Posts by vtcodger

Re: Quite honestly

Two points:

1. Any security scheme that depends on programming users is unlikely to work. (Exception: The protected information -- e.g. nuclear weapon Permissive Action Codes -- is so important that users genuinely respect the necessity for security).

2. Passwords are a major impediment to usability. 2FA is a much greater impediment.. If you insist on making stuff unusable, folks either won't use it or will use it and find ways to "simplify" usage. They will somehow bypass your security measures.

No, I don't know (an) answer(s). I just know that recommended security practices are not working well. And I suspect they are probably never going to work well except for a rather limited fraction of users.

"But even Brits can't all grasp English punctuation rules."

English has punctuation rules? Who knew?

Re: A thin line

"A more professional approach is that the design documents define the functionality and a deviation of the code, from the documentation, is a bug"

Sigh ... Somewhere, perhaps, there is an unparallel universe, where software is carefully designed before it is coded, and programmers translate carefully written specifications from people-speak to machine-speak. And I'm sure if it exists, it runs a lot better than this universe.

But in this universe, specifications -- other than interface specs sometimes -- are uncommon and when they exist at all are more often than not, useless or worse.

Re: Majority irrelevant

"You can pretty accurately assume the typical user from what's sold."

Possibly not. PCs, like cars, are pretty durable, at least modestly repairable, and are often handed down/repurposed.when a new PC is purchased. I suspect that the "typical" desktop PC might be what was being sold six or seven years ago. Laptops do not last as long and might be closer to what is being sold. And some PCs do experience memory and storage upgrades although I suspect that is less common than it used to be.

Re: No worse than something on a web page

"....they are no more of a risk than something on a web page." Or, for example, a rogue NTP server that embeds commands in the least significant bits of the timestamp it returns.

Re: Emacs

"Does LISP count as a scripting language?"

An elisp file reads more like a grimoire than a "script". But the spells undeniably do produce interesting and sometimes useful results.

Re: SCADA systems running windows

my guess would be that at least some of the 'Windows 98' systems are out there because the production floor has some collection of gears, wire-wrap, and relays somewhere that needs a driver that only works under MSDOS. I'm far from convinced that's bad although I suspect that turning on TCP/IP and hooking up a network with internet capability might not be a great idea.

Re: Didn't get the memo?

Historical Note. The last official attack on the US by Canada was a failed surface and naval attack on Plattsburgh, NY in 1814. The last (unofficial) attacks from the US on Canada were a series of raids launched from the US by Canadian rebels in 1838 with some unofficial US support..

Re: Microsoft windows spied on your computer directly

"Microsoft Windows 95 spied on your computer and habits"

Probably not. IIRC Win95 didn't even have TCP/IP support turned on in the default configuration. And people still used modems on 1200 to maybe 32K phone lines back then and not everyone had an ISP. I don't think Microsoft OSes started calling home until sometime in the 21st Century. I don't recall when. Vista maybe? Perhaps someone else with a better memory can fill in details.

... 98 -> ME -> 2000

It's easy to forget ME. A very forgettable product. Microsoft would like to forget it also.

And there really was a Window 1 -> 2 ->3 ->3.10 ... prior to 3.11. Window 3.0 was really the first usable Windows and was quite popular for a couple of years in the early 1990s. But it was nearly universally replaced by WFWG 3.1 then WFWG3.11 (free upgrade) which had networking.

Well, the sort of acceptable scapegoats this week are GDPR, Climate Change, Iran, or Trump. Which would you pick?

Re: Guess which I bring?

Data you thought was deleted is back? Isn't that a security problem? Have you checked to see if there is a bug bounty?

Re: Ahem.

"Did it also arrest itself for making malware?"

No, but it has seized one of it's own cell phones involved in the case, and is seeking help from the vendor in cracking the password.

Re: Some things to think about

I'm not sure "optimization" is the appropriate term here. A compile time warning "Statement at line 8 - default: error(); break; - will never be executed" seems reasonable. But quietly ignoring the code seems to me an emulation of a common form of human "intelligence" often associated negatively with civil servants.

How about "logic devolution" instead of "optimization"

Re: WTF kind of advice is that for our average person?!

"FFS! What terrible advice!"

On top of which, I would guess that the second or third thing that malware authors addressed was making a reset to factory firmware difficult or (preferably -- from their POV) impossible.

I'd add that reseting a router to factory defaults often is not so easy to accomplish, and that researching the procedure and possible problems BEFORE potentially killing a key element in one's internet connection might not be a bad idea.

Re: Steve

"I switched 2 years back. Much happier now. I only miss paint"

It's been so long since I used MSPAINT that I really don't recall what it can and can't do. I use the kolourpaint program (part of KDE) for simple image editing. For that matter, I think MSPAINT will probably run under WINE, but my experience with WINE has never been very positive -- not really a criticism of WINE. WINE seems a noble attempt to create a Windows compatible environment on Unix, but that's really a monumentally difficult task I think. I vaguely think that ImageMagick has some editing tools. And of course, there's always Gimp. Rumor has it that Gimp's once legendarily baffling UI has mellowed in recent years.

Re: Heavily tested then

My understanding is that Tesla doesn't use LIDAR. That would presumably make determining the distance of a stationary object like -- Oh, I dunno, a crash barrier or a stopped firetruck for example -- much more difficult than one might think.

That's an explanation, not a justification

Both valid complaints: The weird routings MAY, and I emphasize MAY be reduced by careful attention to the configuration settings. If you tell a GPS to use expressways, then it'll try to use expressways even though you'd actually prefer a more direct route with a few traffic signals.

The confusion probably is due to the GPS device not knowing exactly where it is. GPS is often accurate to a few meters, but if the gods are unkind and/or if some satellites are not visible and/or there is multipath reception and/or there is interference with the satellite signals and/or you are in a parking garage or tunnel and/or who knows what, the $%^# box can be off by many tens of meters. That results in it issuing instructions that are worse than useless. And, yes, not knowing exactly where it is is likely to be a BIG issue for autonomous vehicles.

There's a possibility that if AI actually did improve capital allocation significantly (whatever that means), that could be bad for financial markets rather than good. If everyone invested rationally wouldn't the real rate of return on "good" investments likely sag to some quite low value?

Re: Lovin' my HP printer

If I recall correctly those fondly remembered HP II and III printers that cost a fortune and lasted forever actually used a Canon engine inside. Not sure about the HP4.

Re: 'controlled by a few people at Google with no oversight'

"So if AGI represents an extreme level of power, should that be controlled by a few people at Google with no oversight?" - Elon Musk

"Quis custodiet ipsos custodet?" - Juvenal

In the short term, switching may not be so easy if you can't access your assets in the old bank. In the longer term, switching might be an excellent idea.

Re: Cost.

"Good news! The operation was a success and your tremors should be under control. Just don't get your head wet when you bathe, and don't get any MRIs, and be sure and tell your dentist you have a brain implant. And, Oh yes, here's the battery charger you'll have to wear for at least three hours every day ...

What could possibly go wrong?

Re: Time to claw some back

"What's the point in trying to claw back IPv4 addresses? It would not fix the problem, just delay it for another couple of years."

I'd submit that Plan A -- everybody grumbles a bit them and switches to IPv6.-- does not seem to be working. In reality, many users can't "upgrade" because third parties like their ISP don't support IPV6. Others lack resources to upgrade. Many users feel, possibly correctly, that the minimal security provided by IPV4 plus NAT is better than not having "NAT security". A lot of stuff that purportedly supports IPV6 doesn't. Less than a year and a half ago, Microsoft had to fix Windows 10 before they could change their headquarters network to IPV6. Most users don't have the resources to fix their OS(es) or their hardware. There may be other valid reasons. Whatever ... IPV6 adoption is glacial at best.

I'd submit that a few years to develop and implement a Plan B that -- unlike Plan A -- realistically addresses the needs/desires of users might be a really good idea.

And a Plan C developed in parallel with Plan B in case Plan B doesn't work out, might not be a bad idea either.

Re: If anyone shoud know

Surely there's enough room for both (plus France, North Korea, Iran, ISIS, and the Grand Duchy of Fenwick).

Re: Hypervisor?

I'm not worried much about the turtles under me. The turtles I am under worry me a bit at times.

Re: Bring back DOSEDIT

"Nothing wrong with emacs."

There's plenty wrong with EMACS (and plenty right also). But EMACS is, if nothing else, configurable. It is not too hard to configure EMACS such that when used with a keyboard with Insert,Home,End, etc keys, it's about as easy and intuitive to use as the MSDOS editor. I have no idea if vi can be set up to do that. Wouldn't surprise me that it can.

Re: And that's exactly why...

Of course the data is poor quality. Even if it were good quality, it probably wouldn't actually be of much real use or value. My guess is that the "information age" will go down in the annals of human lunacy along with Dutch tulips, the South Seas Company, cryptocurrencies, the late 20th century Japanese stock/real estate markets and the CDO craze. On the bright side.-- Facebook and Google et. al. don't own or operate guillotines.