* Posts by ElReg!comments!Pierre

2711 publicly visible posts • joined 22 Jun 2009

Ich nicht bin Charlie: Facebook must crack down on racists, says Germany's Merkel

ElReg!comments!Pierre
FAIL

That's "Ich bin kein Charlie"

Education is your friend

The internet's Middle East problem: Who is going to do something about Whois?

ElReg!comments!Pierre

Re: IMHO

Actually there IS money on the line, but lives? I doubt it. Certainly not those of bloggers or isolated whistleblowers, who would be EXTREMELY unlikely to buy their own domain for such mundane activities. Real-world examples show that they use established blogging or micro-blogging structures and other foreign-based services, which often retain a LOT more information than whois, going as far as requesting scanned ID, proof of residence and/or bank statements, especially when they think your name sounds funny.

On the other hand, setting up a domain is quite similar to setting up a brick-and-mortar business, and to do business you usually need to be registered, and the registration details are made available to the public; on the internet that's whois's role, that's basic customer protection, and it's not perfect but it kinda works. I don't think there should be a legal duty on the registrar to check that all this info is accurate, but contact info at a bare minimum, should be. There's no additional work in that: it's the info that the registrar uses for domain renewal etc, so they already know it to be accurate.

It helps a great deal to alert domain owners of the ungodly ammount of spam gushing out of their backhole for example.

Google robo-car suffers brain freeze after seeing hipster cyclist

ElReg!comments!Pierre

Re: @ElReg!comments!Pierre = @Hugh Pumphrey - Track Stand? Bah.

Foot doesn't touch ground? Vehicle not stopped. I'm very sorry that normal rules may apply to you. Not my fault. Sorry.

ElReg!comments!Pierre

Re: Dear Vlad (@ Vladimir)

> Cyclimorons Londinicus

Surely that should be Cyclimorons londinicus (note the lower-case "l" in the species name).

ElReg!comments!Pierre

Re: @Hugh Pumphrey - Track Stand? Bah.

I also, where possible, track stand at lights because it allows me to move away quicker and make more progress which is the advantage of cycling in town in the first place.

Running traffic lights and stops would also allow you to move quicker and make more progress, I fail to see how it can be a justification for what is, in effect, dangerous behaviour.

ElReg!comments!Pierre

Re: "incompetence is not a problem that banning cleats could solve"

The sooner they ban headphones on the road the better,

In most places they fall foul of the "keep aware of your surroundings" rule. It is rarely acted upon by the cops, though I remember that Montreal's city police started dishing out heavy fines to cyclists sporting headgear when I was there a couple years back. I heard a lot of my colleagues bitch about how unfair it was that they were fined as the motorists were a danger to them, not the opposite. Idiots.

ElReg!comments!Pierre

Re: @Hugh Pumphrey - Track Stand? Bah.

Generally, the light changes from Red to Yellow, then to Green, right?

In a lot of places it's directly red -> green.

But I agree with you on the basics: a VERY important rule for road safety is to make your intentions unambiguous to your fellows road users. The track stand is the exact opposite of that, and that's why the GoogleMobile was confused. Going... not going. Going... not going. Repeat ad libitum .

The annoying part is that it is a major part of the hipster cyclist's mating parade apparently, together with hand-free riding at speed in the traffic, so all the cool kids are doing it (and by all the cool kids I really mean all the 30-somethings in suit pants and sneakers)

In some places, "foot on the ground" is what makes the stop; for example on my (gas-powered) bike I know I'generally safe from a fine if I put the foot on the ground at a stop, even if I did not completely stop the bike. There's no rule for (human-powered) bikes, but I'm pretty sure that's one of the things they taught us at school on the road safety initiation courses: when you stop, you put your foot to the ground, no exception. It's a bit like starting on first gear in a car: there's no law preventing you from revving the engine up and starting in second gear, but very few people would consider it sane. I don't know why so many cyclists insist that whatever they do is fine because there is no explicit law against it. The other day I barely avoided a cyclist who ran a red light on a low visibility intersection, almost trashing myself in the process. When I objected he answered that it would have been "hard" to pick momentum back up if he had stopped and that it was up to me to keep control on my vehicle at all times. Apparently he genuinely thought "pedalling is hard" is a valid reason to shit all over road rules.

Note that I am routinely more annoyed by careless car drivers than by careless cyclists though.

ElReg!comments!Pierre
Trollface

Re: Track Stand? Bah.

It's less of a problem now as it's now legal to ride through some red lights in Paris.

So you're the one parisian cyclist who actually stops for red lights? I thought I saw you the other day but no-one would believe me.

Wow, Barcelona really has a problem with tech disruptors. Watch out Airbnb

ElReg!comments!Pierre

Re: What is a tourist? (NOT a tourist tax)

Mmmmmyes. Taxe de séjour is how the inhabitant tax is sometimes labelled. Right. Yet you seem to infer that i'm wrong somehow.

ElReg!comments!Pierre

Re: What is a tourist? (NOT a tourist tax)

Interesting question, but irrelevant here. What I think the article calls a "tourist tax", at least in Paris, is the so called "inhabitant tax" that every person living in France pays to the loacal authority; you pay it yearly for the housing where you are domiciliated for tax purpose, and you pay it daily in hotels, campsites etc. It's supposed to cover water treatment, garbage collection, etc...

That's for Paris, I don't know about Barcelona, but I suspect the very same (with the addition of the fact that Barcelona doesn't want more tourists apparently; they should start giving them the same service as in Paris, that should help!)

Spaniard claims WWII WAR HERO pigeon code crack. Explain please

ElReg!comments!Pierre

Exactly.

As stated on his website:

Thanks to the program 4YEO you can send emails, fully encrypted, secure in the knowledge that only you and the recipient can read its contents. Even if the email is intercepted, it will not be deciphered as it has not been deciphered the message of the Second World War.

Foolproof.

ElReg!comments!Pierre

Surely this isn't a publicity stunt?

Especially reading this from the contest rules: " If none of the messages coincide with the original text, the notary proved by a certificate indicating the number of proposals received, and the fact that nobody has been able to solve it."

For now I'm trying to decipher the English version of the website. I'm making progress but I am still having trouble with pieces like "Contestants also achieve decipher it and explain how encrypted, remain in reserve, in case the first contestant gather together one of the two requirements to be declared the winner."

I think one of the encryption techniques used in that 4YEO software may be Google Translate...

Now, hearing how he plans to use a text encryption technique to create "a software for encrypting phone calls", as stated o the main page, could be interesting. Or amusing.

The Onion Router is being cut up and making security pros cry

ElReg!comments!Pierre

Re: Hodge-podge report, much?

You seem to be focussing solely on the computing power part... that's only the last step. You're also assuming a working quantum computer that would have "makes everything possible" specs... when we don't know what to expect from one, and when we know for a fact that the US don't have a working quantum computer, of any specs, to begin with. The proof? You can't get one from Alibaba.

Also, keep in mind that technology can only protect you so much:

https://xkcd.com/538/

Knowing that you need to register an account to post and/or view stuff on Twitter, Facebook, LinkedIn, Reddit, Skype, Myspace or whatever the current "compete with your friends" app-of-the-month is, and they all keep helpful tabs on who is connected to whom and who viewed whose profile...

Crucially, we're talking about the kind of people who detain and deport tourists for making Vegas party jokes on twitter there. That big data center in Utah is probably just using the quantum computers to run very advanced Twitter-parsing routines...

ElReg!comments!Pierre

Re: Hodge-podge report, much?

Well, you'd have to have a direct tap into every client device's Internet connection, and into every exit node's Internet connection; definitely not trivial.

Then assuming you had collected all this data, you'd have to store it and then cross correlate any and all of the former with any and all of the latter, with a 10-minutes moving window for each correlation... in real time!

All in all that'd require quite a few hundred targetted -and agile- taps in "hostile" territory, pipes and servers able to move and store in real time what would basically be your country's traffic plus the entire world's TOR exit traffic, and then quite a few "huge black project data center" worth of computing power. In other words: unless the NSA has secret ALIEN TECHNOLOGY FROM OUTER SPACE there's still some hope.

Of course, as previously mentionned, if you manage to selectively target a few individuals of interest then it's entirely feasible (if not easy). But then it's no longer really blanket surveillance. TOR does not claim to be able to thwart nation-state-backed targetted spying (it does make it harder though). For that you could setup a friend-to-friend network -possibly within TOR- or a TOR hidden service (which is basically the same only made a tad more vulnerable by the need for a centralized server).

Or you could use a decidedly asynchronous system, not really compatible with Web-browsing. Usenet could perhaps do, there are a couple PGP-encrypted relays to Usenet, e.g. mixnym, but I don't really know if their security has been checked. In any case you could always post PGP-encrypted messages to the relevant group yourself, if done well only the intended recipient can tell what is inside or who is the intended recipient.

(in addition to the "patterning" discussed earlier, keep in mind that the timing of your connections will often leak a lot about where you live and what you do for a living, for example)

ElReg!comments!Pierre

Re: Hodge-podge report, much?

Five Eyes and other Big-Brother-wannabes are trying to set up a critical mass of TOR exit nodes (likely through shills) so that they can pick up enough end-to-end traffic to make connections?

First you'll notice that the claim in the tweet referredt to TOR hidden services, no exit node involved in these, but fair enough, I'm game.

Protectiong against end-to-end attacks is not an aim of TOR. Anyone watching both the user's traffick to TOR and the exit node can, with timing correlations, determine that this user connected to that external ressource. However, this is rather computationally intensive compared to just watching packet streams at a big Net node and registering "to" and "from" IPs; it requires close monitoring and matching of both specific connections, something that is at present almost impossible to automatize on a large scale, notably because the vulnerable path between the user and the TOR network is typically short, and the TOR route changes every 10 minutes or so (which would disrupt timing attacks), with a lot of exit nodes in diplomatically adverse regions of the world. i.e. it works if you have a warrant against an individual target AND a way to direct traffic to exit nodes under your control. Not impossible, but you'd have to be an identified target to worry about that, it's certainly no "routine surveillance" as I intended to mean it.

What about improvements in browser fingerprinting attacks that can help make correlations even when all the traffic is encrypted (and TOR can't use a lot of padding due to latency issues)

The padding is irrelevant to browser fingerprinting. It is always possible to come up with new techniques to create a user's "virtual fingerprint". Info leaked, actively or passively, by the browser are a part of it; writing/typing patterns are another. That is not a TOR vulnerability, but the guys at the TOR project do offer advice to mitigate this. It was always advised that you used a different browser for TOR and non-TOR traffic, partly to make it more difficult to match your TOR fingerprint to your non-anonymous clearnet one. A step further, and available for a while now, the TOR bundle should help a great deal in making your traffic look just like that of any other Bundle user.

The other "patterning" issues remains; it is up to you to use different writing styles if you wish. As for the typing patterns, you could always hook up a Dvorak USB keyboard for your TOR session should you feel this is a problem, that should disrupt your pattern enough!

ElReg!comments!Pierre
Paris Hilton

@1980s_coder

Sure, and foreign-grown bananas are infested with flesh-eating bacteria.

Care to elaborate? Has TOR let you down yet? For which of your own applications do you fear TOR would let you down?

ElReg!comments!Pierre

Hodge-podge report, much?

I wonder how many non-TOR-based "malicious traffic events" have taken place in the same period.

As per the security of the network, it would take more than a tweet to convince me that TOR is not one of the best solutions to date, to the problem it strives to adress (routine all-encompassing surveillance).

Aviva phone hacker jailed for 18 months over revenge attack

ElReg!comments!Pierre

Security schmecurity

So Neale saved Aviva £80,000 per year, then? Regardless of al other fctors, that was indeed a very bad show for Esselar/Moblicity.

Brussels taxi union to disrupt the disruptors over Uber service

ElReg!comments!Pierre

Re: "Uber is all about keeping Brussels moving"

Uber is all about undercutting established businesses (not necessarily a bad thing per se ).

When this is done by dodging safety regulations (transport licence, insurance, vehicle safety) and income taxes, as is Uber's business model, well...

Also, when it comes to "moving" (i.e. traffic fluidity), Brussels is quite clearly one of the European capitals that least needs improvement (among those I've driven through, obviously). Mayhaps second to Helsinki (Helsinki's official pitch to lure foreigners is "we don't have traffic jams": they have huge billboards stating so in and around the airport :D)

Sysadmin ignores 25 THOUSAND patches, among other sins

ElReg!comments!Pierre

Re: On occasion (Aqua Marina)

That, and also trusting Windows to free up space automagically was probably not the brightest move, especially in that case. On old boxen (even relatively well-managed ones), this leads to disaster more often than not.

I can understand the state of mind that led to the decision, though.

OLPC heir reveals modular laptop design

ElReg!comments!Pierre

Re: This shit again?

In a world of £50 tablets capable of most basic computing requirements,

Except, of course, for anything useful. It will also last for a wonderful 5 years (if you protect it well), because no physical keyboard and no clamshell device, erm, well, if your "computing requirements" are Facebook, Twitter and the occasional tablet-oriented game, in a clean and safe environment, yes; otherwise, no.

ElReg!comments!Pierre

Re: Oddly I've alway s thought it's the *processor* that should be upgradeable.

I think the screen is upgradeable to increase its performances. Presumably you can do LOGO in CGA but you are likely to want a better display as you grow older (even if for no other reason than that you can afford it), so a swappable display may allow you to keep that machine for a little while longer instead of getting a MBP. Oh who am I kidding.

Arguably socket-swappable processors could be good (if not better), although I don't see that working for different architectures.

Intel's Compute Sticks stick it to Windows To Go, Chromecast

ElReg!comments!Pierre

Re: Yours will be for movies over ethernet?

The Pi tends to be underpowered in media playback last I checked, especially at 1080p

Really? Perhaps it's your setup, I don't seem to have any problem with the one hooked up to my beamer, and it's only a 2nd-gen (the 2-USB, 512M RAM one). Hard to imagine performances degraded with newer models.

ElReg!comments!Pierre
Meh

Yours will be for movies over ethernet?

Seems like a waste of money to me. A Raspberry Pi will do while setting you back only $25.

As a desktop replacement, why not, although the need for peripherals probably means that you'll be better off building cheap bottom-of-the line PCs for roughly the same price (with a "home directory on USB stick" solution if need be). These can be maintained and upgraded, too, unlike the sticks which will be dead once any one of the components -including connectors- craps itself.

BOFH: Why, I LOVE work courses. Please tell me more, o wise one!

ElReg!comments!Pierre

Do dude kecks go that small…?

Whatever, it could as well have read "0.2 furlong"; most of the male population is blissfully unaware of it's waist measurement. I had to measure just now, I wouldn't even have landed it within 15 cm (and I'm pretty slim).

ZTE Nubia Z9 Mini: The able Android smartie the company won't sell you

ElReg!comments!Pierre
Happy

"worth a punt if you're cellco plays nice"

Indeed mine doe's, and I'm going to look into this little thing.

In the meantime your probably going to want to double check you're greengrocers apostrophe...

Linux 4.2 release 'possible' for next week, if Linus feels good

ElReg!comments!Pierre
Meh

Re: Geez.

" Mac, windows, or windows lite will be your choices."

You're being a bit unfair. GNU/Linux is way more modular than the BSDs, so while you're right about Red Hat and a lot of the crowd, it's still possible to build a no-nonsense Gnu/Linux system that avoids the "windows-lite" crap. I've got 5 such systems at home. There are several ways to do it, the "out-of-the-box" approach would be Devuan, but for the more fiddle-oriented / control freaks among us distros like Slackware or Gentoo are build-as-you-go.

Ironically the only system I have at home that uses systemd is the media center SD card for my Pi, because I got the lazies.

Google's new parent Alphabet owns abc.xyz – and, yup, there's already an abc.wtf

ElReg!comments!Pierre

Registered by... someone

whois gives

"Registrant Name: c/o WHOIStrustee.com Limited

Registrant Organization: Registrant of abc.wtf

Registrant Street: Suite 3686, 24b Moorefield Road

Registrant City: Johnsonville

Registrant State/Province: Wellington

Registrant Postal Code: 6037

Registrant Country: NZ"

which doesn't really look like MS... more like an obfuscation service.

Citrix warns that Windows 10's Edge browser borks Receiver

ElReg!comments!Pierre

Interesting times ahead for the wife...

... as she's just done supervising the deployment of a new integrated management "solution" based on Receiver. Fortunately she's in the health public sector so they had to upgrade some machines from W98 to XP to make it work; W10 doesn't seem likely before next decade.

Boffinry breakthrough: Bullied bumble bot bolts brutal brat beatdowns

ElReg!comments!Pierre

Re: inaccurate reporting

To clarify and if you insist on obsolete units, the threshold in this case is not 4 ft 6 in but a bit over 4 ft 7 in. But hey, I s'pose 1 in and a eight ain't nufin when it comes to trivial matters such as advanced robotics.

ElReg!comments!Pierre

inaccurate reporting

The height threshold is actually 1.4 m, which is about 3 % higher than 4 feet 6 inches. Why deliberately introduce inaccuracies in a story?

Next-gen secure email using internet's own DNS – your help needed

ElReg!comments!Pierre

Re: Spamhaus attitude

(the correct reaction to spam is to report it to the upstream provider)

The fact that reports to abuse@mail.upstream.provider is ignored 90% of the time doesn't help with that. The remaining 10 % comprised such helpful responses as "forwarding the full message with headers is not enough, please send it as an attachment to that adress which rejects emails with attachments" doesn't help either.

ElReg!comments!Pierre

So, yeah, only slightly less secure than existing solutions then?

Looks like the whole point of this is to let institutional attackers listen in.

Safe as houses: CCTV for the masses

ElReg!comments!Pierre
WTF?

That's horrendously expensive

A few years ago I interrupted an attempted burglary by coming back home early; I then installed a motion-detector camera , connected it to my raspberry pi and got it to send me images. If I hadn't had my raspberry pi at the time I would have bought one of the slightly more expensive 'net-enabled cameras to do the same; these were still massively cheaper than the solutions presented here, and I expect their price hasn't gone up.

Decision time: Uninstall Adobe Flash or install yet another critical patch

ElReg!comments!Pierre
Meh

Re: I just

And you think you jest!

Not funny in the least (sez the sysadmin who can't get his wife off the online version of candy crush)

ElReg!comments!Pierre

No shit, Sherlock.

Adobe Flash... pretty sure it serves a useful purpose, somewhere, for someone. Come to think of it, for me it does serve a purpose. It spares me from seing the most useless parts of the terwebz. I just see a "Flash is a small install from Adobe, please click 'yes' to install it in order to view this slideshow of domesticated felines" which is definitely an improvement over the intended content.

I do wget a few .flv clips that I play in mplayer, from time to time, though.

Kali Linux 2.0 to launch at DEFCON 23

ElReg!comments!Pierre
Stop

Re: Based on systemd, so will work on ~10% of machines

I suppose I could get thousands of datapoints going one way or another using virtual machines and custom-made images. What I'm talking about here is live images (and live/install images) which by definition are supposed to be generic, and also the main use case for Admin/penetration distros such as GRML or Kali. Only systemd doesn't do generic. It may work in compile-everytime situations such as Gentoo install (and even then, I'd bet your 400 points are 390 virt and 10 phys at most).

Problem is, an admin/hack/penetration distro ain't no good if you cannot just slide the CD (or plug the stick) in any machine and boot from that, with full hardware recognition. That's something systemd just can't do, in my experience.a

ElReg!comments!Pierre
FAIL

Based on systemd, so will work on ~10% of machines

The Kali project switched to systemd, which means it will not boot properly on almost any portable machine and create problem on some desktops and servers as well. Kali's forums are already full of threads reporting major problems, and I'm not surprised, as I've tried myself some systemd-based images (Debian and GRML) all of them failed on litterally every laptop I tried (6, from 10-yo to this year's model) and caused major problems on most older (older than 5 years) desktop hardware, too.

(note that all the hardware mentionned in this post now runs Devuan without a hitch).

Samsung to launch a Snapdragon 808-based clamshell smartphone

ElReg!comments!Pierre
Thumb Up

Same here

Clamshell and physical keyboards are good. I would buy this. Then again, I might be impaired; my impairement being a profound dislike of:

-clumsy touch keyboards

-screens that suddently lose half the display size to a clumsy touch keyboard

-smudge all over the display from the use of the aforementionned.

And then there's pocket dialling.

French privacy cops snarl at websites over crap EU cookie warnings

ElReg!comments!Pierre
FAIL

@ Holmes

"People know what it means to open a web browser and visit a page"

How much are you willing to bet on that? (Protip: you're about to lose)

ElReg!comments!Pierre
Thumb Up

Re: Hosting

Very useful reminder, thank you.

ElReg!comments!Pierre
Pint

I just completely ignore your <comment>, it'a supid <comment>.

To top it off, I'm not breaking any law in the process! Ain't life wonderful?

ElReg!comments!Pierre
Paris Hilton

Re: Very annoying they are too

inhumane indeed. But then again, you "visiting Europa via VPN" to access the WWW would be you trying to escape your local "humane" legislation, yeah?

ElReg!comments!Pierre
Facepalm

BULLSHIT! [was:: CNIL? Yeah, follow your own rules, dumbasses!]

Things are bad enough without you making things up (or is it bad translation?). The French version crudely reads "by browsing this site you allow 3rd-party cookies as needed for video presentations", with a box labelled "OK, accept all" (in green) and another labelled "tune to your needs" (in gray). The "tune" link allows you to opt out of the 3rd-party cookie setting, which are from DaylyMotion and YouTube (explicitly stated, individually tunable).

On my cursory check 10 s ago no cookie was set at all (I did not check the "OK, accept all" button, obviously).

I'd say they're pretty much following their own rules, unless I missed something.

ElReg!comments!Pierre
Stop

Re: flash cookies and localstorage NOOOOO!

Please don't give ElReg webdevs any (more) bad ideas.

Browsing ElReg from low-footprint browsers or screen-readers has gotten hard enough with the new layout.

ElReg!comments!Pierre
Thumb Up

Good (wo)man, you!

I think your approach is great, and as your (l)users may not be grateful enough, allow me to do the following in their stead:

Thank you.

ElReg!comments!Pierre
Thumb Down

I'm sorry Drew, that's BS

"too intrusive for mobile" and "we trust our users yada yadda" is just marketspeak for "we can't be arsed".Let's forget we're on a tech site and pretend you don't know any better; one good way to comply with the law would be:

-check for the REGACCEPTCOOKIES cookie; if present, proceed without any banner or warning;

-if absent, present the user with a tick-box (in any form: dedicated page, another bit of JS crap, whatever). If box is ticked, set REGACCEPTCOOKIES cookie (and then some);

-if box is not ticked, present the user with whatever you feel you can do without setting cookies. Heh, that may even be a blank page with "tick the box, dummy" in the center; not nice, but legal.

-job done

Intrusive? Maybe on the first connection. Much less intrusive than the current solution in the long run though.

I'm sure there are other ways you can think of.

UH OH: Windows 10 will share your Wi-Fi key with your friends' friends

ElReg!comments!Pierre
Happy

FON

I just have a Fonera. Keeps the public network separate from my private one(s), with track being kept of who does what from the public side (local laws otherwise states I'm responsible for everything that goes through my network).

Also it gives me a nice convenient separate (private) LAN with a password that can freely be given to guests and changed at a whim. Not that it matters much, as there's nothing else than guests on it.

BOFH: Don't go changing on Friday evenings, I don't wanna work that hard

ElReg!comments!Pierre
Happy

Re: It's my motto

Bullshit!

Friday afternoon changes are the best. Just make sure that:

-you strictly the required change, for which you have a written order, 2 minutes before the end of the shift

-you're not on call on the week-end, or in on the following Monday, or on Tuesday for that matter. On company-approved leave, of course (to be made up during the week-end, if need be).

-the change has the potential to ruin someone important's life (or contract) if anything goes wrong.

You only usually get the one try, so make it good.

Friday afternoon requests should be pretty seldom after that.

A good effort, if a bit odd: Windows 10 IoT Core on Raspberry Pi 2

ElReg!comments!Pierre

A relevant picture on El Reg!

I am thankful for the relevant use of the rightful use of the new-fangled "huge pic in your face".

Not so thankful as to read the article though, as I'm busy enough running proper software. But hey, I'm keeping notes, I might even direct people to this article if they want a go (poor souls).