Re: From the article
Ah-HAH! The Reg *does* use robots to write articles!
45 publicly visible posts • joined 9 Jan 2018
That's easy: because Giphy is already entrenched.
Do you use Discord? Giphy.
Webex? Giphy.
Instagram? Snapchat? TikTok? Giphy.
You don't need to sign up with them directly and Zuckerborg doesn't care if you do; what matters is that all the various things you use already use it and they can inject ads into it as long as they control it. And capture whatever it scrapes from the end user as well, regardless of whether they directly have a 'giphy account' or not.
Presumably she hit delete on the folder rather than mucking about with the files contained inside. Which doesn't actually 'delete' anything, it just removes the folder entry and marks the space as free (assuming this is a Windows share, anyway).
I imagine the ransomware-watcher is looking for activity at the file level that looks like encryption rather than folder deletion, since the former is what they want to catch and stop (ransomware wouldn't work if they just nuked you from the start, gotta have that tantalizing chance of recovery to bait the hook!)
I've been trying to puzzle that one out myself. I mean, I have no plans to upgrade (sidegrade?) to Windows 11, but my i7-7700 on Kaby Lake is still perfectly snappy and has TPM 2.0 (according to the BIOS, anyway) but Microsoft's checker still blows me the raspberry and I can't figure out why.
My CPU is not listed on MS's compatibility list but other i7's are.
It's stupid confusing. I've been toying with switching fully to Linux anyway, so maybe now's the time.
Unfortunately, it also depends on the state in the USA. For example, some states have a minimum wage for waitstaff at somewhere around $2.50/hour, plus tips. The employer still has to pay the federal minimum of $7.50 (or whatever it is), but they're allowed to make up the difference by applying customer tips to the wage owed before they have to dip into their own pockets to pay their staff.
In *some* states, I stress. I live in one where that's not legal, thankfully.
boot == boo-t
book == buh-k
As a West Coast Merkin, I've never been to Worcester MA but I've made several friends who lived there and in Baaahston. They pronounce it Wuhsta.
I grew up (mis)pronouncing it as War-chester. I'm from the southwest USA originally.
And then my Canadian friend pronounces is Woostar ("boot" sound), just to add confusion.
It's funny you mention that, because when my son (finally!) moved out a couple years back, I noticed an immediate drop in our electric bill. I don't know that he was mining (probably) but his frankenstein of a rig caused a double-digit difference in the bill each month.
I know it wasn't heating/cooling and the like because we immediately filled the room with a renter, who also has a computer that's on 24/7, but even so the difference is staggering.
Anyway, point is, my son's rig cost about US$800 brand-new; figure another $800 for the additional parts he chivvied out of us to 'upgrade' it with. Taking that rig offline means the electricity savings would have recovered the cost* in about.... 2 years, give or take.
(* I feel dirty saying it this way because it's not actually any sort of return, but you get the idea)
I don't know what a single $1600 PC (circa 2017-ish hardware) generates in terms of mined coin, but I somehow doubt it would pay for itself and given the electric usage I noticed above I am certain it wouldn't cover it initial cost plus running costs... ever.
Licensing. Ye gods, licensing.
I'm reminded of one place I worked where we had a dedicated server and a single terminal to run a timeclock application. It was command-line based; the terminal was not in fact a VT220 but was emulating one to talk to the server; and the pair of them lived on their own network, unconnected to anything else. I was a wee helpdesk grunt at the time and never got to lay finger on the servers, so I don't know what exactly was under the hood.
Nobody ever used that timeclock application.
I could not understand this lunacy and asked about it. My manager at the time told me that the owner had negotiated a steep discount for the subscription (?!) for this custom timeclock app and that it was cheaper to keep it running than to pay the penalty for stopping service.
Short answer? Usually yes.
Rarely are you writing a query in a vacuum. Typically you'll know something about the underlying data, especially when joining -- and you can structure your join logic to avoid inefficiencies. Is my join a simple lookup? Are the underlying columns indexed? If not, which table contains more rows? Am I better off sub-querying first to constrain the comparison set? All these things give you insight into what SQL is going to do to retrieve your results.
My assumption is the Goog thinks Logica is more maintainable because its code structure is more amenable to automated processing than SQL syntax. I... can kind of see the logic there, but only by further assuming that their goal is for automated maintenance rather than human eyeballs.
I have legit accidentally started a fire with code before!
I mean, the whole point *was* to start a fire, but *this* fire was not the fire that should have been started.
This was before fancy-schmancy rPIs made it easy for everyone to build custom kit. My partner-in-stupidity and I were setting up a small pyrotechnics display, to be controlled by a switching board run from a PCs parallel port. Which pins my code triggered caused the HV controller board to fire the corresponding output, neat and tidy. And it worked a treat!
That is, until my partner absentmindedly connected one of the outputs to the live charge and not the test lamp. Test run, things got a bit exciting for a bit, and the customers got an early preview..
I can blame him with a clear conscience: I was a dumb twenty-something at the time who'd volunteered my coding skills, HE was the 'industry professional' :D And while it was a dumb mistake, the field was clear and nobody was hurt. But still.
Back in my younger years I worked for my dad in his electronics repair business. We *loved* Phillips products. They're just expensive enough that people want to fix them rather than replace them, and they're crap enough to ensure steady business.
Since Phillips themselves never fixed anything (even under warranty they farmed it out to third parties, AFAIK) I have to assume that this was not by design, because where's the profit to them?
Easy to fix, too. With Phillips, it was always the solder joints, and if it wasn't the solder joints, it was the electrolytics, both of which are cheap and quick to repair/replace.
That reminds me of a database I was required to maintain at one point. Whoever built it first decided that email address was the primary identifier for a 'customer' -- one email address per customer, ok, fine.
It was not long before they ran into customers wanting to change their email address, as happens. Not a huge problem, right? Just impose a new key on the table, making the email address column changeable, a little bit of pick-and-shovel work on the history tables to line up the new arbitrary IDs with their old keys, problem sorted!
Except that's not what they did. Instead, they just added another column that tracked the email address. And modified the front end so it used that column instead of the former one to let customers log in.
Fast-forward to when I was handed this pile of crap, and I discover that somewhere along the line the person responsible for their email notifications had no idea what was going on, they just used a 'report' generated by 'the system' to feed their automailer -- and that report happily provided both email addresses for every customer.
Of course their (third-party) automail address didn't accept replies.
And *of course* they didn't want to pay for me to fix it. I was just supposed to admin the server and keep things running. It worked perfectly as it was, clearly if I was recommending these unnecessary fixes I was just trying to pad my bill.
I had a similar-sounding issue -- intermittent PC reboots and freezes, no obvious reason. This went on for several weeks while the user got increasingly frustrated. But per my boss at the time, I couldn't replace anything unless I could document what was wrong with it, and "intermittent failure" was not on the acceptable reasons list.
Then, one day, I'm at $problem_user's desk and he gets a call while I'm watching his PC happily boot back up. He reaches out, picks up the phone, and I hear a distinct sizzle from the speaker.
Ten minutes later I'm back with a grounding mat I swiped from the IT office, pop that under his keyboard, and we never hear from him again.
Static discharge can do some *weird* things.
A couple years ago my wife and I went on vacation to Disneyworld in Florida, and ran into a family from "just outside London" (I remember that part, but can't remember the actual name of the place). Later we ran into another couple from Yorkshire, and chatted with them for a while, too.
As an American... I'm pretty sure they were speaking different languages. I'm just sayin'.
Sure, I'll bite. Bear in mind that this is a US-centric viewpoint; I don't know about other locations.
Cops in the US have a knack for looking for the easy way out. They don't generally bother with actually investigating anything and the first suspect they latch on to is the one whose life they'll ruin trying to make the crime stick, even in the face of overwhelming evidence otherwise. Further, with civil asset seizures working the way they do, even if you're exonerated you could lose everything and have no recourse to get it back.
It's bad enough when this happens because you just happened to be in the wrong place at the wrong time, but if this were to happen because your *phone* happened to be connected to the wrong tower at the wrong time? Surely it's not so difficult to see why folks might be a little alarmed about this.
Anecdotal evidence isn't, I realize, but as an example of the wrong-place-wrong-time problem: I was arrested for assault and attempted robbery -- a crime I most emphatically did not commit, I note. I just happened to be down the street from the convenience store where the fight happened, and the victim described their attacker as "a big white guy". I fit that description and was also wearing jeans (in summer! obviously I'm a criminal), and so I got cuffed and stuffed and hauled down to the station. I'll note that even at the scene the victim was saying they had the wrong guy (meaning me), but by the time we got down to the station (in separate cars) they'd been convinced that the cops had the right guy after all.
Security cameras saved my ass, proving that not only was I not even there, I looked nothing like the guy who did it, either.
Which, okay, fine, right? I didn't go to jail, charges dismissed, no harm no foul. Except that arrest has dogged my record for *decades*. I should never have been arrested in the first place, but to this day its the first thing that pops up and I have to deal with the aftermath over and over again. All because I was in the wrong place at the wrong time.
It doesn't seem to me that obtaining a warrant first is too onerous a burden to impose when the results of the cops getting it wrong can have such lasting impact. At least then there's a chance of someone rational (a judge) double-checking their instincts before they preemptively decide guilt.
Now, that doesn't necessarily apply in this case -- it reads to me like they had a pretty good idea who they were looking for and wanted the cell data to corroborate -- but if they didn't and were just looking for a lead?
"Let's see who was nearby when the crime happened. Pull the tower data."
"Oh ho, look at this. This guy was connected to the tower, and he has an arrest for robbery on his prior."
"Bag him."
I have been told on three separate occasions by different people with no connection to each other that I look like a rapist.
This is oddly specific and fairly distressing and if I knew what was causing it I'd work to change it, because, damn. (*)
Also I'm a fat white dude and on the two occasions I've been out (in my earlier years) with friends and the cops stopped us, I was the only one put in handcuffs while they made sure we weren't doing anything illegal.
(* and here I've been spending all my time trying to cultivate the Evil Santa look! Whatthehell, man.)
Now that I could go for -- a setting you can dial in per timer, so if you bork something in your environment -- kill a critical app by mistake -- you can dial it back to the required precision without having to revert the OS to a previous version.
Probably a kernel compile switch. Dynamic settings can potentially be buggered with.
Pff, like I know *specifically* what apps would be affected. I was pointing out the generic class of problem and as I noted, it's impossible to know with certainty what *would* be affected; all we can be certain of is that a lot of widely-divergent code paths *could* be affected because people (rightly or wrongly) use high-precision timers all over the place, for a wide variety of reasons.
As far as "my sql server" goes: you're not wrong, but you're not thinking about it in the right terms if that's your stance. If your server is physically distinct, on your own network, you control all access, etc, then sure, fine, you're right -- this sort of attack isn't really a problem for you and if it becomes one you're already fucked because they already have access to your hardware to pull it off -- and as we all know, if they have access to the hardware, you're fucked.
But that's not the target profile.
This sort of attack is the sort that opens you up to loss because some idiot running alongside your instance in the datacenter wasn't careful and the attacker escaped *their* sandbox, likely using some other exploit, and is now running their own process at the hypervisor layer, and what they're after is the encryption keys (for example) so they can peer into anybody's process space at will. You're probably not being targeted at all. It's a shotgun approach.
So datacenter operators are understandably worried about it. People who operate in the cloud *should* be worried about it, though I don't recommend losing sleep at the moment. Chip manufacturers are sweating bullets about it because they know just how bad it could really be, even if your (bold!) statement about "no single ransomware tied back to meltdown or spectre" holds true. But dedicated-instance operators? Meh. As you note, there are better ways to get you, if that's your setup.
The short answer is no.
Browser makers are able to do that because that level of precision was never part of the design spec and exposes more problems than having it available solves. An actual, functional OS (rather than a JavaScript sandbox) is designed to allow access to that level of accuracy and there's no telling how many crucial bits of code out there rely on it -- everything from sensor monitoring to file access logging to cryptography and beyond may rely on timers that precise, and rounding off could break entire industries.
Nor can you simply enforce any sort of useful gatekeeping around it. You can't say that "only trusted code" gets access to the timers, because malware doesn't respect your rules as-is and there's no effective way to sign all the possible valid apps at this late stage. If it had been baked in from day one, maybe -- but even then it would probably be more hassle than its worth, as high-accuracy timers are not themselves the problem, they're just a means of exploiting it.
I bought a G7 Power last year and have been seriously impressed with it. I'm not at all ready to upgrade yet -- the G7 is working just fine, thanks! -- but if I were, the experience I've had with the G7 would absolutely steer me towards a G8.
The "bloatware-free" bit is really the kicker for me. I used to buy Samsung (after I stopped being able to rely on HTC, anyway) and ye gods but Samsung is awful about bloatware. The G7 didn't come with any, that I can think of -- I didn't even have to uninstall Facebook, as it wasn't there to begin with! (My Samsung had it as a system app that I couldn't remove.)
Definitely keeping my eye on these, and I'd love to see a full Reg review. Hopefully they send over a review kit. :)
The problem I have with this is when the role specifically requires someone to be able to think -- and I don't mean the marketing blurb about 'think outside the box' or other crap, I just mean things like actual troubleshooting vs. running down a checklist.
Last time my job went to India, I was a DBA. They brought in two guys in India to cover the other shifts so we'd have full 24/7 coverage, flew them over for me to train them up, the whole nine yards. I could see the writing on the wall and made exit arrangements, but for six months or so I was working with these guys. Except none of them would ever do anything that wasn't on the checklist, and when you're babysitting a random mix of hardware spanning literal decades of age (and I include the OS in that) because management is too cheap to upgrade, not everything you run into will appear on a checklist. And even when it does, you need to figure out which checklist to use.
By the time I left, the India team was up to 8 people to cover the role I'd had, were still not hitting any of the same goals I'd been hitting (audits, DR tests, etc), and were at something like 400% turnover.
But each of them only cost the company a third of my salary! So it was all good! Right?
(For another six months my phone kept ringing because the India team had it as their contact number for when things went south and none of them seemed to understand the phrase "I don't work there any more.")
T-Mobile in the US was... significantly different.
My friend had gotten a new phone and it needed a new SIM. His old phone was deader than a doornail (hence him getting a new one). He wasn't able to get the new SIM arranged because the online portal wanted him to confirm with his existing phone.
So I called in to the phone folks, talked to a bored-sounding lady with an accent I couldn't place, told her "sorry, can't verify the text because the phone is smashed" and with no confirmation of anything beyond the old phone number (!!) got a new SIM issued. To a different address than he had on file, because he'd never bothered updating them when he moved and he was on autopay and emailed statements anyway.
I didn't even have to dust off any 'social engineering' skills from my younger, more troublesome days. The state of security at telcos is just sad.
This. This right here.
I was a consultant during Y2K and we busted our asses getting dozens of clients ready. Every single one of them made it through with no problems. We were called in after the fact to several more to clean up the problems that Y2K had caused that they hadn't shelled out ahead of time for us to fix.
Meanwhile, our internal systems had a few problems, because the PHB had decreed that internal maintenance was not billable hours and therefore it only happened when we had no clients we could bill. But nothing terribly serious. Our PBX was the biggest nuisance and all it meant was that we couldn't use voicemail for a couple days.
Fast forward to the beginning of February -- NET 30 DAYS, sayeth the invoices, but nobody ever paid before 60 -- and most of those clients were calling the PHB to complain about the bill. *Obviously* Y2K had been overhyped and the expenditure hadn't really been necessary, we were clearly just trying to pad our wallets at our hard-suffering client's expense, etc.
After all that finally died down, the PHB declared that "any future Y2K work will be paid in advance".
I wish I were joking.
That reminds me of a former employer where management removed the coffeepots (claiming fire hazard), and then removed one of the refrigerators in the break room to make space for a coffee/hot drinks vending machine.
At $0.25/cup. And the brew tasted like Satan's urine filtered through sawdust.
The howls of outrage didn't *really* begin until we peons discovered that the director had a family business installing, stocking, and maintaining vending machines.
Morale was already pretty bad but that was where I learned things can always get worse.
I mean, technically, my personal life is none of my employer's business. But right there in the handbook it states that I should remember that my interactions with the public, outside of work or not, reflect upon the company.
This has been true of every professional workplace I've been part of, and especially for higher-level employees is something that's understood by both sides before you accept the position. So I don't think it's unreasonable for a company to request that a high-level employee -- an exec, especially! -- behave in a socially-acceptable and responsible manner.
I mean, sure, as far as the company is concerned, it's all about manipulating public image. But at the same time, asshats won't learn if they don't suffer for their asshattery, so in this sort of situation, my desires (fewer asshats in the world) and the company's desires (look good to the public) coincide. Much as I might dislike the company in question -- in this specific case or in general.
I might have a different opinion if I turn out to be one of the asshats but perhaps fortunately I have yet to be given keys to the fancy toilets and so haven't had the opportunity to demonstrate my lack of judgment. :)
If you're running an Android phone, DNS66 is what I've been using and been quite happy with. It routes all your phone traffic through a VPN hosted by your phone that blackholes all requests to analytics/tracking domains. (You can turn this off for individual apps as desired)
As a very nice side benefit, my data usage has dropped enormously since I started using it. Never quite realized how much slurpage was going on behind the scenes until I hooked it up.
American here.
I don't know about the 'dishonest' part, but when we overdraft we usually get dinged for an extra $30 or thereabouts on top of the transaction amount -- and that's per-transaction, not just a one-time fee for going over.
Those add up *fast*.
Not sure if that's how it works in other countries.
(Let's not even get into banks selling what they call "overdraft protection" which does not do what it says on the tin but rather, for a flat fee, means they charge you a little less when you overdraft.)
I currently work in the financial services industry and, in case you weren't aware, they generally have about as much of a sense of humor as your average pet rock.
There's a department here that has a long, ongoing project with the initials 'P' and 'S'. It's the P & S Project.
Or as it invariably gets slurred, the PnS Project. And just as often, shorthanded as just "PnS".
I swear I'm going to get fired one of these days when I'm too tired to keep a straight face as the VIP drones on about the size and scope of the PnS.
Back when I was a shaggy-haired teenager, I had a job delivering electronics for a local repair shop. Picking up broken crap to be fixed (TVs, VCRs, etc) and dropping off repaired items for "high-value customers".
Customers like an officer at the local airbase.
So I pull up to the guard post in my shitty Ford Tempo, backseat and trunk crammed full of electronic odds and ends, and the soldier on duty takes one look in the backseat and tells me to step out while they investigate my vehicle. Guns were not -- quite -- pointed at me, but there was a lot of tension, you might say.
A couple hours later my car has been disassembled and is sitting in pieces while they discuss what to do, when the officer who I was supposed to deliver to pulls up wanting to know where the hell his delivery is.
"Delivery?" says the guard.
"That's me!" says I, and point at one of the VCRs with a service tag attached.
To be fair, it took the motor pool less time to reassemble my car than it had taken to disassemble it in the first place.
These days I imagine they'd just blow it up (quite possibly with me in it), but back then things were a bit more relaxed.
While true, you're forgetting the waste disposal requirements that come along with Live Dogs. A single Live Dog with the 10kg carrying capacity frame will produce significant waste product on a daily basis, and requires ready access to both H2O and other organic compounds as fuel.
RoboDog, on the other hand, just plugs into your outlet, and produces no waste requiring disposal.
We do not recommend plugging a Live Dog into your electrical outlet. You will void the warranty at the very least.
It's not bogus, it's just math.
I'm not a mathematician (or statistician) but my job does involve a large amount of working with statistics. In a layman's-terms nutshell:
Say you have a big bag of things -- marbles or whatever. Doesn't matter what they are, what matters is that each one is individual -- unique -- and your job is to record them. You don't know how many are in the bag to start with, and because your boss is a jerk, you're only allowed to reach into the bag, grab one at random, record it, and put it back afterwards, and then start the process over again.
So you've been at this for a while, and at first every one you grabbed was new. Then over time, you started seeing ones that you'd already recorded. Eventually, you reach a point where nine out of ten times you reach into the bag, you're finding one you've already seen.
At that point you're pretty safe to say that you've seen 90% of the marbles in that bag, and you can even make a decent estimate about how many there are, even though you haven't counted them all yet.
Yeah, in reading the Official Microsoft Workaround for this issue, it sure scans to me like you have to turn telemetry on for RASMAN to work again.
https://support.microsoft.com/en-au/help/4501375/windows-10-update-kb4501375
Cranky and cynical as I am, I still manage to raise an eyebrow at this one. The only scenarios I can think of for how a bug of this class could have happened suggest that coding skill over at MS has declined even further than I thought -- and that was already pretty low.
If that's a Subaru Legacy you're referring to there, the trick I've found for headlamp replacement is to go in through the wheel well.
Which should not, repeat not not not, be necessary, mind you, but there it is.
I bought a pack of those little plastic pressure clips to reattach the wheel well cover, rather than trying to re-use the existing ones, and I can replace the headlamps in about 5 minutes these days. Seriously, though, you should not have to do this, there's no reason other than laziness in design (or protecting dealership mechanics) why you shouldn't be able to access the back of the lamp shrouds by just lifting the hood.
Grrr. Your example is something I see *every day*, because so-called 'programmers' stopped bothering to learn how the platform they were writing on actually works and instead rely on their favorite library-of-the-day to just make it all work.
Guess I shouldn't complain too much -- if they'd do it right I'd not have the job -- but there are days I could do with less mess to clean up.
But what do I know. I've only been doing this stuff for going on 30 years. THEY have DEGREES.
I used to think this myself, but then discovered that my wife has been video chatting with our 5-year-old niece while away on business trips. Both of them love it.
I have perforce been overruled and all future phones we get will have front-facing cameras.
(Can't say I'm too miffed about it, at least they're not using it for selfies, I suppose.)
While you're not wrong, protecting yourself only goes so far. When my idiot brother plonks my personal info all over Facetwit, that's not a mistake I made* but it's still my mess to clean up.
(* it could be argued that it's a mistake my parents made...)
I mean, I'm screwed anyway because I'm in the U.S., but still, it's not quite as black-and-white as all that.