Posts by ACZ

Re: Well...

I hate to say this, but I suspect that the day-to-day reality for many/most organisations is that they don't have (or won't allocate) the budget necessary to do that properly, let alone continue to do it properly over many years. Mission creep... :( In fact, they probably won't have the technical knowledge or competence to do it or realise that they need to do it. Just don't store non-essential information electronically, and document the fact that it's official policy to reduce risk in the event of a digital heist.

Re: Consistency

Exactly - any model changes (even a version change of an existing model) can cause significant (and potentially undesirable) changes in output.

We all know that 4o is far from perfect. However, stable, predictable, tested and validated output is essential. Any model update requires careful testing with predefined sets of inputs and detailed analysis of the resulting outputs to ensure that they are acceptable - can take many days of testing, especially if you've got additional functionality (using newer models) hanging off initial output from an older model e.g. 4o. It's often better to just pay for the older models than have to go through an upgrade/update cycle especially since the required end result is zero change/improvement in output.

So long as there is e.g. six months notice of deprecation of a model from the API then that's fine and it can be built into the work schedule.

Conversation when the new crosswalk buttons are delivered

Manager: "We've got some new talking crosswalk buttons that we're going to deploy. The instruction guide says that we should change the default management passcode, so we should probably change it - we don't want them getting hacked."

Team member: "We could set a different passcode on each one."

Manager: "Great idea. But we'd need to record that somewhere. We could try our asset management system, but each asset requires an asset code which we'd have to permanently mark on the asset and we don't have the budget to do that for a crosswalk button.

And anyway the asset management system would need a custom field adding for this and we don't have the time or budget to have that done.

And we would then need a special "Crosswalk button deployment procedure" which would have to be written, reviewed and approved.

And then we would need an on-site post-install check to ensure that the new procedure had been followed for each new crosswalk button.

And we'd need an annual audit to make sure that all procedures were being followed properly and consistently, and we really don't have the time or budget to do any of that.

So let's just change the code to '2345'.

Or we could just leave it at '1234' - nobody's going to want to hack a crosswalk button..."

Re: A solution for US multinationals.

Forgot to say - the alternative of course is that the US economy will crash, there will be wage deflation (together with the price inflation) and the US will end up worse off relative to the RoTW. Ho hum...

Re: Questions will doubtless be asked

Yes - it is surprising that Heathrow isn't able to withstand this kind of event, especially given its nature as a piece of major national infrastructure and the fact that any disaster management planning must have covered this scenario. The TFL website is showing underground trains on the Piccadilly Line running to Hatton Cross (a 4 minute walk from the Heathrow T2/T3 tube stop). As other commentards have said, why not have a load of generators ready to fill the gap in the event of a power failure? - the capital/operational cost would be minimal compared to the cost of Heathrow being shut for a few hours, let alone 24 hours.

No need for stamps/labels nowadays

No need for labels or stamps nowadays with https://stampfree.ai/

Re: Metà are the scummiest

Absolutely. A fundamental thing here is GDPR, and whether compliance with it can be guaranteed using rh information which would be made available if these requests (whatever they are) are allowed.

Given that Apple have zero control over the third parties who are requesting access to APIs/interoperability features, I could easily (and understandably) see Apple arguing that where allowing any request could result in personal information being made available (particularly about people other than the device user) then the GDPR provisions require them to refuse the requests.

Good question - given that precision is the key thing here, that's a potentially big issue. I'm wondering if e.g. they have got some kit (for example, a calibration/mapping device that can trundle along the court lines and gather relevant data) to ensure that court markings are precise, or at least so that they can include the exact position of all markings in the mapped "virtual court".

So "payload mass simulator"?

Re: "Ignatova remains at large"

The BBC podcast series on her (linked in the article) is great - do have a listen

Re: Security vs Convenience

Exactly - if I'm logging into a system then just present me with a screen asking for a one time passcode from my authenticator app. It's not difficult and only takes a couple of seconds. The system should fail safe, and push notifications requesting approval are the total opposite.

The problem here is push notifications per se, not user fatigue.

Wind would definitely be nicer - actual renewable power. However, I suspect that one of the big wins with the fuel cells will be the relatively short delivery timescale and the stability of the power supply - you can have as many wind turbines as you like, but if there's no wind then you'll be sharing the same very finite grid resources as everybody else.

Re: He's toast

Hate to say this, but I suspect that the fire wardens may have been holding the fire doors open for everybody *because* of the high security entrance.

Re: The SATCOM network was taken down (mostly in Ukraine and Germany) (...)

Here's a link to the detailed technical write-up:

https://www.reversemode.com/2022/03/satcom-terminals-under-attack-in-europe.html

Note in this thread reference to a Der Spiegel article on this as well with an alternative explanation.

Re: New! Improved! oxidiser!

And includes a few words at the beginning from Isaac Asimov, including these two fabulous paragraphs:

"Now it is clear that anyone working with rocket fuels is outstandingly mad. I don't mean garden-variety crazy or a merely raving lunatic. I mean a record-shattering exponent of far-out insanity.

There are, after all, some chemicals that explode shatteringly, some that flame ravenously, some that corrode hellishly, some that poison sneakily, and some that stink stenchily. As far as I know, though, only liquid rocket fuels have all these delightful properties combined into one delectable whole."

;)

Re: Nice

I keep on meaning to try PiHole - currently pointing LAN DNS at an ad-blocking DNS server, but getting PiHole on the LAN would be much nicer.

Re: Ok, I have a question

Or it might just temporarily enable wifi to phone home...

No GPS required

You don't have to use the MS authenticator app - Authy, Google Authenticator etc all work as well - IETF RFC 6238, I believe. The only permission that Authy has got on my phone is Camera, so no GPS.

Re: Realities

Next, you'll be telling us that you include comments in your code so that it's easy to understand and review ;)

Re: The best product doesn't always win

Ahhh..... WordPerfect 6.1 - it was absolutely magical. Reveal codes to show what was going on under the hood, a couple of minutes spent deleting unwanted bits and pieces, and job done - perfect. Small docs as well, which was helpful back when a 1GB drive was expensive.

Oh... and the document indexer was great as well - we had a structured file system for all our documents/correspondence, and the indexer ran every night. Ended up with a searchable index of >100,000 docs and it only took a second or two to find what you wanted. Not bad for the 90's :)

Re: Security is hard

This hits the nail on the head. Unfortunately, the vast majority of people are lazy about security. And even if you're not being lazy, how many people actually double-check the URL of a link before clicking on it? How many people check the SSL certificate on their email provider when it changes? How many people check the issuing CA on a certificate before deciding to trust it?

I suspect that even if you tried to block people from entering card details (i.e. recognisable patterns of information corresponding to a card), the workarounds employed by bad actors wouldn't deter people. In fact, the workarounds would probably be dressed up as being *extra* security to encourage people to trust the site...

This is an issue of human behaviour, a subconscious desire to conform, and a generally irrational desire to complete something once we've decided to do it. Especially when it's a really good deal and somebody else might beat us to it - quick - buy buy buy.

The simple fact is that people want to enter their card details and complete their purchase :(

Re: Why are these even legal ?

Like people have said above, it's a compromise agreement/settlement agreement, i.e. we are sacking you but want some additional undertakings (e.g. that you won't sue us for age discrimination, or won't engage in a class action). You don't have to give them to us, but if you do then in exchange (as a compromise) we'll give you some extra benefits (e.g. cash / pension etc. etc.). There's no requirement to sign it, but people often do because they want the additional benefits.

However, the issue here is that IBM have allegedly failed to comply with the statutory requirements which make such an agreement legal i.e. have withheld the age data.

Re: "HMRC settled the tribunal case immediately before it was due to start"

Here's the decision... https://www.gov.uk/employment-tribunal-decisions/ms-s-winchester-v-commissioners-for-hm-revenue-and-customs-and-others-2207946-2017 - brief, but an indication of the time and money that will have been spent on this.

I suspect that it's the (unfortunately) regular occurrence where it's only when somebody who actually understands the law (so in this case, clearly not HMRC themselves) gets hold of the case that the right thing finally gets done. Let's hope that the whole court proceedings process hasn't been too much of a toll on Susan Winchester or her business. Could this be the death knell for CEST?...

Re: host file?

I'd definitely suggest giving dns66 (https://github.com/julian-klode/dns66) a tryt - it'll set itself up as a VPN on your phone so all traffic is routed through it, and then just black-hole ad sites. Don't know whether the domains the FB app is talking to are blocked by it, but it's worth a try. If the problem app is installed as a system app then you might have to go into the dns66 "APPS" settings and toggle it to show system apps since dns66 is set up so that traffic from system apps is (by defaut) not re-routed.

If using dns66 then you can also get it to use a chosen DNS server, e.g. an ad-blocking DNS server.

I seem to recall that part of the reason why MS were able to resist the original warrant (and why e.g. Google weren't in other cases) was that they had compartmentalized things and that MS (USA) wasn't actually in control of the data.

Irrespective, the Data Controller at MS (Republic of Ireland) is responsible for safeguarding the data located in the RoI under local (EU) laws, and so they should be able to block any request for the data from the US Gov via MS (USA).

It'll be interesting to see how this one pans out...

Re: Patient data is a national asset

They're already doing that with allowing the likes of Google to access patient data on NHS Spine and do analytics/ data mining on it. At a fundamental level, that kind of thing (subject to *proper* data protection) has a real potential to deliver clinical benefits for patients. However, for that to happen the data custodian must guard the data and ensure it is properly protected. Without that, nobody will trust the NHS and, hey presto, a large group of patients (inevitably including some who are highly vulnerable) won't engage with medics / the NHS.

Re: So...

Erm...the bill says that insurers don't have to cover you if there is "a failure to install safety-critical software updates that the insured person knows, or ought reasonably to know, are safety-critical".

So if there's no "safety-critical software update" then you're still covered by your insurance policy. If the manufacturer EOLs the vehicle and stops supplying patches then the insurer can't dump the liability on you. Then again, it might not be possible (or might be very expensive) to insure vehicles (which drive themselves) when the manufacturer decides that they have gone EOL. Then again, you won't actually own a car anymore will you? Odds are you'll be in an Uber (or suchlike) vehicle.

:)

Or did the .co.uk domain owner register the .uk and then transfer it?

Re: That's not how that works

http://standards.ieee.org/news/2011/80211z.html -

"1. IEEE 802.11z reduces the number of times a packet gets transmitted over the air from 2 to 1."

"3. If client devices are perhaps newer and capable of operating at data rates or in frequency bands not supported by the access point they can do so."

:)