Posts by doublelayer

Only if the system is written to associate names with photos. This system, on the other hand, appears to do it the other way around, so posting photos of other faces with your name attached won't prevent them from connecting two photos of your real face and correctly naming you if there's enough data. Their database would just think there are a lot of others sharing your name who look different. Theoretically, you could upload a ton of photos of you each connected to fake identities, but that requires giving them a lot of data and the creation of the fake identities isn't as easily automated.

No, it means the code was probably written wrong without having to store it in cleartext. The following workflow would accomplish this bug without storing a cleartext password:

Enter old password

Enter new password

If old password doesn't match hash, report error.

If old password doesn't match rules, report error.

If new password doesn't match rules, report error.

Hash new password and store it in database.

It just has to run the rules against the user-entered string, which it already has because it will check it against the hash. For all we know, the coding error could be even more basic. My version has a statement run twice when it's only needed once, but it could also be that it was only being run once but on the old password instead of the new because someone mistyped a variable name. That version could in turn be changed into my version when the "Isn't checking new password against rules" bug was fixed by a lazy developer who put in the necessary statement without removing the erroneous one.

Re: caused Musk to ban "impersonators."

It usually involves choosing a username that looks like it might be correct but isn't, such as replacing characters with ones that look similar or padding it with something that would be logical, then relying on people who previously associated the check symbol with the account having been verified as correctly representing the person or organization it claimed to.

It can be done legally, both in the U.S. and elsewhere, but generally with a lot of agreement. You can't legally require someone to work that many hours, but you can require them to do enough stuff that they would have to and specifically indicate that they're earning a salary and it's not about hours worked. If they didn't know that was coming, don't expect them to put up with it for too long, especially if the law specifically says they can quit with no notice at all.

As for advantages, there are no advantages. Two people working normally accomplish a lot more because they don't spend a quarter of the time looking at the clock and thinking about how much they hate the person who hired them, then burn out in a few months. The only time where it helps to have one person paid really highly for really long hours is when they have especially rare and needed skills and you can't find a second person who knows what they're doing or if you do, it would take too long for them to ramp up on things. That's not Twitter's situation, so they're just going to get a slight performance increase for about three days before their engineers start slowing down for survival and to make time for the many interviews they're undoubtedly on.

Re: How is it going to get your contacts, location, etc.

"Does the app refuse to operate if it can't grab your contact list?"

That'd be an easy way to do it. Anyone who installs this in the first place is willing to accept dodgy software in return for getting into the events, so how many will cheerfully install and activate the app but balk when it demands access and won't work without it? They might not even know about that until they install it in preparation, having already paid for their Qatari lodging and whatever tickets you need to attend.

You're correct about it continuing to spy on you, although I'll point out that you wouldn't need a full rootkit unless the user did a factory reset of their device and a lower-level exploit that doesn't change the system partition would withstand an app uninstall. I don't think they will use either, though. Still, they will be able to collect a significant amount of information while it's running, so even without a beachhead on the device, there's information about you which can be used to drive further attacks if they're motivated to do so. If I scrape your device's common storage and any data I can get by making the user accept permission requests, that's useful in targeting users later or selling to interested parties. I'm not really sure what Qatar would actually do with it, but it's not likely to be good.

I think Microsoft should and probably will lose this fight as well, but some of your accusations are a bit weak.

"At least now we know it [the acquisition of GitHub] was simply to make the theft of all those resources easier for them..."

Come on. It's publicly available. I can clone all of that. It doesn't take an expensive ownership and operation to point a downloader bot at the site and start cloning all the repos meeting some criteria. If that was their reason, not only did they start their evil plan years before they started using it, but they've come up with the least efficient heist ever. This suggests their reasons were probably unrelated, given that they can and did get training data for copilot from locations they don't own.

Re: should we call time on the BoFH?

Why, though? I think it's aged well, with modern articles still being relevant and enjoyable. If you don't like it, I'm curious what you see as changed since you appear to have been a fan for quite a while. The most logical complaint I can guess is that it got repetitive, but I find that the articles are a lot less repetitive than certain comments advocate (those people who think someone needs to be killed in every episode, for example). I could see some ways it could be taken in a bad direction, but I don't think those have happened or are likely to as long as Simon remains in control. Your question implies that you have critiques, and I'd be interested to hear your views.

Re: Communicate with people around you?

That is probably more common than not, but I am a fan of open-ear designs for some cases. When traveling outdoors, I prefer not to obstruct my hearing when it could be important for safety. When working closely with a small group together, I like being able to hear if a discussion starts so I can take part (although this is less common than working next to people who I don't want to hear). There are also other occasions where having the ability to hear the world around me and the feed from my device simultaneously can be important or just desirable.

Re: Jailbirthing

They're not likely to leave the baby in there after it's born, you know. As for the mother, it is a place for them if they're convicted criminals, and she is. Pregnancy isn't an escape mechanism. If the prisons don't have the ability to look after someone with those medical needs, then they're either not intended to and she'd be sent to one that has the required facilities, or the prison isn't fit for purpose, but in both cases, that's a possible problem with a particular prison, not a reason she should be exempt from anything.

Re: Fraud - Not just BEC

It's kind of hard to find a scammer who isn't hurting anybody. Usually, when someone says that, they mean "isn't hurting anybody I care about", and the statement says more about their lack of caring than about the scammers lack of harming.

"Cybercrime losses are exploding because of the ease of transmitting ransom payments across borders."

This is your problem. You see cyber insurance as paying ransoms, which sometimes happens, but that's not what it's mainly for and that's not what causes most losses. That insurance pays for a lot of things other than ransom payments, and some policies have been sane enough to prohibit paying those at all. They pay for recovery from damage. They pay for investigation of an incident. They pay for losses like having to pay for credit protection or liability for people whose data was stolen (theoretically). These things will not be stopped or shrunk meaningfully by stopping ransomware, and banning Bitcoin also won't prevent the most damaging ransomware either. You are looking only at one aspect of the problem and come to inaccurate conclusions on your limited understanding.

Re: wire fraud

You misinterpret the law. Sending stolen money over a wire isn't wire fraud. It is theft. Wire fraud is transmitting messages related to a scheme to defraud someone, whether successful or not, and other crimes may be in play if you successfully get something from them. The wire fraud charges are related to using false pretenses to get a system to send money you aren't entitled to, and they would apply even if the system didn't send it, for example if a manual review caught it.

Re: I bet you can't even list apps by publisher

I'm curious why you think downvoting a post about Google Play's organization has anything to do with Microsoft. The correction was accurate about what could be done, although not very useful to the greater point about removing malware that Google didn't bother to do proactively, but whether you think Google is terrible about malware or the best source of software is independent of your views about Microsoft.

Re: NUCs

Intel is pushing you to other vendors exactly how? The article suggested cutting NUCs, but Intel didn't say anything of the kind, so if it's about wanting future supplies, you have no reason to think you won't be able to get more. In addition, the benefit of using a NUC-style device using X86 is that, if they did cancel them tomorrow, you only have ten other companies making small devices that can boot the same OSes and run the same programs.

You also suggest that you don't have much experience with alternatives. For example, considering Raspberry Pis for, in your words, "running VMware and any other Hypervisor solutions". That's not a workload for which the Pi's going to shine. And that's if I'm charitable and assume that the VMs you want are light on resources and don't have any CPU emulation required.

Re: Put an End to the Shenanigans

You can think that, but it won't be right. Contracts are complex things. Signing a contract that has a non-transferable clause means that, if you want to transfer it, you're going to pay some more. Double payment isn't in the law as forbidden, especially as any lawyer could easily argue that it's not double payment, Nuvia paid for the restricted license and Qualcomm has to pay to remove those restrictions. Similarly, if the judge decides that ARM's in the wrong, the judgement would be that Qualcomm gets to use their license and likely that ARM has to pay for Qualcomm's legal bills, not that ARM's IP is stripped from them and their business model is now effectively illegal. Courts and contract law don't work like that and they never will, no matter how much you might like the outcomes if they were.

Re: Let's think out side the algorithm....

I like the idea, but the risk is that people start trying to claim that reward for things that don't deserve it. These incentives have gone wrong before, so you have to have a measured and well-tested approach before you do it. Also, you need to assess enough fines that there is something to reward them with.

For an example of the way this ends badly, several religious trial systems, where people weren't guilty of any real provable crimes (witchcraft, a religion the government didn't approve of, etc.) were run on the basis that the accuser would get some of the property of the victim if they were proven guilty. Since such trials were performed using the "torture them until they confess or die" tactic, they got a lot of guilty verdicts which meant that accusing someone who didn't have an unusual way to hit back at you was likely to earn you a chunk of their property after they'd been tortured. When this incentive was removed, there were a lot fewer accusations. I don't expect governments to run reports of criminal activity like that, but still where there is an incentive, someone will try to get it without having the requirements and the system will have to plan for them.

Re: “Cloud” means “somebody else’s computer”

I'll bite.

"It's not 'spyware', they're completely open about their data gathering."

No, they're not. They're completely open that they collect data, but what and how and what you get a choice about, they're not clear at all. They've gone to lengths to hide their data collection and circumvent or ignore methods users use to block them, including methods Google put in. For example, the fact that they included switches for location tracking to imply you could turn it off but only respected them if you turned off all the ones in different places.

"And, obviously, there's nothing wrong with giving them the data that means you get a much better experience."

What better experience? I don't get more useful search results. I do get ads tailored to something they think I want, which just means that I get the same unwanted advert instead of different ones. The only thing I can claim to get is free or cheaper software, and I don't buy that in many cases, such as when they put Android on phones and get paid well by the manufacturer for their API licenses.

"What on earth is the downside?"

The downside is that I don't want them to have and sell it and I don't want others to. These are separate issues. If they have it, there is the possibility for them to get breached and then others have data I didn't want to have. Not giving it to them prevents that option. I also don't appreciate information about me being sold to other companies who might have other motives for having it, and none of which I agreed to. Even if they don't use it at all, I just don't want them to have all this information they don't need, for the same reason that you'd probably get a bit annoyed if I stood in front of your house filming it and taking pictures of you every time you left the front door. Sure, it's not doing any harm as far as you know, but it's creepy.

"It's a bit like complaining about your accountant wanting all the details of your earnings and expenses: they can't do the job you employ them for without it."

No, because as you pointed out, they need that to do what I asked them to do. Google does not need my browsing history to perform searches and show me ads, but nevertheless they will collect it if I let them. Since I don't even use Google search, they don't need my data for anything, but nevertheless they try to collect it.

Re: NLRB one more reason voters in Muruca will crack down on UNION JOE

"Right to work" in the US is a legal phrase that actually means "right to fire you"

For example, Florida is a "right to work" state as well, meaning they can pretty much fire you at a whim, except for narrowly protected things like age/race/gender discrimination.

I think your mixing up two terms. Your definition applies to "at will employment", which means that there are fewer restrictions on why an employment contract can be terminated. "Right to work" isn't the same, and generally means that a company cannot require its employees to be members of or financially contribute to a union, as opposed to states where employees can choose not to participate in union activities but are still required to pay for union representation if they are employed at a unionized location. You can have one of these without the other, so it's useful to know where one ends and another begins.

Re: Use before date

The UK did not expire the money. They expired the banknotes. This is a critical difference, as anyone can take as many of the old banknotes as they have and convert them into valid banknotes. In India's case, this process was strictly time limited with a cap on quantity. In North Korea's case, it was similar but had more restrictions and a lot more surveillance. I could store my entire life savings in expired pound notes and not have lost anything (with some added inconvenience for getting them swapped out), something I would not have had if money expiration was in place.

Re: Why do tax cuts have to be funded?

They could cut costs, but generally, they don't want to or they pick something you don't want them to. They could probably make some improvements that wouldn't harm the people they're serving, but that doesn't happen very often. Austerity policies don't always focus on the money that's most wasted, and there are a lot of government-funded things which someone will miss if they get cut.

As to why tax cuts have to be funded, they don't if you're willing to borrow or print money to make up the shortfall. Printing the money ends badly, and many countries have, either by legislation or by custom, prohibited or at least limited using that for the budget and delegated the authority to some other group. Borrowing it can work, but depending on what country it is and how the people with the money are feeling, it can cause a lack of confidence in the nation's economy which, if not corrected quickly, can be an enduring problem.

Re: Assession VB code

At least it was explicitly set in VB so you knew whether to have hope. I had similar problems when reading C code, but it only became clear after reading a chunk to see if this was the kind of user who checked whether the return codes for system calls were valid or just put in the calls and trusted that it would all be fine. Unfortunately, even when a user tended to do that, they could still miss one by mistake and end up having a bug related to missing a necessary error check. There's something to be said for exceptions that require an interruption. Although a poor coder can still silently catch and drop them, this is easier to spot.

Re: Registered users?

How did you expect it to work? Somehow, you have to identify yourself to the site so that you can post adverts for illegal stuff and people can send money to you to receive them. A site could be set up where people contact you directly, but that wouldn't make the admins any money so they are unlikely to do it and just because you're selling drugs doesn't mean you know how to correctly organize your own anonymous communication and payment systems.

It doesn't mean they gave the site a lot of useful information, but they would have had to set up an account of some kind to sell things.

Re: Russia is bluffing

Yes, unless they can unmythify the communication between satellites for more remote ones, they'll still need local uplinks. If you wanted to take out Ukraine's ability to use Starlink, it would be easier to attack those uplinks which don't move than satellites which not only are moving but have replacements earlier in the orbit. Unfortunately for Russia, the uplinks they'd need to go after are in some cases on the soil of NATO members and bombing things there can be dangerous.

Re: Pranks and things

Some people may not appreciate some of this stuff. I would have taken a few of these, but for others, I'd have been quite unhappy to have them done to me. For instance, this one:

"At uni we blew flour under another students door and coated everything in there white."

That could damage things and would require a serious amount of cleaning depending on how vigorously they propelled it in there. I'm not sure if this predated computers, but if it didn't, blowing flour into a room with a computer that was turned on would at best require completely stripping down the machine to clean it and at worst could cause a fire (flour is more combustible than it looks). Although the risk is lower, it could even do that with electrical sockets meaning you have to be careful when cleaning those afterward. If someone did this to me, I wouldn't be viewing it as "you got me". My thoughts would be a bit more angry.

I'll admit it's not as clear as my initial comment suggests, but your examples demonstrate part of the confusion. One of the problems is that there is no good adjective in English, so they do use "American". some of your examples do not include America as a noun but American as an adjective. I see why someone would see "American" used and assume that "America" must be the appropriate noun. When it is used as a noun, it's usually in colloquial or abbreviated speech, meaning you're a lot more likely to see it in a slogan or lyric than in general conversation, and more likely in general conversation than anything formal.

Having watched a lot of people from both places talking about their countries, I'd compare this to the use of the terms UK, Britain, and England. British is the general adjective I've seen most often, but Britain isn't generally considered the name of the country. Still, it's used often when a shortened name is wanted. While I have seen some British people refer to their country as England, however, I don't think that's generally accepted and probably annoys people from the other parts of the UK. Inside the U.S., using "America" is like using "Britain" I.E. it's a shortened form that is understood, although I'd say it's less common. Outside the U.S., especially in other countries in the Americas, it's like using "England" in that it's considered inaccurate and mildly annoying.