Posts by hayzoos

Not an ATM but similar

I live in an area where there were a lot of coal mines and therefore coal miners. This was a time before ATMs. A few of the coal miners hatched a plan to blast a bank's night deposit box to obtain the booty. At least one of the miners knew how to figure out how much explosive was needed for a given blast. So they swiped some explosive from work and executed the plan. They chose a small branch office. They took out the entire corner of the building and there was no booty, but charred deposits flying in the air. The bricks, glass, metal, etc. flew more distinctive ballistic paths and fell to the ground rather quickly.

The incident was responded to by the local police and firefighters. Being this occurred in the US, later the FBI and Secret Service also arrived. It was determined that the miner figuring the explosive charge was adept at blasting rock underground. But, an above ground freestanding building does not present as much buffering mass to contain a blast. Nobody was injured.

WWW and privacy, LOL

I know Sir Tim Berners-Lee does support privacy in his more recent statements.

But does anybody else see the irony in his appointment to a privacy based email service?

The man most famous for giving us the WWW using hypertext to allow us easier access to all the world's information on the Internet. He is now to advise on how to keep information private using the Internet.

Toss those cookies

The whole cookie deal is too complex for the average punter. Session cookies, first party cookies, third party cookies (what about second party cookies), cookie expiration, tracking cookies, why not call them biscuits, fortune cookies; the head spins.

Even here they are not fully understood. First party cookies are not only session cookies. How does a site "keep me logged in" or "remember me" or in some poor implementation instances "remember my preferences"? Answer: first party cookies which are not session cookies. Did you know a session cookie can also be a third party cookie? See, not clear cut. I am sure I do not know all the flavors of cookies or biscuits.

Part of my anti-tracking routine is starting all browser sessions with a clean slate, no site related data retained by the browser. I also attempt to block other tracking methods but it is not easy. Nor do I think I am being complete and successful. I only hope to not be the low hanging fruit.

My wish for the decision (even though I am extra-jurisdictional) is that it not make my approach harder or ineffective. Being a USAian I do not expect to benefit from the EU or UK attempts to curb the private data slurp. On the other hand, I should also not suffer from poor implementations like cookie consent banners.

That is all.

Tax Evasion

I have to wonder how much tax would be generated. First, let me state that I prefer the more limited view of cryptocurrency broker because I see too much cost expended to collect too little extra revenue with the more expanded view. Those supporting the expanded view may have a different thing in mind . . . end cryptocurrency. I say if you want to end cryptocurrency, you should say so and act more directly.

How much cryptocurrency value is from fiat currency conversion directly and how much is due to the rise in "value" due to speculation? The US is currently treating cryptocurrency as an investment and taxing as such, only when the the conversions between crypto and fiat and vice versa take place. If a relatively small amount of fiat is converted, then a relatively small amount of revenue on that end. If a relatively small amount of crypto is converted to fiat then same. I suspect most of the "value" of crypto is not going to be converted to fiat and that "value" may virtually disappear should a run in crypto cash out occur.

There may not be as much revenue to be had as the politicians think. Even worse, US tax law also allows for consideration of investment losses to partially reduce tax liability. Those details may or may not apply to crypto investment, but they have to think it through.

As per tax evasion, defining brokers as primarily exchanges would help on that aspect.

Why are we so focused on the symptoms and not the root cause.

"Race" is not a problem, how different "races" are treated by different "races" is. We are all different to different extents. Vive la differance. The problem is when this turns into an "us" vs "them" situation.

Essentially, I have no problem with "AI" being able to predict self-selected "race" in regards to medical images. Our differences are not only skin deep and because of that it may have an impact on proper medical treatment. It only becomes a problem if it results in improper medical treatment, even worse if because "race" doesn't deserve proper medical treatment in somebody's opinion or tradition or whatever horrid reason.

We, the human race, really need to grow up. That includes me, I am sure I suffer some of the same faults to some degree.

Poison the well - so to speak

It seems to me the situation has reached the point where nothing you do can effectively prevent the slurpage. I was thinking that instead of trying to resist, try to obscure. Rather than giving up, give freely and give often. Try to become the 26, 30, 52, 40, 80, and 77 year old male and female white, black, blue, purple, and green unemployed self-sufficient retired woodworker, buggy whip maker, designer, theologian, CEO, capitalist, volunteer that follows .... you get the idea, I hope. You become everything and nothing. Your advertising profile becomes both distinctly identifiable yet anonymous. In effect, poison the well from which advertisers drink.

More to the Story?

My gut instinct tells me there has to be something more to the story. The gist of the comments seem to agree that blowing up over housekeeping submits is not right. The clue is the KPI reference and mention of a 996 work culture. One possibility I can think of is that submits from the huawei domain upon analysis have become mostly small numerous comment corrections or the like unnecessarily broken up into smaller submits but spread out over time so as to be less noticeable but produce high counts for KPI. Inefficiency at it's finest driven by phbs. Each submit may require a minimum time for administrativa be it one typo fix or all.

People don't see the need

Ransomware is the cybercrime du jour. FIDO does not solve that problem. The problem FIDO does solve is not scary enough for people to want take the effort to use it. This applies across the scale at the individual and enterprise levels. For the implementors, SMS is king. In the US banking industry, SMS is good enough for regulators so banks generally offer only SMS as 2-factor whilst it is required by many banks. Other industries use the banking industry as their comparison with most seeing themselves as not needing more security than a bank. The threat landscape would have to change for those viewpoints to change.

Smoke and mirrors

[24/7, it's claimed, maliciously disrupted LivePerson technology on the websites of customers, misrepresented data related to LivePerson's technology, services, and system performance to promote its own competing service, and "[injected] spyware into LivePerson’s databases, through unauthorized use of LivePerson’s copyrighted code, in order to gather information regarding the operation of LivePerson technology—presumably to reverse engineer LivePerson’s technology."

"Once 24/7’s live-interaction software has been installed on a website that also contains LivePerson’s technology, it appears that 24/7 improperly injects 'spyware' into LivePerson’s systems," the complaint states. "24/7’s spyware appears expressly designed to capture confidential and proprietary information and data regarding LivePerson’s technology and client relationships."]

I have my doubts that LivePerson's databases were breached as claimed. The unauthorized use of LivePerson's copyrighted code is also questionable but plausible. "Presumably to" weasel words alert! And "reverse engineer" is a valid legal means of deriving trade secrets, but should have been covered in the agreement specifically. It can also be hard to prove reverse engineering as a defense if one has access to said secrets. "Appears" twice mentioned in claims is also a weasel word.

I think most of the implementation was using javascript. Javascript which runs in the web browser in the context of the website but hosted by other servers. Something called cross-site scripting which used to be considered a security issue. Web browsers have little to no sandboxing of javascript coming from the site's domain or other domains referenced from the site's domain. It is trivial to mess with javascript in a browser session when your javascript is executing in the same session. If LivePerson's trade secrets are represented by this javascript then there is essentially no protection of the trade secret. While the javascript itself may be protected by copyright the methods it embodies are not. Patent protection is better suited for that situation. Trade secrets rely upon confidentiality agreements prior to revealing them. But if the trade secret is being revealed to any web browser visiting the clients' sites, then confidentiality is questionable.

I know precedents in other cases went the other way for trade secrets in similar circumstances. I wonder if the court understood the technology well enough to make the decision. Or, did LivePerson's lawyers put on a good show while 24/7's dropped the ball.

Good, but more

In a statement, Congressman Morelle said: "For too long, large corporations have hindered the progress of small business owners and everyday Americans by preventing them from the right to repair their own equipment.

"This common-sense legislation will help make technology repairs more accessible and affordable for items from cell phones to laptops to farm equipment, finally giving individuals the autonomy they deserve."

I support the effort, being a Mr. Fixit myself. A couple of points need to be made on the statements. They are not preventing us they are taking away from us. Thus, they will not be giving autonomy, but returning it.

In some categories, the access to parts just may not happen. Tools are available and reverse engineering provides the knowledge. But if a manufacturer never repairs themselves and only provides a replacement under warranty, then there may be no spare parts available, they may not have affordable tools to offer. The economics of simply not repairing but replacing under warranty may be more than offset by the profits of continual replacement of "disposable" out of warranty kit.

I think the effort needs to be more about discouraging making/designing more and more products to be disposable. This includes things that generally get recycled like cars, trucks, heavy equipment, farm equipment. It's not just about keeping things out of landfills, but also keeping more money in the wallets of the working class.

Claiming trademark infringement

The fine point is Oracle claiming trademark infringement. First thought of solution would be to strip all the badges before resale. Except, what about the software bits? Software also enjoys copyright protections which could be leveraged to protect removal of trademark badges. If you think about it both hardware and more recently, and to a lesser extent, software can be protected by patents and do not forget about design patent. Patents could be leveraged also to protect removal of trademark badges. So the argument could be that the trademark badges are an integral part of the kit thanks to the software copyrights, design patents, software patents, and hardware patents. Therefore all that has to be won is the claim that the trademarks cannot be sold/resold in markets not allowed by the trademark IP holder.

Brilliant! I should patent that legal manoeuver.

Neat

Now all they have to do is command the rover in a particular path. Then command the aircraft to view the tracks. The pattern should read "Hello World".

Vogons may have something to say about that

"Moreover, the reduction of gravitational force — and the absence of building regulations — in space would also facilitate the use of the new origami technology," Adriaenssens opined."

I expect they would be visited by a Vogon code enforcement officer. Oh the paperwork required. Origami without a permit, Building without a permit, Inflating without a permit ... So much poetry, so little time.

This is all just privacy theatre

A serious statement and policy on privacy would be "No Tracking, Period." Anything less is just there for show. Make the market believe we cherish privacy. Strike a compromise between diminishing the revenue stream of customers and the revenue stream of advertisers. Just because the revenue streams are tapped differently, doesn't mean they are not doing it.

And such is my opinion.

I guess sometime during the era of Win7, laptop manufacturers decided Function keys (i.e. F1 through F12) which had also previously taken on randomized secondary functions such as WiFi toggle, brightness, "media" control, cupholder deployment, and more; that long traditional F# functions should be secondary instead. I found this out a few years ago after having been off the MS cartel merry-go-round for a half decade. I was required to utilized spreadsheet Mark X (or was it March 10th 1900?) on nearly out of support Win7 laptops. I was attempting to use F2 to edit the contents of a cell since this had worked back in the days preceeding the existence of F11 and F12. The primary function of that key is now to dim the brightness on nearly all of those laptops. I am gradually rectifying the situation by rebooting, entering BIOS Setup, and changing the default back to the traditional behaviour. Nobody else has even noticed the changes.

Copyright is not

Copyright is not about making money on on Intellectual Property, in spite of what so many greedy highly profitable organizations peddling copyrighted work would have you believe.

Copyright grants the IP creator exclusive right to each and every copy of their IP work with a few specifically excluded fair use exceptions. The intent was to allow creative types to earn a living. Benefit to the public was creative works which may not be if the creator had to do something else to earn a living.

There is no requirement that a copy of copyrighted work be compensated monetarily. Lack of monetary compensation does not turn a copyrighted work into public domain.

Creative Commons licenses are for copyrighted works. In fact, CC licenses are not worth a damn without copyright. If Elsevier has in fact sold a copy of a CC non-comercial licenses work, they have committed a copyright violation. The seriousness of that violation is just as much as any violation they may claim somebody else has made by copying a copyrighted work licensed for monetary compensation.

Sci-Hub is acting like a Robin Hood, questionable means for a noble goal. Legally, wrong. Esevier is also using questionable means for a um..., goal. Potentially, legally wrong or just wrong. Two wrongs do not make a right, three lefts do.

Waters are muddier now

Believe it or not, my career experience here in the US is that independently produced IP is yours. An employer can object on competitive grounds. Granted my sampling may not represent the whole.

A few of my jobs were paid hourly, so "on company time" was clear cut. If I was not being paid for the time it was mine and so was any work or creation during that time unless I used employer's resources.

I worked salaried jobs as well. Most of it was not work from home. "On company time" was scheduled work hours even if an irregular schedule.

I did have some work from home or hotel or client site or on vacation (holiday). I only did work on vacation because I overlooked completing a report prior to leaving (I was in a hurry), had to VPN in to crunch a few numbers and generate the report. "On company time" becomes a bit less clear cut when you can work from anywhere at almost anytime and are salaried.

My current job is hourly and only a very small part of it can be work from home and only if I bring company equipment home to do it since I "don't do Windows". I have only done that once for 1/2 hour for my own convenience.

With the major shift towards WFH, another of the factors helping to determine what belongs to whom is going away.

I have tools I have created on my own time, using my own resources, some while salaried. I even used some for the job. Some are software tools, some are tangible tools. I see no difference, they are mine. I have never had something so substantial as to have an employer want to market it to their customers.

Even under the US career environment I have experienced, I think the forensic software would belong to the employer after hearing the overall circumstances.

Good joke

"private linkedin account" hilarious, ROTFLMAO! Oh, wait he was being serious wasn't he?

Time to further excise the Google tumor

I have used Google services for a very long time. I have some backup plans, but I need to do better. I have been weening myself from full Google domination, but some things are hard to replace. I have to look into a Google Voice replacement (a call forwarding, voicemail, and SMS service). I have a grandfathered Google G-suite free level with a domain for my family including email hosting. I have paid android apps I use for work. It was so easy to get entangled, but when I started gmail was invite and I have over a decade (sheesh, maybe two) of email use and hundreds of sites and entities where I have to change email addresses. I have already taken some steps but have to coodorinate some and get the prerequisites correct. I keep chipping away though.

I can code (program)

I do not consider myself a developer, nor a coder, but a programmer. I will use a library if I know what it does inside, outside, topside...every side in every conceivable case I can muster. I will test it thoroughly as I test my own code. I am costly in both time and money, but strive to produce as correct code as I can; aka quality.

Many, many years ago, I was contacted to produce a payroll system for a company which had expanded from a single tax jurisdiction to multiple. They wanted the thing done in a month, they could not wait. I replied I would require no less than three months with one or two contingency until I could analyse the requirements. I did not get the job. Fast forward five years and I found out the "coder" the hire instead of me had delivered in two months instead of the agreed one. And, they were still working out bugs and had dozens of work arounds to process payroll including pre- and post- processing with a spreadsheet. They are now out of business.

The problem is unwillingness to pay for suitable quality. This goes far beyond software in IT. IT security is afflicted. It also does not help that the current trend of software is change for change sake and the abominations we are seeing is horrendous. There are losses due to abandonment of well reasoned user interface elements. How much time(money) is wasted when a form rejects input on submit when the input is formatted had been formatted in common form and only instructing the user of the expected form after the fact? Not really a rhetorical question, I just do not have the resources to make that determination. I can write a routine to transform input in common forms to the desired form for processing, I do not consider it to be time consuming or challenging. There are so many examples of poor programming, I could write an encyclopedia on the topic.

I agree training more developers is not the fix. The problem is deeper and requires a more complicated mitigation and is not likely to be accepted by those who make the decisions.