* Posts by brotherelf

263 posts • joined 16 Jun 2014

Page:

GitLab versus The Zombie Repos: An old plot needs a new twist

brotherelf

Re: I don't understand the suggestion...

I guess it's alluding to a sort of BitTorrent-ish thing, where you would use some Web3.0 distributed decentralized filesystem. Even the up/down ratio thing finds itself again as storage donated vs used.

brotherelf

Even raising an issue was supposed to be enough to keep it alive. And even then, it would have culled the very very dead wood that truly nobody cares about, not even enough to set up a cron job, let alone move to (gasp) a 5$/mo tier.

Anti-piracy messaging may just encourage more piracy

brotherelf

Re: The "poor" victims of piracy

Yes, but does that session musician actually get a cut or were they given a flat fee cheque for the X hours they actually worked and then sent on their merry way?

I paid for it, that makes it mine. Doesn’t it? No – and it never did

brotherelf

Re: You know you're old when...

There's probably a dozen "maker" projects to build your own with an Arduino of some sorts, but to be quite honest, I'd never give anything that has been touched by my soldering iron control over more than 5W or so, and USB cup warmers notwithstanding, that won't brew you tea.

2050 carbon emission goals need nuclear to succeed, says International Energy Agency

brotherelf

Even in […] the US […] still only a third favor government investment in nuclear power.

Yeah, can I get those 2/3rds split further into "objects to nuclear power" and "objects to government investment"?

California's attempt to protect kids online could end adults' internet anonymity

brotherelf

Re: I can see this working

> There is no need to ever check age again, none of us getting younger.

You wish… They'll say the mechanism has to be robust against lost/stolen credentials.

If Twitter forgets your timeline preference, and you're using Safari, this is why

brotherelf

Re: Ermmm...

It may be a surprise to you, but "I want different settings on small-screen, low-bandwidth mobile and large-screen, high-bandwidth desktop" is a use-case.

brotherelf

Disable Removal of Non-Cookie Data After 7 Days of No User Interaction

That's the "best" wording I've seen since a form asked me whether I wanted to forgo opting out of a voluntary exemption from contributing to the pension funds scheme about 20 years ago. (The only hint to what would happen was that one option said "I realize this deducts from my current salary")

I hope this is a drop-down where both options are labeled "(DANGEROUS!)", at least?

Leave that sentient AI alone a mo and fix those racist chatbots first

brotherelf

AI Test Kitchen

… clicked and was disappointed it's not a recurrence of IBM Chef Watson, which was at least amusing on a boring afternoon.

(For those young enough, Chef Watson was trained on recipes, so you could see what an "AI" would make of "I have some dark chocolate and tuna, where do we go from here".)

Pictured: Sagittarius A*, the supermassive black hole at the center of the Milky Way

brotherelf
Joke

I was pretty confident that the A*-hole would be pronounced exactly the way you'd expect.

(I was also sure that if not the article, then one of the commentariat would have beaten me to this joke.)

Those NitroTPMs Amazon teased now really are coming to AWS EC2

brotherelf
Pirate

No relation …

… with the NitroFoo series of HSMs, Cryptotokens, and custom-refit Thinkpads made by a company in … Berlin, I believe? Somebody might be in for a windfall if they can afford a trademark lawyer.

At last, Red Hat Enterprise Linux 9.0 slips out

brotherelf

Re: Trigger

This. Shortening a previously-announced lifecycle, and by that much, was the deal-breaker for us. Fortunately, we only had approx. two machines on generation 8 at that point.

Thinnet cables are no match for director's morning workout

brotherelf

I call shens.

No way a director would've moved their own desk, they'd have their local PA/grad student/similar minion do it.

Want to support Firefox? Great, you'll have no problem with personalised, sponsored search suggestions then

brotherelf
Boffin

Re: It's as if they're designing it to lose market share

No, Firefox does no such thing. It's the web server sending HSTS headers (which mean "once you successfully https, always upgrade http to https for the next X seconds), an upgrade-insecure-requests CSP, redirects to https on http, or optimally, all three.

(Making https the default protocol if you leave it off in the URL bar is being debated and would indeed be easy with almost no compatibility concerns, but that is something that's happening vaguely now, not "for many years".)

Moscow to issue HTTPS certs to Russian websites

brotherelf
Boffin

:squint:

One of those moments where I'm not sure if the article is glossing over what is commonly understood or doesn't get it. The level of danger a MosCA poses is the same whether you are its customer or not. The danger is that CAs are decentralized in a "anybody can issue anything" way. If you root-trust MosCA, they can issue certificates for anything. "I get my regular certificate from them" does not make that easier or harder, because that process doesn't expose the private key in sane setups. (Yes, I know most CAs have insane setups because customers can't keep two files around for two days and find them again.)

There used to be HPKP, where a site could say "I guarantee my certificates are issued by CA XYZ for the next n days", but that was dead before it got off the ground, because it's only "trust on first use" and requires things like backup keypairs.

And no, don't answer "what about CAA", this is not what CAA does. CAA is verified at issue-time by the CA, it's protecting against social engineering.

A tale of two dishwashers: Buy one, buy it again, and again

brotherelf

Re: Personalised Ads

Country identified. I suspect the meningococcal vax ads are an effect of the MiniHealth just throwing money into the ad slot machine and not specifying target audiences, so you get it if you're otherwise boring enough that sports clothes manufacturers won't bid high enough for the ad spot.

Weirdest ads I've seen were: the candidate for mayor from the next town over, "find a vax near you" ads for a country that's not even on the right continent, and a one-hour DJ set. Seriously.

Have you tried restarting? Reinstalling? Upgrading? Moving house and changing your identity?

brotherelf

Re: Occasionally, you get a straight answer

Germany might have a freshly-dismissed admiral for you.

Phishing kits' use of man-in-the-middle reverse proxies is growing, warns Proofpoint

brotherelf
Mushroom

Yup, the arms race continues.

Expect to see a stronger focus on IP-/Geolocation-based measures, since with a reverse proxy, the server doesn't see the victim's IP, it sees the reverse proxy's.

Machine learning the hard way: IBM Watson's fatal misdiagnosis

brotherelf
Terminator

Re: flights of fancy

I still miss Chef Watson - making up recipes based on a couple of must-includes was an ok way to waste an hour on a lazy sunday, and there's always a chance you pick up something that works based on chemistry you don't know about.

How to get banned from social media without posting a thing

brotherelf
Pint

Re: name generation technique

You mean dilirra is not an exploitative recreational-drugs-to-your-doorstep startup? With the vowel shift and being right between delivery and delirium (or possibly "delivery" pronounced by somebody near alcohol-induced delirium), what a missed opportunity.

Crowdfunding platform Kickstarter planning move to blockchain. How will it work? Your guess is as good as ours

brotherelf

Re: "Faster horses"

This. With all the many many flaws you can point out about the judicial system of many many countries, they mostly in their intent want to do better than "liberty and justice for whoever has 51% of processing power".

When product names go bad: Microsoft's Raymond Chen on the cringe behind WinCE

brotherelf
Pint

While we're sharing these…

… a beer for the people who managed to backronym the Bavarian income tax software (used in all of Germany) to be called "magpie" (Elster, supposedly ELektronische STEuErerklärung). Most humor the taxhum has ever shown.

Bloke breaking his back on 'commute' from bed to desk deemed a workplace accident

brotherelf

Technically that is already the case. The current wording around working from home vs. teleworking vs. working from a home office is very carefully crafted so they don't have to send H&S to check whether window glare reflects on your screen and whether your chair meets ergonomic requirements etc., not to mention things like "can you lock away the computer or otherwise ascertain your kid doesn't install their virus-ridden pirated copy of Doom on the device you're handling business matters on".

A third of you slackers out there still aren't using HTTPS by default

brotherelf
Boffin

Re: Reading between the lines.

… as python-using folks found out a while ago.

Fortunately, that could be fixed quite easily: browsers already send "upgrade-insecure-requests:1" in the request headers if they want that, so you can redirect conditional on that and that wget from CentOS 5 that doesn't speak TLS 1.2 and doesn't know today's CAs¹ will be none the wiser.

Combine with a moderately-sized HSTS and, given that Key Pinning is deprecated, you have a reasonably-good-of-both-worlds.

¹ if that sounds suspiciously specific, it's because it is. Busybox offered a working wget, once I hid the old openssl from it so it would use its own implementation.

If you're using this hijacked NPM library anywhere in your software stack, read this

brotherelf

Re: WTF is anyone paying?

The decrypt process might be better tested than the restore process, though. (What, cynical, me?)

Twitter's machine learning algorithms amplify tweets from right-wing politicians over those on the left

brotherelf
Terminator

Machine learning no doubt has its place, but we're still learning what that place is.

Yeah, I can't help but think that Artificially Trained Stereotyping is more useful if you think of it as trying to figure out the question by getting a series of unsatisfactory answers. We used to think beating a chess master would be a sure proof of AI, until it happened and felt anti-climactic in a way.

We dreamt of crystalline pureness of thought beyond human limitations, deities of our own making that would lead us safely into an ever-better future, while what we get is just as flawed as the human world that teaches it and its anwers are the digital equivalents of hunches. "I believe this x-ray shows cancer with confidence level 57.83643318, but I can absolutely not explain why, and the number will be different for an upside-down picture. Please respect my beliefs."

Electric car makers ready to jump into battery recycling amid stuttering supply chains

brotherelf

Re: "Less than 5 per cent of lithium-ion batteries are recycled today"

I guess at some point they will be too run-down even for home-wall use? (And even if that point is n years into the future, if you expect to need n years to get recycling tech to usefully work, you better start now. Also, competitive strangvantage.)

Me, I'll be over here humming "reduce, reuse, recycle", in that order.

IBM US staff must be fully vaccinated by December – or go back to bed without pay

brotherelf

Eh, it's going to be "My former employer's sociopolitical attitudes made it impossible for me to bring my whole unadulterated self to work."

(What, me dark-gray cynic?)

2FA? More like 2F-in-the-way: It seems no one wants me to pay for their services after all

brotherelf

I will raise my hand and admit…

I looked what particular shade of red #E10600 is. Because Friday. Unexpectedly, the color picker I installed didn't have 400MB of extra dependencies.

I would drive 100 miles and I would drive 100 more just to be the man that drove 200 miles to... hit the enter key

brotherelf
Trollface

"So my urgent 200-mile round trip ended, …

sighed Chris, "with nothing more than to press the enter key".

And changing the BIOS setting, one would hope.

A developer built an AI chatbot using GPT-3 that helped a man speak again to his late fiancée. OpenAI shut it down

brotherelf

Interesting philosophical hook…

If for some plotpoint circumstance, you only had X amount of time to spend with $person, how would you do it?

Imagine your parents close to death, but in an artificial coma, they can be kept, well, from dying. Would you want them to spend a couple years in this kind of statis so they can meet your spouse? Your kids, their grandchildren?

You're on that spaceship with only 45 minutes of transmission before the antenna fails for good. Who do you talk to, and when?

(Probably coming to you as a Amazon exclusive production early next year.)

A speech recognition app goes into a bar. Speak up if you’ve heard it already

brotherelf

Re: Palm glyphs

I bought a m100 when I started uni, as a gimmick. I can even see my copy of the palm os programming bible from where I'm sitting right now, even if today, I'd be much more disappointed with it.

I still think it was an awesome product line that deserved a much better fate. (And I still wonder if there's a wedge in the market to be had for an eInk Palm, either as an ebook reader with added lightweight apps, or as a PDA that frankly would run for months on a soldered-in AAA.)

Oh, and yes, I still fill out crossword puzzles in Graffiti strokes, twenty years later.

Google hits undo on Chrome browser alert change that broke websites, web apps

brotherelf

Re: Chrome is not a browser

That would be the Mozilla Firefox that disabled HTTP Basic Auth for iframe a couple of years back for a version? (They gave much the same bullshit reason: "we cannot figure out a way to show in the UI who triggered the request")

Who would cross the Bridge of Death? Answer me these questions three! Oh and you'll need two-factor authentication

brotherelf

Ah yes, the chimneys.

2021 is the year of Google Robot Santa.

The AN0M fake secure chat app may have been too clever for its own good

brotherelf

Re: So, a backdoored encrypted chat, eh ?

> criminals do not have warrants at their disposal.

Well, unless…

(judicial oversight doesn't scale either, btw)

Seven-year-old make-me-root bug in Linux service polkit patched

brotherelf

_Another_ one of these?

Because we've had "return 0 in error case, oh, what do you mean, that's root's UID" in systemd before… what was it, service units with non-existing users?

A trip to the dole queue: CEO of $2bn Bay Area tech biz says he was fired for taking LSD before company meeting

brotherelf

> Personally, I believe that any mind expansion or mood change possible with street drugs is also possible by other non-drug means - e.g., fasting, meditation, and physical activity. There is long history of such.

Yes. This training is a bit easier if you know what you're looking for, though. (In a "now I know what I can give my consciousness permission to do" kind of way.)

AFAICT, even the proponents of psychoactive substances for mental health reasons don't say this is a pill that will fix your problem – it's possibly a way to make it easier to see things from a novel-to-you angle that will make it easier to do all the other stuff, like CBT, even if your current brain patterns try very hard to keep you in a routine that isn't healthy for you.

UK's National Cyber Security Centre recommends password generation idea suggested by El Reg commenter

brotherelf
Paris Hilton

Re: Mailbox password

Works the other way around, too. I have accounts in some places where I literally don't know the password and don't store it. The company I might order something from once every five years? It's faster just to do a password reset.

(I vaguely recall even The Bruce thinks this is a valid mode of operation, but don't quote me — or him — on that. Also, he has surprising views on on-paper passwords.)

How to ensure your tech predictions catch on in a flash? Do the mash

brotherelf
Mushroom

Re: Future Gazing

Oh, and hipster posters reading "This place is not a place of honor… no highly esteemed deed is commemorated here… nothing valued is here." which is a very interesting, if nerdy, rabbit hole to do down.

Easily distracted by too many apps, too many meetings, and too much asparagus

brotherelf

Re: wild asparagus

Ah, the "self-contained remote control slash". (I was very confused when that sentence didn't go where I thought it would.)

GPS jamming around Cyprus gives our air traffic controllers a headache, says Eurocontrol

brotherelf

Re: The blocker needs a present

Well fortunately, most legitimate GNSS signal sources are higher up. (I'd be totally unsurprised to hear of rogue jamming sats in orbit, though.)

The sooner AI stops trying to mimic human intelligence, the better – as there isn't any

brotherelf

Ah yes, Artificial Stereotyping.

It might be good for writing romance novels and sci-fi pulp, though? (Or at least as good as the current crop of acute adjectivitis.)

You want me to do WHAT in that prepaid envelope?

brotherelf

Re: Happy with a mouse..

Yeah, fine motor axis parallel is a bit difficult, and I curse people who stack their menus three levels deep.

The original (W95? 98?) drivers for my Trackball Optical had a setting that let you set the y axis at a not-90° angle to the x axis to help with that. (Say what you will, the old MS peripherals are pretty sturdy. I think my TO is old enough to vote now and still runs like a champ, as long as your fingers provide a bit of grime to keep it running smoothly.)

Housekeeping and kernel upgrades do not always make for happy bedfellows

brotherelf

Re: Delete is written rename

My boss agrees. All his cruddy perl scripts have the passwords right in the code, hardcoded next to the database name.

How do you save an ailing sales pitch? Just burn down the client's office with their own whiteboard

brotherelf

Re: " 220V on which South Korea operates"

Things even went iffy a couple of weeks ago. For values of iffy being "frequency went 0.3Hz off spec": https://www.entsoe.eu/news/2021/01/15/system-separation-in-the-continental-europe-synchronous-area-on-8-january-2021-update/

I'm so glad all I manage is a bunch of webpages for entitled academenteds and not power plants.

Transcribe-my-thoughts app would prevent everyone knowing what I actually said during meetings

brotherelf
Pint

Re: 10 minutes

I didn't know my company has mainframes!

Dnsmasq, used in only a million or more internet-facing devices globally, patches not-so-secret seven spoofing, hijacking flaws

brotherelf
Joke

We see the Golden Stream decision is having an effect.

"Red Hat […] and major Linux distributions." Bwahahaha.

Over long US weekend, GitHub HR boss quit after firing Jewish staffer who warned Nazis were at the Capitol

brotherelf

Re: what symbols?

Even the 1.0s claimed (their take on) germanic/norse culture, such as runes, so yes, quite empathically, yes.

The CIA's 'entire' collection of UFO records has been made available for you to sigh at

brotherelf

Re: multipage .tiff files

Well, I can see how he'd prefer PDFs with redacting rectangles just superimposed over the text that is still in the file.

'Following the science' rhetoric led to delay to UK COVID-19 lockdown, face mask rules

brotherelf
Joke

Ministers have switched back and forth between alarm and reassurance, while failing to drive home

Well, Margaret Ferrier and Dominic Cummings did that for them…

(Meanwhile, in "not all people are idiots", Kramp-Karrenbauer actually camped in her MoD office in Berlin instead of driving all the way across Germany to self-isolate at home.)

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2022