Posts by Pascal Monett

"It is not clear why Trend's software does this"

I don't care if it's clear or not, it should not be done, period.

Good on Borkzilla for reacting on this and pulling the driver. Now Trend is going to have to submit another one, and I'll bet it will get a lot more scrutiny the next time around.

A reputation takes years to build, but only a day to trash. Trend Micro has now trashed its reputation.

Why the uproar ?

Do you think your government is not aware of what you spend your money on online ?

What's different here ? Is it because there's the word "China" is the article ?

I guarantee you, it doesn't matter how democratic you think your country is, if your government takes an interest in you, your expense record will be the first thing they'll get their hands on.

"the potential benefits outweigh the risks"

The potential benefits for who ?

Also, is this a pure-Chromium issue, or are other browsers at risk also ?

In any case, I note that this is, once again, a JavaScript issue. And that means, once again, that NoScript saves the day.

NoScript : protecting privacy every day, without fail.

"the app's data retention period has extended"

And so it starts. Well that didn't take long, barely a month in usage and they're already pushing the agenda forward.

Seems that India is going to treat data retention like Disney treats copyright protection.

I hope it will amount to something

Maybe governments will make an effort to increase blocking of bot traffic or somesuch, I really haven't a clue what they can do though. Spam and phishing is only malware when it reaches the endpoint, when it's on its way there's next to no way to tell.

Yesterday, I received the laptop from my friend the postman. It was sent by a customer so that I can work on a project on their servers in a secure VM configured by them. Coincidentally, I also received a mail telling me that my package was waiting for me and there was a €2 transport charge to pay. With a friendly link, of course.

Out of sheer habit I checked the URL of the link, which immediately made me suspicious because of the strange name that had nothing to do with the company that the mail alleged to represent. Then logic kicked in and I realized that, even if there is a transport charge to pay, it's my customer that should pay it, not me. Finally I trashed the mail and thought nothing more of it.

But I am certain that such a mail would make many a person click on the link and just follow instructions blindly. Especially these days where Amazon is becoming king of the hill. Now transport that kind of attack to a hospital environment, with a nurse that has a thousand other things to do and just wants this mail out of the way. It's easy to hack hospitals, they are trying to save people, not computer hardware. They already have their minds full of medical knowledge, cramming security procedures on top is a nuisance they don't have time for.

I don't know what the solution is. Maybe a filter machine that all email is sent to by default before a human checks that it is legit and lets it continue to its intended recipient ? Put a fancy statistical analysis machine with oh-so-vaunted "machine learning" and maybe something automated could be tuned to be useful.

Adobe Character Animator

Congratulations, Adobe, on your persistence.

We are in the final stages of getting rid of Flash, so you dump Character Animator on us.

Are you by any chance tired of not being on patch lists ? Spoiler : you are on patch lists. All the time. It would be refreshing to see you take a break from that.

"why buyers beyond the middle kingdom would consider its offerings"

Good question. Why go and put your data on servers that can be looked into by Beijing ?

Except that thousands of non-USA companies are putting their corporate data into offerings that come under White House jurisdiction, so why not ?

Especially if it's cheaper.

The Cloud War will happen.

That far away ?

Jupiter is a billion kilometers from the Sun, and that's close enough to start vaporizing ice ?

I thought comets had to at least in the asteroid field before being impacted by the Sun's energy.

An open fusion reactor is apparently more powerful than I thought.

Edit : my bad, Jupiter is only almost 780 million km from the Sun. Still far, though.

That keyboard is flat on the table

Not a good typing position. The keyboard should be slanted toward the typist.

But I'm guessing the hipsters will be using that on the couch, so no problem.

So, slashing headcount again ?

Why is it that I don't recall HP ever doing anything else when "transitioning" ?

Oh, right. It's because that's the only thing they know.

Honestly, those people who submit a CV to HP should really realize that, at best, they're only getting a temp job.

"Those who do not have a compatible phone"

Ah, so there can be incompatibilities. Does that include feature phones ?

I really would like to know how they expect to install that app on a feature phone.

"over localised regions of the bridge below"

Okay, so you decided to launch your drone on a bridge, likely made of metal but not specified in the article, and next to an electrified train line.

Instead of launching from a field in the middle of nowhere.

Were you specifically testing the drone's ability to navigate in complicated electromagnetic environments ? Because even without a metal bridge, an electrified train line is going to have an impact on compasses, as you found out the hard way.

Missing the boat

It's an age-old tradition at Borkzilla, followed by massive investments and purchasing of small companies to catch up, followed by unsatisfactory product and ending in cancellation of the whole fiasco.

And all of this is made possible by Windows and Office licenses which are the two things that Microsoft has done reasonably well and the only things that have ever really brought in the money.

Okay, there's Azure that's not doing bad now either, granted. But frankly, everything else Borkzilla has ever attempted ended in failure. Might be time to draw some conclusions, don't you think ?

Blockchain, blinkenlichten and comes in October

So, the Noodle (sorry, that's how I write it) will need 128GB of SD storage to manage its blockchain - that it will have to synchronize somehow - it has bloody LED lights that you don't see because it's clipped on your shirt pocket, and it will be available when the pandemic is over. Or restarting, we'll see.

Now tell me, who is managing this blockchain thing, what server is it going to call for updates and what security measures are included ?

Frankly, I have the feeling that the company making this is going to fold if that's the only product they have.

"made available to the public"

Does that mean that the good people abord the ISS will soon have a video-recording-enabled robot trundling around and watching them ? With the entire world able to see what they are doing ?

It must be an idea from marketing. I'm sure that the control software will keep the robot away from private quarters and the space toilet, but still, there is a good risk that thing will get nicknamed The Eye Of Sauron before long.

"the politically fraught task of policing home-grown implementations"

Now that I can understand. And we have a magnificent example, don't we, NHS ?

I do prefer that the two major players get their teams on this issue and iron out a common solution. I like that they say that no data goes back either of them, but I'll wait until the experts demonstrate that that is true.

In any case, I do believe that Google & Apple (Googapple ?) are less of a risk than some local company who got the job because the CEO goes golfing with the minister's brother.

Plus, at least the techs in both companies know exactly what their platform can do and how to call on it most efficiently. Knowing how to program an app for a mobile platform does not mean you know how to do the job using the least amount of power possible.

So good on Googapple. Let's just keep in mind the age-old adage : trust, but verify.

"whether the Taiwanese giant was lured with the promise of financial incentives"

Really ?

Are these guys new to the concept of capitalism or what ?

When a supermarket chain eyes a spot of land it wants it not only gets the local authorities to exempt it from taxes for ten years, but also gets roads and infrastructure made on its behalf then takes off after nine and a half because, all of a sudden, it remembers that it won't be making money soon.

And now these senators are wondering about a $12 billion plant ? Were they born yesterday ?

Of course there were incentives. Of course there were promises to not tax them on the basis of surface usage, or headcount, or anything that ensures that TSMC will build the damn thing and employ local people to make it run.

And even if that means that the only locals are janitors, it still means that there will be an influx of housing improvements, as a whole lot of people will be flying in from Taiwan to be part of the plant.

Because the USA no longer has that expertise. So shut the fuck up and take what you can get. And smile while you're at it.

Apple promised a “thorough review of our practices and policies”

And I am absolutely certain that Apple did a thorough review as promised.

Except that Apple never promised to change anything. Apple just promised to review the situation.

People are going to have to learn to read what is said, and act accordingly. Words are words, and actions speak volumes more, but you cannot expect one of the richest companies in the world to have the same interpretation of "review" as you do.

If you have any questions, ask yourself why you are not managing billions in the bank, and Apple is.

A right pig's breakfast

Slop all around and nobody wants to mop it up.

Somebody remind me why we have government already ?

A hard sell ?

Maybe.

It will mostly be a measure of how many people are really fed up with phoning their life to Google.

"We believe this allegation is misleading"

Of course you do. So please provide an official explanation for why that code was included.

This is not a bug, nor a mistake, nor a case of rogue engineer. The code was written specifically to check on Borkzilla's driver certification. There is no reason why the guy should have alerted you beforehand so you could silence him with spurious excuses while you renamed MysteriousCheck to PerfectlyNormalCheck and pretended everything was ok.

It is not ok, and I hope you'll get raked over the coals for it.

"learn to defend themselves against audits"

I'm sorry, where's the problem ? I thought audits were a consensual kind of thing. It's a "I'm here to chek on your licensing landscape", "Please come in" type of thing.

Because if some guy thinks he can barge in and check my kit without my consent, I'll have him know that he needs cops and a warrant to do so.

And if he thinks he can just send me an invoice if I do not comply, well that does not mean I'll pay it.