136 posts • joined 15 Jan 2013
Re: Big Google Knows What You Bought
Maybe, but mostly they're not going to know what; just where, when and how much it cost. (Where they would definitely know? Google Play, mainly.) And I expect that the same restrictions which apply to banks or card issuers (as appropriate) will apply…
Re: If these news came before xmas...
It's just that people were being fairly quiet about it all at the time, preferring to get the patches done…
That's… awkward to read because of the fact that your browser window was too wide.
Regardless, once you've ruled out local cabling etc., that's TalkBork's problem to fix. They're currently in the process of testing a new network, so (assuming that your problem isn't entirely between you and the cab or exchange) you should see some improvements when they roll that out for everybody.
Re: Much a do
The word for which you're looking is “ado”.
Re: You get what you pay for
That's actually “up to” 55Mb/s and “up to” 80Mb/s respectively. Blame stupid OFCOM rules for that.
Firefox (stock build) demands that I install and use PulseAudio if I want it to play any audio. No, not doing that.
Assuming that I've somehow become the owner of a computer with Windows 10 installed for the moment (har har), if that option were removed, I'd expect Micro$ith to pay for its use of my 'net connection at peak times. (Yes, it's metered and yes, the effective cost is higher during office hours.)
Re: So attacking the phones is the other attack vector for this stuff.
In the absence of hardened phones, I'd use ones which get regular security updates. My understanding is that this limits it to Google Nexus/Pixel and Apple. (I could well be wrong here, but somehow I doubt it.)
I should think that most of us only see the free services provided by Google (I have no experience of Apple in this respect, so I won't comment on that). I've not seen Google's business offerings; but since they cost actual money, I would expect a corresponding lack of information gathering for advertising etc.
I should mention that, for advertising, it's not the information which is sold (that would have huge ethical, not to mention legal, problems); what they sell is a service: matching up adverts to users and actually serving the adverts to those users. But keep thinking that they sell the actual info if it helps.
Interesting… the bug was submitted to Microsoft, they ‘fixed’ it then released it anyway before applying the fix. Why not merely revert the bug or just not apply it to their code in the first place?
Or was it a bug report which was submitted and later released…
Re: We need a new icon
Unfortunately, it's only a matter of time now before this one is exactly enough…
Welcome to the Wipe House: President Trump shreds climate change, privacy, LGBT policies on WhiteHouse.gov
The Wipe House? Do they sell bog roll there?
Re: Open source, or not
Missing the point somewhat.
Those parts which are open source, ship as source code.
Those parts which are proprietary, ship as blobs ready for linking or executing, as appropriate.
Make sure that those who choose to rebuild the software can usefully do so, i.e. don't just do a raw code dump without any hint as to how to recompile it all. Makefiles, build scripts, build requirements.
Re: Gotta wonder...
On Debian, it's flashplugin-nonfree. Assuming that you have the package installed, run this:
# update-flashplugin-nonfree --install
and (at the time of writing) you'll get version 188.8.131.52.
(That said: come on, BBC, stop using Flash.)
That's “free rein”, not “free reign”.
Re: "the statement has had virtually no impact some six months after its announcement"
AIUI, the likes of Google Authenticator don't require a 'net connection except, occasionally, to ensure time sync.
Memtest86 has Rowhammer tests these days. I advise running that for several hours, at least; enough time to let it complete a few runs.
- Embrace:: choosing to support Linux-based OSes on Azure.
- Extend: the Hyper-V client code in the kernel.
- Extinguish: have they given up?
If you gain root access, I would expect that you'll be able to see the files in one of the /data/app* directories. I'd not like to say for certain, though.
Those host names currently point to 184.108.40.206.
Re: Consumer routers?
I've seen some labelled “IPv6 ready”. Unforunately, that looked just a little too much like televisions labelled as “HD Ready”, and as I didn't need anything like that at the time…
(The one which I'm using isn't claimed to be IPv6-ready. I'm only actually using it as switch and AP anyway as I usually find that these things are insufficiently configurable, particularly in the firewall department.)
Last time I looked at those available via the likes of PC World (okay, sample size of one, and a few years ago), they relied on IPv4 and if they supported IPv6 at all, it was either via 6to4 gateways or instead of IPv4. Which is not much use with ISPs such as the aforementioned less-cheap more-techy one.
Has the situation changed much?
“I really hate this damned machine
I wish that they would sell it.
It never does quite what I want
But only what I tell it.”
Re: Ok, so...
Tabs for block indentation. Spaces (after the block indent) for indentation within a multi-line statement. That way, you get the flexibility of however wide you want your tabs to be today without messing up intra-statement alignment.
Two-space indents? Been there, done that. Was useful where I used it.
Now, the pet hate: people using four spaces just because the tabs happen to look like four spaces. I normally have tabs set to every 8th column, but I will sometimes switch to every 4th. That shows quite nicely where the bad indentation is.
Re: Screw up - 'fess up
Indeed. “Eating his own dog food”.
Re: Mouse bug ?
I've seen similar behaviour. In such situations, one very good thing to do is to log the input from the offending device; in my case, it showed clearly that the mouse had some… slightly odd behaviour in that, for certain buttons, it wouldn't indicate that the button was released until it was next pressed, which (of course) immediately triggered another button press event. That one got fixed in the kernel via the HID quirks mechanism such that the kernel will generate fake release events for the affected buttons, making them effectively instant-release as far as userland is concerned.
That headset sounds like it has the same issue; and the workaround which you found was probably a key combination which sent XF86Ungrab or XF86ClearGrab or similar.
Re: QR codes are a great way to point people at malmare
Barcode Scanner reads the QR code and, if the content is a URL, does an HTTP GET. It'll show appropriate information, if any – target URL (in the case that a 301 or 302 response was received) or the page title. Useful, but not quite ideal (could be a large amount of data being returned).
“with the authority to reign in management”
They have authority to be monarchs within management?
Re: UK legislation
“Letting self serving UK politicians have totally free reign”
Free rein. Why do so many people get this wrong…
Slash BBC Flash
The BBC web site is the only good reason I have for keeping Flash around. They can't get rid of it too soon.
Whut? You'd actually want CGNAT? I'll take a public IPv4 address, NAT that locally (as you'd do anyway, unless you should happen to have enough!) and an IPv6 block or 65536.
Incoming traffic gets firewalled (with holes as needed); and should there be an incoming DDoS, I expect my ISP to take care of blocking it. Regarding linking a domain with an IP address ‒ well, the IP address doesn't offer that correlation. DNS does.
Peace? I don't think so.
What is it with these hippies and sticking two fingers up at people behind them…
Re: Galaxy S6 runs Marshmallow
Is it up to date with security patches, i.e. is the patch level showing 1 June 2016?
Re: Just guessing
Or if you do give them access, make sure that it's to a sacrificial Windows installation. If you can fake a bank account login (false details etc.) when they ask, so much the better.
“Next up will be your very own id number, expect it to appear on an official document soon.”
(Why can't we use <blockquote>…)
I'm using a 'net connection for which download cost varies by time of day (and which day it is too). Were Windows 10 an issue here (it isn't, there being no machines to be updated to it) and I couldn't schedule the download for the cheapest part of the day, I'd be complaining publicly about it and billing Microsith for the extra data costs (unless I could successfully defer the download by temporarily blocking access to the update servers).
Is it safe to mention that weight is measured in Newtons and that you're all actually talking about mass?
I'm expecting WW Ⅲ sometime this century anyway, so I don't suppose that it matters all that much. Still, hopefully I'll be proven wrong about that.
Any last-minute changesets…
… or, rather, what would otherwise have been last-minute probably got missed out. I wonder if anybody got caught out…
As I understand it, Google will only know how much you've spent and where; not what you've bought.
I'd give it a trial run myself, but since my phone's running CM13…
CyanogenMod does have per-app options for disabling network access, accessible via Privacy Guard settings.
Quoting from squid.conf:
As described in CVE-2009-0801 when the Host: header alone is used to determine the destination of a request it becomes trivial for malicious scripts on remote websites to bypass browser same-origin security policy and sandboxing protections.
The cause of this is that such applets are allowed to perform their own HTTP stack, in which case the same-origin policy of the browser sandbox only verifies that the applet tries to contact the same IP as from where it was loaded at the IP level. The Host: header may be different from the connected IP and approved origin.
This new reported vulnerability sounds… rather similar, and very much related.
Re: Ads on phones
Full-screen, sudden, in-your-face advertising on phones with click-on-this-pixel-to-dismiss – give them feedback. Complain. Tell them that it's annoying, intrusive, hard to dismiss without accidentally clicking on it at least twice and, consequently, it's driving you away from their site.
It's not long since that I complained to The Independent about one such. I didn't bother reading the rest of the article (and I did mention that I'd given up trying to read it due to advertising) and haven't visited The Ad-Dependent's site since.
Re: Sounds like a GREAT idea!
Problem is how the device is updated – one partition each for vendor files (low-level libraries), recovery, radio, boot and system. You'd need two system partitions (Google & vendor OS) for Google themselves to be able to supply updates.
I suspect that Google will need to suspend licences for the Google Apps bundle in order to kick vendors into compliance, with suspensions being triggered when currently-supported devices are more than (say) three months out of date regarding security fixes. It'd be nice if this were, within some reasonable amount of time, extended to all devices running versions of Android which get security updates.
Regarding errors concerning a lack of storage space – older phone with separate partitions for user data (apps, app data) and user files (photographs, music, video etc.)? I've seen cases of that and… strongly encouraged upgrading to something running current Android and with plenty of space for updates for several years yet. Guessing a bit here, but 2GB total in /system and a minimum of 4GB total in /data (double that one if you're an app junkie, and I'm assuming use of SDHC for photographs etc.) should do for at least a few years, allowing for some growth in app sizes.
Re: The lock in Question
I'm happily avoiding Microsith for the most part. When I can't do otherwise, I'll use their stuff – in a VM if that's practical, or on borrowed hardware otherwise.
Regarding systemd and grub, well… I wonder if Red Hat have some Hat Red of the old ways. I'm still using sysvinit and lilo; and Devuan, being a mere sideways step away from Debian, is looking tempting.
If we dissemble the inner-class “com.android.internal.telephony.Isms.Stub.Proxy”
They're clearly lying.
Here's some more discussion about this. TL;DR – not all ISPs do line rental, not all require that your line is with them, not all provide PSTN as standard (or at all) over the line which you rent from them…
I have the distinct impression that this change is for big business by big business.