3370 posts • joined 26 Nov 2009
"What we have is either a nation of already-retired millionaires splashing their money on tat and pizza and enjoying sitting in a London street in a queue, or a nation of people who really have nothing else better to do spending money they don't actually have or should be spending on other things.
I'm not entirely sure which one I find more disturbing."
The latter possibility is worsened by the fact that:
Apple customers will presumably be lining up to buy the latest iGadgets on Friday, though they will only be able to purchase the most expensive iPhones first - the XS and XS Max - with the other models due to hit the streets next month.
The nature of fanboyism (and this doesn't just apply to Applytes) is that sufferers are more likely to try to get something sooner, even if it's the more expensive option, rather than wait. Companies like Apple know this, and they're exploiting it.
"If you read TFA, you'll see that the neweggstats domain was specifically created to exfiltrate data in this hack. "
I did read TFA. And I've just read it again - while the phrasing says the dodgy domain was used for newegg, it doesn't say it in a way that firmly leads me to infer exclusivity. There's enough ambiguity there to make me question it based on my recollections.
That said, however, on my drive today I realised that what I was actually remembering was the name newrelic, not newegg.
So, all you have to do is check every single site that you might input your credit card into and make sure that none of them are connecting to an unauthorised third party site, bearing in mind that many websites uses scripts on different domains to function, and that you probably won't be able to guess which are legit and which are bogus without at least checking the whois records for every single one.
Can I assume from that helpful explanation that you didn't notice the mention of NoScript in my original post? I would imagine most people who use NoScript are perfectly well aware that "many websites uses scripts on different domains to function". That's a large factor in why we use it, not to mention why I'm able to vaguely remember seeing (albeit incorrectly in this case) a particular domain name in play on other sites - a result of looking at what scripts sites are trying to load.
The article says it was created on 13th August by the crooks. The article says Newegg's customers were affected. I'm questioning whether there's a possibility there may be a wider problem, based on my (possibly dodgy) recollection of what I've seen via NoScript.
I've never purchased anything from an outfit called 'Newegg' - and I don't remember ever specifically visiting a website with that name. However, I am familiar with the name, and I'm pretty sure that's in the context of NoScript - its list of scripts on a given page.
This leads to the question: Are there sites using services provided by (scripts from...) Newegg - or is what I'm remembering Neweggstats? i.e. are there potentially other sites out there that were also running the dodgy Neweggstats script?
"Have them ask for a refund ?"
The deadline for claiming back PPI is getting nearer - so there does need to be a new thing people can claim back in order for the PPI claim companies to stay in business.
Well, I was thinking of additional steps - but your reply makes me think they may be a step too far:
I was considering have the user appoint their preferred T-shirt printing company. When I send them the code for the card, I would also send a checksum to the company; they would print it on a T-shirt and despatch that to the user to wear in the same picture. You've heard of 2FA - this would be 3PA (third party authentication).
If they don't want to go to the cost of having T-shirts printed, another option would be to appoint a trusted third party who would write the checksum on the user's forehead using permanent marker.
Options I considered but discarded include having the user have tattoos of any codes (or imagery to make it harder) - but I realised they'd run out of space.
Another option would be biometric - fingerprints. In this case, though, I was thinking that they'd have to cut off their finger and use a same day courier to get it to me for verification. So I'd know it's not just someone using a gummy bear. The flaws in this were twofold, however: First of all it would limit the number of possible log-ins because they'd run out of fingers to type with (and worse, it would be fewer than ten, because as the number of fingers is reduced, their typing would diminish - long before they actually run out). The second issue is that I wouldn't be able to be certain if the fingers were cut off by themselves as part of the log-in, or by criminals trying to defeat my system.
I've got this cracked.
When a user wants to log-in, they input their user name and password.
Then there's the second factor authorisation - they get sent a code they must input.
Then they enter digits x and y from their existing authorisation code.
I am then sent an alert. I look them up on a old fashioned rolladex.
I then ring them using their number on that rolladex and see if I recognise their voice.
If I do, I give them another code to input into the next stage of the log-in.
I manually check this, and if it matches I email them a new code.
They must write that code on a piece of card, and email me back a selfie with them holding it in shot.
If the code in the picture matches, and their face in the picture matches the one in the rolladex, they are finally granted entry.
Re: “Beautiful accounting software”
A line that effectively highlights form ("beautiful") before function ("accounting software").
I use it for a client, and I hate it.
"Let's see it pick up a cup of tea by the saucer."
Well, unless I blinked, we didn't even see it pick up the mug - only look at it briefly before the video cut to it (initially) failing to pick up a cuddly toy.
"and we know it has an atmosphere containing organic compounds and five moons."
I'm not entirely sure that's true - I suspect its five moons are beyond its atmosphere.
The specs for the existing APIs and (I think) beta ones are all published on HMRC's site somewhere, and there is a sandbox for developers to test them - so I would hope that includes this, and that all third party accounts software developers therefore have access.
I suspect what he means is that because they are supposedly registered in the EU, but in a different member state than the customer, they should be able to accept the VAT registration number of the customer and charge net - the VAT is deducted at source.
But, presumably, they aren't doing this. And if they don't, it complicates reclaiming the VAT - you can't deduct VAT from a different member state on your UK VAT return; only UK VAT charged at the UK rates.
Re: UK VAT Return
"The boxes relating to EU transactions will need to be stripped out (2, 4, 8, 9)."
(Without having a return to hand to look at, so from memory...) If box 4 is removed, no businesses will be able to claim back any VAT on expenditure. I think it's just 2,8,9 that directly relate to cross border EU trade.
Re: Local Optician
Er... MonkeyBob was joking about the USB ports because a (normal) BBC Micro doesn't have such modern niceties.
I say normal, because people do tinker - for example, this is from 2012:
Re: And as always
"I don't care if it was a third party that leaked, the data was entrusted to them."
So if you use the same log-in credentials on Site A and Site B, and I manage to steal them from Site A and log-in to Site B with them, it's somehow Site B's fault?
You've just left a spare key somewhere, which I've got my hands on and used, and then you've blamed the house for allowing its front door to be opened with that spare key.
[Browsers set to wipe cookies at session end]
"It's year 2000+, website changes too much for cookies to have any meaning to be kept on disk for long term. Every user should be doing that."
Speaking as someone who also configures the browser to wipe on close, yes, I agree - browser developers should be thinking along these lines: Make this the DEFAULT behaviour if you truly value the privacy of your users.
And as a further suggestion: Consider how to implement a UI to go hand in hand with that basic default that can be used to allow exceptions, without the user going into the settings and doing it manually - some kind of button on the toolbar, clicking on which shows the cookies in use by the currently displayed site, and an exception toggle by each one, perhaps, so it's on an individual cookie basis, not a site/domain basis.
(Although for all I know there could be add-ons/plug-ins that offer something like that - along the same lines as Ghostery, but for adding end-of-session-wipe exceptions).
On my desktop, they're easy to ignore because they don't take up a huge amount of space - and I could safely click "Ok" on the basis that as soon as I close the browser, they'll be gone.
On my phone, though, they take up a ridiculous amount of space - so now I find I'm using the browser less and less for anything other than the basic set of tabs of a few regularly visited sites.
Please, please, please... if this is done, even if it is only a Pepper's Ghost effect, can the people involved prank him by convincing him it is absolutely necessary for him to have an 'H' stuck to his forehead. To help keep the cameras or whatever other equipment is used calibrated as he speaks.
Re: Horace goes to Epping forest
"with some dodgy characters"
Well, that's 8-bit graphics for you.
Especially when it's a 2-bit company behind it.
Re: Give it a couple of million years
"Our genetic makeup is pretty much the same"
Exactly my point. Don't forget, people, that the person I was replying to said that humans in 10,000 wouldn't look anything like us now. While being taller or shorter, or having a bigger or smaller brain, etc, may well be significant changes, they are a long way short of that. I said we haven't changed that much - and we haven't; we would easily recognise a human of 10,000 years ago as, well, a human.
Re: Give it a couple of million years
Why? We haven't changed that much in many more than the last 10,000 years - so why would we change so significantly in the next 10,000?
Google keeps tracking you even when you specifically tell it not to: Maps, Search won't take no for an answer
Re: Google takes revenge
"because ‘Google could not verify that you are the owner of this account’."
Yeah, I've had that recently - but not for gmail, but logging in to my Google account via the web to look at a Docs spreadsheet. Well, when I say my account, I mean one of them...
A couple of years ago I created a separate one to my own for use at a particular client, so they could share docs with me; since it was a use specific to them, I used my email address that I have with them. But - just as with my own account - I log-in *very* rarely.
When I did a couple of weeks ago, even though I had the password absolutely right, I got locked out because "Google could not verify..." - part of that verification, though, was that they allegedly sent an email to me with a code in. That email didn't arrive until much later.
I think it's a couple of things at issue - very rare log-ins and the lack of cookie persistence. Google never recognises my machine, because there's no history there.
(I got around the problem at the time by going to someone else's computer, and simply accessing the sheet from there, using his account - so, er, yeah...)
"this is a sting I took last year"
The last time I remember being stung was when I was a teenager. Some friends and I inadvertently disturbed a nest - and when we realised, ran like hell. Quite some distance later, I said I can still hear one of the buggers. Then I felt a sting in the back of my head - and a few seconds later another, then another...
One of my friends spotted it, trapped in my hair - and it was stinging me repeatedly in the same spot because that's all it could do.
My friend then splatted it. Problem solved.
That multiple sting aside, we were very lucky, really - AIUI they're more likely to be able to spot you if you move. And also, when one stings you a pheromone is included as a bonus extra that marks you as a target for its angry pals.
Re: Spaaaaaace Foooooorce!
That "comedy" was awful. I'm surprised it didn't run for at least ten years.
Top Euro court: No, you can't steal images from other websites (too bad a school had to be sued to confirm this little fact)
"Hold up, if it was on the travel website with no indication of copyright either by watermark or signature then how exactly were the school to know of the copyright in the first place?"
As well as everything Lee explained, there should be a fairly simple way to ascertain the status of the image: That website it's on? Look for contact details. Contact whoever owns or runs the site and ask.
Had the pupil and/or teacher mentioned done this, they would probably have been told the image is subject to copyright and licensed for use on the site, and given the contact details of the photographer, so that they could ask for permission to use it in the project.
Re: Shitty packaging...
An unboxing video I found on the twitter a few days ago: https://twitter.com/ChinnyVision/status/1023198756018122752
Re: I think...
Ditto - which is why I'm baffled as to why a bunch of online clothes shops have people's dates of birth on file. Do they apply some kind of rule when browsing their websites to ensure people over a certain age don't try wearing fashionable things and thus make them uncool, or something?
Re: A wavelength of 200 ... metres
And even with these properties in the pyramid, they'd still struggle to get good reception.
Re: CBeebies on Sky too
"Though when I tried to login to the news and got an HTTP 500 I genuinely feared that the site had become overwhelmed because some large (and catastrophic) newsworthy Event had occurred."
My immediate thought - because I noticed the flames on the test card image - was that they were pranking us, perhaps in order to add something real that people would remember when (say) an upcoming Doctor Who is broadcast, with a story set at the time the website supposedly went down due to whatever disaster/invasion/whatever the Doctor averts.
Also: it says in the article that iPlayer wasn't affected - but it was if you scratched the surface: Click on the iPlayer link and the site appeared to be up, but following through to anything therein (at least for me) resulted in the same error.
"Well, I guess a Hoover is out of the question to clean the place up."
Tsk. A Hoover. Silly boy.
You're quite clearly missing the obvious - we've sent rovers to Mars, so it needs to be a cleaner with roving ability to combine the two tasks. We should build the next rover around a Roomba.
"because hashland would sound silly."
Not really - it sounds like an ideal name for the go to shop for a certain recreational substance.
"I think some of these are easter eggs put in by the developers."
^This. Possibly - and also possibly a buggy lookup related to it.
Also, upon reading this article and the first few comments (16, 17, 18 x dog) I went from one to I don't know how many. The first few just repeated the text to translate. Four dogs became three, and a few beyond that it began appending "reader email". Up in the twenties, it was variously inserting "krist" or "christian" in the translation. Beyond that it became more random, but repeating some of the earlier ones - for example at one point it showed the word dog n times followed by the 16 translation.
So I suspect, as AC said, an Easter egg, whereby the developer(s) responsible have triggered a lookup at certain points, and in some cases it's getting the count wrong, reading a pointer from the wrong place as a result and reading/adding these other words/terms.
Ah, so you're a waffle man!
Re: Don't be Facebook
"I definitely don't want (to think that) you are serving up what some algorithm *thinks* I'm interested in..."
^This ^this ^this ^this ^this ^this ^this ^this ^this ^this ^this ^this ^this ^this ^this ^this.
OTOH, I use the RSS feed so the layout of the front page is irrelevant to me. :)
"Am I the only one who does this?"
Well, contrary to popular belief, I'm not completely paranoid - I don't do anything to the cameras in my laptops; they're intact, no dismantling, no tape. But that's largely because I almost never use the laptop's screen etc - most of the time I use them plugged into an external monitor/keyboard/mouse, with the lid closed.
The exceptions tend to be in clients' offices or in public - so if there were any questionable videos of me captured on the built-in camera, I would probably have been arrested already.
Note: I have received a scammy "we have a video of you wanking" email, back in May, though it was clearly less targeted and more random (generic address, didn't have the bonus of an old password, etc). I found it very amusing - so here it is for everyone's enjoyment. I particularly liked the euphemism "burp the monkey" and the fact that the scammer(s) apologised for their poor grammar.
Re: Linky = Come home to a real fire
I think that's linked to one of the supposed benefits of smart meters. Some of the advertising claims they can help you to save money on your gas/electricity bills - I guess they do this by spontaneously helping to keep you extra warm and toasty.
And if you live through that, your house has been burned down, so you now have no more gas/electricity bills: a 100% saving. What could possibly be wrong with that?
Re: Only yesterday...
I used to work with someone who used his phone like that (Dabbsy's second picture in the article). I didn't realise he was doing it at first; whenever I spoke to him on the phone, the background noise/echo etc made it obvious he was using it in hands free mode (i.e. using the loudspeaker), and he was always very loud himself - often ridiculously so (I had to move the phone away from my ear).
Then I was in the office with him when he was on the phone to someone else and the reason became obvious: He was holding the phone like that, in hands free mode so the person at the other end was on loudspeaker and he could hear them; the mic was very close to his mouth, and he was shouting into the phone.
"PC shipments just rose,
thanks to in spite of Windows 10"
Re: Backups and redundancy, FFS
"I did, and then most of the providers dropped MasterCard and converted them into Visa cards"
Why on Earth has someone downvoted that? From my experience, what AC said there is true. I have quite a few cards - they were a mix of different banks and spread between Visa and Mastercard. Now only one is Mastercard. (For example, the one attached to my main personal bank account was originally a Mastercard and was replaced with a Visa when the bank switched.)
Re: Review of the impact of ICO Civil Monetary Penalties - 20140723
"Well, it's a report by the ICO on how effective ICO fines are, so it sounds like it should be relevant. As it turns out... not so much. The impact of penalties was assessed by interviewing a few organisations who had been fined. Amazingly, they all say that they've totally become more proactive in addressing their information rights obligations."
They probably received a discount against the fine for taking part in the survey and giving suitable answers.
"Just because you've never opened a Facebook account, doesn't mean they don't know anything about you."
Is that the new "Just because you're paranoid, it doesn't mean they're not out to get you" ?
"I have never signed up to Facebook, but I'm sure they know something about me"
Quite. And as I've mentioned before, since signing up to Facebook again (long after "deleting" the old account) - and this time with a different address etc - it's interesting to see what shows up in my profile that hasn't been (directly) provided to them by me.
In particular, I'm looking at the 'advertising settings' which shows something from my phone, even though the Facebook application has never been anywhere near it - and here we see something very wrong. (I suspect Facebook may have randomly added these because of a lack of real data - but their wording says otherwise!)
You're indestructible, always believe in 'cause you are Go! Microsoft reinvents netbook with US$399 ‘Surface Go’
Re: The Microsoft Slurpage has to STOP!
"By the logic of 'genie already out, give it up' - we might as well not try to fix any of societies woes and just retreat to our castles if we have them and let civilisation burn - people have looted raped and pillaged for centuries, why fight it? People have pick-pocketed and corps have ripped off consumers and abused their positions of power - we just let them continue?"
Very much this^ - have an upvote.
But also, going back to the post that mentions the genie being already out:
"Do you not think that the reassuringly tasty cookies this very Website serves up, doesn't also invade your pivacy again when you leave it? And, where there such an aurgument that this Site would never pertake in something so loathsome, then what about the next Website your get off to?"
Your browser, perhaps with the help of third party applications, almost certainly offers you controls that can curtail this - mine does. Learn to use those controls, and limit the potential invasion of privacy. The more people who do this, the less data those cookies provide, and the more worthless they become.
But if you take the "the genie is already out" attitude, you may as well drop your trousers and adopt the position ready for the next round.
"Or are App developers, by making privacy so difficult, are taking advantage of peep's laziness so they (the developers) can profit from the data?"
Something along those lines, I think.
"Sharing is Caring!!!*"™
Don't forget that"Privacy is theft!" and "Secrets are Lies!"
"Given the similarities in the information from the clip and this article, seems to me that they likely were based on the same reference material. "
Well, the article says "...researchers at the University of Bristol, in England..."
And the guy in the video says "... a study published in Current Biology this week by researchers at the University of Bristol in the UK..."
So, yeah. :)
FTA: "However, for the occasions when only that particular Windows application will do ... Wine does the job nicely"
Except where that particular Windows application is one that doesn't work under Wine.
Re: The people who run Wikipedia
This is news to you?
Re: Dates of birth
"Why some companies think they need your date of birth to sell you mince pies remains a mystery."
Quite - which is why whenever a site/form/whatever asks for my DoB, if I don't think they really need it I give them a false one and add it to the data in my password database in case they ever try to use it as some kind of security bollocks.
(I've tried to make myself ludicrously old a couple of times, but the sites I tried that on wouldn't accept that I could possibly be over five hundred years old.)
It is indeed - it's designed to discourage people, particularly teens, from taking dodgy selfies, on the basis that they'll never know who will end up seeing them.
Re: I thought of the child(ren)
"A .22 doesn't really have enough stopping power to deal with an intruder."
It appears to have stopped the one this story was about.