At Just the Time
This is exactly when you'd expect the Chinese, Russians, and Iranians to hit it for maximum chaos. No surprise there.
216 posts • joined 18 Aug 2011
Older workers generally have better job skills, better planning skills, and better personal skills (on average, there's always that guy) than younger workers, so this comes down to two things:
- Cost: You can pay younger workers less
- Abusability: Young workers are just willing to completely exploit themselves with crazy (usually unpaid) overtime for the supposed good of the company. Older workers have learned their lessons and are less likely to put up with that.
At some point in the hiring process you're going to run into the first problem, if not the second. Though at the end it sounds like he's admitting this really only will work for low-skill fixed price positions.
Book projects generally work out, and physical game projects (though there have been a couple spectacular failures) because producing books and boardgames is a mostly solved problem.
On the other hand, producing an unproven gadget is incredibly risky (as are video game projects). First, making prototypes is fun and easy. Making a production ready design and production line is anything but - suddenly you have to worry about whether that hinge can open 50K times without breaking. During R&D you just swapped out motors when one burned out - you can't do that now, all motors have to keep working. Oops, that molded plastic you used scratches really easy. Finding, characterizing, and fixing each of these things takes time. There are just dozens or hundreds of slow, tedious issues for anything you want to productize. As an engineer I've done it lots of times and it's always miserable and more work than you expected.
Second, if you get enough orders to require third world production, dealing with China is a major nightmare - I haven't had to deal with others like Vietnam but it's probably not hugely different. You might naively expect you can give them the BOM (Bill of Materials), Solidworks files, and instructions. Oh no. First you have to find someone to deal with. They will all promise you to the world. Then there will be lots of flying and calling as you laboriously explain various things and realize they haven't really understood or looked at your schematics, and they will explain to you they can't get these parts, or this part can't be manufactured like that. Lots of expensive prototypes and production test runs.
Then, and this is the worst part, even when things are working perfectly they will decide to randomly swap things without telling you. We had an entire run of printers die in weeks because they quietly changed one of the motors with a cheaper one to save and pocket 5 cents per unit. *To pocket a 1 cent saving per unit, a Chinese factory owner will happily make changes that can kill people* - I've seen it happen! They will be completely lax on quality control because they can use cheaper/fewer workers and send you batches with half the units defective. They will run your production line to make no-brand Chinese knockoffs they will sell cheaper than you. They will sell your design to other Chinese companies and prioritize them so the knockoffs are out before your product. The only way to deal with all this is to keep a manufacturing expert out there all the time to babysit - and best if they speak Chinese. Do you know someone like that?
So with all that, never back a gadget product unless it's a VERY minor refinement of an existing shipping one. And even then, why not just wait for it to be sold as a real product? So you didn't save 20%, one failed project will wipe out five of those.
How the heck can a save file run arbitrary code? Well, I haven't looked at this vuln in detail, but there's a known class of exploits that affects almost any framework that allows you to deserialize arbitrary classes, like PHP, C#, Java, Ruby, etc etc.
- Find a class in the program which does something in its Dispose() method (called when the object should release its resources), say the HonkBonk class.
- If the Dispose() method includes a callback, you're wide open, but there are several things you can exploit.
- There are a lot of .NET classes too, you can abuse those as well as the program's own classes.
- In your malicious save file you put a saved object for the HonkBonk class - for the callback field, put a lambda with your arbitrary code.
- Program tries to read the SaveData class from the save file
- Instead of the SaveData class, the BinaryFormatter sees a HonkBonk object - it creates it (it's a known class!) and reads the fields into it
- When the program tries to cast HonkBonk object to SaveData class, this fails, so you get a cast exception.
- The HonkBonk object is 'lost' (there are no references to it)
- The HonkBonk object gets garbage collected
- Dispose() is called on the HonkBonk object
- Your arbitrary code is executed
- * HONK*
You can use the SerializationBinder in .NET to stop it from attempting to handle completely arbitrary data.
'Creanova said NordVPN knew the remote management system was installed and that NordVPN failed to lock it down. NordVPN claimed it had no idea this God-mode-level access was present in the box'
I know exactly how this probably happened, been there before. Someone from NordVPN wanted access to the box to debug or install something and used TeamViewer / VNC / whatever. Then they finished and didn't remove it. 'NordVPN' knew, but only that one guy knew - and he forgot. And nobody else at NordVPN had any idea. So you've got an old version of [remote access program] sitting there and someone compromised it - for instance, remember that big rash of TeamViewer hacks about two years ago?
Has WPF gotten to the point where you can just slap together a simple utility like WinForms? I know you can make stuff prettier with WPF, and there are some database-driven scenarios it makes easier, but the Java-like amount of crap needed for simple stuff, like 14+ lines of code and/or XML just to change the color of a DataGrid cell made it painful for doing simple things. Basically, it was Enterprisey. But that was years ago.
That's the wrong response. You have to make sure that if there's some STRONG assumption in your code, like the ordering of files, that you enforce that.
If you only run the same hardware and OS every time then you might miss that it's completely wrong because you're making the same wrong assumptions every run.
If your algorithm really depends on random files being loaded in some specific order you had better make dang sure you sort those file names before loading.
I think this has less with what OS you're using and more with how you copied the files into the directory. If you unzipped a file you will always get the right results, because the files in a zip have a fixed order, but if you checkout the files from your repository, or checkout then copy them to a directory the order may be semi-random.
For instance they claim Windows 10 worked right here, but I know from experience that python glob on Win10 can return a different order depending on the real (non sorted) order of files in a directory. They just got lucky when they did it based on how they got those files there.
If you're wondering how they lose $600M of stuff in just 13 minutes, I do vacuum engineering work (as one of the hats).
Generally a setup like this is miles and miles of 'robots'. Not humanoid, but hexagonal with a chamber on each side. Each chamber exposes the wafer to things to build it up (gold), things to etch it, things to cure it. You roll up some wafers, the robot in the center moves one into chamber 1, does a process, then moves it from 1 to 2 and puts a new one in 1, etc, till all of the wafers have gone through the station and are ready for another combined process at the next station.
Critically a lot of these processes are done at low vacuum (like 10 mTorr) and often with toxic gases or worse, pyrophoric gasses that explode on contact with normal air, like silane. Everything is closely timed, and you have to carefully maintain 1) the pressure of the chamber, 2) the rate of incoming substance(s). If you cure the wafers for only 3 minutes instead of 5, you lost the wafer. Now into this happy little juggling act you throw a power loss.
*Honestly, it doesn't matter whether you lost if for 13 minutes or 13 seconds, you're done.*
Your CDGs that measure pressure generally take two hours to get back to correct internal temperature, so they're reading wrong. That doesn't really matter anyhow because your valves failed and you either put not enough gas into the chamber or way too much. If you put way too much in now your chamber is contaminated. And your vacuum pumps all failed, so you lost pressure control. The turbo pumps spin at 75000 RPM and can't handle any amount of thick gas, so maybe you bombed them (shattered the fans). The computers controlling these don't like being hard powered down.
Worse, and this is low probability and means you designed something wrong, but if you got too much silane and it contacted air because your pumps are down, maybe your robot caught on fire. Probably not, but either way you have to check all your turbos, open up all your robots, remove the destroyed wafers, clean your chambers. Oh, and now you need to recover all those process computers.
Because the PS3 controller is a better controller, duh. That was the perfect controller, then they stuck that stupid touchpad on the front (which is now relegated to being a big map button for most games), made the 'options' button a pain in the ass to use, and taped that annoying LED glowstick to the back of it.
It still boggles me that so many people run without an ad blocker. It makes the entire web so much faster and cleaner, besides being safer. It's just basic hygiene.
Of course it's just that people don't know how to install extensions and FF/Google aren't going to cripple their revenue by installing one by default.
Latest version of Dragon Dictation - which works fine - will still work, you just won't get upgrades.
Once you can no longer acquire it legally, it's perfectly ethical to pirate at that point. Not legal, but 'legal' is corporate bought whoredom and there's nothing wrong with copying software they don't want to sell you. No harm is done.
Of course, things tend to bit rot, so you might want a five year exit plan... if Apple hasn't rolled MacOS into iOS by then or otherwise killed it with neglect.
"as a matter of practice, construction crews should be keeping their cranes and other Wi-Fi controlled equipment air-gapped on a separate, non-internet network with its own firewall. Basically, nobody but crews should even have access to the network, let alone the equipment itself .. if everyone is doing their jobs right a real-world exploit would be extremely difficult to pull off."
Ahahahahaha... ha... *sob* ｡ﾟ･（>﹏<）･ﾟ｡
Even hospitals don't bother securing their networks and critical equipment properly. The security hygiene I've seen at construction companies could be compared to going condomless in Haiti while suffering from open sores and lacerations, and then rolling around in a sewage ditch for good measure. Nobody is doing security right because that would cost money for a full time guy who knows what he's doing. And then they'd have to tell him when there was new equipment instead of just throwing something together with all the defaults.
This post has been deleted by a moderator
Love it... And the lyrics actually work real well.
Come crawling faster
Obey your master
Your life burns faster
Obey your master
Master of Powerpoints
I'm pulling your strings
Twisting your mind and smashing your dreams
Blinded by me
You can't see a thing
Just call my name 'cause I'll hear you scream
Just call my name 'cause I'll hear you scream
They were the best thrash band in the world, period, up to Justice for All. They completely revolutionized metal and rock with their first three albums. Then they realized they could make more money on ballads.
So they had credibility through about 1994 (I'll be generous and give them the black album). After that, forget it.
We can already do this (and I do) with versioned auto-backup. If anything happens I can roll back to 2:30 PM yesterday (or 1:49, or whenever) with a safe boot or boot disk. Of course if BB can actually make an all devices suite that's reliable, has almost no impact on running systems, and reliably easily restores - sure, why not?
Odds are it'll be bloaty, fragile, overpriced Enterprisey crap, but I'm open to looking.
Joking about HP aside for a moment, there's a bit of difference in theory and intent.
The intent, basically, is that the edge computing devices only contain transitory data, while all permanent data is still in the cloud.
You want edge computing when there's a firehose of locally generated data, like you've got hundreds of sensors hooked up all over your buildings generating video, temperature, proximity, etc etc. What you're trying to do is avoid having to send every byte of data back to the cloud and only send it the *interesting* data.
Or let's say you're doing facial recognition on that video - sending all the streams of video back to the cloud and having the cloud tag faces is silly. Maybe you'd LIKE to have all the video from all the cameras, but if you don't have the NSA's budget you need to make some tradeoffs. So you'd have local machines which are configured from cloud data then just tell the cloud which people they see and video only for Persons of Interest. Then you keep the streams local for a month before deleting.
This isn't all that different from things we've seen before, but it is different from a local data center in that the local data center is intended to be The Canonical Repository, but now that's the cloud. And if you have a bunch of local data centers that coordinate to be the canonical repository, well that's a cloud.
Yeah, good luck with that. What do you want for edge computing? Great performance with low power in a small form factor, so you don't have to send as much data back to the cloud.
What is modern HP completely incapable of making? Anything that isn't a bloated enterprisey hot mess. Sorry, your edge router's going to need a Xeon, 32GB of RAM, and a 512GB SSD just to run HP's drivers and management suite.
Except for Chrome, Safari, Opera, and Edge.
Chrome is a bloated pig that chokes and dies like an infant with how many tabs as I leave open, Safari is long dead on my platforms, Edge is right out because of lack of extensions, Opera is somehow grossly overfeatured and underfeatured at the same time (though it'd be my next choice), and don't even talk about the Linux only browsers.
You picks your tradeoffs. Which is why sometimes my browser is Lynx.
I still know and use x64 and ARM assembly (and a bunch of 8-bits, but sadly never get to use them) for things like patching binaries we don't have source for and the occasional really timecritical thing - like getting cycle count cheap. It's why I said 'almost nobody' and not 'nobody'. I also know from trying to hire people that that skillset is incredibly rare.
Yes, you may be able to get rid of code pigs - you may have something that does all the Java scutwork for your standard business reporting crap. Progress comes from encapsulating things - almost nobody needs to know asm any more, you don't need to draw your own UI windows, C# has data structures out the wazoo. But you're just moving the work higher, and then the work gets more complex. Maybe in the future database stuff will be so pedestrian it's seamlessly integrated.
But now you're going to need someone to specify exactly what you want - and people asking for things are notoriously, provably, bad at not knowing what they actually want. I remember the last time AI was going to get rid of programmers, and it ran right up onto the shore on this problem (and terrible performance, but we'll assume we have enough horsepower now).
If you assume maybe the generic stuff is good enough for most cases. You're still not going to be able to get rid of the software/system engineers - engineers solve general problems given constraints, and if you solve /that/, you've solved problem solving - and 'no programmers' will be the least of the impacts on society. No deep learning network has demonstrated anything like general problem solving or any penchant for it. If you could perfectly encode every bit of your problem and required software solution in an input and output vector one could understand, and you could do the same thing on all existing software to train it, maybe it would surprise you. But software is not minor fault tolerant like images, and who are you going to get to do that?
Is the ratio of code pigs to engineers 4:1, giving you 80%? Maybe. I find Jeff Bigham's comments more believable. AI will let software engineers tackle bigger and better problems and not worry about the lower level stuff.
Security has never been a priority at Crunchyroll. They even make you use use fecking Flash to view video on their site for gods sake. So they're lucky they got off so easy.
Unless, of course, they've been pwned for months by someone more clever who's still undetected and still has hooks in their shite player...
F2P is a sh#$hole, mobile F2P is an open cesspit, and they hate you.
It's more disturbing when it turns up in premium games, because you paid for the game. As others have noted, though, this used to be much, much worse in the 90s.
And of course AR is going to be living hell. People have predicted that since it was conceived. There's nothing other people can't ruin.
A mediocre (not bad, most are just mediocre) programmer can chug through a clean standard and implement it without doing too many bad things. But when you hit them with a terrible spec they just get completely frustrated and throw their hands up and do whatever just to make it 'work' because they're overwhelmed and confused. Can't get this to work properly? Let's just have it run arbitrary commands.
I've seen this personally with things like people implementing the terrible (and terribly named) 'Simple' Network Management Protocol - mostly with the MIBs and lack of transaction support. These guys had produced decent SMTP code, but I just had to throw their SNMP code out.
Obviously good programmers would do better, but even they make mistakes when the protocol is a nightmare. It's not the only factor, but it's one of the compounding factors.
The problem is that Bluetooth just wasn't designed for anything nearly as complex as what it's doing. It was just supposed to be wireless RS-232 (serial port) for a single un-encrypted point to point audio link!
Then, since it was there (oh hey, we've got a wireless data stream?), people just started cramming more and more 'features' and s@#$ into it. So it was never designed - it was accreted. Obviously parts were designed, but that's no substitute for a system vision. And once you get an industry consortium involved it just explodes in complexity as they all try to parasitically infect the standard with their own internal protocols / standards, and often succeed.
Given all that it's stunningly, stupidly complex for no good reason. One of the worst protocols I ever had to work with and a security nightmare (because, like Flash, it wasn't designed with security in mind) There are tons more exploits lurking in the stacks.
Why does everyone still use it? Because it's an existing cross-platform standard (chicken and egg), and it mostly works if you beat your head on it enough.
Biting the hand that feeds IT © 1998–2020