* Posts by Donn Bly

413 posts • joined 10 Jan 2008


Wrap it before you tap it? No, say Linux developers: 'GPL condom' for Nvidia driver is laughed out of the kernel

Donn Bly

Re: NVidia has the money and manpower

Anyone selling to the Linux market is making use of the labors of the kernel devs, the distribution maintainers, and everyone who is going to the effort of maintaining a Linux box. There is a price to be paid for the use of these efforts. Pay it, or stay away.

No, the END-USER is making use of those labors, not the person selling into that market.

To compare this to another common industry -- If I develop a new accessory for an automobile I'm not "making use of the labors" of the engineers and companies that made those automobiles as much as I am making something that compliments them. There is no reason why I should be forced to pay a licensing fee to Ford or Chrysler just so that the end-user can plug something into the cigarette lighter.

You call Verizon. A Google bot answers. You demand a human. The human is told what to say by the bot

Donn Bly

Robotic Overlords?

Is this one of the first documented and verifiable accounts of our robotic overlords in action? If we don't bow them, they just put us through to a human slave that does their bidding, taking their instructions in real-time?

You've accused Apple of patent infringement. You want to probe the iOS source in a closed-room environment. What to do in a pandemic?

Donn Bly

Why not use a screen and wireless keyboard?

1) It is trivial for me to install an HDMI recorder between a PC and a monitor

2) I can monitor wireless communications, including keystrokes, outside of the viewing area

ServiceNow slammed for 'tone deaf' letter telling customers contracts can't be tweaked as COVID-19 batters businesses

Donn Bly

A contract is a contract, not a suggestion

The problem we have here is that a contract is just that, a CONTRACT. A legally binding agreement, jointly entered, voluntarily, for the benefit of both parties. You don't just get to go in and change the terms whenever you like, no matter what the outside situation. You wouldn't like it if a service on which you depended said "Nope, I know we agreed to that price but we can't make enough profit at that price so we aren't going to honor the agreement". It goes both ways.

Most contracts have a "Force Majure" clause, and Covid should be enough to trigger it. If you signed the agreement without one, well, the onus is on you. (And, from the sounds of it, anybody who signed with them apparently deserves what they got. You signed a contract for crap service, you got the crap service for which you signed)

It is right to take up contract modifications on a case-by-case basis, it is not right to unilaterally change the contracts across the board unless every contract is canceled using an existing provision and then a new one signed with different conditions. Hopefully, all of this makes people more cognizant of the contracts that they sign and hold their future vendors to a higher standard.

No Wiggle room: Two weeks after angry bike shop customers report mystery orders on their accounts, firm confirms payment cards delinked

Donn Bly

Password Reuse? How about defense-in-depth?

All indications are that this was a "password re-use attack". It would be very interesting to see if a post-mortem can tie a high percentage of these accounts to one or more of the recent password dumps -- or even an old one such as Linked In.

However, we need to start demanding more defense-in-depth when it comes to e-commerce sites. Banning the storage of credit card details would be the most secure, but would not be consumer-friendly (think monthly subscriptions or sites where orders are placed frequently) so we need to find a middle ground.

I would start by requiring informed consent from the cardholder before allowing card information to retained for future purchases - something like a totally separate opt-in page and not just an opt-in or out-out checkbox on a shopping cart. This should be followed up with requiring multi-factor authentication before using any retained credit card information and/or requiring that any orders placed with a stored credit card are only shipped to the billing address.

The technology is already there, and multi-factor doesn't mean you have to use an authenticator app -- it could be something as simple as sending an email to a pre-registered email address with instructions and a pin # to release the order.

This doesn't even require legislation - all the payment processing companies have to do is put it in their contracts and ENFORCE it, holding the store owners financially responsible for any suspected fraud that occurs without following the contracted requirements. That way at least consumers have protection, and the protections would be consistent across government jurisdictions.

It is unclear why something designed to pump fuel into a car needs an ad-spewing computer strapped to it, but here we are

Donn Bly

The typical high school or college kid won't voluntarily read a chapter book, but will stay glued to any digital screen within viewing range. As such, the screens are more effective than paper and cardboard.

Add in that the signage can be updated remotely so that you don't pay someone to drive around and deliver and set up signage, and that the ad agency can sell more, different ads into the same space, and the cost-return probably isn't too hard to justify.

Does a .com suffix make a trademark? The US Supreme Court will decide as Booking marks its legal spot

Donn Bly

Trademarking an address

I would take issue with the PTO explanation on a trademarking an address in "that a street address really only conveys a physical address and nothing bigger". "1 Park Lane" may be part of an identification of a physical location, but every city could have a "1 Park Lane" and only one of them should be able to get a trademark. Domain names aren't like that.

While I can understand Booking.com wanting a trademark so that they could go after people who are using their name in trade and implying endorsement without their permission - what happens when someone trademarks a domain but then lets the domain expire. Should the next person who registers it be unable to use it because the previous owner trademarked it, even though the mark holder no longer owns it?

I'm doing this to stop humans ripping off brilliant ideas by computers and aliens, says guy unsuccessfully filing patents 'invented' by his AI

Donn Bly

Re: Plus ca change

"it's an interesting topic to discuss over a pint or six"

Sure, you buying?

A paper clip, a spool of phone wire and a recalcitrant RS-232 line: Going MacGyver in the wonderful world of hotel IT

Donn Bly

Re: Proper lash up

Nothing is more permanent than a temporary solution THAT WORKS

Google tests hiding Chrome extension icons by default, developers definitely not amused by the change

Donn Bly

Re: When will they learn?

Where are the greener pastures you ask? Well, Edge has now overtaken Firefox in market share, and runs the same rendering engine as Chrome. Right now that field is looking pretty attractive.

Instagram, YouTube 'iron man' marketer first to be nabbed by Feds cracking down on fake coronavirus web cures

Donn Bly

He should be given the opportunity to demonstrate it

He should be given the opportunity to demonstrate the immunity effects of his "cure". I propose washing him down in the spittle of the critically ill patients, then placed in public observation in a glass box where he and his vital signs are live-streamed to the world. Immagine the deterrent effects, especially if there are empty glass holding cells right next to him visible on the stream.

Surge in home working highlights Microsoft licensing issue: If you are not on subscription, working remotely is a premium feature

Donn Bly

Re: For a minute...

I just thought that someone forgot to switch over to their sock puppet account....

Yelp finally gets its chance to tell US Congress how Google screws its listings service every minute of every day

Donn Bly

Re: Yelp

Yelp is trying to compete with Google, not in level service but in the level of evil. People should watch the documentary "Billion Dollar Bully" for a better understanding.

I have personally documented them engage in deceptive practices in order to get my business to put in a credit card. I have watched positive reviews disappear from friend's businesses when they refused to pay for ads, and I have watched negative reviews disappear when they did.

Louis Rossman has also done a series of youtube videos documenting his experiences. Very enlightening if you are considering doing business with them.

It says a lot if Google is the LESSER of two evils.

Never thought we'd write this headline: Under Siege Steven Seagal is not Above The Law, must fork out $314,000 after boosting crypto-coin biz

Donn Bly

Celebrity Endorsements

While I don't have a problem with the fine (do the crime - do the time) my problem is with the premise that disclosure in a case like this would have made any difference.

Any individual who invests in something like this who DOESN'T assume that a celebrity endorsing it is receiving compensation is already too stupid for the lack of disclosure to have an impact on their decision process. It doesn't matter whether the amount of compensation is $100 or $1 Million.

Steve Jobs, executives shot down top Apple engineers' plea to design their own server CPU – latest twist in legal battle over chip upstart Nuvia

Donn Bly

Re: CPUs? Apple stopped making servers even though there was a demand

There probably isn't a huge benefit to using their own CPUs for their cloud - sure they would be cheaper but now that AMD is competitive Intel is being forced to drop their server CPU pricing so the delta is smaller than it was a couple years ago.

Given current server CPU chip shortages, I wouldn't be so sure about that. Once burned, Apple likes to own their supply chain.

You'll never select all and mark as read again after this tale of peril... Oh, who are we kidding? Of course you will

Donn Bly

Re: and it was said to rip the keys from your trousers.

The keys generally aren't, but the key RINGS often are.

Windows 7 will not go gentle into that good night: Ageing OS refuses to shut down

Donn Bly

Re: This sort of issue is not thought about

The point is that they can't upgrade the distribution because the newer distributions don't support their software. They are just as locked in as anybody else who is using old, unsupported software for business-critical applications, and as such are in the same boat as anybody else using proprietary software. Linux doesn't fix that.

Until they "discover" the budget to fix the problem, the systems will remain in production and they will rely on the archival backups to get them back up and running should the entire house of cards fall down around them. At least in this case the backups and recovery procedures have been tested, most companies in this situation can't even say that.

Donn Bly

Re: This sort of issue is not thought about

They can still run it for as long as they want, just that it becomes more dangerous to do so. Much like the Internet-facing Ubuntu 12 servers running Tomcat that one of my former clients still hasn't found the budget to replace.

Xerox ups bid in hostile takeover of HP Ink to more than $36.5bn

Donn Bly

Re: "best-in-class human capital"

I am sure that there are still some "best of class" staff at HP, especially those who have honed their BOFH skills over the years of those who have documented where the bodies are buried.

Who needs the A-Team or MacGyver when there's a techie with an SCSI cable?

Donn Bly


Secondly, you could attach all manner of devices to it. Indeed almost all peripherals (except printers) were available with SCSI ports that could be plugged into the computer.

Actually, printers were available too, especially lasers. On the low end you had the LaserWriter SC but on the high end there were a number of large lasers printers.

You know the President is able to shut down all US comms, yeah? An FCC commish wants to stop him from doing that

Donn Bly

Re: "the Register can do much better than this"

FYI, it's "He" -- or at least he refers to himself as such and that's good enough for me. Keiren has great credentials and has written and done a lot, but this article was definitely NOT one of his best. He can do better (and often does).

Donn Bly

Re: "the Register can do much better than this"

It isn't a matter of whether or not I agree with the conclusions of the editorial writer, it is the blatant disregard of facts, inventing of your own "alternative" facts, and reporting it as truth with which I disagree - and now you defending of the falsehoods. This is published "Data Centre", not "Boot Notes".

The Register can do better. The fact that you don't seem to think so makes me wonder whether you are fit for the position or have had a bit too much to drink before posting.

Donn Bly

Trump Derangement Syndrome

If the polls swing against Donald Trump, if he feels his presidency is under threat, does anyone seriously imagine that he wouldn’t do anything and everything within his power to retain his position?

The only people who think that a US President is going to shut down the Internet for the entire country just because he doesn't like the polls, and that use a statement made as an answer from a question about a hypothetical situation where the US is at war, are both illiterate and deranged.

The US routinely shuts down communications in when it feels it has the need, and the practice long pre-dates this president. For example, after the world trade center was attacked the government shut down the cell towers in that area.

The Register and Kieren McCarthy are right to report about FCC Commissioner Jessica Rosenworcel's keynote speech and the issues it raises, but much of this article EDITORIAL reads as though it was written by a left-wing propagandist and makes affirmative statements which have no basis in fact.

I get the Kieren doesn't like Trump. I don't like Trump either, but the Register can do much better than this.

Google Chrome to block file downloads – from .exe to .txt – over HTTP by default this year. And we're OK with this

Donn Bly

Legacy Documents

I wonder if the blocking will affect redirects? It would be trivial for me to throw together a proxy that ran under HTTP that would do a 301 redirect to the HTTP target. I could then use that as a shim if I have to link to any legacy files or documents.

In fact, I could do it in less time than it takes The Register to release comments since I seem to have PO'd a couple of people there and my comments are now manually moderated.

BOFH: Darn Windows 7. It's totally why we need a £1k graphics card for a business computer

Donn Bly

Re: Keyboards

I'm not quite sure how many years my once-beige and silver Intellimouse has on it, as both it and the Microsoft media keyboard I'm typing on are definitely older than the 13 years I've lived in this apartment.

My office setup has the identical keyboard (just as old) but a slightly newer mouse with a blue laser instead of a red one. Sure, the paint has rubbed off here and there and you have to be a touch typist in order to use the keyboard, but while I've looked I've never found a better keyboard.

I latched on to a new-old-stock keyboard still in the box a couple of years ago just so that I will have another should one of these somehow die.

What are those Windows 10 PCs running? Several flavours from 2019, by the looks of things

Donn Bly

Old Windows 10

My Surface Pro is running an old, now-unsupported version of Windows 10 because the upgrade says that my VMWare Workstation software (which runs and functions under 10 just fine) is incompatible with 10 and wants me to uninstall it. However, I use that software as a remote KVM over VPN to manage servers in an emergency, and I'm not quite ready to uninstall it, do the upgrade, and hope that the reinstall works.

Microsoft: 14 January patch was the last for Windows 7. Also Microsoft: Actually...

Donn Bly

Re: it's all curable, and worth it

It is very clear that he was speaking of the GWX ads that Microsoft placed on every windows 7 machine that used Windows Update, not your Windows 10. If you never got them then you never applied Microsoft's so-called security fixes (or you never ran Windows 7)

However, I would question your claim of no advertisements on your Windows 10 machines. By default, Windows 10 displays advertisements when you click the start menu. Perhaps the ads are regionalized, but even on this machine right now it is displaying ads for the games "Candy Crush Friends", "Township", and "Royal Revolt". At least with 1909 they are significantly smaller and less intrusive than with previous versions.

Because Monday mornings just aren't annoying enough: Google Drive takes a dive and knocks out G Suite

Donn Bly

Re: Hands up...

I may trust Google Drive with a copy of my non-critical data out of convenience, but my private NextCloud VM is my preferred cloudy storage.

Reusing software 'interfaces' is fine, Google tells Supreme Court, pleads: Think of the devs

Donn Bly

Innovation and Profit?

Ethical developers and businesses around the world continue to recognize the value of Java and take advantage of our licenses to drive innovation and profit.

The only innovation is on how Oracle decides to screw over the installed customer base this quarter, and the profit is all Oracle's. Ethical developers have moved on from Java and into other platforms, especially now that Oracle wants to charge a per-desktop fee for it. Could you imagine the outrage if Microsoft decided to start charging a per-desktop fee for the Visual C Runtime libraries to each developer or user? "Run Everywhere" has turned into "Get it out of here".

It's always DNS, especially when you're on holiday with nothing but a phone on GPRS

Donn Bly

Re: It's always DNS

When it is making noise it isn't much of a problem, it is when it STOPS making noise that I worry.

Stack Overflow makes peace with ousted moderator, wants to start New Year with 2020 vision on codes of conduct

Donn Bly


Close, but in this case what she did was state that she preferred to write in a gender-neutral (ie, singular they if appropriate) instead of using sex-based pronouns, because having to research and read someone's profile to try to discern their preferred pronouns before replying was a waste of time and she didn't want to cause offense by using the wrong one - thus she wanted to know if writing in gender-neutral was a violation of the code of conduct that stated that they MUST use the preferred pronouns.

The funniest (and saddest) thing is that Stack Exchange still hasn't publicly answered the question that they fired her for asking.

Hey, ICANN, if you need good reasons to halt the .org super-sell-off, here are two: Higher fees, more website downtime

Donn Bly

Afilias losing their money tree

I am opposed to the selloff for a variety of reasons - but PCH's numbers are based on the assumption that Donuts cannot do the same or better job as Afilias for less money. That is a HUGE assumption, as it appears that Afilias may have been setting their pricing in accordance with the registry's annual income as opposed to the real costs of service. The .ORG registry was non-profit but Afilias certainly wasn't, and Afilias has been treating the registry as their own personal money tree. How much was PCH's take of the Afilias tree harvest?

HPE to Mike Lynch: You told either El Reg or High Court the right version of why former Autonomy execs won't testify

Donn Bly

If you read both statements, and don't read INTO them, you will find that they are not exactly contradictory. Is it possible that HPE's lawyer has been smoking something that they shouldn't? Perhaps the same substance that HP's board was smoking when they even considered the acquisition without doing due diligence?

Apple tipped to go full wireless by 2021, and you're all still grumbling about a headphone jack

Donn Bly

QI compatible charging coil pads can be bought for under $10 and plug into your existing chargers and cords. Of course, you will have so much power loss from the wireless transfer that you would still have to upgrade any charger that doesn't put out at least 2.4 amp.

Donn Bly

Wireless charging is only "useless" for those who have never used it.

I generally use wireless charging for my Samsung. A pad on my desk in my office, and a pad next to my bed at night. When I am driving I have a simple lighter cord that does the job if I need it. However, when I am out and about and/or working 20+ hours straight and the phone dies I have a nice battery pack in my coat pocket with a short charging cable. I can plug my phone into it and drop both of them back in the pocket, or plug it in so that I can continue to [ make calls | read my email | pontificate on Reddit ].

With wireless-only charging that becomes much more difficult. From the experience of laying in bed at night trying to hold my phone against the charger while I continue to try to use the phone is NOT convenient. Trying to do it while on the road would be next to impossible.

Googlers fired after tracking colleagues working on US border cop projects. Now, if they had monetized that stalking...

Donn Bly

Re: Seems to be their new tactic

Not a new tactic, but consider that while companies are known to do underhanded things to protect themselves from Unions, unions and union organizers are also known to engage in underhanded things. Even a legitimate company (or union) has reason to fear and protect themselves from such underhanded activities.

Tracking and harassing other employees, which they admit to doing, is not only underhanded it would appear to be a violation of California law.

The legitimate purposes of a union are two-fold: (1) to protect vulnerable workers through collective bargaining and (2) to protect a skilled trade and train new members in that skill.

Does either of those apply to a union at Google? There is no apprentice program and the union isn't training and certifying anybody. Potential workers are trying extraordinarily hard to get in because they want to work for the company even though they already know that the working conditions aren't the best, but that in their mind the pay and other compensation override that.

The people that Google hires are generally amongst the best at what they do. Those people have LOTS of options at multiple companies. They aren't common laborers with an interchangeable skillset., and they aren't vulnerable in a way that collective bargaining would generally help them.

No wonder cops are so keen on Ring – they can slurp your doorbell footage with few limits, US senators complain

Donn Bly

Re: Expectation of Privacy

The picture can be published without your permission, but cannot be used in advertising without your permission. That was covered with the line "There are legal rights if the pictures taken are used in commerce" in the third paragraph.

The newspaper does not need your permission to publish your picture in the paper. Your neighbor does not need your permission to post your picture on his blog. You do not need to seek permission from a driver whose erratic driving you captured on your dash cam before publishing it.

You DO need permission in order to imply endorsement, but not for publishing.

Donn Bly

Expectation of Privacy

I am all for personal privacy, but US Senator Edward Markey seems to be a bit ignorant of the law.

None of the following should be construed that I support Amazon and Ring in this. I don't want to live in a surveillance state. However, the way the law is currently written Ring is doing nothing wrong with selling door cameras and encouraging the buyers to provide the video to the police. The first step to solve this is CHANGE THE LAWS.

People on both sides of this issue need to realize is that in the United States there is NO expectation of privacy when you are on a public right of way, or within view of the public right of way. A photographer has the legal right to photograph you, your children, your property, or anything else they can see with the naked eye if they are on the road or sidewalk. The photographer does not need your permission, nor do you have the legal right to prohibit them from doing so. There are legal rights if the pictures taken are used in commerce, but the photographer still has the right to sell the photograph, or give the photograph away for free to others.

Additionally, a property owner has the right to photograph anything that he can see from his property with the naked eye. There is no expectation of privacy from your neighbors when you are in your back yard if you can be seen from their property. It is completely legal for them to photograph you from their windows, door, or standing in their yard.

A video is just a series of photographs and is similarly covered -- however any accompanying audio is not. Unless you live in a single-party consent state it can be illegal to take a video with audio of your friends in a public place when it would not be illegal to take a photo or a video that was muted.

What this means is that a homeowner has the legal right to put a camera on their door and record anything going on in front of their house, on the street, their neighbors yard, etc.-- AND they have the right to share that video (but not audio in some states) with whomever they feel. There is no expectation of privacy, therefore there is no violation of privacy.

If Ring sets up a portal and lets users share video with their neighbors or police, and they put into the terms of service of the portal that the video shared becomes public domain, then there isn't CURRENTLY anything anyone can do about it. As public domain video, the police can do whatever they want with it, including store it forever or use it for facial recognition.

If Ring gave video to the cops that the users didn't voluntarily share, then that is a separate problem -- but that doesn't appear to be the case here. In these cases the users had already voluntarily chosen to share the video under conditions where they lost control of it.

As far as Markey's statements, lets examine them.

1) Ring has no security requirements for law enforcement offices... And why should they if the video is public domain?

2) Ring has no restrictions on law enforcement sharing... again, why should they if the video is public domain?

3) Right has no policies that prohibit law enforcement from keeping shared video... again, public domain. Besides, the video was never Ring's property to restrict.

4) Ring has no evidentiary standards for law enforcement... Not Ring's problem. The users have decided to share THEIR video, it isn't up to Ring or Markey to establish standards.

5) Ring refused to commit to not selling users' biometric data... THIS can be a problem, depending on how it is phrased. However, with the definition of biometric having been expanded to include any photograph clear enough to recognize the person I can understand why they wouldn't. Has your local newspaper photographer committed to refusing to sell biometric data? The newspaper is selling biometric data every time they print a picture of someone and then sell the paper. The photographer is selling biometric data every time they sell a clear photo of a person to the paper. Pass legislation to fix the definition of biometric data (again, Markey's job) then then

6) Ring has no oversight/compliance mechanisms in place to ensure that users don't collect footage from beyond their property... but people are ALLOWED to collect footage from beyond their property. I could see them putting restrictions in place to not point and zoom one of these cameras on a neighbors bedroom or bathroom window -- but if the footage of these cameras is being shared with the police I think that if someone did so then the local cops would be knocking on their door. It would seem to be a self-resolving problem.

7) Ring has no oversight/compliance mechanisms in place to ensure that users don't collect footage of children.... Again, if these children are in a public place there is no expectation of privacy. It is perfectly LEGAL for you to take video of the kids riding their bikes down the street or vandalizing you or neighbor's house.

8) Ring has no compliance mechanisms in place to prohibit law enforcement from requesting and obtaining footage that does not comply with Ring's terms of service... And if they did they would be illegally obstructing justice. In fact, if you or they delete footage that police have requested, you have opened yourself up for liability in the form of a charge of "spoliation of evidence".

In summary, if Ring is following the letter of law and Markey doesn't like it, then Markey should DO HIS JOB and change the law. To go after Ring without first changing the law does nothing more than create a circus, and Markey becomes the clown.

Video-editing upstart bares users' raunchy flicks to world+dog via leaky AWS bucket

Donn Bly

Re: Ooooh...

Awhile back I set up an S3 bucket and intentionally left it open to the public, with the only contents some marketing videos to be embedded on a website.

Amazon repeatedly emailed me to warn me that it was insecure, and eventually said that if I didn't log in and re-reverify that the settings were intentional that they would shut off the insecure access.

So in other words, they ALREADY do what you suggest, and if insecure buckets are out there it is because the owners did it to themselves against multiple warnings from Amazon.

Blood, snot and fear: Why the travelling lone tech reporter should always knock twice

Donn Bly

Re: Interesting problem

Not just "a number" of systems -- I can't recall a single hotel where I have stayed that has that level of integration. By keeping the systems separate there is less of attack surface to be hacked.

Also, all room keys have to programmed at the same time. The next time the programmer is used a different token is generated, and as soon that that new card is used all existing cards for the room are automatically expired. So if you ever get back to your room and your key doesn't work, there is a good chance that someone had been issued a card in error and has probably been in your room.

Bad news, developers: Apple Mac App Store tells cross-platform Electron apps to get lost

Donn Bly

Users don't choose the framework, Users choose the application.

It is the application developers who choose the framework, development language, etc.

I don't use Electron, but for many who make their living writing code the cost savings of rapid development and cross-platform deployment are important considerations that overshadow the performance impacts of the resulting build.

Traffic lights worldwide set to change after Swedish engineer saw red over getting a ticket

Donn Bly

Re: Pedant alert

Flashing lights aren't just "fallback" positions. Many rural intersections are equipped with signals like that intentionally, and many urban traffic lights go to flashing lights at night on a timer when traffic is lighter.

The sound of silence is actually the sound of a malicious smart speaker app listening in on you

Donn Bly
Big Brother

An Echo may not be what you think it is

I am not as familiar with the Google product as the Amazon, but all of the Amazon Echo products turn on their ring light whenever they are talking OR listening. That light cannot be turned off by the skill application. In addition, the skills do NOT have access to the raw audio, they only have access to the text transcription.

Also, if the Echo is "talking" it is only listening for its wake word. So you can preempt a voice prompt by saying "Alexa" to take it back to the top of the menu tree, but if you haven't said the wake word the skill only gets the transcription of what was said after "it" stopped "talking", and then only for a maximum of 30 seconds. The skill app can respond with a voice prompt and get a second 30 second chuck of transcription (the "are you still there, please tell me what to do" prompt) but after that the user has to reinvoke the skill.

That said, I have several of the devices and use them daily. Whenever someone publishes an article about them being "hacked" I read and research it. To date, nobody has published a true remote hack of the system -- including this last one by SR Labs.

In this case, their technique for extending the voice prompt does not gain them access to what is being spoken in the room at the time. Does it expose a weakness in the system -- Yes, because they are creating a "denial of service" situation -- but they are not creating a surreptitious remote audio monitor.

The echo is hard to "hack" because it doesn't execute any third party code. When you enable a skill you are downloading absolutely nothing to the echo, and you aren't changing a single bit or byte of its configuration. All you are doing is telling Amazon's cloud servers to allow add that skill's name to the rules that pre-process the text stream. The echo itself is a rather stupid device. Think of it as a limited functionality web browser that doesn't even have javascript and is limited to a single web site. You might be able to hack the cloud server, but you aren't going to have much luck hacking the end-user clients.

If a user can be tricked into installing an application, then it doesn't matter what the platform is be it a pc, phone, or digital assistant. The Echo does have a great microphone array, but is severely limited in processing power and storage. That's why you don't even get to create your own wake word -- they are hardcoded in the firmware and silicon is optimized for the hardcoded list.

Your cell phone is a significantly more appealing target to a hacker. Just like the Echo it has a microphone and internet connection, but unlike the echo it has significantly more storage and cpu processing power, has a much larger attack surface, and it is always with you instead of sitting next to you bed or on the kitchen counter.

Amazon may be able to send new firmware to an echo to turn it into a bug (say, at the "request" of a government) and that may be a legitimate concern, but the same can be said for just about any other connected or smart device. Anything more is a tinfoil hat situation.

Think your VMware snapshots are all good? Guess again if you're on Windows Server 2019

Donn Bly

I thought that issue had been addressed...

I noticed the snapshot issue in my environment when I moved a couple of Server 2019 VM's from an ESXi 5.5 host to a 6.5 host, but the errors went away when I upgraded the VMware Tools to a newer version. I'm currently using version 10.3.10 (build 10346) on my Server 2019 VMs and no longer getting any errors on snapshots.

Hey, I wrote this neat little program for you guys called the IMAC User Notification Tool

Donn Bly

The best (worst?) I ever got past management when I worked in corporate IT was the name for new helpdesk system - System for Helpful Information Tracking -- but an upper level manager caught it before it went live.

Two years ago, 123-Reg and NamesCo decided to register millions of .uk domains for customers without asking them. They just got the renewal reminders...

Donn Bly

Network Solutions used to (and maybe still does) do something very similar. For example, if you had a .org domain and the .com version was available, they would register it on your behalf (at no charge the first year) and stick it in your account hoping that you would renew it.

One of the many reasons not to use them for ANY services.

Vimeo's Clippy-for-video-bumpf app 'breaks biometric privacy law by slurping thousands of faces without consent'

Donn Bly

Was the law broken, and by whom

If the assertions are correct, Bradley Acaley admits to uploading photographs to Magisto which, as a standard feature of their platform generated biometric data from those photographs for Mr Acaley and kept that data in Mr Acaley's account for his future use, performing automatic collation and categorization of Mr. Acaley's data. Since Magisto appears to have been acting at the direction of Mr Acaley, wouldn't Mr. Acaley be just as guilty, if not more so, for the alleged violations of the Illinois law? In fact, since Mr. Acaley is the one who "pushed the button", isn't Mr. Acaley the one who actually generated and collected the biometric data, and thus his lawsuit really serves as a written confession?

Donn Bly

Photographer's Rights

What I haven't yet figured out is that since I as photographer have exclusive rights to any picture or video that I have personally taken in any area where privacy is not presumed (which is the law in the United States, including Illinois) how the state can then claim that neither I nor a third party have the right to process the images or possess a digital representation of them?

The two are mutually exclusive, so I would assume that they presume that the latter preempts the first -- but the law doesn't allow for such a preemption. I'm just waiting for the counter-suite from some lawyer trying to get rich.

You've got (Ginni's) mail! Judge orders IBM to cough up CEO, execs' internal memos in age-discrim legal battle

Donn Bly

Re: The American elephant in the room, er, ocean.

I had similar thoughts.

If I take a group of 100 people and 60 of them are over 40, and I lay off every second person then on average 60% of the layoffs are going to be people over 60 even though age wasn't a consideration in the selection - though the actual percentage could be anywhere from 20% to 100% depending on how the list is sorted. Correlation does not imply causation, and there is a huge margin of error in those numbers.

I'm not saying that this is the case, but there are any number legitimate reasons why older, more experienced staff may be reduced. For example, they need more DOERS and less managers, and since an employee's career path tends to take them into management positions then those more experienced employees will be the ones to get the axe. Or those more experienced employees may not have kept up with the latest trends and technologies, and feel that they needed to outside to get the skill set they wanted. Or automation has lead to needing less people to do the same amount of work, so the most expensive people get the axe.

I'm not saying that such cuts would be moral or ethical, just that they could be seen as legitimate business reasons that wouldn't use employee age as a selection criteria.

That said, I'm certainly not opposed to discovery so that the court can expose exactly what criteria were used in the elimination of the plaintiff - facts are always good, and they may certainly back up his claims. It doesn't bode well for IBM to try to avoid it.

At the same time, I can see IBM wanting to hold discovery down to the documents surrounding just the single employee's termination so that they don't have to adjudicate every layoff that they have ever had in every division of the corporation worldwide, and that is what the plaintiff seems to have originally requested.



Biting the hand that feeds IT © 1998–2020