* Posts by phogan

26 posts • joined 28 Feb 2020

Got $50k spare? Then you can crack SHA-1 – so OpenSSH is deprecating flawed hashing algo in a 'near-future release'

phogan

Re: torrents?

At least technically it was address with the V2 BitTorrent protocol in 2017. It switches to SHA-256 and uses the Merkle Root Tree for individual files instead of a SHA-1 hash for each file among other improvements.

http://bittorrent.org/beps/bep_0052.html

How many third party clients, torrents, and magnet links have been updated I have no clue, but there is a fix barring weaknesses in SHA-256.

eBay users spot the online auction house port-scanning their PCs. Um... is that OK?

phogan

They're called web sockets and at least in Firefox I believe network.websocket.enabled = false disables them while leave Javascript otherwise intact.

Brit competition regulator will soon be able to seize rogue traders' domains – and even Amazon accounts

phogan

Re: Because the US is well known for respecting other countries' courts

While .com is controlled by Verisign, a U.S company, there are registrars operating in various jurisdictions giving out .com domain names under contract with Verisign. Any jurisdiction with such a registrar could order them to transfer a domain to that government. Indeed, Verisign it's self has offices outside the U.S.

A seizure would have to be the topic fairly serious contention for either the U.S government or Verisign to get involved. The domain most governments would want seize are probably a long way from that level.

phogan

Re: So

Oops missed some incorrect wording, "Law enforcement will get away with what it thinks it can." should be "Law enforcement will try to get away with what it thinks it can.

phogan

Re: So

The correct response is to immediately go to court instead of signing. If no one stands up to abuse they start thinking they can get away with it.

"Liberty and Justice for all my ass."

Definitely not if you just bend over every time. Law enforcement will get away with what it thinks it can. The City of London Police Intellectual Property Crime Unit convinced several registrars to hand over domains with little more than strongly worded demand letters in 2013. Forcing EasyDNS and other to dispute transfers through ICANN.

https://easydns.com/blog/2013/10/08/whatever-happened-to-due-process/

Attorney General: We didn't need Apple to crack terrorist's iPhones – tho we still want iGiant to do it in future

phogan

Re: Doesn't make sense

I think they can, they just end up buying Cellebrite's system for unlocking iPhones. As was the case with the San Bernardino shooting, they drag their feet and loudly complain in the media and to Congress; trying to make a case for mandatory backdoors. They seemingly have little issue with the cynical use of tragedy as a vehicle for policy objectives.

phogan

Re: Common law duty

My understanding is the common law duty to assist is typically for individuals and in a physical capacity.

phogan

Not surprising, the DOJ and FBI are lazy in that they'd rather have all the work done for them while they collecting billions in funding. For example, they've failed to act on a congressional mandate to fight child exploitation (the other favorite excuse for backdoors), and instead have capitalized on distain for big tech by convincing some congress critters to draft the EARN IT Act. It piles all the responsibility for making child exploitation content go away and lets the DOJ break encryption conditioning Section 230 immunity on following DOJ "best practices".

NHS contact tracing app isn't really anonymous, is riddled with bugs, and is open to abuse. Good thing we're not in the middle of a pandemic, eh?

phogan

Apple and Google did most of the work, just use it. It protects privacy, it can easily be interoperable across jurisdictions, and it's use is restricted to government public health agencies meaning it preserves restrictions on other apps running bluetooth etc in the background for tracking.

You overstepped and infringed British sovereignty, Court of Appeal tells US in software companies' copyright battle

phogan

Re: Watch Out USA...

Gun shows are what you want. Few or no checks (sadly) and a selection that extend well beyond the hunting rifles and shotguns Walmart sells.

phogan

I am more concerned that a judge allowed a EULA to serve as a non-compete agreement. No showing of infringement, just using the software and you are barred from the market.

If you're going to spend $3tn, what's another billion? Congress urged to inject taxpayer dollars into open anti-Huawei 5G radio tech

phogan

Re: Open RAN

Considering it was just announced it's a bit early to declaring everything covered by prior art. It's not inconceivable they develop patentable technology. Also it seems unlikely Huawei would want to spend millions or even billions to invalidate patents just so it can implement a standard royalty free in a market it's effectively barred from unless the new standard has substantial advantages over it's own that can used else where.

phogan

Re: Open RAN

These things are rarely truly open. Any standard they develop may be available to anyone, but you'll have to license a bunch of IP from a patent pool to actually implement it.

Australians can demand visitors to their homes run contact-tracing app

phogan

I take it they aren't going to bother encrypting the data just in case someone leaves it sitting in an open bucket (which has happen way more than it should).

It is unclear why something designed to pump fuel into a car needs an ad-spewing computer strapped to it, but here we are

phogan

Luckily one of the buttons is usually mute so you at least don't have to listen to the damn ads. On pumps I've encounter it seems to be the second button from the top on the right side.

Cheshire Police celebrates three-year migration to Oracle Fusion by lobbing out tender for system to replace it... one year later

phogan

Re: Open Source would solve this problem

I am not sure how much that will help. You don't need a lot of data points about individuals to start making inferences if you have a lot of individuals, and even less to get reams of information from other government and private databases to make even more inferences.

UK snubs Apple-Google coronavirus app API, insists on British control of data, promises to protect privacy

phogan

Then they have the same problem as France

Apple doesn't seem all that willing to change restrictions on apps running with bluetooth in the background except for what their contact tracing API allows.

Google to appeal against €7m fine from Swedish watchdog for failing to remove search results under GDPR

phogan

Re: The wrong target?

In some cases they have no authority over the publisher so they rely on multi-nations like Google and Facebook to delist the content in Europe. Though in such cases use of smaller and mostly foreign (at least as far as the EU is concerned) search engines will turn up delisted result assuming you have an idea about the nature of what was delisted.

phogan

Re: Eh?

But if they said exactly what needed to be taken down clearly and with little room for interpretation they couldn't extract fines.

Yelp finally gets its chance to tell US Congress how Google screws its listings service every minute of every day

phogan

Re: Repeal Section 230 of the Communications Decency Act

Section 230 has nothing to do with this, it says online serves can't be treated as the publisher of material posted by someone else, especially when they engage in moderation to remove objectionable content. It doesn't offer any protection from criminal charges, anti-trust, or IP infringement. It was created in response to a New York court ruling, Stratton Oakmont, Inc. v. Prodigy Services Co, that said service could be liable for user posts because they moderate and have content guidelines.

All removing Section 230 will do is turn user generated content into a liability, and we've seen how well that works with the often abused DMCA take down. The only people punished will be end users and smaller sites. Google and Facebook have plenty of money and lawyers. Review sites like Yelp, without Section 230 could routinely be targeted with threats of defamation for bad reviews and don't have any where near the resources.

US Homeland Security mistakenly seizes British ad agency's website in prostitution probe gone wrong

phogan

Re: Why?

I don't doubt that you are correct, but signing has just created one more step in the process (assuming they want to even pursue it), as it now means they have to convince a court that waiver is invalid before they can seek any damages.

phogan

Re: Why?

Anyone in the U.S, citizen or not, is entitled to all rights granted by the constitution which includes due process.

phogan

Re: What the fuck does prostitution have to do with so-called "homeland security"?

It's also what happens when the government takes a bunch formerly fairly independent agencies and merges them into an even bigger bureaucratic cluster fuck. (thanks G.W)

phogan

They'd have to settle for Verisign, there is no mechanism to enforce such a thing against a sovereign state.

phogan

Re: Why?

It's some much for sole use as it is controlled by a U.S company that can be ordered to hand over domains. Generally though, they have to come up with probable cause, signing that waiver was a mistake.

phogan

Re: WTF?

It is generally up to the states and local governments to regulate it, but when the internet gets involved the Feds see interstate commerce and potential sex trafficking.

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020