* Posts by JulieM

626 posts • joined 27 Nov 2014

Page:

Mozilla doubles down on anti-tracking tech: It'll be tougher for wily ad-biz cookie monsters to track Firefox

JulieM Silver badge

Wouldn't it be simpler

Wouldn't it be simpler just to wipe all cookies set by any site that just redirects without displaying anything?

Or even return "crumbled" cookies -- deliberately altered from what the site was trying to set, to devalue and poison tracking data (and maybe even crash servers with poor input sanitisation!)

JulieM Silver badge

Re: I can't remember...

We simply need to make it law that if you do any business at all in the UK, you pay taxes depending on your global turnover.

And yes, I do mean tax turnover, not profit. That puts an instant stop to shell games. If you're still in business, you're obviously making money, even if you are managing to hide it by buying goods and services from your own subsidiary companies at inflated prices. If taxing every pound going into or out of a company's bank accounts is the only way to make sure they pay their fair share, so be it.

Microsoft runs a data centre on hydrogen for 48 whole hours, reckons it could kick hydrocarbon habit by 2030

JulieM Silver badge

Hydrogen storage

Hydrogen molecules are just too damn small. They will get through the gaps in any crystal lattice; and when they do, it doesn't take much force to accelerate them right out of the Earth's gravitational field. These are limitations of the universe, not limitations of present technology; which means that there is nothing anyone could invent that would make medium-term storage of hydrogen viable.

The best thing for keeping hydrogen in one place is, and always will be, a chemical bond. And then, when you need pure hydrogen, it is best to make exactly as much as you need, just before you are going to use it.

Is that croaky voicemail of your CEO just a Fakey McFake Fake – or does he normally ask you to wire him $1m?

JulieM Silver badge
Coat

Re: a "software-generated voicemail message"

Passing mustard?

Is that like cutting the muster?

Mine's the one with the Mondegreene and Malaprop label .....

Raytheon techie who took home radar secrets gets 18 months in the clink in surprise time fraud probe twist

JulieM Silver badge

Re: "he had downloaded documents to an external drive against company policy"

I guess that might be about protecting kids against anything being written to their removable drives by a teacher?

JulieM Silver badge

Nope

This stuff should not even be secret in the first place. Let would-be adversaries see exactly what weapons they might be facing!

My life as a criminal cookie clearer: Register vulture writes Chrome extension, realizes it probably breaks US law

JulieM Silver badge

Re: however on the good side

I accept that other people have got to eat.

However, I don't believe they have to resort to mildly-dishonest tactics to get their food money.

JulieM Silver badge

Re: Two options and a few other tips

If you ever wondered why they do this then it's because they must exploit the ever loving f out of US visitors with hundreds of scrapers, trackers etc. and have chosen to block Europeans rather than fix this.
This is technically illegal, but unenforcible as long as the perpetrator and victim disagree over jurisdiction.

It's still not a good look to be doing things to your audience that are illegal in some countries of the world, though .....

JulieM Silver badge

Re: EU law

That's great for everyone who hasn't had EU soil pulled from beneath their feet .....

JulieM Silver badge

That's probably illegal, since they are specifically not allowed (a) to make accessing the site without intrusive surveillance unreasonably burdensome or (b) to refuse point-blank to show the content without intrusive surveillance.

JulieM Silver badge

Re: Don't need it

I tried that, too; but I didn't bother recompiling it across an OS upgrade because it was getting to be a pain in the backside saying no to all the cookie requests. Between NoScript, Adblock Plus and Privacy Badger, I think I've got the Internet almost how I want it; especially when I had my DNS-based advert and tracker blocking solution in place.

Here's why your Samsung Blu-ray player bricked itself: It downloaded an XML config file that broke the firmware

JulieM Silver badge

Re: Thanks Gray!

What about implementing a "no access to any IP address you haven't looked up on this nameserver" policy?

Oh what a cute little animation... OH MY GOD. (Not acceptable, even in the '80s)

JulieM Silver badge
Devil

Re: BUFH (Bastard User From Hell)

If you have an Internet-facing machine with an SSH server on port 22, try creating a user called "pi" with the password "raspberry" and a default shell of /bin/cat .....

Android 11 will let users stop device-makers from killing background apps, says Google

JulieM Silver badge

What about sudo?

It would be nice to have sudo in the base install, so certain files which would normally be restricted to apps with special permissions can be accessed directly over ADB.

We've paused Sigfox roof aerial payments, says WND-UK, but we'll make you whole after COVID

JulieM Silver badge
FAIL

The Race to the Bottom

So they have a technology which is based on using other people's resources (and ostensibly compensating them handsomely), and a licence-free chunk of the electromagnetic spectrum.

Did anybody really think this was going to end any other way?

No more Genius Bar bottlenecks for you, Mr Customer? Apple exports independent repair provider program to Europe and Canada

JulieM Silver badge

This is the wrong way around

This is all the wrong way round:

Gay Gordon-Byrne, executive director of The Repair Association, last year highlighted the circa 20 right-to-repair bills under consideration in state legislatures when Apple agree to let third parties repair its gear.
Apple should never have been allowed to prevent third parties from repairing their products in the first place. Measures designed to thwart the use of "pattern" parts need to be banned, or at least neutralised by explicitly declaring any action necessary to persuade a piece of hardware to behave as intended to be beyond the scope of "intellectual property" protection.

If, for example, a printer checks for a specific pattern in a memory device attached to a toner cartridge to determine whether the cartridge is "genuine", then that pattern should be uncopyrightable, precisely so that third-party manufacturers are not prevented from making compatible consumables.

Similarly, the use of pattern spare parts needs to be explicitly not a trademark violation as long as the spare part is not falsely marked with a trademark or if this is operationally necessary (e.g. because the "trademark" is an aperture which requires another part to fit snugly in it, or because the device is checking in software for the presence of the trademark), and an item which has been repaired using untrademarked, third-party parts should not be in violation of a trademark.

What's worse is, we've already fought all these battles before; with vehicles, industrial machinery and home appliances, and every time in the past, the courts have ruled against the greedy capitalists trying to exclude third-party spares and services. Computers should be no different.

Cool IT support drones never look at explosions: Time to resolution for misbehaving mouse? Three seconds

JulieM Silver badge

Re: Mondarin?

How the Muddy Mildred do you counterfeit freaking gold? It's really not difficult to tell what a sample of some mystery metal is made of. Nobody with O-level chemistry and physics could fall for the "scam" described in that article; which, I suppose, tells you something about the intended audience.

Ex-barrister reckons he has a privacy-preserving solution to Britain's smut ban plans

JulieM Silver badge
Boffin

Even easier

I have an even simpler idea:

Just ban minors from the Internet altogether.

If there was no expectation for the Internet to be family-friendly in the first place, there would not be any reason to complain about adult content.

Faxing hell: The cops say they would very much like us to stop calling them all the time

JulieM Silver badge

Re: I called the cops

Or (in a German accent) nul-nul-eins, acht-nul-neun, funf-sechs-drei, nul-nul, nul-nul .....

Spaghetti Junction! Brum hospitals on hunt for new ERP and finance supplier to untangle current systems

JulieM Silver badge

The £6M Question

Why are they not using the existing resources of the university to develop a solution, based on mostly-already-existing Open Source software, that can be shared as Open Source with the rest of the NHS?

From unmovable boot screens to dead certs, neither are what you want to see in a hospital

JulieM Silver badge

Re: i don't know why...

What were the procurement people smoking, buying software without demanding Source Code (and the relevant Modification Rights to go with it)? Those are your guarantee, and you never let go of them!

Now, you personally might not know what to do with Source Code, and you might even take a perverse pride in that ignorance (which, as the sort of person who knows exactly what to do with it, actually suits me fine); but if the worst ever happens and the original supplier goes out of business, access to the Source Code at least ensures any competent programmer will be able to maintain it for you. (In fact, the original vendor needn't even go out of business; if they get a bit too big for their boots with ongoing costs, a customer with the Source Code can up sticks and go their own way, like a motorist going to an independent garage instead of a brand-tied dealership.)

If I was ever to break the habit of a lifetime and pay money for a piece of software, you can bet I would be insisting for at least the same Source Code and Modification Rights I would have got if I had downloaded a different piece of software instead that I would not have to pay for. "Pay more, get less" doesn't sit with my brand.

JulieM Silver badge

Re: Signed Certificates are only as good as...

What is wrong with a system where the certificate never automatically expires, but can be revoked if & when necessary, is that you end up with certificates that are valid in perpetuity by default unless revoked. And it is a lot easier to block a "do not use this certificate anymore" message, than it is to create a plausible fake certificate.

What you are proposing is equivalent to a lock that can be opened using any tool, unless it has been specifically told that that tool is not the key that opens it.

Ooo, a mystery bit of script! Seems legit. Let's see what happens when we run it

JulieM Silver badge
Boffin

Re: "fan-fold paper"

The "perforations not lining up" issue with toilet paper is caused by having torn off just one of the two plies for a full turn (so you are now tearing between the two plies). Each row of perforations is the same number of mm from the last, but each millimetre of paper occupies a different number of degrees around the roll. So the perforations in adjacent layers cannot be expected to align.

The problem can be fixed the same way it was caused.

Publishers sue to shut down books-for-all Internet Archive for 'willful digital piracy on an industrial scale'

JulieM Silver badge
FAIL

Theft

Theft is dishonestly taking something that belongs to somebody else, with intent to permanently deprive them of it.

So what is the thing that you used to have before someone made a copy of a book you wrote, that you don't have afterwards and will never have again?

JulieM Silver badge

A Parable

Once upon a time, a street merchant caught a young boy trying to light a candle stump from his brazier.

"You, lad!" roared the trader, "What do you think you are playing at?"

"I'm just getting a light, sir," replied the boy.

"Then you can buy a box of matches for a penny!"

"If I had a penny," said the boy, "I would buy some matches. But I have no money!"

"That does not give you the right to steal!", thundered the merchant.

"Stealing?" The boy was shocked. "If I light this candle from your brazier, your brazier will still be alight!"

"Ah," said the merchant, "But I will be a penny the poorer!"

The boy was perplexed. "How so, sir? Even if I don't take a light with me, you still won't have a penny!"

The merchant laughed. "Aha, child. The knowledge that you have no light is well worth a penny to me!"

Contact-tracer spoofing is already happening – and it's dangerously simple to do

JulieM Silver badge
Boffin

Colour me surprised -- NOT

If you have access to the right services (a wholesale telecomms provider), equipment and knowledge (which you will definitely have, if you are using wholesale comms) then it would be trivial to make a fake COVID alert call. And it will be hard to notice, just due to sheer weight of numbers.

But that's boring, and it also is giving the (false) impression that you might need to have access to things that are out of the reach of "normal people" in order to pull off such a stunt.

I do not think it is entirely unfeasible for two bored young punks with brains and attitude to lay hands on a scrap PC, a hardware card available from the usual places online, an inverter and battery and one of those red and white tent things that Openreach engineers use to cover up wiring cabinets while working on them.

Thus equipped, all they would need to do is find a suitable cabinet, deploy the tent and enjoy as much mischief as the battery permits. They could disconnect anyone's landline running through that cabinet and patch it to an FXS port on their own "sky blue pink box with yellow spots on" instead of the BT line; and then ring the unwitting victim's phone, laying any caller ID they liked on the call.

The greatest risk is of getting caught setting up or clearing away. (Once the tent is in place, it's very obviously Somebody Else's Problem.) Mucking about with phone lines like this will break the person's Internet connection (barring the kind of coil-winding skills that went out of fashion when kids stopped building radios, while there was still anything to listen to on MW and LW), but most householders are not going to correlate the two events even if they notice the 'net going off. And most importantly, once the miscreants have packed up and gone, the only record of anything happening at all is on the HDD of the portable exchange.

Got $50k spare? Then you can crack SHA-1 – so OpenSSH is deprecating flawed hashing algo in a 'near-future release'

JulieM Silver badge

Re: Two hashes are better than one

It's now feasible to create a file having the same MD5sum as another file using readily-available equipment, so an MD5 match can't be relied on as proof that a file downloaded from some random website has not been altered from the original version.

It still takes a deliberate effort to force a clash, so MD5 probably is still good enough for determining if or not a file has been edited *by you*.

A double collision is at least as hard to engineer as the harder collision, and *might* be actually impossible; but that depends on the algorithms used.

JulieM Silver badge

Re: Old devices

If you really need SHA-1 support for legacy kit with non-upgradeable firmware, you can always put that equipment on a separate VLAN that can't see the Internet; and then either have a simple proxy translating requests, or just reencapsulate the traffic in a more secure transport.

The code isn't going anywhere, except behind an ifdef and some dire warnings. You will still be able to build an OpenSSH with SHA-1 support. You'll just have to prove you really, really want it, is all.

UK finds itself almost alone with centralized virus contact-tracing app that probably won't work well, asks for your location, may be illegal

JulieM Silver badge

Re: @JulieM Of course, being centrally controlled

Which part of the Apache Licence 2.0 obliges the copyright holder to make the Source Code available?

My reading suggests that you can release just the compiled binary, or the Source Code in a form which is effectively unbuildable, and still be in compliance. All it says is you could not stop anyone from releasing the Source Code if they were able successfully to reverse-engineer it.

JulieM Silver badge

Re: The elephant in the room (or should I say home?).

Yes, but Apple, Google and friends are beholden to laws, restricting what use they can make of their ill-gotten information.

Laws created by the Government.

Surely I'm not the only one who sees this as meaning it's ever so slightly less terrible to entrust your data to private corporations than the government?

JulieM Silver badge

Re: Of course, being centrally controlled

Ah, but, there is Open Source, and there is Open Source. On the one hand you have a very popular Web server, supported by a passionate team who genuinely believe everyone should benefit forever from everything anyone ever does. And then on the other hand you have cynical corporations hiding binary blobs behind a licence that says you are allowed to distribute the Source Code, but good luck with finding it and everything else you need to build it.

They can release compiled binaries (and nothing else) under the Apache licence, or a BSD or MIT licence, and still call it Open Source. "Just exercising their freedom not to share" meets the letter of the law, just not the spirit.

It's why I don't mind the GPL at all. Having a rule obliging you to distribute Source Code sounds like an admission of impurity -- as though one would ever dream of not doing so! -- but it's a defence against those who would do more than just dream of it, if they thought they could get away with it.

Florida man might just stick it to HP for injecting sneaky DRM update into his printers that rejected non-HP ink

JulieM Silver badge

Re: I expect I'll get a ton of downvotes BUT

The entire business model of selling a product for less than it cost to manufacture, then recouping the loss and eventually making a profit on necessary consumables by artificially excluding third parties from supplying pattern parts should be illegal.

Of course, properly enforcing the second part would make the first part redundant anyway .....

JulieM Silver badge

Re: I expect I'll get a ton of downvotes BUT

This is victim-blaming.

Yes, some people who fall for scams are just greedy and don't attract a great deal of sympathy for their plight. But many innocent people also fall for scams. Naïvety is not something that should be reprehensible.

Years ago, this sort of practice was deemed unacceptable. Vehicle manufacturers cannot legally require you to use only their approved spare parts -- to the extent that certain features are specifically excluded from copyright or registered design protection, for the protection of third-party vendors' ability to make pattern parts. For some reason, common sense seems to have gone out of the window as soon as computers became involved.

HP's actions amount to nothing short of deception, criminal damage and extortion.

JulieM Silver badge
Unhappy

Re: And yet...

But it probably won't even scan documents unless it has manufacturer-approved ink cartridges fitted, and with some ink remaining in them; this functionality being enforced through proprietary drivers and computationally-expensive protocols to prevent the development of alternative, Open Source drivers.

Linux fans thrown a bone in one Windows 10 build while Peppa Pig may fly if another is ready in time for this year

JulieM Silver badge

Re: Windows awoke to discover it had metamorphosed into...

Well, yes.

Isn't it blindingly obvious that Microsoft are seeking to replace the Windows kernel with a Linux kernel?

French pensioner ejected from fighter jet after accidentally grabbing bang seat* handle

JulieM Silver badge

The fact of the camera not even being running at the time absolutely does not surprise me.....

TeamViewer is going to turn around and ignore what you're doing with its freebie licence to help new remote workers

JulieM Silver badge

You have to pay for it?

It sounds a bit like ssh -X ..... Only with a hefty price tag and without the customary Source Code or modification rights.

They might have chosen temporarily not to prosecute people for taking Freedoms Zero and Two by force, but they are still actively denying you Freedoms One and Three. These people are not your friends.

Mercury, the closest planet to the Sun, surely has no frozen water, right? Guess again: Solar winds form ice

JulieM Silver badge

Temperatures can soar over 400C

Temperatures can soar over 400C, and yet somebody will inevitably moan that they are too cold.

(Coat? I don't need no stinkin' coat! It's double figures out!)

The Tell-Tale Heart! Boffins build an AI that can tell your sex using just your heartbeat

JulieM Silver badge

Re: The black box nature of convolutional neural networks

Well, we could always create another Artificial Intelligence to reverse-engineer the first one .....

Firefox 74 slams Facebook in solitary confinement: Browser add-on stops social network stalking users across the web

JulieM Silver badge

Good start

This is a good start. Maybe it can be enabled by default in Firefox 75?

The next thing we need to start doing is deliberately messing with tracking cookies.

Borklays soz for the ailing ATMs but won't say if fix involved a Microsoft invoice

JulieM Silver badge

Lose and Loose

Around these parts, in the local accent, "Lose" (opposite of "win") is pronounced to rhyme with "Nose" (smelling organ), and thus next to impossible to confuse with "Loose" (opposite of tight).

"Orraight youth? Did Forest lose* Satdy?"

"Aye, 14-nowt** Accrington Stanley. Astetten***? Cos I'm gunna guttut' chippy forra peas mix****!"

* Rhymes with "nose"

** Sounds like "note" = Nothing.

*** = "Have you eaten?"

**** = a local delicacy

Not exactly the kind of housekeeping you want when it means the hotel's server uptime is scrubbed clean

JulieM Silver badge

I wrote a text adventure once with a large red "Emergency Reset Button" in it, which -- rather unsurprisingly, at least in hindsight -- transported you right back to the beginning of the game and wiped out all your progress.

If you spent too many moves in a row in that room without typing IGNORE BUTTON, your character pressed it anyway .....

JulieM Silver badge

I of reluctantly decided if I can't beat them, I'm going to of some fun joining them.

Disk stuck in the drive? Don't dilly-Dali – get IT on the case!

JulieM Silver badge
Headmaster

Re: Dwarfs or dwarves?

"S" at the end of a word was always shaped like the "modern" S. The "f without a stroke" only ever appeared at the beginning or in the middle of a word.

Sadly, the web has brought a whole new meaning to the phrase 'nothing is true; everything is permitted'

JulieM Silver badge
Boffin

Re: Penny for a cup of tea, guv?

Personal Protective Equipment is the employer's responsibility to provide. Ordinary street shoes don't actually offer any more protection, in the eyes of Health and Safety, than bare feet. If falling knives, spilled hot liquids &c. are deemed hazardous enough to require special safety footwear, that's the employer's business to sort out.

JulieM Silver badge

Re: Penny for a cup of tea, guv?

Better than that, even: Act as though you're going to make up the shortfall, wait for the bus to pull in, get on it with them -- and then tell the driver to let them know when they get to [the last fare stage they can afford with the money they told you they have] so they can get off and walk the rest of the way.

If you're wondering how Brit cops' live suspect-hunting facial-recog is going, it's cruising at 88% false positives

JulieM Silver badge

This needs to be stopped at once

This is a dangerous experiment which needs to be terminated at once.

The exact same mathematics underlying the problems of facial recognition -- which is just an especially-complicated form of shape recognition -- also underlie the problem of decompilation of binary executable code to human-readable Source Code. "What shape does this vertex belong to?" is isomorphic with "What high-level program structure does this machine instruction belong to?"

If boffins wish to research the mathematics underlying face recognition in a way that has a negligible human cost, they could do worse than research decompilation. And when you have something that can reliably take a compiled binary and spit out some Source Code that compiles to a bitwise-identical binary when fed into the same compiler, then you might be ready to undertake a limited trial with fully-informed volunteers.

And even if the face recognition does not work, you will potentially have put a fix in place for thousands of legacy systems where software whose Source code has long been lost is having to be run on increasingly-scarce hardware because nothing newer can run it; as well as enabling programmers across the world to collaborate on a project, without even a language in common.

Though for my part, if I achieved that much, I'd be content to leave facial recognition as a problem for someone else to solve .....

We regret to inform you there are severe delays on the token ring due to IT nerds blasting each other to bloody chunks

JulieM Silver badge

Token Ring

Isn't Token Ring similar to "Nobody may speak unless they are holding the conch" whereas Ethernet is more like "If two people happen to be talking over one another, both shut up for a random amount of time before trying to speak again" and switched Ethernet is a special case where groups of people who are just talking to each other can huddle together and whisper so as not to disturb anyone other group?

Ethernet is much closer to how people behave in real life (mostly because there is less overhead in waiting for someone to take a breath between sentences than there is in waiting for a conch to come around), but I can clearly see why "some people" might prefer the Token Ring concept.

Talk about making a rod for your own back: Pot dealer's seized €54m Bitcoins up in smoke after keys thrown out with fishing gear

JulieM Silver badge

Re: Daft or smart?

I think this is just a new variant on an old urban legend: the criminal serves their sentence quietly, believing they have enough loot stashed safely away beyond the reach of the Authorities to set themself up a new life after prison; only to find that it has been destroyed, become inaccessible or otherwise rendered worthless in the meantime by circumstances beyond their control.

Cash being thrown away with someone's personal effects is the usual story; but other variants include buried treasure being dug up by the local wildlife or covered by a new housing estate, and currencies losing value when the issuing country gets involved in a war.

The important things all these stories have in common are, a not-thoroughly-despicable criminal who was smart enough to amass a fortune but not smart enough to avoid getting caught; and their assets being lost in a supremely unlikely way which prevents the Authorities from being unable to seize them.

And it hardly even matters whether it's true or not about the €50M. Pot-smoking is a social activity, and a story like that ought to be good for a free meal anytime it gets told in company. Or at least it would, if not for the fact that most weed smokers I've met haven't two ha'pennies to rub together .....

JulieM Silver badge

From the article

"Garda officers said they were hopeful advances in technology would one day enable them to access the Bitcoin so it could be sold."
Surely if there was an advance in technology that would let the forces of Law and Order access other people's cryptocurrency wallets, then by definition that advance would let anyone access other people's cryptocurrency wallets?

I'm not sure that's really what they want .....

I suppose this shows cryptocurrencies are secure after a certain fashion: you can make your own money worthless to anyone else, with much less effort than shredding banknotes, melting down coins or even just buying something expensive that depreciates rapidly.

And being fifty meg down but the Old Bill not getting their hands on a penny of it -- that's got to be worth a few free dinners.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020