Posts by Mike 137

Biology updated?

""Google's parent company Alphabet""

By some strange evolutionary shift, Goooooooogle was able to engender its own 'parent'. Having done that that, there's probably no limit to what it can get away with.

Key question

"The Fourteenth Amendment states that no US citizen can be denied due process of law"

Are corporations 'citizens', so does the 14th apply to them??

Quite apart from the weird configuration

Any kit that encourages or supports "pair programming" should be viewed with extreme doubt. The entire concept of two folks thrashing out what the code should do and how it should work while actually keying it in is fundamentally flawed, although I suppose it coincides with the current view of programming as "coding". By the time code is keyed in, the decisions as to algorithm and mechanism of the code should have all been made. In real engineering, design comes before implementation (ideally via a design proving stage).

Full explanation?

"comes at the cost of users' [...] browser settings related to privacy, accessibility, and extensions"

So no surprises there really. Once you've sold your soul to Farcebook there's no way back.

"You own, at most, a serial number"

So non-fungible tokens are not a novelty at all. We've been forking out for them for years, and now, with the prevalence of the subscription model, we mostly only rent them.

$25 for what?

As I process audio, I've spent a lot of time, money and ingenuity making my workspace as quiet as possible (large slow fans in the computers, antivibration pads on the case sides, recording studio wall clock, wall padding and all the rest). So the last thing I'd want to do would be to spend hard earned bucks on something that makes gratuitous noises.

And in any case my HDDs don't click, they just hum gently.

"educating end users can go a long way in protecting personal and business information"

Such education as "don't bother with linkedin any more". It was once (a very long time ago) moderately useful, but since the MS takeover it's degenerated into a third class source of spam and fraudulent probes. Unfortunately though, a lot of recruiters won't look at you if you're not on it - probably because they can't be arsed to look at multiple separate reference points, but just go exclusively to linkedin as that's the least effort route to getting their commission. The candidate is just sausage filling.

"what could go wrong?"

Most obviously, as soon as multi-gig speeds are available retail, web designers will immediately add so much bloat that anyone without these speeds will be left utterly stranded. It's starting to happen already, despite large swathes of the internet connected world still being limited to sub-100Mb.

Prospects

"Knowledge – Know-how necessary to discover, understand and build new technologies;

Future Readiness – Level of country preparedness to exploit digital transformation."

"the UK dropped two places to 14th despite its Technology and Future Readiness scores improving"

So apparently the UK is good at technology and prepared for digital; futures but no good at understanding or innovating the technologies. Supposing that somewhat self-contradictory picture is accurate, it doesn't bode well for Blighty. If it is realistic, it's probably due to our approach to education - fact stuffing for exam passes rather than instilling understanding that can be applied independently to new situations.

One of my lecturers at college (a long time ago) said "if you've really learned the subject, the exam is just a friendly conversation with the examiner". Pity that message is no longer imparted, and we may already be paying the penalty.

"Risk assessment is something every organization has to deal with"

A humungous problem well managed. However unless something has been left out of the picture this should not be described as risk assessment - it was hazard identification and incident response planning and jolly well done. Risk includes an element of likelihood (consequence times probability) that contributes significantly to the prioritisation among multiple hazards/responses. Almost the entire business community fails to recognise the distinction between hazards and risks, which may explain to some extent the parlous quality of much corporate risk assessment. But then even those experts that contribute to international standards assume hazard and risk are interchangeable terms, so it's not surprising the confusion persists.

Priorities

"If Apple has its heart set on placing the battery beneath the display and above the SIP, it is the screen that should be the easy part to remove, not the backplate"

Apple obviously (and on cumulative historical evidence) is not committed to repairability. The battery is typically the first component to fail, and when that happens they want you to buy a new watch, not replace the battery.

A privileged elite?

"Banking giants [...] agreed to pay $1.1 billion in penalties from the US Securities and Exchange Commission (SEC) and $710 million in fines from the Commodity Futures Trading Commission (CFTC)"

Anyone else (except maybe a tech behemoth) would just be told to pay up, no agreement necessary.

"a workaround, which included disabling WAN access to the User Portal and Webadmin"

Good thinking Batman!

Managing your firewall over an untrusted network to which all and sundry have access is not a brilliant idea in principle. However it seems that the webified end of everything that's web enabled is the big problem. Why is "web" code such cr*p?

An easy fix?

"increasing numbers of complaints relating to the use of deepfake videos during interviews for tech jobs that involve access to sensitive systems and information"

Even in the absence of deepfake tech, you'll never know whether the person at the other end of zoom is the person you should really be talking to. So make a physical face to face interview a mandatory part of the recruitment process. I'd never engage even a commercial subcontractor without having a real physical meeting (preferably on their premises).

Third party "displays causing artificial issues, disabled features, and warning messages"

This is an ancient problem. A while back I reboxed a Dell desktop of around 2010 vintage and found it objected to the front panel of the new case. It turned out that the otherwise standard pin header that connects the buttons and LEDs needs two additional undocumented links to recognise that the front panel is present. Made up a revised plug and everything works fine, so this is just another example of proprietary lock in.

Alternative strategies

"if our cars encounter a situation where they aren’t able to safely proceed they turn on their hazard lights and we either get them operating again or pick them up as quickly as possible"

Stopping in their tracks, as opposed to Teslas, which preferentially seem to forge ahead when confused, including accelerating into obstructions they don't 'understand'.

"In short, there's a disconnect between employers and employees"

There always has been. In a competitive 'economy', the employer wants as much work as they can get for their money and the employee wants as much money as they can get for their labour (or to trim their labour to the money they can get). So both sides are squeezing each other and the larger the enterprise the stronger the squeeze pressure. The alternative is cooperation but it's a cardinal sin for capitalists. Forty-odd years ago Alvin Toffler suggested a collaborative model for work [The Third Wave, Collins 1980] but it hasn't happened yet except in very rare small scale instances.

suborbital "space" tourism?

Does suborbital really qualify as 'space'? Or is this another questionable superlative like "astronaut"? The latter means traveller to the stars, which nobody has done yet. I suppose if you're going to command something approaching half a million dollars for providing a short period of weightlessness with an interesting view, you need to use superlatives to make the sales pitch. However it's not likely to become mass tourism in short order (fortunately for the environment).

"Extinct media still in demand"

Clearly they're not extinct. Extinct means utterly gone for good, which they're obviously not if anyone at all produces or uses them. They could legitimately be called "obsolete" but not extinct.

Lack of adequate policies and training yet again

From the new York Times: "The person who claimed responsibility for the hack told The New York Times that he had sent a text message to an Uber worker claiming to be a corporate information technology person. The worker was persuaded to hand over a password that allowed the hacker to gain access to Uber’s systems, a technique known as social engineering."

If the policy says "don't share your password" it shouldn't make any difference who asks for it - you just don't share it. Plus of course there should be some way to distinguish between internal and external phone calls. It's obvious that corporate "user policies" still don't work - probably to a great extent because they're not backed by effective training, monitoring or incident response. The greatest source of failure in infosec is still not technical - it's sloppy management.

Interesting assumption about competence

"the files [...] would not have been practically useful because Broadcom appears to have used customized Perl scripts for its datacenter ASIC designs, where Mersenne's devs used Python"

He's assuming there's nobody that can interpret a Perl script and replicate its functionality in Python? If so, it's a sad indictment of the state of developer expertise at Mersenne. Or is he just clutching at straws to get a lighter sentence? Three guesses probably unnecessary this time.

Who's the sap?

"solutions that were previously still part of the ERP are now increasingly being marketed individually and the customer, therefore, has to pay for them additionally"

"The full maintenance rate is still due for the older ERP solution, even though there are hardly any further developments for it."

One has to ask qui bono.Or maybe it's obvious.

Why?

."if a user is working on a Word document at the end of the day, they may leave the document open and lock the device intending to continue working on it the next day"

What's the problem with closing the file at the end of the day and opening it again in the morning? Are we really getting that lazy, or is this M$ being patronising again? or could they be aiming to eliminate the concept of files just like they've effectively suppressed the concept of directories? The widening gap between the knowledge of the user and the vendor can only further tie the customer down to whatever regime (predatory, hazardous or whatever) the vendor chooses to impose. It's no longer our kit at all, we just have to keep on forking out for the use of it until the vendor chooses to turn it off.

"For some people money (and power) are all that really matter"

For those who succeed in acquiring wealth and/or power, that's certainly so, and inevitable given the intense competition that underpins "growth" economies. Consequently the most ruthless and self-seeking rise to the top and get to make the rules.

evolution?

Once there was the noun "trial" derived from the verb "to try". Then the verb "to trial" emerged, which implies that the associated noun should be "trialial". Not unique though - it has been pointed out that since the suffix "gate" has come to mean scandal, the original Watergate scandal should now be called "Watergategate" to distinguish it from a scandal about water. Strange how language evolves, isn't it. Or maybe it's just due to etymology and grammar no longer being taught in school.

Uncertainties

Headline: "Google faces fines of up to $25.4b"

Para 1: "Google owner Alphabet could face claims of up to €25 billion ($25.4 billion)"

Para 2: "Law firm Geradin Partners yesterday announced it would launch action"

So I guess there might be a case, it might go against Gooooooogle, and they might be penalised to the tune of $25B. Hardly what the headline suggests though.

"not aware of any evidence [...] that any information has been fraudulently misused"

Doesn't attempting to extort based on illicit possession of the information qualify as fraudulent misuse?

Oh no, not again...

""Open source developers should not be subject to the same burden as those developing commercial software. It should always be the case that free software can be provided 'as is'..."

Yet another example of confusion between open source and free (in the no license fee sense). They're not the same thing at all. They may co-exist but they're entirely independent.

Apart from which, there is also a reasonable argument that liability (in the broadest sense) for software safety should be commensurate with the potential for harm associated with its use, independent of its licensing regime.

laissez faire capitalism at work?

"... Big Tech isn't held to the same legal and ethical standards as, for example, telephone companies or postal services" - an actuality rather than a supposition right now.

Money doesn't shout - it screams. It screams so loud that the UK govt. is busy dismantling the potentially adequate protections offered by the GDPR, although of course it's never been properly enforced. Action is taken in only a trivial proportion of real cases, the penalties imposed so far on the big tech players have been derisory and no significant change of behaviour is apparent.

It appears that the preferred approach to regulation this side of the pond is emerging as "if they won't comply with the law, scrap the law". It's somewhat promising that the US might be taking a more robust stance.

So much for commercial space flight

"It cost NASA about $54,000 per kilogram just to get something into Earth's orbit using space shuttles [...] while SpaceX lists prices starting at $1.2 million to launch a 200kg payload."

The same order of cost is probable for returning anything from space, so I seriously doubt the economics of ventures such as using moon matter as a resource or asteroid mining (which, however, have been proposed). Space exploration is very valuable as an extension of science, but other than for simple tasks such as the provision of Earth orbital satellites I can't see how it has a commercial future.

Just like IR35?

'Amazon's AI software often dispatches drivers along inefficient routes ["...it] often doesn't account for real-world conditions like rivers or train tracks or roads that are too narrow for vehicles."'

"The delivery drivers, however, are subcontractors and technically work for a third-party logistics company. Amazon is not legally responsible for their working conditions."

Taken together, these two statements yield a disturbing picture. Clearly, in many places the influence of the megacorps is returning us to the working conditions of the 19th century industrial revolution. Given the spreading emphasis towards "free market economies" (a euphemism for those with the greatest power grabbing all they can) this can only get worse. Slavery doesn't cease to be slavery just because you get paid.