Posts by hayzoos 455 publicly visible posts • joined 2 Jul 2014
Better understood, thanks. No fear opting in, since one can always choose what to keep out of recall. Easier than herding snails.
Gotta love these "Evil Corps." (TM) always thinking of the paranoid and providing ways to ease their worried minds.
Just like Google and the street view WiFi mapping option to keep your WiFi network out of their database by adding a Google unique string to your network name. Too bad it doesn't scale to all would be WiFi mappers.
The whistleblower was left a threatening letter taped to his front door. Detail in the letter intended to scare him was recently updated information which should have been only available from a government database like OPM. IOW threat came from government insider. But with OPM's history and other recent DOGEy events, this info may very well be found outside government.
He states he is hoping others like him in other agencies visited by DOGE come forward as well. Apparently, his lawyer has uncovered information that there are others who have witnessed similar activity at other agencies when DOGE paid a visit.
I do not know for sure, but as a user I experienced something I thought was odd at usps.gov. It was in the timeframe DOGE was invited by former postmaster general Louis DeJoy to review the USPS efficiency just prior to DeJoy's stepping down from the job. I was attempting to login to usps.gov when I recieved an odd message, "their MFA was not working". I expected the login to fail, but no, the login succeded without MFA (TOTP is configured on my account). I had sent a message complaining about allowing account logins when MFA was not working. I cannot remember for sure, but I think it happened again a few days later. Was this caused by DOGE?
There is plenty of natural gas well and pipeline infrastructure in the area, I doubt hydrogen is seriously being considered. As noted in the article, electrical infrastructure is present as well. I am not so sure about Internet though. That should not be as much to establish though.
The coal thing was soo trump 1.0, Trump 2.0 got in on "Drill baby, Drill". Natural Gas & AI, so apropos for Trump 2.0.
Browsers should not be implementing system level services. I use more than a web browser. I have DNS client, no proxy, VPN, and more configured at the system level. I do not want any network capable application trying to override these settings. There should be only one system level certificate store, so dodgy root certificates can be blacklisted thoroughly in one location, not in each and every application.
I checked if I had it installed even before I knew how it behaved. I guessed it was a process monitor of sorts. It was not installed. Then I continued to read the article and subsequently comments. At this point I discovered it is unique amongst process monitors in that it runs in the background and writes log entries as root by default. That to me sounds like the sort of tool to use for troubleshooting and put it away when done. I imagine it may have options for verbosity of logs, running as a lower privileged user, maybe some other neat features. I need to try and remember this one if I have the need. As usual, I would probably RTFM before cutting it loose on a system.
I say good call on the warning. It could have easily been installed and forgotten. Also some OSes may have "helpfully" included it as a standard package.
TLDR; Canon multifunction inkjet seems OK for the moment, Samsung also sold out to HP, I always printed minimally and had unique solutions.
Work: Buyer found Canon multifuncion inkjet fits the bill. My annoyance is driver proliferation, every model variance needs a different driver no matter how similar the printers or model numbers look. Seem to do well otherwise and take a beating.
Home: Current is an old Samsung multifunction laser flatbed scanner (& unused fax) SXC-3405W. It does not phone home and no Windows machine to help it do so. I have updated the firmware a couple of times, but stopped when I found the next would be hostile to non-OEM consumables. That may have been near the time Samsung handed the printer division over to HP. It still chugs along. Early built-in WiFi era printer also has USB-B.
The SCX-3405W replaced a ML-1740 laser only Samsung. That is also still going strong, I just installed a driver in daughter's Windows 11 laptop (she needs Windows for a work software requirement). Win11 cannot find the driver on its own. The ML-1740 has never had a firmware upgrade, I do not know if it has the "feature" of consumer upgrade-ability. The reason I replaced this printer was Windows (I was a user at the time) dropped support for the flatbed scanner I had and the manufacturer played along. USB-B and Centronics era printer. I would still be using it had I not found the printer/scanner at a good price.
Prior I had two inkjet printers which I deemed to be crap, did not last long, so much trouble with ink, not worth the effort just to have color.
Before that I had a 9-pin and later a 24-pin dot-matrix. This is when my printing needs had dropped so low that I had taken to storing the ribbon cartridge sealed in plastic wrap in the freezer. I would take it out to acclimate prior to unsealing and then print, and put it back in cold storage for months or a year between printing.
Way back in my Apple //c ownership era, I sourced a serial interface thermal printer intended for the IBM-PCjr. It could use fax paper or the paper for and Apple thermal printer. A copier would produce an excellent copy from the thermal printout for a longer lasting and not curled document to turn in homework at college.
I have this type of access for my family personal domain. A DNS key is how I prove ownership, I think there are some other options. I don't have to pay for that access. It also does not represent but less than 100 email addresses at most and many of those should never end up on HIBP. It allows me to alert family members when they have been pwned. I decided to do that after they never signed up with HIBP individually. It is for me almost a set it and forget it, until a breach results in any of those addys being in HIBP. I have contributed though, don't like to freeload.
I think there other types of API access with more "features" which would cost more time and resource. Those are the type scummy resellers (Cost Added Resellers CARs not VARs) latched onto.
I was thinking along similar lines. I'm going to be generous and allow that AI can do better than just matching a known image. But that does bring about a question. How is the AI supposed to identify CSAM or anything illegal unless such content was part of it's training? Presents sort of a conundrum, don't it?
I hear an air fryer can complete the task in 20 minutes. Ten minutes in preheated air fryer at 250 degrees F (121 degrees C for those outside the USAian universe). Follow that with 10 minutes in an ice bath.
For the latest and greatest use an instapot, as the name suggests it's nearly instant.
My current machine is my first UEFI and no Wintax. I researched the UEFI quite a bit. I arrived at the following boot configuration: my active kernel is /boot/efi/EFI/BOOT/BOOTX64.EFI which I compile with the config option EFI boot stub enabled and "root=/dev/nvme0n1p3 ro". It started from the Slackware Huge kernel config adding those and other related options plus the custom kernel identifier so nobody mistakes it for a generic kernel. Had I left it there the SSD could be installed in most UEFI machines and boot since most everything needed is in the kernel and residing at the fallback boot file, no initramfs or bootloader needed. But I have been trimming away at unneeded modules and config items so eventually this may only boot a similar model or even just this machine. I keep a true Slackware huge UEFI bootable kernel for recovery accessible from a UEFI shell and some specific versions for troubleshooting reference.
I like lightweight, but functionality is important. Getting the right balance takes some work.
The coverage is for the vehicle. The rating formula factors in the "rated driver" on the policy. Good luck in figuring out the formula. Some insurance companies had considered all driving age people in a household for the rating, even if one or more had their own insurance, even if with another insurance company. I do not know if that is still practiced. Insurance is regulated in the US at the state government level.
None of that has anything to do with NN. NN addresses treating like content differently depending on the provider. NN has nothing to do with network managment like low latency for VOIP compared to .iso downloads. Nor does it have anything to do with underbuilding capacity while oversubscribing that network.
I think you are correct. Implementation choices are critical to the success or failure.
In your situation, Linux distributions have yet to integrate passkeys so that system would not ask to do the job. The browser is the next possible system that can confuse by offering to do the job. Your browser either has also not yet implemented passkey support or your settings may have disabled passkey support. I use Firefox but an external password manager so I have turned off FF's password storage which may be how it handles passkeys.
I think there are far to many options for implementing passkeys and little guidance. I think the goal was to make passkeys easy to adopt by service providers and many options to help in this goal. The result is to much variation to the end user. Some view them as a secure biometric authentication, others as a secure simple single factor authentication, and the list goes on.
In some implementations, a device's storage is limited so broad adoption will run into a roadblock. Hardware keys storing passkeys as an example, you would need to purchase more hardware keys, but newer ones will have more storage. Passkey loss account recovery suffers from the same problems as forgotten password recovery, the biggest being the weakest link in many implementations. A user does not always get to choose where they can store the passkey in some implementations. Some could be Windows, Mac, Android, iPhone only; sorry penguins and others.
I predict passkeys will be as well accepted as hardware keys, not very.
Are all these 50,000 systems on the Internet? I think some may be so "antiquated" that they are not. Yet they are still able to supply water. They may have other problems, but cybersecurity would hardly need considered.
Antiquated in quotes is because that is a viewpoint from some, and that is part of the problem. Modern does not require everything to be connected. If the only tool you have is a chainsaw, it doesn't mean you use it to hammer in screws.
It is quite possibly a new form of planned obsolescence. 1. hide some vulnerabilities or leave in some found during testing. 2. have patches ready to apply during warranty period. 3. post-warranty, EOL, when new product is available, and profits need a boost; release a remaining vulnerability via dark channels. 4. FU to suckers still using those devices, EOL means no new patches, buy our new ones.
I routinely use passwords longer than 52 characters, whenever they are not limited to less. Same goes for usernames. Both are randomly generated and stored in a password manager. I also use TOTP or U2F token if supported. My password manager master password is longer than 52 characters.
So, OKTA would have likely trashed my attempts to be more secure than average. Nice, NOT.
Exactly!
The perception problem about copyright is largely skewed by the big players in movie, TV, music, picture, and print publishing industries. (not an all-inclusive list) Those entities have pushed the narrative that violation of copyright is stealing of revenue and is akin to taking food from the mouths of babes and even calling the act piracy. Therefore punishment should be steep fines and/or jailtime.
This leads to thinking copyright=proprietary=profits and the opposite of copyright is "public domain"=free. The second part of that is correct "public domain" is free (both gratis and libre) and the opposite of copyright. But copyright is not equal to proprietary or profits. Proprietary/profits just happens to be the most visible use case of copyright.
So many equate "open source" (in any of its' various forms) with "not profit" therefore free (mainly thinking gratis), therefore opposite of copyright, and therefore public domain. All of which it is not by default.
Copyright is a right granted to a creator (i.e author) of qualifying content (i.e. book) to have control of copies of their creation with some limitations such as "fair use". They can demand payment, donations to charity, being kind to strangers, most anything legal for specific uses of copies of their creation. Copyright has value and not just monetary, it has legal force.
The various "open source" licenses would be legally useless without the legal force of Copyright. The creation of Copyright creates the opposition "public domain". Since "open source" relies on copyright it cannot be "public domain".
"Open source" can be free (either gratis or libre or both) or not. Some argue that "source available" software you have to pay for and cannot give away is a form of "open source" and by pure English definition of "open" and "source" they may be right.
Hypocritical? in the sense of using "open source" software to create content under the proprietary/profit copyright use case, ah, okay. As pointed out these users of "open source" just may not have the copyright mindset (profits!) to follow the particular "open source" license restrictions. So demanding stiff penalties for violation of their copyright, but poo-pooing and attempt to enforce a hypothetical violation of an "open source" copyright because it is free (gratis).
I compile the Linux kernel I am using. I do so to simplify the bootstrap from UEFI to the kernel by enabling the EFI stub and to include the modules my system needs to boot and not bother with modules I will never need. I want that freedom. I use Slackware. I compile a lot of what I use. If I wanted to compile all I would use something like Gentoo instead.
That is why I look for the FOSS rather than just "Open Source". The plethora of terms thrown about for decades has thoroughly muddied the waters. There is more to FOSS than just having access to the source. Even in that part of the "Open Source" world you have those who seem to want all software to become not just "Open Source", but FOSS forever.
So, without a standard legal definition "Open Source" by name is interpreted by many to mean any software where the source code is not kept secret even if every other aspect of the software is restrictive as one can imagine.
FOSS "Free and Open Source Software" by name is a bit more descriptive beyond just having access to the source code. But, the definition of "Free" is not immediately clear. Many believe it just means you never pay for FOSS.
Marketers (those are creatures usually found only in the corporate realm) love this type of ambiguity. It allows them to pull all kinds of sneaky excrement to their advantage.
I am fortunate that my home ISP does not have a data cap in my area. They do in other areas though. I do use a lot more data at home than away, the stats are available on their website so I can compare.
My mobile use is far less. I am on a "grandfathered" plan with a 1 GB / month cap. The penalty of overage is throttling. I hardly notice the throttling. The plan was modified recently though. It was a 4G only plan. The carrot(s) on the stick were upgrading to a 5G and / or (limited) unlimited plan all at more cost to me. My carrier no longer has any 4G only so I now have access to 5G, but the wife's phone is only 4G. What are the odds that through attrition I can end up with a 5G (limited) unlimited plan? BTW "normal" price increases have applied so I pay more than I did when I started but all other options cost more.
How much "data" is consumed because of bloat, crap, poor programming, ads, telemetry, data slurp, spying, whatever you want to call it?
"AM broadcast system is under threat, if for no other reason that AM is incompatible with electric vehicles, the shielding problem is just not cost effective to solve."
This is the false narrative from EV manufacturers. Electric vehicles have no special electromagnetic radiation that has not already been seen and controlled to be "compatible" with AM. The problem is not one of not being cost effective, but being prohibitive to maximum profits. I believe there may be FCC rules prohibiting the interference, which of course are also being flaunted.
The local AM station moving to FM likely happened as the easiest route to the station maintaining viability. Their cost to shoulder the fight against EV industry would have been more than their move to FM and they may not have even succeeded.
Too many examples of modern capitalism winning the battles over rules, regulations, laws hindering the pursuit of profits. This cannot end well.
"The original pictures are not copied at any point beyond the initial access, which is presumably (hopefully) permitted since they're on the internet."
I have published original images I have created on the Internet and I have provided copyright notice. People are allowed to view them, that is expected when publishing to the Internet. Seeing as LLMs did not exist at the time of publication, I do not consider this new use as allowable. I have not been contacted by anyone to ask permission to use for training LLMs. If my Internet published images have been used to train LLMs, then it is a copyright infringement. Publishing to the Internet is not releasing to public domain.
"I just think it makes more sense to view the network as a product of the images, and so at most a license violation, not a copyright violation."
Such a license only holds because of copyright, a violation of the license is a violation of copyright.
It is the initial act of accessing the copyrighted work in a way that was not foreseeable that is to be considered copyright infringement. Until a court of law determines one way or another it is up in the air.
I do have to wonder if an LLM is created to train from querying other LLMs would owners of the earlier LLMs cry foul? On what grounds?
All the proposals for breakup variations or other remedies to the monopoly known as Google(Alphabet?) seem to lack a good root cause analysis.
Google(Alphabet?), having been declared a monopoly, should be first required to fully reveal everything to the court. The court should then identify what is the internal root cause of Google(Alphabet?).
Has Google(Alphabet?) already prepared for a government action by restructuring with Alphabet as the top? What other preparations have they done? Are they positioned to eventually thrive after a government action?
Follow the money is a very good method, but not the only method of revealing answers. There may be false answers planted to throw regulators off the real trail.
I suspect ads, specifically targeted ads, and the requisite data collection is a very large factor. I do not assume that is the only cause.
I do not propose a remedy at this time without more information. We are not necessarily entitled to that information, but the courts are.
It did to me so I checked it out. Twilio acquired Authy in 2015.
Never really liked Authy in the first place, but now run as fast as you can.
Never really liked Google Authenticator either for the same reason.
You cannot get away from this data slurp crap, it's everywhere.
So, essentially you are saying you are willing to use third party code to block third party code (and content). Okay, we are all doing it. But, stated the way you did, it sounds illogical.
At least we have the chance to research the third party tools to block the source unknown third party code and content thrown at us from websites.
Firefox ESR is about to bump to the next level which means you will soon see a lot of what recent releases do if you want to stay with a supported version.
I am also using FF ESR with similar but different blocking. I am happy with the current setup, but I am preparing for the change to a new ESR level.
Another issue I have seen with ESR is some sites consider it to be out of date or unsupported, I have had to school a few in the error of their ways.
Not to cause you any worries, but they likely digitize the check in order to convert it to an electronic ACH transaction. An organization the size of AT&T probably has been doing something like that with checks since the MICR print along the bottom of the check was intended to be machine readable for well over 25 years. BTW that MICR print is the RTN and account number, all that is needed to submit an electronic ACH transaction. And they are probably storing it unless they are specifically prohibited from doing so, ah maybe even then.
Everything online because convenience. Nevermind security.
Sell all information because maximum profits. Nevermind privacy.
The "Expert Witness Training" referred to here barely qualifies as training, yet does result in being elevated from a run of the mill expert in a field called as a witness to a bona fide "Legal Expert Witness".
If all that is required is reading a particular section covering behavior as an expert witness and expectations and requirements for a report which requires signing an included acknowledgment of the section's requirements, then that is less onerous than a lot of "safety training" I have had to endure.
The trouble I have with the focus on the expert witness vs. legal expert witness is the overlooking of the requirements of any witness at a trial, be it an eye-witness, ear-witness, nose-witness, expert-witness or legal-expert-witness. A key one is to tell the truth.
I will use US units in my analysis since the amount offered is in US dollars and offered in US cities. A quick search confirmed my estimation of 15,000 US miles per year for vehicles on average in the US. A bit of math tells me this represents 80 cents per mile. Another quick search reveals the US Internal Revenue Service (IRS) allows the maximum of 67 cents per mile for business use of a (passenger) vehicle for tax purposes. There seems to be a bit of over estimation.
I have not found a bank in the US where I can use it's services that uses anything better than SMS. I don't need SMS 2FA, I use the longest password allowed by any service I use, randomly generated, saved to a password manager. These entities implement 2FA because their low hanging fruit customers (password reuse, easy to guess passwords, etc), not for real security. I keep badgering my bank to implement something better than SMS 2FA, I have FIDO U2F keys, passkeys, software authenticator, heck even email these days is better than SMS.
I use Bitwarden for my password manager. It supports passkeys, FIDO U2F, and is a software authenticator. Did I mention I use a 48 character randomly generated master password?
I know, I may seem to be a good target for the effort of cracking my accounts maintaining these high levels of security. I counter that by maintaining a low and even sometimes negative net worth and a poor credit rating.
Over a single transaction. I was purchasing a rare lifetime premium membership only requiring a single payment. The service used paypal for payment processing. I had a paypal account and it was linked to a checking account as they had insisted back then. I was paying with a credit card. Paypal processed the payment as an ACH transaction against the checking account which did not have funds to cover the transaction. I knew full well it did not and did not expect paypal to attempt the ACH transaction. I disputed the transaction with the bank. They attempted to present the transaction again. I disputed again and requested a standing dispute of any and all paypal transactions on the bank account. I then closed my paypal account with a message stating why. I firmly believe that when a form of payment is presented at the point of transaction, only that form should be used even if other forms' details are known by the processor.
I had to call the service provider to purchase the membership over the phone. The lifetime turned out to be lifetime of the service. It was assimilated by IBM.
The first thing that came to mind was "this application must be installed and executed with full admin rights" so frequently found in instructions and FAQS. Plenty of other examples of "turn off security and it will work" exist.
A secure by design system is completely incompatible with an insecure by design system.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
