* Posts by SVD_NL

175 publicly visible posts • joined 15 May 2022

Page:

Crooks crack customer info at tracking device vendor Tile, issue 'extortion' demands

SVD_NL Silver badge

Re: Soz Mate

To be fair, he said more sensitive information, which technically doesn't mean the stolen data is not sensitive.

Still, he basically says "Could've been worse, you know?", huge red flag if that's their stance on PII disclosure.

Four more US states pile on Apple as DoJ turns up antitrust heat

SVD_NL Silver badge

Re: I'm not convinced

I've never seen a notification that reads:

"We were unable to verify you installed genuine Toyota brakes. We have disabled certain functionality to protect your Toyota vehicle"

I didn't touch a thing – just some cables and a monitor – and my computer broke

SVD_NL Silver badge
Flame

Crows

We refer to this kind of end-user as "crows", often it's almost company culture.

Why crows? They see shiny, they want shiny. To the point where we noticed whenever someone at those companies gets a new device, their colleagues suddenly get inexplicable issues with their slightly-less-shiny devices, or they even "accidentally" damage theirs.

This really boils my blood, and if at all possible we try to replace those devices with even older or worse versions. Unfortunately they generally get their way, and the shiny cycle continues..

Screwdrivers: is there anything they can't do badly? Maybe not

SVD_NL Silver badge

Re: Not screwdrivers but...

"Damn, I lost this very specific hard-to-replace screw"

- "Where is it? I'll help you look for it"

- "Somewhere in that pile of very specific hard-to-replace screws"

SVD_NL Silver badge

Excessive force

Oh boy, excessive force and tech, i've got plenty of stories on that subject...

PFY me was helping relocate an office, and it was time to start moving displays. I grabbed one, and got stabbed in the finger by something sharp. Turned it around, found a DP cable properly ripped out of the socket with a bunch of wires from the forcibly disassembled cable still sticking out of the socket. Looks like I wasn't the first to try and relocate this monitor.

Got a couple about printers, for some reason most people resort to the "when in doubt, apply more force" mantra when it comes to paper jams, plenty of broken off retainers and other small components from people trying to rip out paper or improperly disassembling them.

The best printer story i've got has to be a ticket with the subject line "printer exploded". I have absolutely no idea how, but some troglodyte managed to rip out a bracket holding all toner cartridges, but in such a way that they made the printer room look like an abstract expressionism art exhibition. They somehow never found out who did it, i feel like it shouldn't be difficult to find the culprit there...

A lot of stories of various devices that were "stuck", and people "pulled a little harder", and they presented me with a completely disintegrated device.

I have a folder where i store the photos of these, well over a hundred of them from my short helldesk career.

Cisco's emergency caller can send first responders to the wrong location

SVD_NL Silver badge

How does that work? If you're traveling through a rural area and call on your mobile phone you're just shit out of luck?

I feel like there should be a bit more nuance to that requirement.

SVD_NL Silver badge

This is so scary. Who thought it would be a good idea to send a default location instead of location unknown in those circumstances???

Don't mess with emergency services, and if you're going to release a product (add-on) specifically for communicating with emergency services, you better make sure every single release is flawless.

You mention police, but what about medical emergencies? There is generally going to be fewer situations where the caller is unable to give an accurate description of the location, but if people trust the system without verifying, you're going to run into big problems...

Windows Subsystem for Linux gets enterprise friendly and plans a settings interface

SVD_NL Silver badge

Re: Competent Windows admins: Embrace, entend, extinguish.

Hi, somewhat competent Windows admin here: Intune policies are an endless ever-changing maze of tools.

Thanks for coming to help. No, we can't say why we called – it's classified

SVD_NL Silver badge

Good lord. Why did they even store those on hard drives? wouldn't those be printed, filed, and the drive wiped? (i have never dealt with sensitive data so i am clueless).

This feels like a data security and integrity nightmare.

SVD_NL Silver badge

Not a tech job but...

I worked as a food delivery driver for a couple of years while i was in university, and one of our repeat customers worked late shifts at the Royal Dutch Mint. I've never seen a bag of chips be so thoroughly checked and cleared through security. (A prison i also regularly delivered had significantly less security in place).

By 2030, software developers will be using AI to cut their workload 'in half'

SVD_NL Silver badge

Re: "It's time to take a short break!"

Oh definitely, my main issue with the one i had to deal with was a lack of customisability. And the AI this "paper" mentioned seems to know best for everyone.

I use reminders too (hyperfocus has some disadvantages...), but I spent some time dialing them in so they work for me. We humans are infinitely better at figuring out what works for us personally, especially if given the right tools and knowledge.

SVD_NL Silver badge

"It's time to take a short break!"

I hate these steaming piles of bovine excrement with a passion. A university i studied at had this installed on all PCs, no way to turn it off, and it was super obstructive in it's reminders.

Even with some kind of AI trying to analyse the user, it's simply not going to help. Everyone has different preferences, I don't like taking these micro-breaks at all, i prefer to stay focused and get on with it.

The future is not over-automating your workforce and turning them into cogs in a machine, the best outcomes for employee mental health come from a personalised approach, empowerment and giving them responsibilities. Help your employees understand what works for them, how to apply that to their workflow, and give them enough freedom to actually do that (this of course does require them to feel responsible for their own work).

I honestly think you're daft if you believe some kind of AI break reminder/IDE personalisation is going to have any significant positive effect on mental health. They also did not cite a single paper from the field of psychology, only two CS papers that basically say "unhappy devs work less/worse" and "personalising your IDE helps with productivity in various ways". Maybe they should've consulted with a psychology researcher before making bold claims and talking out of their arse? You simply cannot make these claims without citing a single source or providing any evidence. And there's a lot of research out there, turns out companies are more than happy to heavily invest in research that helps them understand employee wellbeing (thus their productivity).

Tape is so dead, 152.9 EB of LTO media shipped last year

SVD_NL Silver badge

Re: "take even longer when there's compression or decompression to be done."

I'm not an expert, but as far as i'm aware you're correct about the compression.

The limiting factor is the storage medium, and most vendors actually indicate the read and write speeds scale (almost) 1:1 with compression ratios (2:1 compression ratio would theoretically double the read and write speeds). Source (IBM)

As far as encryption goes, LTO says "Native hardware encryption typically affects less than 1% of tape drive performance.". This page also goes into the specifics of the encryption used, for how they manage the keys you'd need to look up the vendor documentation, IBM should have those publicly available.

SVD_NL Silver badge

Restore time on that USB: "Maybe some of it"

Wanna curb datacenter outages? Try combating burnout with shorter shifts

SVD_NL Silver badge

What is human error anyway?

I did find the 2021 version of this report on google scholar, It's here [pdf] .

p.11 lists a breakdown of what the reason behind the "human error" outages was. only 48% of them was actually an employee making a mistake even being part of the reason. 41% indicate improper procedure was (partially) at fault for the outages. is it even human error if the human follows procedure? yes, sure, but you can hardly blame it on the person making the "mistake".

Assuming this year's report includes this data as well, this would be great to know, as it gives important background on this article.

'Little weirdo' shoulder surfer teaches UK cabinet minister a lesson in cybersecurity

SVD_NL Silver badge

Re: Situational awareness is rare

While i do agree with you on the most part, if people are willing this definitely helps with building habits. It's a small office i work at, and they mostly respond with "oh yeah i should do that". If you're just shouting angrily at people who are unwilling to change, you're not getting anywhere.

I do agree that you get the best results if the solution doesn't require interaction. I'm a huge fan of auto-locking devices, unfortunately we don't have compatible cameras at every desk, but the windows hello camera-based auto-lock is amazing. Even came across some laptops that actually detect when someone is shoulder surfing and dim the screen, or turn it off. That can get quite annoying though, sometimes you just want to show something on your screen to a colleague.

SVD_NL Silver badge

Situational awareness is rare

It's been a battle making sure we don't let customers just walk into our office where they can see our screens. And I must've shouted "Windows+L" hundreds of times at people getting up from their desk.

People at my office still like me... i think...

Google guru roasts useless phishing tests, calls for fire drill-style overhaul

SVD_NL Silver badge

Re: Not sure if it's possible

This is often not done in the email client these days, but at the spamfilter level. Modern spamfilters often do checks like "does the sender name and actual 'from' address match" and does the same for urls. Same with typosquatting. (Along with some ML stuff these days, detecting suspicious calls to action for example)

Many spamfilters also scan every url included in emails, and edit the links to be proxied via a service that checks the url for suspicious content as well.

I think your suggestion is useful and possible, email servers constantly change urls to be proxied or add external email warnings before delivery, but i don't think it's something that's widely adopted. I genuinely think the main concern is going to be that it absolutely wrecks email layouts, especially on links with a bunch of trackers and ids. That's the whole reason html email exists and it's so widely used, even though plain text emails have a way smaller attack surface.

I'm just thankful i can block RTF mail...

VBScript nudged nearer to the grave with next big Windows 11 update

SVD_NL Silver badge

Ah VBScript..

I still need to use it from time to time because our ERP system's report builder uses it, and any kind of custom logic needs VBScript as well. Honestly a neat little language, albeit quite limited.

I can definitely see why they'd want to get rid of it though.

Go after UnitedHealth, not us, 100+ medical groups urge Uncle Sam

SVD_NL Silver badge

Re: eggs, meet basket

It's always been absolutely baffling to me how the US government has allowed this to happen. At what point does anti-trust kick in?

It looks a lot like VMware just lost a 24,000-VM customer

SVD_NL Silver badge

Definitely one of the better laughs i've had in a while!

Brit council fumbles Oracle Fusion launch, leaving SAP to die another day

SVD_NL Silver badge

Something that bothers me about government contracting...

Every governmental body starts up their very costly tender process, has their own very specific requirements etc. Then they all find out the vendor they chose overpromised, the very specific set of requirements was incomplete or incorrect, and they go years and hundreds of millions over budget.

They are all councils, they have the same tasks, goals, and hopefully a similar structure. Why reinvent the wheel?

I understand that policies and processes are rigid, but why are they so different from each other that a completely different tender process is required?

This is not just a UK problem, it occurs in pretty much every country and every type of (semi-)public sector.

UK data watchdog wants six figures from N Ireland cops after 2023 data leak

SVD_NL Silver badge

Seems like it...

I feel like the least they could do is compensate the officers who have to take measures for their own safety.

Moving houses is expensive, therapy is expensive, some officers may be unable to perform their job out of fear, and in extreme cases even the cost of assuming a new identity entirely.

This is just tangible costs i can think of.

Meanwhile the punishment for having this information disclosure happen is a slap on the wrist, making them promise to do better, and moving a bit of money from one pocket to another? I'd be beyond furious if i was one of the officers involved.

Read AI about it... OpenAI does deal with News Corp

SVD_NL Silver badge

There are benefits to exclusive deals

For example, if i decide on using an LLM, i can choose to use one that isn't trained on The Sun.

I stumbled upon LLM Kryptonite – and no one wants to fix this model-breaking bug

SVD_NL Silver badge

There is money to be "made" here, it's called risk mitigation.

Imagine the author sharing the prompt, sick and tired of being ignored, and it potentially leads to a large scale DoS on your product?

Precious compute time wasted and availability compromised.

At the very least try to understand the mechanics and assess the potential damage caused by this flaw, or variations of it.

Lords of May-hem: Seven signs it is Oracle's year end

SVD_NL Silver badge
Megaphone

Re: Palisade Compliance, an Oracle licensing advisory company

Auditmachen! Schnell! Schnell!

SVD_NL Silver badge

Re: Palisade Compliance, an Oracle licensing advisory company

My exact thoughts when I read that.

Shame a lot of their profits probably go towards employee therapy costs, dealing with Oracle all day every day must take a toll on your mental health.

An attorney says she saw her library reading habits reflected in mobile ads. That's not supposed to happen

SVD_NL Silver badge

Re: Not a good move

"... you're trying to tell me someone actually read our privacy policy?!?!?!? RED ALERT!!!! RED ALERT!!!!"

Microsoft offers China-based engineers an option to relocate

SVD_NL Silver badge

Microsoft is offering them the option. It's literally a job offer.

Refusal is uncommon, but this offer is always on the condition that a work visum (or whatever is neccesary in the relevant country) is granted.

The government is not offering the employees a job, MS is. The governments have programs in place that allow MS to make these offers with more certainty.

Gentoo and NetBSD ban 'AI' code, but Debian doesn't – yet

SVD_NL Silver badge

And now the small matter of detecting AI-generated code

A policy is nice, but without enforcement it brings very little to the table.

I tend to write reports in a very structured manner, especially introductions and summaries. I can't count the amount times my university has inquired about this because some kind of genAI detector matched with 80%+ confidence...

I wonder how they are ever going to efficiently detect AI generated code given the extremely structured nature of code in general.

Is this something an experienced human would be able to detect, like many of us are able to do with bodies of text?

How are you going to include this in the review process in a reliable and efficient way?

You OK, Apple? Seriously, your silicon lineup is … a mess

SVD_NL Silver badge

Re: Not for the Likes of Us

^^This^^

There is very little benefit to having your laptop closed, and a second monitor is always a bonus. Even as a third monitor i usually end up keeping my mail inbox or music player open on it, basically anything i need to glance at every once in a while.

Using your laptop in such a way also quickly degrades your battery and fan, which is the main reason macbooks fail over time (from my anecdotal experience).

I personally use a desktop PC at home, and use a small portable laptop on the go. It's a shame Apple really doesn't have any remotely affordable options for this. (because if you're using Mac, there's a definite benefit to keeping most devices within their ecosystem). Even MacBook Airs (which have terrible value IMO), are basically the same cost as high-end ultrabooks from other brands.

Hell, even refurbished 2020 macbook airs are €600 around here, for that kind of money you can get yourself a very capable mid-range laptop.

How two brothers allegedly swiped $25M in a 12-second Ethereum heist

SVD_NL Silver badge

I can't help but be impressed...

...by criminals exploiting systems in such a huge and sophisticated way.

It's not like no one in this multi-billion dollar industry has tried, be it white or black hat.

Don't get me wrong, i still think they're arseholes, just very impressive arseholes.

Underwater datacenters could sink to sound wave sabotage

SVD_NL Silver badge
Boffin

Re: Is there a Department of Daft Ideas coming up with this stuff?

You forgot to consider the added security of trained sharks with lasers strapped to their head!

End-to-end encryption may be the bane of cops, but they can't close that Pandora's Box

SVD_NL Silver badge

Re: And good does not always triumph.

Consent is more easily gained if you ignore small hurdles such as basic human rights.

I also think compliance would be a better word here.

Tired techie 'fixed' a server, blamed Microsoft, and got away with it

SVD_NL Silver badge

The moment you run it with sufficient privileges it's an "approved tool". In some cases it's actually approved *by* a tool, but that's not M$s problem!

CEO of UK's National Grid warns of datacenters' thirst for power

SVD_NL Silver badge

Re: More energy needed?

Ha, colloquially we use the same word for it in Dutch, always trips me up. Yes i mean turbines.

Would be quite the hot take to say windmills ruin Dutch landscapes.

SVD_NL Silver badge

Re: More energy needed?

You are suggesting windmills are the only viable source of sustainable energy. They are not.

We use about the same amount of solar energy as we do wind energy (CBS, 2022). I have never been bothered by solar panels.

I realize we need windmills right now. I accept windmills, that doesn't mean i like them, nor do i think they will solve the sustainability problem. We are running out of places to put windmills, and they are only contributing 4% of our total energy usage (solar does 3%, biomass about 8%). They are not a solution, they are a temporary fix to a permanent problem.

I also don't agree with the decision to put them right next to areas where large bird populations live.

But until new methods of energy generation become viable, or they decide to reopen our nuclear reactor(s), we are stuck with it. It's a shame they'll never disappear, because they won't let the infrastructure go to waste.

There is no perfect solution, but of all imperfect solutions, windmills suck the most imo. (unless you think burning more dinosaurs is a solution, that would be the worst)

SVD_NL Silver badge

Re: More energy needed?

Energy generation won't be the primary concern, but delivering it will be.

The Netherlands is a good case study. We are generating more than enough power, got plenty of wind farms nicely ruining our views, and EV chargers all over the shop.

So what's the problem? Well, we can't use it all.

It is overloading our old infrastructure, bottleneck after bottleneck. Not enough manpower to upgrade the capacity, and not enough manpower to realise new connections where the infrastructure can actually handle it.

It slows economic growth, it slows the energy transition, and it affects the housing problems (there are a couple of places where they finished housing, but they cannot get electricity there, so the nice sustainable induction stoves and heatpumps don't work.)

We have committed to laying off natural gas and combustion vehicles, and genuinely did a pretty good job with pushing sustainable energy (other than the ugly wind farms but can't have it all eh?), but in typical government fashion a success has to be overshadowed by a collossal cock-up because they didn't look ahead at all.

It seems that you're not quite at that stage yet in the UK, so listen to the warning signs and act upon them.

Uncle Sam's had it up to here with 'unforgivable' SQL injection flaws

SVD_NL Silver badge

Re: you should be using parameterized statements

That statement refers to input sanitation, not parameterized statements.

Brits blissfully unbothered by snail-paced mobile network speeds

SVD_NL Silver badge

Re: Makes sense

I was specifically commenting on mobile usage here as that's the subject of the article. For a home internet connection i believe the "sweet spot" would be more around 30Mbps. The main reasons being that there are multiple devices (even while standby they chip away at bandwith), and that PCs have higher bandwidth requirements. Bigger screens such as monitors and TVs means you'll notice lower resolutions more than on a phone. You'll be more actively multi-tasking, and desktop web pages are often less optimized for lower load times.

While the limits are a bit different, the same principles apply: You don't need as much bandwidth as the ISPs make you believe, and the true improvements that make fiber and 5G "faster" than DSL are reduced latency and a more consistent experience.

The big difference between home internet and mobile internet is that there are use cases for higher bandwidths, for example downloading a large video game.

I'd say that the vast majority of households still really don't benefit much from going over 100Mbit

SVD_NL Silver badge

The great thing about 4G and 5G is that bandwidth distribution is actually one of the main improvements, where it basically has a pool of connections that it can dynamically allocate based on demand.

this issue is that they use a shorter wavelength, which drastically reduces range and material penetration.

Small sliver of hope: 5G allows for a lot of funky network configurations, allowing mesh-like configurations, or a remote tower using 5G as a backbone instead of fiber. This may decrease the cost of building new towers in areas with poor coverage, but there still needs to be an incentive to make that investment as long as this infrastructure is privately managed. The business case is not there unless the government brings a bag of cash.

SVD_NL Silver badge

Re: Interesting list

To be fair, i can see why apple would refuse any apps that collect usage data 24/7, they likely dont even expose APIs for that.

SVD_NL Silver badge

Makes sense

Mobile experiences have been pretty optimized for slower network speeds. looking at the most used apps, 1-5Mbps is going to be more than enough to browse facebook, use whatsapp, use navigation, or watch a 480p youtube video (default quality while on mobile data, 720p on youtube is around 5Mbps bitrate i believe).

Websites may not be as snappy when loading, but you need to remember the majority of people are using older and/or cheaper phones, so they are not used to a snappy experience on their phone to begin with!

Having more bandwidth matters most with large downloads, which people don't want to do on connections with a data cap to begin with.

With network technology improving, mobile providers are quick to boast with increased network speeds you are never going to need or be able to use from a mobile device, but the true improvements are QoS-related. Especially improvements in MU-MIMO-related technology of 4G and 5G mean there is a better, more fair and faster distribution of bandwidth. Fast speeds are fine, but it's better to have 1Mbs together with 100 people, than it is to queue up with 100 people and access 100Mbs one at a time. the last in line is not going to be happy.

Crypto scams more costly to the US than ransomware, Feds say

SVD_NL Silver badge

Not reporting ransomware attacks?

I'm pretty sure any company operating in Europe must report ransomware attacks, at least as a potential PII leak as per the GDPR.

It's surprising to me that the US doesn't have similar rules, but at the same time it doesn't surprise me at all.

The last mile's at risk in our hostile environment. Let’s go the extra mile to fix it

SVD_NL Silver badge

We're starting to get there

In the netherlands some of the largest ISPs (KPN, Vodafone, T-Mobile, that i can think of) are starting to offer cheap cellular failover with their business internet connections.

You'll be paying around €5-10 a month, and no data limits (although you are only allowed to use it when the internet connection fails).

It's a step in the right direction and it won't be long until it'll be available for consumers. The main limiting factor right now is probably the cost of the required hardware for cellular failover.

They are already pushing hard on internet+tv+mobile bundles, so i expect to see them add it for free for anyone who already has such a bundle whenever they figure out the hardware side of things.

The only potential issue i see, is that the fiber rollout is going really fast, but the areas where fiber will be installed last are the areas where they have a really crappy DSL connection, and usually poor cellular coverage too. The new routers will be ethernet only, so they won't get the 4g backup without buying a relatively expensive router, if the backup even works.

These are the areas most vulnerable to isolation, and they'll be the last to be protected.

The end of classic Outlook for Windows is coming. Are you ready?

SVD_NL Silver badge

TAPI is getting a bit dated and unfortunately doesn't work very well anymore (probably mostly due to neglect from microsoft).

I work with these applications quite a lot, and these days you're generally going to be limited by the functionality of your PBX or SIP server.

They will need to support some form of webhook or API to communicate call status, and then you need to connect to an API, database or file to retrieve contact information.

I personally use Bubble by RedCactus (it's a Dutch company). (Disclaimer: I also work for a reseller of this software)

It works with a bunch of VoIP/SIP systems, and even more CRM systems (including custom API, database or CSV connectors).

It's a pretty efficient piece of middleware.

I see a TAPI listed under phone connectors in the software, but no documentation about it, so not sure how well that works.

They list all compatible systems though, and you can ask for custom integrations too, pricing is very reasonable for that as well.

I personally only know other products where the CRM integration is part of their softphone, so it can't be used seperately.

SVD_NL Silver badge
Mushroom

Re: I need classic outlook

POP3 is horrible. It simply doesn't work in any situation where you need to access your mail from multiple devices (which i reckon is at least 90% of users these days).

Sure, you are reliant on your email provider with IMAP, but at least your email doesn't disappear from the server the moment you retrieve it.

If you have so little trust in your email provider, you should switch providers.

And for backups and archives you shouldn't rely on a single point of failure anyway. Set up journaling rules (auto-forwarding to an archive) or a similar method to store incoming and outgoing emails on a different server. There are better ways to achieve your goals here, because anything you do with POP3, you can do with IMAP too, with the added benefit of having an extra safeguard where emails remain on the server if things go wrong somehow.

Using POP3 is just asking for your emails to be spectacularly wiped in a catastrophic event fueled by fear and regret, if you care about your email archive you should avoid it like the plague.

I've seen people lose all of their data, and companies go out of business because of POP3. Don't use it, please don't.

Attacks on UK fiber networks mount: Operators beg govt to step in

SVD_NL Silver badge

Re: I'm at a loss for words here

I've actually had an unsuspecting employee of a, let's say, "nature based" establishment run off when i went to install some WiFi Access Points.

She grabbed tinfoil out of her purse, whipped up an improvised hat, and ran off.

I wish i was joking.

SVD_NL Silver badge
Facepalm

I'm at a loss for words here

"...some attacks have even been 5G protesters simply targeting any digital infrastructure."

I think this summarizes the anti-5G movement perfectly. "I don't like EM radiation, so i will destroy the data transmission method that emits the least EM radiation"

No way they are smart enough to specifically target 5G backbone infrastructure, they'd just set the mast on fire.

Airbnb warns hosts who use indoor security cameras they may face eviction

SVD_NL Silver badge

Re: "where guests can reasonably expect privacy expectations"

There's a huge difference between recording and publishing.

Having security cameras often only requires you to post a notice somewhere (sometimes you don't even need to).

Using those images is subject to relevant laws, be it surveillance laws, employee surveillance laws, or customer data protection laws.

You're constantly being recorded everywhere, and that's fine. Publishing those images without consent is almost always illegal (public spaces are usually an exception, there is no expectation of privacy there)

And the main reason for these changes are pervs that film people in bedrooms, toilets, showers, pools, etc. and add it to their personal wank tank, or even publish/share those images.

There's been too many stories of that happening, so AirBnB is just responding to customer concerns.

Page: