Posts by FeRDNYC

Re: please America .....

It's "literally" killing me, the accelerating pace at which misunderstood / misheard cliches are coming to mean exactly the opposite of what they used to mean.

"Cannot be overstated" is the latest I've noticed. Not appreciating how the phrase subtly creates a superlative by denying the possibility of excessive praise, #KIDSTODAY are more and more bastardizing it into "cannot be understated". Which, again, is exactly the opposite.

So they think they're saying something akin to "should not be understated" or "must not be understated", when in fact they're insulting whatever it is they're trying to compliment, by claiming that any praise at all Is undeservedly excessive.

(And don't get me started on the verbing. Verbing weirds language.)

Re: Is this really the priority?

Is this really the priority?

Well, it's the priority of that site, because it was built for the sole purpose of combating vulnerability misinformation. Which is to say, it's not occupying space used for any other purposes, or pushing out any other type of information -- so it doesn't really seem to be a question of prioritization. There's nothing more important for the hacklore site/team to focus on instead of this.

And in terms of overall priority within our collective lives and attention, I guess it comes down to, "people can think about more than one thing". Is it the highest-priority issue facing the world right now? Obviously not. But is there so much else going on that we can spare no time for this? I would argue, also no.

None of the things they're talking about are entirely wrong, and most is entirely correct. However, I have to question whether dispelling some "myths", some of which I would rather characterize as "exaggerations", is really going to help much. For example, I think they're right that there's no history of actual attackers using public USB ports in their attacks; it's too unreliable. Is there really much effort going into telling people that this does happen, and is correcting that misconception something we need to spend time on?

Well, there I think it is about priorities, because people can only do so much to keep themselves safe, and any time they waste on meaningless, folklore protections against imaginary threats is time that could've been better spent preparing for actual threats. Not to mention, when it comes to physical vulnerabilities like USB connections, there are entire cottage industries springing up devoted to selling woo "defenses" against this kind of stuff. Helping people not waste their money on bullshit security products is a noble undertaking, IMHO.

Also, I don't think end users are the sole audience for the site or its messaging, possibly not even the main audience. One of its purposes is surely to educate the journalists who perpetuate exactly the sort of hacklore that prompted the site's creation. If they can stop the endless flood of misinformation, end users won't need to be disabused of those wrong-headed notions as much.

Re: Trump and his supporters

I've known and worked for other people like that, yeah.

A mutual acquaintance of one of them asked me if the person in question and I were friends. I told him, "We've worked together, and we're friendly enough, but we're not really friends. Which is probably for the best. I've seen how ____ treats his friends. I can't take that kind of abuse!"

That is about the most Compaq thing I've ever heard.

Re: Which side of the pond are you?

...You can freeze eggs?

Re: Interesting, I guess

Now, that's just false. The reason ext4 was never embraced on Windows is the same reason every other non-Windows filesystem was never embraced on Windows: It was a bad fit for Windows files.

Adding ext4 (or HFS+ or ZFS or...) drivers under Windows would've left you with a case-sensitive filesystem without support for legacy DOS 8.3 short names, two things bound to confuse Windows users if those volumes were mixed in with NTFS drives.

(Linux can use a case-insensitive filesystem like NTFS case-sensitively without any real issues. You just say that a file named "Document.txt" doesn't also match "DOCUMENT.TXT", even though it would on Windows. But it doesn't work so well in reverse. You can't easily bring a case-sensitive filesystem into a case-insensitive environment, because that filesystem might contain BOTH "Document.txt" AND "DOCUMENT.TXT" and the case-insensitive system can't easily differentiate between those two completely separate files.)

So Microsoft or any native partner was never going to add ext4 support to Windows. And the open-source Linux developers, for the most part, had neither motivation nor inclination to do it themselves, because why?

Re: No one would complain about AI bug reports

some of them will be bugs they already know about but aren't important enough to bother fixing (like "application crashes inside the function shutdown_on_error()")

I wish that was a joke, but the Lua team regularly gets fuzzer- or AI-originated bug reports along the lines of, "It's possible to crash Lua by doing ______ using the debug library."

To which their response is always (but in far more polite terms than I think are warranted), "DUH!!! It's the debug library, OF COURSE it can crash the interpreter. The whole point is that it gives you access to unsafe things!!"

But still the reports come, because people with fuzzers are the skript kiddies of this decade. Their good intentions don't count for as much as they might think, absent any sort of critical evaluation of the bugs they're blindly submitting.

Printer memory was particularly obscene, especially back when it required proprietary daughtercards instead of standardized modules.

I remember always wanting to get a 512K upgrade board for some HP laser printer, which would've brought the memory up to a whopping 1MB but, crucially, would've been enough to do full-page bitmap prints at full resolution. I could never justify it, though, as the expansion board cost SEVERAL hundred dollars.

Re: My code doesn't compile

Yes and no, Literate Programming fanatics talk about embedding code In documentation, and formatting that documentation richly, but they still took a coder's view of how that was done. The documentation was written in source form (typically using TeX), which is kind of the exact opposite of writing code in Word.

Any documentation system can allow rich markup in doc comments (Python supports ReStructuredText markup in docstrings, and Doxygen can interpret MarkDown), but you're still writing the source for that rich text, which may eventually be rendered more elegantly.

I don't think anyone has yet come up with the WYSIWYG code editor that would allow you to edit that markup without delving into its source. And, of course, unless you're using something like LaTeX your markup is a lot less flexible than Word. (No margins, no font control or sizing, no text alignment, etc.)

Re: Today..

the early 'freeness' (as in 'without obvious renumeration' rather than 'as in beer')

Wait, no, those are the same thing. "Free as in beer" refers to obtaining something without obvious remuneration.

The other type of free is "free as in freedom". Which is a whole separate conversation when it comes to the internet, especially.

Re: ... or some cosmetically waxed neanderthals

I hate to think what the total cost was.

If it helps any, for that expensive a leased line the service public wasn't metered. If they just paid a flat monthly rate, then the more data sent over the line the LOWER the cost per byte. So really, you were just helping them get more value out of their investment.

Re: I love when they change software interface for the sake of changing it

Automakers also continue to enable "spirited debate" among drivers and/or their national governments regarding which side of the car the driver's seat should be on.

I had a similar experience a couple of years ago in a slightly lower-stakes (but still frustrating) context.

I keep Messages on my phone paired to Google's Messages for Web client, because it means I can receive and send texts using my keyboard and mouse in a web browser, an infinitely more comfortable experience than thumbing messages in on my phone's soft keyboard. (And don't even get me started on the annoyance of finding photos or other media to attach, when it's anything other than the most recent shot taken with the phone camera.) Messages for Web is, honestly, the bee's knees.

But because it's a web client gaining access to the inner workings of your Android device's privileged SMS client, a potential vector for anything from identity theft to exfiltration of all your most embarrassing secrets to out-and-out fraud and financial ruin, they keep the connection rather locked down. The pairing method is fairly robust (scan a QR code displayed by the web client using the phone you want to pair to), and web clients need to be re-paired fairly often, especially when they haven't been used in a while.

At the time this came up, I was dealing with the fact that the rear camera on my phone had just bit the dust, a casualty of a swelling battery that popped it right off the back of the device and rendered it non-functional. Naturally, within 2-3 days of that happening, Messages for Web demanded that I re-pair my browser with the phone.

Which involved scanning a QR code.

Which is hard to do without a rear camera. (It wouldn't use the front camera, and it wouldn't accept an already-stored photo from device storage.)

The punchline was, at the time (they've since fixed this), that method of pairing was the ONLY method of pairing available. Meaning, without a working camera on the device, I was locked out of Messages for Web completely, with my only recourse being to either get the phone's camera fixed, or buy a new phone with a working camera.

I eventually did the latter, and Google eventually realized their system was being a pain in the ass by keeping itself a little too secure, so I guess ultimately the story has a happy ending? "Yay."

It's far more likely that any given member's identity is known only to their immediate "handler" within the organization (the one who recruits them), who's also responsible for assigning them tasks and motivating them to comply by any means necessary (including swatting and other threats). That person has the same relationship with their handler/supervisor, and so on.

All types of information, from members to targets to "clients", tends be highly compartmentalized in these sort of groups. Nothing is ever centralized. That's what makes them so hard to wipe out fully. If they arrest 7 members, odds are good that's one or two low-level organizers, plus the 5-6 people they'd brought in — and except for the ringleader(s), none of them have ever been in contact with anyone in the larger organization.

I'm concerned about the implication that there are contexts where lies should be tolerated.

In what contexts, actually, should we accept being lied to without complaint?

The obvious answer, or at least one obvious answer, is: "When being told a story" -- in other words, in any creative-fiction context.

But that's just a bad definition of 'lie'. A fictional story isn't a lie, it's fiction. And even fiction has to be internally consistent, so a better definition of "lying" in the context of creative output is to violate the internal framework of the fiction. If a work of fiction contradicts itself, that's lying, and it collapses the fictional reality.

And guess what? LLMs do that ALL THE TIME. Even when using them to generate pure fiction, their output has to be carefully checked-over for plot discontinuities, loss of narrative threads, and internal logical inconsistencies. So, even the contexts where it's "ok" to make stuff up, AIs still can't do that in a reliable fashion.

Re: Huh ?

Your servers had optical drives? I suppose most did, decades ago, but it always seemed like a waste to me. A drive that's used once to install the OS, and then never again. (Software installs and even OS upgrades were already network-delivered, at least on our systems, by the mid-1990s.)

So ours were CD-less. Granted, they were mostly 3Com telephony rack systems that couldn't have fit an optical drive anyway. (The control unit had a PCMCIA card slot, its sole concession to removable media.)

What they DID have, tho, was a console command dedicated to manipulating the entire chassis' extensive complement of blinkenlights. (Not only could we flash the lights on whatever blade we needed a tech to pull, but we could even script a chase pattern pointing directly at its release lever. All they had to do was follow the bouncing LEDs.)

"What's a jack see?"

"I don't know, usually a car's undercarriage?"

It is my right to choose what I will or will not respect ;)

It of course is (I mean that sincerely, even if you said it in jest), but consider that certain acts of respect reflect more upon oneself than the person we're disrespecting. I can't speak for you, so I'll speak for myself. Maybe some points will resonate. Others may not.

• If I'm going to espouse a belief that everyone is entitled to their preferred identity expression (gender, pronouns, written and spoken form of their name, etc.) -- and I do espouse such a belief, frequently -- then denying Mr. bider that courtesy would make me a pretty big hypocrite.
• By the same token, if I'm going to ask that people respect the choices I and others have made regarding identity expression, then I need to practice what I preach.
• It's often pointed out that freedom of speech only really matters when it's speech you disagree with. Nobody suppresses speech they like; "freedom of speech" is really a reminder to tolerate speech you don't. Same goes for identity expression. So, whether I find bider's choices or, indeed, bider himself to be stupid or nonsensical really doesn't come into it.
• (An exception is made for cases that are obviously disingenuous and/or mean-spirited. If Marjorie Taylor Greene stands on a stage at some conservative circle-jerk and gets a big chorus of mouth-breathing guffaws by saying some bullshit like, "My pronouns are gun, bullet, and Jewish space laser!", I consider myself under no obligation to respect those choices. Or, indeed, her continued presence on this plane of existence.)
• I am articulate, well-read, and (most critically) have been a BOFH reader since the mid-1990s. So I am very confident that I can effectively convey my utter contempt for Mr. bider and his views without having to resort to cheap-shot acts of disrespect like capitalizing his name wrong. I got this.

Re: Cor blimey!

Not quite a quote if you butcher my American spelling of "metastasized". (You're not using it right, but I know you either don't care or it's quite intentional.)

And, no, "at the coal face" is not at all a common expression anywhere in the US. It is strictly UK corporate jargon from what I can tell. (Though I can't speak for Australia.)

Re: not a waylasnd fan

There is already a skeletal outline for X12.

https://wiki.freedesktop.org/xorg/Development/X12/

I want to see discussion about _that_.

"Last edited Mon 18 Sep 2017 07:52:26 AM UTC" (And I guarantee the actual content is probably at least 10 years older than that.)

People have been talking about X12 since X11R1. The last pre-X.org release was X11R6, and that was back in the mid-1990s.

People looking to replace X11 with something better looked at X12. Then they decided to build Wayland instead.

They also finished the job and released an actual piece of software, whereas X12 still resolutely fails to exist. Primarily because, like flying cars, X12 might sound pretty neat... but once you really start to dig into it, it turns out to be a terrible idea that nobody should want.

X11 IS bad. What anyone thinks of Wayland shouldn't even be part of that conversation. It's objectively bad. It was bad back in the 1990s when it was last relevant, and 30 years of stagnation has not made it somehow better. It's terrible for video, really terrible for animation, clumsily accelerated at best... really, the only thing it has going for it is the inherently network-oriented client/server model. Which is both (a) of no interest to the 95% of users who will never have any need for that entire featureset, and (b) detrimental to its functionality as a local client display system, since every feature that can be seamlessly used over the wire is another feature that has to maintain abstractions that prevent it from taking full advantage of the local hardware capabilities.

(And I haven't even brought up security, which is effectively nonexistent both locally and over the wire. No, Xauth does not count as security.)