* Posts by Dr.Flay

87 publicly visible posts • joined 7 Nov 2015


Bon Jovi, Billy Eilish, other musicians implore AI devs to think of humanity


The pot calling the kettle black

I am under the impression that humans already listen to copyrighted works when learning to play an instrument etc.

Those humans go on to create music inspired by other artists, sometimes even covering a whole song.

Do they now have a problem with that ?

Chinese citizens feel their government is doing such a fine job with surveillance


Flies in the face of rality and the videos coming out of china

Was this study done before COVID ?

I don't think all the people protesting in China would agree with the study, especially when that surveillance is the reason protesters get picked up at home with a free ticket to the gulag.

YouTube loves recommending conservative vids regardless of your beliefs


Who decides what is left and right ?

A highly flawed study if they didn't have the option of, "is the video critical but non-partisan?"

Videos criticising ideas espoused by one side or the other will be presented as leaning into the other camp.

There are lots of content creators being labelled as something they are not, because they disagree on a topic.

Shame so many people can only see life through the lens of politics so assume everyone else does.

Feds charge two men with claiming ownership of others' songs to steal YouTube royalty payments


We know how much money they made but,

Only one question stands out for me

During this time how much money did YT make from the songs ?

Software piracy pushes companies to be more competitive, study claims


Correlation or causation ?

I would argue that piracy was not the driving force, but that it was simply the games industry growing up.

By 2001 the time of bedroom programming teams dominating the games market was well over, and it was already a corporate arena where brand names became more important than the products, and we saw many big names absorbed into oblivion.

A few notable companies had created landmark games that they wanted to keep control of, and make more money from in whatever form even if they subcontract the development to another programming team.

No amount of investment in intellectual properties or licencing will have any effect on software piracy.

They are not related, they just happened at the same time.

How many Brits have deleted life-saving track and trace app from their phones? No idea, junior minister tells MPs


6 of 1, half a dozen of the other

whether or not people are removing the app, it is still a very popular download.

Currently the 4th most popular free app in the UK.


Sold: €15k invisible sculpture that's a must-see for art lovers


Invisible artwork stolen

Reports are now coming in that 3 Mime artists used their powers of distraction to perpetrate an audacious daylight robbery.

While amusing the crowd with invisible ropes and sheets of glass, they cunningly hid the artwork from view.

Once hidden it was swapped it for an almost identical work they had knocked up in the shed last night.

Police are looking for 3 men wearing black clothes and eye-masks, last seen struggling in an amusing way to carry a large invisible object from the area, and loading it onto an invisible flatbed truck.

The public are warned not to approach them due to the risk of unsolicited miming.


Art fit for an Emperor

The Emperor's new clothes never looked so splendid until draped over this fine sculpture.

Q: How will they know if it has been stolen ?

UK.gov awards seats on £2bn 'digital outcomes' framework to suppliers – one of which doesn't even have a website


Place your bets now

I give it 2 years before they realise this 2 billion is not enough for all the overpriced buffets and drinks they will need for all their "meetings" in expensive hotels.

3 years before the Gov admit it looks like it needs fixing.

5 years before they admit they can't fix something they don't understand (no they won't admit that last little bit).

6 to 7 years before they scrap it and rebrand another of the same pointless excersise of throwing away money to revamp our failing Gov. IT infrastructure.

Rinse and repeat.

Apple to halve commission for developers turning over up to $1m in sales via App Store


Re: The good old days

Your comparison does not work as you are comparing sales of a physical product to a totally digital one.

Developers could save that expense you mention by doing exactly the same and only selling digital copies.

If indeed Steam etc. sent out DVDs and Bluray discs then yes it would warrant a decent cut.


Apple Board room discussion.

"How can we make it look like we are being less like leeches without it affecting revenue ?"

"hmmm, who do we make the least money from anyway ?"

"What if we just take a smaller cut from the small pie ?"

"great idea the plebs will be on our side if we make it look like we care about them."

Linus Torvalds banishes masters, slaves and blacklists from the Linux kernel, starting now


Use of a dictionary would stop this nonsense

The word Master comes from the ability to achieve or overcome, as in to master a subject or become the best at something.


Please, just stop downloading apps from unofficial stores: Android users hit with 'unkillable malware'


Re: "don't use unauthorized third-party stores at all."

Actually it isn't even an argument anymore. They have confirmed that so far they have never had to remove malware due to their stricter policy than google.

See the recent interview


Confirmed. F-Droid is the safest app store.

Something something DANE cook: Microsoft pledges to wrap its email systems in secure anti-snooping protocol


Until browsers support DANE/TLSA and show status and errors, no amount of publicity will make people adopt it.

Cloudflare may have made DNSSEC available to all customers for free, but nobody bothers to configures their domain to use it due to (see above).

The one browser extension there was that let you see the status of the domain and cert is no longer possible with the current API access.

Mind you, using it just made you miserable as it showed how few site admin either give a crap, or have heard of it.

Internet Archive opens National Emergency Library with unlimited lending of 1.4m books for stuck-at-home netizens amid virus pandemic


Such a shame this collection is off-limits due to the Great Firewall of UK.

Active blocks by EE, O2, Three and Vodaphone (affects pay as you go customers)


Amazon, Apple, Google, IBM, Microsoft speech-to-text AI systems can't understand black people as well as whites


The study is flawed as it assumes race creates an accent and speech patterns.

The researchers should have directed their attention to the many hilarious videos in youtube, of mostly white people in the UK that do not have a BBC English accent, where they are pleading, shouting, screaming and swearing at Alexa, Siri or Google.

Tens of millions of biz Dell PCs smacked by privilege-escalation bug in bundled troubleshooting tool


I can always tell if the support centre service has reenabled itself on my Dell laptop, because there is a huge chunk of RAM in use.

Yay lets waste over 600MB of your resources to do something a good shareware author could fit on a postage stamp.

40 million emoji-addicted keyboard app users left with $18m bill – after malware sneaks into Play Store yet again


Re: so glad google are keeping us safe.

This ^


Re: Why?

Q: Why ?

A: Emoji


Re: so glad google are keeping us safe.

Yes and no. The problem is more because of what google allow in apps.

F-Droid do not have a malware problem because they only allow apps they can build from public source, and do not allow certain SDKs including adverts.

1) the discourages people from making apps that only serve to create money

2) discourages people from prepackaging open source apps as their own to generate money

3) makes it difficult to hide any malware


so glad google are keeping us safe.

"Anyone who is using the ai.type keyboard would be well advised to delete it ASAP. As it is no longer in the Play Store there is no risk of new infections there, but anyone using third-party services should avoid downloading the keyboard if they see it."

OK. lets pop over to the defacto second-party app store that is apparently now safe and see what people are downloading instead.

...oh that would be another one of the variants from the same author, so lets see what appbrain has to say about this bloatfest...

No surprise, equally stuffed full of SDKs and adverts. https://www.appbrain.com/app/ai-type-keyboard-plus-emoji/com.aitype.android.p

and a long term history of malware distribution it seems, going back to at least 2013 https://www.mywot.com/en/scorecard/aitype.com

Radio nerd who sipped NHS pager messages then streamed them via webcam may have committed a crime


Lesson learned

I happen to know the nerd in question. Oh how pleased they are going to be about being a news story.....*cough*

The individual in question is not a HAM operator but uses SDR kit to listen to interesting radio streams, such as air traffic control, passing satellites and apparently the local football stadium.

Publicly available software is used to listen to the same stuff you or I can tune in to any time we want.

The webcam feed was not intended for the public. It is not on a web domain, is not linked or shared on any web sites, and cannot be found with normal search engines.

You have to know the IP address to find the landing page for the home web-hub.

Apparently most of the time the camera shows flashing disco lights, oscilloscope visuals, or whatever retro project is in progress that needs monitoring.

This was part of his raspberry pi powered home entertainment system.

The "general public" would never have seen it even if they tried looking, however shodan users can find it which is why it took a security bod to actually find it.

I suggested that the person limit IP access or use a password in future.

As touched on in the article we should however be using this incident to highlight the state of affairs concerning the UK tech infrastructure.

As already noted, you or I can access the same info without any restriction.

The term Ambulance-chasers was coined a long time ago because of journalists and creeps that monitor the emergency channels so they can beat others to a story or make money from misery.

This is still a thing.

We're great, boasts Huawei in founder's Little Red Book – but isn't that a video game screenshot?


Long way round a short task.

Has nobody heard of reverse image searching ?

The oldest copy I found is from 2015 using Tineye. Yandex would probably find more.


US military swoops into DEF CON seeking a few good hackers for debut aviation pwning village


Who still uses F-15s ?

It occurs to me that they have been allowed to hack the systems of an old plane the US don't use much anymore, and have mostly offloaded to other countries.

Other countries which may or may not (mostly not) get the same fixes (damn those supply chain issues eh).

If they want to be able to hack the planes they sold off to their "allies" years ago, this seems like a good way to get the advantage needed.

If they want to improve the security of the F-35 then the hackers should be hacking that.

However all anyone needs to do to scupper an F-35 is pick a fight in bad weather, make it fly "too fast", make them have to take off and land a few times and use up their tyres (damn those supply chain issues eh.), or hold up a mirror and just shame it into killing itself.

Police costs for Gatwick drone fiasco double to nearly £900k – and still no one's been charged


Agreed, I believe the most important aspect of this (seeing as there will be no conviction) is that £886,210 pocket money or whatever they have spent it on, needs some explaining.

Nothing to show so where is the money and what have they bought with it ?

Equipment ? Staff ? Lots of paperclips ?

They must keep accounts of some sort.

'Cockwomble' is off the menu: Uncle Bulgaria issues edict against using name in vain


It is not swearing, it is biology

Cock Womble = Male Womble

Hen Womble = Female Womble

Group noun: Jumble-sale.

Humans may be able to live on Mars within halls of aerogel – a wonder material that can trap heat and block radiation


Re: Aren't we missing something ?

Yes Mars has an atmosphere, however while your feet will be in the atmoasphere your head won't be if you are standing, it is so thin.

Mars is under constant bombardment and is pockmarked with lots of recent hits.

Recent footage and photos reveal the activity is much higher than on Earth.

Our atmosphere provides us with a light-show and sparks with few hitting the ground.

On Mars you will be as protected/unprotected as the ISS.

Micrometeorites are enough to kill people on the surface.


Aren't we missing something ?

All the while we ignore the 1 major problem of life on mars.

It has no atmosphere so no protection from asteroids.

I hope this ultra light weight material can also withstand an asteroid impact.

Without living under come substantial protection all this is pointless, and at the point you are inside a protective metal dome, you won't be needing this material.

While we were raging about Putin's meddling and Kremlin hackers, Five Eyes were pwning Yandex, Russia's Google


Re: The Grand Game

OK. so lets get the maths of that right.

5 Countries in a group, probably do less hacking than 1 country on its own.

BTW. 5-Eyes is the original name and now there is 9-Eyes, and even 14-Eyes, so maybe they hack even less because there is even more of them ?

Vivaldi to give abusive sites the middle finger with built-in ad blocking


Re: Nice, but...

Go back to school.

The browser is responsible for everything you see.

Vivaldi lets you disable GIF animations, or set them to only play once.

"It is not rocket surgery".


Nope yer fine, it was broken temporarily for some users.

You'll probably get your chance to moan about something breaking, so hang in there.


Re: Not enough!

Yeah but your lists will include all regular ad-services. Even the standard easylist is way bigger than the google list.

Vivaldi are only blocking bad sites, not annoying sites, hence the use of the phrase "...on the very naughty list."

I would agree that a bigger list is in order, but trackerless ads should still be allowed.


Re: Nice, but...

You can disable GIF animations via the picture cache icon in the bottom-right of the browser.


No Vivaldi does not automatically download offensive sites.

Perhaps you should re-read the article. If that does not help, then the problem is you don't understand the things you are complaining about.


Companies don't drop everything for 1 individual that can't use the browser properly.

Whop-de-do they changed the icon several times (so have the other browsers). This affects the browser how ?

Drag-n-drop of bookmarks works just fine or the manager page would be rather pointless.

Vivaldi is nothing like Chrome to use. You are mistaking Chromium core for Chrome browser.

Email is coming and being tested internally. It is not a core browser component so has different priorities

"all kinds of Phillips hue colour nonsense". 1 optional GUI enhancement that was easy to add is hardly all kinds of nonsense, and oooh now there is Razer support so make that 2.

Yes a whole 2 of them !

WhatsApp oh dear, 1 (admittedly major) feature has been broken between updates. This is a common "feature" of the modern world of software, get over it.

If you think you can build a top-flight browser from scratch in 2019 you need a reality check.

Vivaldi is best for nerds, researchers and people that know what they are doing, rather than stroppy kids.

Do you have anything to contribute to the article topic ?

Google: We're not killing ad blockers. Translation: We made them too powerful, we'll cram this genie back in its bottle


Re: Executives are allowed to ignore anything they want because they deserve it.

Feel free. You will soon realise how often it fits.

Think of most politician and management meetings where the results leave everyone under them scratching their heads wondering why they feel like they just got scammed.


Re: Microsoft Edge Chromium

That is what Vivaldi will do if push comes to shove.


Re: Executives are allowed to ignore anything they want because they deserve it.

Not so true thankfully.

Install DNSCrypt which has DoH and DoT support, then import your block list into that.

DNSCrypt is also available for Rasbery Pi, Routers and Android, so those same block lists can be used where you need them.

Simply changing the OS to a resolver with DNSSec and DoH does not give you any way to authenticate the resolver.

No browsers test or display DNS validation errors so even if you think you are using the DoH resolver you set, you may not be.


Re: Executives are allowed to ignore anything they want because they deserve it.

...and another thing...

They are in a no-win situation. If it comes down to it we will just see the same level of accelerated interest in using HOSTS and Pi-hole blocking as we did with tracker and advert blocking extensions.

They are just pushing a bubble around the wallpaper. They cannot stop it, just make it less convenient.

Big Brother

Executives are allowed to ignore anything they want because they deserve it.

"42 per cent of malicious extensions use the Web Request API."

Of course they do, it is a common function. I bet they all use another common API just as much if not more.

100% of them use chrome and the google store.

Most of the malware use google adverts, so how about we restrict the functionality of adverts ?

Anyone else fancy slapping some random Venn diagrams on this ?

When it comes to DNS over HTTPS, it's privacy in excess, frets UK child exploitation watchdog


Too late to close the gate, that horse already bolted

If they are worried that they will not be able to block "exposure" to problem domains, it should be pointed out that they do have the choice of having the sites taken down.

Apparently leaving child exploitation sites running is fine, but we take down malware sites.

Why bother to actually remove a problem when you can just block a handful of people from accessing it ?

Ultimately, tough luck. Crying over spilled milk.

DNS over TLS has been around for a while, now we have DNS over HTTPS. We also have DNSCrypt, DNSSec, and the ability to choose any resolver we want.

Unless Governments force OS vendors remove the ability to change your DNS there is nothing they can do but cry about it.

Even without improved DNS, there is still nothing they can do, other than block all VPN nodes and offer a Chinese or Russian style state sanctioned VpN (small P as no privacy).

...or . . .they could take down the problem sites ?

Devs slam Microsoft for injecting tech-support scam ads into their Windows Store apps


Adware is Adware

disgruntled coder at GameFace.LLC. "How do you expect users to trust using any app on the Microsoft Store when they keep having a browser popped open with an obvious scam site?"

disgruntled user at Home. "How do you expect users to trust using any app on the Microsoft Store when they keep having adverts in them ?"

Ummm, so if you download software from a developers own site and spams you with adverts, that is called Adware and blocked by AV.

But if you download it from an official appstore where they take a cut of the revenue, it is not Adware and so AV should not block it.

Isn't that called anti-competitive practice ?

We'll hack back at Russians, declare UK ministers in cyber-Blitz blitz


£22 Million for adverts and meetings

As ever our politicians think that saying they will throw a load of money away will change anything useful.

We can be sure most of the money will disappear in meetings, greasing already greasy palms, and funding Capita to do another bang up job of marketing a life of happy hackers all having fun.

GCHQ already have a problem attracting newbies. The past year we have seen many tie-ins with BBC shows to show the shiny friendly face of espionage.

Ah I know ! They are going to lure IT students with promises of wealth !

Being so brass-necked about hacking back at the drop of a hat, is a marvellous way to attract exactly that situation.

Well done you prize prat, the challenge is now issued. I hope our best bods are on the case.

WikiLeaks boss Assange acted as a foreign spy, Uncle Sam exclaims in fresh rap sheet


Who made him into a journalist ?

It seems that the more times you say he is a journalist the more true it apparently is.

He is not a journalist and never was, and he has not claimed as such.

Releasing information that other people hand you does not constitute journalism.

Tweeting about data dumps does not make you a journalist either.

Even if he was a regular blogger calling him a journo would be a thin stretch.

Huawei, Huawei. Huawei, Huawei. Feeling hot, hot, hot: US threatens to cut UK from intel sharing over Chinese tech giant


What happens if they do add backdoors ?

Considering we must assume that all top secret traffic between security agencies will be encrypted and sent via a VPN, what could the Chinese Gov collect ?

Well just ask the NSA how their project to collect all the encrypted data flows, in that massive and flammable data centre has worked out for them.

Would GCHQ, NSA or the CIA really be using unencrypted communication over their mobile phones, or use landlines and encryption ?

If there was an issue it would (or should) not effect them as long as they don't do things they currently should not do.

The Kaspersky case is a good comparison. The CIA operative took classified work home, and didn't think about all good modern AV will upload unknown files.

Maybe their concern is exactly this situation, that their dozy operatives will lead to China getting hold of secrets.

They seem to have not noticed there are several decent AV tools from China that are used all around the world. If the threat is credible, why not warn us all off using Chinese AV and security tools ?

Eggheads confirm: Rampant Android bloatware a privacy and security hellscape


2 easy (and free) no-ROOT options for removing bloatware

Both these will need a PC with the android drivers installed, and ADB access enabled in the phone.

You can avoid messing with CLI and downloading the ADB binaries as both come with the required files (feel free to update with newer versions)

The easiest to use for everyone is APK Installer.


And for total control or for the more nerdy, a TotalComander / GhostCommander ADB plugin


Happy de-bloat day \o/

US foreign minister Mike Pompeo to give UK a bollocking over Huawei 5G plans


Please Pompeo point out parts pertaining to problems for patching in person, or piss off promptly.

When he gets here I hope they give him a tour of the GCHQ/Huawei center, and he can kindly point at the kit with the backdoors that we can't find, and show us where to look.

Maybe someone should present him with a list of Huawei CVEs and a list of Cisco CVEs, while covering the names at the top and ask him to choose which networking kit he would use ?

Skype-on-Linux graduates from Alpha to Beta status


Pidgin users will be wondering what all the fuss is about.

Why hop from client to client over the years when you can just stick with the same one that supports added protocols.

Pidgin has OTR/PGP which you can use with Skype to regain privacy.

Former Mozilla dev joins chorus roasting antivirus, says 'It's poison!'


Seriously ?

The given reasoning that MS AV must be good is because of the probable good quality of the company as a whole.

Seriously ?

No evidence given ?

Unfortunately some crappy AV and vendors are being used as the gauge to measure against.

Avira has never given me any problems since swapping to it, and never seems to show in the lists of vendors doing stupid things.

Microsoft are not virus experts. Just like Symantec they bought into the AV scene and have failed to impress or progress with their AV products.

Not 1 AV comparison site shows Defender or MSE as being any better than low-average.

Microsoft themselves have said that their AV should be considered "Baseline".

The baseline is not the bar you are aiming to climb to, it is the lowest you should ever fall to.

I often have to repair people PCs that rely on only MS protection, and know that the AV I then use to fix it, would have protected it if they used it.

MS AV does not stop people going to bad sites, and does not scan web-page content unless you use MS browsers.

It does not even have a sandbox like all good AV, so unknown files are still allowed to run

Yes education is the key, but it is not happening so throw that idea out unless you are actively doing something about it.

Do you trust your Mum to retain the nerd-info you gave her enough to spot a phishing site ?

I don't and I am glad my Mum has Avira keeping her virus-free for the past 5 years (and yes I regularly scan with a standalone).

I am now trialling an AV that also notifies about, and blocks keylogging and webcam activation.

Which part of MS security does that ?

People need to stop comparing how geeks protect themselves, to the needs of the majority users who cannot be bothered with white-lists or regular audits.

They want a MacOS style world where you push a button and it works.

You can teach them to be secure, but it will not last.

AV are never going to be the perfect solution, but as the rate of viri and hacks continues to rise, the sheer stupidity of advising people ditch good AV and rely on only "Baseline" is an act of criminal insanity.

Good tech support means you have tested the options and give evidence based recommendations.

Just because VW did some stupid things with their tests, does that mean all other car makers are as crap and guilty ?

Whould you recommend people stop using seat-belts in all cars, if only some car makers had faulty seat-belts ?

CIA: Russia hacked election. Trump: I don't believe it! FAKE NEWS!


...and the proof is...

The CIA very recently explained their criteria for establishing blame.

1) if hackers ask for money they are criminals (bad actors)

2) if hackers give it away they are state sponsored actors.

Case closed.

No room for the vast majority of mischief makers and vandals or those hacker types that join Anonymous, or just do it because of the challenge.

Wonderful to have such a black and white view of hackers.

Shame people have forgotten how Venn diagrams work.