Posts by Michael Wojcik

Re: Proof once again

Everyone actually has something to hide.

Some people simply don't know it. Yet.

Re: Nah.

Voice-control systems are easy to build using off-the-shelf components. A few electronic pieces, CMU Sphinx, TensorFlow - you could have a pure-local voice-controlled "AI assistant" up and running in a couple of days, or maybe a week if you're technical but new to the domain.

Personally, I don't see the appeal. I find voice-controlled devices immediately and deeply obnoxious.

Re: It's not RICO

Oooh. Charles Stross takes one on the chin in that one.

Well, he's not a lawyer either, and he does write a good novel. (Plus, if memory serves, back in the day he was entertainingly grumpy on rec.arts.books.sf.)

I am also not in any way a lawyer, but a quick check of 18 USC 1962 leaves me wondering which RICO provision of unlawful conduct Turpin's lawyers think Truglia et alia engaged in. Maybe they can call the SIM fraud a case of interstate commerce (I have no idea what case law might say about that), and maybe SIM fraud could be construed as "racketeering activity" under 18 USC 1028 (relating to "identification documents") or 1029 ("access devices"), or one of the zillion other sections that can be used to claim racketeering.

But AIUI, that's just the start of what a plaintiff has to demonstrate to get a judge to even let a RICO civil case proceed.

Re: Truth

I think you'll find that any distributed ledger would be vulnerable to attack in such a circumstance.

This is precisely the problem, and why BGP attacks attempting to partition the Bitcoin mining network happen around a hundred times a month.

"Such a circumstance" turns out to be quite common.

Re: You don't understand how it works

Instead, after they leave they get big money as "consultants" that don't actually do anything, or for serving on boards that hardly ever meet.

Indeed. Pai was a Verizon employee before he was in the FCC. He's still a Verizon employee; it's just his compensation is deferred until he leaves the FCC.

Re: "Yet again you've let them get away with an anodyne statement"

They need to get taken to task.

I have to side with Chris and the Reg on this. They were pretty clearly taken to task in the article, and explicitly mocking the Amadeus response is unnecessary. Anyone capable of critical thought will see through it; anyone not capable won't profit from being told directly.

Eh, I can see how this happens. Someone higher up in management who doesn't have a clue is aimlessly searching for mentions of the company online. They run across the Boing Boing post and fire an email at Legal. Legal looks at it, rolls their eyes, tells a paralegal to send a DMCA takedown notice without even checking who wrote the post.

Since DMCA notices are effectively free to the issuer, plenty of firms send them out on the flimsiest of pretexts (often the entire process is automated) as an initial salvo.

It'd be interesting to change the economics - say, to amend the DMCA so that each takedown notice must be filed with the Library of Congress at a fee that starts at $10 and is adjusted annually for inflation. Oh, the howls from Hollywood! It'll never happen, of course. (And I admit it has an unfair asymmetry anyway, because it's generally much cheaper for attackers to copy protected content to many sites.)

Redundancy, in case one packet gets dropped.

Re: VA and TX in the US

Citation? I can't find any references to any such laws.

Re: Boom!

A diamond as big as the Marsport Hilton?

(Goddamnit, I just dragged that idiot Hilton back into the discussion, didn't I?)

Re: Too late - What happens on your iPhone stays on your iPhone.

Apple sell appliances. That has always been the strategy.

I don't think that's fair. The Apple //e wasn't an "appliance". It's only their post-1983 products that are aimed at people who just want a magic box of "stuff happens".

Kids these days.

Re: Eh, it’s Mondelez.

Shrug. I like cheap milk chocolate (though I avoid Nestle, as they are Satan's own foodmonger), and I don't really care whether anyone else knows, or does. I don't care if someone else eats Wonder Bread; why should they care what sort of chocolate I eat?

Re: Just

The whole reason I use laptops is because I'm often not at my desk. It would be tricky to use this arrangement when I'm 1300 miles away from my desk at my other house, for example.

Re: But why is it so complicated?

But this should be simple, and not require arcane knowledge, surely?

No. It is not, and does.

And that's just one collection of problems with the X.509 PKIX. There are others, and since that one was written, we've introduced a whole bunch of additional things to worry about, like algorithm deprecation, OCSP Stapling, and Certificate Transparency.

Some people routinely have to do things with administrator permission. One of the products I work on, for example, must load a number of its assemblies from the Global Assembly Cache. Updating the GAC requires elevated privilege (thank goodness); so whenever I build that product, I have to do so as an admin.

Using domain admin for local development tasks would be idiotic, thus it's a local-admin account.

Windows is still (!) terrible at switching accounts¹ for command-line and GUI applications. So-called "Fast User Switching" is not nearly fast enough and far too cumbersome to be useful in this context. The closest thing Windows provides to hybrid limited-privilege and elevated-privilege operation within a session is strong UAC (i.e. require explicit elevation with credential prompt on the secure desktop). UAC isn't a security boundary but with the strong SecPol setting the split token does close most of the straightforward vulnerabilities.

I haven't checked whether LocalAccountTokenFilterPolicy applies to UAC-downgraded tokens as well. It'll be interesting to find out. The point, though, is that Windows continues to encourage abuse of the Local Administrators group, not so much because of failings in the base OS, but because Microsoft refuses to try to get the user interaction model and user experience correct for people who actually need routine privilege elevation. Hell, Richie did a better job in this area just by inventing setuid and su, and that was in, what, 1971?

¹Thread security tokens, to be more precise.

Re: No interference?

It started as a joke, but became lore when many people didn't get that it was a joke. Hackaday recently did a piece on various symbols and marks that appear on electronics, and there was some discussion (in the comments, if memory serves) of "China Export".

Re: Why Uber?

Uber drivers are still licensed [taxi] drivers. They still have to pass the same tests.

Not in the US, they're not. While there are no Federal requirements for taxi drivers in the US, many local jurisdictions require they have commercial license, and many use a medallion or similar licensing system as well.

Taxi owners usually carry, and in some jurisdictions may be required to carry, taxi insurance. Uber provides supplemental insurance to their (non-commercial) gig drivers, but I haven't seen any reliable claims that it's equivalent to taxi insurance. In any case, the two situations aren't identical.

You don't say what jurisdiction you're in, or provide any other support for your claim, so my guess is you're full of shit.

Re: Just

"Things were bad previously, so they can't possibly be worse now."

Re: I think I can spare 7Gb out of the 8Tb I'm using for storage at the moment.

Damn an 8tb primary drive must be slow compared to an SSD!

My new (employer-supplied) Dell laptop with an SSD and Win10 is much slower than my old (employer-supplied) Dell laptop with a conventional drive and Win7. "Much slower" as in building one project takes around 170% as long, on average, on the new one, compared to the old one. That's with multiple runs on both machines, and otherwise idle.

What SSD giveth, Win10 taketh away. And then some.

Re: I am curious to see how this works out.

["cries". Argh.]

Irrelevant to the existing case, which is about government officials using a particular feature of a social-media platform for what can be seen as official statements, and whether such officials can block readers or respondents.

In the Facebook case, Randall had a Facebook page she treated as an official government forum. The court ruled she cannot block someone from that page, because it serves as such a forum.

In the Twitter case, the courts have ruled that Trump is using his Twitter account as an official channel of public communication, and so he is not allowed to block people from it. Same reasoning: when acting as a public official, your right to restrict access to your public communications is limited.

Your example says nothing about where the communication is taking place, and in particular whether it might reasonably be considered an official channel. More importantly, in this context, you're not asking about whether the official making the statement is trying to block access to the channel. And that's what these cases are about.

Finally, in the US, an official acting as such has very limited scope to suppress any expression, regardless of who might consider it "hate speech". SCOTUS has (unfortunately) given the FCC considerable leeway in constraining expression in certain media in certain circumstances,¹ but that doesn't apply to social media.

In short: No.

On the other hand, nothing prevents Facebook or other soc-med companies from blocking or removing anything they (don't) want. Freedom of the press is for those who own the presses. They're not obliged to reproduce anyone's expression.

¹Based on a medieval dread of communications which can "penetrate walls". Seriously, that decision was just short of calling radio witchcraft. A pathetic display of the fear of change.

Re: The roots

As GUI based desktops became the norm, apps were strongly encouraged if not actualy forced to follow the desktop style guides, thus making it reletively easy for most users to get the hang of many new apps, at least at the most basic level.

I don't think that helped much, if at all. In my experience, UI standardization mostly provided users with a false sense of confidence and made it more difficult to recognize changes in context, so they'd erroneously try to apply knowledge about one application to another.

UI standards also constrain innovation. Often that's a good thing - GUI products that depart from the platform's UI standards often have abysmal user interaction models and user experiences. (Antivirus products are usually a good example of this, for some reason; apparently developers of security pablum all think they're great UI designers as well.) But it also means we're still using OSes with foolish "desktop" metaphors like Recycle Bin.

Re: IT angle?

Needs more upvotes. There must be a fair number of Reg old-timers who remember UUoC awards.

Re: Something's fishy

Kind of a tame article. I suggest a Google Images search for "parasitic isopod". Then read Wong's This Book is Full of Spiders.

Re: Revenge of the 80's

Are you sure that wasn't a 556, for Dual Tone?

Nah, it was a 555. We were just messing about generating single tones. I think my friend hoped to eventually build a working blue box, but probably lost interest before he got that far.

And that your muse didn't have a surname starting with 'W'?

If you're referring to my reference to Steve Ciarcia - no, it was definitely Steve Ciarcia, of Byte magazine's "Circuit Cellar" column. (And later his own Circuit Cellar magazine.)

Re: People stil falling for the fake email.

Yes, people still fall for cons that other people find obvious.

Blaming users for security errors has gotten us nowhere. There are many users, they vary widely, and we're not going to be able to train them all to resist all attacks. In fact, we're not going to be able to train any of them to resist all attacks. IT security experts get spearphished. Constant, perfect vigilance is impossible.

We have to build safer systems. We can't build safer users.