* Posts by hayzoos

455 publicly visible posts • joined 2 Jul 2014

Page:

Signal shuts the blinds on Microsoft Recall with the power of DRM

hayzoos

Re: Microsoft provides instructions

Better understood, thanks. No fear opting in, since one can always choose what to keep out of recall. Easier than herding snails.

Gotta love these "Evil Corps." (TM) always thinking of the paranoid and providing ways to ease their worried minds.

Just like Google and the street view WiFi mapping option to keep your WiFi network out of their database by adding a Google unique string to your network name. Too bad it doesn't scale to all would be WiFi mappers.

hayzoos
Linux

Re: False sense of security

"One reason why I love that it's (not yet) in Linux."

What is the "it" (not yet) in Linux? Recall? Preventing screen shots?

A quick search eliminated Signal as the "it". Linux has a lot of available DRM even some not digital rights management DRM.

OS-busting bug so bad that Microsoft blocks Windows Insider release

hayzoos

Re: Where is the website suggesting more outlandish uses for AI ?

AI idiot lights

Downward DOGE: Elon Musk keeps revising cost-trimming goals in a familiar pattern

hayzoos

Still highly inefficient, producing more waste heat than kinetic energy. Mostly due to inefficient ICE designs and implementations. Gas-electric hybrids and diesel-electric locomotives show improved implementation, but still off the efficiency mark.

What to do once your Surface Hub v1 becomes an 84-inch, $22K paperweight

hayzoos

BSOD

I thought "Art Installation!" Display a BSOD (or is it GSOD now?) Then place it up for auction. Only problem, it has probably already been seen, nothing new, novelty already worn.

Whistleblower describes DOGE IT dept rampage at America's labor watchdog

hayzoos

A little more to the story

The whistleblower was left a threatening letter taped to his front door. Detail in the letter intended to scare him was recently updated information which should have been only available from a government database like OPM. IOW threat came from government insider. But with OPM's history and other recent DOGEy events, this info may very well be found outside government.

He states he is hoping others like him in other agencies visited by DOGE come forward as well. Apparently, his lawyer has uncovered information that there are others who have witnessed similar activity at other agencies when DOGE paid a visit.

I do not know for sure, but as a user I experienced something I thought was odd at usps.gov. It was in the timeframe DOGE was invited by former postmaster general Louis DeJoy to review the USPS efficiency just prior to DeJoy's stepping down from the job. I was attempting to login to usps.gov when I recieved an odd message, "their MFA was not working". I expected the login to fail, but no, the login succeded without MFA (TOTP is configured on my account). I had sent a message complaining about allowing account logins when MFA was not working. I cannot remember for sure, but I think it happened again a few days later. Was this caused by DOGE?

Pennsylvania’s once top coal power plant eyed for revival as 4.5GW gas-fired AI campus

hayzoos

Natural Gas it is then

There is plenty of natural gas well and pipeline infrastructure in the area, I doubt hydrogen is seriously being considered. As noted in the article, electrical infrastructure is present as well. I am not so sure about Internet though. That should not be as much to establish though.

The coal thing was soo trump 1.0, Trump 2.0 got in on "Drill baby, Drill". Natural Gas & AI, so apropos for Trump 2.0.

Privacy died last century, the only way to go is off-grid

hayzoos

Horse has bolted, burn the barn

I am sure information about me is out yonder many times over. Instead of trying to prevent its' loss (too late), or getting it all back (try herding cats?), why not address its' mis-use? How you ask? Damn good question. I have not put enough thought into it.

Vivaldi bakes Proton VPN into browser to boost privacy

hayzoos

Network services are a system level service

Browsers should not be implementing system level services. I use more than a web browser. I have DNS client, no proxy, VPN, and more configured at the system level. I do not want any network capable application trying to override these settings. There should be only one system level certificate store, so dodgy root certificates can be blacklisted thoroughly in one location, not in each and every application.

Credible nerd says stop using atop, doesn't say why, everyone panics

hayzoos

My response

I checked if I had it installed even before I knew how it behaved. I guessed it was a process monitor of sorts. It was not installed. Then I continued to read the article and subsequently comments. At this point I discovered it is unique amongst process monitors in that it runs in the background and writes log entries as root by default. That to me sounds like the sort of tool to use for troubleshooting and put it away when done. I imagine it may have options for verbosity of logs, running as a lower privileged user, maybe some other neat features. I need to try and remember this one if I have the need. As usual, I would probably RTFM before cutting it loose on a system.

I say good call on the warning. It could have easily been installed and forgotten. Also some OSes may have "helpfully" included it as a standard package.

Oh Brother. Printer giant denies dirty toner tricks as users cry foul

hayzoos

My printing experience

TLDR; Canon multifunction inkjet seems OK for the moment, Samsung also sold out to HP, I always printed minimally and had unique solutions.

Work: Buyer found Canon multifuncion inkjet fits the bill. My annoyance is driver proliferation, every model variance needs a different driver no matter how similar the printers or model numbers look. Seem to do well otherwise and take a beating.

Home: Current is an old Samsung multifunction laser flatbed scanner (& unused fax) SXC-3405W. It does not phone home and no Windows machine to help it do so. I have updated the firmware a couple of times, but stopped when I found the next would be hostile to non-OEM consumables. That may have been near the time Samsung handed the printer division over to HP. It still chugs along. Early built-in WiFi era printer also has USB-B.

The SCX-3405W replaced a ML-1740 laser only Samsung. That is also still going strong, I just installed a driver in daughter's Windows 11 laptop (she needs Windows for a work software requirement). Win11 cannot find the driver on its own. The ML-1740 has never had a firmware upgrade, I do not know if it has the "feature" of consumer upgrade-ability. The reason I replaced this printer was Windows (I was a user at the time) dropped support for the flatbed scanner I had and the manufacturer played along. USB-B and Centronics era printer. I would still be using it had I not found the printer/scanner at a good price.

Prior I had two inkjet printers which I deemed to be crap, did not last long, so much trouble with ink, not worth the effort just to have color.

Before that I had a 9-pin and later a 24-pin dot-matrix. This is when my printing needs had dropped so low that I had taken to storing the ribbon cartridge sealed in plastic wrap in the freezer. I would take it out to acclimate prior to unsealing and then print, and put it back in cold storage for months or a year between printing.

Way back in my Apple //c ownership era, I sourced a serial interface thermal printer intended for the IBM-PCjr. It could use fax paper or the paper for and Apple thermal printer. A copier would produce an excellent copy from the thermal printout for a longer lasting and not curled document to turn in homework at college.

Have I Been Pwned likely to ban resellers from buying subs, citing 'sh*tty behavior' and onerous support requests

hayzoos

I have this type of access for my family personal domain. A DNS key is how I prove ownership, I think there are some other options. I don't have to pay for that access. It also does not represent but less than 100 email addresses at most and many of those should never end up on HIBP. It allows me to alert family members when they have been pwned. I decided to do that after they never signed up with HIBP individually. It is for me almost a set it and forget it, until a breach results in any of those addys being in HIBP. I have contributed though, don't like to freeload.

I think there other types of API access with more "features" which would cost more time and resource. Those are the type scummy resellers (Cost Added Resellers CARs not VARs) latched onto.

Amazon, Google asked to explain why they were serving ads on sites hosting CSAM

hayzoos

Re: Magic Bullet

I was thinking along similar lines. I'm going to be generous and allow that AI can do better than just matching a known image. But that does bring about a question. How is the AI supposed to identify CSAM or anything illegal unless such content was part of it's training? Presents sort of a conundrum, don't it?

Eggheads crack the code for the perfect soft boil

hayzoos

modern cooking prevails

I hear an air fryer can complete the task in 20 minutes. Ten minutes in preheated air fryer at 250 degrees F (121 degrees C for those outside the USAian universe). Follow that with 10 minutes in an ice bath.

For the latest and greatest use an instapot, as the name suggests it's nearly instant.

Absolute Linux has reached the end – where to next?

hayzoos

Re: Just what you need

My current machine is my first UEFI and no Wintax. I researched the UEFI quite a bit. I arrived at the following boot configuration: my active kernel is /boot/efi/EFI/BOOT/BOOTX64.EFI which I compile with the config option EFI boot stub enabled and "root=/dev/nvme0n1p3 ro". It started from the Slackware Huge kernel config adding those and other related options plus the custom kernel identifier so nobody mistakes it for a generic kernel. Had I left it there the SSD could be installed in most UEFI machines and boot since most everything needed is in the kernel and residing at the fallback boot file, no initramfs or bootloader needed. But I have been trimming away at unneeded modules and config items so eventually this may only boot a similar model or even just this machine. I keep a true Slackware huge UEFI bootable kernel for recovery accessible from a UEFI shell and some specific versions for troubleshooting reference.

I like lightweight, but functionality is important. Getting the right balance takes some work.

GM parks claims that driver location data was given to insurers, pushing up premiums

hayzoos

The coverage is for the vehicle. The rating formula factors in the "rated driver" on the policy. Good luck in figuring out the formula. Some insurance companies had considered all driving age people in a household for the rating, even if one or more had their own insurance, even if with another insurance company. I do not know if that is still practiced. Insurance is regulated in the US at the state government level.

FCC net neutrality rules dead again as appeals court sides with Big Telco

hayzoos

Re: Such shallow coverage, El Reg

None of that has anything to do with NN. NN addresses treating like content differently depending on the provider. NN has nothing to do with network managment like low latency for VOIP compared to .iso downloads. Nor does it have anything to do with underbuilding capacity while oversubscribing that network.

Will passkeys ever replace passwords? Can they?

hayzoos

I think you are correct. Implementation choices are critical to the success or failure.

In your situation, Linux distributions have yet to integrate passkeys so that system would not ask to do the job. The browser is the next possible system that can confuse by offering to do the job. Your browser either has also not yet implemented passkey support or your settings may have disabled passkey support. I use Firefox but an external password manager so I have turned off FF's password storage which may be how it handles passkeys.

I think there are far to many options for implementing passkeys and little guidance. I think the goal was to make passkeys easy to adopt by service providers and many options to help in this goal. The result is to much variation to the end user. Some view them as a secure biometric authentication, others as a secure simple single factor authentication, and the list goes on.

In some implementations, a device's storage is limited so broad adoption will run into a roadblock. Hardware keys storing passkeys as an example, you would need to purchase more hardware keys, but newer ones will have more storage. Passkey loss account recovery suffers from the same problems as forgotten password recovery, the biggest being the weakest link in many implementations. A user does not always get to choose where they can store the passkey in some implementations. Some could be Windows, Mac, Android, iPhone only; sorry penguins and others.

I predict passkeys will be as well accepted as hardware keys, not very.

Volunteer DEF CON hackers dive into America's leaky water infrastructure

hayzoos

On The Internet

Are all these 50,000 systems on the Internet? I think some may be so "antiquated" that they are not. Yet they are still able to supply water. They may have other problems, but cybersecurity would hardly need considered.

Antiquated in quotes is because that is a viewpoint from some, and that is part of the problem. Modern does not require everything to be connected. If the only tool you have is a chainsaw, it doesn't mean you use it to hammer in screws.

Teen serial swatter-for-hire busted, pleads guilty, could face 20 years

hayzoos

Re: D-Link: "...all should be retired immediately."

It is quite possibly a new form of planned obsolescence. 1. hide some vulnerabilities or leave in some found during testing. 2. have patches ready to apply during warranty period. 3. post-warranty, EOL, when new product is available, and profits need a boost; release a remaining vulnerability via dark channels. 4. FU to suckers still using those devices, EOL means no new patches, buy our new ones.

Why the long name? Okta discloses auth bypass bug affecting 52-character usernames

hayzoos

Re: Dumb hash implementation

I routinely use passwords longer than 52 characters, whenever they are not limited to less. Same goes for usernames. Both are randomly generated and stored in a password manager. I also use TOTP or U2F token if supported. My password manager master password is longer than 52 characters.

So, OKTA would have likely trashed my attempts to be more secure than average. Nice, NOT.

An awful lot of FOSS should thank the Academy

hayzoos

Re: bit hypocritical?

Exactly!

The perception problem about copyright is largely skewed by the big players in movie, TV, music, picture, and print publishing industries. (not an all-inclusive list) Those entities have pushed the narrative that violation of copyright is stealing of revenue and is akin to taking food from the mouths of babes and even calling the act piracy. Therefore punishment should be steep fines and/or jailtime.

This leads to thinking copyright=proprietary=profits and the opposite of copyright is "public domain"=free. The second part of that is correct "public domain" is free (both gratis and libre) and the opposite of copyright. But copyright is not equal to proprietary or profits. Proprietary/profits just happens to be the most visible use case of copyright.

So many equate "open source" (in any of its' various forms) with "not profit" therefore free (mainly thinking gratis), therefore opposite of copyright, and therefore public domain. All of which it is not by default.

Copyright is a right granted to a creator (i.e author) of qualifying content (i.e. book) to have control of copies of their creation with some limitations such as "fair use". They can demand payment, donations to charity, being kind to strangers, most anything legal for specific uses of copies of their creation. Copyright has value and not just monetary, it has legal force.

The various "open source" licenses would be legally useless without the legal force of Copyright. The creation of Copyright creates the opposition "public domain". Since "open source" relies on copyright it cannot be "public domain".

"Open source" can be free (either gratis or libre or both) or not. Some argue that "source available" software you have to pay for and cannot give away is a form of "open source" and by pure English definition of "open" and "source" they may be right.

Hypocritical? in the sense of using "open source" software to create content under the proprietary/profit copyright use case, ah, okay. As pointed out these users of "open source" just may not have the copyright mindset (profits!) to follow the particular "open source" license restrictions. So demanding stiff penalties for violation of their copyright, but poo-pooing and attempt to enforce a hypothetical violation of an "open source" copyright because it is free (gratis).

The open secret of open washing – why companies pretend to be open source

hayzoos

Re: Who does that now?

I compile the Linux kernel I am using. I do so to simplify the bootstrap from UEFI to the kernel by enabling the EFI stub and to include the modules my system needs to boot and not bother with modules I will never need. I want that freedom. I use Slackware. I compile a lot of what I use. If I wanted to compile all I would use something like Gentoo instead.

That is why I look for the FOSS rather than just "Open Source". The plethora of terms thrown about for decades has thoroughly muddied the waters. There is more to FOSS than just having access to the source. Even in that part of the "Open Source" world you have those who seem to want all software to become not just "Open Source", but FOSS forever.

So, without a standard legal definition "Open Source" by name is interpreted by many to mean any software where the source code is not kept secret even if every other aspect of the software is restrictive as one can imagine.

FOSS "Free and Open Source Software" by name is a bit more descriptive beyond just having access to the source code. But, the definition of "Free" is not immediately clear. Many believe it just means you never pay for FOSS.

Marketers (those are creatures usually found only in the corporate realm) love this type of ambiguity. It allows them to pull all kinds of sneaky excrement to their advantage.

FCC probes whether it can pop a cap in ISP data caps

hayzoos

I do not use that much

I am fortunate that my home ISP does not have a data cap in my area. They do in other areas though. I do use a lot more data at home than away, the stats are available on their website so I can compare.

My mobile use is far less. I am on a "grandfathered" plan with a 1 GB / month cap. The penalty of overage is throttling. I hardly notice the throttling. The plan was modified recently though. It was a 4G only plan. The carrot(s) on the stick were upgrading to a 5G and / or (limited) unlimited plan all at more cost to me. My carrier no longer has any 4G only so I now have access to 5G, but the wife's phone is only 4G. What are the odds that through attrition I can end up with a 5G (limited) unlimited plan? BTW "normal" price increases have applied so I pay more than I did when I started but all other options cost more.

How much "data" is consumed because of bloat, crap, poor programming, ads, telemetry, data slurp, spying, whatever you want to call it?

FCC fines be damned, ESPN misuses emergency alert tones yet again

hayzoos

Re: Interesting how every other country manages without this tone thing

"AM broadcast system is under threat, if for no other reason that AM is incompatible with electric vehicles, the shielding problem is just not cost effective to solve."

This is the false narrative from EV manufacturers. Electric vehicles have no special electromagnetic radiation that has not already been seen and controlled to be "compatible" with AM. The problem is not one of not being cost effective, but being prohibitive to maximum profits. I believe there may be FCC rules prohibiting the interference, which of course are also being flaunted.

The local AM station moving to FM likely happened as the easiest route to the station maintaining viability. Their cost to shoulder the fight against EV industry would have been more than their move to FM and they may not have even succeeded.

Too many examples of modern capitalism winning the battles over rules, regulations, laws hindering the pursuit of profits. This cannot end well.

Post-CrowdStrike catastrophe, Microsoft figures moving antivirus out of Windows kernel mode is a good idea

hayzoos

Re: How will AVs function without being in the kernel

eBPF has been ported to Windows. So that is a definite candidate for the type of solution being sought. It was Microsoft doing the port. I cannot state how ready it is. It may have come along for the ride with WSL.

WhatsApp's 'View Once' could be 'View Whenever' due to a flaw

hayzoos

Think about it

There is a certain irony in th statement; "We continue to encourage users to only send view once messages to people they know and trust.”

Deadline looms: Google Workspace mandates OAuth by September 30

hayzoos

Legacy apps & devices

One solution is to setup your own mail server for legacy apps and devices. If the legacy stuff is all internal, then it makes even more sense to keep them from connecting externally.

AI stole my job and my work, and the boss didn't know – or care

hayzoos

Re: "Stored in a retrieval system"

"The original pictures are not copied at any point beyond the initial access, which is presumably (hopefully) permitted since they're on the internet."

I have published original images I have created on the Internet and I have provided copyright notice. People are allowed to view them, that is expected when publishing to the Internet. Seeing as LLMs did not exist at the time of publication, I do not consider this new use as allowable. I have not been contacted by anyone to ask permission to use for training LLMs. If my Internet published images have been used to train LLMs, then it is a copyright infringement. Publishing to the Internet is not releasing to public domain.

"I just think it makes more sense to view the network as a product of the images, and so at most a license violation, not a copyright violation."

Such a license only holds because of copyright, a violation of the license is a violation of copyright.

It is the initial act of accessing the copyrighted work in a way that was not foreseeable that is to be considered copyright infringement. Until a court of law determines one way or another it is up in the air.

I do have to wonder if an LLM is created to train from querying other LLMs would owners of the earlier LLMs cry foul? On what grounds?

Google is a monopoly. The fix isn't obvious

hayzoos

Root cause analysis

All the proposals for breakup variations or other remedies to the monopoly known as Google(Alphabet?) seem to lack a good root cause analysis.

Google(Alphabet?), having been declared a monopoly, should be first required to fully reveal everything to the court. The court should then identify what is the internal root cause of Google(Alphabet?).

Has Google(Alphabet?) already prepared for a government action by restructuring with Alphabet as the top? What other preparations have they done? Are they positioned to eventually thrive after a government action?

Follow the money is a very good method, but not the only method of revealing answers. There may be false answers planted to throw regulators off the real trail.

I suspect ads, specifically targeted ads, and the requisite data collection is a very large factor. I do not assume that is the only cause.

I do not propose a remedy at this time without more information. We are not necessarily entitled to that information, but the courts are.

Twilio's Segment SDK challenged with wiretapping claim

hayzoos

Does this sound familiar? Twilio Authy

It did to me so I checked it out. Twilio acquired Authy in 2015.

Never really liked Authy in the first place, but now run as fast as you can.

Never really liked Google Authenticator either for the same reason.

You cannot get away from this data slurp crap, it's everywhere.

NASA mulls using SpaceX in 2025 to rescue Starliner pilots stuck on space station

hayzoos

Most important opinion

I do not recall reading about the opinion of the most important experts. What do the astronauts think? I believe their opinion should factor most highly in the decision.

CrowdStrike blames a test software bug for that giant global mess it made

hayzoos
Joke

Automated update distribution

I thought of a spinoff of the suggestion to test on their own systems. Make sure the distribution system is in the test group. Then a catastrophic crash will render the distribution system unable to distribute the problem update. Problem solved.

hayzoos

Re: What is old becomes new again

Lemme guess, gave the same order then as now.

Publish first at all cost.

Google's plan to drop third-party cookies in Chrome crumbles

hayzoos

Ummm, logic?

So, essentially you are saying you are willing to use third party code to block third party code (and content). Okay, we are all doing it. But, stated the way you did, it sounds illogical.

At least we have the chance to research the third party tools to block the source unknown third party code and content thrown at us from websites.

hayzoos

I'm with you, but . . .

Firefox ESR is about to bump to the next level which means you will soon see a lot of what recent releases do if you want to stay with a supported version.

I am also using FF ESR with similar but different blocking. I am happy with the current setup, but I am preparing for the change to a new ESR level.

Another issue I have seen with ESR is some sites consider it to be out of date or unsupported, I have had to school a few in the error of their ways.

Call, text logs for 110M AT&T customers stolen from compromised cloud storage

hayzoos

Re: The low cost of staying relatively safe

Not to cause you any worries, but they likely digitize the check in order to convert it to an electronic ACH transaction. An organization the size of AT&T probably has been doing something like that with checks since the MICR print along the bottom of the check was intended to be machine readable for well over 25 years. BTW that MICR print is the RTN and account number, all that is needed to submit an electronic ACH transaction. And they are probably storing it unless they are specifically prohibited from doing so, ah maybe even then.

Everything online because convenience. Nevermind security.

Sell all information because maximum profits. Nevermind privacy.

Big Tech's eventual response to my LLM-crasher bug report was dire

hayzoos

I wonder . . .

How would these LLMs fare under prompt fuzzing?

Former Fujitsu engineer apologizes for role in Post Office IT scandal

hayzoos

Expert Witness Training

The "Expert Witness Training" referred to here barely qualifies as training, yet does result in being elevated from a run of the mill expert in a field called as a witness to a bona fide "Legal Expert Witness".

If all that is required is reading a particular section covering behavior as an expert witness and expectations and requirements for a report which requires signing an included acknowledgment of the section's requirements, then that is less onerous than a lot of "safety training" I have had to endure.

The trouble I have with the focus on the expert witness vs. legal expert witness is the overlooking of the requirements of any witness at a trial, be it an eye-witness, ear-witness, nose-witness, expert-witness or legal-expert-witness. A key one is to tell the truth.

'One Less Car' Uber bets a grand you'll ditch your wheels

hayzoos

mathematically speaking

I will use US units in my analysis since the amount offered is in US dollars and offered in US cities. A quick search confirmed my estimation of 15,000 US miles per year for vehicles on average in the US. A bit of math tells me this represents 80 cents per mile. Another quick search reveals the US Internal Revenue Service (IRS) allows the maximum of 67 cents per mile for business use of a (passenger) vehicle for tax purposes. There seems to be a bit of over estimation.

systemd 256.1: Now slightly less likely to delete /home

hayzoos

Incredible! It is worse than I thought.

AWS is pushing ahead with MFA for privileged accounts. What that means for you ...

hayzoos

Re: "why not try a passkey?"...

Please explain vendor lock-in in regards to passkeys. I am using passkeys and do not see a lock-in in my use of them.

Stanford Internet Observatory wilts under legal pressure during election year

hayzoos

To update Churchill's observation for modern social media times: "A lie has run around the world five times before the truth decides to mute or snooze the alarm clock"

Volvo recalls all of its 72K EX30 cars due to software bug that obscures speedometer

hayzoos

In my day...

Speedometers used to be an add on device. Stewart-Warner was a well known provider of automotive instruments.

HP BIOS update renders some ProBook laptops expensive paperweights

hayzoos

Re: HP knows that most will not bother ...

Even better. Some jurisdictions do not allow lawyers in the small claims courts. Many a judgement by default has occurred in such jurisdictions when an officer of the corp. failed to show. Collecting on the judgment is another battle.

Snowflake customers not using MFA are not unique – over 165 of them have been compromised

hayzoos

Any suggestions?

I have not found a bank in the US where I can use it's services that uses anything better than SMS. I don't need SMS 2FA, I use the longest password allowed by any service I use, randomly generated, saved to a password manager. These entities implement 2FA because their low hanging fruit customers (password reuse, easy to guess passwords, etc), not for real security. I keep badgering my bank to implement something better than SMS 2FA, I have FIDO U2F keys, passkeys, software authenticator, heck even email these days is better than SMS.

I use Bitwarden for my password manager. It supports passkeys, FIDO U2F, and is a software authenticator. Did I mention I use a 48 character randomly generated master password?

I know, I may seem to be a good target for the effort of cracking my accounts maintaining these high levels of security. I counter that by maintaining a low and even sometimes negative net worth and a poor credit rating.

Digital Realty CTO weighs in on AI's insatiable thirst for power

hayzoos

Re: And to think we used to be worried about EV's draining the grid!

We are so close to a trifecta. All we need is an EV with AI that mines Bitcoin.

Microsoft Research chief scientist has no issue with Windows Recall

hayzoos

Re: Dual Boot

I gave up on dual boot long ago. Windows update has a long history of breaking dual boot. Usually Windows will continue to boot, but sometimes even that is broken.

PayPal is planning an ad network built off your purchase history

hayzoos

Ditched paypal long ago

Over a single transaction. I was purchasing a rare lifetime premium membership only requiring a single payment. The service used paypal for payment processing. I had a paypal account and it was linked to a checking account as they had insisted back then. I was paying with a credit card. Paypal processed the payment as an ACH transaction against the checking account which did not have funds to cover the transaction. I knew full well it did not and did not expect paypal to attempt the ACH transaction. I disputed the transaction with the bank. They attempted to present the transaction again. I disputed again and requested a standing dispute of any and all paypal transactions on the bank account. I then closed my paypal account with a message stating why. I firmly believe that when a form of payment is presented at the point of transaction, only that form should be used even if other forms' details are known by the processor.

I had to call the service provider to purchase the membership over the phone. The lifetime turned out to be lifetime of the service. It was assimilated by IBM.

British Library's candid ransomware comms driven by 'emotional intelligence'

hayzoos

Re: Reading the report...

The first thing that came to mind was "this application must be installed and executed with full admin rights" so frequently found in instructions and FAQS. Plenty of other examples of "turn off security and it will work" exist.

A secure by design system is completely incompatible with an insecure by design system.

Page: