Re: "the result of 40 years of technology"
(More than) 40 years ago, we had Unix, VMS, and various other operating systems including networking and email. Definitely more than a program loader and power outlet ...
204 publicly visible posts • joined 6 Jun 2007
These 6.2% + 1.45% payroll taxes are *only* for Social Security and Medicare. I.e. the equivalent of UK National Insurance tax. People also pay regular income tax at the Federal and (mostly) state levels. So the overall total can be ~ 40% here as well.
Overall, the max rate for California is actually about the same (45% for UK, 37% federal + 12.3% for California ~= 50%). But the income thresholds are higher, so at the income where the UK 45% rate starts, California would only be at 32+9.3%. But this is still not much difference.
The real difference, except for no-income-tax states, is that social security taxes are capped at $168.8k of income, so that very high earners pay a lower rate. The Democrats want to raise this cap though, to fix the social security funding gap.
And of course, this does not include pre-retirement medical (employer or individual needs to pay), pension (social security is probably similar to UK state pension, and does not include private pension savings).
There was an article last week with a bit more detail on the cancellation here: https://plus.thebulwark.com/p/jon-stewart-and-apples-low-reward
Notably, although it does seem that worries about political content vs China (and also possibly for some customers at home) may have been a trigger, the show really was not that popular which no doubt also helped the decision to cancel.
Despite The Register's claim in the article the show was popular, it seems the first season of the show was only getting ~40,000 unique views, with it seeming doubtful very many people paid for Apple TV+ just for Jon Stewart. Although the second season apparently improved a bit, for a claimed salary of "tens of millions of dollars" it's not surprising the show would be canceled even if there was no political concern (source: https://entertainment.substack.com/p/over-140-of-the-biggest-tv-show-flops?utm_source=%2Fsearch%2F%2522jon%2520stewart%2522&utm_medium=reader2).
The bigger concern (even though this show seems to have deserved cancellation) is that TV is a very small part of Apple's empire, and therefore they have no incentive to take any risks that might damage their business elsewhere. Having broadcast media as a small side gig for larger companies is really not great for honest reporting, but there were probably other reasons as well for this specific decision.
I don't think this was a data center DR issue.
Instead, cancellations meant that aircrew and aircraft were in the wrong place, so each flight crew's schedule which goes from A->B->C->D->etc. ended up with a broken chain, breaking all the flights downstream.
The problem seems to have been the old scheduling software which apparently needed updates entered manually, one-by-one. And nothing in the software that allowed it to solve for: "Everything is scrambled. Find a set of flights to reset the system to start again cleanly the next morning".
It's not clear that point-to-point can't work with better scheduling software, especially since pilots often fly point-to-point multi-city routes for other airlines as well. But DR does not only cover data center failures -- an airline also needs "How to get from a state with everything messed up in the wrong place, back to a clean start-of-day state".
Re: "No, you cannot grant FDA to something like ls(1) or other commands - or any scripts that you might write - at all. It can only be done for a properly notarized "app" written in a specific way."
I'm pretty sure you can, at least I was able to do this for a rsync/perl script I use for backups. It looks like I have "cron" and "rsync" in the full disk access list for this.
Of course this does probably mean that any user of rsync can access the full disk :(
The end user does need to go in and enable FDA manually, not via app deployment though.
Exactly.
There is (or used to be) a content authentication tool for Canon (and probably Nikon) that could be used to prove in court that an evidence photo was unmodified after being taken by a camera.
It does seem that those tools were hacked: https://techcrunch.com/2011/04/28/both-nikon-and-canons-image-authentication-systems-busted/
Presumably Adobe hopes their system will be more secure.
Indeed. The Canon 10D was arguably the first "good" DSLR in 2003 which resulted in most of the photographers I know switching from film to digital. Canon was also the first to introduce a widely adopted full frame DSLR (5D) IIRC. Probably lots of people on Canon based on this, so can't blame Canon for trying to ignore digital.
The question going forwards may be whether those people buying DSLRs stick with 35mm formats (good for Canon) or go with something else such as micro-4/3 in order to get a lighter camera and lower cost. Maybe also which of these companies can share the semiconductor R&D across enough sales because of the complexity being higher than film.
It does seem that the non-Canon companies are trying to bet on non-35mm formats. But even for micro-4/3 Olympus seemed to be more expensive than Panasonic or other options, so maybe this prevented them getting enough traction.
(Speaking as someone with Panasonic/Leica micro-4/3 gear because the Olympus OM1-D was too expensive, and Canon DSLR gear no longer heavily used because it's too heavy for travel and too expensive to justify a new full-frame body.)
Mac uses can merge multiple PDFs with Preview, built into the OS for free. ("Free" after the cost of the Mac at least).
Several commercial companies use non-Acrobat alternatives for PDF handing, in part because of wanting less bloat than Acrobat as well as the price.
If I order a minicab taxi by phone, there's a drive-to-pickup time in that case as well.
For both the minicabs and Uber/Lyft, presumably they can try to optimize to choose drivers who are already close to the ride where possible to reduce drive-to-ride costs. And for airport pickups the ride share drivers are presumably already heading to the airport.
The fact that Uber/Lyft are losing large amounts of money despite not paying employee benefits does seem like an issue for them ...
RE: "LE wanted the shortest validity time to reduce risks with temporary hijacks or expired/sold domains but compromised on 60 day renewals to reduce load, with a 30 day grace period to allow for temporary outages and other intermittent failures."
This is nice (and I use LE). But I can't help noticing that the Let's Encrypt Authority X3 signing certificate is valid from March 17 2016-2021, i.e. 5 years.
Not sure if this new 1 year limit from Apple will only apply to the leaf certificate or also all signing certificates up the chain? The latter is potentially more painful.
Exactly. I guess we will see what is actually proposed.
If the solution is that as long as you have at least one modern device then all of the legacy devices can just grab a slave copy of the audio from this one then you would still have whole-home audio, and the modern device can deal with any new audio services and OS updates.
If not there are going to be a lot of very unhappy ex-customers.
I actually doubt this was a cash grab or at least not thought out well if so. I think Sonos are a lot more worried about new potential customers buying Alexa and similar smart speakers. At least this seems to be why there are so many recent software updates which are all irrelevant to those of us who are almost always just streaming local music from a NAS.
Reading the list it's looks like all of my devices are probably legacy... at least it will be consistent.
In terms of audio quality there's a difference between the speakers versus ZonePlayers driving a regular amp and HiFi speakers. In the latter case the ZonePlayer essentially replaces a CD component and the sound seems to match the HiFi component. Meanwhile the speakers are not the same quality... In fact the only reason I have Sonos in the first place was to replace a CD player connected through a 1991 amp and Mission speakers; the sound is the same.
Presumably "no updates" will mostly be a no-op for those of us streaming music from a local SMB server, and only would be an issue over time if services like Pandora change their protocol and/or the local computer running SMB changes it's OS version and becomes incompatible.
Sonos used to have a "Bridge" device to convert from the local LAN to Sonos's private WiFi network, What they should have done in this case is to say that people may need to have one software-updated device on the network that can speak to new-protocol sources, and then this bridge can stream to other older devices on the local LAN. They claim there will be a scheme in May to separate old and new networks so we will see if they do something like this.
Certainly, there's no chance of me replacing all of my Sonos devices unless they come up with a transition plan, and I don't think I am alone.
SmugMug still supports upload from Lightroom Classic. (Speaking as a SmugMug subscriber). The SmugMug galleries are also more flexible than Flickr IMHO which was my original reason for switching.
Can't justify paying for both, hopefully the original SmugMug will continue at least.
I'm actually slightly surprised they didn't try to migrate the Pro Flickr accounts to paid SmugMug and try to drop the free accounts. Maybe they will in future ...
Lyft and I think Uber do have options to book a shared ride where you go with strangers (e.g. they pick up/drop off another person on the way). But most people pick a solo booking. For example this article says 35% of Lyft rides were shared last year: https://mashable.com/article/waze-carpool-app-ride-share-expands/
That particular article also says Waze has started real ride sharing service whereby a commuter can share with a stranger while still driving themselves, in exchange for cash for petrol/gas and presumably being able to use a carpool lane.
The bigger problem with Lyft and Uber is they need to make a profit at some point ...
... and yet almost all of the commercial IC CAD software runs on Linux. Apparently they don't have issues, key libraries are under LGPL, and the fonts are fine.
Probably though this is because these packages previously ran con commercial Unix so Linux is the mainstream successor. Meanwhile other commercial software that didn't previously run on commercial Unix (e.g. Adobe software) don't run on Linux either.
So this is more of a Linux/Unix-family versus non-Linux/Unix split. Not GPL.
Even software that needs to include Kernel drivers such as VMware seems to manage to ship a commercial package without GPL issues.
A plaintiff could perhaps ask the court to get Twitter to unblock the blocked people?
More normally, other presidents (and even this one) have tended to comply with court rulings and/or appeal through the normal court system. But even if POTUS is inclined to straight-up refuse in this case, the request could go straight to Twitter. Imposing a fine, collectable by court order, is another thing the court can do without congress, although unlikely in this case.
Clearly this is not a "high crime" so provided the people get unblocked & no new people in future, this will get forgotten quicky.
Letsencrypt is free and not self-signed. No need for self-signed personal site certificates any more.
It does seem that the problem here is insufficient enforcement of SSL/HTTPS, unless the attackers were able to get fake SSL certificates by using a non-standard CA? The whole point of SSL certificates is that you do not trust DNS because the certificate says "website.com is 111.222.33.44, public key XYZ, signed CA_name". At which point if you trust the CA you should not be using a different IP address from fake DNS.
DNSSEC would be a good idea though, probably.
Re: "Uh, that does not make any sense. Why discontinue the only part of Flickr that produces some income?"
Probably not right now, especially for anyone who has both a Flickr Pro and SmugMug account who they will be happy to continue to bill for both.
As mentioned though, even the cheapest SmugMug plan is $48/year compared to $25/year for Flickr Pro. Do not be surprised if they try to migrate the Flickr Pro subscribers to the higher SmugMug price.
Maybe for Flickr. SmugMug has always charged more money, and is more about customizable websites and higher priced tiers where photographers can set pricelists for photos. If the lens-person's SmugMug site contains password-protected galleries only visible to paying customers then "everyone" won't be able to look for free-to-use images, for example.
Also Flickr Pro was $24.99 per year (plus the free tier) but even the cheapest SmugMug plan is $48/year, with others at $72/year, $180, or $360/year, and no free options. Perhaps this is why SmugMug is the one buying Flickr and not vice versa?
Normally all mergers say "no plans to change", but then after a discreet delay most do in fact change the acquired or original product. For example see Friday's BOFH.
In this case they might mean it though because one of the FAQs says that anyone who has both paid SmugMug and Flickr Pro accounts will continue to get charged for both, so they would presumably lose revenue if they immediately merged the products into one.
Also, the sharing/privacy mechanisms do not work the same way :(
There's also the usage (of whois) for individuals of, for example, "is this acme-service.com website associated with the real company, or some impostor?" But in that latter case you can also look at the HTTPS certificate if the site uses HTTPS and if they filled in name/address info in the certificate.
As for the rest, the opt-in part of Nominet's plan is reasonable (some of the rest may be debatable). Most registrars already offer a "hide registrant info" which personal registrations can use, so big companies that don't use this option are already effectively opting in to sharing, and hopefully other individuals defaulted to hidden. As such, responding to GDPR by saying "all WHOIS registrations move to hide-registrant mode unless people/companies affirmatively agree to non-hidden" seems like an easy choice even though the number of non-hidden whois entries may end up pretty small.
On the other hand whether paid-access-for-others stands up might depend on whether the domain owners opt in?
Lots of times USPS gets used for delivery here. There's no specific way to choose one delivery service or not, except indirectly by changing delivery time.
Presumably Amazon picks whichever bids the cheapest price between UPS versus FedEx versus USPS versus their own delivery service. But also sometimes UPS packages also end up going into USPS for final delivery - apparently it's sometimes cheaper to do this than to send a UPS truck round.
But if you're ordering items that need signature this may restrict you to not-USPS. Or this may depend on where you live -- some locations may always be cheaper via UPS?
Local password protected backup -> restore new iPhone from local backup has worked every time for me. No need for cloud, and all the same contacts are present with no need for a cloud backup for this case at least.
Now iCloud is useful to keep multiple devices in sync, but even then there's no reason why this cannot be just a per-user backup rather than being data-mined and combined with other users' contacts, which I suspect was Tim Cook's comment.
People using BIND as a DNS server can set up "views" so that DNS results depend on where the query comes from. For example the following can return different IP addresses for a query depending on where the query comes from:
view from_internal_hosts { ... };
view from_external_internet { ... };
Seems like this would be fundamentally broken if Firefox ever makes TRR an official feature, quite apart from the privacy concerns. Better to just make DNSSEC enabled and secure?
The article is misleading, in that if you read the attached policy document it's titled: " .... Requirements for H -1B Petitions Involving Third-Party Worksites".
So this is only for "third party worksites" and seems like it's targeting outsourcing agencies (arguably correctly) and not companies that employ H1-B people directly.
I guess it's possible the agencies will get round this for outsourced support jobs where people work full-time at the outsourcer's office, but that won't work so well for outsourced engineers. And/or it may limit direct employees such as application engineers who spend time at customer sites. But it's misleading to imply this is targeting all H1-B's.
Last time I applied for a mortgage here the bank required permission to get the IRS to send them a copy of recent tax returns (note: not me giving them a PDF or printout of the return). If this bank had done the same they would presumably have found out exactly whether the income matched, not just relied on a PDF or printout that the applicant might have edited.
Re: "Acrobat Professional allows some editing (sorry, I didn't use for some years, so I might not be up to date"
The full Acrobat has an option for "convert this PDF back to Word", in fact. You can't convert back to other formats such as Excel or PowerPoint, but back-to-word works locally.
RE: "Chinese companies have been openly infringing copywrite products for decades. No companies have openly won any lawsuit against them. So why start now?"
I suspect this would be tariff barriers, not copyright (or patent) lawsuits.
To be honest several other countries have started with memory chips when building up local semiconductor fabs. Including Japan in the 80s as mentioned above, South Korea, and others. Even Britain's Inmos started with DRAM and SRAM as easier to get working first before logic. So working on local DRAM/NAND capacity is not a surprise.
Whether China succeeds in hurting other suppliers depends on whether their DRAM and NAND is cheaper than the existing companies which depends on who can keep in the lead for the newest technologies.
AT&T is already in the high speed Internet space.
The complaint is that if they gain ownership of HBO, Warner Brothers (movies/TV), and the Turner channels then they can then hold other TV competitors to ransom by demanding higher channel fees that get passed on to consumers. Also (in the complaint) that they could make it more difficult for TV-over-internet services like Sling to compete in future.
The antitrust complaint actually has some merit, since allowing content companies to merge with traditional TV/cable providers just at the point that cord-cutting alternatives are becoming more common (thereby kneecapping the cord-cutting companies) seems like a bad bet for consumers.
Agreed.
Charge HR needed replacement because of bubble unglued from strap after 6-9 months. Then a second one failed the same way and got replaced by Charge 2, and it failed after ~ 3 months because of the charger dying.
I want to like FitBit, but if these quality issues are common it can't be helping the losses :(
The batteries that ran out were for the locator beacon.
If the actual data storage for the recorders is in Flash memory then it should last a few years, at least assuming no damage to the IC packages letting in water or from mechanical stress. The AF447 recorder was recovered after nearly 2 years, for example, and cold water would tend to slow down leakage of data from the flash cells.
I do agree about the remote chance of finding it though. Someone may stumble onto the wreckage later, but as you say it's also possible it will be covered by a layer of silt and therefore eventually invisible. And it's suspected that the voice recorder wouldn't tell us the original cause anyway since it would not include the start of the flight when the unexplained maneuvers started. Similarly the data recorder may also just include running out of fuel at the end followed by descent :(
Hence the decision not to spend another $100M on an uncertain search seems understandable.
Kansas tried the same tax cut for "owner-operated businesses" 5 years ago, as well as other tax cuts, and it was an epic failure (nationally reported) that needed the taxes to be put back up this summer to pay the bills.
None of the claimed better growth materialized (performance was actually worse, if anything), except that many rich people avoided tax because of the same "small business" giveaway mentioned by Doug.
Hopefully the non-rich people whose taxes would rise with this week's republican proposal will sink this plan.
Short answer: the question is ex-felons, not felons.
There are 9 states (including Virginia mentioned here) where felons don't get their voting rights back even after they are released and finish probation. So these ones would vote normally if they were not forbidden. 3 of the 9 states have small print automatically restoring first-time offenders or "minor offenses", but the general restriction applies.
Most of the rest do restore voting rights after release (15) or after parole (28). There are only 2 that apparently allow votes in prison (Vermont and Maine).
RE: "Yes, but how often does that happen? Usually VMs are used as an easy way to manage multiple large applications or user enviroments on Windows platforms since Windows itself isn't very good at it."
There's also this thing called cloud compute where people want to run VMs securely, no ...?
VMs are different from multi-process OS's -- If someone wants to run a RHEL5 user process but the kernel is Windows or MacOS or a different version. I.e. you need a multi-kernel "OS", which what the VM gives. Executing most instructions natively should be fine as long as dangerous instructions are intercepted.
In this case native/emulated does not seem to be the problem. Instead for SVGA at least, the issue is that to implement graphics for a VM running on desktop Fusion/Workstation you need code running in the hypervisor pretending to be real video hardware, possibly also different video/network drivers in the VM guest as well (e.g. "vmnet" instead of hardware ethernet). It looks like this code that emulates the SVGA hardware had the security bug.
Re: "If you sell advertising/software/etc. in France, that revenue accrues to the French subsidiary, and can't be funneled to <somewhere else>"
I think you meant "that profit accrues" but that's the problem - you sell some software for 100 Euros in France and the French subsidiary internally pays it's Irish subsidiary 99.99 Euros because the company says the software IP is "owned" by the Irish subsidiary. Hence only 0.01 profit in France and low French taxes on this 0.01.
Fixing this in general requires honest intra-company pricing which is hard to enforce, although countries could prosecute some cases to encourage honesty.
On the other hand if you really meant "that revenue accrues to the French subsidiary" then this is what happens today, so companies can choose which country shows the profit (same as today) or this becomes the turnover tax.
Possibly the right answer is percentage profit tax, i.e. if 10% of a company's revenue is in France then they would page French tax on 10% of their global profit regardless of inter-company accounting. This may be difficult though assuming different countries have different rules on what counts as taxable profit.
On the other hand if there's really no R&D in France then there's less added value and presumably less tax justified.
RE: "Which shows the fundamental flaw in pay per view and pay per click advertising. This type of fraud will continue until the gullible morons who place adverts stop placing ads on that basis."
Not disagreeing there's 'a problem, but unless advertisers buy ads on the basis of "please place adverts on theregister.co.uk, newegg.com, <other specific sites>" then they want some way to charge more when more copies of the advert are displayed. Pay-per-play schemes on Spotify or Youtube have the same risk.
Periodically advertisers have complained to Google about click fraud and demanded that "Something Should Be Done". So there is some effort to crack down, although right now this seems to be just treated as a containable cost of doing business. In particular the fact that the fraud uses a botnet is because it would be a bit obvious if all the fake requests came from the same IP address.