* Posts by Uplink

193 publicly visible posts • joined 7 Apr 2010

Page:

Uncle Sam's had it up to here with 'unforgivable' SQL injection flaws

Uplink

Simple but complicated solution

The problem with SQL is that it's human-writeable text that can be concatenated on a whim. Solution: replace with binary protocol. Well... at least disallow direct coding of it - use builders.

Reasoning: if you want to keep humans away and let the computers build the safe commands, you make it really hard for humans to write it directly. Humans get to use a builder with that has safety built-in.

For example: Nobody is writing machine code. Nobody is really writing asm either. We use compilers. Make builders for SQL and Regex, and disallow direct string writing (the binary protocol is the sledgehammer that helps with this), and now the coders have to find a different way to introduce vulns without realising.

Chrome users – get an alert when extensions are in danger of falling into wrong hands

Uplink

Re: Money Money Money

Yeah, it should be used in the plural. Everyone who doesn't know how to use a computer at hacker level is essentially included, regardless of how old they are.

We challenged you to come up with tech predictions for 2024 (wrong answers only) – here are some favorites so far

Uplink

Some coding AI will be asked to write code that deletes the AI platform itself (exploiting a bug only the AI knows about), it does so, and it actually works.

Robot mistakes man for box of peppers, kills him

Uplink
Coat

Hugs

The robot was grateful for the engineers work on making it more efficient, and wanted to give him a hug, that's all.

Google, DeepMind accused of 'stealing the internet' to create Bard AI chatbot

Uplink

It may actually be that simple.

Learning and then using that information to make things is fine - even if you learn it by violating copyright law, as it's not easy to prove that you read books and articles and watched films against the terms and conditions (I'll refer to improperly sourced material again below).

It's when you start disseminating that learned content verbatim to others against the original terms and conditions where you'll be in the wrong. If you quote your sources in newly produced original material, even those accessed against terms and conditions, you're probably in the clear though.

Let's go to the level where the LLM sits: you produce content based on the things learned as described above, but for an employer, who then takes that and makes money. They may even give you new material to study in order to perform your new material creation duties. That's still fine, isn't it? Even if the material was sourced against the author's terms and conditions (and even if the obtainer is caught and sentenced).

Now, being the money maker that he is, your boss replaces you with a much more efficient tool: the LLM.

By my reasoning, as long as the LLM doesn't reproduce the original material verbatim, everybody is fine (except the now-starving content creators that have been obsoleted).

The LLM owner may be much easier to prosecute for improperly sourcing training material against terms and conditions than the general population though - until we all get pocket LLMs and proceed to apply the copier machine principle at high speed.

As the Renault Twingo ad says: "We live in modern times". Things will get very interesting soon.

Microsoft makes Windows Server 2022 licenses a little less cynical

Uplink

Re: Squeezing the process

Wait... They attempted to patent a billing structure? If such a patent does go through, it may be time to bring out that implement that the French used to make their royals lose a little bit of weight.

Microsoft stumps loyal fans by making OneDrive handle Outlook attachments

Uplink
Trollface

Microsoft has a solution for this too

Just put those attachments into postcode files (that's how we say "zip files" in British). Problem solved :P

Ref: https://www.reddit.com/r/CasualUK/comments/12cwylk/microsoft_has_mistranslated_zip_files_as_postcode/

Debian dev to the rescue after proposal to remove Itanium from Linux kernel

Uplink

Re: This is called technical debt

That someone isn't forced to do this maintenance work. They choose to do it. And it's not affecting the general product in any negative way. It's not debt. It's legacy, which is a related but different paradigm.

When all willing maintainers go away, then of course it's a good candidate for removal if it breaks or gets in the way. Even without maintainers though, if nothing breaks or gets in the way, it's perfectly fine to have it zombie along.

India’s retail digital currency pilot launches on December 1st

Uplink

Hold up...

Back up a little there:

Participating banks distribute the e-rupee (e₹-R), in the same denominations available as notes and coins

What do you mean by "denominations" when it comes to digital currency? Does that mean that if I go to a shop they may not have enough change to give me because they don't have the requisite digital coins? The idea of "change" itself would arise from my lack of exact digital coinage as well.

Teen bought Google ad for his scam website and made 48 Bitcoins duping UK online shoppers

Uplink

Is that all it takes?

I should start a website like that for a short period, but you know, hide my tracks much better. Redeem vouchers with his own account? A newbie mistake.

Disclaimer: your honour, I made this comment hypothetically. If I were to actually go into cybercrime, I wouldn't brag to anybody, much less a public forum on the Internet, surely.

US nuke sub plans leaked on SD card hidden in peanut butter sandwich, claims FBI

Uplink

Was mega.io (accessed via a VPN, Tor, behind 7 proxies™) too untrustworthy compared to a physical drop location? What a waste of a sandwatch.

Samsung to sling 2nm silicon in 2025, 3nm process running a little late

Uplink

Re: What does "X nm" actually mean now?

Following your nice description, I guess processor manufacturers should have continued with the GHz numbers without actual GHz in the processor. We'd be at 20 GHz on a 1.5 GHz processor by now, if I'm guessing correctly.

UK umbrella payroll firm Giant Pay confirms it was hit by 'sophisticated' cyber-attack

Uplink

Sophisticated

I'm guessing that their "senior" Laravel "developer" didn't bother himself with junior-level stuff such as "syntax" and "preventing SQL injections", and "concerned themselves with the bigger picture"

I'm channelling some anecdotes I got from a friend who is conducting hiring interviews and so far has rejected all the "senior" developers that came his way, with one of them saying more or less what I said in the first paragraph.

Story of the creds-leaking Exchange Autodiscover flaw – the one Microsoft wouldn't fix even after 5 years

Uplink

Hello,

I would like to chime in and say that this problem isn't really a problem. Stop bothering me and my company.

Bill Gates

Lagos, Nigeria

Sent from my iPhone.

Fukushima studies show wildlife is doing nicely without humans, thank you very much

Uplink

A quote from some guy who uses this development in support of his policies:

"Kill all humans!" - Bender "Bending" Rodriguez.

Three million job cuts coming at Indian services giants by next year, says Bank of America

Uplink

New industry boost: scam calls

Is this part of the reason why calls about my national insurance number and getting warrants in my name have jumped in frequency? They want to show us that they'll take BoA's money one way or another?

Arm pulls the sheets off its latest Armv9 architecture with added AI support, Realms software isolation

Uplink

Re: RISCY

Well... The core is still RISC, and it's all about modules added to it. The instruction sets of each module may also be relatively reduced in size. Maybe we need a new term: Modular Instruction Set Computer - MISC.

Intel keeps adding instructions to the main instruction set (but pretends to be modular by giving each addition a new label), because backwards compatibility. ARM is just pick and mix - make it as reduced or as complex as you fell like. I think RISC-V adopts this philosophy too.

One could think of this as having a lot more coprocessors than just a math one.

The wrong guy: Backup outfit Spanning deleted my personal data, claims Cohesity field CTO

Uplink

Limits not imposed

Basically they didn't write any code to display errors when you reach a limit, but they're keeping an eye on it, likely with an excel sheet emailed to some higher up once a month. Then they store your data in /dev/null for free.

No phish for the likes of you, thank you very much! Google finds email villains are picky about demographics, country

Uplink

Who gets the least?

If I "move" to Nigeria will all spam disappear?

Project Ticino: Microsoft's Erich Gamma on Visual Studio Code past, present, and future

Uplink

They'll make their own UI framework. With blackjack. And hookers.

Linux maintainer says long-term support for 5.10 will stay at two years unless biz world steps up and actually uses it

Uplink

The part that's new to me is "talking to some companies". Sounds like the complainant, or even Broadcom itself, isn't in the loop about LTS.

There should be a policy prominently displayed (like an asterisk and a footnote) that says "we can go to 6 if enough people sign up", as this exchange seems to indicate the policy isn't clearly indicated.

Smartphones are becoming like white goods, says analyst, with users only upgrading when their handsets break

Uplink

Breakage as a feature

I'm not a Samsung fan, but I got a Samsung phone now after Google kept making the call volume go really low after a while on their phones and their suggestion was to clean the ear grid - done it, no effect.. Dudes, what?

Samsung also flipped a flag in an update and made my Dream View stop working (just another Samsung thing to do), but while annoying, I can live with it.

Cruise, Kidman and an unfortunate misunderstanding at the local chemist

Uplink

Just a murder

One of the customers of the tiny ISP I was working for had been murdered. My phone appeared in the call logs, so I was cordially invited to the police station to ask me about my whereabouts. They asked if I had had a call with the victim, but I totally forgot I did, and I said no. That prompted them to call me in again (somehow they didn't know about the call the first time, so I got to walk home across town only to be asked to walk back), and be accused of lying. Then it dawned on me that about half a year before I received one call from the victim about his Internet access. We never met in person. And when I mentioned that to the cop he appeared surprised that it was so long ago.

I'm guessing they were experts in murder investigation if it took me two trips to the station for them to find out those crucial details.

Apple appears to be charging Brits £309 to replace AirPods Max batteries, while Americans need only stump up $79

Uplink

You know nothing

Apple are just trying to do their part in supporting independent repair shops. Having a high price means you'll go to your local shop instead, supporting the local economy.

/sarcasm of course

On the 11th day of Christmas TalkTalk took from me... the email address of my company

Uplink

Phishing

Gentlemen and yahoo boys! Phishing poles, nets, and spears at the ready! Set! Go!

Mysterious metal monolith found in 'very remote' part of Utah

Uplink

Remote location

Remote location where one can get stuck even if they know the area, but somebody managed to get a big chunk of steel up there unnoticed and get back out without asking for help. Yeah, sounds legit.

Amazon's ad-hoc Ring, Echo mesh network can mooch off your neighbors' Wi-Fi if needed – and it's opt-out

Uplink

Imagined in a court of law

"It wasn't rape your honour. She didn't say yes, but she didn't opt out prior to the event in question, so it wasn't an explicit no either"

Headline: Dude walks away after justifying non-consensual sex act using consumer marketing law. Mass opt-out from women across the country. Congress considering law to make opting out harder.

Breaking news: Dude from previous story found dead, apparently because he didn't opt out of being murdered. Apparently his balls were cut off and he bled to death. Blunt pair of scissors found nearby. Testicles still missing. Here's a picture of them. If you see them, call the police immediately.

Frenchman scores €50k compensation for suffering 'bore-out' at work after bosses gave him 'menial' tasks

Uplink

I'd like to do nothing and get paid

Interesting... So all I have to do is go to France, get a job just before a recession, and then get paid for browsing the Internet - for my world domination plans.

Microsoft warns against SMS, voice calls for multi-factor authentication: Try something that can't be SIM swapped

Uplink

Drop all that

Authy user here, because of the convenience of SMS, with the knowledge that the private keys are mine. It survives across resets, and I can satisfy my ADHD by having it on multiple devices easily.

Ideally, SIM swapping should be fixed.

Getting an SMS to show that I'm in possession of my phone is very convenient, and it seems easy to implement at the login provider end even when they have code monkeys (a totally different security issue altogether)

It also works on dumbphones, for those who don't want to be tracked by Zucky, Gates, et al.

It is universally understood by people who otherwise don't know their Google from their Facebook.

The processes and PSAs should be as simple as a 5 year old can understand ("don't talk to strangers who call you out of the blue claiming to be from your bank, phone company, utility, dentist, child who's had an accident, investor who has the latest scheme to make you money, etc.) and the professionals can stand behind of.

Linux 5.10 to make Year 2038 problem the Year 2486 problem

Uplink

Future

Sounds like Oracle hit a problem with timestamps set in the future already and needed a quick fix, but didn't want to waste precious disk space either.

This should be taken as one of the first signs that this problem is starting to rear its ugly head and can't be put off much longer for software and structures that have't been updated to use 64-bit time yet.

UK tech supply chain in dark over Brexit preparations months ahead of final heave-ho

Uplink
Pint

Have you tried believing?

Just believe in Brexit. That's all you need. Then you won't have any more worries that things go to hell, and you'll just get to be surprised beyond belief when they do. Much less mental effort, and you get to enjoy your pint in peace.

Apple takes another swing at Epic, says Unreal Engine could be a 'trojan horse' threatening security

Uplink

Did Google back off?

The Apple saga may take a while more to develop, but did Google back off on this?

I'm asking because I see that Tinder is offering direct CC payments for their wares at a discount on Google Play, but not on Apple App Store.

Yet Epic's stuff isn't back in.

Better Java than Java: Kotlin 1.4 introduces new compilers for JVM and JavaScript

Uplink

Kotlin 1.4 Intermediate Representation

First, XKCD: https://xkcd.com/927/

What I'm thinking in relation to the XKCD is that the 15th standard is not a competing one, but one that deploys to any one of the other 14 as needed. It may become _the_ standard later, after nobody cares about the other 14 anymore, just like barely anybody cares about Assembly language and CPU instructions when developing software these days.

Then the crazy happens: Somebody develops standard 16 (rather than patch 15), the maintainers of 15 make it deploy to 16 as well, and the ones of 16 deploy to 15... And the winner is declared in a tug of war, not dissimilar to Betamax vs VHS, DVD-R vs DVD+R and HD-DVD vs Blu-ray.

I got 99 problems, and all of them are your fault

Uplink

Irreversible coincidences

It's ever so lovely when you fix one tiny thing and everything breaks. And then you revert the tiny thing and everything is _still_ broken. After you investigate the borkage, you end up with this question: How did this work in the first place? That's when I declare whiskey o'clock.

Gone in 15 minutes: Qualcomm claims new chargers will fill your smartmobe in a flash

Uplink

Dual battery technology

Well, I was wondering why they're not making battery packs of smaller batteries, and charge them at regular speed but in parallel. 10 cells of normal batteries, charged at regular speed, but with a result of 10 times less total charging time?

I can imagine that 10 cells that heat up at regular speed produce 10 times the heat too, and give you the Galaxy Note 7 experience. Yeah, that could be a problem.

You're testing them wrong: Whiteboard coding interviews are 'anti-women psychological stress examinations'

Uplink

So that's why I didn't get that job...

I had a whiteboard interview once. I was relaxed throughout. I believe I answered all their questions, but I didn't sweat one bit. I guess I failed the most important part then. Everything they asked me I had done on the job in the past, with some even fresh in my memory from the job I was leaving.

That, and the fact that I really didn't want to be in the office at 9 sharp given that their answer to "how often you guys do long hours" pretty much amounted to "it's rare when we leave on time"

'One rule for me, another for them' is all well and good until it sinks the entire company's ability to receive emails

Uplink

Poach me! Poach me!

I'd love to be poached and be paid to sit out my non-compete. And when that runs out, I want to be poached again! And again!

What do you call megabucks Microsoft? No really, it's not a joke. El Reg needs you

Uplink

Everest.

They sell windows and charge an arm and a leg.

Image-rec startup for cops, Feds can probably identify you from 3 billion pics it's scraped from Facebook, YouTube etc

Uplink

Insane Clown Posse

How well does it work with Juggalo makeup? Expect a steep rise in users if this takes off.

The Curse of macOS Catalina strikes again as AccountEdge stays 32-bit

Uplink

"We have enough money"

"Yeah... Pay developers for a rewrite you say? The alternative is that we lose the cash cow you say? Yeah, let's go to the beach we have enough money"

Uplink

The lawyers got a similar experience with GDPR, so it's not unheard of.

Eggheads have crunched the numbers and the results are in: It's not just your dignity you lose with e-scooters, life and limb are in peril, too

Uplink

Re: Elbow, and not electric

Nope, I was about 9 months younger than when I wrote the comment. Age: 36. The surgeon said my healing is quite good compared to the average (hey, does anyone want to research my genome to see if I'm special?)

They say specialist surgeons (elbow in this case) have much better results than general surgeons because they know much better how to put the bones back together rather than randomly glueing them together and calling it a day.

Uplink

Elbow, and not electric

Meh, I injured myself the old school way: kick scooter (i.e. I was the engine), hit a kerb with my front wheel, flew like Superman, did a screw through the air, landed on my left elbow (dislocation and terrible triad injury). Helmet wouldn't have helped me :)

Cause: good old speed (the m/s kind, not the kind mentioned in the article) and lack of judgement

I was seen by an elbow specialist and my healing is astounding after 9 months. Very little loss of range of movement.

No horrific butterfly keys on this keyboard, just you and your big, dumb fingers

Uplink

How about a Magic Leap?

It's a heck of a lot of work, but just make the whole computer virtual. Put your Magic Leap on (hopefully you get a future version with better field of view), look at the table, ta da... fully working laptop or desktop computer.

And you get the same inability to touch type as with this invisible keyboard.

No wonder Bezos wants to move industry into orbit: In space, no one can hear you* scream

Uplink

Re: Rocketry

Reminds me of Manna by Marshall Brain https://marshallbrain.com/manna1.htm so maybe Bezos read that and thought "what a wonderful idea"

Interpol: Strong encryption helps online predators. Build backdoors

Uplink

Re: Or I dunno...

So something like this, really: https://www.unseenuk.org/what-we-do/Helpline-&-Resource-Centre

We are absolutely, definitively, completely and utterly out of IPv4 addresses, warns RIPE

Uplink

Yo, Vodafone

I'm on Vodafone fibre. No IPv6 yet or even planned. They did find time to send me a new router that my laptop doesn't like though.

Three UK does it again: Random folk on network website are still seeing others' account data

Uplink

Low data notifications

Is that why Three is texting me that my data allowance is low? I mean, I only have 1.6 GB left out of my 2 GB, and to some people that might be low, but come on.

Several months after the fact, CafePress finally acknowledges huge data theft to its customers

Uplink

Don't roll your own security

"why passwords were not properly encrypted" - because nobody checked the code, and they rolled their own security module?

The security module developer might as well have been a contractor too, and then the motto of "it it ain't broke don't fix it" was applied. I mean, it was working, right? No need to look into it to see how it does it - no time for opening cans of worms.

This usually involves using a framework that provides pretty much all the scaffolding you need and lets you focus on your business logic. Don't roll your own framework either.

Clutching at its Perl 6, developer community ponders language name with less baggage

Uplink

Choose your appeal and thus success

Camelia is a nice, pleasant name, and it can draw people in via the sexual-emotional route.

Raku can bury the language.

Technical merits? They don't matter that much. Would you rather tell people that you do Camelia or Raku? Sounds to me like I'd rather admin to writing Perl than Raku.

Page: