* Posts by ExampleOne

227 publicly visible posts • joined 27 Jun 2017


Meta says risk of account theft after phone number recycling isn't its problem to solve


Setting aside the questions around SMS 2FA (which I don't think is the core of the problem here), the question is "Who is responsible for a user maintaining correct contact details?".

As I see it, the complaint seems to be Meta provided the password reset details to the contact details the user asked them to provide them to. Why can Meta be held liable if the user fails to update those contact details? I am pretty sure we have seen similar stories when domain names have been recycled, and the new owner of the domain started receiving email for the previous owner. I know I still receive post for previous residents of my current home, some of whom last lived here over 20 years ago!

ANZ Bank test drives GitHub Copilot – and finds AI does give a helping hand


It won’t be a popular point, but… if the reported gain in productivity of 40% is correct, this is the single best investment they could make.

Doing some basic math, $39 per user per month is break even for a developer being paid $1000 a month if it gives a 4% improvement in productivity. They are claiming a productivity boost 10x that. Though it isn’t mentioned, I suspect they are using developers paid a lot more than $1000 a month.

New cars bought in the UK must be zero emission by 2035 – it's the law


Re: Screw the Hoi Polloi!

Run a cable across the pavement? So who is liable when someone trips over the cable? We may not like the reality we live in with ambulance chasing lawyers, but it is a bad idea to ignore it when formulating national policy.

Ok, so you dealt with the lawyers… how about the copper thieves who come down the street in the middle of the night and steal all the cables?

Or the pram pushers trying to push a pram along that pavement? Are we really convicnced that making pushing prams and pushchairs difficult is really a great policy?

Epic decision sees jury find Google's Play store is illegal monopoly


Re: confused

They lost against Apple because the judge ruled that the iPhone App Store was not a monopoly because the market should be defined as all smartphones.

The jury here have decided that Google Play Store is a monopoly, which at least implies they disagree with the Apple case judge on the question of how the market is defined.

Will anybody save Linux on Itanium? Absolutely not


Re: like video games localization

Is a wine/proton port a "native port"? I suspect for the ideologues, it isn't.

My take is that an officially supported wine/proton port is effectively a native linux port of the game, so long as the developer is willing to commit to addressing issues that arise only on wine/proton. I don't dictate the game engine, why should I refuse to accept a usable stable set of libraries over the API they speak?

In quest to defeat Euro red-tape, Apple said it had three Safari browsers – not one


Re: The title is no longer required.

Except the European Commission, by entering Apples own marketing material, turn this argument into “if it works, you face prosecution across the EU (and beyond) for false advertising”. Add to that, anyone who bought an Apple device since the false advertising now has a case against Apple as well.

So yes, there may be a 1 in 1000 chance it works, which is better than a 0 in 1000 chance, but that only holds if you ignore the risk of it backfiring.

This looks a spectacularly silly argument to advance.

Qualcomm and Iridium's satellite link-up loses signal


Re: Translation

Yes, for a tiny minority of people, this is a feature worth paying a premium for. But it is a tiny minority. Most phone OEMs probably would prefer to wait for a working standards based solution than invest any effort into integrating a solution the overwhelming majority of their customer base don’t have care about. Once the working standards based solution arrives, they do the work, and they can be reasonably confident that work won’t be hostage to a single vendor.

Microsoft does not want ValueLicensing CEO anywhere near its confidentiality ring


Re: MS is a monopoly

The depends on how the market is defined.

The fact someone can choose to opt out of a market completely does not mean that market can't be a monopoly.

Microsoft makes some certification exams open book


I strongly agree with this, for one simple reason: "How do you do X?" questions, unless they are trivia, should really be answered "I google to find the correct process in the official docs, and follow them"

A poster child for this I have been asked in an interview was "How do you restore an Active Directory backup with the entire computer network offline?" As an interviewer, I would be seriously worried by any candidate who could answer that correctly and accurately in detail without prompts!

After years of fighting Right to Repair, Apple U-turns-ish in California


Does not require that manufactures allow repair shops to disable security features

So, basically, if Apple implement "security features" to prevent non-Apple parts working, repair shops would not be allowed to disable those features, and would have to use Apple parts, at whatever excessive price Apple charge?

Focuses on manufacturer obligations to support authorized repair channels

Who authorizes "authorized repair channels"?

Call me cynical, but surely those two caveats basically neuter the entire proposal?

Hallucinating ChatGPT finds a role playing Dungeons & Dragons


Interestingly this was my first thought for a good application of chatgpt, with a human DM keeping factual statements correct.

The hallucinations aren’t a problem in NPC conversations, because the NPC could just be wrong!


it's hard to wrangle but the sodding thing goes off in some wild directions, sometimes.

Only sometimes? So it is marginally more predictable than a human player?

80% of execs regret calling employees back to the office


Overall, only 9 percent of those surveyed have moved away and not subsequently returned, it said.

Given how long moving typically takes, and the fact that many people won’t have really believed that they would never have to come back to the office, isn’t 9% a fairly high number to have actually moved three years on?

Sarah Silverman, novelists sue OpenAI for scraping their books to train ChatGPT



Transformative, possibly, but surely all the LLM output is derivative work of the training corpus?

Former Twitter employees accuse it of holding up 891 arbitrations


The company tried to insist on arbitration, won, and got upset when the class retaliated by using an automatic arbitration filing system.

The company then went to court to try and set aside the enforced arbitration process in favour of a class action. The judge was not amused.

Supreme Court says Genius' song lyric copying claim against Google wasn't smart


While I completely accept they should not be allowed to enforce copyright they don't own, surely they have a copyright on their presentation of the lyrics: In this case, surely there is a "spark of creativity" to the "REDHANDED" morse code message which would be potentially worthy of copyright protection.

I mean, if a dictionary (or API!) is copyrightable because the presentation of the content has a "spark of creativity" to it, I'm failing to see how a hidden message in a bit stream is not.

In this case, that could probably be dismissed as insufficient to be protected.

Red Hat strikes a crushing blow against RHEL downstreams


The potential problem is not the with-holding the code, it's terminating subscription agreements for of end users who exercise their GPL rights. This is basically exactly the same legal argument advanced by GRSec, and it was called out as GPL violation then. Why is it not being called out the same now? Or were all the claims then FUD?

Truthfully until this particular model is legislated, we won't know if it breaches the GPL. If it IS legislated, and it DOES breach the GPL, RH and IBM are in a massive world of pain, as anyone who contributed anything to any GPL component of RHEL would have standing to sue. Including Oracle and Microsoft. Essentially, this is potentially a massive gift to those opposed to Linux.


Doesn’t this mean Red Hat are potentially getting sued for GPL violation by Oracle? I mean, Oracle contribute to the Linux kernel so should have standing?

These Microsoft Office security signatures are 'practically worthless'


Microsoft, they claim, acknowledged the findings and awarded a bug bounty, but "has decided that the vulnerabilities do not require immediate attention."

Perhaps MS telemetry tells MS that no one actually uses the signing functionality in OOXML documents anyway?

I have seen "password protected" documents from time to time, but never a digitally signed one. Once digital signatures are involved, IME, it's always been PDFs.

Google HR hounds threaten 'next steps' for slackers not coming in 3 days a week


Re: It's in the employment contract

It does happen.

I worked for a company that had an office move constrained by staff pointing out that moving office was a material change to their contracts.

Google changes email authentication after spoof shows a bad delivery for UPS


Re: Bug/Vulnerability or just bad implementation?

But Google should not be trusting the message headers.

In the scenario you outline, MS have allowed an account to relay for a sender domain that is not validated to the account. This would be a problem in O365, as it allows any customer to masquerade as any other customer!

Now we can argue that Google should have rejected because the DKIM signing key was wrong, but that is a problem with DMARC or BIMI, but if the policy is “one of two”, you can’t fault Google for correctly applying a one of two policy.


Re: Bug/Vulnerability or just bad implementation?

What happened in Office 365? It sounds like ups.com currently, or at some point, used Office 365 as a mail host leading to Office 365 SPF records. Any Office 365 customer would be able to send from the same servers. This is not a flaw in SPF so much as a scenario it simply was never designed to deal with.

How the bad actors were able to set up to send from ups.com through office 365 is probably a more interesting question.

Elon Musk hit with insider trading claims over his Dogecoin crypto-hype


Re: Wouldn't this require

While the law of the land might not, in the U.K. at least it would probably fall foul of the FCA rules of conduct, especially if he is lying to do so.


It is only insider trading if he knew his actions in advance and planned for them.

AI, extinction, nuclear war, pandemics ... That's expert open letter bingo


Call me cynical, but firms who have already developed functioning AI products are calling for AI development to be regulated? Is this a case of pulling the ladder up behind them to ensure no one else can compete?

Subpoenaed PyPI says bye-bye to as much IP address data as it can


Re: Salting IP addresses

That was pretty much my thought. 32 bits of meaningful information, less a bunch of IP addresses that will never be seen.

IPv6 address hashing might be more useful, but how much of their user base are IPv6 users?

Leaked Kyndryl files show 55 was average age of laid-off US workers


Re: Unfortunately...

> An older engineer (rightly or wrongly) will always be more likely to push back against progress.

I am going to have to take issue with this. A good engineer doesn’t push back against progress.

A more experienced engineer is more likely to question “fad of the day” hype, which is not the same thing!

Exhibit 3,021: Millions wasted on US govt IT due to poor oversight, audit finds


Did you miss I had reduced the total budget from 17.4 billion to account for that 5/48 factor?


So, out of what? 1.74 billion dollars of spend analysed, 25 million dollars was wasted? That doesn’t sound that unreasonable actually.

Brexit Britain looks to French company to save crumbling borders and immigration tech


Well, they can hardly continue to blame Brussels now we have left, so they need a new excuse to replace the one they used for the last 40 years.

Microsoft disarms push notification bombers with number matching in Authenticator


If the problem is bad actors spamming users with authentication requests till they approve the access, why not implement rate limiting on the accounts?

Guy rejects top photo prize after revealing snap was actually made using AI


Given the origin of the term ( https://en.wikipedia.org/wiki/Photography#Etymology ), I am dubious about claims the AI images are any less photography than most camera captured, human developed and edited images are.

Google again accused of willfully destroying evidence in Android antitrust battle


What does The determination of an appropriate non-monetary sanction requires further proceedings. translate to? Is that they are getting a slap on the wrist, or is it code for something more severe than a straight default judgement? Interestingly, the judge appears to leave open the possibility of a default judgement once discovery is complete!

As I understand it, the conduct the judge has entered a ruling of fact over is covered under the US criminal code in the Obstruction of Justice section.

FOSS could be an unintended victim of EU crusade to make software more secure


Re: Sorry but where is the problem?

Best of your knowledge? Are you really sure you want to incentivise finding the worst possible certified auditors?

‘Mother of Internet’ Radia Perlman argues for centralized infrastructure


So, basically, an Assassins Guild?

Microsoft delays controversial ban on paid-for open source, WebKit in app store


Re: Free as in freedom

receiving code that misleads about its origins

Actually, doing that for financial gain may be sufficient to count as criminal fraud in some jurisdictions.

Hear us out: Smartphone lidar can test blood, milk


Re: We now have smartphones with lasers

Apparently to make Theranos tech work…

Honestly, it looks like a simple idea looking for cool applications: add it, and figure out what to use it for later.


Re: Too good to true?

Except this time they are providing enough detail that it should be independently verifiable.

The question is can anyone scale this into real applications now, or will all the problems skipped over in the lab prevent it?

UK Home Office dangles £20m for national gun licence database system


Re: Why bother at all ?

I believe one of the UKs preserved destroyers solved the problem of the ships guns by buying a gun license and ensuring the turrets were locked when not giving tours.

'Please download in Microsoft Excel': Meet the tech set to monitor IT performance across central UK government


Re: in line with agile delivery best practice

I am amused by your optimism... RHEL 5 anyone?

Google sours on legacy G Suite freeloaders, demands fee or flee


That $72/month is per user. For the family usecase, MS365 is going to be significantly cheaper.

I suspect that the "freeloaders" are not as freeloading as Google think. If they are often operating vanity domains, it suggests a level of technical competence and probable influence.

Microsoft shareholders vote for a report into harassment within the company


Re: In a surprise to nobody...

I think I trust the government to regulate it. Just like I assume they will ignore the regulations when it suits them.

I mean, it’s not like our governments don’t have form for breaking the law when it suits and they think no one will find out.

Munich mk2? Germany's Schleswig-Holstein plans to switch 25,000 PCs to LibreOffice


Re: Cost to buy - or cost to run ?

“ I'd expect a decent Linux desktop admin to be earning twice as much as a Windows desktop admin.”

Well, I note the “decent” qualifier is only applied to the more expensive one, so… yeah, incompetence is cheap!

UK competition watchdog unveils principles to make a kinder antivirus business


The suggestion from the CMA is to check if software updates are being received rather than simply charging users year after year.

This seems a remarkably sensible suggestion, given the updates are all hidden behind an authentication wall. Are we sure this is a UK authority paper?

Apple beat Epic Games 9-1 in court. Now it's appealed the one point it lost


Re: Judge found Apple is not a monopolist?

There is no guarantee Apple will get the same decision on monopoly in Europe, which ultimately depended on how the market is defined. The ruling here appears to be that the market is all smartphone users, and not just iPhone users. There is a definite vibe to the ruling that Epic shot themselves in the foot, repeatedly, by focusing on the wrong things. Without getting the market defined as iPhone users, everything else was inevitable.

Contrast with Europe, where the competition authority seems to be laying the groundwork for treating the iPhone and Android app markets as separate, in which case Apple are going to struggle to argue they are not a monopoly.

SAP uses Scalpel to carve shape of post-Brexit UK ambitions


The UK has been afforded “adequacy” status by the EU in terms of data sharing under the General Data Protection Regulation (GDPR). But that decision will be subject to review as UK law changes, so perhaps SAP is hedging its bets.

Isn’t the adequacy status also subject to legal challenge under the current rules? The UK doesn’t need to change its rules for SAP to want to hedge their bets, given the UK track record in having their rules challenged in CJEU.

Four women suing Google for pay discrimination just had their lawsuit upgraded to a $600m class action


A 600 million dollar, one off payment, problem goes away, deal strikes me as a bargain for Google if they genuinely are guilty of systemic gender discrimination.

Why? Because defending each and every one of those cases after the first couple is going to be vastly more expensive.

Apple's macOS is sub-par for security, Apple exec Craig Federighi tells Epic trial


> It’s a phone for gods sake, and we shouldn’t lose sight of that.

Except it isn't, and never has been, just a phone. From its very start, it has been a computer in your pocket first and a phone second.

People don't buy smart phones to make phone calls, they buy them for the apps and flexibility provided by being a computer. Purely as a phone, I find all the smart phones have a far worse user experience than classics like the Nokia 3310.

Streaming mad: EC charges Apple with abuse of dominance, distorting competition in Spotify case


Re: “Monopoly” is a stretch

From the article:

The Commission noted that Apple users tend to be loyal to the platform, and seldom switch to competing operating systems, resulting in developers having limited (if any) leverage in disputes.

This would suggest the Commission are leaning towards defining the market as iPhone users, and not smartphone users. If the courts agree, Apple are dead in the water as far as defence is concerned.

Deloitte settled HPE's Autonomy lawsuit for $45m back in 2016 and agreed to cooperate with US DoJ


HP appear to be taking "HP were misled" (undeniably true) and "Autonomy tried to mislead us" (possibly true) and combining the two and hoping that no one notices that there is a serious problem in the chain of which can be summarised as "Autonomy couldn't mislead HP as HP had already misled themselves".

Do I think Lynch is innocent of all wrongdoing? Not really. Do I think Lynch is guilty of trying to mislead HP? Probably. Do I think Lynch succeeded in misleading HP? Not at all. HP did that perfectly fine without needing a fradylent due diligence report they never received!