had stayed there till it was resolved."

I miss the days when honesty was rewarded. Now a days, folks would rather murder their customers for doing something wrong, even when the business is at fault.

Google tightens the screw on 'less secure apps', will block most access from June 2020


That's it for KMail then as Google revoked the API key and won't give a new one...

Well, that is it for me as a customer as my current method is only via password. I might be the only person, but if google wants to ostracize its customers, then so be it. I do not have a smart phone and if I purchase one, it will never be used on google. Oh well, I guess I don't care that much about the internet. I don't need google, but they need me for my data.

One of these days they will get back to their main goal of two decades ago which was to support the customer before letting big business take advantage.

Hey, ICANN, if you need good reasons to halt the .org super-sell-off, here are two: Higher fees, more website downtime


Re: What next?

Assuming the deal is done we will of course migrate it to another '.something'.

If you include SEO, migration will take about six months for your reputation to be transferred. If you include people's memory, then you could be looking at a couple of years. Either way, just "switching domain names" is not going to be a quick switch, it will take time.

100 mysterious blinking lights in the night sky could be evidence of alien life... or something weird, say boffins


Astrophysicists, faced with poring over 600 million objects, whittled down their search to just 100 by focusing on observations of objects in space that simply just disappear, or ones that have rapidly fluctuating brightness levels that vary over a 70-year time period.

Or maybe this is just the flashing, twinkle, or change in brightness level that happens when a heat source between the observer and the light causes the air to move. Sometimes if you look at a neighboring city's lights, you can see this same thing happen.

Cops storm Nginx's Moscow offices after a Russian biz claims it owns world's most widely used web server, not F5


This is a case of Russian business stealing American corporate tactics with ex employees.

Actually from what I remember, the company was started to support it years after the software was first wrote. Which means the code would have been sold or given away.

Post Office coughs £57.75m to settle wonky Horizon IT system case


Re: The supplier..

Be interesting to see if there is any flow down to Fujitsu who wrote the code in the first place.

If there is any flow down it should not be more than a third of the total settlement. If I were involved in this case I would lean on the blame being three groups: The post office people that had verified the wrong and filed the legal paperwork (this could actually split into two groups), the post office people that accepted the "broken" system, and then finally Fujitsu.

If the people at the Post Office who checked the "fraud" and passed the "fraud" to the police for prosecution were different groups, then Fujitsu blame should go based on the number of groups involved.

In my careers, we always due our due diligence to make sure that we do not cause any further legal ramifications.


it is NOT and SHOULD not be allowed to cover the money that was ILLEGALLY stolen from these people

Correct. There should be an automatic reimbursement of the actual dollars stolen from them which should be a completely separate amount from this settlement.

Americans should have strong privacy-protecting encryption ...that the Feds and cops can break, say senators


NSA loses encryption keys again!

Americans should have strong privacy-protecting encryption ...that the Feds and cops can break, say senators

I can see the title now. The NSA will lose their keys when they get hacked again, and then everyone can see the encryption. Now if the NSA could secure themselves, maybe I would think about letting them have access, but when they keep getting hacked, there is no reason to trust them.

Apple tipped to go full wireless by 2021, and you're all still grumbling about a headphone jack


audio mixer

I have an audio mixer that I use with the 3.5mm output jack. If I go wireless, then I STILL need a wireless adapter that has a 3.5mm output jack. Now matter how you may try to convince me, I have no other way to get the signal into the mixer.

A.K.A. if you want me to buy your phone, then you will include the 3.5mm output jack that I use on my audio mixer.

Bandwidth weirdness at TalkTalk has customers fuming at being denied on-demand I'm A Celeb


Re: Talk Talk?

Who's daft enough to go with Talk Talk?

Some of us in the USA only have access to one provider. This can be the case even for new housing construction. The options are to bring in a new provider for £10,000 or else suffer with a single provider. This is why you hear about individual cities trying to being in their own fiber, but then the city's fiber is a single provider again.

We are absolutely, definitively, completely and utterly out of IPv4 addresses, warns RIPE


Re: no one bothering to no enquiry as to why organisations are reluctant to go ipv6

If IPv6 had embraced NAT at the start it would have gained much earlier adoption. While NAT is not needed in IPv6 some of us like the inherent security offered with NAT. I can hide tens of thousands of rfc 1918 (private IP's) IP's behind a handful of public IP's which are easy to look for, filter and monitor. with IPv6 Its possible & encouraged to use publicly addressable IP's internally. That way of thinking was seen as a huge drawback of ipv4 & nat was seen as a fudge to enable connectivity but had the extension of being a simple cheap no skill required way of securing systems especially domestic systems who's owners had no need to understand how it worked.

Embrace NAT, let the uninitiated hide behind a gateway, save ISP's costs/bandwidth from zombied customers machines etc etc etc.

Ummm. Are you trying to say that me using NAT66 on IPv6 for about a decade is not possible? Do you have something against RFC4193 addresses in IPv6? Just because they have had RFC1918 equivalents on IPv6 since the early 2000s, doesn't mean we can diss IPv6 just because it does fully support NAT.


Re: The internet will be privatised

agreed. there is actually an IPv6/IPv4 gateway block that can be used to cover ALL IPv4 addresses with equivalent IPv6 ones. Why isn't THIS being used???

The reason this is not being widely used is it requires DNS to synthesize the IPv6 pointers. This means it needs to be setup at your ISP's recursive name server and your ISP probably thinks it is just "too much work". Since I run my own name server and NAT setup, I can do this on my own.


Re: IPv6 not that hard... seriously

However, the one thing people aren't fully aware of (apparently) is that every IPv6 address that can be used to access 'teh intarwebs' is public.

Did I miss something here? RFC4193 talks about "private addresses" for IPv6, which will also include NAT66. I am sorry that you think this is the reason why you don't want to go to IPv6. I have successfully been using NAT on IPv6 for many years now. My IPv6 router is running FreeBSD. I first started with NAT66 on FreeBSD version 5.2.

So that means windows machines MUST be properly firewalled

One side note if you look further into it is your NAT router in IPv4 actually has a firewall to make the NAT work. (IPtables, PF, and IPFW are all firewalls that will redirect their packets to the NAT software. You will have one of these running on your wireless router.) So by claiming, you need a firewall to go to IPv6 is a cop out.


Re: re: If you don’t see traffic

going to Facebook and Google then it is a problem at your end?

Why do I get the feeling that folks have forgot about the sites like yahoo and microsoft? Oh, right. Nobody uses those any more. Yahoo on IPv6 has not been very stable. On a more serious note, there are a lot of IPv6 sites out there (Including many search engines and audio and video streaming services), so if you see nothing on IPv6 then you have a setup problem. The problem also could be your network sniffer or it could be just that you are not looking at the right time. About 60% of my traffic goes over my IPv6 connection.


That approach continues to not work. IPv6 still sits at around 24 per cent of internet traffic - and has actually gone down from last year.

The reason for this is people have not been migrating and thanks to the shutdown of some IPv6 tunnel brokers, some people are now back on only IPv4.

There are the networks that refuse to peer on IPv6, even when they have done so over IPv4. Then there are the security concerns. The fact that technical solutions keep removing a sense of urgency. That IPv6 can kill your VPNs.

Unfortunately, I have no problems with VPNs and IPv6. Of course, I am a dual setup and my computers just fall back onto IPv4. It is possible that NAT64 could be their complaint, but my guess is that the folks that are making an excuse to not go to IPv6 are the people that have never used IPv6. When IPv6 first came out, it was "sold" as a product that would NEVER work with NAT66. The people behind IPv6 at the time sounded like they would come visit me and kill me if I tried NAT66. So, I did NAT66 and have been using it ever since. Most home routers do NAT66 now with all of them being capable of NAT64.

Then there’s the fact that some ISPs just don’t see it impacting their bottom line and so can’t be bothered.

My old ISP is called digis/risebroadband and they have so many IPv4 addresses, they know about IPv6 and don't want to implement it. So I blocked them from my router and I setup a tunnel with a different provider. When they finally put in IPv6 I will never be on it.

Chancers keep buying up dot-UK company name domains: Got a problem? That'll be £750 for Nominet to rule on it


A full Nominet Expert decision, stripping a dot-UK web domain from someone who breaks Nominet's domain registration rules and handing it to someone more deserving, costs £750 plus VAT. Should the initial decision not go your way, an appeal to a panel of three Nominetters costs no less than £3,000 plus VAT.

This is a very good reason why people "should" keep information publicly accessible on whois (or on a whois replacement). Whois can tell me if a company owns multiple domains. When Companies try to "hide" their email address, it makes it difficult to verify domains. What companies "should do" is rather than give out their personal email, they should give out an alias that points to their personal email.

UK Info Commish quietly urged court to swat away 100k Morrisons data breach sueball



While Morrisons might not have direct responsibility for Skelton's actions, they do hold a responsibility of action in reply to those actions. It seems simple to me that while Morrisons cannot always prevent the crime, they do hold responsibility in taking action as there is a contract between then and Skelton for employment.

If Morrisons sits back and does nothing (or is even supportive of the crime) then they are part of the crime. If Morrisons takes action that their part of the contract requires (such as having Skelton arrested), then they are cleared from legal action that they did their due diligence.

In the USA, we call this as being an accomplice. A search on the internet shows that UK accomplice law is very similar.

Gas-guzzling Americans continue to shun electric vehicles as sales fail to bother US car market


Re: Electricity in the USA

I live in a rural area.

I think we all forget that most of the USA is about the same as rural. This seems to be the case near a lot of the capital cities of the states. I live in a fairly high populated area, but the nearest supercharging station is still about 35 miles away. Add that to the single digit temperatures and it makes operation difficult. Atleast I am a few states south of north dakota where it might get down to around minus 40. (For those that don't know, I am leaving off the units because minus 40 Celsius is around minus 40 Fahrenheit.) When it gets far below zero, there are electric vehicles that will not work.


Re: Electricity in the USA

The real killer is the weekend trip when the person you are seeing is 550 miles away.....

Yes. And another killer is when you get stuck in rush hour for a few hours in the heat of summer (which means you are running the AC while you might be stopped for two hours). Nobody seems to bring up the stop and go traffic. They also do not remember the spare fuel tanks for when we run out in these situations. Also, I have been stuck on the freeway with no ability to take off ramps before for a few hours.

My commute is about 40 miles each way and the smaller electric in this situation would not cover it. Keep in mind my work will not offer the ability to charge, so what ever charge I need will be coming out of my already long work day of 12 hours. Add any delays and it begins to hamper my sleep. I can carry and extra five gallons of gasoline for such situations, but it is much harder to carry an extra "can" battery juice.

Morrisons is to blame for 100k payroll theft and leak, say 9,000 workers


The issue is purely whether Morrisons is vicariously liable.

If it is true that Morrisons didn't take action back when it happened, then they can be held liable. As near as I can tell, he was disciplined by Morrisons, but remained an employee. This appears to be what the case is now about. Had Morrison terminated his employment with previous offenses, it could have been a different situation.

Dough! Jobs microsite for UK's data watchdog set hundreds of cookies without visitors' consent


why do folks have their browser configured wrong???

"I have just discovered that the Information Commissioner's Office jobs microsite, which talks about the importance of GDPR and Data Privacy, and which is currently advertising the new Director of Regulatory Strategy role, sets approximately 204 advertising and tracking cookies, all without consent.

Does GDPR require people to set their browsers to "ask to accept a cookie"? Why do people insist that they have their browser "automatically accept cookies" when they are trying to force sites to ask? Clearly, sites are not always able to "ask for consent", so why are the browsers set to automatically accept? I have been seeing this setting in all my browsers for over two decades, so people saying they don't know about it is hogwash.

UK Ministry of Justice brags about new digital forensics unit to thwart tech-savvy jailbirds



Maybe they should do away with trying to get the emergency services on 4G and make the prisons become notspots. Then it wouldn't matter if prisoners had cellphones, they wouldn't be able to use them.

I am kind of surprised that parliament doesn't care about this kind of stuff and would prefer to force everyone onto 4G.

Remember the big IBM 360 mainframe rescue job? For now, Brexit has ballsed it up – big iron restorers


Re: Seriously?

I was thinking the same thing except with a uhaul. They might just need to buy their own truck (small enough where they don't need the commercial license, if they don't have one.) and make multiple trips.

You're ARIN a laugh: Critical internet org accused of undercutting security over legal fears


For example, ISPs are very unhappy with how DoH wraps DNS in encryption, preventing them from snooping on or manipulating it. And ARIN is worried that by hosting a service used to validate routing decisions, it could end up being held responsible when people are suddenly knocked offline.

Ummm, I am not an ISP as one would say, but I do offer internet to my immediate family. My issue with DoH is that it is meant to bypass the bind DNS server I have setup. This means I once people start using it I will need to purchase a faster internet connection to work with all the stupid "prevent caching" ideas. Oh wait, my local squid proxy cache will probably "permanently" defeat any DoH setup attempts. So, maybe what I am saying is moot. I guess I will fall off the internet before I will ever use DoH.

Slow down, ice-on-Mars fans: Those 'streams' on Red Planet may be caused by landslides


timing issue?

“While we aren’t ruling out the presence of ice, we know is that ice wasn’t needed to form the long run-outs we analysed on Mars,” said Tom Mitchell, co-author of the paper and an associate professor of earthquake geology and rock physics at University College London.

I wonder if the reason they cannot find ice is that they are looking at the wrong time. Maybe in the storms or the extreme cold is when they need to be looking? With the temperature fluctuation they way it is, maybe it goes to a gas during the day and ice at night.

I would suggest the same reason why the FBI and CGHQ cannot find anything before it happens is they are looking at too much data, the wrong time, and in the wrong places.

Plan to strip post-Brexit Brits of .EU domains now on hold: Registry waves white flag amid political madness


Re: Does the UK require citizenship for .uk domains?

Does the US require it for .us domains? I still don't understand why the EU wants to strip .eu domains from UK residents, other than to be bastards.

They probably should also include tax-paying businesses in that too. If the business has a presence, they they should be allowed to keep their domain.



If I was in a country in the EU that was not leaving, I may think about moving domains now. I would keep my eu domain and make it a pointer to my main country domain. I would think about doing this as it does take some time for people and search engines to get accustomed to the new domain. It could take from three to six month to two years. Unless I had a presence in multiple countries, I would strongly look at moving the main domain to my country of place and having all others be forwarding.

Talk about a killer feature: Home, Home Mini gear replacements promised after fatal update bricks gadgets


That last part is the kicker: if you were unlucky enough to have one of the devices that automatically downloaded and installed Google's flawed software update, your Home or Mini may be no more.

Or with the current level of spying with these devices, does that mean you might be lucky enough to have the device stop working?

Yay! The ozone layer hole the smallest it's ever been seen. That's not necessarily good...



UV light hits the atmosphere and create the ozone. This means that the hole can only change if the tilt of the earth is changing. I think I would be more concerned about the wobble changing than I would the ozone hole.

Haunted by Europe's GDPR, ICANN sharpens wooden stake to finally slay the Whois vampire


And the 90-day negotiations will cover a “plan and provisions to sunset the obligations related to the WHOIS protocol as we transition Registration Data Services to RDAP.” Which, in non-policy wonk language, means Whois is finally going to die. And not a decade too soon.

Technically, you can say I don't care how I get my abuse address, but I still want to get my abuse address. What is the point in killing WHOIS, if the same information will be still available via another protocol? If you say it is to stop bots, then you are lying as bots will change to match the new protocol.

I am currently working on a design where my firewall blocks IP connections unless I can look up and acquire an abuse contact. (This means that if you want to connect to me then you will provide your information in a public viewable form. Which said idea, I respond and say why get rid of the WHOIS protocol if the new RDAP does EXACTLY the same thing!)

Junior minister says gov.UK considering facial recognition to verify age of p0rn-watchers


is this a parenting issue?

Now why do I foresee some kid using a portable USB webcam pointed at a picture to the side to fool the facial recognition? I don't see a way the idiot lawmakers can actually force this. Maybe a better option is to get better parents and have them learn how to do actual parenting. If you don't want your kids to see porno, then teach them.

Help! I bought a domain and ended up with a stranger's PayPal! And I can't give it back


What is paypal going to do, contact the account owner over email? Wait, that goes back to the person who is trying to return the account. Maybe use the phone number if it has one?

We, Wall, we, Wall, Raku: Perl creator blesses new name for version 6 of text-wrangling lingo


Amazing how (if designed right) something can work successfully for years. I started with Perl4 and the reality is people only need to upgrade for new features or to fix bugs. If something is not broke, it does not need to be changed.

Just let us have Huawei and get on with 5G, UK mobe networks tell MPs



If this is a spying issue with huawei, then clearly there is something the cell phone companies are getting in return. They seem to have a desire (more than just a tie to their technology) to go with huawei. They may just be getting a cutback from huawei for the data.

Flak overflow: Barrage of criticism prompts very public Stack Overflow apology



Cellio has posted her own account of what transpired, and she claims her de-modding was pre-emptive. "I was fired because they thought I wouldn't follow the future code of conduct," she wrote, and has challenged claims of bigotry that have arisen for questioning Stack Exchange's planned rule change.

The real way to apologize is to reinstate Cellio. But then the damage is already done, so it may already be too late to recover.

Remember the FBI's promise it wasn’t abusing the NSA’s data on US peeps? Well, guess what…


Re: the gang

I get the impression that the FBI makes employees denounce ethics and similar rogue ideologies.

Which is why turning off end-to-end encryption might not be a good thing. There already seems to be too much data getting in the way of the FBI catching the bad guys.

Probably similar to a bad school teacher. If you increase their salary, it does not automatically make them a good school teacher. Ethics and morals are what makes a good school teacher.

Here we go again: US govt tells Facebook to kill end-to-end encryption for the sake of the children


Re: Another day, another nonsense "think of the children" line

Actual criminals, the ones out there hurting people, would use something else.

Criminals don't obey the law. Why do we think they are called criminals? If they are actually using it, they have their own end-to-end encryption already in place and will not be detected. (For anyone curious https and vpns have end-to-end encryption, so all https sites would have to be changed back to http.) So, would you want your password traveling on the public internet unencrypted?

Boris Brexit bluff binds .eu domains to time-bending itinerary


abandon domain because EU says all of its citizens are unwanted

If I were in the EU, I would just abandon the domain right now by use of http redirects and forwarding all email. This would give the search engines the time it needs for SEO as it can take a few months to update. Clearly the EU is throwing a tantrum and the government officals are the donkeys that will lose in this battle. I did a dotcom because I am not interested is being tied to a specific area. All my other domains are redirecting/forwarding as of 2006.


Insisting that UK registered ".eu" domains must cease to exist right on the dot of the official Brexit date introduces a lot of problems for everyone involved for no obvious rational reason and seems motivated purely out of spite.

One of which the poor EURid tech is going to have to work 24 hours a day around brexit just so they can trigger the database update. If the EU provided some time, then they could "expire" all the records on a normal business schedule and not require someone who is a EU citizen to work overtime.

TalkTalk still struggles to shut down legacy email addresses on request


easy or hard

The problem is if you make it easy for a customer to shutdown their email, it is also easy for a hacker. If you make it hard for a hacker to shutdown an email, it becomes hard for the customer.

The ideal method would be to make it easy for a customer and hard for a hacker, but that is only a theory and never works in practice. (At least this is my experience with customer service.)

DoH! Mozilla assures UK minister that DNS-over-HTTPS won't be default in Firefox for Britons


Nonetheless, DoH is billed as helping stop third parties (ISPs, government agencies, police forces, any of the random handful of British state organs allowed by law to help themselves to your browsing history, etc) from viewing what you’re viewing – or, in the case of criminals looking to defraud you, hijacking your DNS requests.

Except, there is at least one third party involved in DoH and that will be whomever owns the IP that firefox points their first lookup to. Somebody other than the webhoster will need provide the ability to tie a name to an IP. This function is currently provided by ICANN and others via what is called root name servers.

So, the real quesiton should be, do we trust firefox or google as the "third party" that will track and sell our web browsing history?

How long is a lifetime? If you’re Comcast, it’s until a rival quits a city: ISP 'broke' price promise


Comcast’s actions, that no one should ever believe a single thing the corporation says.

Or believe anything that a salesman says. They like to talk big and Comcast and other companies are refusing to honor what their salesmen say.

World's oldest human was a 122-year-old French smoker after all


Judging by the picture, I would say about 107 years old. The picture probably was not taken right at death, but maybe a few years earlier.but then I have seen some 50 year olds that looks like they are 80+.

Has outsourcing public-sector IT worked? The Institute for Government seems to think so, kinda


Outsourcing adds the cost of the other business' overhead to the employee's cost. Therefore, outsourcing will be more expensive that inhouse. The only way to bring that cost down is to outsource to an area that has a lower cost of living.