* Posts by big_D

6805 publicly visible posts • joined 27 Nov 2009

Chinese boffins build soft robot finger that can take your pulse

big_D

Why?

I keep seeing stories for robotic fingers taking pulse, androids that will replace farmers in fields, androids that will replace humans in factories...

WHY? Why, oh why, oh why?

We already have more efficient and reliable devices that can take a pulse.

We already have agricultural machines that are much more efficient than humans at working fields - and often highly automated already.

We already have industrial robots in factories that are much more efficient than humans at putting stuff together.

So, why are these people, usually tech billionaires, wasting money on making inefficient ways of replacing existing efficient hardware, but in humanoid form?

Surely a machine using lasers that can currently remove weeds over a 20M wide stretch of land is more efficient that building a humanoid robot, for example, that picks out the weeds individually?

In this case, making a more sensitive claw or grappler might be of use - although many industrial robots can already grip very lightly - for example testing eggs...

Surely a machine that can pick cabbages/potatoes/beans/corn etc. from multiple rows in a field at several hundred per minute is more efficient than building a humanoid robot to pick them individually?

Arrow Lake splashdown: Intel pins hopes on replacement for Raptors

big_D

Low end?

I'd hardly call the Core Ultra chips low end mobile, the Core 3/5/7 chips come below Core Ultra and below those there are real low end Pentium, or as they are now called "Intel Processor" chips.

big_D

Re: Not what I want in a desktop

Hyperthreading was never really a sound idea, it was just a way of "cheating" more performance under ideal conditions, whilst opening up a plethora of security issues.

I'd rather have proper threads on a secure processor rather than a bunch of quasi, might be quicker, threads on an insecure design...

Starlink was offered for free to those hit by Hurricane Helene. It is not entirely free

big_D

Re: you'd never know there is an election soon....

I was just saying this, but from the other side, this could easily come back to hurt him and Trump, if the mainstream news carries the bait-and-switch story.

If they really wanted to capitalize this for the election, Musk and Trump would have sent a truck with dishes down there and started handing them out, not conning desperate people into paying through the nose.

big_D

Re: 30 days of free service

If they really meant it, they'd drive down there with a truck full of dishes and hand them out for the one month, then collect them back from those that don't want/don't need it after the month. They could put a hold on the people's credit cards as surety for the loan of the dish.

That would be a real PR coup, as opposed to half arsed idea that will cause a backlash almost as big as the original coup...

Before we put half a million broadband satellites in orbit, anyone want to consider environmental effects?

big_D

Re: Environmental effects

It messes up navigation though. I was out the other night and looking at the stars, trying to get my bearings and there were strings of "new" stars that were so bright, they blocked out the real stars...

Using 1Password on Mac? Patch up if you don’t want your Vaults raided

big_D

Re: Why aren't CVEs noted in1P release notes?

If is on the first line of the 8.10.36 release notes. 8.10.38 has CVE 2024-42218. Both 42218 and 42219 come from Robinhood's Red Team and seem to be similar issues.

July 9 2024

1Password for Mac 8.10.36

This release contains an important security update related to CVE-2024-42219. Please see the accompanying security advisory

and

August 6 2024

1Password for Mac 8.10.38

This release contains an important security update related to CVE-2024-42218. Please see the accompanying security advisory

big_D

Re: Quick and easy update.

Yeah, mine updated yesterday morning, but got a heads up as to why from Davey Winder on X later in the day.

WordStar 7, the last ever DOS version, is re-released for free

big_D

Re: WordStar

It is very frustrating, when you are on a Ryzen 7 or Intel Core i7 and you are in the middle of a sentence and Word just freezes up for 10 seconds, then carries on as if nothing happened. I mean, it isn't as if the thought flow is important, when you are writing...

big_D

Re: WordStar

I first used WordStart on an Apple IIe... With a Z80 co-processor and CP/M. I worked at a shop that refurbished computers bought from the liquidators. I got to work on around 2 dozen different types of CP/M systems, this was 1981/82,

Later I used it DOS, it was great, although my all-time favourite was Arnor's ProText on the Amstrad CPC6128, Amiga and DOS.

During the 80s, I got to use a range of different WPs, including WordStar to WordPerfect (DEC VMS, Amiga, DOS and Windows) and IBM DisplayWrite IV, Wordsworth, Microsoft Word for DOS and several others.

Users call on Microsoft to update Outlook's friendly name feature

big_D

Re: Headers anyone

What happened to the days, where formatting and embedded images were considered to be not just unhelpful, but discourteous and impolite?

Google gamed into advertising a malicious version of Authenticator

big_D

I always recommend...

"We recommend avoiding clicking on ads to download any kind of software."

I recommend avoiding clicking on ads. I never click on ads, I go direct to the site in question and use a voucher code, if there is one, but I never click on an ad, if I can help it - a few time X has interpreted finger scrolling as a click...

Proofpoint phishing palaver plagues millions with 'perfectly spoofed' emails from IBM, Nike, Disney, others

big_D

Re: did not expose any Proofpoint customer data

Exactly, talk about not reading the room...

big_D

Insecure by default

How can we still have service providers delivering insecure by default set-ups in 2024?

Surely these things should be closed down by default and not let any traffic in, until the customer defines which mail servers (in this case) are valid and allowed to send traffic. It is perhaps annoying, when setting up that things don't work without configuration, but I'd rather I have to "get it to work", rather than it works for everybody who wants to impersonate me in its standard state...

Post-CrowdStrike, Microsoft to discourage use of kernel drivers by security tools

big_D

That is how Windows already works and why most crash loops are recoverable.

But... The MDR tools are special drivers with an additional flag of "under no circumstances allow the PC to start without this being loaded". This is reserved for things like storage drivers, but also MDR tools, they have to be loaded first, in order to be able to detect whether malware is trying to get itself loaded. If the MDR is deactivated, or is loaded later, you might as not have bothered paying all that money for the protection, because it is useless.

The only option is for Microsoft to ban everything from Ring 0, apart from its own code. But, the anti-malware software will probably have to be the last thing to be banned from Ring 0...

big_D

Exactly, and, it is cheaper and easier to reboot a PC into safe more and remove a dodgy file, rather than having to replace thousands of devices, rebuild servers from clean system images, install and configure the software, then restore the data (and only the data) from backups - if they haven't been compromised).

big_D

Because they are busines-critical production systems and therefore the prime target for attackers... The rollout of updates happens multiple times a day, most companies just don't have the staff to be constantly testing the definition updates, especially when only one in, say, 15,000 updates has any problem.

Checking that new versions of the driver are reliable can be done, because that probably only gets update every few months or a couple of times a year, but checking each of those "definition" files, which are essentially code repositories, multiple times a day is beyond the scope of most IT departments and they'd have a huge staff churn, as people would be sick to death of running hundreds of tests, releasing to production, running hundreds of tests, releasing to production... multiple times a day. They'd never have time to do anything else.

Even then, unless you were lucky, your tests probably wouldn't find anything, or you'd be constantly writing new tests as each definition file update would bring new changes to test against...

In an ideal world, yes, those updates would be tested, before being released, in practice, the IT department doesn't have the resources or the money to do it effectively and if they can manage, maybe 2-3 checks a week, they might as well not bother using MDR software in the first place, as it is often protecting against new, active threats that started within the last few hours.

TeamViewer says Russia broke into its corp IT network

big_D

Re: Heart attack material

On the other hand, companies with hundreds or thousands of clients all running TV, that is a tempting target...

Oracle Java police start knocking on Fortune 200's doors for first time

big_D

Agreed, but, thereagain, our vendor selection runs thus:

Vendor: "It runs on Oracle Java SE."

Us: "We user openJDK, does it run on that?"

Vendor: "No, it has to run on Oracle Java SE."

Us: "Thank you, next please."

big_D

Re: Do Azul actually know what they're talking about?

The PoS is usually a sealed device and doesn't allow the "owner" to do anything else with it. So there is probably a separate licensing agreement with the manufacturer for that, whereas a Java Runtime installed on PCs and servers in the organisation is treated separately.

Wells Fargo fires employees accused of faking keyboard activity to pretend to work

big_D

Re: Whatever happened to measuring output?

For me, it is checking the small print in legal documents. There you really need to read and understand every word, otherwise it can work out very expensive.

I've had to return contracts for alteration many times, because the terms were unacceptable. I doubt an AI, at least using current LLM technology, would be able to work out the negative consequences of some lawyer speak. My biggest problem was, I did this for some US contracts we got (I work for a German company in Germany) and I did it so well, they gave me all the German contracts that came in as well, I'd have loved an AI that could get around German lawyer speak! But even a translation AI manages to get every 3rd sentence wrong! I had to really improve my legal German in order to be able to evaluate the documents.

In fact, translation is one of the worst areas I've seen for AI. My German isn't bad and I had to translate some documentation from English to German and the elementary mistakes it made, made the tool absolutely useless. It was quicker and easier to manually translate it - my translations were accurate, but a long way from being professional (I know, I did an internship at a translation service a few years later). Even today, running text through services like Google Translate are laughable at best, downright dangerous at worst.

big_D

Re: Whatever happened to measuring output?

Yes, exactly. Thankfully such spying on employees is illegal here and my employer looks only on the results, not what you are doing every minute.

A few colleagues did try mouse jigglers (software and hardware) as a way to get around the GPO to lock the desktop after 5 minutes of inactivity, not to show they were working, but so that they didn't have to keep unlocking their PCs. But they were banned, for security reasons, not for trying to look busy.

Defiant Microsoft pushes ahead with controversial Recall – tho as an opt-in

big_D

Re: The year of Linux on the desktop (TM)

My work laptop died last year, jus before Microsoft were due to announce the Ultra chips, so I managed to get an old laptop out of the spares cupboard at work (a MacBook Air M1) and set that up as an interim solution. Then Qualcomm announced the Snapdragon X Elite and then Intel the Ultra and the Elite sounded much better, so I decided to wait for that, now there is Lunar Lake coming as well, but then we had the Recall fiasco and, to be honest, the MBA does everything I currently need, and silently, that I'm not really in a hurry to get that replacement Windows laptop at the moment.

big_D

Re: Bait and switch

They always said that it required Pluton and Hello ESS, that isn't new to the equation, and nobody has yet had a chance to test it on such a platform.

The question is, what exactly does Pluton and Hello ESS bring to the equation? Without it, it is a complete dog's dinner and about a secure as a collander. The question is, are they simply talking about Bitlocker being enabled, or are the jpeg files and the database encrypted until the user identifies themselves directly to Recall itself? That last part means that the hypothesis will need to be tested again, once actual hardware is available to test it on, whether it really is still the nightmare we see today, or whether Microsoft can pull some miracle from up their sleeve...

big_D

Re: Camel and straw

Their privacy has been threatened for years, but they still use Windows, Google Search, Facebook, Instagram, TikTok etc... I

Most people want it cheap, convenient, easy to use and cheap. Many are perfectly willing to put up with the abuse of their personal data, if it means they can get things easily and it is cheap, or better still, free...

big_D

Re: Camel and straw

That would be illegal, over here. It could cost the company 25M€ or more, if they were caught doing something like that.

Rarest, strangest, form of Windows saved techie from moment of security madness

big_D

I worked at software company that finally turned off its last VAX 8000 in 2015 - they finally got their last customer to migrate from VAX to a Linux server...

big_D
Coat

Where do you think the email with the attachment came from? Carrier pigeon? ;-)

big_D

We had a client with Alphas, so I got to see and use that. I saw the PowerPC, but, like you, I never saw it running on MIPS.

A shame, I always loved the Alphas, especially when they were running VMS or UNIX...

Microsoft foresees a new type of AI PC: A Surface designed with help from machines

big_D

Hmm, scaled up to use thousands of cores... Sounds like, "you too can benefit from scaled up Abacus FEA*".

* Can result in increased license cost and compute a huge increase in your compute bill.

Apple gets in on the AI PC hype, claims fanless M3 MacBook Air is fab for LLMs

big_D

It isn't just the SoC, macOS is more economical on memory.

My Windows laptop died a few months back and I was waiting to see what the next generation Intel processors with NPU brought to the game, so I dug out the MacBook Air M1 we used for our old MDM solution for managing our phone fleet. It had been sitting in a cupboard gathering dust for 18 months.

It was the base model, with 8GB RAM and 256GB storage.

My Windows laptop had been expanded from 8 to 16GB, because Teams brought it to its knees, when there was a 5 way or more conference. I'd generally have to start closing every other application to stop Teams stuttering. With 16GB, it was usable.

The MBA with 8GB is just as usable as the Windows laptop was with 16GB - and the MBA is running Windows 11 on ARM with a couple of legacy applications that don't have a Mac equivalent, plus the relevant anti-malware software running on both sides! Performance wise, it doesn't feel any slower than the Windows notebook, which was about the same age. The new 13th Gen. laptops of my colleagues feel a little faster at some tasks - mainly those legacy programs that are running in the Windows VM - but not noticably so, that I am screaming for a new laptop...

I'll probably wait until the MBA dies or wait and see what this years Intel and Qualcomm chips bring to the mix, before I get a new Windows laptop.

big_D

Re: Dual monitors

Yes, I went with a single 44" 4K monitor in the end, instead of dual 24" 1080p displays.

I generally have my work windows spread across the main display and Teams on the internal display. Not ideal for many, but it works nicely for me. Glad to see there are more options going forward.

Dell staff not alone in being squeezed to reduce remote work

big_D

Re: Stupid move

It is also execs looking at long leases on buildings that are standing empty or only partially filled and they can't get out of the contracts...

Australia passes Right To Disconnect law, including (for now) jail time for bosses who email after-hours

big_D

We can't have company email or other communications tools on non-company devices (also no private data on company devices) and mine is also set to do not disturb at 16:30. The only out-of-hours messages we tend to get, apart from the hundreds of emails from the backup servers, are of the "I have to go to the doctor's tomorrow, so I'll be in late" type.

big_D

Re: C-Suite solution?

I was on leave and forgot to turn off my company phone, as I went to turn it off, I noticed a message from another member of the team asking about an issue with a server I had set up. I gave a quick reply and got an answer from my manager saying, "thank you, now, TURN THAT PHONE OFF and enjoy your leave!"

big_D

Re: C-Suite solution?

In Europe, that would break maximum allowed working hours per week (48), and at least 11 hours to recouperate between shifts/working-days.

My employer won't let us use private phones for work (no contact from the company on private phones, no email etc. on private phones) and company phones to be turned off out of hours, we generally leave our phones and laptops in the office, when we go home. Although I sometimes take mine with me, or when I work in home office.

The only messages we tend to get out-of-hours is when one of the team, including our manager, is ill or has to take a kid to the doctor's etc. and they write a quick note to say that they will be arriving late.

Half of polled infosec pros say their degree was less than useful for real-world work

big_D

I didn't learn anything new, when I studied. I had taught myself machine code, Assembler and BASIC, before I went into higher education. The first lesson was to write a simple program to show how much we knew, I finished the task within 10 minutes, for the rest of the hour, I knocked up some machine code (we didn't have any reference books and this was before the Internet). The professor came around at the end of the time to see what we had done. Her reaction was, "wow, I didn't know you could do that with a computer!" The course went rather down hill from there...

That was a general IT course, not cyber security, but the principal remains, if you don't have the lecturers with the real world experience, you won't learn much.

In many areas, especially cutting edge technologies, you can often do better teaching yourself and learning by doing than a college or university course. If you are lucky, you will find a professor who can guide your learning, but the technology changes so quickly, they will often be learning with you.

Wait, hold on, everyone – Mozilla thinks Apple, Google, Microsoft should play fair

big_D

Re: zero cost

You seem to be confusing value with money. They aren't the same thing.

Media experts cry foul over AI's free lunch of copyrighted content

big_D

Re: Ad Revenue

If they AI company could in some way tell, which sources were used for which answers. I believe that, due to the way the LLMs work, unless there is a specific chunk of text that is a verbatim copy, it would be nearly impossible to tell, whether the answer came from NYT, WAPO, Medium, The Guardian or some private blog...

At the moment, AI is a parasite that will kill off its host. There are certainly some uses for AI, but if it continues like this, there won't be any current affairs sources left to plunder in the future.

They have to learn to become a symbiot with the creators of content. Without fresh information, the AI will quickly become useless, but if it then fails, we won't have any traditional reporters to fall back upon.

Michael Dell: Don't worry about AGI, after all we solved that ozone layer thing

big_D

Re: New nouns, old tune

I'm putting in my application to join the Turing Police today, no time to waste, I always loved the idea of the TP, now it looks like it might become reality.

Microsoft pulls the plug on WordPad, the world's least favorite text editor

big_D

It was also a great tool for recovering Word documents that Word and other word processors couldn't read.

BT misses deadline for removing Huawei from network core

big_D

The kit that is still in use is 2G and 3G, which is planned to be phased out anyway.

It wouldn't surprise me, if they have replaced all 4G and 5G kit, they don't get an extension for legacy 2G/3G kit and allowed to push the cut-off date for turning off 2G and 3G services, as opposed to replacing that kit.

Amazon already has a colossal ads business and will extend it to Prime Video in January

big_D

Re: No comment on how this has been received by Prime members?

Amazon has been doing pre-roll ads on its shows for years - usually promoting other shows, but an ad is an ad...

big_D

Re: No comment on how this has been received by Prime members?

I just got the email in Germany this morning, that in February, they are going to start showing adverts in films & TV shows, so they can continue to provide live sports coverage...

I didn't know they did live sports coverage. I'm not interested in sports coverage. Why not charge people who watch sports for the live sports coverage?

‘I needed antihistamine tablets every time I opened the computers’

big_D

Re: These stories are crazy

It is also logisticall easier and cheaper to put the PC near the screen, rather than have it in a back room and a 20M+ HDMI cable run all around the public area to the screen. I've seen both ways, neither is a very good solution.

big_D

Smoking room? Server room?

When I first started work in the 80s, we had a network of Macs and a Mac Plus was set aside as a file server, with a "massive" 40MB external hard drive. But where to put it? It and the network printer were put in the smoking room! Thick stale smokey air, not pleasant, when you went in to get a printout, even worse for the health of the "server".

My dad used to work for a company that did piping in the 60s and early 70s, they'd plan and build the pipes for factories. One was, allegedly, the a sugar based drink manufacturer that wanted to teach the world to sing, there, all the piping had to be glass, where possible, as stainless steel pipes would need replacing every 6 months due to corrosion.

They also did work for breweries, they were taught to drink beer "quickly", in one go, just opening the throat and pouring it in. They'd have to drink 3-4 pints, before they could enter the brewing area, otherwise the fumes would make them drunk. One guy didn't bother, one morning, just went straight in. When the others had drunk their ration and were ready to enter, they found the guy up in the rafters, balancing on the beams and running backwards and forwards, totally off his head!

You can't deepfake diversity, and that's a good thing

big_D

Re: Reverse diversity...

In 18 months, with the ads on the website and all of the job portals for Germany, we had less than 8 responses for admins. We took 4 of them, but 2 were re-trained and have no real knowledge of IT, so we are having to train them up.

We just happen to be in a region that isn't fashionable - we are in a rural town and a lot of people only want to work in the big cities, so finding anybody is often hard.

On the other hand, I get head hunters contacting me constantly for jobs in Munich, Hamburg, Dusseldorf, Frankfurt or Berlin. Thanks, but not thanks. I like the job I have and I like the region I live in. I have a higher standard of living than when I would work in a big city, even though I'd theoretically earn more.

big_D

It just works...

I do remember sending out an application to the customer in the late 90s. It was issued to their regional offices in around 60 countries around the world. After 2 years, we'd had 2 bug reports! And one of those was a bug in Windows.

I'd written the spec and the test cases before the other programmers started on the project and everything just seemed to click with the project. It was probably my proudest moment.

The Windows bug? There was a Win32 API for returning the month names in the local language... I tested it on German and French Windows, as well as British English. It worked fine. Then we started getting bug reports when it landed in the different countries. They weren't using local language versions of Windows, they were all using "International English" and a bug in the API meant it returned "January" as the name of all 12 months! After talking to the client, we just hard coded it to January through December as all employees had to speak English and the local translation wasn't necessary.

big_D

Reverse diversity...

When I started in IT, about 40% of the office was women and there were diverse races in the mix as well. That was in the 80s. I worked at a large consultancy and 2/3 of my bosses over the 15 years I was there were women and they were much better managers than most of the men I worked for.

In more recent years, each new job I've had has been less diverse - and not for want of trying, in my current job, we looked for a couple of new co-workers for 18 months, no females applied, although we did end up with a Ukranian and a Turk joining us, as well as 2 native Germans. I suppose you could call me diverse, as I am a British immigrant, working in Germany...

Your online store down? Can't get to your fave web shop? Maybe blame Shopify

big_D

Re: You know the drill

Funny you should mention that, on Tuesday, our anti-malware solution was flagging assets coming from the Shopify domain as malware...