Posts by Dr.Flay 87 publicly visible posts • joined 7 Nov 2015
A highly flawed study if they didn't have the option of, "is the video critical but non-partisan?"
Videos criticising ideas espoused by one side or the other will be presented as leaning into the other camp.
There are lots of content creators being labelled as something they are not, because they disagree on a topic.
Shame so many people can only see life through the lens of politics so assume everyone else does.
I would argue that piracy was not the driving force, but that it was simply the games industry growing up.
By 2001 the time of bedroom programming teams dominating the games market was well over, and it was already a corporate arena where brand names became more important than the products, and we saw many big names absorbed into oblivion.
A few notable companies had created landmark games that they wanted to keep control of, and make more money from in whatever form even if they subcontract the development to another programming team.
No amount of investment in intellectual properties or licencing will have any effect on software piracy.
They are not related, they just happened at the same time.
Reports are now coming in that 3 Mime artists used their powers of distraction to perpetrate an audacious daylight robbery.
While amusing the crowd with invisible ropes and sheets of glass, they cunningly hid the artwork from view.
Once hidden it was swapped it for an almost identical work they had knocked up in the shed last night.
Police are looking for 3 men wearing black clothes and eye-masks, last seen struggling in an amusing way to carry a large invisible object from the area, and loading it onto an invisible flatbed truck.
The public are warned not to approach them due to the risk of unsolicited miming.
I give it 2 years before they realise this 2 billion is not enough for all the overpriced buffets and drinks they will need for all their "meetings" in expensive hotels.
3 years before the Gov admit it looks like it needs fixing.
5 years before they admit they can't fix something they don't understand (no they won't admit that last little bit).
6 to 7 years before they scrap it and rebrand another of the same pointless excersise of throwing away money to revamp our failing Gov. IT infrastructure.
Rinse and repeat.
Your comparison does not work as you are comparing sales of a physical product to a totally digital one.
Developers could save that expense you mention by doing exactly the same and only selling digital copies.
If indeed Steam etc. sent out DVDs and Bluray discs then yes it would warrant a decent cut.
"How can we make it look like we are being less like leeches without it affecting revenue ?"
"hmmm, who do we make the least money from anyway ?"
"What if we just take a smaller cut from the small pie ?"
"great idea the plebs will be on our side if we make it look like we care about them."
Actually it isn't even an argument anymore. They have confirmed that so far they have never had to remove malware due to their stricter policy than google.
See the recent interview
https://forum.f-droid.org/t/f-droid-invited-to-be-on-twit-tvs-floss-weekly/8674
Confirmed. F-Droid is the safest app store.
Until browsers support DANE/TLSA and show status and errors, no amount of publicity will make people adopt it.
Cloudflare may have made DNSSEC available to all customers for free, but nobody bothers to configures their domain to use it due to (see above).
The one browser extension there was that let you see the status of the domain and cert is no longer possible with the current API access.
Mind you, using it just made you miserable as it showed how few site admin either give a crap, or have heard of it.
The study is flawed as it assumes race creates an accent and speech patterns.
The researchers should have directed their attention to the many hilarious videos in youtube, of mostly white people in the UK that do not have a BBC English accent, where they are pleading, shouting, screaming and swearing at Alexa, Siri or Google.
Yes and no. The problem is more because of what google allow in apps.
F-Droid do not have a malware problem because they only allow apps they can build from public source, and do not allow certain SDKs including adverts.
1) the discourages people from making apps that only serve to create money
2) discourages people from prepackaging open source apps as their own to generate money
3) makes it difficult to hide any malware
"Anyone who is using the ai.type keyboard would be well advised to delete it ASAP. As it is no longer in the Play Store there is no risk of new infections there, but anyone using third-party services should avoid downloading the keyboard if they see it."
OK. lets pop over to the defacto second-party app store that is apparently now safe and see what people are downloading instead.
...oh that would be another one of the variants from the same author, so lets see what appbrain has to say about this bloatfest...
No surprise, equally stuffed full of SDKs and adverts. https://www.appbrain.com/app/ai-type-keyboard-plus-emoji/com.aitype.android.p
and a long term history of malware distribution it seems, going back to at least 2013 https://www.mywot.com/en/scorecard/aitype.com
I happen to know the nerd in question. Oh how pleased they are going to be about being a news story.....*cough*
The individual in question is not a HAM operator but uses SDR kit to listen to interesting radio streams, such as air traffic control, passing satellites and apparently the local football stadium.
Publicly available software is used to listen to the same stuff you or I can tune in to any time we want.
The webcam feed was not intended for the public. It is not on a web domain, is not linked or shared on any web sites, and cannot be found with normal search engines.
You have to know the IP address to find the landing page for the home web-hub.
Apparently most of the time the camera shows flashing disco lights, oscilloscope visuals, or whatever retro project is in progress that needs monitoring.
This was part of his raspberry pi powered home entertainment system.
The "general public" would never have seen it even if they tried looking, however shodan users can find it which is why it took a security bod to actually find it.
I suggested that the person limit IP access or use a password in future.
As touched on in the article we should however be using this incident to highlight the state of affairs concerning the UK tech infrastructure.
As already noted, you or I can access the same info without any restriction.
The term Ambulance-chasers was coined a long time ago because of journalists and creeps that monitor the emergency channels so they can beat others to a story or make money from misery.
This is still a thing.
It occurs to me that they have been allowed to hack the systems of an old plane the US don't use much anymore, and have mostly offloaded to other countries.
Other countries which may or may not (mostly not) get the same fixes (damn those supply chain issues eh).
If they want to be able to hack the planes they sold off to their "allies" years ago, this seems like a good way to get the advantage needed.
If they want to improve the security of the F-35 then the hackers should be hacking that.
However all anyone needs to do to scupper an F-35 is pick a fight in bad weather, make it fly "too fast", make them have to take off and land a few times and use up their tyres (damn those supply chain issues eh.), or hold up a mirror and just shame it into killing itself.
Agreed, I believe the most important aspect of this (seeing as there will be no conviction) is that £886,210 pocket money or whatever they have spent it on, needs some explaining.
Nothing to show so where is the money and what have they bought with it ?
Equipment ? Staff ? Lots of paperclips ?
They must keep accounts of some sort.
Yes Mars has an atmosphere, however while your feet will be in the atmoasphere your head won't be if you are standing, it is so thin.
Mars is under constant bombardment and is pockmarked with lots of recent hits.
Recent footage and photos reveal the activity is much higher than on Earth.
Our atmosphere provides us with a light-show and sparks with few hitting the ground.
On Mars you will be as protected/unprotected as the ISS.
Micrometeorites are enough to kill people on the surface.
All the while we ignore the 1 major problem of life on mars.
It has no atmosphere so no protection from asteroids.
I hope this ultra light weight material can also withstand an asteroid impact.
Without living under come substantial protection all this is pointless, and at the point you are inside a protective metal dome, you won't be needing this material.
Yeah but your lists will include all regular ad-services. Even the standard easylist is way bigger than the google list.
Vivaldi are only blocking bad sites, not annoying sites, hence the use of the phrase "...on the very naughty list."
I would agree that a bigger list is in order, but trackerless ads should still be allowed.
Companies don't drop everything for 1 individual that can't use the browser properly.
Whop-de-do they changed the icon several times (so have the other browsers). This affects the browser how ?
Drag-n-drop of bookmarks works just fine or the manager page would be rather pointless.
Vivaldi is nothing like Chrome to use. You are mistaking Chromium core for Chrome browser.
Email is coming and being tested internally. It is not a core browser component so has different priorities
"all kinds of Phillips hue colour nonsense". 1 optional GUI enhancement that was easy to add is hardly all kinds of nonsense, and oooh now there is Razer support so make that 2.
Yes a whole 2 of them !
WhatsApp oh dear, 1 (admittedly major) feature has been broken between updates. This is a common "feature" of the modern world of software, get over it.
If you think you can build a top-flight browser from scratch in 2019 you need a reality check.
Vivaldi is best for nerds, researchers and people that know what they are doing, rather than stroppy kids.
Do you have anything to contribute to the article topic ?
Feel free. You will soon realise how often it fits.
Think of most politician and management meetings where the results leave everyone under them scratching their heads wondering why they feel like they just got scammed.
Not so true thankfully.
Install DNSCrypt which has DoH and DoT support, then import your block list into that.
DNSCrypt is also available for Rasbery Pi, Routers and Android, so those same block lists can be used where you need them.
Simply changing the OS to a resolver with DNSSec and DoH does not give you any way to authenticate the resolver.
No browsers test or display DNS validation errors so even if you think you are using the DoH resolver you set, you may not be.
...and another thing...
They are in a no-win situation. If it comes down to it we will just see the same level of accelerated interest in using HOSTS and Pi-hole blocking as we did with tracker and advert blocking extensions.
They are just pushing a bubble around the wallpaper. They cannot stop it, just make it less convenient.
"42 per cent of malicious extensions use the Web Request API."
Of course they do, it is a common function. I bet they all use another common API just as much if not more.
100% of them use chrome and the google store.
Most of the malware use google adverts, so how about we restrict the functionality of adverts ?
Anyone else fancy slapping some random Venn diagrams on this ?
If they are worried that they will not be able to block "exposure" to problem domains, it should be pointed out that they do have the choice of having the sites taken down.
Apparently leaving child exploitation sites running is fine, but we take down malware sites.
Why bother to actually remove a problem when you can just block a handful of people from accessing it ?
Ultimately, tough luck. Crying over spilled milk.
DNS over TLS has been around for a while, now we have DNS over HTTPS. We also have DNSCrypt, DNSSec, and the ability to choose any resolver we want.
Unless Governments force OS vendors remove the ability to change your DNS there is nothing they can do but cry about it.
Even without improved DNS, there is still nothing they can do, other than block all VPN nodes and offer a Chinese or Russian style state sanctioned VpN (small P as no privacy).
...or . . .they could take down the problem sites ?
disgruntled coder at GameFace.LLC. "How do you expect users to trust using any app on the Microsoft Store when they keep having a browser popped open with an obvious scam site?"
disgruntled user at Home. "How do you expect users to trust using any app on the Microsoft Store when they keep having adverts in them ?"
Ummm, so if you download software from a developers own site and spams you with adverts, that is called Adware and blocked by AV.
But if you download it from an official appstore where they take a cut of the revenue, it is not Adware and so AV should not block it.
Isn't that called anti-competitive practice ?
As ever our politicians think that saying they will throw a load of money away will change anything useful.
We can be sure most of the money will disappear in meetings, greasing already greasy palms, and funding Capita to do another bang up job of marketing a life of happy hackers all having fun.
GCHQ already have a problem attracting newbies. The past year we have seen many tie-ins with BBC shows to show the shiny friendly face of espionage.
Ah I know ! They are going to lure IT students with promises of wealth !
Being so brass-necked about hacking back at the drop of a hat, is a marvellous way to attract exactly that situation.
Well done you prize prat, the challenge is now issued. I hope our best bods are on the case.
It seems that the more times you say he is a journalist the more true it apparently is.
He is not a journalist and never was, and he has not claimed as such.
Releasing information that other people hand you does not constitute journalism.
Tweeting about data dumps does not make you a journalist either.
Even if he was a regular blogger calling him a journo would be a thin stretch.
Considering we must assume that all top secret traffic between security agencies will be encrypted and sent via a VPN, what could the Chinese Gov collect ?
Well just ask the NSA how their project to collect all the encrypted data flows, in that massive and flammable data centre has worked out for them.
Would GCHQ, NSA or the CIA really be using unencrypted communication over their mobile phones, or use landlines and encryption ?
If there was an issue it would (or should) not effect them as long as they don't do things they currently should not do.
The Kaspersky case is a good comparison. The CIA operative took classified work home, and didn't think about all good modern AV will upload unknown files.
Maybe their concern is exactly this situation, that their dozy operatives will lead to China getting hold of secrets.
They seem to have not noticed there are several decent AV tools from China that are used all around the world. If the threat is credible, why not warn us all off using Chinese AV and security tools ?
Both these will need a PC with the android drivers installed, and ADB access enabled in the phone.
You can avoid messing with CLI and downloading the ADB binaries as both come with the required files (feel free to update with newer versions)
The easiest to use for everyone is APK Installer.
http://apkinstaller.com/features
And for total control or for the more nerdy, a TotalComander / GhostCommander ADB plugin
http://uniqtec.eu/applications/android-adb.html
Happy de-bloat day \o/
When he gets here I hope they give him a tour of the GCHQ/Huawei center, and he can kindly point at the kit with the backdoors that we can't find, and show us where to look.
Maybe someone should present him with a list of Huawei CVEs and a list of Cisco CVEs, while covering the names at the top and ask him to choose which networking kit he would use ?
Seriously ?
The given reasoning that MS AV must be good is because of the probable good quality of the company as a whole.
Seriously ?
No evidence given ?
Unfortunately some crappy AV and vendors are being used as the gauge to measure against.
Avira has never given me any problems since swapping to it, and never seems to show in the lists of vendors doing stupid things.
Microsoft are not virus experts. Just like Symantec they bought into the AV scene and have failed to impress or progress with their AV products.
Not 1 AV comparison site shows Defender or MSE as being any better than low-average.
Microsoft themselves have said that their AV should be considered "Baseline".
The baseline is not the bar you are aiming to climb to, it is the lowest you should ever fall to.
I often have to repair people PCs that rely on only MS protection, and know that the AV I then use to fix it, would have protected it if they used it.
MS AV does not stop people going to bad sites, and does not scan web-page content unless you use MS browsers.
It does not even have a sandbox like all good AV, so unknown files are still allowed to run
Yes education is the key, but it is not happening so throw that idea out unless you are actively doing something about it.
Do you trust your Mum to retain the nerd-info you gave her enough to spot a phishing site ?
I don't and I am glad my Mum has Avira keeping her virus-free for the past 5 years (and yes I regularly scan with a standalone).
I am now trialling an AV that also notifies about, and blocks keylogging and webcam activation.
Which part of MS security does that ?
People need to stop comparing how geeks protect themselves, to the needs of the majority users who cannot be bothered with white-lists or regular audits.
They want a MacOS style world where you push a button and it works.
You can teach them to be secure, but it will not last.
AV are never going to be the perfect solution, but as the rate of viri and hacks continues to rise, the sheer stupidity of advising people ditch good AV and rely on only "Baseline" is an act of criminal insanity.
Good tech support means you have tested the options and give evidence based recommendations.
Just because VW did some stupid things with their tests, does that mean all other car makers are as crap and guilty ?
Whould you recommend people stop using seat-belts in all cars, if only some car makers had faulty seat-belts ?
The CIA very recently explained their criteria for establishing blame.
1) if hackers ask for money they are criminals (bad actors)
2) if hackers give it away they are state sponsored actors.
Case closed.
No room for the vast majority of mischief makers and vandals or those hacker types that join Anonymous, or just do it because of the challenge.
Wonderful to have such a black and white view of hackers.
Shame people have forgotten how Venn diagrams work.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
