Posts by SVD_NL 267 publicly visible posts • joined 15 May 2022
Oh boy do i have some stories about people relocating their own IT equipment.
One of my favourites is a monitor that had a dissected DP connector stuck in the display. Presumably someone had tried to remove it without releasing the retention tabs, and pulled it hard enough to rip apart the connector.
So if i'm reading this correctly, the GM ICB has been working on it's own analytics platform for 6 years, it's developed in-house, locally hosted, functional, and fits their needs? And they have been in contact with the team coordinating the bid process? and the NHS still went ahead and awarded a contract worth hundreds of millions to a foreign business for the same or adjacent software? and this software is handling some extremely sensitive data?
I'm not surprised, just disappointed.
It's the distance from the "resting" position to the actuation point. The "tactile point" (where you can veel the click or bump) us usually right before that.
You can see this on the datasheets of cherry mx keys, here's the green switch datasheet for example pdf link
Well, i found this website. (Which is rather meticulous, like seriously high quality content).
The model M uses the membrane type switches. This makes it very similar to Cherry MX green in terms of force and travel.
I've never used the Model M keyboards, but for the "feel" of it, i recon the force curve matters a lot too, i don't have time to compare those two right now.
For the keyswitches themselves there are many measures that give a very good indication of what the switch is like. The primary ones being actuation force/resistance, pre-travel distance, total travel, and actuation type. This tells you how far you need to press the key before it registers, how much force you need to use to move the key, how long the total travel is, and if you have tactile, auditory, or no actuation feedback.
The other measures are all subjective, and that needs to be described in such a way. There is no other way to really describe how "snappy" the actuation is, or how it feels to bottom out.
"...locate users within 100 meters"
"He said theoretically, in some cases, this could be accurate to within 100 square meters."
These two thing are *very* different. Within 100m is accurate to a specific street or block of houses, but 100 square meters is a 10mx10m square! that's enough to pinpoint a specific building, and in some cases even a specific room.
Keep it simple stupid!
We have DNS, we have TLS, we have PKI. Why rebuild the entirety of this infrastructure, when you have the basic building blocks already?
I've admittedly only skimmed the article, but i could not find any reason why the ANS infrastructure would be necessary.
Why not rely on DNS, short-lived certificates, and a self-hosted endpoint that includes the json files the article describes?
This way you have direct control over your own data, and you can define caching behavior as well.
You are also responsible for the security of your own verification and authentication system this way.
If they want to decentralise it, why not go blockchain-based? They've got the GPU horsepower already, i reckon most AI devs are familiar with it, and afaik it already works based on json data.
This is assuming it's a good idea to flood the internet with AI agents and let them run rampant, but that's a discussion for another day.
I've been picking locks as a hobby for about a year now, and i can assure you those Youtube videos make it look deceptively easy. You don't point at an X-Games video and shout "look how easy it is to do a 2160 triple cork on skis!"
Bolt cutters or a crowbar are going to get the job done consistently, and require significantly less skill to use. Battery-powered tools are also a real menace.
People get too caught up in the specifics of papers like these, and they also don't read it properly.
Every proper research paper includes a justification for existing, in this case they didn't pretend their findings revolutionized the field of egg-based physics, but they rather explained the importance of communication, specific wording, and not relying on word-of-mouth or common sense rather than quantifiable data!
It's also important to lay the foundation for future research. With this "silly" paper in hand, you can apply for grants to repeat this research with different materials at a larger scale, or to propose new naming conventions to take away the confusion that exists now.
"If all that isn't signed off at the start of a system's life, it doesn't happen."
That still doesn't solve the issue with *existing* technical debt. I fully agree with you, but i think software lifecycles are extremely complex, especially when you're working with massive technical debts. So you create an inventory of software, assign priority and risk levels, make plans for their lifecycles... and then what?
You need to get budget to even execute the plans, this can take a lot of time. You're also not going to get this budget all at once, it needs to be gradual. But what do you do in the meantime? While you're building a new system, the old system may need maintenance or hardening, how do you approach this? How do you approach dependencies and interfaces, especially when the programs it interfaces with are due a replacement as well?
That is assuming you can get company-wide support for such an undertaking.
Again, i fully agree with the sentiment, but frameworks for software lifecylcle management didn't exist (or at least weren't widely used) when the most problematic of today's software was deployed. The massive complexity and cost of relieving this technical debt is a serious undertaking, and i feel like this article doesn't sufficiently address the complexities of it.
I also think there is is an easier way to address the most problematic part of this: improve your security posture. Review and test your DR protocols, assess your risks, and reduce your attack surface. Focusing on this first will allow you to partly mitigate the most direct threats, and reduce the impact associated with them. This will also serve you well into the future, it's an investment that is guaranteed to pay off.
Do the DR assessment and attack surface reduction on all software changes, use the risk assessment to prioritize your software lifecycle decisions. This is a continuous process, but you need to start in the right place.
And you think a reasonable reaction is to firebomb and attack completely unrelated mosques and muslim-owned stores?
Protests, perhaps even riots are one thing, but targeted attacks against a specific ethnic/religious group is something else completely. And no matter how you feel about it, the fact remains that the government shouldn't focus on legislation regarding misinformation spread, but instead focus on the core issues at hand: immigration policy and racism.
Whether or not this misinformation could've been removed or not based on this act is a moot point.
This info spreads too fast to intervene in time, and the amount of communication channels is too large to coördinate takedowns, even if robust systems for this are in place. (i.e. complete control and censorship over private communications, and automated systems to accurately take down related messages).
The root of the problem is not misinformation, it's deep-rooted racism in a large enough portion of the community to cause nation-wide riots. They already have racist views and violent tendencies, they just needed an excuse.
What if the misinformation was true? It's a realistic scenario. Riots still would've happened, and it would still be nothing more than racist retaliatory behavior.
Any negative information about foreigners is going to reinforce their racist beliefs, you don't need to rely on "fake news" for that.
Stop trying to justify the existence of your censorship acts, and solve some real issues.
Talk about how widespread and how intense the racism in the country is, and what you're going to do about it.
Talk about your current asylum policy, and assess if there's any actual issues you can solve.
Some clever misdirection here, they try to convince us the act is a good thing and solves real problems, and they avoid addressing difficult and controversial issues at the same time.
Right, disrupting Disney restaurants is one thing (you could argue he indirectly saved some lives there), but changing allergen information has serious consequences, people could have died here.
What if he was less stupid and more evil, and would've only changed the allergen information? How long would it take to notice, and how long would dangerous menus remain in circulation?
I do agree with you, but it's kind of a different discussion. Home assistant is great, but it relies on a large amount of custom integrations. They rely on python packages for each specific vendor/device, and all of this has to be maintained. Home assistant goes through changes, Python versions change, so it's simply not a case of if it works it works. The fact that everything is open source eliminates many issues, but it's only a step in the right direction and eventually devices will become unusable, or people are stuck using older versions of python/HA which in turn might lock them out of using newer devices (or require a *lot* of tinkering to make it work).
HA is great, but it takes a huge community effort to make it work. It would be ideal if there was a only a handful of standards to maintain, rather than having literally thousands of integrations that need to be maintained.
I personally don't think tinkering with 230V is a big deal. If you're not comfortable with that, you're also not comfortable replacing light fixtures or light switches.
I reckon you're always going to hire someone to do the work for you if that's the case.
And on the second part: over here it's quite common for installers to put down a cloud-enabled device (thermostats, security devices, doorbells, blinds, solar panels, etc.)
Usually they'll either just make the physical part work and leave the cloud setup up to you, or do the basic setup of making an account and coupling the devices.
Many manufacturers have facilities for installers to do this as well, allowing them to setup accounts for customers and adding new devices to existing accounts without needing credentials for example.
Matter is also good, Apache-licensed and backed by Amazon, Google, Etc.
It's a bit more high-level and smart home oriented, the Google developer docs are a good read, especially the "Matter primer" part.
I'd say MQTT is more of a communication protocol, and the "smart" part is server logic.
Matter has more smart-home specific things built into the protocol itself, which takes away a lot of complexity from the controller logic.
And Matter also has built-in support for bridges, which allows you to create a broker device between Matter and any other protocol.
It's neat and i hope it really takes off, especially big manufacturers supporting an open source protocol is a good start.
I once got the suggestion from higher-ups to allow some large customers limited access to our internal ticketing system to check on project progress.
I did a quick query and showed them some of the things our engineers say in there.
Sticking with weekly reports seemed like the better option to them!
Certificate-based access is definitely the way to go, and i reckon anyone who uses Ivanti has the infrastructure to set up their own CA. (if you're pedantic, technically everyone has the infra to set up a CA)
Handing them out to people via e-mail is not ideal, also because you don't have control over the device (or anti-virus for that matter).
But sometimes you just need to make things work, and you massively reduced your attack service and made logs a lot easier to investigate.
On the one hand, I detest licenses and especially subscription services for common features that should be included by default.
But on the other hand, I think some sysadmins would gladly empty their own pockets for this!
I do wonder where the service part of subscription service comes in here. Why is this not included in the regular windows update service that comes with your subscription?
I guess because it uses Arc in the background, but does it really need to use Arc?
Most new laptops have 1. an indicator light that the camera is turned on (depending on implementation this could theoretically be bypassed with infected firmware) and 2. a physical webcam cover.
Good enough if you ask me, and not nearly as obnoxious...
Imagine society after few years of this. - no one would have a webcam anymore.
It's absolutely infuriating. TSMC would clearly benefit a lot from keeping Sophgo as a customer ($500 million a year, according to the article).
They instead "do the right thing" by reporting a discrepancy found. This both indicates a willingness to comply with legislation, and that they're doing their due diligence.
So this is how they're rewarded?
You can bet they're 1. going to stop doing any more than the bare minimum of due diligence and 2. going to seriously reconsider reporting inconsistencies if they ever find them again.
I know that you're generally not immune from legal repercussions just because you weren't aware you were commiting a crime, but like you said, this is almost a whistleblower situation and the punishment should at least be significantly reduced.
This is a pretty classic villain origin story if you ask me.
"Make the Start Menu your own," - I've tried, but i ended up using good ol' taskbar icons and search (recently i've been using powertoys launch instead, way better than search with it's horrific indexing!)
"Tip two is using Snap layouts for multitasking or, more likely, wondering why that window has decided to align itself there without prompting. Perhaps an alternative, such as FancyZones in PowerToys, might be a better bet?" - nothing to add here. i drag to the side for side-by-side windows all the time and if i do this slightly too far away from the center it goes to a quad-window setup...
a desktop for every project - solid advice honestly. I don't use it enough to really know how well it works in win11, alt-tab-fu is stuck in my muscle memory.
staying up to date with widgets - "staying up to date with widget removal methods" - FTFY
Focus sessions - you mean, silence all notifications so i miss everything? how about giving us proper and easy to use control over what notifications we receive instead? Simply having apps request permissions instead of allowing notifications by default would be a godsent...
logging in with Windows Hello - yes, because you've made it a PITA to not use windows hello (although i do like it)
Dark Mode That's just personal preference... i use it but i don't see how it's "making the most of windows 11". It's basically on-par with "change your background and color theme!".
"Especially considering this support costs thousands of dollars."
Wait, what? That sounds exactly like my experience, difference being i pay fuck all for support. That's egregious.
Let me guess, this call always takes place within the SLA timeframe, but the can they kicked down the road takes a while to be picked up?
Man, auditing those apps sounds like an easy job.
"does it run in the production environment?"
"currently not, it first needs to pass this aud..."
"sorry that's unacceptable, audit failed"
I have no problems with the concept here, but i feel like validating in a twin test/acceptance environment should allow you to pass the audit, especially for new apps.
Sleep deprivation does funny things to your brain. The other day i had a narrow escape, i ran a command i was going to pipe to a force delete, but because i wasn't 100% familiar with it i wanted to check the output first.
...30 seconds later...
hmm, this is taking longer than expected, what's up?
Turns out i typed /* rather than ./* i guess that's quite a few files to go through...
I don't agree that it shouldn't be used at all. The current situation should be fine (theoretically): we make legislation defining what software is and isn't allowed to do, and if they want to sell software to consumers they need to abide by those rules. Every vendor has to play by the same rules. That's how the free market works, and we need to protect free trade at any cost. If we simply ban specific software or software from specific countries, we'll keep playing banhammer whack-a-mole. (TikTok ban anyone? How long did it take for a different Chinese social media app revolving around short videos to pop up?). Of course enforcement isn't always easy, but not impossible either. (and a blanket ban won't be any easier to enforce either)
Businesses need to consider the risks for themselves, where the most important risks come down to not having control, and those are present for EU vendors too. This leaves using FOSS and "private cloud"-type situations. I reckon only large enterprises are going to consider this.
I do believe governments themselves should stop using third-party vendors in general. A lot of countries are taking steps, i believe some German councils are testing with FOSS stacks, and the Dutch government is currently building their own datacenters so they can move their cloud workloads off of Azure.
AI is already being used in many medical fields, one example is assessment of medical imaging. AI tends to be good at pattern recognition and is therefore a perfect fit for that.
You'd also be surprised how much of being a doctor comes down to "simply" working out a flowchart (which is what ended up making me quit the medical field), and AI is a perfect fit for that too. You need a human element to take the lead (and someone to take responsibility), but AI assistance could definitely be an improvement to medical care. And i'm hugely sceptical of AI in general.
Another benefit is that by allowing doctors to be more efficient in their routine tasks, they actually end up having more time for personalised care, or they just won't be as overworked as they are right now.
Pitfall: good doctors will pick up signs during these routine tasks that could be important, and AI might not.
"However Broadcom CEO Hock Tan has told investors revenue and profit are both growing faster than expected."
...
Does he mean that customers are not migrating off the platform as quickly as expected?
Of course revenue is going up if you raise the prices and your customers take a while to move to a competitor!
I'm genuinely wondering if this could be considered lying to your shareholders. You can't blame this on incompetence, he has to be purposefully ignoring the signs of unhappy customers.
Let's see how this works out, less than $300 per VM migraition (if true) would pay for itself rather quickly. The only potential issue could be that migrating from VMWare to others will be easy and continue to become easier, while migrating out of a different platform could be a bit of an unknown factor.
In the Netherlands, you are always allowed to store copyrighted works for personal use.
There is even a mandatory fee applied whenever you purchase a digital storage device, with proceeds being distributed to artists with registered copyrightable works. this mainly applies to film and music.
I'm also not sure how this works in different countries.
Almost every piece of media posted online these days is protected by some form of DRM. While the use of DRM is a massive discussion best saved for another day, one apparent downside here is that by preventing copies from being made, you prevent copies from being made!
As an artist, what is your priority? Making money now, or creating a legacy? The hard reality of life is, that more often than not you are forced to choose the former option. If you even get to make that choice yourself, because many artists, especially musicians, are bound to a publisher who will obviously make that decision for you.
I'd love to see a world where everyone can follow their passion, make every decision the way they want to, and live happily ever after, but the realist (or pessimist) in me has accepted that we simply can't have that.
And a little question to think about for yourself and maybe have an existential crisis about: Do you even want to be remembered? Why do you want that? Why should people remember you? There's a vast amount of people who turned into dust without a single trace of their existence surviving, what makes you special?
If thinking about those questions pissed you off, use it as a catalyst to make that change. Or, just like many of us, live your life to your happiest, and take every day as it comes. You don't need to be special, you just need to be yourself.
Convenience. Zero technical knowledge required, and you can access all of your files from any device.
For most reg readers setting up a NAS and remote access is trivial, but for a lot of people that might as well be black magic.
The only issue i have with recommending cloud storage is that they keep calling it a "backup" and constantly remind you that your files are "safe", but your options are extremely limited if you want to actually recover deleted or changed files. (to be fair, most NAS setups i've seen don't have proper backups either, most are running RAID1 at best, which isn't a backup to begin with).
You're correct that they could change the service at any time, but counter-point: it's trivial to move to a different storage provider. ctrl+c, ctrl+v, wait for a couple hours/days.
5 years, as per their lifecycle policy this page is for office 2024, and you just won't receive any updates after that time. They'll continue to work, and activation servers usually keep working too.
Or maybe an "are you sure you want to nuke your user records?" popup? (or y/N prompt in CLI).
They get abused for trivial actions too often, but i feel like the possible consequences here are severe enough for that...
Along with the fact that configuration changes generally shouldn't be deleting user data in the first place. Is it really necessary to delete all user records instead of creating a users_ldap table, or creating a "authentication source" column? oh my, did i just accidentally create a feature to use multiple auth sources simultaneously too??
I actually ended up putting all of my language settings to english for this exact reason. Another one is that youtube decided it's a good idea to translate video titles to your native language. First of all, the translations are terrible, second, it's actually pretty important to know what language a video is going to be in before i click on it. There are so many implicit assumptions i make based on content language, cultural differences can have a huge impact on how things are perceived based on the language it is written in.
And what if i don't speak english, i click on a title in my native language, and get presented with an english or poorly auto-translated video? that would be infuriating. And it hurts creators too, as the perceived quality of their video is butchered, and their viewer retention is going to tank hard in regions where this is a common occurance.
The only downside is that i struggled quite a bit with getting youtube to stop enabling auto-generated subtitles when i do watch a video in my native language.
(as a side note, i think the auto-generated and auto-translated subtitles are a neat feature, they don't work very well in a lot of cases, but at least they're transparant about the fact that it's auto-generated)
Correct, i should've specified they do actually adhere to it themselves, and confirm compliance using both internal and third-party audits.
If i recall correctly, their internal policy is any new tool (both internal and customer/partner)-facing needs at least 70 or 80% compliance, and needs to reach 90+% compliance within a year. Any non-compliance needs to be mitigated as much as possible and frequently revisited. These are internal policies, i was told these by one of their senior engineers, and i could be mistaken on the exact percentages.
I was about to recommend the excellent reg online standards converter, but you can't enter gallons! Vultures, pls fix
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
