NZgeek's Techdirt Profile

NZgeek

About NZgeek

NZgeek's Comments comment rss

  • Mar 04, 2022 @ 03:40pm

    Targeted vs behavioral

    There's a big difference between targeted ads and behavioral ads, and I hope the Biden administration sees that and acts accordingly. Targeted ads simply change what ads you see based on some criteria. If you're viewing a motoring news site, it makes sense to show you ads related to cars. Forums for new parents might show ads for nappies. Behavioral ads are the ones that track you around the internet. They look at what does you visit, what you buy, which social media feeds you look at. They build up a profile and use that to decide what ads you see. It's targeted ads on steroids. I would be very happy to see behavioral advertising go extinct. It's too invasive, and there's no evidence it's any better than dumb targeted advertising. Dumb targeted ads would work plenty fine for Russia. Just target any IP address on the counter that's not owned by the government. It doesn't need to be any more complicated than that.

  • Jan 11, 2022 @ 04:45pm

    Re:

    Epson can be counted in with the bad folk. They've got the same chips to check that the cartridges are genuine. What's worse, they sell identical cartridges under different model numbers in different parts of the world. Moving to a new region and want to take your printer with you? Good luck! You probably have to buy third party chips to get the official cartridges to be recognized by your printer, which also means wading through the "this ink is not genuine" warnings.

  • Jan 11, 2022 @ 04:32pm

    Client-side filtering

    The UK government are deluded of they think that client-side filtering is going to fix anything. Software can be modified. If filters are introduced, someone will make a hacked version of the client that either skips or fakes the filter check. Anyone who wants to avoid prying eyes will use that hacked client.

    Of course, talk of client-side filtering could just be a ruse. "The boffins told us that the filtering won't work, so the only option is to snoop on everything you say. Sorry!"

  • Jan 23, 2021 @ 03:43am

    Re: Obvious jokes about David Cameron aside....

    The fishers and the pig farmers and the people who relied on trade with the EU would have generally voted to stay. Why would you want to risk making it harder to sell to one of your biggest customer bases? I feel sympathy for these groups because they've been screwed over by their own government's hubris. And what's worse is that same government is trying to pretend like it's all just "teething problems", when what they're really seeing is the consequences of their own damn actions.

  • Jul 30, 2020 @ 06:40pm

    I think I see the reasoning here

    Based on my readings of CDA 230, the legislation is focused on content: sites aren't liable for content posted by users, and can moderate that content as they see fit.

    In this case, it's somewhat unclear why the business was kicked off Instagram. I think that's why the appeals court sent this case back. If the ban wasn't due to a content moderation decision, it's probably not appropriate to dismiss this case on CDA 230 grounds.

    What should happen is that this case gets dismissed based on the ToS wording. That's a much clearer victory, regardless of why the account was banned.

  • Jul 24, 2020 @ 04:26am

    This is why privacy laws are needed

    As broken and annoying as the GDPR is, the fact that it prevents this sort of indiscriminate data collection is a good thing. It would be extremely difficult for any company in the EU to build up a ALPR data set like this.

    The US really needs to step up and put in place some privacy laws to protect the general populace. However, such a move would get widespread pushback from businesses whose business models rely on playing fast and loose with data, and we all know that the rights of corporate entities are more important to the US government than the rights of real people.

  • May 16, 2020 @ 02:41pm

    Re: Re:

    NZ privacy laws apply to organizations, not individuals. (I believe the same applies to the GDPR and CCPA.) Let's assume that the accusations are true, which is probably the case. The employee will currently be on administrative leave (likely without wages) while the investigation takes place. They'll be fired for gross misconduct and will be ineligible for a benefit for up to 3 months. They likely won't find much work for a while, except maybe some minimum wage manual labour. The Subway franchise store will be investigated by the NZ Privacy Commissioner. The owner and managers likely gave little or no training on privacy, assuming common sense would prevail, which is insufficient under the law. The business will receive a fine that's big enough to hurt but not enough to kill it. The owner will probably go after the employee to recover some of this cost. Even though the employee isn't liable for criminal charges, they'll feel the consequences here for some time to come.

  • Apr 11, 2020 @ 05:21am

    There's a common saying in information security circles:

    The 'S' in 'IoT' stands for 'security'.

    I think that says it all.

  • Sep 30, 2019 @ 04:19pm

    Re: Bad analogies should stay in the kitchen

    The design of the menu is potentially copyrightable. The names of any signature dishes are potentially copyrightable. But that's it. You cannot copyright facts. A list of dishes, what they contain and their prices are facts. It's a listing of truthful information. The law explicitly excludes this type of information from being copyrighted.

  • Sep 30, 2019 @ 04:12pm

    Another analogy

    The API (application programming interface) is nothing more than a description of inputs and outputs, and what the code is supposed to do.

    You can compare this to designing and building a house. The interface is the what of the house. It says what the house must have and must do. For example:

    • You must have a front door that connects to the pavement with a path.
    • You must have a secondary exit at the back of the building that can be used as a fire exit.
    • You must have a kitchen, bathroom and toilet that hook into the existing water and sewer lines.
    • You must have at least 1 bedroom.
    • The house must meet with accepted standards on design and construction.
    • An ordinary person must be able to use the building as a long-term domicile.

    It doesn't specify the how of the house. You can change almost anything you like, and so long as you meet the standards, what you've built can be considered a house. (There's no guarantee whether it'll be a good house, but it'll be a house.)

    Hurst is effectively trying to argue that the set of requirements is the house. She's trying to say that because Oracle (via purchasing Sun) came up with the requirements of what the house must have and do, Oracle now own the rights to all houses and can prevent people from making their own houses.

    Pretty much everyone can see that's not right.

  • Aug 12, 2019 @ 06:30pm

    Re: Re: Re: Re: Re: Re: What is the relevant law?

    It actually could be valid. Wikipedia contains some good information about the structure of SSNs. The rules are fairly loose, and there's no check digit to ensure that it's not just a nonsense value. The only public rules around SSNs are:

    • they're made up of 9 digits, typically grouped 3-2-4
    • none of the 3 groups can be made up only of zeroes
    • the first digit cannot be 9
    • the first group cannot be 666
    None of these rules would prevent 123-45-6789 from being issued. Under the old issuing scheme (retired in June 2011), that number would be a completely valid SSN issued in New York. It would be area 123, group 45, serial 6789. The newer scheme randomly generates numbers. It's unlikely that this number will be generated, but it's possible.

  • Oct 29, 2018 @ 04:26pm

    Reasonable suspicion required

    This article is missing an important piece of information, which sets the NZ policy apart from things like TSA policies.

    Your device can only be search if customs authorities have a reasonable suspicion that the device contains evidence of a crime. You're not at risk of getting your device searched "just because", as happens with the TSA.

    As such, this isn't going to be an issue for most travellers. You're only generally at risk if you're doing something dodgy.

  • Sep 09, 2018 @ 04:10pm

    Re: It costs time and money to support older versions of phone O

    Android is very open. There are projects like LineageOS that can run new Android versions on older phones.

    For example, I recently installed LineageOS on my wife's old (unused) Samsung phone. The most recent firmware version from Samsung is Android 5.0.1. The version of LineageOS I installed was Android 8.1, which is only 1 version behind the latest.

    The biggest problem is getting people to update their old phones in this way. It's quite a technical process, and if you don't know what you're doing there's a fair chance of turning your phone into a shiny paperweight. But if you can make your way through, it's definitely worth the effort.

  • Sep 09, 2018 @ 03:58pm

    Re: Software industry perspective

    You can partly blame Linus Torvalds for this. He has staunchly refused to create a stable HAL for Linux, instead requiring that drivers are constantly updated whenever changes are made to the interface.

    This makes it extremely difficult to allow the OS to be upgraded, because the kernel cannot be upgraded independently of the drivers. Any change to the driver interface prevents the kernel from being updated.

    It's only recently that Google have implemented their own Android HAL over the Linux kernel, which will help ensure that the OS can be updated independently. Not many devices support this yet, and it's only been available with Android 8.0 Oreo and newer, but it'll help to stop these devices from becoming obsolete in the future.

  • Sep 06, 2018 @ 08:01pm

    Software industry perspective

    I work in the software industry, and have some insight into the thinking here. There are two main reasons for dropping support for older phones: (1) support costs, and (2) security changes.

    It costs time and money to support older versions of phone OSes. You need to maintain test devices for each significant OS version, and each change needs to be tested on all versions to make sure it works consistently. If you look at Google's figures on Android OS version share, versions prior to 4.4 KitKat make up around 4.4% of all users and versions prior to 5.0 Lollipop make up 13% of all users.

    If you're writing software, you've gotta make a decision about whether that bottom 4.4% / 13% of the market are worth chasing after. If they don't bring in any significant amount of revenue, they may not be worth the extra support cost.

    On the security angle, the big thing here is TLS version support. Android versions prior to 5.0 Lollipop didn't have good (or any) support for TLS v1.2. The current security community opinion is that anything older than TLS v1.2 is considered to broken to use, and some industry regulations (e.g. PCI DSS) state that you cannot use older TLS versions.

    There are possible workaround that allow TLS v1.2 to be used on older devices, but again this comes down to market share and support. Is that bottom 13% of the market really worth the effort?

  • Dec 18, 2017 @ 08:35pm

    Is this where Bacardi need to step in with their trademark for "42 Below" and tell Five Below to shut the $#!@ up?

    (Yes, I know it's vodka vs retail stores, but that sort of common sense hasn't stopped this sort of thing before.)

  • Apr 11, 2017 @ 08:27pm

    Re: It's the same (or worse) in windows.

    The facial recognition built into Windows 10 ("Windows Hello") is really quite good. It requires a 3D camera system that can detect depth, and cannot be defeated by a 2D photo or video. However, the number of laptops/tablets out there that have this hardware is pretty small.

    It's quite possible that your friend's laptop is running Lenovo's Veriface software, which only requires a 2D camera. The lack of depth sensing makes it much easier to fool. Similarly, Dell laptops use SensibleVision's FastAccess software, which has the same limitations.

  • Dec 19, 2016 @ 03:13pm

    Denovo does not give refunds

    It's untrue that Denuvo give refunds (partial or otherwise) for games that get cracked during an initial period. This was posted about 5 hours ago on TorrentFreak, who got their information via Kotaku.

    https://torrentfreak.com/denuvo-we-dont-give-refunds-when-games-get-cracked-161219/
    http://kotaku.com/denuvo-explains-why-doom-dropped-their-anti-piracy-tech-1790192362

  • Apr 18, 2016 @ 06:48pm

    Re: New Zealand Managed This ...

    As in 15 years ago. Broadband was barely even a thing back then!

    I pretty much haven't filed a tax return my entire working career. My employer pays my income tax based on my annual salary. My bank pays any tax on interest earned on my accounts. If there's any discrepancy in how much I'm getting taxed, it's probably worth less than the time it takes me to file a return.

    My situation is fairly typical. Unless you've got additional sources of income or have significant deductibles, the tax system just handles things for you.

  • Apr 18, 2016 @ 06:40pm

    Re: Re: Re: accuracy... ph yeah

    Putting error circles on the map will make it look like there's some degree of certainty in the location. More often than not, the database has no idea.

    With any internet connection, your modem will connect to some point of presence (PoP) for your ISP. The PoP is effectively the bridge between customer connections and the ISP's backbone. Each PoP will have a range of addresses that it can hand out to connecting customers. Unless you've got a static IP allocation, you could be handed out any address in that pool.

    A large city may contain dozens of PoPs, due to the sheer number of customers each one needs to support. The distance from the PoP to where the customer is will probably be quite short, maybe a few miles at most. The location will be fairly accurate.

    In rural areas, there will be fewer PoPs (due to their cost) covering much larger areas. You may have customers connecting in from 50+ miles away. Assuming that there's a PoP in Macon, you could have an IP address handed out to someone in Forsyth one week and Cochran (40mi away) the next. The location will be fairly inaccurate.

    In order for a GeoIP database to give any sort of accuracy, it needs to know: (a) where the PoPs are; (b) the size of the area served, and (c) the range of addresses it can hand out. No public GeoIP system knows this information. The only public information is which ISPs own which blocks of IP addresses. Once an ISP owns a block of addresses, it can reallocate them wherever it likes, whenever it likes. It never needs to tell anybody else about these changes.

    GeoIP databases work with whatever information they can get their hands on. All they know is that some point in time, some IP address is being used by some reported location. The rest is guesswork.

More comments from NZgeek >>