Posts by Drew Scriver 411 posts • joined 28 Sep 2017
Not sure why Amazon is hanging this on a custom internal chat app. My (Fortune 500) employer recently announced that we can now enable self-censoring in Slack.
The bot will make suggestions if people use words that are deemed problematic by the company, like "dummy value", "brown bag lunch", "man-hours", "soft skills", and "he".
"User demographic matters".
I remember a project about fifteen years ago were the target group was "older people living in mobile homes in Arkansas who only have dial-up internet access".
The Millennials (who were hip, modern, and should be listened to by us geezers, according to the brass) went to work and created a hip and modern web site with all the whistles and bells available at the time.
Lots of joking about the target group by said Millennials.
Eventually the site was launched. Bounce rate on the home page was over 90%. They seemed to be unable to understand why the "older people living in mobile homes in Arkansas who only have dial-up internet access" never got past their 5 MB home page.
This begs the question of what constitutes appropriate actions to counter a move by an instigator.
Would Japan have surrendered with the conventional bombings and dropping two nuclear bombs, which combined killed between 300,000 and 900,000 civilians?
Would Germany have fallen without the bombing raids by the allied forces, which killed 570,000 and 800,000 civilians?
Today's (western) culture no longer accepts this as ethical or acceptable. Unfortunately, adversaries tend to abide by different ethics. Worse, they make the western reluctance/refusal a key part of their strategy.
As for "removing the word RUSSIA on envelopes", one would expect great support for such initiatives given the removal of anything from western societies that is even remotely linked to its troubled past.
This is all well and good, but:
- The average user doesn't really care (or understand) privacy. Facebook would not exist if they did.
- All this wrangling makes the EU appear to care about privacy, but European countries do their share of legally collecting data on the public and tracking people.
- European governments violate the GDPR all the time. PII is routinely shared via e-mail (unencrypted). The consulate/embassy of my own country sent my PII (full name and DOB) from the USA to the EU in the subject of a message, for instance.
- Europeans are obsessed with PII - to a level that is not (yet) tolerated by Americans. Requiring DOB for train tickets or museum passes - and then printing them on the tickets/passes? Unthinkable in the USA.
Agreed, but legally the color is "yellow", not "amber" (per the RVV 1990).
By the way, traffics lights in the Netherlands do not feature an "orange" light - legally it's "yellow".
Curiously, in the USA people call this middle light "yellow" when in fact most traffic codes refer to it as "amber".
Rolling stops (or even proceeding without slowing) often makes a lot of sense and in many cases can increase safety.
In those cases there ought to be a yield-sign rather than a stop-sign. However, I am not at all confident that US-drivers can handle them.
For the record, I hold a driver's license from a (northwestern) European country as well as a US license. Decades experience driving on both continents.
Agreed on the roundabouts/rotaries. However, I regularly see people come to a full stop before entering them...
It seems that not many people in the US know the traffic laws - police officers included. Worse, they often differ significantly between states, and sometimes between localities.
Facebook's challenge is peculiar given that this observation was quoted directly from an internal company research presentation.
From the WSJ article:
“Thirty-two percent of teen girls said that when they felt bad about their bodies, Instagram made them feel worse,” the researchers said in a March 2020 slide presentation posted to Facebook’s internal message board, reviewed by The Wall Street Journal. “Comparisons on Instagram can change how young women view and describe themselves.”
“We make body image issues worse for one in three teen girls,” said one slide from 2019, summarizing research about teen girls who experience the issues.
“Teens blame Instagram for increases in the rate of anxiety and depression,” said another slide. “This reaction was unprompted and consistent across all groups.”
Congress ought to subpoena Facebook's own researchers (and the psychologists they have on staff).
For years I've based my initial security assessment of (mainly) banks on a call to their customer service phone number and ask the person who answers the phone if the company has a procedure for customers to report a security vulnerability.
Only once did I encounter one that did.
As for the others, the legitimate conclusion is that they don't truly care...
Sadly, most companies don't even have a process for employees to report a vulnerability should they find one.
Best example is a company I worked for that had a major security flaw on the main website. I could not find a published procedure for reporting it, so I called the corporate Risk Management office. They didn't know either, but begged me to please inform them if I did manage to find the answer.
After several weeks I stumbled upon an internal web form for reporting vulnerabilities. After several more weeks someone contacted me to let me know that the mailbox for that form was no longer monitored. He did supply another form to report the issue, which I used and I did indeed receive an acknowledgement.
Somehow I doubt the McDonald's will be presenting this argument in court.
On the other hand, didn't a pizza chain run a campaign "You were right - our pizza did taste like cardboard. We are proud to introduce our new recipe!"
Or, with a tech twist, take this letter from a vendor my company received after POODLE (or BASH) had the world in a mad panic about SSL. In the letter the vendor explained that we had nothing to fear from these CVEs. The reason? They only used good ol' plain HTTP for their SAAS. No SSL vulnerabilities to worry about.
The problem is that "the sheeple" won't care until it's too late. In the meantime, their ignorance and indifference will force the rest of us into the same situation.
Now that I know that Lowe's is still using the technology and that Home Depot isn't, I will be getting my stuff at the HD. Same prices, pretty much the same assortment.
If I do need something at Lowe's I'll order online and have them bring it to me in the parking lot. Thanks to the pandemic this is now an option.
In addition, I will be filling out the surveys they put on the receipts even more frequently. Lowe's to tell them why I'm not getting out of my car. HD's survey to tell them why I'm avoiding Lowe's.
At the end of the day I don't know that it'll make much of a difference, though. Tracking is ubiquitous and virtually unavoidable. Want to bet virtually every retailer has either already matched customers' phone MAC-addresses to their names, or is contemplating doing so?
Just yesterday I was explaining to our children the difference between "legal/illegal" and "right/wrong". One of the key differences is found in the repercussions, or "getting in trouble".
Most companies (and people, for that matter) are primarily concerned with "getting in trouble". Losing money is an example of getting in trouble, as are legal penalties.
Insurance shields companies from financial trouble, and the lack of personal culpability for executives shields from legal penalties.
Years ago the Commonwealth of Massachusetts attempted to pass a bill that would hold executives personally responsible (potentially jailing them) if negligence resulted in loss of customer PII. The bill failed, but I'm afraid that such a law is about the only instrument that would cause companies to take security as seriously as they need to.
Viasat has nothing to lose, and everything (including a few years respite) to gain.
If LEO-based ISPs manage to pull off their ambitious plans Viasat is (mostly doomed). Aside from the issue of space debris, I believe they have pointed to the visual impact of LEO-satellites. It will be interesting to see if the courts will go along with that as an environmental issue. If they do it may well have consequences for other areas like wind turbine farms. After all, they too negatively impact the visual environment.
I suspect that in the end various groups will rally around SpaceX for that reason and allow the satellites to ruin the view for astronomers - for the common good. After all, without ubiquitous access to Facebook humanity is doomed. I mean, without universal access to telemedicine, of course.
Depends on the type of DoS-attack. For a DDoS-attack you may be able to add capacity, although that's not a given.
However, DoS can be accomplished even with a single request or action in some instances. Generally, no amount of capacity will help in such cases. Although I have seen a web form that required one server per user - two people using the web form at the same time on the same server caused a DoS-sitution. I suppose that in that case you could just add servers...
I had the opportunity to pursue the role of Director of Cyber Security to form (!) a security team at a large regional utility in the west of the USA a few years ago.
The utility fell under city government.
Took one look at their public-facing web site and other city-run web sites (mixed HTTP/HTTPS content, Qualys SSL score of "F") and told the person who contacted me that I was not interested.
Figured the level of support I'd get from management would be close to zero, but whomever got the job would be sacrificed at the first sign of a breach.
Over a decade ago there was a bill in the Massachusetts legislature that would have made executives personally liable for breaches if they had been informed of vulnerabilities but failed to adequately address them.
The bill failed.
Pretty bizarre to say it's a "private business matter" if it resulted in 17 states declaring a state of emergency, the President of the United states personally got involved, and the federal government issued an emergency ruling to lift restrictions on oil/fuel transport over land and water.
Where do they find the people who write these public statements? Have some intern use an online media quote generator?
Where's that PR-template again? Google: "press release template for hacked comanies".
Oh, here it is.
"While our [service name] has experienced a limited and temporary reduction in service, [company name] remains committed to the highest standards of security. We are working diligently to resolve the situation and we have no evidence that our core operational systems were compromised."
In the olden days (and even in today's British Parliament sessions) insults were (are) often masquerading as polite statements.
"I would seem that the gentleman from Bath has not yet had sufficient time to fully study the entirety of the documents."
Translation: "The guy from Bath just isn't smart enough to comprehend a simple statement."
Don't count on AI to filter such insults any time soon.
On the bright side, maybe society will swap the often crass and uncouth insults for polite put-downs.
Spot on.
Trouble is that HR and (executive) management tends to attract bubbly extrovert types who thrive on get-togethers and team games on stage.
Notwithstanding the rhetoric about "inclusion and diversity", their ultimate goal seems to be to "fix" the nerds and help (force?) them "reach their full social outgoing potential" so they can be "normal human beings".
For proof one only has to look at the Open Office Floorplan that was foisted on tech workers. It was declared a success even before implementation. Anyone objecting was told "they'd learn to love it" and naysayers were dubbed "saboteurs of true interaction". Answers to survey questions to gauge buy-in tended to be limited to variations of "Love it!" and "Absolutely love it" - and the execs declared that they had been right all along. After all, the survey said so.
One man's hack is another man's release code...
Iterative design. Agile development. Nimble coding.
Unfortunately, those terms are often redefined to function as justification for poor coding, lack of planning, avoidance of testing, and a general disdain for user-focused design. In short - a hack.
An anecdote along the same lines. A number of years ago I found myself having to come up with all kinds of "workarounds" and "creative hosting solutions" to fix poorly coded applications. This lasted for years, until I started calling my 'creative solutions' and 'workarounds' by the happy name of "kludges".
Calling a spade a spade was quite satisfactory, especially in the titles of Change Requests. Oh, the fun I had defending my solutions in CAB-meetings! What do you mean by "Implement kludge to ensure data integrity"?
As expected, it caused quite a bit of consternation among management - especially on the development side of the house. Although I was pressured to refrain from calling my hacks "kludges" in the end it resulted in a focus on quality among the developers.
I still get hung up on the name "Neanderthals", as it makes little sense grammatically. Instead, they ought to be called "Neanderthalers" (or preferably Neandertalers). As the name is derived from the "Neander Tal" (Thal), or "Neander Valley", it makes little sense to call the inhabitants of the valley "valleys" themselves.
And please, drop the "h", especially in the pronunciation...
Your post needs a trigger warning*.
Isn't "house" a privileged term also? Vast numbers of people have no access to houses. At the very least they might be reminded of their plight every time they encounter the word.
*Isn't "trigger warning" problematic in and of itself? After all, triggers tend to refer to implements of war.
The point I am trying to make is that stripping communication of all words that might be deemed offensive by any one individual will soon leave us speechless.
By the way, what I am missing in most of these edicts is whether the people for whom this is done have themselves be consulted on the matter.
That depends on the language...
I've always regarded the term "invalid" in reference to a "person with a handicap" to be offensive. Invalid = without validity. To me that sounds much worse than "handicapped". Even "handicapped" is an odd term, though, as it originally referred to something done to the better-performing to slow them down to limit their advantage.
Racism is "the doctrine that one's own racial group is superior or that a particular racial group is inferior to the others".
It does not include judgement based on skin color per se, nor does it refer to "treating people differently". There has to be a sense of superiority on the part of the person who is judging.
What is even more baffling is that the concept of "race" as a biological differentiator is not only a fairly new phenomenon, it is scientifically unsound.
Don't get me wrong - racism as a sociological issue is very real. But it makes no sense biologically.
"or $4 a month for the six-user family option"
Somehow that feels discriminatory toward larger families. I understand that creating an unlimited family-option might result in some fraud, but the same argument could be made regardless of the limit.
But hey, at least they didn't limit it to one child per family like World Population Balance advocates...
Right - all Trump's fault.
But explain how most large companies have had policies in place long before Trump became president that require the use of disposable tech for visits to China. Upon their return the equipment may not be connected to the corporate network and has to be destroyed.
Maybe, just maybe it's because they have due cause to suspect foul play on the part of the People's Republic?
On a related note, why are T-shirts, flags, and the like with Ernesto's likeness so popular among many on the left in the USA?
Even as a non-supporter of Trump that makes me wonder...
Do those execs really believe it is realistic to expect consumers to spend $10,000 on phones in 10 years? Or even $5,000 in 10 years? For every person in the household?!?!
Even whitegoods don't cost that much - and you only need one of each appliance for the entire household...
The phone you REALLY should have bought your kids for Christmas is the one from the candy store. Just a chunk of milk chocolate wrapped in tin foil with buttons and a screen printed on it.
No monthly fees, no text-neck, no anti-social behavior (other than refusing to share the chocolate), no issues with Snapchat, Facebook, TikTok, or Instagram, or stupid games.
On the negative side, they may increase their attention span, have real conversations at home, learn independence, read an actual book, play an actual board game, build something tangible, cook a meal, or learn to move about without an instant parental safety net.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Biting the hand that feeds IT © 1998–2022
