* Posts by Drew Scriver

411 posts • joined 28 Sep 2017


Amazon internal chat app that censored talk of unions and ethics may 'never launch at all'

Drew Scriver

Slack can already do this...

Not sure why Amazon is hanging this on a custom internal chat app. My (Fortune 500) employer recently announced that we can now enable self-censoring in Slack.

The bot will make suggestions if people use words that are deemed problematic by the company, like "dummy value", "brown bag lunch", "man-hours", "soft skills", and "he".

US is best place to be a software engineer, salary survey finds

Drew Scriver

If you can find a hospital bed, that is. If you do get a bed you'll be laying there thinking of the poor chap whose scheduled surgery got bumped (again) and hope he doesn't perish in the meantime.

Amazon Alexa can be hijacked via commands from own speaker

Drew Scriver

Re: Why give it house room?

Only one gets to the be smart: the device or the person. But not both.

Drew Scriver

Re: Purchases are effectively enabled by default

Wasn't there a follow-up story about news coverage about this on TV causing additional orders because Alexa units all over the USA picked up the magic phrase from the TV?

Fujitsu: Dumping older workers will wipe out quarter of forecast profit

Drew Scriver

Re: Disgusting..

"User demographic matters".

I remember a project about fifteen years ago were the target group was "older people living in mobile homes in Arkansas who only have dial-up internet access".

The Millennials (who were hip, modern, and should be listened to by us geezers, according to the brass) went to work and created a hip and modern web site with all the whistles and bells available at the time.

Lots of joking about the target group by said Millennials.

Eventually the site was launched. Bounce rate on the home page was over 90%. They seemed to be unable to understand why the "older people living in mobile homes in Arkansas who only have dial-up internet access" never got past their 5 MB home page.

Ukraine asks ICANN to delete all Russian domains

Drew Scriver

Re: RE: "And the word RUSSIA on envelopes"

This begs the question of what constitutes appropriate actions to counter a move by an instigator.

Would Japan have surrendered with the conventional bombings and dropping two nuclear bombs, which combined killed between 300,000 and 900,000 civilians?

Would Germany have fallen without the bombing raids by the allied forces, which killed 570,000 and 800,000 civilians?

Today's (western) culture no longer accepts this as ethical or acceptable. Unfortunately, adversaries tend to abide by different ethics. Worse, they make the western reluctance/refusal a key part of their strategy.

As for "removing the word RUSSIA on envelopes", one would expect great support for such initiatives given the removal of anything from western societies that is even remotely linked to its troubled past.

EU, US close to replacing defunct Privacy Shield II

Drew Scriver

This is all well and good, but:

- The average user doesn't really care (or understand) privacy. Facebook would not exist if they did.

- All this wrangling makes the EU appear to care about privacy, but European countries do their share of legally collecting data on the public and tracking people.

- European governments violate the GDPR all the time. PII is routinely shared via e-mail (unencrypted). The consulate/embassy of my own country sent my PII (full name and DOB) from the USA to the EU in the subject of a message, for instance.

- Europeans are obsessed with PII - to a level that is not (yet) tolerated by Americans. Requiring DOB for train tickets or museum passes - and then printing them on the tickets/passes? Unthinkable in the USA.

Tesla to disable 'self-driving' feature that allowed vehicles to roll past stop signs at junctions

Drew Scriver

Actually, that's (more or less) the law in Virginia.

"[...] shall stop if it is not reasonably safe to continue" (§ 46.2-833. Traffic lights)

Drew Scriver

Re: One benefit for the fuel companies...?

Agreed, but legally the color is "yellow", not "amber" (per the RVV 1990).

By the way, traffics lights in the Netherlands do not feature an "orange" light - legally it's "yellow".

Curiously, in the USA people call this middle light "yellow" when in fact most traffic codes refer to it as "amber".

Drew Scriver

Re: One benefit for the fuel companies...?

Rolling stops (or even proceeding without slowing) often makes a lot of sense and in many cases can increase safety.

In those cases there ought to be a yield-sign rather than a stop-sign. However, I am not at all confident that US-drivers can handle them.

For the record, I hold a driver's license from a (northwestern) European country as well as a US license. Decades experience driving on both continents.

Drew Scriver

Re: One benefit for the fuel companies...?

Agreed on the roundabouts/rotaries. However, I regularly see people come to a full stop before entering them...

It seems that not many people in the US know the traffic laws - police officers included. Worse, they often differ significantly between states, and sometimes between localities.

Drew Scriver

Re: California roll

I don't think Americans would be able to handle yield signs, even though they would be far better for the environment.

Drew Scriver

Stop vs yield

Americans are obsessed with stop signs, and don't seem to understand yield signs.

Has anyone ever calculated the annual carbon-footprint of those billions of full stops vs yielding?

Worst of CES Awards: The least private, least secure, least repairable, and least sustainable

Drew Scriver

Re: unintelligible random sound from person in bed

I'll raise my banner again. The one that reads:

"Only one can be smart; either the device or the person. But not both."

Drew Scriver

Re: "the marginal cost of sharing and making copies of things is pretty close to zero"

How is a high corporate markup different from 20%+ VAT?

Canon: Chip supplies are so bad that our ink cartridges will look as though they're fakes

Drew Scriver

"There is no negative impact on print quality when using consumables without electronic components"

I really, really want to use this quote from HP as the Zoom background for my next vendor meeting with them!

Theranos blood-test machine demos for VIPs rigged to hide any failures, court told

Drew Scriver

I have seen so many fake demos and corporate dog/pony smoke/mirrors that I can't even remember all of them.

This one is the most expensive one I've heard about though.

Drew Scriver

Re: Am I being too harsh?

In the US, it usually does exactly that.

Tobacco giants don't get to decide who does research on smoking. Why does Facebook get to dictate studies?

Drew Scriver

Re: Gotta agree with FB...

Facebook's challenge is peculiar given that this observation was quoted directly from an internal company research presentation.

From the WSJ article:

“Thirty-two percent of teen girls said that when they felt bad about their bodies, Instagram made them feel worse,” the researchers said in a March 2020 slide presentation posted to Facebook’s internal message board, reviewed by The Wall Street Journal. “Comparisons on Instagram can change how young women view and describe themselves.”

“We make body image issues worse for one in three teen girls,” said one slide from 2019, summarizing research about teen girls who experience the issues.

“Teens blame Instagram for increases in the rate of anxiety and depression,” said another slide. “This reaction was unprompted and consistent across all groups.”

Congress ought to subpoena Facebook's own researchers (and the psychologists they have on staff).

McDonald's email blunder broadcasts database creds to comedy competition winners

Drew Scriver

Re: Next he emailed just under a dozen McDonald's UK email addresses

For years I've based my initial security assessment of (mainly) banks on a call to their customer service phone number and ask the person who answers the phone if the company has a procedure for customers to report a security vulnerability.

Only once did I encounter one that did.

As for the others, the legitimate conclusion is that they don't truly care...

Sadly, most companies don't even have a process for employees to report a vulnerability should they find one.

Best example is a company I worked for that had a major security flaw on the main website. I could not find a published procedure for reporting it, so I called the corporate Risk Management office. They didn't know either, but begged me to please inform them if I did manage to find the answer.

After several weeks I stumbled upon an internal web form for reporting vulnerabilities. After several more weeks someone contacted me to let me know that the mailbox for that form was no longer monitored. He did supply another form to report the issue, which I used and I did indeed receive an acknowledgement.

Woman sues McDonald's for $14 after cheeseburger ad did exactly what it's designed to

Drew Scriver

I sense a market opportunity...

How about a paid service to block all ads during Lent?

Drew Scriver

Somehow I doubt the McDonald's will be presenting this argument in court.

On the other hand, didn't a pizza chain run a campaign "You were right - our pizza did taste like cardboard. We are proud to introduce our new recipe!"

Or, with a tech twist, take this letter from a vendor my company received after POODLE (or BASH) had the world in a mad panic about SSL. In the letter the vendor explained that we had nothing to fear from these CVEs. The reason? They only used good ol' plain HTTP for their SAAS. No SSL vulnerabilities to worry about.

Facial-recognition technology gets a smack in the chops from civil rights campaigners

Drew Scriver

Re: What's the problem?

The problem is that "the sheeple" won't care until it's too late. In the meantime, their ignorance and indifference will force the rest of us into the same situation.

Now that I know that Lowe's is still using the technology and that Home Depot isn't, I will be getting my stuff at the HD. Same prices, pretty much the same assortment.

If I do need something at Lowe's I'll order online and have them bring it to me in the parking lot. Thanks to the pandemic this is now an option.

In addition, I will be filling out the surveys they put on the receipts even more frequently. Lowe's to tell them why I'm not getting out of my car. HD's survey to tell them why I'm avoiding Lowe's.

At the end of the day I don't know that it'll make much of a difference, though. Tracking is ubiquitous and virtually unavoidable. Want to bet virtually every retailer has either already matched customers' phone MAC-addresses to their names, or is contemplating doing so?

Amazon: Our carbon footprint went up 19% last year but we grew even more than that, so 'carbon intensity' is down

Drew Scriver

Re: Next logo design

The post about the new logo was probably satire...

Cyber insurance model is broken, consider banning ransomware payments, says think tank

Drew Scriver

Re: Hack me if you can

Just yesterday I was explaining to our children the difference between "legal/illegal" and "right/wrong". One of the key differences is found in the repercussions, or "getting in trouble".

Most companies (and people, for that matter) are primarily concerned with "getting in trouble". Losing money is an example of getting in trouble, as are legal penalties.

Insurance shields companies from financial trouble, and the lack of personal culpability for executives shields from legal penalties.

Years ago the Commonwealth of Massachusetts attempted to pass a bill that would hold executives personally responsible (potentially jailing them) if negligence resulted in loss of customer PII. The bill failed, but I'm afraid that such a law is about the only instrument that would cause companies to take security as seriously as they need to.

SpaceX spat with Viasat: Rival accused of abusing legislation to halt Elon's Starlink expansion

Drew Scriver

Viasat has nothing to lose

Viasat has nothing to lose, and everything (including a few years respite) to gain.

If LEO-based ISPs manage to pull off their ambitious plans Viasat is (mostly doomed). Aside from the issue of space debris, I believe they have pointed to the visual impact of LEO-satellites. It will be interesting to see if the courts will go along with that as an environmental issue. If they do it may well have consequences for other areas like wind turbine farms. After all, they too negatively impact the visual environment.

I suspect that in the end various groups will rally around SpaceX for that reason and allow the satellites to ruin the view for astronomers - for the common good. After all, without ubiquitous access to Facebook humanity is doomed. I mean, without universal access to telemedicine, of course.

Western Australia rushes out legislation after cops access contact-tracing data to investigate serious crimes

Drew Scriver

Fool me once...

Fool me once, shame on you. Fool me twice - shame on me.

The shocking thing is not that the government overreached. It's that people still believe the government when they promise that they won't overreach.

DoS vulns in 3 open-source MQTT message brokers could leave users literally locked out of their homes or offices

Drew Scriver

Could have sold management on a fail-open config at that point, right? ;-)

Drew Scriver

Re: Is there a GoS

Wouldn't that essentially be a DoS? After all, the service includes actually locking a door. If that no longer happens that service would be down...

Drew Scriver

Re: Patch a key

Depends on the type of DoS-attack. For a DDoS-attack you may be able to add capacity, although that's not a given.

However, DoS can be accomplished even with a single request or action in some instances. Generally, no amount of capacity will help in such cases. Although I have seen a web form that required one server per user - two people using the web form at the same time on the same server caused a DoS-sitution. I suppose that in that case you could just add servers...

Ransomware victim Colonial Pipeline paid $5m to get oil pumping again, restored from backups anyway – report

Drew Scriver

Re: Criminal to pay Criminals?

I had the opportunity to pursue the role of Director of Cyber Security to form (!) a security team at a large regional utility in the west of the USA a few years ago.

The utility fell under city government.

Took one look at their public-facing web site and other city-run web sites (mixed HTTP/HTTPS content, Qualys SSL score of "F") and told the person who contacted me that I was not interested.

Figured the level of support I'd get from management would be close to zero, but whomever got the job would be sacrificed at the first sign of a breach.

Over a decade ago there was a bill in the Massachusetts legislature that would have made executives personally liable for breaches if they had been informed of vulnerabilities but failed to adequately address them.

The bill failed.

Drew Scriver

Re: There's money in

Pretty bizarre to say it's a "private business matter" if it resulted in 17 states declaring a state of emergency, the President of the United states personally got involved, and the federal government issued an emergency ruling to lift restrictions on oil/fuel transport over land and water.

Where do they find the people who write these public statements? Have some intern use an online media quote generator?

US declares emergency after ransomware shuts oil pipeline that pumps 100 million gallons a day

Drew Scriver

Re: Presumably the fuckwits in charge ...

Where's that PR-template again? Google: "press release template for hacked comanies".

Oh, here it is.

"While our [service name] has experienced a limited and temporary reduction in service, [company name] remains committed to the highest standards of security. We are working diligently to resolve the situation and we have no evidence that our core operational systems were compromised."

If you don't have anything nice to say, don't say anything at all: El Reg takes Twitter's anti-mean algorithm for a spin

Drew Scriver

Why 13? The Cyber world might well be a better place if 'contributing' were limited to those of voting age...

Drew Scriver

Old-fashioned gentleman-like insults will still be fine

In the olden days (and even in today's British Parliament sessions) insults were (are) often masquerading as polite statements.

"I would seem that the gentleman from Bath has not yet had sufficient time to fully study the entirety of the documents."

Translation: "The guy from Bath just isn't smart enough to comprehend a simple statement."

Don't count on AI to filter such insults any time soon.

On the bright side, maybe society will swap the often crass and uncouth insults for polite put-downs.

Just one in 5 Googlers plan to swerve the office permanently after COVID-19

Drew Scriver

Re: Turn the headline around.

Spot on.

Trouble is that HR and (executive) management tends to attract bubbly extrovert types who thrive on get-togethers and team games on stage.

Notwithstanding the rhetoric about "inclusion and diversity", their ultimate goal seems to be to "fix" the nerds and help (force?) them "reach their full social outgoing potential" so they can be "normal human beings".

For proof one only has to look at the Open Office Floorplan that was foisted on tech workers. It was declared a success even before implementation. Anyone objecting was told "they'd learn to love it" and naysayers were dubbed "saboteurs of true interaction". Answers to survey questions to gauge buy-in tended to be limited to variations of "Love it!" and "Absolutely love it" - and the execs declared that they had been right all along. After all, the survey said so.

Big right-to-repair win: FTC blasts tech giants for making it so difficult to mend devices

Drew Scriver

Re: Some products are expected to display energy ratings

There's a company that makes high(er) end coffee grinders that puts stickers on the units that read:

"STOP! Don't Dump It - Fix It!"

It's designed to be fixed by the consumer. I'm the very happy owner of one of their grinders.

So it appears some of you really don't want us to use the word 'hacker' when we really mean 'criminal'

Drew Scriver

Re: ...-boffin

One man's hack is another man's release code...

Iterative design. Agile development. Nimble coding.

Unfortunately, those terms are often redefined to function as justification for poor coding, lack of planning, avoidance of testing, and a general disdain for user-focused design. In short - a hack.

An anecdote along the same lines. A number of years ago I found myself having to come up with all kinds of "workarounds" and "creative hosting solutions" to fix poorly coded applications. This lasted for years, until I started calling my 'creative solutions' and 'workarounds' by the happy name of "kludges".

Calling a spade a spade was quite satisfactory, especially in the titles of Change Requests. Oh, the fun I had defending my solutions in CAB-meetings! What do you mean by "Implement kludge to ensure data integrity"?

As expected, it caused quite a bit of consternation among management - especially on the development side of the house. Although I was pressured to refrain from calling my hacks "kludges" in the end it resulted in a focus on quality among the developers.

Homo sapiens: Hey you, Neanderthals! Neanderthals: We heard that

Drew Scriver

I still get hung up on the name "Neanderthals", as it makes little sense grammatically. Instead, they ought to be called "Neanderthalers" (or preferably Neandertalers). As the name is derived from the "Neander Tal" (Thal), or "Neander Valley", it makes little sense to call the inhabitants of the valley "valleys" themselves.

And please, drop the "h", especially in the pronunciation...

Splunk junks 'hanging' processes, suggests you don't 'hit' a key: More peaceful words now preferred in docs

Drew Scriver

Your post needs a trigger warning*.

Isn't "house" a privileged term also? Vast numbers of people have no access to houses. At the very least they might be reminded of their plight every time they encounter the word.

*Isn't "trigger warning" problematic in and of itself? After all, triggers tend to refer to implements of war.

The point I am trying to make is that stripping communication of all words that might be deemed offensive by any one individual will soon leave us speechless.

By the way, what I am missing in most of these edicts is whether the people for whom this is done have themselves be consulted on the matter.

Drew Scriver

Re: Special characters

That depends on the language...

I've always regarded the term "invalid" in reference to a "person with a handicap" to be offensive. Invalid = without validity. To me that sounds much worse than "handicapped". Even "handicapped" is an odd term, though, as it originally referred to something done to the better-performing to slow them down to limit their advantage.

Drew Scriver

"Mannequin" is a sexist word. It is apparently derived from "manneken" - Flemish for "little man" (or boy).

Drew Scriver

Racism is "the doctrine that one's own racial group is superior or that a particular racial group is inferior to the others".

It does not include judgement based on skin color per se, nor does it refer to "treating people differently". There has to be a sense of superiority on the part of the person who is judging.

What is even more baffling is that the concept of "race" as a biological differentiator is not only a fairly new phenomenon, it is scientifically unsound.

Don't get me wrong - racism as a sociological issue is very real. But it makes no sense biologically.

LastPass to limit fans of free password manager to one device type only – computer or mobile – from next month

Drew Scriver

Family of 7 = too big?

"or $4 a month for the six-user family option"

Somehow that feels discriminatory toward larger families. I understand that creating an unlimited family-option might result in some fraud, but the same argument could be made regardless of the limit.

But hey, at least they didn't limit it to one child per family like World Population Balance advocates...

There's no Huawei on Earth we're a national security threat, Chinese giant tells US appeals court

Drew Scriver

Re: Huawei will this end?

Right - all Trump's fault.

But explain how most large companies have had policies in place long before Trump became president that require the use of disposable tech for visits to China. Upon their return the equipment may not be connected to the corporate network and has to be destroyed.

Maybe, just maybe it's because they have due cause to suspect foul play on the part of the People's Republic?

On a related note, why are T-shirts, flags, and the like with Ernesto's likeness so popular among many on the left in the USA?

Even as a non-supporter of Trump that makes me wonder...

Nespresso smart cards hacked to provide infinite coffee after someone wasn't too perky about security

Drew Scriver

The coffee lady...

Back in the day we had a coffee lady walking up and down the offices to serve us coffee (and tea) and cookies.

Sadly, she's been replaced by Mi Fare Lady Nespresso machines :-(

Smartphones are becoming like white goods, says analyst, with users only upgrading when their handsets break

Drew Scriver

Re: As expensive as flagship phones are they should be grateful anybody ever upgrades.

Do those execs really believe it is realistic to expect consumers to spend $10,000 on phones in 10 years? Or even $5,000 in 10 years? For every person in the household?!?!

Even whitegoods don't cost that much - and you only need one of each appliance for the entire household...

President Biden selects Jessica Rosenworcel to head up FCC as acting chairwoman

Drew Scriver

Re: Interesting

Maybe tonight. At the moment they're busy interviewing Pai for the new job.

Realme 7 5G: Parents, this is the phone you should have got your kids for Christmas

Drew Scriver

The phone you REALLY should have bought your kids for Christmas... is one they can eat

The phone you REALLY should have bought your kids for Christmas is the one from the candy store. Just a chunk of milk chocolate wrapped in tin foil with buttons and a screen printed on it.

No monthly fees, no text-neck, no anti-social behavior (other than refusing to share the chocolate), no issues with Snapchat, Facebook, TikTok, or Instagram, or stupid games.

On the negative side, they may increase their attention span, have real conversations at home, learn independence, read an actual book, play an actual board game, build something tangible, cook a meal, or learn to move about without an instant parental safety net.



Biting the hand that feeds IT © 1998–2022