Youtube is such a pain

After trying to upload a 40 minute video to Youtube a couple of times, growing increasingly frustrated and, frankly, hateful against Youtube, I paid up for a Vimeo Pro account, and boy, was that well spent money. Youtube is nothing but pain and frustration. Vimeo simply works.

Yes, I know about verified Youtube accounts, but even after verifying it, it rejects my video as “too long” after an eight hour upload. It didn’t save it, but had me retry the entire upload again (yes, I’m on a pathetic 2Mbit/s uplink). Vimeo succeeded on first try.

Can’t recommend dumping Youtube and going for Vimeo enough. At least if you value your time and sanity higher than the price. I do.

You’ll never miss your anus ’till it’s gone

John Oliver did a segment on the IRS, calling it the “anus of the nation”, something you don’t like, but can’t live without.

Now, I know you guys (USA) hate when we point out how far behind you are, but I really can’t help myself.

In this segment we have IRS people complaining of the ugly state of checks they receive. Checks… really? What is this, the middle ages?

People also complain about waiting lines to get in to get IRS assistance. Really? You don’t have phones? Ah, yes, they don’t work. Over here, the IRS actually answer the phones, or they call you back. They really do. They’re polite and very thorough. The few times I needed to ask about anything, I got so much information and advice there was no way I could misunderstand. An hour on the phone with two advisers is nothing out of the ordinary. On the other hand, I’ve only ever needed to ask for anything twice the last fifteen years, since the tax code here is actually very simple. At least in comparison.

Your forms are complicated, the tax code changes all the time, and regular people can’t handle it. Really? Over here they’re one page, with a second page if you have a registered company. That second page is replaced by a two page form if you own a limited partnership (as I do).

The form itself is already filled in with your income according to their information, your withholdings, and your regular and interest deductions. If you own stock, all the capital gains and losses are also already filled in. The “owner of a partnership” form has some complicated calculations, but those are done for you in a webbased form after you fill in how many shares you have. It carries the totals over from year to year automatically.

Oh, and BTW, you can do the whole thing over the internet. It requires that you have a full two factor authentication, but most people here have that already from the bank. And that authentication works most anywhere. Someone without a company normally only needs to sign the form without filling out anything at all.

The end result is that even for a company owner, the personal tax return takes something like ten or 20 minutes to do, is totally painless, and actually almost fun. This also causes very few people here to hate the IRS, or even much complain about it. At least compared to the US. That’s the way to run a tax system.

Payza takes the sleazy price

Payza must earn some kind of prize for this… got this email today:

Dear Martin Wehlou,

Since you haven’t logged in for 18 months, your account is now dormant and a monthly inactivity fee of $10 USD is being applied. 

For more information on dormant accounts, please review Section 12.1 of our User Agreement.

To avoid the dormant account fee, all you need to do is log in to your account. So come on by and see what we’ve got for you!

• Personalize your account and make it even safer by setting up your customizable avatar and welcome message.
• It’s a small world after all – send money to loved ones in over 200 countries. Always free, always fast. 
• Our fresh account design makes for easy account navigation – find what you need, when you want it.

Thanks for choosing Payza, 

Team Payza

 
My first thought was: phish! Goes to phishtank! But no, this was real. Checked headers and links. Real as it gets.
 
Checked the user agreement, and yes, there it was. A “dormant fee”. And, an unspecified “reactivation fee” after dormancy. It was on page 24 of a total of 41 pages.
 
And, no, no way to cancel the account anywhere. I did find an unobtrusive link to delete the credit card, though. Wrote a support “request” to them:
I’ve received an email from you that I initially was certain was a phish, but actually seems to be real. You’re starting to charge me for *not* using my account… Oh, man, this is so sleazy I can’t believe it.
Additionally, there seems to be no way to cancel my account either. What I did was remove my credit card. If you so much as attempt to charge me, I’ll file a complaint through the bank.

I think you may have earned the epithet of most sleazy, not to say borderline criminal, internet company yet.

So, just remove that account pronto.

 

The basic idea here seems to be to exploit people who have changed their email addresses and won’t get the warning. Or who for some other reason aren’t paying attention.
 

This is what it’s really for

New Zealand Used NSA System to Target Officials, Anti-Corruption Campaigner – The Intercept:

Analysts from Government Communications Security Bureau, or GCSB, programmed the Internet spy system XKEYSCORE to intercept documents authored by the closest aides and confidants of the prime minister on the tiny Solomon Islands. The agency also entered keywords into the system so that it would intercept documents containing references to the Solomons’ leading anti-corruption activist, who is known for publishing government leaks on his website.

The CIA Campaign to Steal Apple’s Secrets

The CIA Campaign to Steal Apple’s Secrets:

A few months after Comey’s remarks, Robert Litt, the general counsel for the Office of the Director of National Intelligence, also appeared at Brookings. “One of the many ways in which Snowden’s leaks have damaged our national security is by driving a wedge between the government and providers and technology companies, so that some companies that formerly recognized that protecting our nation was a valuable and important public service now feel compelled to stand in opposition,” Litt said. He appealed to corporations to embrace “a solution that does not compromise the integrity of encryption technology but that enables both encryption to protect privacy and decryption under lawful authority to protect national security.”

(Via The Intercept)

The official line seems to be that it’s ok for the US government to break any law or constitution it pleases as long as the public doesn’t know. It’s not the governments fault for breaking the law, it’s Snowden’s fault for letting us know.

The governments (all of them) tried to drive a wedge between the tech companies and the users but failed, at least a little bit. Litt turns this narrative around and claims that Snowden’s revelations are driving a wedge between the tech companies and the government. No, it’s the act of the governments that is driving a wedge between themselves and the rest of us, tech companies, providers, and the public alike.

The pure gall is breathtaking.

Do read the article. There’s a lot of worrying stuff in there, including the attempt to subvert the XCode tool chain in order to build in malware into other developer’s executables.

Another nail in the privacy coffin

This is another thing the EU is cooking up. This document wasn’t intended for the public, of course. Basically, the EU wants providers (web sites) to provide them with the secret encryption keys for SSL.

Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception by the relevant national authorities technically difficult or even impossible. The Commission should be invited to explore rules obliging internet and telecommunications companies operating in the EU to provide under certain conditions as set out in the relevant national laws and in full compliance with fundamental rights access of the relevant national authorities to communications (i.e. share encryption keys). 

How even key escrow won’t work for Cameron

How is Cameron going to ensure that law enforcement can read all communications? One way would be to provide systems with ”back doors”; introducing intentional vulnerabilities. We all know that won’t work. Or rather will work much better than intended, if you get my drift.

Some, including Steve Gibson, maintain that it can in fact be done by having law enforcement maintain a secret, well-guarded, key and mandating that all messages sent are including that encryption target in every message. That would allow LE to decrypt it using a very carefully guarded secret key, if need be. All this without weakening the actual encryption mechanism.

The problem with this is that LE can’t know if everyone is following the law without actually trying to decrypt messages flying by. And to do that on a large scale by necessity implies that the “highly guarded” secret key must be available on a large number of systems, exposing it to compromise.

Even if we stipulate that there is some, hitherto unknown, mechanism that allows LE to verify that messages in fact include the LE destination without having the secret key available, they still can’t know if the encryption is valid until attempted. For instance, the encrypted symmetric key may be intentionally wrong. Or, the encrypted message may contain another encrypted message which does not contain the LE mandated item. And that, in turn, can only be discovered once you perform the actual decryption, which requires the ”highly protected” government key.

In other words, it won’t work.