Sign in / up

* Posts by Hans Acker

11 publicly visible posts • joined 17 Mar 2016

RIAA DMCAs GitHub into nuking popular YouTube video download tool, says it's used to slurp music

Hans Acker
FAIL

RIAA has a point there, unfortunately

Y'all are missing that the stupid, stupid developers handed RIAA the sword themselves.

The crux of the complaint are these tests (and similar ones): youtube_dl/extractor/youtube.py#L581-637

'note': 'Test generic use_cipher_signature video (#897)'

'note': 'Test VEVO video with age protection (#956)'

'note': 'Embed-only video (#1746)'

They test that youtube-dl could still decode DRM-protected content, circumvent age restrictions and download content marked "embed-only".

It's hard to argue that youtube-dl was developed for benign, legal purposes if it contains code that verifies that the illegal purposes still work and do so by downloading copyrighted material. If only they'd used their own test videos, RIAA would have needed to find a better attack surface. With the code as it is, there's little defense available. OCD coders dumped this fail on themselves.

Most of the youtube extractor code will have to go, I'm afraid, with unit-tests added to verify that it would only download Creative Commons licensed, unrestricted content and no future change accidentally "breaks" that feature.

4 5

Yet another reminder: When a tech giant says its AI listens to you, it means humans listen to you. Right, Facebook?

Hans Acker
Reply Icon
Devil

Re: GDPR on the way...

If the sheep would mind being sheared, they would find a new sheperd, right? Right?

Judging by the content on Facebook visible to me, "they" appear to be enjoying the services very much and accept them as useful magic, better not to think about it.

And, to be an honest devil, where really is the problem with human-transcribed messages?

Maybe some underpaid shlob gets to retell that funny thing you said to cheer up their unlucky co-worker who had to transcribe two assaults and a suicide note that same morning. So what?

Your communications are going into the Big Data Base in the sky anyway. The fact that one or two humans also heard them doesn't matter even one bit.

Now, did you know that processing of machine-read paper forms usually also involves humans to correct the letters and words the computer could not decipher? It's been going on for decades!

2 0

Cyber-sec biz Fortinet coughs up $545,000 after 'flogging' rebadged Chinese kit to Uncle Sam – but why so low? We may be able to explain

Hans Acker

By regulation the US Military will need to buy a US made part (or a TAA part).

The normal process for selling a TAA compliant device is to order a "kit" of parts from your factory in China (assuming that's where your kit is made). Then you "substantially transform" the item into a TAA compliant part at a TAA compliant factory. It's not that difficult.

If someone was sloppy and did not follow the TAA process (or FIPS) the article describes the consequences.

0 0

Germany tells America to verpissen off over Huawei 5G cyber-Sicherheitsbedenken

Hans Acker
Reply Icon
Joke

Re: Capabilities

So my question is not "Can we prove Chinese-originated kit has backdoors?" but "Could China do this?"

If they can do it, any country can.

What makes you sure that the German government didn't order car manufacturers to build remote kill-switches into every car sold abroad? They certainly have the technology.

Given the vile nature of that country's government and the risks it poses to western liberal democracy and human rights

China poses a threat, indeed, because it provides a good example to politicians who more and more like to copy China's policies because they're so tough on crime, have taken their Internets under control and all-in-all have very good ratings in the voting booths. And look at all the happy people in the official photographs!

Not sure if joking or not. I'll be off to DX and buy some more cheap stuff. Free shipping, too! Chinese worker and environmental protection laws are so practical as long as they don't apply to me.

4 0

Apple yoinks enterprise certs from Facebook, Google, killing internal apps, to show its power

Hans Acker
Gimp

I Will Not - WHAT?

I need to know the answer!

That article pictures is distressing on so many levels. Could be right out of a weird grammar fetish porn movie.

1 0

How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript

Hans Acker

kik package still unused after nearly 3 years

Great article which I am stumbling across nearly 3 years later. It's interesting to note that Kik never did publish a package under the name that started the whole fiasco. What ever happened to the "open source project" they were working on?

In fact, npm says this about the kik package: "This package name is not currently in use, but was formerly occupied by a popular package. To avoid malicious use, npm is hanging on to the package name, but loosely, and we'll probably give it to you if you want it."

It'd be interesting to see an editorial follow up as to what happened to the parties involved.

0 0

Virtually no one is using Apple Music even though it is utterly free

Hans Acker
Reply Icon

Re: No thanks

This weak article has aged extremely poorly. Apple Music is doing extremely well and may overtake Spotify at some point not too far into the future.

0 0

You like HTTPS. We like HTTPS. Except when a quirk of TLS can smash someone's web privacy

Hans Acker
Boffin

403 Forbidden

The link to the paper doesn't work for me.

It was published earlier under this URL.

2 0

Google bod wants cookies to crumble and be remade into something more secure

Hans Acker
Reply Icon
Gimp

I'd love a 'clear all cookies set by this page' which operates as soon as the tab is closed to be in a browser by default. An exception list, of course, for those few that are required to e.g. maintain a login.

I use the Cookie AutoDelete add-on for Firefox. Sure would be nice to see that functionality by default in all browsers.

3 0

HTTPS is not enough: Boffins fingerprint user environments without cracking crypto

Hans Acker
Reply Icon
Boffin

DKIM for SSL == DANE

Yes, someone has. It's called DANE and could probably replace CAs for simple domain-validated CAs.

See https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities

2 0