* Posts by Orv

1307 posts • joined 13 Aug 2007

Page:

To CAPTCHA or not to CAPTCHA? Gartner analyst says OK — but don’t be robotic about it

Orv

Re: Street signs

For that matter, fire hydrants actually vary radically in different parts of the US. They're pretty standardized in the northern part of the country -- there they have to be dry until the valve is opened, or they'd freeze, and that constrains the design. But in the southern part of the US they come in all kinds of mutant shapes. They come in different colors, too. Sometimes the colors designate the flow rate.

Orv

Re: Street signs

Yeah! And do pedestrian signals count as traffic lights? I'm never sure.

Exam-monitoring biz Proctorio tried to silence a critic using copyright law. Now EFF sues to put an end to this tactic

Orv

Re: Proctorio is trash

Universities are sort of panicking about the levels of cheating going on in remote classes during the pandemic. I can't share figures but it's pretty shocking. They're worried about damage to their institutional reputations if word gets out. Software like this isn't the answer, though. There may not be one other than making students take all exams in person.

Android, iOS beam telemetry to Google, Apple even when you tell them not to – study

Orv

Re: Find my?

I hope they were careful enough to get a device retail instead of via their employer. Many companies and universities have automatic device enrollment set up when they purchase stuff from Apple, so those devices are going to start phoning home immediately.

Orv

Re: This

I suspect they're collecting MACs to allow for the phone to get location data when it can't receive any GPS satellites. Google has been doing this for years -- their initial database came from wardriving, but now they just update it from people's phones as they move around. Sometimes if your GPS signal is weak you can see your position jump abruptly as you move out of one WiFi network's range and into another's.

Orv

Re: Linux phone... here I come...

And that all happens inside a binary blob, so unless someone develops an open-source GSM modem chipset you may still be in trouble.

OVH data centre destroyed by fire in Strasbourg – all services unavailable

Orv

Re: Who knew data centres were tinder boxes?

My guess is people saw it as discrimination against someone with a disability. (People with heart conditions need to hold down jobs too.)

Orv

In both cases your biggest problem is going to be the foam cushions. I've heard them described as "gasoline in solid form." They go up really fast and burn fiercely, in no small measure because they already have air mixed with the fuel.

Footfallcam kerfuffle: Firm apologises, promises to fix product after viral Twitter thread, infoseccer backlash

Orv

Re: I like the Raspberry Pi

To the extent that it's true, I think it's because companies small enough to use a Pi instead of their own bespoke hardware are probably too small and inexperienced to have good security testing.

Phishing awareness gone wrong: Facebook tries to seize websites set up for staff security training

Orv

Re: Proofpoint are doing it wrong

Then Proofpoint has to get involved in how the organization's DNS is run. This way they can get a contract to do testing without ever having to deal with on-site IT.

Orv

Re: Differences in law?

The same is true in the US, but deciding what is or isn't in the same class can be pretty hazy. Facebook may feel that since these are both websites, that's close enough.

ICANN also has its own rules about trademarks and domain names.

Orv

Re: Clickable links

And half the time those links don't even go straight to the bank's site, they go to some marketing company's redirect first.

Supermicro spy chips, the sequel: It really, really happened, and with bad BIOS and more, insists Bloomberg

Orv

Re: Not a backdoor

The usual practice in air-gapped networks is to use physical media to transfer updates. Of course this has to be carefully done to make sure no malware comes along for the ride.

Orv

They could be trying to avoid the Streisand Effect.

Orv

It depends on how careful your filtering is. There are lots of side channels that are commonly allowed by firewalls that can be used to exfiltrate data. ICMP can be used to move data. Data can also be disguised as DNS lookups.

Appeals judges toss out FTC win: What Qualcomm did to its rivals was 'hypercompetitive, not anticompetitive'

Orv

Re: Biased court

They're most reversed due to being the biggest, mostly. Whether they have the highest reversal *rate* depends a lot on what terms you look at -- you could also make a case for the 3rd, 6th, or the 11th.

The 9th's reversal rate tends to get highlighted by conservatives in the US because it's perceived as the most liberal circuit -- it's their way of arguing that decisions they don't agree with are invalid.

This is node joke. Tor battles to fend off swarm of Bitcoin-stealing evil exit relays making up about 25% of outgoing capacity at its height

Orv

Re: Smaller fleas to bite 'em

If Joe Hacker is doing it, you can bet the DEA is doing it too, and keeping tabs on these transactions.

So you really didn't touch the settings at all, huh? Well, this print-out from my secret backup says otherwise

Orv

Re: May I recommend rsyslog?

syslog did support remote logging, but it was over UDP so network congestion could cause messages to be silently dropped.

Orv

Re: Looking for liquidated damages.........

A company I worked for once had to deal with that from a client that shall remain nameless. It seems the client had hired a number of contract engineers for the project, engineers that knew their paychecks would stop coming as soon as it was complete. They did everything they could to drag it out at our expense. The construction contractor we were working with was actually forced in to bankruptcy.

Orv

Re: Ah, customers.

There's a sweet spot there -- a non-technical boss can be a nightmare, but technical bosses frequently try to micro-manage every step of the process because they're convinced they could do it better.

Orv

Re: May I recommend rsyslog?

I vaguely recall that from a legal standpoint a contemporaneous paper log was considered more reliable than a digitally stored log. Computer forensics was still new to most court systems at the time.

Bad news: Your Cisco switch is a fake and an update borked it. Good news: It wasn't designed to spy on you

Orv

Re: Follow the money

Fake aircraft parts have been a big concern for many years. Partnair Flight 394 went down in 1989 because three of the four bolts holding the vertical tail on were fakes made of metal that was too soft. Inadequately refurbished used parts are another problem.

Companies toiling away the most on LibreOffice code complain ecosystem is 'beyond utterly broken'

Orv

Re: I don't get it

I'm not an expert, but I gather that in Germany they're not allowed to do anything that would compete with a for-profit corporation. This is very different from in the US, where non-profits compete with for-profit companies all the time (although there are further exceptions for non-profits accepting tax-exempt donations.)

Orv

Re: Disagree with this

Yesterday I struggled for an hour to get the Java virtual console on an older PowerEdge server to work. Eventually I gave up and used the ActiveX version with IE11.

Java has added so many security features over the years that most Java Web Start programs fail entirely.

Orv

Agreed. I eventually had to dump LO for "real" MS Office because other departments send me Excel sheets with macros.

It's a no to ZFS in the Linux kernel from me, says Torvalds, points finger of blame at Oracle licensing

Orv

Re: Hypocritical

We had one offline overnight because the cleaning person accidentally pushed a chair against it in a way that held the RESET button down. We fabricated a mollyguard for the button and reliability was restored.

Orv

Re: Hypocritical

You MIGHT be overestimating how much affection the average American has for Elon Musk. While his business achievements are popular his personal behavior really is not.

Orv

Re: Torvalds declared: "Don't use ZFS. It's that simple."

I had corruption issues with Reiser, but I later found that machine had a defective disk controller, so I can't really blame Reiser for it. Reiser certainly broke more spectacularly than other filesystems, though.

Apple drops a bomb on long-life HTTPS certificates: Safari to snub new security certs valid for more than 13 months

Orv

Re: And tomorrows hack will be?

LE's checks are mostly just about whether the person requesting the certificate also controls the server (and thus the DNS.) It's not great, but it's equivalent to other budget certs I've gotten. I think in the early days I had to submit a photo of my driver's license, but realistically what's that going to prove? That I could come up with a plausible-looking image of a driver's license?

"Who owns it" is what EV certs were supposed to prove, but it turns out that it's hard to determine if the "Foobar, Inc." asking for the cert is the well-known "Foobar, Inc." or some other corporation that happens to have the same name in a different state.

Orv

Re: Super slowmo

Revoked lists have their own issues. The server with the revocation list becomes a single point of failure. If it's down, do you block *all* https access until it comes back up? If not, DNS spoofing can override the whole system.

Orv

Re: I understand

...aren't one-off jobs why we have "at"?

Drones must be constantly connected to the internet to give Feds real-time location data – new US govt proposal

Orv

Re: About those General Atomics MQ-9 Reaper drones.....

You'll love this, then: In the US *all* government aircraft are exempt from FAA oversight. I've heard some pretty amazing stories, including aircraft designed for two crew members being modified to be flown solo.

Orv

It's become a ritual at every major wildfire for water bombers to start trying to fight the fire, only to be grounded because some asshole is flying a drone. This doesn't seem like the right solution, but I'm not sure what is. "Letting the fire burn people's houses down while drone operators get viral videos of it" doesn't seem acceptable either.

Orv

People have suggested it. The problem is the ADS-B system is easily overwhelmed by too many aircraft in one spot. Also a typical aircraft ADS-B transmitter costs thousands of dollars, which might be a problem for drones that cost a few hundred.

Orv

Re: not subect

Also, if you're piloting a Cessna and bust a flight restriction, it's easy to punish you for it -- just watch where you land and arrest you. There's a big problem with drones flying in restricted areas without any way to identify the pilot.

If it's Goodenough for me, it's Goodenough for you: Canuck utility biz goes all in on solid-state glass battery boffinry

Orv

Re: 1000 cycles?

I'm almost to the point of getting one. A typical long distance trip for us is around 250 miles round trip, which comes close to fitting inside the practical range of current cars. One issue that's holding me back is the charging infrastructure -- while there *are* charging stations along the highways here, using them still requires a lot more pre-planning than I'd prefer. I might find it fun, but my wife would find it frustrating and stressful.

Orv

Re: There are, I...

I always wonder how motorcyclists arrive at their destinations without going deaf, personally.

Orv

Re: 1000 cycles?

I wouldn't overthink the cycle issue. There are companies using Teslas for livery service, and one of them recently published their maintenance logs. The upshot is you *might* need to think about a battery replacement at about 300,000 miles -- at which point most ICE cars would be junk anyway.

Orv

Re: Still a problem though

At home charging speed isn't nearly as important. Generally you're charging the car at night, so there's at LEAST 8 hours of downtime. My daily commute can be taken care of with just Level 1 charging, although I switched to Level 2 because it was less of a strain on the house's electrical system. (16A from a 240V/30A circuit causes quite a bit less conductor heating than 12A from a 120V/15A circuit.)

Orv

Re: Still a problem though

Here in SoCal it's less of a problem than you'd think, because the distribution system was designed to cope with daytime A/C loads. Charging at night, when those loads are lessened, is heavily incentivized. My nighttime rate can be as low as a third of what I pay during peak hours.

Orv

Re: Still a problem though

I think in current DC fast charging schemes the car's electronics are mostly bypassed, and power is delivered directly at the pack's charging voltage.

Even Level 2 charging doesn't generally use transformers, at least not ones operating at 50/60 Hz. It uses switching type power supplies like you'll find in a modern PC.

Orv

Re: Still a problem though

Most of the danger can be avoided if you make sure the connection can never be made or broken "hot." This is how all EV charge connectors (even lowly 240 volt Level 2) work; there's a low voltage pilot connection that makes after the high-voltage one, and breaks before it, and signals the charger to cut the flow.

There'd also be a stronger magnetic field from a 1000 amp cable, but a back of the envelope calculation suggests it's still three orders of magnitude too small to erase a credit card. ;)

Larry Tesler cut and pasted from this mortal coil: That thing you just did? He probably invented it

Orv

Re: I'm not 100% sure the WIMP really is the bonus its made out to be.

I'm of the opinion that overall modelessness is a benefit in keyboard apps, too, although there are limits before the keybindings become too numerous to remember.

Orv

Re: Newton - MessagePad

The closest we came in that era was the Handspring Treo series of PalmOS phones. They were nicely integrated, not just a phone taped to a PalmOS device -- for example, SMS and phone calls were handled by PalmOS apps, and PalmOS apps could use cellular data. But the market for such things at the time was not that big, and their hardware was a bit flimsy.

Orv

Re: The AI Effect

Very cool, but not really related to consciousness. ;)

I think part of the problem is no one can agree on what consciousness *is*, exactly, or how to test for it. Until we can answer whether a chimpanzee has consciousness, or a raven, trying to create it in an AI is pointless -- we won't know it when we see it. As was noted above, we've essentially defined it as something unique to humans, which makes it a bit tautological.

Orv
Coat

Re: flame on

^^^ Spotted the vi fan in the group. ;)

But presumably not a van of vim, which subverted the modal paradigm by allowing you to move the cursor without switching to command mode. Blasphemy!

(Mine's the one with the WordStar quick reference card in the breast pocket.)

Forcing us to get consent before selling browser histories violates our free speech, US ISPs claim

Orv

It's very rare for directors of a company to go to jail for the company's bad actions. Among other things, it usually requires proving they authorized the bad behavior *and* knew it was illegal; you won't find many company memos with "yes, do the illegal thing -- Your CEO" written on them, so proving any one person meets those criteria is hard.

Severe vuln in WordPress plugin Profile Builder would happily hand anyone the keys to your kingdom

Orv

Re: "submit input on form fields that didn't exist in the actual form"

This used to be SOP for PHP code in general. PHP kind of encourages it by auto-populating arrays of parameters for you.

Of course, checking for it just makes your code even more bloated...

South American nations open fire on ICANN for 'illegal and unjust' sale of .amazon to zillionaire Jeff Bezos

Orv

My guess is they'll use it in emails and such, as a vanity move and also as a way of reassuring people that their emails are Not A Scam.

Page:

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2021