* Posts by JohnFen

5648 publicly visible posts • joined 20 Feb 2015

Great news, Comcast users: Your favorite cableco is selling your viewing habits to analytics biz Comscore


This sort of thing

This sort of thing is why I'm happy that I don't have cable TV, and why I don't use video-streaming services, including Twitch (with the exception of YouTube, but I use that in a very locked-down way). I just assume that all online service providers is selling data collected about me, the use of my machines, and my use of their services to however is willing to pay.

I don't trust a single one of them.

Microsoft starts a grand unification attempt with .NET 5


Re: More Bloat

Agreed. As a user, .NET makes me cringe. As a developer, I won't touch it unless I'm forced.

Broadcom sues Netflix for its success: You’re stopping us making a fortune from set-top boxes, moans chip designer


Those set-top boxes

Those set-top boxes are one of the three primary reasons why I cancelled my cable subscription. But I did that from before Netflix had a streaming service.

Butterfly defect stripped from MacBook Pros, Airs by Q2 2020, reckons Apple analyst


Re: I liked the butterfly keyboard..

> The mechanical keyboard from an IBM XT is as close to perfect as I've had.

Yes, that was one of the great ones. Although, being a graybeard, my all-time favorite keyboard was the one made for the old VT-100 terminals.

Meltdown The Sequel strikes Intel chips – and full mitigation against data-meddling LVI flaw will slash performance


Re: If these exploits carry one

> Other makers may well desert Intel and switch to AMD.

And personally, I'd already determined to avoid Intel CPUs entirely a couple of years ago.

Amazon launches itself into retail IT with 'all the necessary technologies'. Not saying which, but you know...


Re: Pickpockets paradise

> This is a problem under US and UK law: shops are required to accept cash.

In the US this is not generally true, although there are a couple of places that have passed such laws, and I expect that trend will continue.

> The lack of a cash option is a deal breaker for me.

Me too. Additionally, any requirement that I provide identity information (credit card, randomized identifier, etc.) is a deal breaker.

> I have not seen any warnings about the existing system of tracking how your phone moves around the shop using the free WIFI.

Yes, this is an increasingly common thing for shops to do, regardless of how they manage payments. And most people still don't have any inkling that this is happening. That this happens is why I put my phone into airplane mode when I enter any shops.


Re: Pickpockets paradise

> Plus, when you enter you have to tie your identity to your amazon account via a phone app

Not with this program. You register your credit card when you enter the store, instead.


Under no circumstances

I can't imagine a circumstance short of a serious emergency under which I'd willingly set foot in a place that implements this sort of thing. It's insane.

NSO Group fires back at Facebook: You lied to the court, claims spyware slinger, and we've got the proof



It's so annoying when two bad actors are fighting like this, because you can't really root for either of them.

Morrisons puts non-essential tech changes on ice as panic-stricken shoppers strip stores


> everyone will think you are panic buying when actually you are just buying loo roll.

Wouldn't people's impression depend on how much you're buying? If I see someone buying one package (even a large one), then they need bog roll. If they're buying as many as they can fit in a cart, they're panicking.


Re: Couting my blessings

You were? It's not an unreasonable suggestion, though.


Re: I refuse to panic

I live in a medium-sized city in a US state that has coronavirus victims, but aside from the absence of IPA on the shelves, I've seen no signs of stockpiling or panic-buying.


Re: Couting my blessings

Yes, I'm planning on giving that a run. It doesn't have as high of an alcohol percentage as 99% IPA, but it comes reasonably close.


Couting my blessings

(I live in the US) I needed to buy some 99% isopropyl alcohol yesterday for a project I'm working on, and was pissed to find all of the stores in my area are completely out of anything above 50%. I checked Amazon, and they have it -- but only at hugely inflated prices from third-party sellers.

But hearing about stores running out of things more widely muted my anger a bit. If all I have to worry about is being unable to buy IPA, then I think I have to count myself lucky. At least I don't need a good dust mask right now.

More than a billion hopelessly vulnerable Android gizmos in the wild that no longer receive security updates – research


On the other hand

The very notion of updating any software fills me with fear these days, so I'm in the camp of those who are happy not to be getting OTA updates. Not to mention that I would prefer not to use the more recent versions of Android anyway.

I really, really wish that software makers would go back to doing separate security and feature updates, so those of us who don't want feature updates don't have to forgo the security patches. But I guess that's just not the world we live in anymore, and we're all poorer for it.

Now that's what I call a sticky situation: Repairability fiends open up Galaxy S20 Ultra 5G, find the remains of Shergar


Re: Robustness??

This has always baffled me as well.

I had the same very thin phone for 7 or 8 years now. I've never used a case for it, because I hate cases -- and yet it remains utterly undamaged despite being dropped countless times, including in water twice. I don't know what I do differently, but I do serve as an example that cases are not technically necessary.

Thumb Up

Re: note for the young people

Thanks for the explanation. I'm the opposite of young, but I don't follow horse racing news and so I'd never heard of Sherger and didn't understand the reference.


And what's the cost in terms of time and hassle? Is it as cheap as with devices that actually anticipate users will swap out batteries?


Re: Samsung Repair not that bad

There's nothing wrong with a manufacturer having its own repair center. There's a lot wrong with making the devices such that using the repair center is effectively mandatory.

Let's Encrypt: OK, maybe nuking three million HTTPS certs at once was a tad ambitious. Let's take time out


Re: Alternative universe?

Downvotes for complimenting Let's Encrypt? This place can be very strange.


Re: Was probably always the plan.

> Overall not a bad plan. If that is what it was.

I don't think that was a plan, but if it was then it's a terrible one because it is effectively trading away the ability to trust what LE says. Correcting a bad initial call increases trust. Lying to manipulate people into action decreases it.


Re: Alternative universe?

Yes, I applaud them for both of things things! Great job, LE!

But I still remain happy not to be a LE user. (To be clear, I'm not saying that people shouldn't use LE -- only that for some people such as myself, the cost/benefit of using them is not favorable, and this sort of thing doesn't help that.)

'Optional' is the new 'Full' in Windows 10: Microsoft mucks about with diagnostic slurpage levels for Fast Ring Insiders


Is it still impossible to stop the spying?

Because if not, then it doesn't matter what labels they put on the slurpage settings.

Microsoft's Cortana turns its back on consumers as skills are stripped from Windows 10


Re: Productivity

Yes, you can, but that doesn't solve the other issues with the new start menu. Replacing it does.


Good riddance, Cortana

Hopefully, I'll be able to avoid Cortana when using O365 as well.

'Developers have lost hope Microsoft will do the right thing'... Redmond urged to make WinUI cross-platform


Re: "Then why not just use something

> To be fair, it could be done better than mediocre

I'm not so sure. It seems to me that any cross-platform approach necessarily involves compromises that reduce the quality of the GUI on any particular device, because you have to avoid using any of the platform-specific features.

I could be wrong, of course, but I've seen numerous attempts at this sort of thing over the years, and so far the very best of them have only barely achieved "mediocre".


Re: "Then why not just use something

> a cross-platform GUI is quite impossible

It's not impossible. It's just impossible to do and end up with something that is better than mediocre.


Re: If you want to build portable, you don't use Microsoft tools.

Perhaps, but it's still better than the Microsoft stuff.


Re: Because ...

Web UIs universally suck, but I do find UIs developed with Qt to be superior to what Microsoft is offering, particularly since Win 8.

Windows 7 goes dual screen to shriek at passersby: Please, just upgrade me or let me die


That would be easier

> Microsoft has spent the last year begging Windows 7 users to move to a better place.

That would be a whole lot easier if Microsoft had an OS that actually is a better place than Win 7.

Drones must be constantly connected to the internet to give Feds real-time location data – new US govt proposal


Re: Kind of surprising

> it would completely destroy the hobby builder market

No it wouldn't. The majority of people building their own drones will ignore this.


I guess the FAA

I guess the FAA suffers the same delusion as many tech companies do -- thinking that internet access is ubiquitous and can always be counted on being available. It's not, and it can't.

Microsoft's latest cloud innovation: Printing


Lord, no

There are many, many things that having the cloud be involved with brings little or no value to. Printing is one of them.

Take it Huawei, Pai: Senate passes bill to rip 'dodgy' kit from rural telcos


Fiscal responsibility?

This is not at all a total waste of a billion dollars.

FCC sucks its teeth, clicks its tongue, says: Yeah, AT&T, Sprint, T-Mobile US, Verizon gleefully sold your location data. Guess we should fine them?


Contractual assurances

> The telcos, the agency said, relied on contractual assurances that these third-parties would get permission from wireless carrier customers before accessing their location data.

This is a great example of why, when companies share my data with questionable third parties (such as marketing outfits) but explain that it's OK because they have a contract restricting how the third party will use the data, I am not only unimpressed, I take it as a strong indicator that, at best, the company's judgement is questionable and I should avoid using their products and services.

Trashing privacy? That's our job! Facebook accuses analytics biz of harvesting people's info from software dev kit sold to app makers


That's nice, but

It's good that Facebook is paying attention to abuses like this. It would be even better if Facebook paid at least as much attention to getting their own house in order.

Microsoft's Windows OEM, Surface sales looking a bit peaky as coronavirus takes toll on China supply chain


> Its not as if its a high fatality rate bug like Ebola

In a certain real sense, it would be better if it were. Ebola is less likely to become a pandemic because its severity makes people die fast enough to reduce their ability to spread it far and wide.

Campaigners cry foul play as Oracle funds conservative lobby group supporting its court case against Google


It's just Oracle being Oracle

You can safely assume that if Oracle is doing something, that something is terrible.

Departing MI5 chief: Break chat app crypto for us, kthxbai


Re: Let's think about this...

> think of a world where there is no encryption, we would all have to be honest

You and I might, but not those in power. A world without privacy is a world with a huge power differential. Plebes like you and I wouldn't be the ones on the positive end of that. We'd just have to suffer from the resulting tyranny.

> TRUST would become the most important thing in life

What little trust still exists would be utterly destroyed. If you can't have confidence in privacy, you can't trust a great deal of communications with others, so such communications would either stop or consist only of things that people think won't offend those in power.


...and yet

> He told the broadcaster: "We do not approach our work by population level monitoring – looking for, you know, signs of: 'Out of this 65 million people, who should we, you know, look a bit more closely at?' We do not do that."

I know it's a different agency, but the announcement that cops are going to start engaging in widespread face recognition makes this assertion seem rather dubious.

Wi-Fi of more than a billion PCs, phones, gadgets can be snooped on. But you're using HTTPS, SSH, VPNs... right?


Problematic WPA2

I stopped allowing non-VPN connections through my home WiFi a number of years ago (except for with the isolated open AP I run), because I don't trust WPA2 to provide anywhere near sufficient protection. There have been a few times that I've been happy that I did this, and this is one of those times.

Admins beware! Microsoft gives heads-up for 'disruptive' changes to authentication in Office 365 email service


Re: "tenants"

"Tenants" is actually the industry-standard term for customers of such services. Microsoft didn't invent it.


I hope that I don't have to use Outlook

I'm forced to use O365 at work, but I mitigate some of the most annoying aspects of that by using a third-party email client rather than outlook. I sure hope that I don't have to start using Outlook. :(

Hacker swipes customer list from controversial face-recog-for-Feds Clearview. Its reaction? 'A part of life'


Re: Just desserts

Everybody involved (both Clearview and their customers) are both bad actors and victims. But no really critical information seems to have been pilfered.


Just desserts

I don't rejoice when anybody gets their data stolen -- after all, that's the heart of my objection to how internet marketing operates. And I don't rejoice in this, either. That said, it's hard to find a more deserving victim this time.

Firefox now defaults to DNS-over-HTTPS for US netizens and some are dischuffed about this


Re: Suddenly, Advertising!

> If the admin doesn’t want to use an enterprise policy then can just use a Canary Domain on his DNS to return NXDOMAIN, Firefox checks this at startup and then doesn’t use DoH.

Doing this will not affect software that really wants to use DoH. It will only affect webpages that use the FF-supplied mechanisms.


Re: It's straightforward to roll your own DNS-over-HTTPS

> But that statement is true whether or not Firefox use DoH.

Yes indeed -- that's rather my point, and my objection to DoH. That it exists as a standard is the problem with it, not that it exists in FF.

> Even if there was no such thing as a DoH spec, Firefox or Cloudflare in existence.

But without DoH, it's simple to detect and filter DNS lookups when they do. If they use a nonstandard, private DNS server to avoid that sort of defense, then it's easy to block all access to that server.

While it was always technically possible to do surreptitious DNS lookups, that there is a standard mechanism to do so now, supported by mainstream DNS providers, means that the number of people actually doing this will grow from "insignificant" to "reasonably common".

> Firefox implementing it means the vast majority of those apps will just let FF do the lookup for them

Yes, but those aren't the apps I'm worried about. I'm worried about ne'er-do-wells, such as martech companies and other spies.

Firefox, you know you tapped Cloudflare for DNS-over-HTTPS? In January, it briefly knackered two root servers at the heart of the internet


Re: But

Firefox has shifted to primarily targeting the technologically inexperienced user now, so I imagine an increasing percentage of FF users fall into that category.


The general trend

While glitches like this can, and do, happen outside of for-profit corporations as well, I agree that the privatization of the internet is a general trend that does not bode well for the future.

In the more immediate term, this gives me a little more reason to start looking at implementing a separate DNS service that isn't terribly reliant on the official one. Just in case.

Microsoft uses its expertise in malware to help with fileless attack detection on Linux



> Assuming you've bought into the whole Azure Security Center thing.

Which I'm not going to do. I simply don't trust Microsoft.