* Posts by DanielsLateToTheParty

19 publicly visible posts • joined 24 Feb 2016

Chrome engine devs experiment with automatic browser micropayments

DanielsLateToTheParty

Re: I see a serious issue with the idea

So from that example the way to get around a paywall is as simple as calling "sayThanks" method? It can't be that dumb. (checks specification) No there is more to it, the receiving function needs an object with an "amountSent" property, then it's all legit!

Forcing AI on developers is a bad idea that is going to happen

DanielsLateToTheParty

Re: Software Development != Coding

In a typical day I spend perhaps a few minutes typing code, and hours reading others' bad code trying to work out why mine has failed, or finding a convenient point to make alterations. Then hours more devising test cases to find out why it's still not working. Such is development.

A parallel can be seen with 3D printers. The machine is unaware of what is really happening in it's print area and just spits out hot plastic that should be a facsimile of the designer's idea. In reality mistakes happen and layers separate, or the nozzle gets clogged, or something warps because the temperature is wrong, or the base unsticks, or the stepper motors misalign, etc. The printer cannot see problems so cannot rectify them. It has no context on which to work so cannot incorporate real world elements (except for explicitly being made to stop part way so as to allow human intervention). Anecdotally users say that even after a successful job, clearing up the messes and supports and so on take as long as doing the work yourself. When 3D printing was a brand new fad people thought that they would take over the world of manufacturing, every home would have one and Star Trek replicators would become ordinary. What actually happened is they have become a niche tool which fits in some workshops for those professionals who have time and reason enough to master them. My prediction is AI will eventually go that way. When the hype dies down we'll be able to say I told you so to nobody in particular.

Europe's deepest mine to become Europe's deepest battery

DanielsLateToTheParty

Re: MW of storage?!

"What is the unit of energy?"

"Yes"

"No not watt. what"

"What?"

Techie climbed a mountain only be told not to touch the kit on top

DanielsLateToTheParty
FAIL

A successful failure?

In a previous life I worked as a waiter in a hotel which was popular amongst professional sportspeople (the hotel that is, not the job). Personally I have less than zero interest in sport but apparently they are quite superstitious people and our hotel had a reputation for hosting visiting teams. On one occasion a manager pops his head round the door and goes "Daniel I hear you know computers, come with me" and we go off to a footballer's room. Sounds shady at this point but it turned out to be benign.

The guy was Brazilian and had a routine of calling his wife each night on Skype which is kind of sweet if you don't think of it as checking up on him to make sure he is definitely alone. Now this is happening in early 2000s so internet is not ubiquitous and the guy's laptop was probably an IBM Thinkpad judging by the central nipple thing. He had plugged it into a handy ethernet socket and found no connection. I did my best to cover myself from any mistakes by explaining that every network is different and I don't know anything about this one in particular but would do my best. All I really did was open a prompt and type "ifconfig" but it looked quite unlike my home router so gave up. The footballer instead called his wife the POTS way and all was well.

The next day he met the boss's boss and explained what had happened. To the uninitiated eye anyone doing anything with a prompt looks like The Matrix and so he was very impressed. The big boss was gleaming with pride, or possibly smugness, and got to say "Yes well of course our staff are the best at everything". The compliment eventually trickled back down to my level. Sometimes just showing good intentions and a broad set of skills is enough, even if you're kind of useless.

We put salt in our tea so you don't have to

DanielsLateToTheParty

Re: Pointless if potless

Sorry to burst your bubble... but not so sorry as I'm doing it anyway. Here are exhaustive tests which show that even on 120V the kettle is still faster than the stove. https://youtu.be/_yMMTVVJI4c

The kettle inertia is just a cultural one like circumcision, Americans have been doing it so long that they can no longer tell how cruel and unnecessary it is.

DanielsLateToTheParty
Boffin

Around 25% of people are over sensitive to bitter compounds and hence don't like tea or coffee. I must be in this group because I also dislike beer and dark chocolate, although milk chocolate is good and salted caramel chocolate is heavenly.

Also roughly 25% of people are under sensitive to bitter or cannot taste it at all. Which helps explain the bizarre phenomenon of eating sprouts!

https://www.hsph.harvard.edu/nutritionsource/2016/05/31/super-tasters-non-tasters-is-it-better-to-be-average/

As TikTok surveils staff's office hours, research indicates WFH is good for planet

DanielsLateToTheParty
Boffin

Re: Good for the planet?

I'm so ready to debunk all this in the same way that I win arguments in the shower. But I also remember how arguments on the internet have diminishing returns. Please enjoy this more lighthearted take on it all, https://youtu.be/mK5TbGvvluk?si=-oyPYQeMTTLJOvrn

China's top EV battery maker announced a breakthrough, but top boffin isn't convinced

DanielsLateToTheParty
Devil

In a nearby car park are a couple of spaces with freshly painted EV spaces, and a hole where gubbins will presumably go. Already EV drivers are parking there like they own it now. It's as if one has peed electrolyte around the perimeter and claimed the territory for their pack. I'm not upset, just amused.

(Icon is of a red Tesla Roadster seen head on but at close range so it has a strong perspective effect)

Magento shopping cart attack targets critical vulnerability revealed in early 2022

DanielsLateToTheParty
Boffin

It happened to me too

Last month we took on a new client with an old Magento site. It had been infected with something very similar, instead of "xurum.com" it referenced another compromised site. Because credit cards had been exposed and fraudulent payments were reported by CC companies there had to be a PCI-DSS audit to make sure every last trace of infection was scrubbed. The problem was every time we cleaned up the offending card skimmer it would come back, sometimes right away, sometimes after several hours.

It took a lot of debugging to figure out there were two things going on; First the infection was in a database trigger so that each time an admin user logged in it was recorded in a specific database table, that triggered the trigger, that would re-inject the card skimmer. It was bloody hard to find because the database copy we took for analysis only had the plain data, not the triggers or functions. Let that be a lesson for you all!

Second the hackers would periodically return to the site, attempt to place an order as if they were a normal customer and if the expected javascript was missing they would log in with one of the four bogus admin accounts that had been set up, and add the same skimmer again but this time manually. I captured all this in logs and it was clearly practiced, the whole interaction took just 6 minutes. It's a very professional outfit and I suspect they likely contracted this step to a lesser hacking group. Modern hackers are not loners in hoodies with a taste for chaos but regular looking office workers in suits who work a 9-5.

The site was just waiting to get compromised. Not only was it using older versions of software, but it also did not add vulnerable functions like "system" and "exec" and "shell_exec" to PHP's "disable_function" setting. This setting is annoyingly left empty by the PHP Group when they should make it most secure by default. They do disable "allow_url_include" initially which is the sensible decision. Magento could also check for stuff like this on installation and put it in their .htaccess file if necessary, but they never bothered. Popular management software like cPanel do set this to protect newbies.

Future airliners will run on hydrogen, vows Airbus as it teases world-plus-dog with concept designs

DanielsLateToTheParty

Re: bio-kerosene

The advantage of biofuels is they stay within the carbon cycle (and the engine technology required is mature). The disadvantage is burning them produces particulates like soot. As I recently learnt from the news, climate change is causing weird green bumps in Siberia, whereas air pollution kills 7 million people per year. If that's the damage to humans then just try to imagine the same effect to all other life.

As Amazon pulls union-buster job ads, workers describe a 'Mad Max' atmosphere – unsafe, bullying, abusive

DanielsLateToTheParty

Re: There's a simple solution

I've chosen to boycott Amazon for a while now even though I know it cannot do any good against the millions of customers who value convenience over morality. Also I try to explain it to basically anyone who stands still long enough, it might be unpopular but I want to be able to sleep easily.

Disk stuck in the drive? Don't dilly-Dali – get IT on the case!

DanielsLateToTheParty

At my higher education I had a friend who would place a line of tealights along the top of his monitor. It was CRT, not LCD, so there was plenty of room, and they never got hot enough to do harm. Then one day he bought slightly larger ones that did get hot enough but didn't notice until they had sank right into the plastic. Only the embedded metal frame above the tube stopped their progress, with the top edges flush with the surface of the plastic. After a bit of excitement and much amusement, he shrugged and topped them up with more wax.

UK ads watchdog slaps Amazon for UX dark arts after folk bought Prime subs they didn't want

DanielsLateToTheParty

Re: My Dad got caught by this - many times

My mum got caught by this several times and is now a dab hand at the somehow-even-more-cryptic cancelling process. Then she got a call claiming that she had been signed up again, which is totally believable, but it was a scam and the fraudsters managed to gather enough information to start a payment of £3000! Luckily the bank stopped it as suspicious but it just goes to show that Amazon is confusing enough people for it to become an issue.

Either my name, my password or my soul is invalid – but which?

DanielsLateToTheParty

Re: Gave up on stupidity a while ago

"contemplating not bothering with passwords at all and just emailing the user a one-shot login code"

I too have a pending website due and this sounds ideal. Will pitch it to the client right away! Thanks for the suggestion.

Why isn't digital fixing the productivity puzzle?

DanielsLateToTheParty

Re: Our missing productivity was shifted to China

I'm a freelance programmer.

One client only comes to me occasionally, typically when his Indian outsourcers are struggling with a task. Recently he freely admitted that although I charge 3~4x as much per hour he knows that I can complete such tasks reliably and in 1/8th the time. My interpretation of this is that it pays to keep a thoroughbred in the stable, and that there is no substitute for quality. The race for lower costs has incurred hidden costs elsewhere. For example, a cheap tool is more likely to break in your hand and when it does you have to stop work and go buy another one (the throw-away society is another rant for another day) and that's lost time ergo lost productivity. You may already know this concept as false economy.

The short term solution is to ensure that common goods are produced everywhere, not just in the poorest places, and then we continue to trade for specialist goods that we don't have here. In the long term it will be necessary for the rest of the world to improve their standards which will then increase everyone's quality of life. Who knows, maybe we'll even help educate them.

Video service Binge On 'broke the internet' but 99pc of users love it

DanielsLateToTheParty

Re: Today "Binge On"...

"at least it shows that the data bandwidth is actually available"

I thought carefully and almost reached the same conclusion but what if the point was to 'incentivise' media companies to downgrade their own content to 480p so they get viewed in preference, and so reduce overall data use? If so its a genius stroke from T-Mobile. But then I remember my experience of being a T-Mobile customer and doubt they are that shrewd.

Proving that bandwidth is available and then demanding high prices because of it's scarcity is clear profiteering.

Fedora 24 is here. Go ahead – dive in

DanielsLateToTheParty

Re: Wayland worked pretty well in FC23

Same here, the answer is to change the start command in a "eclipse.desktop" file somewhere:

Exec=env SWT_GTK3=0 eclipse

Obama bigs up His Man in Havana: Google

DanielsLateToTheParty

History is written by the victor

It's telling that the fall of communism was iconified by a McDonalds in Moscow. Now there is a Wi-Fi hotspot in Havana. Has Google really become the face of capitalism? Or it's crown?

'I bet Russian hackers weren't expecting their target to suck so epically hard as this'

DanielsLateToTheParty
Boffin

Re: Almost

The story in the article is mine, it happened to me last week. As Lysenko realised there were errors generated by badly formed SQL from requests with " '; " (hundreds as mentioned in the article) but none with " '); ". Serious errors like that notify me directly rather than waiting in a forgotten log file forever.

After dealing with that and patching in a hurry, I went back and grepped for the attacking IP address and found over 65000 requests. Most seemed to be completely benign. From using pen-test tools I know that the first stage is to spider a site and that generates the most traffic. Some attacks contained PostgreSQL or MS SQL specific functions which suggests they didn't know it was a MySQL site. So it looks like a mostly automated attack from a single address in a Russian IP block.

The forensic aspect is fascinating. Kind of like CSI only real. I'd love Register to do an autopsy of a more complicated attack some time.