Posts by vtcodger

Re: Why

Pretty obviously connecting your printer -- 3D, 2D or whatever -- to the Internet is likely not to be a wonderful idea. The problem is that the vast majority of computer users are quite incapable of configuring network enabled devices "safely". My guess is that maybe 4% think they can do so and that less than 1% actually can. I'm no stranger to networking, but I doubt my wireless printer or any other device I've set up is actually "safely configured". Personally, I consider myself lucky if I can manage to get the bloody box to work.

70 or 80 years ago the Japanese and German Navies thought that their communications codes were unbreakable. Turns out they were both wrong. Granted, encryption technology today is vastly improved. But so, one suspects, is decryption technology. If you are going to send messages that might interest the CIA or its friends, I'd strongly recommend the use of one time pads.

Otherwise, I'm far from convinced that encryption of non-financial material is worth the effort required to deal with the inevitable glitches. Personally, I still use paper, telephone, and face-to face for most financial stuff -- not because of concerns about encryption, but because most of the software I'm expected to use on line is really quite awful.

Re: No data was lost to an unknown party during the exposure.

It's conceivable that they actually had access time logging turned on and thus could tell that no one had been reading the files. (What is the point of storing 203,000 files no one is looking at?)

Re: IPv4 Address Pool Has Been Expanded Significantly

What would the affect of using the 240/4 addresses be on routing tables? My understanding is that one of the few (maybe the only) actual benefits from IPv6 is more compact routing tables.

Re: When I read articles like this...

"For what possible reason would "everybody" need 100 to their home?"

.... what reason? .... The decision makers at "content providers" are clueless and assume that all users everywhere -- even in remote mountain hamlets -- has bandwidth similar to what they have on their desktop PCs. AND, they think "latency" (a separate and also serious issue for many applications) probably has something to do with milk.

Re: 4D Printing

That's disappointing. I was hoping that dimension 4 was time and that 4D printers printed materials before one needed them instead of hours, days, weeks or months after they are required.

Re: I still think they're majoring in the minors. again.

"... why do you guys constantly complain about data collection from Windows and never talk about how pervasive Google's tracking is all over the web and ..."

Most likely the depth and vigor Google's obsession with spying on users hasn't registered on most folks yet. Those who have been around a few decades can possibly recall a time in the 1980s and 1990s when Microsoft was widely perceived as being quite friendly to home users. Reasonably priced, non-copy protected software. A lot of free stuff. What's not to like? Things started to change around 2000. Something similar is happening with Google I think. ... sad ... but I reckon it's time to start thinking about moving on.

Re: "It's a synthetic digital model of the real world,"

Despite humanity's inability to handle a lot of simple stuff, there are some things that are done really well. One of those is aircraft safety. I can conceive a similar approach to autonomous vehicle safety wherein every significant accident involving an autonomous vehicle is analyzed, responsibility assigned, fixes implemented, and the accident simulator suites updated to include an emulation of the situation that caused the accident.

Not that I'd bet that will actually happen.

"Also, will they slow their cars down as the batteries wear out?"

Of course not. The vehicle will simply drive itself off to the dealer in the middle of the night and you'll get an e-mail telling you that it is unsafe and won't be returned unless you pay $5300 for a battery swap. The only way to prevent that will be to chain the vehicle to a mooring ring when not in use.

"without the "CSM", because who would want that in a car?"

That's where stuff like GM's On-Star system and probably parts of Tesla's "Autopilot" live along with the pernicious telemetry unit? Manufacturer "enhancements" over and above basic wheels. Some of them may actually have some value to some car owners.

Re: "the world is clinging stubbornly to IPv4"

"Microsoft since Win7 [aside might have been Vista but...] have shipped Windows with an IPv6 stack that works out of the box."

Right. And you are aware that Microsoft had substantial difficulty switching to IPv6 internally not all that long ago? e.g. https://www.theregister.co.uk/2017/01/19/windows_10_bug_undercuts_ipv6_rollout/

Re: whatever’s wrong ...

China, for whatever reason, has long had a quota for foreign films in its theatres. The quota started off at 10 a year in the 1990s and has been expanded to 34 today. The chances that a less than stunning movie with a character that might be taken as a parody of Chairman Xi will be one of those films are probably close to zero. Especially given President Trump's recent trade related antics and the fact that it's an American film. There are alternate mechanisms that could allow its distribution, but probably won't. See http://chinafilminsider.com/foreign-films-in-china-how-does-it-work/

Re: If it comes from any mainstream media

FWIW -- https://www.democracynow.org/2018/7/27/noam_chomsky_on_mass_media_obsession

"Israeli intervention in U.S. elections vastly overwhelms anything the Russians may have done, I mean, even to the point where the prime minister of Israel, Netanyahu, goes directly to Congress, without even informing the president, and speaks to Congress, with overwhelming applause, to try to undermine the president’s policies—what happened with Obama and Netanyahu in 2015."

Overall I'm not all that big a fan of Chomsky. But here at least, the man seems to have a valid point.

It sounds like they MIGHT be able to eventually very carefully recover their data from the infected backups. Personally, I'd look into using a unix to do so in order to minimize the chance of propagating their old infection back into their system once they get it decontaminated and running again.

Re: I have

The article misframes the issue. A choice between competition or fast broadband is the best one can hope for in the US. For a large part of the population, one's only option is neither.

"100microns is small?"

Good point actually. Objects 1/10th of a mm wide are readibly distinguishable by the naked eye. The (perfectly legible) mm markers on my ruler look to be 100 micron wide black lines spaced at 1000 micron (1mm) intervals.

Re: I had to laugh

"Wouldn't it be better to have a recognized standard for IoT security,"

Of course there will be standards for IoT security. Probably about seven of them. All mutually incompatible. And no one will implement any of them in exactly the same fashion as anyone else.

Re: They can only do that if...

Actually, the complete, accurate statement is "you really can't trust HTTPS".

Probably true. OTOH I personally don't much care except when money is involved. And I try to do as little as possible involving money on-line. I find that face to face, paper, and/or telephones work better and are less inconvenient than online with proper security and are less scary than online without proper security.

For me, most of the time, https mostly means I can't view a constantly changing array of sites in one browser or other (I have at least six installed) because their certificates have some subtle or not so subtle flaw this week.

My guess is that most users will have no idea what Google is about with this HTTPS thing. Depending on implementation details, they will either click through any annoying error messages or will whinge until someone shows them how to switch to a different search engine.

No, I don't know what to do about all this until folks are ready to accept that online security is a very tough problem, the toolkit we are approaching it with is entirely inadequate, and we may have to stop doing some things (e.g. Javascript) that are surely incompatible with secure computing.

"Why leftpondians call it a pound sign ..."

Because # is sometimes used as an abbreviation for a unit of weight/mass = to 453 grams still in use in the US. ("lb" is a lot more common in practice).

The US hasn't had a currency called the pound for about 240 years. Canadians switched from pounds to dollars well over a century ago.

Re: password reuse

"Are you one of the "I want everything, and easy, and until this happens I will mope" people?"

Not especially. More a "Sooner or later you folks should acknowledge that what you're doing isn't working and quite possibly will never work" sort of person.

Doesn't mean one can't use the Internet for entertainment, access to information, casual conversation and many other things. Just that it truly may not be a satisfactory vehicle for command and control, financial activity and some other activities.

"you better use what's available"

Why would I use a defective and potentially dangerous tool when there are safer alternatives? Why would anyone?

Re: It would help ...

"if they could demonstrate a real functioning AI. At the moment all we have is a load of marketing hype"

I want to agree with you, but it crosses my mind that Google, for all its faults, seems to do a fantastic job of despamming my gMail without discarding legitimate messages. Maybe that's not really AI. But whatever it is, it works.

Re: Good(?) old days...

" Slackware dropped Gnome when it became dependent on dbus (if memory serves)"

My recollection -- which may be faulty -- is that Volkerding wanted to keep his distribution on a single CD and there wasn't enough room for both KDE and Gnome. Volkerding argued at the time that a Slackware compatible Gnome was available for those who wanted/needed it and that it was better that some people could install from a single CD than that everyone needed two.

BTW -- judging from the number of gratuitous dbus related error messages thrown up on the konsole, KDE also seems to depend on dbus nowadays

"I have my shopping list on a piece of paper, and cross things out when picked off teh shelf."

Indeed. A decade ago, I had a eeePC in the kitchen so that people could call up recipes, play music, and add to the shipping list. There was a printer on the shelf above to print recipes and shopping lists.

Problem is that no one used it but me, and I didn't use it all that much (and mostly for music)

Nowadays, the eeePC and printer are gone. Recipes are in a notebook and the shopping list is on a notepad hanging on the fridge next to a pencil holder.

"It never takes long for articles like this to reveal those still in denial about climate change due to our greenhouse gas emissions. What evidence would ever convince you?"

Models that make verifiied predictions would help. I think that if you forget your preconceptions and do some research, you will find that the Climate Models have never made even one prediction that would persuade an objective, unbiased observer. It's not that CO2 isn't a greenhouse gas. It is. And it isn't that CO2 isn't increasing. The CO2 measurement program put in place by Charles Keeling in the 1950s stands up to scrutiny.

But the Global Climate Models are clearly generating highly dubious numbers and worse, they aren't providing insights into what causes glaciations, what ends them, what causes obvious cyclic phenomena like ENSO, PDO, AMO. It may be that the idea of climate modeling using the same basic techniques used for weather forecasting simply can't ever work over time spans greater than, at most, a few hundred hours.

Re: Why do browsers allows JS from other domains to run

"I've never understood i) why a site would trust other sites to host code for them and ii) why browsers allow one site to run scripts from another."

Heck, I've never understood why anyone would think that downloading ANY code from ANY website into a browser for immediate execution, could possibly be a good idea. It seems clear to me that can only work in a world with technology that provides 100% iron clad security as well as computer folk who never, ever, make mistakes. We do not live in such a world. We are unlikely ever to live in such a world.

But ... but ... but ... That'd make life harder for web designers. Yep. Almost certainly it would. So what? If we're going to do financial and other important stuff over distributed public communications network, shouldn't USER security be the overriding priority?

Re: Quite honestly

Two points:

1. Any security scheme that depends on programming users is unlikely to work. (Exception: The protected information -- e.g. nuclear weapon Permissive Action Codes -- is so important that users genuinely respect the necessity for security).

2. Passwords are a major impediment to usability. 2FA is a much greater impediment.. If you insist on making stuff unusable, folks either won't use it or will use it and find ways to "simplify" usage. They will somehow bypass your security measures.

No, I don't know (an) answer(s). I just know that recommended security practices are not working well. And I suspect they are probably never going to work well except for a rather limited fraction of users.