Posts by Hawkeye Pierce 121 publicly visible posts • joined 30 Jun 2015
Came here to say the same thing - in response to the brief discussion about direct traffic. RSS for the win! But sadly it appears to be less and less visible (or indeed being remove) on more and more sites.
But if you have a site which publishes articles (whether a news site, or a blog,or a newsletter) and it doesn't offer an RSS feed, I'm unlikely to revisit.
In summary:
1. Lawyers typed some search request into a website
2. Website came back with some "results"
3. Lawyers took said results verbatim without checking anything
Their major failing was at step 3 and how that step was arrived at (whether AI or a *cough* reputable search engine) is pretty much irrelevant to their failing.
I agree with the above comments. Having been involved in some quite big corporate system developments, all too often companies state their requirements based on what they do. Which leads to the inability to use any off-the-shelf software as-is because it doesn't do things exactly how the company has always done things.
The answer should be to challenge how things have been done and consider whether it would be prudent to change how things are done to how the software wants things to be done. Some people will claim heresy at this point but the reality is that the bespoke development (including customisation/ehnahcement of off the shelf packages) is typically many times more complex than initially thought (often because the people who are in charge of using the system are not skilled/experienced in explaining and detailing the requirements and further more, you're left with a highly customised package, more or less beholden to continuing to use whoever the developers were who did the modifications because only they understand it, and all leading to a cost hugely more over the lifetime of the software than simply using the software off the shelf and changing one's practices accordingly.
Bespoke software is costly - from requirements capture to ongoing support. Off-the-shelf software is cheaper in the short-term and the long-term with lower maintenance & support costs and the possibility of upgrades over time.
For what should be relatively standard processes such as HR & Finance, organisations should really consider whether they have to have custom software or whether they should change their practices to conform to the software.
Of course the real failure here was on the part of the writers of the malware who, having infected 3CX software, failed to register their malware with Virus Total. If they had followed that procedure then 3CX could have easily confirmed that their software was indeed malware-infested and...
... oh wait, hang on....
>>Read the detail of the proposal again. We're talking here about a pretty narrow set of circumstances that no court of law would ever consider to cover what you're talking about.
I'm unclear from what you say as to why you seem to imply that Steve down the road has nothing to worry about. If Steve has opened an online forum then he is absolutely 100% within the scope of the legislation. And to parrot your statement, go read the legislation and it's very clear in taht regard.
Whether he may find himself in court will then be wholly dependent on what takes place in that forum. Yes, if it's all about wrongdoings of government then he's probably going to be OK. But if other matters start to be discussed, he might not sleep so well at night.
Re the supposed Fauci "lie".
I will bet my house that most people who claim he "lied" are basing this on a few-second video clip that is prevalent on... oh yes, Twitter.
I saw that clip. And I thought to myself,"that's a bit odd". And I questioned whether it might have been taken out-ot-context. I questioned whether it might have in fact been doctored (because... you know... that can happen).
So I did what any sensible, logical person would do who wants to ascertain facts.I found the transcript of the interview. Took me all of perhaps two seconds, but to save people time: https://www.msnbc.com/transcripts/transcript-all-chris-hayes-5-17-21-n1267740
And you know what? OMG he did say that!!!!
But you know what he also said in that interview? Try these quotes:
- "Breakthrough infections mean, you have been vaccinated, but you still get infected."
- "...even if you do get a breakthrough infection, when you`re vaccinated, the chances of you are transmitting it to someone else is exceedingly low."
So you know what? If he is "a liar" he's a shockingly bad one as he admitted a few seconds earlier in that same interview that, *shock horror*, you can still get infected after being vaccinated.
Was it a poor choice of words he used? Possibly. Is that quote out of context? Somewhat. Could he have been clearer? Yes.
But to call him a liar is simply ludicrous.
You use the word "haters" but I don't see any justification for the use of that word. Lots of people here are "critics" of Musk and in my opinion that's a fair stance to take.
Those that are critical of him are typically basing their opinions not on the last 2 seconds or even on just his post-buyout actions but on many years of his behaviour, comments and conduct.
In my opinion, he's a very unpleasant person. I certainly don't hate him but I will certainly criticise numerous of his activities with - again, in my opinion, but it would seem with agreement of many others - very good evidence to support me.
Brute forcing is most certainly an issue in either of your two solutions. As others have said, if you're locking the account, you've introduced an avenue for a denial of service attack and run the risk of losing all your users because they can't log in. If you do it on a backing-off approach (your second solution) then all I need to do is to cycle through my 000's of potential usernames and by the time I get back to the first, I've spent 5 seconds.
If you take into account the IP address before blocking/locking, you're not defending against botnets.
If you don't use (or enforce) long complex passwords, you're open to cracking. Salting passwords is no great defence if you suffer a breach and enough people have short passwords.
So yes, use of extra long complex passwords does indeed massively improve security. I can pretty much guarantee that my 30-char password is safe providing that the site implements what should be consider basic security even in the event of their database getting breached. I could not say the same to any degree of certainty if my password was say 8 characters no matter how complex it was.
>> "... conflating natural human beings... with business... corporations are... not natural persons"
In law - on both sides of the pond - a corporation/company is indeed a legal person and as such is far from "a legal fiction". Which makes perfect sense given that people and companies can both be libelled/defamed, sued, sign contracts, etc.
Completely agree with the above. Furthermore, I'd point out the ludicrous statement from the ruling that "... the platforms argue... a corporation's unenumerated right to muzzle speech."
As you point out the First Amendment does indeed prevent a Government from muzzling an individual. But a corporation (platform) removing comment from an individual in no way "muzles" speech - said individual is perfectly entitled to take their comment and post, or speak, or otherwise publish that anywhere else they want (that will allow them).
While I accept that a major platform banning comment does remove a large proportion of the potential audience, it is ridiculous to equate that to being muzzled.
No it doesn't mean you have to use 2FA.
Basic Auth is basically (pun intended) sending the username & password with every request.
Alternatives to Basic Auth would include schemes such as OAuth whereby a tme-limited token is used once the username & password have been authenticated.
I disagree about the possible cost of an agreed settlement.
As of today, Twitter has a capitalisation of circa $33B. Musk offered $44B.
Simplistically (very simplistically), if Musk handed over $11B to Twitter, the share price would rise to the level giving a capitalisation of what he valued the company at. Any investors then have the opportunity to sell at the price he offered and consequently there would be no case for a shareholder lawsuit.
Of course, markets don't work in such precise definable ways, so it may well take more than $11B. But I'd expect something between $11B-$20B to suffice.
Not exactly small change even for Musk (although I image the cost to his ego in settling would hurt him more), but significantly cheaper than $44B.
Except as has been proven many times over, humans are **REALLY** bad at a) looking at the URL and b) determining whether it is valid.
From mobile browsers hiding the URL, to non-Western characters in the domain to make it look right, to variations on the domain name (twilio-support.com, login-twilio.com, etc.), anyone, whether company or user, relying on reading the URL for their security is going to hit trouble.
See https://www.troyhunt.com/humans-are-bad-at-urls-and-fonts-dont-matter/ for a good write-up with examples.
Define "disastrous".
If "large numbers of other code" was making regular use, one would certainly hope that those responsible for that other code had measures in place to guard against exactly this potential scenario. Or the scenario that the original author takes down their own repository. Or various other scenarios.
Because if they don't take those measures then all bets are off and frankly GitLab is only one of a number of problems you now have,
I find it hard to believe - or understand - the official explanation. The robot had just made its move and the human (child) supposedly played too quickly? What possible reason is there for the robot to grab the human's finger? Having made its move, it simply needed to retract its arm and wait to recognise the human having made their move. If anything, the human playing too quickly might conceivably make the robot not realise the human's move had been made, but certainly not to go all out into vindictive mode.
Be worried.... very worried...
These versions of Sage perform an online licence check every few days. That code doesn't (currently) support TLS 1.2 and Sage are shutting down their licence check server which supports TLS 1.0/1.1. Hence Sage won't keep running because it's got nothing to talk to to confirm the licence validity.
Whilst no-one should expect support indefinitely for a "perpetual" licence, equally no-one should expect a vendor to be able to "remotely" kill-off such a perpetual licence. It's one thing for software to not work on a new O/S, but all other things being equal, you'd expect that software to keep working on the same environment.
I can appreciate that Sage might not want to patch the software to support TLS 1.2 - that can be tricky. But patching the code to disable the licence check completely (or to ignore any failed attempt to validate the licence) should be pretty trivial to do. Sure you run the risk of the software now being pirated, but we're talking about accounting software here...
What a ridiculous statement.
No-one is saying, or expecting, that every electronic device will have a USB C connector from when this legislation kicks in until the end of time.
Right now, there's a very good case to be made for standardising. Right now, there's a very good case to be made for selecting USB C as that standard.
If - in five years time - there's something better that could be used, the EU would be quite justified in saying that from a subsequent point in time, devices should now use that as a standard.
The fact that all those USB C adaptors are now redundant is a) false - as they'll only redundant once the device they are used for are redundant and b) a far better position than not having any standard at all and everyone using a multitude of different adaptors.
I have to strongly disagree with your opening statement.
Just about any form of security hampers usability almost by definition. Security is something that gets in your way of doing something by making you prove who you are before letting you do that thing.
As such every there is ALWAYS a trade-off between security and usability and as such there is no one level of security that is appropriate for everything. It depends on your analysis of the risks and the level of inconvenience/security you deem appropriate.
Logging in to The Register to post a message could be made more secure by implementing 2FA for example. But there's a usability trade-off there is to whether that is appropriate.
I think I know where you got those numbers from, but if I'm correct, then you seriously need to review the countries you believe are in the EU! There's a lot more than "5k or fewer for other EU nationals" including 5K Spanish, 5K Romanian, 3K Greek for starters.
Amounts to around 5.4% of the total NHS staff but a greater proportion of medical staff - 8.7% of doctors.
And that's as of March 2021 by when many EU NHS workers had left. Wouldn't have said that was insignificant.
See https://commonslibrary.parliament.uk/research-briefings/cbp-7783/
What a ridiculous statement. Given that the majority of the "all-time high prices" have happened in the last two or so years, your arbitrary timeframe of having held bitcoin for four years nicely - for you - eliminates all those who bought at those prices in the last two years from your consideration.
Come back in two years time and let's see what's happened then. Not saying you wont still be right, but show me any single share price chart and I can find an arbitrary but retrospectively-looking statement of how you couldn't fail to have lost money - if only along the lines of "buy in [insert-random-month-here] and sell in [insert-other-random-month-here]".
Intel are being sued NOT because there was a problem ("bug", "exploit", call it what you will).
They are being sued because - allegedly - they knew there was a problem and failed to properly disclose it thus misleading various categories of people (consumers and shareholders principally).If that is true - and if they do not have a valid defence - then it's absolutely right for them to get sued. That's what the legal system is there for.
With respect, it's more probable (in terms of how the majority of accounts are taken over) that your friend had a weak password... where "weak" means a password that *someone* else has used before on *some* service and is now being used to brute force attack other services. Given that almost by definition your <my_name>@<my_isp>.com email address will be your logon name to <my_isp>'s webmail interface, a list of valid account names for <my_isp> is easily obtained and so you've got all you need, paired with a list of common/known passwords, to start a brute force attack.
>> "There might be some short term price differentials whilst the market adjusts to what ever the true value of payment processing really is for an app store item"
And therein lies the problem... there is no market because Apple prevent alternatives. If Epic were allowed their way, yes they *might* decide that whatever the price they were charging through the App Store was what they'd charge outside - and they'd retain the 30% that Apple would have taken. But they'd also be free to charge the amount less the 30%. Competing App Stores might decide to charge less than 30%.
That's what a free-market economy says would happen and that's what we can know for sure because Apple doesn't allow it.
I make no view here as to the rights or wrongs of Apple... just saying that your comment about "Pricing does not work that way" only applies where you have a (relatively) open and free market.
Came here to say more or less the same. Withouut using such colourful language, I would have some measure of respect for the first company that instead says:
"... for the inconvenience this has caused".
Using the words "any" and "might" basically says you don't believe it caused anyone any inconvenience but IF it did, then you're sorry.
It really would cost the company nothing to use the words "the" and "has" instead of those two words and it would come across at least as being a smidgeon more genuine.
No. An OS may consist of nothing more than a kernel.
The earliest computers most certainly had an operating system. But they didn't have - by any contemporary meaning - a shell or a collection of system utilities.
The "operating" word in an OS refers to the operating *of the hardware". It does not mean the operating *by the user*. An OS is the software that operates the hardware.
After all, an embedded OS may well have no shell or "system utilities".
An OS may typically contain a kernel, a shell, and other applications/utilities. But to suggest that a kernel on it's own is not an OS is just factually - historically and currently - false.
Cobblers!
My pet peeve is people talking about an OS when they don't actually mean the OS, they mean the applications running on the OS. Bash - for example - has nothing to with the OS. It's an application. I can run Bash on my Windows PC, but that doesn't make it Linux.
The OS is - or should be - the kernel, the internal nuts and bolts, with next-to-no (or even just 'no') "things that a user can run". Because things that a user can run can - practically by definition - be replaced with "other things a user can run" and if you replace one such thing with another, that would obviously *not* mean you're now running a different OS.
It's hard to benefit from something that's not been provided, ergo a feature is there to be used should you wish, and in using it, you may benefit from it.
If you frequently get an urge for fresh Italian-derived cuisine while driving your new Tesla 4XXX, then the inclusion of a built-in pizza oven is indeed something you will benefit from. If you only use your Tesla 4XXX to pop down to the corner shop once a week, then you're not really going to benefit from the extended range.
Worth reading this by an anonymous NHS respiratory consultant:
https://www.theguardian.com/world/2021/jul/19/i-work-in-an-nhs-covid-ward-and-i-feel-so-angry
To quote: "well over half of our Covid admissions have been vaccinated".
(S)He goes on to say that the people presenting are less unwell than previously... but they're still unwell enough to need to be in hospital! So yes, "go vaccines..." but it seems there is a significant proportion of people who think that vaccination==immunity let alone those who refuse to be vaccinated.
But there is next to no "economic and psychological harm" caused by making it mandatory to wear masks in certain places. In fact given how that's only likely to cause more people to either have Covid or to self-isolate, there's a case to be made that removing that requirement will actually cause more of both of those.
As to what the "right date" is, so why wasn't it last week? Cases weren't as bad then after all. The only change for the better is a relatively small uptick in the number of people being either single or double vacinated. Hmm, maybe schools finishing as well helps, to be fair. But at the moment, the situation is worsening day on day, and we have the fourth highest number of cases per head of population in the world. That doesn't sound to me like the ideal time to do away with factors which have a beneficial impact such as mask wearing,
I agree with a lot of your post, but removing the legal requirement to wear masks has absolutely nothing to do with economic reasons and everything to do with politics and popularity within a certain group of people.
As far as I know (* meaning someone will be along and correct me shortly *), The Sun were first following Caledonian Thistle's dramatic 3-1 win against Celtic in 2000, leading to their backpage headline of "Super Caley go ballistic, Celtic are atrocious".
That said, fair play to El Reg for inventiveness for continuously getting appropriate wording to fit.
Complete agree with @Graham Cobb.
An individual's medical record pretty much uniquely identifies them. If the data set is rich it can be de-anonymised. If it's not rich, it's of limited use.
Sure you if you gave me a random record plucked from millions, would I be able to identify the person it related to? No. But if you gave me a set of records of 30-year old women giving birth to a boy in central London on 9th Feb 2021 and being discharged three days later, I would lay odds on being able to identify a certain royal princess (glossing over the fact that I doubt she'd appear in NHS records...).
> So it raises very little money
Are you kidding? It raises around 10% of the total receipts to HMRC which is hardly "little money" in anyone's terms. And that will rise with the announcements in the week's Budget.
It's also completely incorrect to say "Foreign owned businesses just do not pay it". Foreign owned businesses have lots more opportunity to reduce their declared UK profit (and hence the corporation tax they pay) but many foreign owned businesses in the UK pay corporation tax. Also many British business pay zero or next to zero by the same schemes that help the likes of Starbucks - since you quote two coffee shops, try looking for Caffe Nero's tax payments (a British company). You might need a magnifying glass.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
