* Posts by Phil Koenig

236 publicly visible posts • joined 26 Jul 2007


Broadcom boss Hock Tan acknowledges 'some unease' among VMware community

Phil Koenig

Yeah I was thinking just the same.

How do you provide "value" to customers by ballooning the prices and chaining them to a perpetual rental property whose attributes you can change on a moment's whim?

Kinda like the value of a web-ad-clicking nameless human who is only valued for their clicks.

FTC goes undercover to probe suspected antivirus scam, scores $26M settlement

Phil Koenig

Another evil doer escapes with paltry fine and "admits no wrongdoing".

I have given much respect in general to President Biden's picks to head citizen-protection agencies after decades of so-called "regulators" who were deep under the covers with the exploitative entities they were supposedly tasked to regulate.

But we are back to the same-old/same-old again with these relatively small fines that carry no actual criminal penalties.

Perhaps Lina Khan's experiences with Trump-appointed federal judges shooting down her attempts to actually be a citizen advocate is souring the FTC on even attempting to get a pro-citizen ruling through the federal court system.

But if that's the case that's rather depressing as well.

Japan to probe Google over 'suspicion' that antitrust laws are being broken

Phil Koenig

Re: "Android is an open source platform"

It's actually worse than that.

In addition to your points, over the last 10 years Google has been systematically migrating critical system services out of the open source AOSP code and into their closed-source "Gapps" code like Google Mobile services, Play Services and Firebase stuff, to literally cripple AOSP to the point that using raw AOSP as a daily driver is worthless to most device users, literally pushing them into their closed-source stuff whether they like it or not. (For instance, they have recently stopped any further development of the AOSP phone dialer app, FFS.)

All while constantly throwing around the "OPEN SOURCE, OPEN SOURCE!" badge which helps to burnish their corporate image among the masses of know-nothing trend-followers. ("Do not pay attention to the man behind the curtain!!")

Florida man insists he didn't violate the law by keeping Top Secret docs

Phil Koenig

Re: What About The Current Resident?

One of the key takeaways for me when it comes to POTUS #45 is the fact that the US founders and framers of the US Constitution never seemed to imagine that someone as incredibly sociopathic as this person would ever manage to ascend to the presidency. And with the help of various Congressional allies and enablers, set about to systematically disassemble the foundations of democracy in the country.

For example I think it will take decades to fully undo the damage that that administration did to various federal agencies by systematically purging long-term more or less apolitical experts in high positions and then replace them with legions of inexperienced political hacks that mostly have no commitment to good government and are simply looking for ways to politicize the federal government in favor of the currently unhinged Republican Party that gifted them these plum positions.

Phil Koenig

Re: What About The Current Resident?

Sorry, sometimes I can't help myself..

Phil Koenig

Re: What I cannot understand ...

About his EGO???


Phil Koenig

Re: I can finally admit something

Pretty sure it was not "class" on Dick's part that led to him resigning, but a US Congress which still had enough decency in those days that the political party of a besmirched POTUS was still able to acknowledge the fact that what he did was so unacceptable and illegal that they made it clear they would vote along with his political opponents to impeach him if he did not resign himself. Nixon was in no position to refuse.

Of course after Ford took office he pardoned a bunch of the co-conspirators so that decency only went so far.

Phil Koenig

Re: What About The Current Resident?

The way that was handled by #46 when he was asked to return them was he just returned them.

This case revolves around an egregious effort by Cheeto & Co. not only to NOT return them, but to extensively lie about what they were doing right in the faces of the DoJ attorneys and judges.

At this point fraud and lying has become so integral to Cheeto's psyche I doubt he's even capable of knowing when he is or is not doing it. (Though exceptions of the latter sort seem quite rare anyway)

Phil Koenig

Re: as did his aide Walt Nauta

If I'm not mistaken Mr. Smith's decision to move the jurisdiction from DC to FL was either not known well in advance or the Cheeto's team assumed he would not be indicted so did not prepare for this.

There's a longstanding assumption and narrative by Cheeto & Co. that the only people that can ever rule against him are somehow all biased partisans from birth, so they didn't suspect that he would do the indictment in his backyard where Cheeto support remains high. (And as it turns out, with a presiding judge who is a notorious Cheeto appointee who has already embarrassed herself with her earlier pro-Cheeto rulings which resulted in a reversal and rebuke from the Federal Appeals Court over her head.)

Alien versus Predator? No, this Android spyware works together

Phil Koenig

Re: Time for REAL security.

RIM - which changed their name to BlackBerry about 10 yrs ago - was still selling (Android) phones up until 2-3 years ago.

Nowadays they are mostly doing enterprise mobile management tools and their QNX realtime embedded OS which among other things has been commonly used for car infotainment systems and various commercial/industrial things.

They might have survived in the mobile market longer with their own OS platform if it weren't for them repeatedly shooting themselves in the foot.

Egad, did Apple do something right? End-to-end encryption for (most) iCloud services

Phil Koenig

Daddy fooled you again, iDweebs

So Apple covers barely more than half dozen specific items with e2ee - making it sound like they're, like, toootally protecting everything on your device from the whole world. But not really.

They predictably leave all sorts of other highly sensitive things open to exploitation and snooping, as per usual.

What about browsing history?

What about contacts?

What about calendar events?

What about the boatloads of stuff you gave permission by default for Siri to "learn" about everything you do, every day?

What about location history/bookmarks/favorites?

What about active/current email data?

What about active/current SMS data?

What about 3rd-party app data?

What about all that juicy metadata everywhere?


And that only scratches the surface.


Last but not least, they quietly pretend to abandon so-called CSAM snooping, while keeping the one piece of metadata that makes that whole regime work: all your image checksums. They could turn that on again tomorrow and have the cops at your door the day after that for their latest fishing expedition.



When will people ever learn.

Too big to live, too loved to die: Big Tech's billion dollar curse of the free

Phil Koenig

Re: Serves Google right

You have no idea how many junkmails get blocked not just before they hit your tertiary "spam" folder that you can actually see, but actually most of them at layer 3 of the IP stack when they open a socket on an incoming Gmail SMTP server that recognizes the IP from the other 3 million spam attempts it just tried to deliver and cancels the connection before it tries to even say "HELO".

Mozilla will begin signing Mv3 extensions for Firefox next week

Phil Koenig

Re: How about letting Android users choose the plugins they wish for Firefox

Use Firefox Nightly, Fennec (a FF rebuild available from F-droid) or Mull (from the Divested Computing Project) and you can also use "unapproved" add-ons/extensions.

BTW: "plugins" are typically content-renderer things like the old Java plugin, the Adobe Reader plugin, etc. Add-ons (Firefox or derivatives) or Extensions (Chrome/Chromium and derivatives) are different.

TSMC triples spending on Arizona advanced chip site with extra 3nm fab

Phil Koenig

When Hawks morph into Doves..

Every time I hear about the KMT's dovish attitude towards the CCP these days it always throws me for a loop because the KMT were the ones that bitterly fought against Mao's Communist revolutionaries for control of the country after WWII.

I wonder what Chiang Kai-shek would have thought of this modern development..

Germany advises citizens to uninstall Kaspersky antivirus

Phil Koenig

Re: Who do I trust?

Mister McAfee has been permanently uninstalled.

Phil Koenig

The Pecking Order

Vulture > Crow

Phil Koenig

Re: Just don't use ANY anti-virus

A modern AV engine will only do that scan ONCE - when it is first installed. (And all the OS files are already known and they have hashes for all of them, so they have no need to scan any of those either, unless their checksums don't match their database)

Subsequently it skips all the files it inventoried on first install/scan, because it vastly speeds up subsequent scanning and lowers resource usage. AV tool makers figured out this "trick" probably 20 years ago.

Phil Koenig

Re: Who do I trust?

This reminds me of SMTP admins that used to geoblock entire continents as their method of "anti-spam".

If the bad Russians really want to get you, your uBlock filter is not going to help you..

Phil Koenig

Re: Just don't use ANY anti-virus

I work in IT security too, and if you don't understand the concept of heuristic and behavioral detection that has been in modern AV tools for decades now, maybe you shouldn't be in IT security, AC #9315347...

Microsoft will adopt Google Chrome's controversial Manifest V3 in Edge

Phil Koenig

Microsoft: The Google Wannabe

Whether it comes to trying to track and data-mine everything you do with your computer, or working against your web freedom and privacy, Microsoft has become a big Google wannabe these days.

US Supreme Court Justice flames lower courts for giving 'sweeping immunity' to Facebook, YouTube, etc when it comes to harmful content

Phil Koenig

Careful what you wish for..

As bad as it has been in recent years where giant social media platforms have become megaphones for all sorts of 100% false and manipulative garbage, the alternative of having corrupt politician-du-jour decide what stays or what goes is probably even worse.

I've watched this debate going on for decades now, and politicians didn't care all that much one way or the other until they discovered occasional restrictions on their own armies of disinfo bots and nonsense-posting political provocateurs.

If any changes are going to be made they need to be done cautiously and with due consideration from people who understand the big picture cultural implications (and what is or is not feasible from a technical/platform standpoint), not idiotic self-serving politicians. At the very least some sort of community standards or board with a diverse membership should be involved in setting standards.

Far easier said than done.

Especially considering the fact that some degree of anonymity is still important for any sort of dissident. Nowadays you cannot even attend a political protest without being surveilled, face-recognition-matched, DNA-collected, GPS-tracked, etc etc.

Twitter Qracks down on QAnon and its Qooky Qonspiracies

Phil Koenig

Re: Wait what?

DoubleThink and DoubleSpeak are a central part of the US Republican party's disinformation tradecraft today. Quite a lot of their statements and positions are at direct odds with their actual acts and history.




Don't strain yourself, Zuck, only democracy at stake... Facebook makes half-hearted effort to flag election lies by President Trump

Phil Koenig

Re: If he does lose

Unfortunately they are so emotionally invested in the illusion he represents that they are extremely fact-resistant and prone to impressively deeply-nested levels of rationalizations. So those numbers of "core" followers are not dropping as fast as you might think.

The so-called "independents" that voted for him, however, are declining noticeably lately.

Phil Koenig

ALMOST wonder???

There is no need to wonder, it's been obvious for a very long time.

You are missing a few other elements but the ones you did include are correct.

If there is one actual skill that this man possesses it is in finding and manipulating gullible, not particularly intelligent people to serve his personal interests.

He certainly hasn't the slightest concern for anyone's interests but his own.

Ex-boss of ICANN shifts from 'advisor' to co-CEO of private equity biz that tried to buy .org for $1bn+

Phil Koenig

Re: It stinks...

Regarding your last paragraph, I simply want to know what entity I am dealing with.

If Google or Microsoft sees the need to create a slew of brand-new domains like awer9u8sdlfkjsdkfjhdf.com to serve web content, I view such a decision as inherently hostile, because they are a well-known organization that has no reason to do such a thing unless they're trying to hide something.

If I have a company name I can look up the company and decide whether their content has any use to me, is just useless/unneeded or is an actual potential threat.

So eg if I find out that their business is "behavioural tracking", their code goes to the bitbucket. If I find out that they are providing something actually useful like a web chat client that the calling domain (a known and legitimate company that I have an existing business relationship with) uses for a legitimate purpose like customer support, then I might not send it to the bitbucket, I might enable it on a day I actually need to use their support chat. Etc.

Phil Koenig

Re: It stinks...

I registered my first domain in 1998 as well and the information there is complete and correct as of this day.

Mind you, I don't put data in there that could directly endanger me or subject me to stalkers. Never had a single problem with it, maybe a dumb domain-switch solicitation mail or fax every once in a blue moon, that's about it.

I see basically ZERO reason for any legitimate business to hide behind a 100% redacted WHOIS record. If you are a legitimate business and not a scammer, you owe it to the public who may be roped into "doing business with you" simply because you're serving some dodgy JS on thousands of webpages that people encounter every day without any warning in advance that your lousy dodgy JS is going to be trying to get into their browser.

At the VERY least they should have their f'ing COMPANY NAME there. Would you buy stuff from an entity on Amazon that won't even tell you what the name of their company is or where they're based?? Would you buy a car or a pork loin from a reseller that won't even tell you who they are?? This is absurd.

For individuals of course it's different, if they don't have a business or mailing service address or a phone # that doesn't ring at their house or on their mobile then yes, I understand all that. I'm not talking about such people. I'm talking about companies who you are forced to "do business with" in the form of active online code, but which REFUSE TO IDENTIFY THEMSELVES.

As it stands today, the whole idea of WHOIS has been completely destroyed for all practical purposes. It seems that almost every new domain registered today is completely redacted by default.

I view this as just one example of how various parasitic entities have twisted the domain and IP address-space management bureaucracy in recent years towards their own profit interests and against the interests of the public at large.

Just like the subject of the article we are commenting upon.

Phil Koenig

Re: It stinks...

What has happened to ICANN, IANA and the Internet Society over the last 10+ years is horrible.

For example, because WHOIS records are now virtually useless due to so-called privacy provisions which are largely used by shady organizations trying to escape responsibility for their online activities, it takes me 5 or 10 minutes per domain to do research every time I see some questionable javascript that I'm trying to decide whether to let run in my browser or not.

My life as a criminal cookie clearer: Register vulture writes Chrome extension, realizes it probably breaks US law

Phil Koenig

Re: Alternative approach

I love this - call it a "Reverse EULA" - presented in the HTTP handshake with every website you open. :-D

Phil Koenig

That happens to be a legal requirement in the EU that they are complying with.

Phil Koenig

Re: My computer, my rules.

Considering the fact that Google isn't particularly interested in making it easy for people to circumvent advertising and paywall tech, don't expect much help from them in Chrome/Chromium (and all its forks) either.

Yes, it should not be easy for websites to ascertain if someone is using incognito mode. Or any other privacy/security enhancing tactic if the user so chooses.

Phil Koenig

Re: "Removed in v44"

"Ask me every time" became ridiculous on the web like 15+ years ago.

Nowadays the best strategy is use an extension that auto-deletes them, make the default "session only" and set the timeout after tab close to delete to ~60 seconds. (In case you're doing an e-commerce transaction or some other page that pops a new window to enter credentials in and then redirects back to the original page afterwards to complete the transaction with cookies carrying the login status)

Then just add the few sites you do need persistent cookies on as necessary and that's that.

Of course, now that we have reasonably effective cookie management tools, site developers are moving onto other mechanisms that don't rely on them, like local storage/DOM storage and browser fingerprinting.

Goodness forbid you're using a mobile browser, the choices there are bleak.

Twitter hackers busted 2FA to access accounts and then reset user passwords

Phil Koenig

Re: The need for passwordless WebAuthn and Yubikeys

I thought about getting a Yubikey for a while.

Until I realized how much it would suck if it was lost or stolen .

Phil Koenig

Re: There's something I don't understand

Being able to initiate a password reset is not the same as revealing the password in plaintext on someone's monitor.

Initiating a password reset shouldn't be an inherent risk for an admin to use unless they control the account that the reset request is being sent to. (Or they are using an idiotically insecure channel like SMS to send the unencrypted password reset request)

On the other hand, if a user asks an admin to both reset a password and disable 2FA simultaneously, that should probably require A) some additional info from the user, and B) get a supervisor approval of some kind before being allowed, and probably the account in question should be closely monitored for a while, too.

As for Twitter not being open, I think it's clear that they are not, despite their claims. If they were actually being open, they would have defined what this "small number" of admins actually means, what positions they held, and more details about how they were pwned.

Phil Koenig

Re: Karmic Justice for this incompetence

People have had years to "wakeup", yet they seem to be getting stupider and stupider about such things.

Education and aggressive policing of the massive online disinformation programs that are going on these days would be helpful.

As would actual criminal penalties against any business that causes damage to customers or the community, either willfully or unknowingly. If you own a building that flouts safety regulations and which blows up and injures people living next door, the same principle applies.

Unfortunately in the US, Profit is King, so there is rarely any political will to write and enforce such cyber-laws. Especially since technology-ignorant politicians can't even imagine what the potential problems are until they have already left a trail of destruction.

Phil Koenig

Re: Dodgy

Doesn't help much if the miscreants had access to internal Twitter admin control panels and just disabled 2FA temporarily.

This whole matter is an unmitigated disaster.

Phil Koenig

Karmic Justice for this incompetence

Not just one but apparently several Twitter employees were socially-engineered to share or compromise their admin credentials which have access to super high-profile accounts?

Is this some kind of bad joke?

Maybe it's karmic justice for being one of the top 3 enablers of the current POTUSCLOWN.


Linux Foundation starts new group to build pandemic-popping software

Phil Koenig

The right tool for the job?

"When the only tool you have is a hammer, everything looks like a nail."

Give technocrats a problem, and they will propose a technology "solution" for the problem.

I suspect old-fashioned contact tracing is at least as efficacious, and I don't have to worry about incompetent/cavalier developers that make stuff that violates my privacy far more than necessary to accomplish the job. (Eg, anything with links to any Google framework is already highly suspect.)

Phil Koenig

Re: Correct me if I am wrong

Given all the money in recent years that has been thrown at Linux players, I'd say you are not wrong.

Linux has been corporate-mainstreamed, with all the usual trappings.

Twitter admits 130 A-lister accounts compromised to promote Bitcoin scam after 'social engineering' attack

Phil Koenig

Re: Your passwords are safe - phew!

The attackers apparently did 2 things on the targeted accounts with the admin creds they gained access to (apparently via social engineering), which are standard admin tasks:

1) Disabled 2FA if enabled

2) Reset the associated email account to an account under their control

Once they had control of the linked email accounts (and with 2FA disabled) they could send password reset requests and at that point they effectively owned the accounts.

None of that discounts the fact that Twitter is incompetent here - in fact I think they are grossly incompetent.

And this also highlights the folly of making access to a particular email address a critical part of any account's so-called "security".

It's not much better than your bank giving someone else access to your account if they are wearing the same brand of shoes you wear.

Literally rings our bell: Scottish eggheads snap quantum entanglement for the first time

Phil Koenig

I went to the island of Doctor Moreau...

Who showed me a vision, and it looked like... love?

Cough up, like, 1% of your valuation and keep up the good work, says FTC: In draft privacy deal, Facebook won't have to change a thing

Phil Koenig

I'd be more supportive of the fine if it could be earmarked for specific purposes, not to include military budgets..

Phil Koenig


Ron Wyden is a rare jewel amongst the cesspit of US politicians these days, and one of the few consistent defenders of personal privacy. In an era where we are constantly bombarded with propaganda trying to convince us that privacy is an old-fashioned concept.

As if.

Brilliant Boston boffins blow big borehole in Bluetooth's ballyhooed barricades: MAC addy randomization broken

Phil Koenig
Black Helicopters

Re: Isn't the real flaw...

One WiFi privacy tool I use on my phone uses the GPS to ascertain if you are near a known network or not before it attempts to connect. (Rather than the usual practice of constantly broadcasting and looking for a known network)

Perhaps something like that could be applied to Bluetooth. (Of course, all the privacy-invasive things people like to use Bluetooth for - like retail BT beacons and such, would stop working. A feature, not a bug..)

Phil Koenig

Bogus funeral plans

I've been a user here for years and I see no evidence that it has lead to sales calls or emails from anyone.

Here's a coin, try again.

Dodgy-govt fave FinSpy snoopware is back and badder than ever for Android and iOS kit

Phil Koenig

Re: Factory Fresh? From a mobile provider?

Unfortunately Verizon's network, while probably the best run in the US, is rather unique.

So the majority of phones that work elsewhere won't be fully operable on Verizon's network. (Due to, among other things, its unique LTE spectrum and usage of IS-95/IS-2000 ["CDMA"] technology for fallback voice and SMS)

NASA smacks an Orion into the water with a successful Ascent Abort-2 Test

Phil Koenig

Re: Stumpy...

It doesn't look "right" because it's more or less just the top of the final launch stack, equivalent to the 2nd stage, a dummy crew module, and the Launch Abort System. (LAS - the little tower on the top, which is what they were primarily testing today)

This is what the completed launch vehicle will look like during the first stage of the launch:


Don't worry, Eugene Kaspersky. Acronis is just busting a security move...

Phil Koenig

Re: Acronis headquartered in CH, support in Singapore, yet everyone on devel staff is Russian?

@elDog - you beat me to it.

I thought the article was going to talk about the fact that Acronis and Kaspersky were going to do some kind of partnership or something.

Because Acronis was indeed founded by a bunch of Russian guys.

Lots of companies seem to move their official headquarters around to more geopolitically blasé locations to avoid cuing-in the public about their national roots, particularly when that's a place that isn't very popular at the moment...

Here's how we made a no-fuss RSS vulture app using trendy Electron

Phil Koenig

A headline lister?

I've been using RSS for quite a few years and a "headline lister" sounds fairly pointless to me.

The whole reason I use RSS readers is to avoid all the garbage on the original webpages, and to reformat the pages into something that doesn't blind me. (I pretty much despise blinding white backgrounds on anything I have to read much of.)

I realize this may sound like some kind of declaration of war to those whose salaries depend on website advertising, but if I wanted to load all the scripts, images, tracking nonsense, ads and other junk just to read a couple of paragraphs for each article of interest I would just go to the original website and forget about RSS.

Julian Assange wins at hide-and-seek game against Sweden

Phil Koenig

Re: So, are the Swedes going to pay

If you honestly think that the UK spends millions of pounds and 5 years of 24-hour baby-sitting for every bail scofflaw in the country then I think it's time to go home and dry out.

Phil Koenig

Re: Entertainment

Re: Assange's "selectivity", of course it would never have occurred to any of his numerous bitter critics who made their mind up about him the moment they heard all that state propaganda about him and never bothered to look at the details.. that he might actually be protecting Edward Snowden by not going full-tilt against Russia at the moment?

Or that Russia is one of the very very few countries in the world (2 or 3 at the most) which has the power and capabilities to a) keep Snowden away from US clutches, and B) provide some kind of platform to someone like Assange (eg via RT) who is persona-non-grata anywhere the US has significant influence? Does anyone in their right mind think that the BBC is going to provide Assange with a neutral platform from which to criticize western countries?

Most of the shrill critics from what I can tell basically decided whether they like him or not based on whether he leaked anything on their buddies recently and what their favorite politician tells them to think. The US Republicans hated him and Wikileaks with a passion for years and were incessantly braying for his head until Wikileaks released some damaging material on their political foes that ultimately helped them win the election, whereupon they all kissed and made up and got on the Wikileaks bandwagon. Pathetic.