Posts by hayzoos

Assisted in a TLA investigation once.

The machines were setup in the company's *********. There were a ******* of investigators from the ***** *****. I was there to ******* systems after ***** was ********. During the process ******* of the investigators ****** with *******. I "overheard" the ****** with ***** and suggested ****** to be able to ***** the *****. So to make a ***** story *****, I saved the *** by giving the investigators the **** they ******* to ********* the *********. These guys though just **** did not **** the way ***** blokes do. All I got for ******* their ***** was a *** on the ***** and a *****. I would tell more but the **** of **** prevents me from **** that *****.

CDNs are evil!

Okay, got your attention. But, The Internet core design philosophy is completely subverted by global oligopolistic CDNs. Because of CDNs, your use of the internet is insulated from the real Internet. The servers people intended to contact were not down, yet they were down. The Internet design was to be able to route around "failures". I submit that CDNs as implemented are breaking The Internet.

Impressive

In today's common OS/userland design, this is impressive. So many libraries, so many dependencies. I have not looked into the Ubuntu issue mentioned, but if I were a betting man, I would bet on new systemd features.

There are still programs though which eschew the library approach to solve a single required function out of dozens or hundreds provided by the library. These are good candidates for this approach.

I disagree with the notion that this is not computer science, but hacking (in the traditional beneficial sense if hacking). In my studies of computer science, this is exactly what computer science can be leveraged for. I believe computer science practised at this level is hacking and vice versa. Not every computer scientist can do something such as this, likewise for the hackers. I suggest the title of Computer Science Boffin be bestowed upon Justine Tunney.

Safari behaviour is not new

I do not block cookies, any cookies. They do not survive past the browsing session though. I strive for no web browsing persistence. I have been using this anti-tracking approach since I first detected the practice of web tracking. I do block third-party code by default, that is dangerous, remote code execution has it's own category of exploits. So I do not feel comfortable allowing my computer to execute code from an entity I do not trust (ad flingers for example) chosen by an entity I barely trust (anybody outside my circle of real friends and close family).

Google has weaselled their way into my paystream. My employer uses an outsourced payroll company, paperless and direct deposit required as is the new standard. Said payroll company is using Google's captcha service. Many other service providers I am forced to use are doing the same. It is fast becoming the only way to avoid Google is to go off-grid.

I don't like it

I have accepted the fancied up k9 grudgingly. I just want email, text only. I do not want calendars, swipe to do whatever, gestures, etc. This is the reason why I use claws for the computer. I tried using Thunderbird for a while. Things change dramatically out of nowhere. I prefer the ISO style of date/time format, TB broke that by adopting CLDR and not having a custom format option available for *nix. It got "fixed" after a year or so. The reason *nix did not get custom? No API for custom format. Hmm, *nix locale system uses the oldest and most stable style of API like all POSIX systems do. The users' custom format preference can be queried from the command line or programatically using nearly the same syntax. I guess if it does not use object oriented calls and maybe binary blobs, it is not an API. No problem, I'm sure systemd will provide the service shortly.

Time to start looking for a more basic android email client.

I wonder how many forms visited by Little Bobby Tables have caused havoc. Maybe he should visit more sites and try out their forms.

TOS are part of the contract

Terms of Service are part of the agreement between the service provider and the user, a contract.

In the US you cannot sign away constitutional rights in a contract, at least that was the established view of law.

The ruling is counter to a number of previously established legal tenets.

I do agree with the analogy given by DS999 concerning photographing or copying physical documents. It is still seizure in regards to obtaining evidence even if the suspect (not yet proven a criminal) is not deprived of the documents.

The rules for the government laid out in the constitution are there to keep the government from going against the very people granting the power to the government. The constitution starts "We the people" for a reason, not just a catchy phrase.

The only way to do it

At an earlier job supporting maintenance at healthcare facilities, I saw the same first hand for the power at one of the facilities we managed. The maintenance manager was considered a renegade. He tested his facility power backup systems by shutting off the mains, regularly once a month at a random time and day.

He had one of the best maintained facilities of all the ones we managed. Some said he was nuts, risking operations and ICUs with life support needs. He said does it matter if the power loss is "an act of god" or of my doing? He also said, "I do my best to make sure the systems will perform as planned." There was an issue once during one of his tests, he was able to revert back to the mains when things went south.

I had done similar in an earlier programming job on an Apple II system. It was so resilient, that you could pull the plug in the middle of data entry data loss was limited to the field being entered. Pulling the plug during acceptance testing was how I answered the question of how does it respond to a power loss.

"They also can downgrade to a lower JDK version such as version 8, though doing so "could impact application features and open doors to other attacks mitigated in higher versions of JDK," the researchers wrote."

The botnet tools like Mirai are not single function, they are toolsets. The nature of IOT is ship and forget. I would be highly surprised that they do not carry exploits for multiple versions since not doing so would leave a lot of older targets unused. So, um, no, downgrading to avoid the exploit du jour is not going to help in the larger scheme.

It's too hard!!!

Wow, just wow. The producers of modern web browsers (nearly as, neigh, as complex as an OS) cannot programatically change all settings associated with default browser?

I am not in any way defending Microsoft for making the process as complex as possible.

Something is odd that Google is not prominent or even present in the list of complainants. Maybe not.

Follow the money

Google is further developing its ad revenue stream through user data acquisition. Its new updates and APIs are designed with that in mind. Only way to ensure adoption is by force of killing off apps using old APIs.

Goes beyond open source

I will admit TLDR for licences in question. I will make an assumption, the two original licences were not self-conflicting. Licences are a form of contract. Courts abhor conflicting contracts. In attempts to have a contract remain in effect when a court finds a conflict, they usually include a severance clause which basically allows an "illegal" part of a contract to be removed, but the remainder of the contract stands. Without a severance clause, the court will throw out the entire contract.

What we have here is a self-conflicting licence which the court seems to be ignoring the conflict.

This could set precedent on software licences and how to handle self-conflicts as a subset of contract law. It would apply to open|closed source licenses if they are self-conflicting.

Just keep in mind that "AGPL v3+Common Clause" is a different beast than either "AGPL v3" or "Common Clause", in spite of how similar they may seem.

battery and such

Wireless charging, hmm, good idea. Is the battery replaceable? Oh, wait, can the battery overheat, bulge, catch fire, explode? One can only hope that a proven medical device battery technology be considered rather than being cool with the latest tech all around. Will the device be crackable/hackable?

Bait and switch

John Deere of old earned a reputation of making good farm equipment. The reason why people bought the new DRM'ed equipment is because they had no idea. They were buying on the reputation. It was not until something broke down that they became aware that John Deere had changed. By then it was too late to vote with their wallet. Although, you can be sure next time they will shop around for a better deal.

Google has been getting worse lately. I use uMatrix as part of my tracking blocking strategy. I see even here googletagmanager.com, google-analytics.com and doubleclick.net are part of the comments page. Captchas have been getting more pervasive and most provided by google. I am really trying to wean from google but they are finding ways to be everywhere. Some sites are unusable unless I allow some or all of google interaction. I would like to just say no, but I need to use many of these sites.

Let's say I authored a piece of software that meets my needs. I thought others may benefit so released it under an open source license. Over the years bugs were fixed as I or others found them at the pace I could manage as a hobby at my discretion. Over a decade or so this software became ubiquitous, in use by other individuals, small companies, large companies, giant companies, and multinational conglomerates. Some may just be using the software minimally, others daily but for their own use, and others incorporate it into products or services they sell for a profit.

I should expect to see bug reports, feature requests, bug fixes, feature code, etc. Still not making any profit from the venture, I am still the hobbyist programmer. Sure I may see donations here and there to cover the cost of hosting distribution and maybe some additional costs all tied to the existence of the software. Then a "sky is falling" type of "security" bug is found when the software is used on or connected to the Internet. Now, I see fame as the author of the bug. I see demands from all, those using the software and not, those donating and not, those contributing and not, those helping and not; to fix this insidious bug I created. Why do I feel the loudest demands would be from the "nots"?

Let's say I am not using and never designed the software to be used on on or connected to the Internet. I look at the bug and state, "Do NOT use it on or connect it to the Internet" as my fix. Am I obligated to do any more? In looking over the users of the software some would appear to have more of an obligation to fix it than I. Depending on the original license chosen, a fork could be made and fix implemented possibly allowing the fork to become closed source or remain open source as a new project.

What obligation does one have as an author of an open source program? What obligation does one have as a user of open source software? Does it depend on means? Does it depend on use? Does it depend on anything?