Posts by JohnFen

Re: Is anyone using UPnP anyway?

How so? If a user screws up port forwarding in a way that introduces a security problem, the damage is still limited to the ports in question. Enabling uPnP risks allowing attackers to reconfigure things to allow much greater damage.

Re: Is anyone using UPnP anyway?

"When you use a drug you're not required to be a chemist of physician to understand what's in and how it works"

But you 100% should have an understanding of any drug you're taking! Not at the biochemical level, perhaps, but you should know what the drug is doing to you, what the risks of taking it are, etc. People should also have a similar understanding of networking if they're running a LAN.

Re: Retrieval time

"The most important thing with a managed backup solution isnt it?"

The most important thing is the availability and integrity of the backups. Since retrieving the backups is (or should be, anyway) an extremely rare event, the amount of time it takes isn't as important (although faster is generally better in all things, of course).

Re: "13 nines durability"

"13 nines" is simply meaningless marketing wank.

Re: Get rich quick?

"This is a chance for that woman to get a $1,000,000 tax free"

Not likely. Generally, compensatory awards are not taxed as they are intended so "make you whole" -- in other words, to compensate you so that you're neither taking a monetary loss nor making monetary profit. However, punitive (and other) awards are fully taxable.

It's unlikely that this person suffered a $1,000,000 loss here, so such an award would be punitive.

Re: Decline permission

""We searched because they said we could" is far too often sufficient probable cause."

Technically, that's not probably cause, that's them simply asking you for permission to search and you giving it. If they have your permission, they need no justification for the search whatsoever. At the heart of it, that's why everybody should explicitly state that they are not giving consent. As you say, that may (or may not -- but at least there's a chance) help later, in court, when the police have to justify the legality of the search.

Re: I recently had to deal with the cops (and live in the US)

"especially when they have a breathalyzer?"

I wouldn't trust a breathalyzer myself. There have been too many cases of false positives resulting from the police not adequately maintaining that equipment. What I would do is, if I was actually sober and failed the sobriety checks, refuse the breathalyzer and take the blood test instead.

Re: I recently had to deal with the cops (and live in the US)

"I'm willing to pay $200 and get a hit on my license if I have to."

If your telling of the story is accurate, then you should show up at traffic court for the ticket and plead your case. The odds are good that you can get the ticket dismissed.

Re: Re; Moral

"I strongly suggest to get out while you still can."

Well, firstly, I'm a USian through and through, and consider it my duty as a citizen to stick around and try to do what I can to improve my country and the lot of my fellow citizens.

But, even if that weren't the case, where would I go? There are very few nations that accept American immigrants unless they are wealthy or have a special skill that the nation is badly in need of.

"Or just tell the cops to go fvck themselves when they ask to search your car, and cite the tth amendment."

That's terrible advice. Here's how to do the same thing in a way that is legally defensible: say "I do not consent to this search" and leave it at that. Don't actually try to stop them from searching, and always be polite.

Also, as always, never talk to the police or tell them anything more than what you're legally required to tell them. Never, no matter how innocent you are.

"Erm, no, the moral is never to visit the U. S. of A."

And for those of us who live in the US, it's wise to avoid traveling to or through a whole bunch of states.

Re: Also consider Bluetooth

" It serves as a warning from Google that this app is using something that may be able to track you and you have to agree to that."

Yes, that's the intention. But because the Android permissions system is so utterly awful, that's not the effect. The actual effect is that users are encouraged to ignore the permissions request and just allow everything.

The problem with the Bluetooth-related locations permission is that it's too coarse, as using the permission in that way means that the permission will be asked for with the majority of apps, whether they engage in location tracking or not. That's training people to just click "accept" without thinking.

A better way to do it is to make the location permission required for apps that actually use location services (which is what users assume it means, even though it doesn't), and have a different mechanism to warn users about possible loopholes. For using Bluetooth, for example, rather than asking for location permission (which is a misleading thing to do), it would be better to just put up a warning that apps that can access Bluetooth could leverage that access to determine your location.

Re: Spyware ecosystem

"You do realize that even apps fully firewalled from any network access are completely free to load a webpage in a browser window for you (and it will be the browser doing the net access, not them)...?"

Of course! But web access is firewalled off too, so that doesn't matter.

Re: Also consider Bluetooth

"and are dangerous from a privacy perspective."

Yes. This is a major part of why I generally don't allow apps to communicate to the outside world -- apps can gather all sorts of sensitive information without your knowledge, and the Android permissions system is essentially worthless in terms of helping to mitigate that.

So my second-to-final defense is to firewall all apps off, so that even if they're collecting information, they can't send it anywhere. (My final defense is that all communications to/from my phone goes through a VPN to my home server, where my router and firewall rules can be a bit more comprehensive.)

Re: Also consider Bluetooth

"Why does it need location permission to talk to a bluetooth device ?"

This is because Bluetooth can be used to determine location. From the Android developer's guide:

A location permission is required because Bluetooth scans can be used to gather information about the location of the user. This information may come from the user's own devices, as well as Bluetooth beacons in use at locations such as shops and transit facilities.

This highlights a pretty serious problem with the Android permission scheme -- it's too coarse and some of the permissions are required for unexpected reasons. I've been wishing that they'd fix this whole mess from the first time that I was exposed to it.

Requiring location permission to use Bluetooth is understandable from one point of view, but it makes little sense in the larger scheme of things -- if the permission is required for the reason they cite, then the permission would logically be required for a whole host of other things as well, none of which are more than tangentially related to location. Requiring this permission for such a wide array of things renders the permission a bit pointless, as users will rapidly learn they have to just accept it in order to do most of what they want to do.

Re: Also consider Bluetooth

Bluetooth works fine for me without having location services turned on...

Re: Spyware ecosystem

"Check your cellular data usage. Notice how there are 10+ apps on Android using background data for no good reason."

There aren't any such apps on my phone! But then, I use a firewall (as everyone should) to ensure that no apps (or the OS itself) can communicate without my permission, I'm VERY cautious about what apps I will install, and I keep the fewest number of apps installed that I can.

Re: The user has no freedom but to consent

"The real problem is that there still isn't any real alternative to advertising to fund Internet services"

The real problem is the insistence of the ad companies to engage in ubiquitous surveillance as part of their business model. You can absolutely do advertising without spying on everybody, it's just less lucrative.

That said, if the ad companies cannot do advertising without spying, then I say let them all die. The internet got along fine before advertising, and it will get along fine (in very many ways, a whole lot better) without it now.

Also, the notion that it's "advertising or nothing" is a false choice. There is a whole spectrum of other means of raising revenue.

"Perhaps leaning on Google over privacy might encourage them to find a way."

That will not happen. Google's entire reason for being is to gather as much data as possible and use it to serve up ads. Saying that they might find another way is no different than saying that they might find a way to go out of business. Google is an advertising company, after all.

Hell, I personally only very rarely use the camera in my phone. Leaving the camera out entirely wouldn't be a deal-breaker for me.

Re: Missing Information

"The implication (which has to be carefully couched for fear of all sorts of consequences) is that the person in question came over here with foreknowledge that he would be compelled to hand over any documents he just happened to have on his person."

This is what it looks like to me.

In the US, it isn't that rare for someone who has access to data that is of interest to the government to tell the government that they have access to it, and that they would be happy to provide it -- but they need to be presented with a subpoena anyway, because it gives them legal cover. This smells a bit like the British version of the same sort of deal.

Re: It's got me wondering...

"I recently got a Facebook page"

Why on Earth would you do that??

"We'll ignore the fact their Senate Committees can do more or less the same thing."

I won't ignore this. The fact that they aren't doing the same thing is a result of the overall corporate takeover of the federal government. Ignoring this only helps our descent into tyranny.

Re: Hmm.

"For every great remake"

All three of them?

Re: Reboot Avatar? Yuck!

Maybe that's why I didn't like Avatar -- there wasn't enough eye candy in the world to hide the fact that the actual story was just a poorly-written retread.

Re: JS - just for a change

"Whatever the reason, the fact is it's very, very widely used, and you can't simply turn it off without breaking a (very) large part of the web we have now."

Fine by me -- that's what I've been doing for years anyway. Sites that are so poorly designed that they can't run without Javascript are sites that are so poorly designed that they don't deserve my attention.

"It would be more helpful to identify the specific JS functions that are used in this attack, and how they could be rewritten or redacted entirely to suppress it."

But that would only plug this one specific hole without addressing the underlying problem that scripts have entirely too much access to your browser and computer to be considered generally safe.