Posts by TaabuTheCat 185 posts • joined 30 Jul 2010
They are suing the Pappas restaurant chain because they own a LOT of very popular and profitable restaurants. They are no mom and pop organization - I think at one time (and maybe still) they were one of the largest employers in the Houston area. Just going where the money is...
Because as the article noted, some orgs believe if they just follow this list (or the CIS Top 20, or Bob's Security 100 for Dummies), they've done their part. Truly a curse indeed when used this way. But it's *something*, and maybe at least gets people thinking a bit and addressing the low-hanging fruit. But as noted, it's reactionary, and that's never a good place to be in InfoSec.
"...application menus appear in the top system menu bar, not on the application window."
Even after years of using a Mac as my personal computer I still cannot get used to this coming from Windows all day at work. That a window can be in front of other windows but not be related to what's showing in the menu bar seems wrong from good UI design principles, i.e. the menu that's showing can be completely unrelated to the window taking up the other 95% of the screen. And don't get me started on the menu bar showing for an app with no windows open at all in that app - hello Messages, Finder, etc. - and needing to go to the menu bar to get to an app window.
Obviously there are people that love the way MacOS does this since it's being copied here, but I wish MacOS would allow a choice to attach menus to the application window. Maybe I just need some enlightenment on why MacOS has this "right"?
When I worked in Texas we used to do bi-annual real production failovers to our backup DC, run for a couple of days and then fail everything back. It was how we knew we prepared for hurricane season. Interesting how many orgs don't consider failback as part of the exercise. One of my peers (at another org) said management considered the risk too high for "just a test". I'm thinking it's actually quite rare to find companies doing real failover/failback testing in their production environments.
So let me get this straight... If your only copy of your driver's license or other government ID is on your phone, there would be zero chance you could keep your phone locked at perhaps the most important times - during non-consentual encounters with TSA, LEA, etc. Seems like a bad idea to me. Guess you could just refuse to show ID but I suspect that would do nothing than invite more scrutiny. Still going to be paper boarding passes and a physical ID for me.
I've been in that other aircraft. Waiting at LGA to leave, plane after plane in line waiting their turn. We finally got to the front of the line, perpendicular to the runway but still on the taxiway so I could see the line of incoming planes headed for our runway. And then the captain decides to pull onto the apron, still hadn't made the left to point down the runway so my unobstructed view of an incoming plane about to land on that same runway was quite clear. Gear up, nose up, lots of smoke from the engines as he passed over us on a go-around. Bet he was pissed, and I was about shitting myself watching helplessly. Pilot never said a word, we ended up taking off immediately after that, and I'm not how many of the other passengers even knew what had just happened. You fly enough you get to see a lot of strange things.
Agreed, and it's only a matter of time until all of their devices are M1 and the ecosystem really sings.
Frankly, it's refreshing to see Apple, with more money stockpiled than God, finally using some of it in a really thoughtful and strategic way. This project had to be a huge undertaking, and if I'm honest I didn't think Tim Cook had it in him to strategically position Apple for the next 10-20 years. With the investment in M1 (and M2 and M3...) I take it all back. What he and his team did here is a massive long-term win for the company, and I hope it's just the first of many innovations. Goodbye Jone Ive. Welcome to the new Apple.
And the more I see the results of "design on the fly" (pardon the pun) in mainstream products like all of the 157 Microsoft portals, it's clear to me "agile", "CI/CD", and all the other cool buzzwords around this philosophy simply hide the fact that no one is thinking about the end before they begin. At least with waterfall you had to consider what "finished" might look like. Now? It's a dogs breakfast with constantly changing UI, levels of abstraction that make no sense, duplicate ways of doing similar things - none of them well thought out - and generally no cohesiveness at all to the product. And that's just O365, but I've seen it in other "go fast, break things" products as well.
Good engineering and design is hard. Being able to change your mind - and the product - every time it becomes clear you haven't thought something through, or living in your own little world and not thinking about how what you're doing interacts with the larger whole, well, that's easy. It doesn't require thought or imagination and it allows you to keep pushing difficult design decisions down the road until there's no way out but to start all over now that you have some clue what you are doing. How about we just admit that "fast" isn't the end-all. Real engineering, real design matters too. And thinking about a usable end state and what it will take to get there needs to be part of the plan.
I used to work with guys that thought of their designs as something that could be "elegant", and I saw that elegance more than once. Haven't seen it out of this new methodology, and I doubt that I ever will. Now get off my lawn.
I remember years ago speaking with a friend at Intel during one of the many AMD "back from the dead" moments, where it looked like AMD was going to eat Intel's lunch with new CPUs, and my friend said no one at Intel was the slightest bit concerned because they had something AMD would never have - tons of manufacturing capability. The thought was they could simply bury AMD with product. My how times have changed.
In '74 as a youth, I had a part-time job repairing Canon calculators for a dealer. I still remember some of the machines having mechanical delay lines - a rather large tin box soldered onto the PCB, I assume filled with wire based on the schematics - acting as "memory". Didn't hold the data for very long and it was serial in bits, run around the wire for a while, and then serial out bits, but it took long enough to be useful.
Damn, did I really work on that stuff? I haven't thought about that in a really long time.
about this program the more I can't help but think it's going to be another 10+ years of wasted effort to "do something" using yesterday's left-over parts and yesterday's recycled ideas. I really can't fault NASA with the stupid yoyo budgeting and political positioning that changes priorities every regime change, but seriously, can't we have a more ambitious effort than some franken-vehicle that will cost billions, be massively over budget, chronically late and barely able to repeat a trick we performed over 50 years ago?
It is a rebellion - beating these assholes at their own game. Patrick Byrne must be beside himself with joy watching these shorts get taken down, wishing WSB had been around when he was being put through the ringer. But don't worry - all the rules will change overnight to make sure the plebs can never do this again. Got to protect the neighborhood you know, or pretty soon undesirables will be moving in.
Exactly. When I lived on Long Island I was just a few miles away from the Westbury Music Fair. Being able to go to the box office over lunch and buy tickets in person for an upcoming show at face value with no "service fees", "convenience fees", "delivery fees", etc. was awesome. You paid what it said on the ticket and not a dime more.
The exclusives that Ticketmaster signed with venues in the 80's ended any pretense that a ticket was just a ticket. Instead it became a vehicle for anyone who could get their fingers into the pie to extract their vig, with kickbacks for the venues and unlimited power by Ticketmaster to charge whatever the hell they wanted to for some supposed "convenience". As mentioned above by others, I too simply won't go to any event where Ticketmaster fees are involved. Fucking parasites.
Exactly, but as an Apple shareholder I'm disappointed that Tim didn't at least take the meeting to see if there might be a pony somewhere in that mountain of poop. The thing is, no one ever comes looking for a sugar daddy when things are going well. Savvy business people can spot a temporary problem (solved with cash) and recognize an opportunity, and a potential bargain, when others only see risk. But you can't make that assessment if you don't engage. A meeting would have cost Tim nothing but a little bit of his time, so yeah, disappointed he wasn't thinking harder about what to do with that mountain of cash he's sitting on. He pretty much has a fiduciary responsibility to take meetings like that.
Exactly. This incident highlights the spectacular failure of "advanced" threat analytics, heuristics, ML, and every other buzzword claim for catching bad guys by monitoring and profiling good behavior so you know when something is amiss. Think about it: Even after six months in operation, NO ONE detected this backdoor via traffic analysis. It seems FireEye only discovered it tangentially, as a result of their tools being stolen. That means Microsoft, CrowdStrike, Cylance, Carbon Black, Palo Alto, Cisco, CheckPoint, every single AV vendor and dozens of other security monitoring products and services failed in their use of behavior-based analytics to see this change in behavior that started in March. The very thing these services were designed to detect got through without a whisper from any of these products. Who says there aren't three more SolarWinds happening right now that haven't yet been discovered? As I said, this is a spectacular failure for behavior-based systems monitoring and I sure hope there's a lot of soul searching going on at these companies, because if this is the best our industry can do, we're sunk.
Right now, a whole bunch of people who should know better need to be asking why their Solarwinds server ever had internet access. Including, and maybe especially, FireEye.
It's one thing for your server to get compromised by a signed piece of malware - and yes Solarwinds, you have some 'splaining to do, but if you've allowed your Solarwinds server to access the internet then you made the C&C connection that causes all the damage possible.
How did you get so lucky? All of my VMs (built about a year ago) in a 6.7 environment have it installed by default. You really don't see the USB xHCI Controller installed when you look at "Other" hardware in the UI for for any of your VMs?
Update: Just created a new Windows VM and the USB 3 controller is enabled by default.
I don't know the point for the Linux version, but for Windows it's part of the MS ecosystem with GPO configuration, somewhat tighter security controls (PUA blocking/SmartScreen, etc.) and IE mode because we cannot dump the need for Java in the browser (thanks Oracle EBS). So for us, it's a way to force people off IE, add some additional configuration control and security, and keep running legacy crap. A better Chrome than Chrome - just barely.
Been doing the reset thing too for as long as I can remember, but you're not discovering that setting with going to look for it. On one hand I'm glad it's there, on the other I'm disappointed that Apple buries it. And it they are removing it in ios14 then all the talk of privacy is just that.
And sadly, Ride Austin (a non-profit) just folded due to the pandemic. The drivers loved working for them - they made more money than with Uber or Lyft, and the company had a lot of "firsts", like allowing female passengers to request female drivers. So sad to see them gone.
I got to fly to/from Mexico City/Orlando in the cockpit of a 747 at the invitation of a KLM check pilot I knew. What an amazing experience. But it was so odd - it was like you were flying the cockpit - like the rest of the plane behind you wasn't even there. One of the landings was manual and one was automatic in crappy weather. Tossup on who did it better. :) Still, what a great experience never to be had again.
Long overdue. Apple, please go back to FUNCTIONAL design. I'm typing this - more like trying to type this - on a MacBook Pro with a barely usable keyboard because Jony cared more about thin than usable. And that's just one example of his broken obsession. I hope his last design on the way out the door is the consulting deal with Apple - all appearance, zero functionality.
You had an usual way with words Andrew - and not always in way I could understand. Many times I'd have to read a paragraph or two more than once to figure out what it is you were saying, but nonetheless, it's this diversity of style that makes a place like The Reg unique. Hope whomever follows you will have the same passion you brought to your stories, and will be just as inclined to kick the hornet's nest on a regular basis (copyright anyone??). Good luck!
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2021
