Posts by Astara

its a matter of trimming the low hanging fruit

if you were running on windows, or from your own source build, it is likely you could monitor incoming and outgoing communications to see the IP address of another party in P2P communications. If you are running that app in an unrooted phone, then it might be more difficult to download a traffic monitor to let you monitor endpoints of p2p communication. Even so, having the app store the remote-endpoint in a local log makes it all too easy to see the remote IP, which is the main security flaw. Given enough resources, of course, someone has to know the remote IP whether you go P2P or through the server. It really becomes matter of how easy it is to use in a short amount of time -- as is true for most security options, quantum ones aside.

And how did security researchers sell their services to inventor before hand?

The security researchers are a bunch of idiots. They claim any toy needs to NOT be vulnerable to various security hacks. Baloney! The toy is not meant to be used in a hostile environment or hooked up to an outside internet. End of discussion.

Until you prove it is designed to be a network attached security product, you are an idiot if you believe that security was considered as part of coming up with a new idea. You can't saddle every toy or object ever invented with the baggage of psychopaths our culture nurtures, encourage and reward with stock options and company titles.

In most capitalistic based cultures, getting rich by turning others into human assets (or capital) and having them managed as human resources is the way businesses operate.

The internet and early computers were developed by idealistic, forward looking pioneers who fully thought there inventions were going to be used in a futuristic start-trek type world where money is obsolete and people no longer work at jobs because they need money but for self-actualization. Does anyone remember the star-trekNG episode where the hibernating/frozen capitalist awoke and found all his capital investments and projects were worthless because the idea of collecting and possessing more and more capital was obsolete? The idea of acquiring more capital so as to be able to dominate and control more people was obsolete.

Security is what you get when your ideals get jaded and you get ripped off. Eventually you get paranoid enough to think of anyone with more power is a threat that must be neutralized -- then you are ready for a position in national security.

*You can't expect creativity to flow in an atmosphere of fear*

If you focus on security, don't expect them to come up with novel new inventions other than new ways to be more secure.

None of these statements mean that we shouldn't spend on security and defense -- but doing so takes more than equivalent share out of the ability of the society to be creative and productive. Criticizing inventors for not being security experts will only suppress more invention. The research need to work alot more on social skills and how to add security than making pronouncements in public about how bad some new invention or product is because the security expert was able to find 100 new exploits. Isn't that a surprise -- the security expert could find 100 exploits (while inventing nothing) while the inventor creates 100 new products (all w/o security).

Looking at it another way -- how many security experts come up with novel products unlike anything before that have nothing to do with security? Why would they expect inventors to come up with pre-secured inventions? The security types need to work with interpersonal relationship types to find ways to get their information and services to the inventor types in a way that the inventors will want to incorporate such ideas.

Like any of that is likely to happen as long as a culture is only focused on cost & making the most money.

filtering on cellphone were callerid is included is easier than 12$/month extra cost CID on landline

I have 2 lines, one I give to businesses wanting a number, and the other for those that need to contact me. Neither phone is listed. The former doesn't have CID which is $12 extra/month. The latter I pay the extra $12 for.

Oddly enough, my computer dialed phone spam only comes in on the line that does not have caller ID -- usually at the rate of a few /week to as many as a few/day, starting at 7-8am and ending as late as 7pm. Of side interest, when I had a line problem with static on the line, the phone company began testing (for 10 days before they could send someone) on the line. During that 10 days, I received 0 (zero) calls on the non-CID phone. Coincidence?

Both lines have had similar probs in the past and they usually just try to find another pair and move me over to it -- that usually gets rid of the problem for another 18+ months. But before the line test period, I had several calls/week (usually selling credit card services) with them starting up again after the line was repaired (it wasn't out-of-order, just had some static on the line and the line w/static wasn't even the number they call in on).

Since then its back to the same -- junk calls on the no-CID line, and only "allowed" non-profit+political calls on the phone with the $150/year CID service.

So does the local phone company (PacBell->AT&T) have a financial incentive to not stop robo calls? In my case, I get relief on the unlisted phone with CID. The phone company refused to put a trace on my other line to record the incoming numbers and says it is up to me to pay for CID if I want that protection, er, service. of course even 30 years back phone companies in this area had complete logs of incoming calls, now stored for law-enforcement perusal for years.

I ask for a 'white list' service but refuse that, they also refuse to block calls w/no callerID unless I pay for callerID. Seems like the phone company has more than a little incentive to make sure everyone pays for CID as part of basic phone service.

HTTPS everywhere benefits google ensuring you download their ads

The main beneficial of HTTPS everywhere (given that anyone who cares about security will likely be breaking the encryption via MITM certs) is Google.

It used to be that I could store about 20% of web requests (by request or byte count...varied, but averaged out the same), locally. On some sites, that would hit 40% -- but with HTTPS -- it falls to zero. because individual requests can no longer be seen or stored.

This means good adverts that refresh each time you fetch them can be fresh each time, or all those wizzy scripts and icons... fresh each time...and it does slow things down -- house mate noticed a 50% boost in his youtube browsing with it caching all of the video icons... (not all of us are on google fiber even if it was offered in any significant market percentage)... I've never had to worry about someone altering my web pages in transit. Now -- even if you have an ad blocker -- many thing will still get downloaded before they are blocked (some won't), but so many things like fonts on every page are fairly constant as are many images and could be cached if not encrypted.

So HTTPS everywhere is helping google more than anyone else. Security my bum!

and when someone working at google starts harassing you?

Who do you call?... I got a DMCA take down for my own artwork on my google-plus account. I complained -- and the response I got was that they changed it to being taken down for violating google's TOS. At that point, I asked what the violate was...but was told that someone had reported my anime-based avatar as offensive and that they weren't allowed to give any more information -- i.e. I could fight the 1st as I had the production history -- but the 2nd you can't fight. I finally found # for google's legal dept (this was at least 3 years back) and someone there looked into it -- someone inside google had a grudge against me and had banned it both times from within. I was fortunate in that I had been able to contact someone who could look into who did it, and do something about it. They told me they found the problem and that it wouldn't happen again. So far, it hasn't. But their first-line user-support answers were mostly worthless.

People abusing the technology leads to problems...

From the parts of HW that hyper threads have shared (though they are increasingly becoming separate processes by virtue of less HW being shared as time goes on), threads were designed to speed up different threads in the SAME program.

It's never been a good fit for unrelated applications as it causes too much non-shared resource contention which can result in slower performance than running the two separate apps on different cpus.

No sign of intelligent life....

claimed to contact several devices -- none of which I have (similar to poster at top)

Scanning {{ips.length}} IP addresses from {{startIp}} to {{endIp}}

Google Home IPs finished/started: {{googleHome.finishedIps.length}}/{{googleHome.startedIps.length}}

Roku IPs finished/started: {{roku.finishedIps.length}}/{{roku.startedIps.length}}

Radio Thermostat IPs finished/started: {{radioThermostat.finishedIps.length}}/{{radioThermostat.startedIps.length}}

Phillips Hue bridge IPs finished/started: {{phillips.finishedIps.length}}/{{phillips.startedIps.length}}

Sonos speaker IPs finished/started: {{sonos.finishedIps.length}}/{{sonos.startedIps.length}}

---

Don't have any of those.

Then it said:

The DNS Rebind attack was successful and a device has been found on your network. Your browser has been tricked into violating the Same-Origin Policy and HTTP requests have been made to interact with a device on your local network. The information below has been exfiltrated from your device and sent to a remote server that you do not control.

{{d}}

-----

OMG!!! It sent {{d}}....NOT THAT... I've been pwnd!

Maybe he need a bit more testing on his proof of concept...

Google: get out of Europe

Seriously. The EU copyright laws are not the same as those in the US.

If the EU wants to put the onus on websites instead of those actually doing the wrong -- it is up-ending safe-harbor for hosts of interpersonal communication. It's requiring pre-censoring which always gets it wrong part of the time as well as becomes a tool for political and ideological censorship.

There are enough false positives to worry me. From my own created art -- that someone filed take down notices against to harass me until I contacted google's legal department, to some claiming ownership of the "Happy Birthday" song.

With an extension of copyright on the horizon -- AGAIN. It becomes clear that "Imaginary property laws are no longer benefiting society at large, but the rich elite. In the past this has caused depressions, oppression and violence. Is that what it takes to stop this type of abuse?

If content owners want complete control of "their content", don't share it with the world. It brings no benefits worth the cost of those most selfish.

MS accounts being "temporarily turned off" if not Win10?

I had an account (my own email), since 2002 that lately was only used for MS support. I didn't use it often, last was a few months ago. I logged in a few weeks ago and found the account had been suspended for either suspected hackin attempts, or spamming, or violations of the MS-terms-of-use. I was told to send myself a text message from their site to unlock it.

Thing is, they blocked my text number as well. It won't even try to send the text message, but says this number is not allowed to receive text messages.

They provide no other way for you to recover your account unless it was an MS-account on one of their mail servers.

Most of the past few attempts at asking questions went unanswered or I was redirected to the tech forum. I remember my last message was about not being able to get the event-log server running due to an error: Error 4201: The instance name passed was not recognized as valid by a WMI data provider.

I was given all sorts of steps including rebuilding the WMI store, and the event directories and performing an "in-place" upgrade/repair. Finally I was told to upgrade to Win10 where the problem was supposedly fixed. FWIW -- I wasn't the only one with this error -- others had reported it years back -- but MS either refused or was unable to fix it. If it was known to be fixed in win10, and hadn't been fixed in Win 7 for years, that seems more than a little suspicious -- perhaps I said as much in their forum and perhaps that had something to do with my suspension -- I dunno. I may never know, because none of the two support people I talked to so far, told me anything useful -- both told me the exact same info I got from MS-web pages about cause (lots of generic reasons), and recovery, send message to a text phone -- which I'd told both of them was blocked.

Maybe MS is already using really dumb AI to answer support emails they don't want to really answer?

they waited 2 years for EU to fund the conversion...EU FAILED

The EU announced new rules to be put in place in 2 years -- and companies waited for the EU to provide the funding needed for the conversion. It never came. The EU had 2 years to supply the funds needed to convert websites for compliance and to provide future funding plans to those websites that needed the private info to continue their business model.

You'd think 2 years would be enough for the EU to come through with the funds to implement their new rule. But...

Guess not.

It seems more than a little disingenuous to put the blame on websites for not implementing a special solution for the EU that has to cost money, at least to implement and maintain, not to mention a special solution that may substantially impact the ability of some sites to stay in business.

So a photo of a face is considered "biometric data"....???

I'm am not a fan of facebook, but if facebook is gonna get sued for something it should be something other than what one could see in a school year book. For that matter, it seems possession of multiple yearbooks or a "who's who" type book, with 1000's of photos, might be considered building a biometric database.

Sounds like a bad law to use to bring facebook down.

Will they let you mute YouTube's autoplay -- no matter what site it is displayed on?

Why is this even posted as "news"?

Give "fake news" to humans and watch them FAIL big time with all sorts of stupid behaviors.

Humans are easily "busted" with propaganda, fake news, and terror -- and they *DO* have the ability for critical thought (but are taught not to use it).

Computers -- they are just programs that are following instructions humans wrote and working up from there -- so just how much should we expect them to walk on water when we have humans easily programmed into becoming suicide bombers for some over-the-top and dangerous, monotheistic mythology. Having billions of people believing in deities that tell them to kill for this and that get spun as "protected" and "holy", while it's news that when garbage is fed to a computer, you get garbage out.

Will humans grow up before they kill themselves off? The universe is watching...

Will sync solutions ever use options already in place?

I've been using IMAP(s) for my email for ... about 20 years. For the most part, I use a home server as my IMAP server, since most of my email reading happens there, but even using a VPN when working "in the office"/"onsite", I had few problems ... up until the advent of local-clients wanting everything downloaded so it could be "index" and cross-referenced.

A few times having most of my 6.4G IMAP store re-downloaded into my "roaming profile", and I realized I needed to be wary of the newest and latest updates. Ended up still running Tbird 2.x because of 3.x's bad defaults and tendency to use those defaults settings on any new machine/user/account. Just 1 machine and I'd have at least 2 stores / user (local & network account) + more if I had test-users or used another login while reading email....

Anyway, just try logging in or out with a 6.4G roaming profile and see how far you get (even with a 10Gb dedicated network connection) thanks many abuses with tiny I/O sizes and small MTU's...

ug!.

"Partial" == 1990's internet, didn't everyone start there?

Ok, I don't like FB -- don't have an accnt, and don't visit website, BUT, can the naysayers tell me just how Zuckerberg is going to get rich on people who make 1$/day?

Ok, so they don't get 1Gb on day 1, but my first online experience was at 1200bps.

I will say they shouldn't be artificially limited -- since some group/village could get access to a local proxy at higher speeds.

They want to raise the retirement age, but where will those people work? If they work in the tech industry, the idea of working till "retirement" would be (I say 'would be' because I know of no-one working until "retirement age" in the software industry) a joke w/age bias and discrimination. I can't see how raising the retirement age will help...

As soon as word "desktop" includes Win7 functionality....

Gates idea for the desktop was use of 3D-features to allow for better information comprehension. Instead, w/addition of mobile "desktops"[sic], interfaces have to be dumbed down achieving lower-information comprehension. Lower-comprension, that's exactly what I see with Metro-style/icon style desktops that don't provide thumbs and fading (translucent) edges to blur edges and background windows. MS even tried forcing 1-app/desktop like Mac's, which was hugely retarded.

Some of us want large screen monitors (mine is only *medium* size @30"2560x1600) with 3D-visualizations appropriate for the application to be able to visualize and see results of multiple apps tied together. Sometime, people should look at the difference between Photoshop using advanced graphics vs. not in moving/resizing images... its night & day.

Expecting the same perf out of atoms. vs. xeons+GPU's is harmful to desktops, yet, that's what MS et al. want to do -- getting us to only expect best that *clouds* can offer -- for the masses that won't be allowed to afford desktops (since they compete w/clouds)...

Disposable portables & replacing PC's

Saw the comment about disposability being related to not replacing PC's... Why? With all their data in the cloud, who needs a permanent local storage? (FYI -- not in this group, as don't have portable and don't have data in cloud, but on local linux file server w/50TB storage, but how long it will last? It's only 7 years old and still lots of expansion room if I can afford it...(and there's the rub))...

no access

What's an iplayer, and why won't it let anyone outside the UK watch this video?

"Crisis is what I pay you for"

Re: "This is what I pay you for"...

Load of doodoo! That's what any trouble-shooter gets -- except when there is no trouble -- then they get "what have you been doing and why haven't I had status reports on your progress". I.e. if you organize things to run well, you are not appreciated when things run well -- only those who are seen as doing well in responding to a crisis are seen as performing "adequately".

Motto: don't create good self-running policies and programs, but only those that create regular crises that you get credit for handling. Saw it at nearly every big company I worked for. No credit for things going well, only credit for when things don't go well and seen as hero in saving the day in the midst of a failure (that could have been prevented by a good plan -- but what's the point in that when such can get you axed as not being "useful")...

Amazon site uses "bleeding edge" code...

Amazon is the only site I use semi-regularly (usually more than once per month) that has triggered multiple browser crashes on their site (most often on their "welcome page").

Sometimes, I can't even type in the item I am searching for (while it attempts auto-completion) before it crashes which leads me to using Google to find the item (or class or type of item) with a "site:amazon.com" appended to the search to circumvent amazon's front page.

It's not surprising that that a new browser might have problems with it.