* Posts by Jamie Jones

4281 publicly visible posts • joined 14 Jun 2007

This image-recognition roulette is all fun and games... until it labels you a rape suspect, divorcee, or a racial slur

Jamie Jones Silver badge

Psycholinguist

I uploaded a 25 year old photo of me, a 15 year old photo and an 8 year old photo.

All three came back saying I was a "Psycholingusit". So now we know.

Jamie Jones Silver badge

Re: And yet...

I never found a fo[b][/b]rum that censor[b][/b]ed bad words that cou[b][/b]ldn't be fooled by a s[b][/b]imple bit of null bbcode.

Jamie Jones Silver badge

Reminds me of a crappy facebook app I wrote in the bad old days (a quick one hour jobbie for a friend, that turned out waaaaaaaay more popular than anything I'd spent time creating!)

All it did was sha256 the uploaded image, in it's decimal form, take the last 10 digits, split them into 5 sets of 2 digits, and use those digits to show how "cool" / "good looking" / "clever" / etc.. you looked, with the 2 digits forming a percentage.

Total bollocks of course, but it meant if you uploaded the *identical* file again, you got the same results.

I couldn't believe the number of comments from people saying how accurate it is.. It seemed many people kept posting different photos until they got a result they liked, and then shared it... Confirmation bias, or something!

US government sues ex-IT guy for breaking his NDA (Yes, we mean Edward Snowden)

Jamie Jones Silver badge

Re: I'll have to wait

... and non-sequential serial number, laundered through at least 3 third parties..

Mozilla Firefox to begin slow rollout of DNS-over-HTTPS by default at the end of the month

Jamie Jones Silver badge
Thumb Up

Re: Dubious

Ecactly, AC!

Despite the fact I even said as much in my post, some people still feel the need to respond with a solution, "willy waving" their supposed superiority!

Jamie Jones Silver badge

"Firstly, *not* running your own recursive server *is* a way to stop intermediate authoritative servers (including the root servers) from knowing who you are, as all the DNS requests they receive will be from the DNS server (typically your ISP)"
Right, in which case your ISP (or whatever recursive server you use) gets all your queries to associate with your IP address (and of course your name and address, etc). Which was my point -- you get a limited choice as to *who* gets this, but you can't prevent *someone* from getting it.
You said "nothing will save you from the root servers". That was your point. It was wrong.

Of course, if you use the ISPs resolver, they get to see it, but unless you are encrypting your traffic, they get to see whatever they want anyway.

"And if you do use a recursive nameserver, the roots would only traditionally get to know the very first fqdn you lookup in a certain top-level domain."
So what? That's going to be most of what anyone wants to know. Which hostname or subdomain of a porn site or "unapproved" news site you asked for is of little interest. Practically speaking, the operators of servers supplying NS records in com. know exactly what you're doing.

"So what?"? - You were talking about the root servers. The root servers won't know, however much you repeat yourself. "com." is not a root-zone.

And, as above, if they don't, then your ISP does. Or Google, or Cloudflare, or whomever. Again, that's the point: there is no way to prevent *someone* from knowing what you're browsing (and it's not just browsing, either, of course, but that's what this article is about).

Yes, that is how it works. I understand perfectly well how the system was designed, and I stand by my assertion that it is fundamentally incompatible with privacy. DoH does nothing to change that.

"So what?" - I never claimed otherwise.

You made a number of errors. I simply corrected them, and the justification in your response has absolutely nothing to do with what I said. Not once did I mention any form of overall privacy.

Or to use your logic, "I understand perfectly. I stand by my assertion that the sun rises in the east"

Jamie Jones Silver badge
Thumb Up

Yeah, that's the thing. As it doesn't require any protocol or design changes it doesn't need any sort of format declaration, it will be compatible with all nameserver already that follow the spec correctly, and as Ben says, is already in widespread use...

Are you sure your own recursive nameserver isn't using this already? Mine is (unbound), and I don't recall setting that specifically. (Interestingly, it uses shortened 'A" rather than "NS" lookups, presumably to get around some of the issues with broken nameservers mentioned in the rfc)

cheers

Jamie Jones Silver badge

In practice however, doing a recursive query, i.e going through the root servers for the TLD’s and get sent down for each and every subdomain is fscking slow, so in practice noone ever configures that.

That's exactly how DNS servers are setup in your ISP, in companies, all over the place. In general, domestic users simply have a caching DNS that forwards to the ISPs recursive server. Office environments will typically have a recursive server per lan/site (depending obviously on the number of clients), which the host computers are configured to use directly.

Of course, in most big companies, the root server will be internal, not the internet servers, but the configuration principle is the same.

And the whole point is its *distributed* - when my server looks up anything under .co.uk, it remembers (until cache timeout) the nameserver details for .co.uk and for all subsequent requests goes there. In other words, the requests only go to the root for the initial request for a zone. All paths down the DNS tree are remembered, so they aren't walked every time.

(The flattening of dns names encouraged by marketing types obviously concentrates the load on specific zone servers, which is against the way DNS was designed to be used - however there's no escaping this issue whether you use a forwading server, or your own recursive)

I think 98% of all DNS queries over the Internet is not recursive, but just bounced off from Authoritative Zone server to the next.

You're wrong. Firstly, yes, most consumer dns setups are caching forwarding servers that use the recursive servers of the ISP. In operation, that's really no different than simply using the ISPs nameservers directly, but you have the advantage of local caching, which helps with repeated lookups, and also if another client on your home network attempts to resolve the same address as another one did, the cache helps there too.

ALL the ISP servers will be recursive. It's possible they in turn could be configured to forward elsewhere, but it's very rare for that to happen, and is only useful in a very small number of special cases.

As for "bouncing from one server to the next", authoritative servers don't look up zones on the behalf of the calling dns - that's what recursive servers do (and whilst an authoritative server can also be a recursive server, you don't want to do that, and will rarely see it)

If by "bouncing", you mean the authoritative server refers the calling DNS to a more relevant server in the DNS tree, then yes, that's what happens - that's what recursive lookups are!

And also, after rereading your comment, I think you got recursive requests confused just the other way around, since recursive starts at the root servers (with all TLD’s), trickling down to all respective authoritative servers, while “normal” DNS just asks its configured DNS server for a record, DNS server does not know, forwards to next “configured” server etc.. up until no answer is given and just THEN a recursive query is done

That is how recursive servers work, yes, but that's how dns works. Your local forwarding server delegates the request to your isps server, but that DOES NOT blindy forward it to another server. How would that be configured? How would its parent be configured? and its parent?

No, it does a recursive lookup. From the top. Gathering and caching new zone data on the way down.

(It's possible that if an ISP has more than one recursive server, which they should!, then the servers could share caches, but that's not seen often, and even then, it's not relevant to what we're discussing.)

P.S. For the pedants, I use the term "ISP" loosely - in an academic or business, "computer department", or "IT crowd" would be more appropriate!

P.P.S. I didn't downvote you - I think your downvoters are basically saying "I think you're wrong, but I can't be arsed to reply"!

Jamie Jones Silver badge

Re: Dubious

My point was not the fact that I can get around it, or even that there may or may not be some hidden option somewhere to actuall tell it to use what you tell it to (I don't know chromeboxes) - my point was that despite it having it's ip4 and dns configured statically, and despite dhcp and RA on the network pointing to my servers something on this chromebox (whether the whole box, or one app, I haven't yet looked) was using 8.8.4.4 off its own bat.

Jamie Jones Silver badge

Re: Dubious

"I'm little suprised you've gone to the effort of setting up you own DNS Server, yet dont understand the basic principle of dns lookup i.e. the CLIENT decides where to go to get its dns from. All a DNS server does is say "hey i can do your dns for you if you cant. But if the client has it set, then it will use that first."

@IGotOut,

I'm a little surprised you've gone to the effort to make that post when it clearly shows you don't know what you're talking about.

Now, we all have holes in our knowledge; we all make mistakes; but it's particularly important to make sure you're bloody right when you attempt to correct someone in such an arrogant way.

Just some friendly advice.

And now the obnoxious bit: I have been running my own authorative nameservers for over 20 years, and over 25 years ago, was responsible for the DNS at the site I worked at, and was so much involved in helping the national networks team (Hello ICL, STE04, Stevenage) that it had been arranged for me to train the staff on how to run DNS properly (for the 100 odd locations across the country, although BRA04 seemed to be knowledgable, and were doing their own thing, and must have been annoyed at the corpoprate DNS system too)

As it happens, I left the company in 2001 before this happened, but have been involved in dns/ip4/ip6 networking for almost 30 years.

You're welcome!

Jamie Jones Silver badge

No, that's not how it works.

Firstly, *not* running your own recursive server *is* a way to stop intermediate authoritative servers (including the root servers) from knowing who you are, as all the DNS requests they receive will be from the DNS server (typically your ISP) that you forward requests too.

And if you do use a recursive nameserver, the roots would only traditionally get to know the very first fqdn you lookup in a certain top-level domain.

e.g. lookup for fred.com followed by a lookup for bloggs.com - only the first request would go to root servers, the second request would go to the .com servers.

And now, with DNS Query Name Minimisation ( https://tools.ietf.org/html/rfc7816) they won't even get that, as instead of the first lookup speculatively sending the full FQDN, it will only ask for the information regarding the delegated nameservers for the zone.

I.e. the root servers will only know that you've looked up a .com, or a .uk etc. address, and never what address within that domain.

Same principal follows as you moved down the dns tree.

Jamie Jones Silver badge

Re: Dubious

I was annoyed to recently discover a chromebox continually connecting to 8.8.4.4:853 although I run my own DNS servers which are specifically configured everywhere: statically, dhcp4, ip6 slaac/RA .

As an aside, I'm also annoyed that the only way to have fine grained control of IP6 on android>5 , and chromeos appears to be to munge/spoof slaac responses because there is no apparent other way to configure it.

But yeah, DNS over TLS/https could potentially lead people into a false sense of security - standard consumer dns configuration could only potentially leak information to the ISP. If the ISP is relying on their DNS to filter, they are doing it wrong. And if they wanted to gather info on your usage, they would largely not need DNS to do it, and could only really be blocked from getting what information they can if you use a VPN, and in that case the whole issue is moot anyway, as a properly configured VPN won't expose DNS information to the ISP (just the dodgy vpn provider you trust!)

Yes, normal DNS lookups are not encrypted, and unless DNSSEC is used, not secure against tampering, but there is worse to worry about than your dns lookups, which get diluted with the dns traffic from other isp customers.

And this is before going into geolocation issues...

Justice served: There is no escape from the long server log of the law

Jamie Jones Silver badge

Re: From the Seen That Department of Obvious Idiocy ...

Here's a list of reported issues reported in January, 2000.

http:/www.welshgit.net/y2k/

Jamie Jones Silver badge
Thumb Up

Re: From the Seen That Department of Obvious Idiocy ...

Sure, there were loads of chancers and scaremongers, but also a lot of bloody dodgy code!

Lots of year rollovers to 19100 - not too serious if just presentational, but we (ICL) had a uk wide monitoring system that's pager system would have failed, and alot of other stuff. Not world war 3, or pacemaker reboots, but enough to keep us busy!

FInally, not y2k related directly, but a y2k audit revealed such gems as the c program that contained:

system ("sleep 3");

.. the rest of the code wasn't much better!

Jamie Jones Silver badge

Re: From the Seen That Department of Obvious Idiocy ...

I'm sure we've all heard this one many times:

"All that fuss over Y2K and the money you lot all conned from us... And nothing bad happened"

Two years ago, 123-Reg and NamesCo decided to register millions of .uk domains for customers without asking them. They just got the renewal reminders...

Jamie Jones Silver badge

Re: Inertia selling

Maybe also say they were driving 42mph in a 40mph zone. That will get their attention.

Jamie Jones Silver badge

Re: 123-rip-off!

FYI, *all* registrars now cover the WHOIS info for free - they have to, under GDPR

Jamie Jones Silver badge

A monopoly, originally set up to manage the domain space effectively purposely makes the system worse to maximise their profit.

It's clear they aren't working in the interest of the UK dns structure, so why is this private company allowed to abuse their position?

The contract needs to be moved immediately to a proper non-profit who can manage the system properly. Nominet are now too toxic.

For real this time, get your butt off Python 2: No updates, no nothing after 1 January 2020

Jamie Jones Silver badge
Happy

Re: Nothing new...

4. Do both of 3 and 4.

ERROR: * Infinite loop causing repeated execution of point 3 detected *

A peeling solution to pothole has split the community... Yeah, they stuck a banana tree in it

Jamie Jones Silver badge

Re: Optional options

If you attempt to edit a post to set or unset anon. mode, the change is ignored.

I've been meaning to report it...

Clutching at its Perl 6, developer community ponders language name with less baggage

Jamie Jones Silver badge

But Version 10 would clash with the classic Perq computer! https://en.wikipedia.org/wiki/PERQ">https://en.wikipedia.org/wiki/PERQ

GIMP open source image editor forked to fix 'problematic' name

Jamie Jones Silver badge

FreeBSD and it's evil daemons...

Reminds me of the time some guest of a hotel threatened to leave, because she saw the "devil" logo.

https://lists.freebsd.org/pipermail/freebsd-chat/2011-November/006642.html

I managed to get FreeBSD installed into even some of the most stuffy datacentres in my time - the only feedback was positive.

Yeah, I even had the "evil devil" bouncing around a screen in the secured (by armed guards) HMRC datacentre. No-one commented, but now I come to think of it... :-)

GDPR...rrrse! Mass-mail fail as German biz asks UK resellers for consent to use their dealer data

Jamie Jones Silver badge
Thumb Up

Re: Ah, the joys of career-ending emails

Ah, yeah, the old usenet killfile etc.

As for email, I first got proper email in 1988, but I was never popular enough to have to filter it! not for a number of years (and even then, it was only done by automatically changing my usenet posting address to a temporary time-expiring email address - I just checked my maillog - in the last month, I stil had spam attempts sent to jamie.97223@... - an address that has been invalid for 22 years!)

I don't think many corporate email systems had spam filtering then. Still, I should have be clearer - I know ours didn't, and I'm pretty sure his didn't either.

Jamie Jones Silver badge
Happy

Re: Ah, the joys of career-ending emails

It was back in 1995 - we didn't have spam filters back then. The admin weren't allowed to dip into staff mailboxes either.

I was going to contact him to apologise but was advised that raising the issue could make things worse - he was more likely to just delete it (seeing as it had been sent to CC list of about 20 or so, rather than actually make a complaint.

Peter Smith (the other one!) - I owe you a pint!

Jamie Jones Silver badge
Thumb Up

Yes... "Cc" was quite useful in the "good old days" for small group discussions, but these days it's far too often used where "Bcc" would be more appropriate... The 2 fields should be swapped in importance.

Jamie Jones Silver badge
Facepalm

Re: Ah, the joys of career-ending emails

I once accidentally sent "101 slang terms for the penis" to an important client whose name happened to match the name of a colleague. (Damn x500 directory services)

Fortuantely, I never heard anything.. Maybe he found it funny!

British Prime Minister Boris Johnson moves to shut Parliament

Jamie Jones Silver badge

Re: So, to sum up. . .

Damn Yes, sorry. Brain-fart moment. I meant singles market, not customs union.

But not that it matters when they now don't want to remain in either!

Still, good deflection from the point of my post... My fault there, though :-(

Jamie Jones Silver badge

Re: So, to sum up. . .

"Yes, what was promised can be delivered: leave. You may not like it's form but there's nothing impossible about doing what the electorate asked the government to do. What's dishonest is to pretend that all this wasn't discussed during the referendum campaign, because it was. Multiple times. And the people still voted Leave."

No-one said it wasn't discussed. It was discussed quite clearly. The brexitters unanimously said we'd stay in the customs union; we'd NEVER have a no-deal, and a referendum after the 2 years based on he final verdict would be a good idea.

So clear, I provide video links to them saying exactly that: https://forums.theregister.co.uk/forum/all/2019/08/28/pm_johnson_shuts_parliament/#c_3857873

Jamie Jones Silver badge

Re: So, to sum up. . .

Also, there are over a million "new" UK British adults since the referendum and polls show that 75% of them would vote remain.

As for the deal not even being the same deal as what was voted on, this is what the leave campaign said at the time, straight from the horses mouths, for the deniers!

John Redwood and Rees-Mogg said a second referendum would be a good idea once a deal has been finalised: https://infacts.org/rees-mogg-history-backing-second-eu-referendums/

Boris Johnson said we'd stay in the single-market: https://www.businessinsider.com/boris-johnson-single-market-brexit-campaign-customs-union-2018-1?r=US&IR=T

As did Farage: https://www.youtube.com/watch?v=0xGt3QmRSZY

As did MEP Dan Hannan: "Nobody is talking about threatening our place in the single market": https://www.voteleavewatch.org.uk/leaving_the_single_market_is_not_an_option

Gerard Batten (UKIP leader) "A trade deal with the EU could be sorted out in an afternoon over a cup of coffee"

Boris Johnson: "There is no plan for no deal because we are going to get a great deal"

And Liam Fox promised that the 40 trade deals we'd lose access to after leaving the EU will all be replicated or improved on immediately after Britain leaves. How many of the 40 has he improved on..... **ZERO** Well, OK, how many has he replicated? 12 - https://www.bbc.co.uk/news/uk-47213842)

Liam Fox: "The free trade agreement that we will have to do with the European Union should be one of the easiest in human history"

Dominic Raab: I hadn't quite understood the full extent of this but... we are particularly reliant on the Dover-Calais crossing"

-- https://www.indy100.com/article/no-deal-brexit-adequate-food-boris-johnson-david-davis-dominic-raab-8463121

So, either these people are liars, or they've changed their mind, but the brexitters scorning at a second referendum shows he clearly doesn't think people are allowed to change their minds!

American ISPs fined $75,000 for fuzzing airport's weather radar by stealing spectrum

Jamie Jones Silver badge
Coat

Comstock

I wonder if Comstock has cast his stock in comcast?

It will never be safe to turn off your computer: Prankster harnesses the power of Windows 95 to torment fellow students

Jamie Jones Silver badge
Happy

Re: More chaos

Boots, Swansea Quadrant, per-chance?

Jamie Jones Silver badge
Happy

Re: More chaos

You know her/"them"?

Jamie Jones Silver badge
Coat

Re: sad mac

I think we should run a pool on how long a comment thread can go without it popping up.

Jamie Jones Silver badge

Re: More chaos

"serial girlfriends"

I wish!

Jamie Jones Silver badge

Re: More chaos

10 PRINT "Loading: Jet Set Willy"

20 RANDOMIZE USR 1310

... I never remember girlfriends birthdays, bur I still recall address 1310 on the ZX Spectrum made it look and sound like a file was loading, but went on indefinitely. Just type it in, walk away, watch someone get excited to be able to play the latest new game, then see how long they patiently wait...

Electric vehicles won't help UK meet emissions targets: Time to get out and walk, warn MPs

Jamie Jones Silver badge

Re: Alternatively,

Meanwhile, in Swansea..... https://youtu.be/uRo2WsH6TbE

Here's a top tip: Don't trust the new person – block web domains less than a month old. They are bound to be dodgy

Jamie Jones Silver badge

Re: ICU Pro

Alot of them do tend to exist.. I had a bunch of about 30 hit my system.

Although they came from various different virtual host providers, different domains (also made out of 2 random words) and the advertised producs weren't linked, it was obviously a campaign from the same outfit.

The domains existed, and had valid SPF records, they also had valid DKIM records, but their return mail servers weren't accepting return mail.

For only a few quid for a domain, hosted on some pay-per-hour service, you can pass all the spd/dkim/greylisting systems out there.

As browser rivals block third-party tracking, Google pitches 'Privacy Sandbox' peace plan

Jamie Jones Silver badge

Re: It's not just (or even mainly) about 'relevant' ads

"If you say you don't want relevant ads, why do they still track you?"

For the same reason that telemarketers call numbers on the do-not-call list, or spammers try and get around anti-spam measures.

Arrogance.

"Sure, you don't want spam email/calls/ads, I get that, but my advert/product is DIFFERENT. I'm doing you a favour"

Jamie Jones Silver badge

Re: Why do they track you?

I don't agree. If I'm watching a youtube video, they can infer from the type of video what sort of adverts to send me.

"But what about random cat videos?" I hear you say (I forgot to take my medication)

Well, use the same criteria as the advertisers use for those vapid celebrity/gossip magazines.

No, they do deeper tracking because they can.. Blocking their attempts isn't unfairly moving the goalposts - it's putting the goalposts back to where they always were.

Jamie Jones Silver badge
Happy

Re: Can you help?

Shirt Ironing?

John Lydon tuts in your general direction.

Jamie Jones Silver badge

Proposal: "Some third party cookies treated as first party"

No. No, no, no.

Cookies were designed with a privacy mechanism. Third party cookies are a deliberate attempt to circumvent that privacy.

When said vulnerability was realised, if it wasn't for the vested interest, the flaw would have been fixed.

Only now are browser makers looking to address the problem. Anything else, no matter what weasel words are used is basically again trying to take advantage of the original flaw.

No third party cookies, period. (Yes, I know it's still possible to have the same functionality with first party cookies, but it requires more effort, and shows obvious intent to do so, which will be more important thanks to GDPR and general improvements in user awareness)

TalkTalk's voice-over is writing speeds that its text can't match: Ad pulled from broadcast

Jamie Jones Silver badge

Re: Advertising Standards Authority alerter

Noooooooo! FreeBSD, Linux (on the pre-loaded embedded routers), and android all the way!

Jamie Jones Silver badge
Thumb Up

Re: Advertising Standards Authority alerter

Actually, I should have mentioned that. I agree 100%.

I have twice in the past reported a configuration error on their side. The first time (their youtube cdn server), someone clueless ended up suggesting I asked for help in the community(!).

The second time (reverse dns), they were again clueless, and it wasn't fixed until about a year later.

In both occasions, I was able to work around the problem - reporting it was a courtesy.

But you are entirely correct. The place I'm in now is only 4 years old, and I'm close to the cabinet, and always get 8MB/s + with the correct sites.

As it was the cheapest deal at the time, I see no reason not to keep it - it's been stable the 4 years that I've been here.

Of course, if I needed help, or indeed was suffering problems that were not my fault, I'd probably end up leaving quite quickly, but in the meantime, it works for me, and I feel most detractors are just being snobbish.

Jamie Jones Silver badge
Happy

Re: Advertising Standards Authority alerter

I don't use Windows, if that helps?!

Jamie Jones Silver badge

Re: Advertising Standards Authority alerter

Sorry to upset you, but I am!

Why not? It's cheap, and works, and is just dumb pipe to me. Most of the critical infrastructure (fttc) is going to be openreach anyway.

I never have slow downs. The only issue for me is no native IPv6 but my router tunnels that to he.net which is only 7ms away.

Last months bandwidth use was 2.5Tb.

I could pay more, but I'm not into designer labels, or snobbery.

RIP Danny Cohen: The computer scientist who gave world endianness meets his end aged 81

Jamie Jones Silver badge

I love how they reject all scientists.

Even the climate change deniers only reject the scientists that they don't agree with.. But flat earthers seem to reject all science. It makes sense, I suppose, however I thought that they accept planes exist, but that they are designed, built, and flown by a world wide round-world evil dark state, illuminati, masons, beta-delta-psi, tescos clubcard holding, vauxhall members club representative pizzagate paedo lizard person mole person.

We checked and yup, it's no longer 2001. And yet you can pwn a Windows box via Notepad.exe

Jamie Jones Silver badge

Re: Over Confidence

Long before Mac OSX became a thing, I used to say that MS should grab FreeBSD, and rewrite windows as a GUI, and include a compatibility layer for win32 stuff.

Of course, Gates being the "shove the OS into the GUI" kind of guy, they went the NT route instead, then Mac OSX more or less did it instead.

'Deeply concerned' UK privacy watchdog thrusts probe into King's Cross face-recognizing snoop cam brouhaha

Jamie Jones Silver badge

No need to get disguises...

... apparently, you only need to do one of the following:

1) Smile

2) Stand in front of a non-white, plain background.

3) Not look directly at the camera

Overstock's share price has plummeted. Is it Trump's trade war? Bad results? Nope, its CEO has gone bonkers...

Jamie Jones Silver badge

Re: A generation ago

I was under the impression that Ratner was just making a joke - at a private event - but video leaked and was taken out of context...

Salesforce takes the multi-signer DNSSEC ball and runs with it

Jamie Jones Silver badge
Happy

According to Google, I travel all around the country (I currently live in Maesteg, apparently)

<tiinfoil thing>(Of course, I know they know EXACTLY where I live, and are just pretending not to know...)</tinfoil thing>