Stamos joined Facebook to try to make things better there. He quit when they wouldn't follow his recommendations.
I'm not seeing the problem.
7774 posts • joined 21 Dec 2007
If it was due to some inherent difference between the recommended oil and the 3rd party oil used, then maybe you could sue the 3rd party oil manufacturer (if they made false claims regarding their product), or maybe there would be no cause for action.
And we have standards for engine oil. Oil manufacturers claim what standards their product meets, and auto manufacturers say which ones your oil should meet.
It's a completely irrelevant analogy for the printer-and-ink business.
HP LaserJet printers in the early 1990s were very nice.
I would never pay money for an HP Inc printer these days, of course. I've had to use a number that I didn't purchase (my wife's printer, one I had at my part-time teaching gig, etc), and they were without exception horrible, even without taking the vastly overpriced ink into account.
About ten years ago I debugged a hanging HP printer software installer on my daughter's Mac. It was easy - the thing was a Bourne shell script written by someone wildly incompetent. As part of the installation it had an array of files and for each one it was doing a "find / -name ..." command, searching the entire filesystem tree. That seems to be typical of the printer division's software quality.
a bus commute home is a very big exception
And would make for a great big pile of false positives if OP were incorrectly diagnosed as infectious.
That's one glaring problem with contact-tracing applications. The precision of existing SARS-Cov-2 tests is poor, and given the large groups we'll need to test to make contact tracing useful and the low overall infection rate, the false-positive paradox is going to bite hard. When that's multiplied by probabilistic - and not very accurate1 - contact tracing, the number of people who will be informed that they might have been exposed is going to go through the roof.
That was part of Ross Anderson's argument; the other part is that many people will respond to a flood of false-positive warnings by calling emergency services and/or going to medical facilities for testing or treatment, which will increase strain on those systems. And many other people will see the flood of false positives and ignore the contact warnings, rendering the apps irrelevant. And others will abuse the system (to force closures at schools and other facilities, to harass, for "art", for the lulz).
Personally, I doubt contact tracing will make a significant difference in controlling COVID-19.
And those with access to the data will certainly abuse contact tracing in any way they can. If history tells us anything, it tells us that.
1Because BLE is not a very good proxy for exposure to a significant number of virons. It's barely adequate as an estimation of overall distance, and completely uncorrelated to many types of barriers (walls, PPE), surface contact, air movement, etc.
This certainly looks like standard minor-celebrity-Dunning-Kruger to me. "Oh, I'm in IT in some fashion, therefore my opinion on everything even vaguely related to it is important."
(Of course my opinion on everything even vaguely related to IT is important, but that stands to reason.)
Exactly. I'm no fan of incarceration, a system which in the US, and I would guess in the UK as well, is wildly abused, excessive, and unjust. But what makes Assange, an overrated relentless self-promoter who clearly puts self-interest first, and is patently guilty of the crime he's actually being punished for, deserving of this special treatment?
Machine generation of non-fiction prose is not only well-established but commercially viable, as I've noted before. This is almost certainly not the first case of a student handing in machine-generated work, and it won't be the last.
Personally, I'm not particularly impressed by GPT-2, which doesn't seem to improve on the state of the art and is known mostly for a marketing stunt.
In other words, it's a covert channel - a means for an attacker to exfiltrate information - not a side channel. Side channels inadvertently leak sensitive data; covert channels are deliberately employed to expose it.
I don't think it's impractical for some specialized applications. The researchers say the signal penetrated a wall well and the carrier was detectable at ~15m, though they couldn't recover a usable signal at that distance. But someone who can plant a receiver in a closet next to an office, for example, might make use of this.
The same is true for plenty of other EMF channels, of course. The researcher's blog post makes the obligatory reference to TEMPEST right in the title - though TEMPEST focused on side channels, not covert channels.
it's worth finding out what it is in bleach that makes it effective (high content of acid?
We know "what it is in bleach that makes it effective". Anyone with a basic understanding of chemistry knows.
Household chlorine bleach has a pH around 12. It has no acid whatsoever.
Perhaps in the future before posting you might want to spend a few seconds doing a little research.
Teams seems to be inconsistent. I used to use it for some purposes (not all functions were supported) in Pale Moon and Comodo Dragon, but at some point in, I think, March, I started getting pop-ups telling me that the browser wasn't supported.
Teams is pretty much rubbish from any angle, with its horrible UI that doesn't use the built-in browser controls (so, for example, you can't use the Chrome Rescroller extension to fix the dreadful too-thin, disappearing scrollbars in most of the panes), its lack of end-user configurability, its utter inability to scroll back through conversations to older posts without going haywire...
Videoconferencing from the "native" Teams app does seem to work decently for me, though.
I suspect a certain amount of Dunning-Kruger in the Zoom offices. I don't know him myself, but a friend of mine knows Eric Yuan, CEO of Zoom; and my friend says Yuan is smart and generally well-informed on technological matters, and alert to potential issues.
So I suspect - based only on this testimonial, mind - that the Zoom development team were told to make security a priority, but lacked the necessary expertise, and weren't aware they lacked the expertise. That would explain one of their most famous blunders, the use of ECB. ECB says "we knew we needed encryption, so we threw in a library and picked some settings without understanding the consequences". Similarly their incorrect1 use of the term "end-to-end encryption" seems more likely due to a failure to employ security experts than a disregard of security.
That might seem like splitting hairs, and I'm not advocating for Zoom. (I don't use it myself.) But I do think there's a difference in attitude and culpability between Zoom and, say, Voatz. The latter can I think be justifiably accused of both a cavalier attitude toward security and a hostile one toward being called out on it. Zoom, on the other hand, seem to be making good-faith efforts to fix things.
1In the casual, common sense of "not as understood as a term of art in the industry". In the strict sense there's no governing authority specifying a precise meaning of the term, so they weren't incorrect in any prescriptive sense.
This is why mature organizations have Product Security Incident Response Teams (PSIRTs), which exist precisely to accept reports from researchers through de facto standard channels such as a security@ email address (for which they've published an OpenPGP public key), a "report a vulnerability" web page, and clearinghouses like CERT/CC and ZDI; and then to negotiate with researchers to ensure they're heard and their information is acted upon.
A process failure like this one indicates a serious failure at the CISO level. A clearinghouse like CERT/CC should have no trouble contacting a company's PSIRT, assuming there is a PSIRT; and if there isn't a PSIRT, that's the failure right there.
This has all been standard stuff since not long after responsible disclosure was popularized by RainForestPuppy and other researchers.
It's a proxy, so you don't have to install software on every end-user machine. You just have to push out a browser proxy configuration, or have people enter it manually. And it works the same on all end-user platforms (modulo browser issues), so you don't need versions for different platforms.
That said - eh, it's a proxy. HTTP proxies were pretty exciting in, what, 1996? Surely there are other firms with commercially-supported security-enhanced proxies, not to mention open-source alternatives.
Fahrenheit is at least based on a sensible design - reference points (32 and 96) separated by a power of two so that thermometers could be graduated by equal subdivision and then the scale reflected to extend it. Celsius is just the usual powers-of-10 digital rubbish.
And what's wrong with Rankine, eh?1
But as usual Randall got here first.
I think the Reg needs to add a temperature unit to its standard units. Maybe "heat in proportion to a nice cup of tea". My back-of-the-envelope calculations suggests CO freezes at around 0.22 cuppa.2
1OK, in all seriousness, I recognize the utility of Kelvin in SI.
2I arbitrarily decided that a nice cup of tea is about 26 °Rø.
Well, OS/400 was POSIX-branded, eventually. I think with V4R3 in 1998. And it eventually included most of the non-POSIX parts of the Single UNIX Specification, too. And it has PASE, which is basically AIX-under-i.
But, yeah, OS/400 is about the least-UNIXy UNIX-compatible OS ever.
Personally, even though I'm a longtime UNIX1 developer, I have a certain fondness for OS/400. It's so bizarre and awkward for anyone not coming from an S/38 background, particularly in its early days and on underpowered machines like the B-series. Using it was ergodic, like playing a programming RPG. And there's something very satisfying about filling in a bunch of options on one of the big scrolling menus in PDM, whacking the rock-solid Enter key on your hulking 5250, and going off for lunch because you know it'll be an hour before it's finished compiling.
Developing in UNIX is like flying. Developing in OS/400 was like hiking up a mountain. Either way you achieve some altitude, but it's a very different experience.
1And Windows, and OS/2, and a bit of IBM z, and some VAX, and ...
Ross Anderson has a good piece on the problems with smartphone tracking.
Techies like smartphone contact tracking because it lets them believe there's a technological solution to the pandemic. Governments like it because they're addicted to surveillance. Journalists like the idea of it because it's controversial and draws an audience.
None of those are good arguments for deploying it.
as "GOTO A VIA B" which would execute one statement at B before jumping to A.
Considering COBOL does have PERFORM THROUGH (or THRU), which will happily accept a second paragraph-name that appears before the first paragraph-name, this wouldn't be that much of a stretch.
(PERFORM A THROUGH B says "start at paragraph A, and if you ever reach the end of paragraph B, come back here". Usually COBOL programmers will perform a contiguous range of paragraphs in the order they appear in the source, but you're not required to. There can be any arbitrary morass of GOTOs among those paragraphs and any others you have in the program. And some implementations have stacked performs, but others use flat performs, and that quickly becomes quite confusing.)
Standard COBOL (ISO/IEC 1989-1986 et seq) lets you omit IDENTIFICATION DIVISION. Some dialects let you omit the PROGRAM-ID as well. Assuming this is the initial program you don't need STOP RUN. The period on the DISPLAY statement is unnecessary (and in fact undesirable) with the STOP RUN, but I'd keep it and get rid of the latter. In most environments you don't need to use uppercase, which arguably makes things more readable.
display "Hello World".
Three lines. (Note this is free-format; the Reg doesn't support formatting code properly in comments.)
The US Federal government was under multiple states of emergency before 9/11, and had been continuously since the 1970s. 9/11 was a good excuse for escalation, but the Feds had no difficulty excusing their abuse of their own powers prior to that. Even before the 70's they had plenty of rationalizations: wars, Prohibition, the Civil Rights movement (remember COINTELPRO?), and of course the all-time favorite bugbear, Communism.
In the US, the only effective curtailments to abusive policing, historically, have been squelched and overturned convictions (the "fruit of the poisoned tree" doctrine), and civil-rights trials against individual officers. And the latter has been effective only against relatively low-ranked members of local law enforcement, as far as I know, and in much smaller volumes. Basically, we have to rely on the judiciary to block the various policing forces by spoiling their endgame. In this context FISA is a particular abomination, since it pretends to be a part of the judiciary but makes a mockery of that role.
Yeah. I think some television shows are pretty neat, or at least worth watching if I'm in the mood. The sets themselves? As long as I can see the picture and hear the sound (which is often a problem thanks to horrible mixing for stupid Dolby 5.1), good enough.
I don't need HD, much less any higher resolution. I don't need high contrast ratios. I don't need color accuracy; I have poor color vision anyway. I don't need accurate sound reproduction or good separation - I just don't care about sound, beyond making out the dialog, and my wife is deaf in one ear so stereo is lost on her anyway. I don't really care about viewing angle; there are only two of us here. I very much do not want my television set to have any networking capability, beyond HDMI which unfortunately it seems we're stuck with.
the power requirements for your CRT TV is huge
Oh, please. Compared to the overall power consumption of a typical home? Certainly here in the US, CRT television power-consumption delta versus a more-efficient display technology is almost certainly dwarfed by heating and cooling. Even a relatively large CRT draws around 120-160W. Lighting in the same room could well be drawing more.
And Pascal didn't say anything about how many hours per day that set is usually on, which is critical to estimating its power use, of course.
IMHO the government wouldn't have gone after them in the first place
An excellent basis for a legal strategy. "Eh, they'll probably just ignore it."
The politicization of the prosecutorial function in the US is making it increasingly easy for powerful interests to suborn prosecutions - not that it was ever particularly difficult. And the CFAA and related laws have already been abused in a number of cases. The dangers are widely acknowledged in the research community.
This post has been deleted by a moderator
And that of innumerable other style guides. Few of them are worth reading, much less following.
Richard Ohmann’s “Use Definite, Specific, Concrete Language” is a classic corrective to the prose style guide movement.
English, for all its faults, offers unparalleled riches to writers: its huge vocabulary and ability to incorporate foreign words and phrases without faltering; its vast array of synonyms; its grammatical flexibility; its store of idioms; its accommodation of poetic forms and tropes thanks to its wildly varied orthography and pronunciation; its huge range of dialects and variations. Attempts to deny most of those riches to writers are misbegotten schoolmarmism and should be resisted wholeheartedly. Robotic, cookie-cutter, machine-approved prose does no one any favors.
"Hear, hear", not "here here".
I don't want my editor to suggest anything at all to me, ever
Even with the occasional use of the incorrect homophone, your prose is likely better off for it. I've studied automated proofing tools since Grammatik came out in the mid-1980s, and - much like style guides such as Strunk & White - I firmly believe they do more damage than good. And I've taught college writing (so I've also studied composition theory and rhetoric), so I've seen some bad prose.
At best, these tools reduce personal style and dialectical and individual variation to a bleak, dispiriting, joyless mechanical sludge. Usually they also introduce infelicities incorrectly included in their models, such as false elevation.
There is one royal road to good prose style: Read a lot, and write a lot.
I know being fit it seems like your age shouldn't be a factor, but it is.
Is it? Do we have statistically-significant evidence, corrected for other factors, that age beyond X significantly increases risk? Or is that just a supposition?
The last I looked, cases and fatalities were pretty well distributed - certainly enough so that once corrected for other factors it seems plausible that age itself is not a significant risk contributor.
I also note at least some of the preliminary papers I've seen attribute a significant portion of fatalities to cytokine storms, which generally hit younger adults harder, as in the 1918 influenza pandemic.
I'm not claiming age isn't an independent risk factor, or that it's not prudent to assume it is one at this point. I'm simply questioning your claim that it is one, as a matter of fact.
I had three screens attached to my RT PC at IBM in 1990. For the past 15 years I've worked exclusively on laptops, and I've never bothered to hook multiple screens up to them. With my last couple of laptops the company ordered docking stations for me, and I shipped those back to IT to use as spares. They'd just sit in the box at my place.
Clearly many people find them desirable, and one might hope actually useful; but I haven't felt any desire to have a multiheaded system in decades.
The FDA expressly forbids the kind of remark that Trump made
"forbids" how? The FDA are not the speech police. Perhaps within the scope of their regulatory authority they can prohibit or penalize certain types of statements - for example, claims by companies regarding their products. But the FDA couldn't prohibit me from making public statements about medications, regardless of how stupid or dangerous. They can't shut down the antivaxxer idiots.
If he was anyone else he'd be looking at a massive fine and possibly even jail time + potential class action cases.
Complete nonsense. Let's see you cite a single case in which an individual in the US received a "massive fine" or "jail time" solely for making misleading statements regarding medical treatment. As for class action - good luck with that, particularly after Bristol-Meyer Squibb Co. v. Superior Court of California, and considering that there's little incentive for lawyers to go through the expense of organizing a class action when the defendant is an individual, unless that individual has very deep pockets indeed and the case is strong.
its 5G-capable 8K screens
Oh hell no. That's 5Gs and 7Ks more than I have any reason to want.1 It's getting harder and harder to find sets that don't have idiotic security holes built into them.
1I don't even bother with HD. I've found it adds nothing to the story, which is what I'm interested in.
Yes, this is just another variant of the Bus Factor problem.
Of course this can equally be an issue with proprietary software or other forms of industrial knowledge. At my job, we've been working on breaking developer silos for years, giving projects on various components to different developers to spread the expertise around. It can be done but it takes effort.
[Any] of the users *could* have maintained it, but only 2 were.
To be fair, during the Bad Old Days, the OpenSSL project was not taking patches from developers in the US and some other countries, due to legal concerns.
Also, some users - typically participants on the openssl-dev and openssl-users lists - did provide feedback and suggestions, sometimes including example code that looked a lot like a patch if someone wanted to incorporate it.
And it's not true there were only two contributors even then. The heartbeat implementation that led to Heartbleed was an outside contribution from Seggelmann, for example.
What's more important with OpenSSL is that any of its many, many large corporate users could have contributed funding, but very few did. Nor did many individuals.
When software is Open Source and free (as opposed to commercially supported Open Source software), is it really fair to expect the author/maintainer to produce the reams of documentation - that often take longer than the actual coding/testing work itself - necessary that you are implying?
I agree. It's not fair to expect much of anything of open-source software, beyond what's claimed by documents with some legal standing, such as licenses.
However, a wise developer might examine an open-source package to see if the source was developed using decently-written, maintainable code before adopting it. Or make the commitment to understand the code anyway (which was my position with OpenSSL back in the 0.9.8 days - the code was pretty awful, so I spent some time learning it).
There's updates and changes to the most fundamental part of our application stack - the end-users' browser - every few weeks, whether we like it or not
Ah, if only there were published standards for HTML, CSS, and ECMAScript so you didn't have to worry about all those updates.
For that matter, some have speculated that it's possible to build perfectly usable websites and web apps without using the latest idiot-bait built into browsers, Obviously that's lunacy, but it makes you think, no? Well, probably no, if you're a typical web developer.
Biting the hand that feeds IT © 1998–2020