
Re: Covfefe
"stop tweeting at 2AM after working from 6AM the previous day"
(I think that's what actually happened, or something similar)
10507 publicly visible posts • joined 1 May 2015
think of it this way: 70% accuracy, and 30% of the tweets were deemed "untrue".
If the statistics are correct, then the 30% "untrue" on a list of 100 perfectly truthful tweets would be "about right" for an algorithm that is 70% accurate.
Just doing the maths...
(and yes, I _DID_ imply that 100% of Trump's tweets are true, just to poke the hornets' nests)
I know - let's just hold EVERYONE to the SAME standards. works for me.
So if Mrs. Clinton stays out of jail and isn't prosecuted for 'just that part', ok I'm good. Let's treat Ivanka exactly the SAME way as Mrs. Clinton gets treated. Hell, Ivanka could RUN FOR OFFICE in a couple of decades, or be SECRETARY OF STATE - why not!
Now about all of the 'hammer-smashing of devices' and not coughing up the 30,000 e-mails and pretending KNOWN classified e-mails weren't because "I did not know what ' C' meant"... (I don't think Ivanka did THAT now did she?)
so, in summary:
* use of private e-mail for non-classified yet gummint-related things: hand slap
* trying to hide everything, use private e-mail for classified things, and obstruct justice by physically destroying the evidence: lock up and throw away the key!
"I would think the odds are significantly higher that the whole computer would be stolen"
As a matter of fact...
At a used-to-company, miscreants threw a heavy object through the front window of the office building, ran in, cut cables with wire cutters, grabbed the CPU boxen, and took off with the alarm blaring.
Then they did it again 2-3 weeks later, after the company got "all new computers". [I did the majority of the work from home and therefore had plenty of backups for my stuff and related projects].
Snatch-n-grab using low tech "steal a manhole cover and throw it through the window" and "cut all of the cables with wire cutters and run with the CPU boxen" is difficult to stop, but you CAN slow them down by using these lock & cable things [which I recommended after the 2nd theft, and bought some for myself].
That being said, thieves and miscreants will ALWAYS come up with a brute force and/or low tech way of defeating the highest tech security that you can possibly think up, like chaining up an ATM machine to a stolen towtruck and yanking it out of the bank office's wall.
The best security plan is to make sure that you slow them down as much as possible so that you're no longer "an easy mark".
ECC RAM apparently slows them down.
doesn't rowhammer require really good knowledge of the kernel internals to make use of it, at least for bypassing security? You'd need to hammer permission bits, for example, to access things that are normally not accessible, and for that you'd need to know where the bits are located (etc.) as well as a good idea about the RAM architecture is set up. I'd say that ECC still (at least) makes that harder to do, though obviously NOT impossible, like the lock on your door just slows 'them' down if 'they' REALLY want to get in, but of course I'm not going to be leaving my door UNlocked any time soon...
I've been calling it "Safe Surfing" for a while. It includes things like:
a) don't use internet explorer or Edge or MS Outlook [aka virus outbreak]
b) don't be logged in with admin credentials for e-mail or web surfing
c) if possible, don't use windows to surf the web or read e-mail
d) run noscript or its equivalent
e) only (pre)view e-mail in plain text, NEVER with attachments inline
f) always save attachments to disk, then open with "the application" (not double-click) by running the application FIRST and then using 'file open', and have SCRIPTING TURNED OFF when you do it.
etc.
"Back to Web 1.0"
preferable to the bandwidth wasting script intensive bell-whistle-new-shiny market-platform track-via-ads bright blue on blinding white 2D FLATTY "shit show" we're exposed to on a daily basis.
yeah, been here a LONG time. You can make things look good without cat video ads playing in every corner of the page.
"problem is most sites which "rely on JS", use it for functionality that could be achieved without JS"
The WORST ones send back an error from nginx - some CDN out there uses javascript to load their pages, and when the load/redirect (via script) fails, you see that 'FORBIDDEN' error from nginx.
It's a filter that KEEPS ME FROM USING THAT WEB SITE. I'll go elsewhere, and flame them every chance I can, for doing that. [if it's a web site rental, I'll ask the owner nicely to use a different service provider, with a nice easily understood explanation as to why]
/me considers a javascript in some of my pages that loads the "you are an idiot" flash, infinite instances of it. So if script is OFF, you are fine. If you enable it, "you are an idiot, ha ha-ha ha ha ha ha ha ha ha haaa!" with a rapidly growing number of instances filling your screen. It'd also be an 'idiot detector' for people who still have flash player enabled.
actually, I run noscript, ONLY allow a very small number of domains, and if a web site is persistent and for some reason I _must_ use it, I do the following:
su - differentuser
export DISPLAY=localhost:0.0
firefox &
then the firefox settings for 'differentuser' are:
a) dump all history on exit
b) allow script anyway
c) don't keep login information in the browser's settings either
then paste the URL into the "other user" browser, and run as usual. expect longer delays [loading all of that scripty crap and no cache]. When done, exit the browser, kinda like flushing the toilet when you're done with "whatever".
(NOTE: you'll need to allow TCP for X11 and NOT be running windows for this to work; windows may alternately let you use 'run as user' with firefox for a similar effect, but I haven't tried it, and I always recommend to NOT run a web browser and surf the web in windows, ESPECIALLY not a user with admin privs)
secondary point: to allow TCP on an X server these days, you may need to set up your system for "multi-user" (i.e. don't boot into the GUI 'gdm' etc. and use 'startx') and have a '~/.xserverrc' file that looks like this:
exec Xorg -listen tcp
then make sure you block port 6000 at the firewall, so nobody else tries to connect to you. Also will need to execute "xhost +localhost" so that the 'export DISPLAY=' trick will work
submarine positions are classified, including where they've been. makes it hard to transfer it to sea charts that have public access.
what makes more sense are robot subs like the ones that found Titanic.
Also worth mentioning: as you go deeper, and pressure increases, that also affects the speed of sound in water. So submerged sonar nearly always travels in a curve... and the sonar scanning result COULD be 'ghosts' like old-style TV antennas often got.
When you're submerged in deep water, surface sonar pings sound like you're inside of a giant cave. It'd actually be pretty awesome for recording music with how 'large' it sounds. Yeah I'd heard a few of them in my day... [and what's funny, if I whistle 'like that' with my eyes closed in a room that echoes well, it's like I can 'feel' where the walls are - the human brain can process it]
"Attacks like this just would not work, if the macros were sandboxed DISABLED properly."
Fixed it for ya.
Also, gummints should just STOP using Micro-shaft office stuff. Just stop. A 'hardened' version of Libre Office, blessed and maintained by the nation's intelligence and security agencies, would be an ideal replacement.
And "click to open" from an e-mail? How about PLAIN TEXT ONLY on e-mails, and no auto-view inline attachments, either. And mail servers AUTO-STRIPPING attachments that can be executed from ALL e-mails going into their department's e-mail server.
(or maybe they're already doing that and the attack ain't so "Fancy"... ?)
Being hit by 20-year-old exploits like WORD MACROS would be an EMBARASSMENT.
they'd still have a burden of proof [most likely] that "the boss" either ordered his employees to disobey the law, or made a policy of it (etc.) so they can't feign ignorance. Hopefully it works well enough to make nuisance-calling disappear. Here in the USA we need something *VERY* *SIMILAR*.
Downside: many of those responsible for violating the USA's "do not call" list use subterfuge and overseas lines to hide who they are until they "make that sale". Robo-dialers are illegal (except for politicians, don't get me started on THAT one) and yet I still get obvious robo-dialed calls when I'm on the do not call list [they talk over the answering machine message].
It's bad enough (especially during election seasons) that I have turned off the ringer, and just let the answering machine answer. If it's important, I'll return the call (or pick up during the message).
But that BREAKS the idea of having a telephone, doesn't it?
It's as bad as... as... as having an OPERATING SYSTEM SHOVE ADS IN YOUR FACE. /me self-slaps for bringing THAT one up...
"nobody's going to switch to Linux because of this."
Well, with the steady 'drip drip drip' and "froggy in a pot coming to a boil" analogies, there will be a breaking point eventually. Just not now, apparently.
Micro-shaft is simply acting like the MONOPOLY they are. Time for some trust-busting, I say. We'll start with their patent portfolio and licensing practices for new hardware vendors [what I perceive as the 2 major roadblocks to getting a proper windows competitor going].
For starters, ANY OS maker that wants to allow windows applications to install and run, when MS's EULA's *PREVENT* you from doing so legally, has "that" as an automatic roadblock. MS would be able to legally disable functionality or perform poorly ON PURPOSE, "fail to run under Wine", things like that. And refusing to license windows [at reasonable prices] for computer makers that pre-install Linux (or 'dumping' such licenses at unreasonably low prices in special "deals" for computer makers that do NOT have Linux pre-installed, same thing I'd say) is a PREDATORY PRACTICE (identified back in 2006, not sure if they can still get away with this or not). This archived article discusses that, lest we forget.
So the problem is less about Linux, and MORE about "predatory practices" by Micro-shaft, that STIFLE Linux being a major factor in desktop operating systems.
I'm not a fan of heavy-handed gummint action, SPECIFICALLY when it's obvious that gummint LACKS anything resembling "a clue".
That's ALSO because gummint mandates only apply to 'today' and 'politics of the day'. Tomorrow, something may change that completely invalidates "all of that" and we're stuck with some gummint mandate that doesn't go away as quickly as it was applied to the citizens' lives.
A better standard would be LIABILITY. Simply pass laws (and clarify existing ones) that make manufacturers LIABLE for being sued over inadequate security, and let the lawyers and courts decide how that goes.
And in this latter case, you'll see a SCRAMBLE by vendors to make the claim that THEIR system is the MOST secure, with frequent updates and 'disabled by default' and everything ELSE you might want to see, and THEN some, out of FEAR of getting a bunch of fat lawsuits that they're inclined to LOSE.
when people start yawning about the tail-landing re-usable 1st stage boosters for Falcon rockets, that's when "the disaster" happens, like a Murphy's Law. Just sayin'...
I hope things NEVER become "that complacent" again, or at least not until it becomes like everyday scheduled taking off and landing at an airport with your favorite airline.
Until then, anyway, GREAT news about re-usability and tail-landing rockets. Another beer for SpaceX!
To the tune of the "Car 54 where are you" theme...
*ahem*
There's a network bottleneck
Routers blinking all those lights
Network traffic jams are forming
Backup data not in sight
Users screaming like a child
Workload forms a monstrous pile...
Office 364 where are you???
From the article...
"according to Microsoft, is 'we want everything to be exactly as you left it before you did the update'."
see icon. Also from the article, the title: "Insert your own file deletion joke here"
Settings too??? how about the 'start thing' if I went and took the mousie-clickie time to REMOVE all of those @#$%'ing TILES for [CR]apps I'll NEVAR use? Will that "stay gone" or can I expect them "they're BAA-AAACK" to just 're-appear' because, Micro-shaft?
I'll believe it when I see it. But I probably won't. I only use Win-10-nic to test application compatibility, in a VM, and have no plans on allowing it to update itself. And since it's a VM I did an "export" on everything to a backup once I had it set up semi-sane [best I could do with Win-10-nic] to minimize the irritations... (and I do *NOT* *EVAR* want to see those irritations *AGAIN* !!!)
"The Chief Information Officer earns $246,821; and the VP earns $263,972"
well, $250k-ish for a CEO or VP is kinda small, actually, compared to the rest of the industries out there. It has to do with what kinds of decisions that someone in this position can make, and how much they can benefit [or harm] the organization. You get what you pay for.
Seriously, though, complaining about that just sounds like 'wage envy'.
"stealing from a charity, particularly one involving children, is just perverse."
more accurately, those who give to what appears to be a legit and reputable charity. People who give money to charity are therefore being perceived as "marks" for exploitation and fraud, in this case higher electricity bills in order to fund some miscreant's bitcoin wallet.
icon - using it anyway, even if it's just for some lame attempt at comedy
No, I don't think the Make a Wish server operators are feckless scumbags. Most likely it's just some poor schlub either volunteering or maybe it was made by a consultant years ago and nobody is really maintaining it properly [until NOW, that is]. Or maybe their staff IT guy is underpaid and you get what you pay for.
I would think that a charity would be more focused on, er, the charity part. SOME charities that have a huge overhead of administration might have NO excuse, but according to one web site, 'Make a Wish' gives out around 75% to 'actual charity' with about 10% in administration and 15% in fund raising (my numbers are rounded, yeah). So I'm guessing that a *bit* more needed to be put into IT but those are the approximated numbers, so there ya go.
So yeah 'benefit of the doubt' until some audit/investigation proves otherwise.
icon, because it fits
"I always thought they were run of the mill script kiddies"
I was about to say something like that, too. what makes them 'script kiddies' is (from what I got from the article) how it started [apparently] with a 17 year old using "toolz" on his "p00ter" to check for SQL injection vulnerabilities. And when he found them, he (apparently) did some thieving and BRAGGED! ABOUT! IT! to others, some of whom were also arrested and convicted [hence the sentencing].
that's kinda what the definition of "script kiddie" is, using things written by others like any miscreant would, in essence having NO real knowledge of computers, or networks, or security, but having those "toolz" so he can look like a 1337 h4x0r to his script-kiddie buddies and online "friends".
REAL hackers, of course, get jobs as engineers, and in IT (and often become security experts). Or they do the 'mad science' thing and invent stuff, work on kernels and device drivers and really cool features in commercial software, because real hackers are curious, inventive, think outside of the box, and typically find unique creative solutions to problems that others would just wheel-spin trying to solve.
"WP is quite a respectable newspaper"
You HAVE read the thing, or at least heard people quote articles from it, right?
"WP is quite a respectable newspaper"
I'll accept that at face value. It _IS_ printed on dead trees, made available online, and sold at news outlets of various kinds. What they print in it, however, isn't usually something I want to read.
Does their web site even work if you have 'noscript' running? my guess is NO.
"So I don't bother trying to read it."
The BEST plan of all. It _IS_ the "Washington {BLEEP}" after all...
/me points out that G. Gordon Liddy, on his radio show, had a segment called 'review and comment on the news', in which he'd read parts of specific articles and comment on them. The Washington Post, because of their Watergate reporting back in the day, was always referred to as the "Washington {Bleep}", usually with a censorship 'bleep' tone at the appropriate moment when he spoke it's name. Another local radio guy calls it the "Washington COMPost". In any case, I have a low opinion of their 'journalism' although, on occasion, they're like that proverbial broken clock that's right twice a day.
Oh, and don't hold your breath for ANY GDPR support from any media outlets in the USA, unless they have something going on in EU or UK that can somehow take the heat for NOT supporting it. Most likely they'll thumb noses and continue to track you for ad purposes, as always.
"let's actually use the cores we have!"
Well X11 is client/server and you'll see more threading because of it. And the OS has kernel threads that try to make use of multiple cores for IO and other things (well Linux and BSD, anyway, dunno windows probably does too).
But yeah multi-thread algorithms are still a bit behind the hardware tech last I looked, except for things that are trivially threaded. Some time ago I did a threaded quick sort as a demo, and a more practical discrete Fourier transform with threads [which is somewhat trivially threaded]. Where I get the most benefit is from a build, which I always try to invoke with jobs 'make -j' set to twice the number of available cores.
/me does not even know if Microsoft's compiler can do that, simultaneous jobs to build things. BSD make and GNU make have been able to do that for at least a decade...
ALUs are supposed to be efficient, so they do things efficiently [and if that means a lookup table, sure, whatever works].
shoehorning a "programming language" into doing something because you can, maybe something for bragging rights in an online forum, but no REAL WORLD usefulness. I can't imagine the bandwidth requirement for downloading such an abomination... and I doubt it's pure HTML, it would probably have at least SOME javascript in it [that doesn't make it any better, probably makes it WORSE]
in any case, I'm sure YAML is similarly "unfit for purpose" and shouldn't be called "popular" nor "a programming language".
Well the last 10+ years of software development has gone the way of "the bandwagon" so it's no surprise that something like *THIS* has become "the new bandwagon"
Meanwhile, REAL development is done on REAL operating systems with REAL tools using REAL languages and no "bandwagon". See TIOBE index which has been very accurate for a very, very long time.
/me points out that Micro-shaft tries to get everyone on THEIR bandwagon every couple of years, and then re-invents it into something else "new, shiny" and apparently abandons devs in their wake...
I can think of a bunch of stuff - windows scripting host, ".Not", C-pound, ActiveX, Silverlight, WinRT, UWP, yotta yotta yotta moving targets all. VB was *especially* a 'moving target' from 1.0. And when nobody (but a few) jumps on the bandwagon, they move on to "yet another new, shiny" over, and over, and over, and over, and over. "Here's the new version / replacement technology, get hot patching your stuff to use it, more work for YOU, no backward compatibility, you're welcome, 'new, shiny'"
I'd put YAML in the same category as all of THAT. *NOT* using it, adopting it, or even making it an option. I don't like JSON either. XML is tolerable, if it's not over-complicated [like the standard makes it - CDATA? Really?].
Microsoft has NOTHING to explain. They are Microsoft. They are a monopoly, there's noplace else you can go, there's nobody else available, it's ONLY them, you HAVE to accept it, and they don't care about YOU.
Microsoft don't have to explain NUTTIN to NOBODEEZ. Once you're assimilated, you'll understand...
[at least, that's the perception]
"the guys that were giving their passwords to scammers/spammers"
Now everyone's giving those passwords to microsoft, google, amazon, ... "Microsoft Logon" anyone?
If the cloud were a batch process to backup to it, rather than an ongoing bandwidth-intensive "required to do work" constant access, it would make sense. Cloudy "applications" are not just overrated, they're THE PROBLEM.
"Because on-prem stuff never breaks, floods, gets stolen, overheats or loses power?"
Well said! You deserve a beer. And a topic. I hope you like it.
(I hope you weren't being snarky - which you probably were - but I assume that, on average, the likelihood of any of those things actually happening is pretty low compared to cloudy outages)
"Similarly sized Windows updates seem to require hours - literally - of disk grinding. Why?"
A lack of PROPER write cacheing is probably a big part of it. Linux has an efficient journaling file system AND supports some pretty aggressive write cacheing, especially when you compare it to what Micro-shaft does [what I call 'paranoid' cacheing].
Second would be "the Registry" in general. What started out as a simple replacement for INI files [which it was better than, mostly] turned into "that" over a period of years, once OLE and "all of those embeddable things you will never use" and then ".Not" happened.
EVERYTHING I have seen in EVERY windows version that supports "the Registry" tells me that it's "paranoid cached" to the maximum possible extent; that is, it seems to physically RE-READ everything, even if no changes have been made, and appears to do a physical disk write EVERY TIME you change ANYTHING, even the most trivial thing. I could easily be wrong about that, having NOT seen the internals of it, but performance measurements SUGGEST that I am RIGHT about it.
If the registry were treated by the kernel like a transaction-based system, this wouldn't be a problem. it would act like EVERY RELATIONAL DATABASE does when you have simultaneous queries and updates. This kind of tech has been around a long time and MS has their OWN relational database to use as a clue on how to implement something like that.
But, NOOoooo... "the Registry" CONTINUES to be a road block for performance, BOTH READ AND WRITE performance, making application loading take longer, and making INSTALLS and UPDATES take longer, too.
</rant>
apparently, a kibble balance can be used to measure Planck's constant.
https://en.wikipedia.org/wiki/Kibble_balance
Also I'd think it would require a VERY accurate definition of 'Ampere'.
And if any two SI standards are recursively/mutually dependent (because of measurement techniques, etc.), could a converging solution be used to make them as accurate as possible?
(I'd really hate for our measurement standards to end up as one big Catch 22 or chicken/egg paradox)
how about we just fine them instead? then the CEO gets fired over it, when the board members get sick and tired of losing money.
It's a fair bet that "the fix" will eventually become public knowledge, so that ALL of us can apply 'the fix', not just EU members.
And THAT is what they (Micro-shaft, etc.) fear.