* Posts by VinceH

3483 publicly visible posts • joined 26 Nov 2009

Ashley Madison hack – Tory MP Green denies registering account

VinceH
Facepalm

Optional

"Ashley Madison does not require users to verify their email addressees"

If that's so then I hope they don't bother sending anything to the addresses of people signing up - because signing up with someone else's address would be an obvious way to be an annoying bastard.

And assuming they don't, if the address is neither verified nor used, why do they ask for it in the first place?

Dating gets even more dangerous after PlentyOfFish suffers tainted ads

VinceH

Re: There is one way to fix this problem forever

Quite.

I am resisting the temptation to create several fake El Reg accounts just so I can upvote you more than once.

Edit: I've just spotted that you replied to that post saying pretty much the same as you did above.

Get whimsical and win a Western Digital Black 6TB hard drive

VinceH

"Beam me up, Cornelius"

Security fears arise over body-worn plodcam footage

VinceH

"Given the number of issues we have with be police departments, I'd like the body came to be like other webcams where anyone can pull up a browser and see what officer joe is doing today."

Well, subject to a few limitations, yes. It would need to be off (or inaccessible to the public) in certain situations - for example, you wouldn't want this sort of conversation happening in Mr Bad Guy's house:

Fred: 'ere, Bob, y'know that copper what was pestering us the other day?

Bob: Yeah, PC Plod. What about 'im? 'e 'ad nuffink on us.

Fred: 'e might of 'ad more 'n we thought.

Bob: Whydya say that?

Fred: I've just logged on to 'is bodycam.

Bob: And?

Fred: 'im and a bunch of other coppers are standing just around the corner...

Oi, Google! Remove links to that removed story, yells forceful ICO

VinceH

Re: Please remove the link...

"But have you ever tried to do that for query sets containing millions of exclusions - on a search engine that gets millions hits a minute?"

That would be the wrong way to do it. I don't run a mafuckinghoosive search engine, but if I did, I would:

(a) De-index search results from the name at the point the request is made, and

(b) Establish the reason for the de-indexing request, and add that filter into my spidering/indexing algorithm - so that any new pages mentioning the reason don't get linked to the affected party's name in the first place. (This would be much cheaper than filtering at the point of a query).

It's still flawed - particularly from the 'forgotten' information still getting out. If at some point in the future someone wants to write about Blobbo Boggins and his inflatable friend and have the results indexed, they'll just devise a new way to describe the inflatable friend - but it should mitigate the problem you point out.

Veedub flub hubbub stubs car-jack hack flap

VinceH

Re: Do Lamborghini use the same system?

When reading that, an item in the 'related content' caught my eye.

Extreme porn charge as man caught with video of sex with a fish

'Marshmallow' picked as moniker for Android 6.0

VinceH

Re: Well, it could have been worse....

"Mackerel?"

Mydog'sfarts?

Note: I'm deliberately ignoring the part about it being named for sweets ;)

Ransomware blueprints published on GitHub in the name of education

VinceH
Unhappy

"If I can learn what they do, maybe I can better make people around me understand that THEY SHOULD STOP CLICKING ON BLOODY EVERYTHING."

Good luck with that.

Don't fight the cistern: Voda takes the plunge with plumbers’ parking app

VinceH
Boffin

89.4% of people get that made up statistic wrong.

Microsoft replaces Windows 10 patch update, isn't saying why

VinceH

"Language!"

Pardon his French.

You've been Drudged! Malware-squirting ads appear on websites with 100+ million visitors

VinceH

Optional

"The popularity of ad blockers may really force the ad industry’s hand to change how they go about advertising."

Wouldn't it be nice if they did just that, and concluded that people find unobtrusive, static adverts acceptable - say, just PNGs used for banners, with no Javascript required to display them, just an <img...>, and everyone in the ad industry started presenting their adverts that way.

The more likely outcome is that they'll look for a way to get around the ad blockers - and make their adverts even more obtrusive to boot. (Or see Big John's comment at the top for an alternative hypothetical road ahead.)

Boffins spot a SECOND JUPITER – the gas giant's baby sister

VinceH

"I've been getting keyboard marks on my face from the bad habit media has of publishing a cartoon instead of the photo whenever astronomers discover something. As if the photo and an artists impression were in any way equivalent."

What amuses me in this case is that the artist clearly concluded that because the planet is like Jupiter, it would have a red spot.

IoT security is RUBBISH says IoT vendor collective

VinceH

Re: Optional

That is indeed more realistic - but as well as on the product, it should probably be prominently displayed wherever it is sold, including (especially?) through third parties.

VinceH

Re: Optional @VinceH @Anonymous Coward

Since you were replying to me...

"Too bad you were too cheap to move to Windows 7 or later."

Just for the record, while I do have a machine running XP (for a specific purpose) my main computer - the one on which I am typing this - is running 8.1

"Just HAVE to get your gratuitous digs in on Microsoft,"

Yes, yes I do.

"that company that pretty much launched the careers of the majority of IT people today and to whom you owe most of your income to."

No, no I don't.

VinceH

Optional

"In other words, vendors can't simply abandon users either at the end of the warranty, or at some arbitrary end-of-life date. If a security vulnerability emerges (and the vendor still exists), it should be patched."

That sounds sensible - but, noting that Microsoft is a member of the group, we should consider what the 'T' stands for in IoT.

A computer is a thing - even one running XP.

Samsung Galaxy S6 Edge+: 4K-positive fun for ... vloggers?!

VinceH

A spoon-shaped phone

That's a brilliant idea.

Where's the Kickstarter page so I can sign up?

Australian court slaps down Hollywood's speculative invoices

VinceH

Re: Loophole

It's a bond - provided they do as they've been told, it would eventually be returned to them and, as such, is not a cost.

Have an iPhone? Mac? Just about anything else Apple flogs? Patch now

VinceH
Mushroom

Re: Hope, both.

Dagnammit! Those two AC posts are confusing and are going to make my head explode!

Apple tries to patent facial recognition

VinceH

"Google has also been tied to the development of facial-recognition tools, an issue that was brought to light by privacy-conscious users when the Chocolate Factory began dabbling in augmented reality back in 2013."

Really? Nobody noticed Picassa's facial recognition feature before then?

NSA: Here’s $300,000, people. Go build us a safer Internet of Things

VinceH
Black Helicopters

Optional

"Given its history, particularly when it comes to intercepting the supply chain of routers to plant backdoors, it might be tempting to think that the NSA wants to backdoor IoT devices too. But it's hardly worth the effort on kit that is wide open and insecure in the first place."

John, you aren't being cynical enough.

The NSA's thinking is that at some point, there's a chance that end users will finally wake up and smell the coffee and start insisting that these things be properly secured* - so they're doing this to get in early and ensure that if these things are to be made secure, it's using something in which they've already paid for back doors.

* Granted, it's a slim chance, because most of the general public are more interested in the new shiny being convenient, which decent security can be a hindrance to. However, a slim chance - even an anorexic one - is still a chance.

Cheers, Bill Gates. Who wouldn't want drinking water made from POO?

VinceH
Holmes

"Who wouldn't want drinking water made from POO?"

I don't know about who wouldn't - but I'm sure Bear Grylls would!

Obvious icon is obvious.

Chill, Philae: Shadow may protect comet lander from Sun roasting

VinceH

Optional

"Philae didn't land as it was meant to: instead of spiking itself to the comet, the lander bounced and ended up in a spot where it wasn't able to charge its batteries from solar panels.

However, the German Aerospace Center's Manuela Braun has told Agence France-Presse that if Philae landed where it was intended, it would have been cooked back in March or April."

Are we sure the lander wasn't struck by lightning and has become self aware as a result? If so, that landing might have been a deliberate act of self preservation. We should try sending it a message asking if its name is Johnny Five.

Sex app Tinder in public meltdown – because a journo dared suggest it was, well, a sex app

VinceH
Alien

"Tinder creates experiences. We create connections that otherwise never would have been made. 8 billion of them to date, in fact."

8 billion connections, compared to around 7 billion people on the planet, nowhere near all of whom are using Tinder (a bloody huge amount of them being kids)

These numbers strongly suggest casual hook-ups and/or affairs - unless Tinder is trying to become a Facebook-alike, where people can 'connect' and stay connected in the Tinderverse without actually getting together.

AAMOI, I wonder what the actual number of active users are - that'll be an interesting comparison with the 8 billion connections.

Unless, of course, the user base isn't just Earth-bound. See icon.

What a shower: METEORS will BLAZE a FIERY TRAIL across our skies

VinceH

Re: Isnt this?

No - the triffids should be already here, being farmed.

This is where we all go blind and the triffids are able to take advantage.

Boffins: The universe is DOOMED and there's nothing to be done

VinceH

That might be what's happening - it's just that the shutdown process is a very long one.

OK, who unplugged the modem? North Korea's internet disappeared for four hours today

VinceH

Optional

I blame Sony.

'WOMAN FOUND ON MARS' – now obvious men are from Venus

VinceH

Re: Ray Bradbury called it...

That'll be because it's one of The Martian Chronicles.

Introducing the Asus VivoMini UN42 – a pint-sized PC, literally

VinceH

Re: Odd combination.

"A lack luster chipset - celeron compared to i3 - i5?

32GB SSD for windows?"

I did a quick search and found a Core i5 model on Amazon. It's a bit pricey, though.

(In case it changes - at the time of writing, it's priced at £99,999.99 plus £6.90 delivery!)

Borg blacklist assimilates Cryptolocker domain name generators

VinceH

Re: So...

"Does this mean that anyone who makes domains from two or more words, such as "theregister", are likely to suddenly find their domains being blocked?"

No. Darren may not have explained the process in any great detail - but he didn't suggest multiple words; I think you've inferred that from the use of dictionaries etc. It's worth clicking through to the Cisco article and reading that for more detail - and examples of the type of domain names picked up.

Yahoo! parties! like! it's! 1999! with! retro! billboard! revival!

VinceH

Re: The cynic yahoo bashing gets old

Yahoo provide mailing lists. Unfortunately, I subscribe to a couple. I used to subscribe to those (and other) mailing lists using my primary email address - but I've recently switched to a separate POP3 account for mailing lists.

Before making that change, the messages I received from the Yahoo-hosted lists were plain text. Now they're HTML. There doesn't appear to be a way to switch to plain text without having a Yahoo account.

I did have a Yahoo account once - and must have changed the message format way back when. However, I closed the account because Yahoo kept sending occasional marketing emails despite all my preferences saying no. So I don't want to set up another.

So Yahoo are annoying - and deserve a bashing AFAIC.

(And the owners of those mailing lists deserve a good kicking for using Yahoo.)

HTC caught storing fingerprints AS WORLD-READABLE CLEARTEXT

VinceH

"The researchers point out that this is a very serious mistake by citing research predicting that fingerprint scanners will exist in about half of all phones sold in 2019."

That doesn't mean that fingerprints will be used in about half of all phones sold in 2019.

I have no intention of ever willingly using a fingerprint scanner in a phone (or anywhere else) for security purposes - not least because if biometric data is used it should be for identification purposes, not security.

Facebook unleashes mighty data trove to learn how you laugh

VinceH

Re: detecting fake laughter

"For typed ones, it's just arrogance attempting their truthfulness."

Not only that, but how are they identifying actual expressions of laughter (truthful indications or otherwise) versus ones typed by numpties who seem to think they have to follow every sentence with one?

"I'm off now, I'll chat with you later lol"

Ubiquiti stung US$46.7 million in e-mail spoofing fraud

VinceH

"so the chief accounting officer shipped 46million USD out on the basis of an email?"

It's better than that - judging by the use of plurals, it was a number of smaller amounts adding up to 46 million USD.

In other words, the thieves got away with it once, for however much, then thought "Bingo! Let's go for another chunk..." - repeat until $total = 46 million, at which point someone finally thought "Hang on a mo..."

Safe as houses: CCTV for the masses

VinceH

@Chris 3

"Your NAS system is fine until someone walks off with the NAS or burns the house down."

I know the person to whom you replied suggested logging into the NAS to see the pictures - but the NAS can be used as a starting point.

The camera drops the pictures onto your NAS, then a piece of software under your control which is monitoring the NAS for new images could upload them to somewhere of YOUR choosing, under YOUR control, and/or email you a notification to say there are new pictures. (This of course means you are responsible for your own security).

In this scenario, neither the camera nor the NAS (and therefore the firmware supplied with them) go anywhere near the internet and - in particular - the camera manufacturer doesn't benefit from that slice of your monthly income (with the future option of changing the protocols and making that camera obsolete, in order to get the occasional larger slice when you are forced to upgrade). And the images still end up offsite.

Everyone wins. Except the camera manufacturer. And the burglar.

VinceH

And that's perfectly possible.

There are plenty of IP-cameras with motion detection out there that don't require any of this crud*. I have three cheap/low quality ones (better quality ones exist) sitting here unused that I've had for years. They have a simple web interface for local configuration and access - and which you can access from afar if you wish, or you can configure it to use FTP or SMTP.

When I played with them I was wary of the security of accessing the web interface over the intertubes, and chose not to use FTP; instead I set up a separate mailbox specifically for the cameras, and set them up to use SMTP: Pictures stored offsite, which I can check if I wish just by peeking in the mailbox.

* However, time moves on, and as more and more manufacturers realise there's an opportunity to grab that piece of our monthly income... OTOH, look at the first post from ZSn above. A perfectly good solution, despite someone (who has presumably partaken of the Cloudy-Kool-Aid) downvoting the post.

Surprise! Evil-eyed cats MORE LIKELY to be SNEAKY PREDATORS – boffins

VinceH

Optional

"So there you have it, science agrees – cats really are evil."

Well, duh - you can tell just by looking at their ey... oh. I see.

All hail Ikabai-Sital! Destroyer of worlds and mender of toilets

VinceH

Re: To return to IT.

"The sticker had no business being on a device such as an IBM-type PC which was deliberately designed to be opened in order to add network cards etc (hint; the PSU is in a separate enclosure)."

I had a Compaq machine once. The tower case design was really nice - undo a couple of clips, and case would slide off, allowing the user to get at the insides. A joy for those of us who like to expand the computers ourselves...

...until you looked more carefully. Drive bays and so on had a slatted frame around them, riveted in place - all designed to make it as difficult as possible for the punters to do much of anything themselves, and instead encourage them to pay Compaq a premium for upgrades etc.

A drill and some care later - that problem was sorted.

VinceH
Holmes

"B. Don't you have a step ladder? Stand on the first step & pee between the rungs."

Nah... just take a step or two back and aim high.

"Careful aim might be required."

And sufficient force.

Icon represents a different problem.

Boffinry breakthrough: Bullied bumble bot bolts brutal brat beatdowns

VinceH
Terminator

Optional

Today, the 'Abuse Probability' is used so that the robot can try to steer clear.

Tomorrow, the 'Abuse Probability' can be used to determine if it needs to make a pre-emptive strike.

The day after, why bother with an 'Abuse Probability' ?

Yesterday, it'll be going after Sarah Connor.

Windows 10 is FORCING ITSELF onto domain happy Windows 7 PCs

VinceH

Re: "And it’s all happening despite Microsoft promising – here – that it wouldn’t."

I'd guesstimate that she's around a size 11 or 12. Overweight? Perhaps, but if she is it's only mildly so - and as such, she's a far better role model than some skeleton with a bit of skin stretched over it.

VinceH

Re: "And it’s all happening despite Microsoft promising – here – that it wouldn’t."

Well that's annoyingly catchy. I even let it play all the way through. I take it that's what 'the kids' are listening to these days?

(As an aside, it's nice to see the singer isn't a skinny little wretch leading her fans to go on pointless diets)

EFF's Privacy Badger will block snooping ads and invisible trackers

VinceH

Re: Just trying it

"Quite a few red ones too, including Google Analytics on this site!"

That's not coming up here... unsurprisingly: NoScript is blocking it. However, I notice Ghostery still lists it even though the scripts are blocked. Which leads to an interesting comparison. Looking just at this page:

With my normal settings:

  • Privacy Badger is only listing regmedia.co.uk (allowed)
  • Ghostery is listing DataPoint Media, DoubleClick and Google Analytics (all blocked)
  • NoScript is set to allow theregister.co.uk, but scripts are not allowed from admedo.com, dpmsrv.com, google-analytics.com and googletagservices.com

I'm assuming the scripts from admedo.com and dpmsrv.com would be the source of the DataPoint and DoubleClick trackers if they weren't blocked from running. So while the three listed by Ghostery are effectively already blocked by NoScript, Ghostery is still able to detect that (without NoScript) those cookies could be put on my system - while Privacy Badger doesn't.

I expect Privacy Badger would be able to detect them if I allowed the scripts to run given that yours is detecting the Google one - so a quick test: I've temporarily allowed all the scripts on this page to run. The results now are:

  • Privacy Badger is no longer listing regmedia.co.uk, and it's listing pool.admedo.com as a potential tracker, and listing www.google-analytics.com and www.googletagservices.com under "The following domains don't appear to be tracking you."
  • Ghostery is listing DataPoint Media, DoubleClick and Google Analytics (all blocked)

All three Privacy Badger results have green bars (because I have yet to teach it anything) - but the differences between it and Ghostery in the above are interesting.

Samsung looks into spam ads appearing on Brits' smart TVs

VinceH

Re: Yes, well

Look for some kind of factory reset option?

VinceH

Re: Easily solved. (@ The Eee 701 Paddock)

"By early 2015, iPlayer and YT had both stopped working, thanks to the APIs they relied upon being phased out by the services in question. Now, the BR player lives on solely as a way to play BRs and DVDs, with all network-based video-streaming duties handled by a Roku device (Streaming Stick, at time of writing) plugged into HDMI on the TV."

My Samsung Blu-Ray player is a supposedly 'smart' device, offering such things as iPlayer, Netflix, and so on. I should imagine that it, too, is now much less 'smarter' than it was when I bought it.

However, it doesn't matter. There were no hard lessons for me to learn, because I never wanted to use it for those purposes anyway, so it doesn't get connected to the internet. (I did briefly, out of curiosity, but it's remained offline since).

And with that in mind, from the article:

'Another added: "Same issue here, how do we turn this off?"'

Disconnect it from the internet. Problem goes away as if by magic.

Secret US-Pacific trade pact leak exposes power of the copyright lobby

VinceH
Flame

Re: Changing the law

What really irritates me is when I hear a question on a quiz show relating to (say) Sleeping Beauty, and they call it "Disney's Sleeping Beauty" - if the question relates specifically to their version, fair enough, but it's usually a generic question about the story. Bah!

Sengled lightbulb speakers: The best worst stereo on Earth

VinceH

Re: Loudspeakers in your lightbulbs sound crap

"Someone in IoT marketing definitely had a lightbulb moment, hoping to profit at the expense of punters lacking in any practical common sense."

FTFY!

And in answer to the three possible explanations at the end of the article, my money's on #3: Punters too embarrassed to admit their mistake.

That's not an Ofcom email about your radio licence – it's a TROJAN

VinceH

Re: Probably these work the same as bank scams

"So there is no data leak, this is just general non-targeted spamming."

Agreed. I've just glanced in my spam box on the server, and there's one there sent to an address that has absolutely no connection with Ofcom whatsoever - just an address I've used as my primary address for approaching 20 years, and which has long since been harvested by spammers left, right, centre, top and bottom.

Nothing to see here. Move along.

Windows 10 wipes your child safety settings if you upgrade from 7 or 8

VinceH
Coat

Re: ...We all know that porn is found in bushes...

"I picked it up expecting a celeb magazine. It was actually two fairly explicit magazines."

May I be the first to say: Pictures, or it didn't happen? ;)

Drone delivery sparks Ohio prison brawl

VinceH

Re: lower than low

"Unreported: The drone was called "Lucy" and the drugs were paid for with conflict diamonds..."

The only problem with that is Lucy was in the sky with the drugs - not the diamonds.

Mac fans! Don't run any old guff from the web: Malware spotted exploiting OS X root bug

VinceH

"It'll need to somehow be made into a browser based exploit, because no one is using Flash let alone Java on their Mac (or anything else) anymore."

Citation needed. (I can counter the claim of "no one" because I know of two local companies that are Mac-based and who do have Flash installed*)

"If you do"

...you are proving DougS wrong, because he just said "no one" does in the same post? :p

"there are so many security holes in those pieces of trash that need weekly patching you couldn't further reduce your security if you posted your password on Facebook and Twitter!"

This I can't disagree with!

* As a relevant aside, I know that one of them recently paid someone to remove some malware from one of their computers, though I don't know the full details: I do stuff for them, but it's not IT related - I don't do Macs.