Posts by Shannon Jacobs

Lew... That's enough

No reason to read any farther.

Credibility and integrity = 0.

P.S. Credibility is obviously 0, but I'm being charitable on the integrity part. If he actually believes what he writes, then his ignorance might be even more unbelievable than his columns. In other words, I'm guessing he can't possibly be as stupid as he writes, but has been paid off.

Shocked, shocked I say.

I'm just saying that because I'm sure I've already been on their watch lists ever since I accidentally typed the big dick Cheney. So much trouble for forgetting to capitalize a "d" and a certain lack of humor?

War crimes? Damn good thing Iraqi lives are worthless, even in the 10s or 100s of thousands. Dare I say a million? Or actually, shouldn't we just say the big dick's books are still open? You know, it's like a pitcher who left a couple of men on base and still gets their runs added to his ERA. Or maybe we should use the joke about the outfielder who messed up so badly that no one can play center field now.

Kind of makes me laugh at my naivete. When Dubya snuck into the White House in 2000, I had no capacity to imagine the mess he would leave behind. Then in 2008 I actually had a delusion that President Obama could clean it up. You know what they say: "Fool me once, shame on... You can't get fooled again." Hey, thank goodness you can't fool me any more. My vote has been cancelled to zero!

Trust American justice? ROFLMAO.

Whenever I see a suggestion like Kerry's, I'm reminded of a conversational exchange I had with a law student. This was right after Bush v. Gore, and he came right out and said that he was in law school because he believed America was becoming a judicial dictatorship, and he wanted to be one of the dictators. (I have to describe it as 'a conversational exchange' for certain reasons, perhaps even legal ones.) If he has become a judge since then, I hope he's losing sleep over his ancient honesty, but I certainly deny having any copy thereof.

It's hard not to think that America has passed a point of no return. I used to think the conspiracy theorists were nuts, and I still think that most of them are, but I'm increasingly inclined to think that some narrowly focused and small-scale conspiracies are plausible. Was Michael Hastings killed by hacking his car? It's possible that could have been done by a couple of people, and most of them wouldn't even have had to know what they were doing. Was Ron Suskinds effectively neutralized by poisoning his son? If the appropriate psychoactive chemical exists, a single actor would have sufficed. I don't think I'm going too far out on a limb to predict that Snowden is likely to come to a bad end, especially if he persists in bearding the giant.

John Kerry was once a man of high principle. Long time ago. At this point, I trust his words far less than Snowden's.

Push-driven advertising and extreme greed?

This push-driven model of advertising is increasingly reminding me of the cancer-style business rules of America.

American companies are basically legally obliged to grow as cancerously as possible. If they can't grow fast enough, then they get acquired or go bankrupt. At root, this is driven by the business model of a few extremely rich people who bribe the politicians to write the rules of the business game that way. It even makes a sick kind of sense when you consider their overwhelming problem. They "need" more money, and their problem is that there is NEVER enough money to satisfy their need.

As it applies in the push-driven advertising world, the "need" is for more of our time and attention, and they can NEVER get enough, no matter how many intrusions and privacy invasions they devise.

There are solutions, and some of them are obvious, but I think we need to start by rethinking economics. Money is not the only significant entity in the universe. Amazingly enough, time has a kind of fundamental equality for all of us. My 24-hour day is the same quantity as the day of Bill Gates or the Koch brothers or even a house plant. Disclaimer, I'm not equating those three (or five) entities. It's the TIME flow that is the same.

Why don't we put the spammers out of business?

Might sound like a rhetorical question, but we actually could do it--IF we only had better spammer-fighting tools. At least that applies to the rational spammers who are in it for the money. Basically it depends on one ratio: The number of people who feed the spammers (with money or information) is MUCH smaller than the number of people who hate spam. It is well known that the response rate of the suckers is on the order of 1 in a million. If only 1 in a thousand of the non-suckers helped out, then there would be 1,000 people blocking each sucker. I'm not saying we can eliminate ALL spam or turn the spammers into decent human beings. I'm just saying we can make spam much less profitable and that most of the sociopaths who send the spam (and who victimized the OP in this case) would crawl under less visible rocks.

How? I think the best approach would be an integrated anti-spammer tool built into the major email systems. There would be several rounds of analysis to classify the spam and focus on the best countermeasures, ultimately targeting ALL of the spammers' infrastructure and accomplices, and helping and protecting ALL of the spammers' victims, even the Joe-jobbed corporations. Some spam fighters may even earn enough reputation to pull the triggers, though I doubt I'd ever reach that level. I'd be too prone to blast away at any likely spammer, but I could still help with the targeting even if I couldn't be trusted with the nukes.

If the spammers can't target the biggies, then their entire so-called enterprise collapses. Insofar as the biggies would also profit from less spam in a more valuable Internet, I can't understand what is holding them back.

Technical solutions, anyone?

Another fake crisis being exploited to increase profits. The REAL problem is that the profits will NEVER be sufficiently maximized.

Too much data for the servers and backbones? Then use peer-to-peer streaming with local caching of the popular data, especially the topical and viral videos. Most of the data could be transmitted via WiFi networks, though that software would be trickier. However, right now my computer can see more than 10 WiFi networks from my typical urban location.

Why don't we have such applications already? I certainly have plenty of spare disk space and could donate 20 GB to a network cache. Two reasons:

(1) The phone companies and cable companies still lust after monopoly profits based on control of the pipes.

(2) The governments want controllable networks, not decentralized ones.

Not sure which motive is stronger, though they are tightly linked in America by legal bribes to politicians.

Relative profits, not gross sales

I think the article is misguided and uninformative. The real concern is relative profitability, not the raw sales data. Having said that, I haven't seen any data to indicate the storage business is outstandingly profitable.

Obvious solution: Funding Model Tab

If the google wasn't so EVIL these days, they would solve some of these problems. Broken funding models have a rather simple and obvious approach. Just disclose some additional information that would help us in "following the money" to assess whether or not an app is legit. This is not the only way it could be done, but just one form to make the suggestion more concrete.

There could be a "Funding" tab that would describe the funding model used by the developer of the app. Most of the common options would be boilerplates that a developer could select. The most obvious options (for free apps) would probably be "Ad supported" and "Limited-function version to promote paid version". That part would be under each developer's control, and should even include free text options if the developer wants to say more.

At the bottom of the Funding tab would be Google's part, which would not be accessible to the developer. Maybe the google can't say anything, in which case it would say "We have no evidence to support the claims made in the developer's financial model above." It might say "This developer is earning advertising revenue in the top quartile of app developers" or "This developer also produces <full product name>, so please see that page to learn more about the funding."

Having offered that suggestion, I have to admit that it may not have done much good in this specific case because the financial model was pretty clear, and it was just the big lie. However, I think the reality was that the other anti-virus companies should have shot this one down quite quickly. Obviously, they should have downloaded the new competitor, and as soon as they tested it, they would have discovered it did nothing. Hmm... Now that I think about it, that's probably how this scam collapsed.

Another way it might have collapsed is if the google is checking for sock puppets, as suggested by another commenter (who I can't see now). Again, obvious, but I think the google is too EVIL to be bothered.

Looking for what isn't there?

I'm still doubtful there is any debris to find... I'm increasingly convinced one of the pilot's murdered the other one, then asphyxiated the passengers and ditched the plane intact. Maybe the sunken plane will finally break up under the pressure, though I also think he would have cracked some doors to make sure it flooded and sank properly...

If my theory is even approximately correct, I gladly admit that I cannot understand the insanity that motivated the pilot who did it. However, what I absolutely cannot understand is the crazy lack of continuous and uninterruptable remote telemetry from such planes. Even if the only bits of data they were transmitting was the current location of the black box, that would be a vast improvement. Can anyone count how many times they have had these desperate (and expensive) searches for the black boxes?

Google? Protect copyright?

That's a screaming laugh. YouTube? Protect copyright?

Why don't you go to YouTube right now and try a search for the name of any popular TV program name. You will see vast numbers of hits.

Now focus on the ones that have shortcut links in the descriptions, The vast majority of those are recruiting suckers' computers for zombie networks. I'm not brave enough or lack sufficient hubris regarding my technical skills, so I haven't done the tests, but I'd bet you are between one and three clicks away from being completed pwned. Thanks, google.

Remember the corporate motto. "All your attentions are belong to the google." Why the google shares any of the attention with the criminals is beyond my ken.

My latest google Android experience

Over the weekend I tried to report a Android bug to the google. The bug must involve privilege escalation. The google was not interested. (Actually, it's an old bug and I'd probably tried to report it before.)

Can you think of any reason why any legitimate app should ever destroy or reconfigure other apps resources? Me neither.

For the sake of research, I encourage you to post your similar experiences here. I don't want to give it away, so to speak, but let me hint that the bug I spotted involved widgets.

The google's response was useless and apparently witless, but I want to include the part that most offended me from a programmer's perspective. The only reason I have any specific suspicions about the candidate apps is because I do not allow automatic upgrades. Therefore I think I know that this OS-level bug must be related to one of a small number of apps. The google rep suggested that I enable automatic updates.

Now let's assume the google doesn't care about security. If not, they are certainly fooling me right proper. Now let's assume some criminal hacker finds a bug in the Android OS, heaven forbid. The criminal creates a plausible and harmless app and uploads it to the Google Play website. Many people download and install this app.

Now let's add in the automatic update feature. The criminal creates a dangerous version of the app that exploits the bug. This is posted on the Play website and is automatically distributed to all of the victims who are foolish enough to permit automatic update. The app attacks all of the victims. Now the criminal prepares another version without the attack and uploads that one. Poof, all of the evidence disappears as quickly as the automatic update can propagate.

I'm not sure exactly what damage can be done, but it is certainly possible that a privileged bug could attack all of the other apps on the phone, eh?

This actually reminds me of some related but ancient news. Probably at least a year ago by now. The local police arrested a gang of criminals. Part of their scam involved poisoned Android apps that harvested personal data from the smartphones. I wasn't particularly surprised that the local police wouldn't know anything about the details, but I was surprised that the google denied any knowledge. I really would have liked to know whether or not I had downloaded any of the affected apps. Even if that entire gang of criminals is still in jail, it's possible or even likely that they had sold copies of some of their ill-gotten data.

Enforcement matters?

I voted in favor of that proposal, but also for strengthening it. Two easy suggestions:

(1) Any article that includes paid contributions should have a tag at the top. I think this is likely to be quite prevalent for articles with any commercial impact, and in that sense it's just a reminder to be sensible about things.

(2) Any article that is involved in an infraction should get a permanent and indelible tag to that effect. In other words, your company can permanently taint your corporate reputation by trying to cheat. In contrast to Suggestion (1), for which you could remove that tag by just deleting all of the contributions from the paid contributor, this should be a permanent letter of the scarlet type. After all, if you've tried to cheat in the past, you're liable to cheat in the future. Maybe you think there should be a statute of limitations here, but I disagree. Even the permanent mark of shame isn't strong enough for my taste. It's not that I think Wikipedia's reputation is that magnificent, but I'd like them to aim high, and they do have a pretty good reputation so far.

(3) Is a messy suggestion that is probably beyond the scope of current technology, but... I think they should try to analyze contributions for patterns that suggest bias, especially bias of the motivated commercial sort. I think that commercial bias may actually be easier to detect. Unfortunately, this goes back to the notion of identity, which is NOT one of Wikipedia's strengths. Just to provide the obvious example, it might be easy to detect that a particular user is consistently criticizing (tilting articles against) several companies except for one that he is always praising (tilting in favor of), but not so easy if he uses separate accounts. Have you ever seen both of them logged into the same room at the same time, as the joke goes?

When you threaten Meetup, it's blackmail...

Some DDoS scammer has been attacking Meetup, and we properly call that blackmail, but when Microsoft threatens you, it's just good business practices. Does anyone else think there's something wrong in this picture?

Slightly substantive comments:

(1) Since Windows XP is quite adequate for my computing needs, I would not have upgraded any machine except for the threats from Microsoft.

(2) If Microsoft were actually held liable for the damage done by their mistakes (including bad design decisions), then you can be certain they would design their software in an extremely different way.

(3) I still expect Microsoft to offer some form of XP support. Not because they think it's a good thing or the moral thing or anything along those lines, but just because there's too much money still left on the table.

Ridiculous reactions of Reg readers to ridiculous article

Blaming the victims again.

The NSA was going to do it anyway, and the specific excuse is just a bad joke.

Much as I dislike Facebook, I wish...

I actually wish that Facebook hadn't dropped the ball on this one. All they needed to do was offer a superior email alternative.

Hint: Less SPAM.

What if Facebook had offered an integrated anti-spam fighting system? Not a lynch mob tool per se, much as the spammers deserve it, but just a way to help with the best targeting of the anti-spam countermeasures. Don't you wish you could help break ALL of the spammers' infrastructure? Help pursue ALL of the spammers' accomplices? Help protect ALL of the spammers' victims (from their own stupidity in giving money or personal info to spammers)? No, we can't eliminate spam, but with better tools we could reduce the spammers' profits. The spammers still wouldn't become decent human beings, but they would move under less visible rocks.

Too bad. Facebook actually had a chance to make the world better, in stark contrast to whatever it is they think they are doing now.

Who said spamming doesn't create corporate value?

Me, that's who, but maybe I was wrong. Am I the only one who recognizes this company name solely from the spam? Even if it's a Joe job, and even if their software works, and even if they actually have lots of real users (rather than just a lot of email addresses from spammer CDs), even if ALL of these favorable conditions are true, then you still can't convince me this company is worth $19 billion, now or in the foreseeable future.

Hey, but as the Zuck says, if you got it, flaunt it, and right now Facebook can flaunt $19 billion.

Me? If I was a betting man, then I would be betting that the due diligence is about to explode in Facebook's face.

Are they REALLY so utterly clueless?

Just got an email claiming to be from Forbes, but two of the three domains mentioned are not forbes.com. I'd like to think that all new domains including "forbes" are being watched carefully, but there are lots of nice-to-think things that aren't the way things actually are.

I think the real blame is mostly with Forbes itself. The spammers are just helpless sociopathic criminals doing what comes naturally. In contrast, Forbes has helped defined the rules of the game under which the criminals flourish. To facilitate their own cancerous money-uber-alles business models (extended to all the big corrupt companies that bribe the cheapest politicians), they have created economic models that fundamentally support spammers and their cancerous business models.

If the biggest companies were actually liable for the negative ramifications of their software and systems, you can be assured that they would design and implement their products differently. Of course Microsoft is the superstar here. They certainly create lousy and buggy software, but no matter what happens to you because of Microsoft's products, there is nothing you can do about it. Just check your "friendly" EULA if you don't believe me. (However, I actually realized ow bad it was in conjunction with Adobe stuff, though they are the much smaller sinner. Microsoft might claim to have some substantive defense in that their software does a lot of important stuff, whereas almost everything Adobe's software does is just for the sake of flashier presentations.)

You want security? Follow the MONEY!

The data that I most want in terms of assessing apps is the financial model that the developer is using. If the google wasn't EVIL and greedy, and therefore most concerned about protecting their own privacy, then they would see the obvious need for such a tab in the Google Play Store. In other words, a developer doesn't have to say anything about the money, but if the developer is willing to trust us first by telling us at least something about how the money flows, then we would have the most important data we need to decide whether or not it's a legitimate app or some kind of scam.

In support of this approach, the google could provide some kind of supporting or assessing statement, still without revealing the exact details. For example if the app says it is getting revenue from Google ads, then the google doesn't have to say exactly how much money (unless the developer feels like sharing that level of detail). The google could just offer something like "This developer has received significant advertising revenue" or "Though this developer says the financial model will be advertising based, no significant revenue has yet been generated."

Register needs an alternative funding model and #MDFC

As #MDFC (More Democratic Funding Campaign) could apply to the Register, this article would have various related campaign options towards which I could 'pledge' part of my subscription payment (with no risk to the Register, insofar as they are already holding the money). The Reg's favorite options would obviously include 'virtual sponsorship' of this article (no real cost, since they've already published it, but effectively freeing up discretionary funds as a reward for publishing what I want to read) or further investigations (which they would only commit funds to after lots of readers agreed with me) or external campaigns (within limits, since the Reg does need to make it's own budget, after all).

My primary interest in external campaigns related to Snowden would actually be to investigate critical journalists who are piling on Snowden in apparent contradiction to their previously expressed journalistic principles. My own theory is that some of those so-called journalists are actually knuckling under to blackmail, but the possibility of independent outside investigations might be sufficient to break the threat. Some of them might be able to respond along the lines of "Yes, I understand that you represent certain parties who are highly concerned about my sympathetic coverage of Edward Snowden as a whistleblower, and I also understand that these parties are in possession of certain highly embarrassing information about me, flawed human that I am. The problem is that my reading your script attacking Snowden might trigger an investigation that would reveal my secrets anyway. Since you can't protect me from awkwardly human reality, perhaps you should just run along and let me do my journalistic thing for now?"

Which is more secure? REALLY?

Am I the only person wondering if Windows post-XP any-version is actually more secure? I admit that's not the only criterion to look at, but it has clearly become the blackjack Microsoft is using to effectively blackmail people into 'upgrading' from XP. My perverse theory is that if Microsoft wasn't waving the death-and-destruction flag, Windows XP would still be dominating the market. Because it works.

What are the other criteria that might justify the upgrade? Faster booting? Slightly nice, but I bet XP would boot nearly as quickly on the faster machines, and even more to the point, Microsoft could fix that if they wanted to. Faster execution of software? Sorry, but the machines already run quite a bit faster than I need them to. Pretty rare that I'm waiting for any computation to complete in contrast to network or disk delays. More functionality? I actually know of one or two new features in Windows 7 that require non-Microsoft add-on software in Windows XP, but it turns out that I'm not actually using any of those features. Even worse, the fact that those features are now part of the OS means that they are bigger and more attractive targets for hackers, which to my way of thinking actually makes the OS less secure in exchange for no practical benefit. I may not use the new features, but the black hat hackers are quite eager to do so.

Risky prediction time? I predict Microsoft is going to back down and offer a paid continuation option for people who would rather pay for XP than switch. Shades of the ancient cigarette commercial? However, it's an economic model that will work for profit, and Microsoft has always put profit ahead of superior software, even if I were willing to concede that post-XP Windows was superior (for my real world user-level needs--and I am not making that concession).

Reactive filtering: FAIL

This article is an excellent example of why reactive filtering is something the spammers can live with.

Why don't ANY of the major email providers get serious about breaking the spammers' business models? Imagine an iterative tool that would let you help cut the spammers away from their money. On the automatic side, the system would break the spam into categories that you would confirm on the human side, and after two or three rounds the system would know EXACTLY what the spam was and how to most effectively target the responses. Remember the spammers can't obfuscate beyond the decoding capacity of their human victims, and those victims are certainly not the brightest light bulbs in the barrel of monkeys, so to speak.

If we disrupt ALL of the spammers' infrastructure, pursue ALL of the spammers' accomplices, and protect ALL of the spammer's victims (mostly from themselves), it will not turn the spammers into decent human beings or stop all of the spam. However, it will reduce their profits and cause many or most of them to crawl under less visible rocks.

Scope of the damage? Statistics?

The website is pretty tricky to use, but I wish there was some way to assess the risk. From a statistical perspective, what percentage of email addresses might be included? That should also depend on the domain. For example, if Yahoo Japan has been heavily compromised, it may tell me how hard to sweat...

As it stands now, this website doesn't seem that helpful. I have quite a number of email addresses... I don't even want to try and count how many websites I've logged into over the years...

This is an OUTRAGE!

Everyone knows "All your attention is belongs to the google!"

My take on Facebook is that they have one redeeming feature. At least I can't recall they ever pretended to such a motto as "Don't be evil." Still, I wish Facebook was a little more honest about the real deal: Facebook will let you pretend to be friends with lots of people on a wholesale basis, and in exchange Facebook gets to rape your personal information.

So why do I exist in any way on Facebook? Because I didn't want to be rude to some old friends who asked me to use it.

There's also a funny minor reason: I don't mind if old friends want to look me up and Facebook has become a major mechanism for that sort of thing. However, I mean REAL friends of my younger days, not Facebook so-called Friends.

Most particularly, my time is already too limited and pressed and I have no urge to "recruit" new friends on Facebook. The main feature I want on Facebook is a customizable contact warning. As customized, mine would say something like: "If you are an old friend, please feel free to contact me. If you have a GOOD and SUBSTANTIVE reason for contacting me, then you may do so, but you better explain why. If you are ANY kind of SPAMMER, then you contact me at your own risk, because I would dearly love to nuke every spammer account on Facebook."

I guess it's my #2 feature request, but it would be like notches on my gun so that I could know how many spammers I had helped nuke.

P.S. Apparently I'm a controversial poster. The register just said my posts had around 1,500 votes, but almost balanced. It appears I offend about as often as I please, but I certainly hope the spammers are most offended by my fixation against them...

Too much time protecting too little

There is no such thing as perfect security, but we are spending more and more energy and time in pursuit of that perfection. At least that's how it seems to me as part of the food chain of one of the biggies. We need to rethink the problem in more flexible terms of limiting the exposure of truly important information while still making it possible to do our jobs, and insofar as our jobs differ, they also call for differing tools and for corporate flexibility in allowing for the use of those tools. The alternative is to gradually sink to the smallest set of tools that can be adequately "secured". Unfortunately, that weak set of tools seems to be where we are headed--and we STILL can't get that perfect security.

By the way, I looked at the survey, and it was way too long. I suggest you break it into pieces. For example, you could put the most interesting piece first, ending with an option to receive the later small pieces on some reasonable schedule, perhaps weekly or twice a week over the next month.