* Posts by OldSod

26 publicly visible posts • joined 24 Aug 2018

Go ahead, be rude. You don't know it now, but it will cost you $350,000


Re: You get what you order

Take pictures, preferably with a cellphone so that they photos are internally-documented with date/time and location (GPS here in the US). Always file a report with your insurance company, using these photos. Save a record of filing the report.

I had the misfortune of being in a low-speed traffic backup "merge" collision wherein my vehicle and the vehicle to the left of me came into contact (by only the other vehicle's passenger side mirror's plastic housing barely touching (and marking) the paint on the driver's side door of mine).

I took pictures, including a first one of a middle-aged woman emerging from the passenger side of the other vehicle while the driver still her her foot on the brake. I thoroughly documented the lack of damage to either vehicle pictorially despite this woman's screaming at me and her fevered attempt to stop me from taking photos (at first). She eventually calmed down and we exchanged information, despite the young woman actually driving never emerging from the car. After leaving then scene, I thoroughly documented the accident (pictures, location diagram completed using GPS info on pictures) but was unable to file immediately due to a problem on my insurance company's website.

Several days later I was contacted by my insurance company (which was also her insurance company) with a request for information about the accident, initiated in response to her filing her claim. She stated that I had admitted fault (no, no, never did I). During the conversation the insurance company referred to her as the driver, which I said was not true. They asked if I could prove it. After explaining why I hadn't filed yet (their website had malfunctioned and I didn't have Internet service at my house) I told them I would send them my already completed report, which I did. I pointed out my first picture showing her emerging from the passenger side while the driver obviously had a foot still on the brake (brake lights lit, including third high-mount light). After a couple of days they called and told me it was the best documented report they had ever received, but they wanted to know whether I was making a claim? I said no, the only contact was the mirror housing and my door, which left a colored streak on my paint that I simply rubbed off, so no need. They thanked me profusely and ended the call.

I don't know what the other person was up to, claiming to be the driver, or what damage she reported to her vehicle, but it was all short-circuited by my photos with date, time, and location.

Charter told to pay $7.3b in damages after cable installer murders grandmother


Re: $7.3 billion for a murder ?

If a corporation is deemed to be responsible to the amounts given in the article for an employee who goes off the reservation, how much more money should a US state government be paying out for the death of a citizen due to an attorney general's "no cash bail" catch and release program for criminals who then murder someone after they are turned back out on the street?

I have every sympathy for the family for this horrible crime, but I'm not following how it is the corporation is liable for the damage amounts in question, even considering their heinous inability to stop the billing for the service visit that resulted in the woman's death.

If failing to foresee a murderous rampage is going to be a cause for awarding damages, the attorneys general of the various states are going to have a lot to answer for.

What if Charter laid this individual off because he was muttering to himself and had various conspiracy theory red flags, and he then went on to murder someone in a robbery because he no longer had a job? Would people be forgiving of Charter or would they blame them in that case as well?

US won’t prosecute ‘good faith’ security researchers under CFAA


Re: "That's breaking and entering"

In virtually all US states, shooting someone who has only entered your home and is not presenting a threat of imminent gross bodily harm to people in the home will probably net the shooter a criminal trial and jail time.

Some states have a "castle doctrine" law that makes it clear that one is allowed to use deadly force inside one's home without a duty to retreat from the home, but reasonable fear (not bare fear) of gross bodily harm is still required to justify the use of deadly force.

I.e., if your neighbor walks in through your garage and is looking around for you, it is not OK to shoot them. On the other hand, a stranger throwing a brick through your patio door and continuing to advance towards you after you warn them you are armed and that they need leave your home might be fair game, but law enforcement and possibly an attorney general will need to be convinced that your fear of them was reasonable.

Seriously, you do not want to make that cable your earth


Re: PCSA, Vampire Taps and All-In-1...

Twisted pair hubs were a big step up from 8-port 10BASE2 (thin wire) DEMPRs (Digital Ethernet Multiport Repeaters) used for either individual office homerun cabling or (for the more cost-conscious) or whole hallways of daisy-chained PCs. THOSE took up a lot of rack space.


Re: Bee-sting ?

That Wikipedia article captures the essence of vampire taps quite well. I still remember the Teflon drill bit in the installation kit, and taking the risk of drilling into the 10BASE5 cable during the day with a live network to get an install done. If one was not careful, then shorting the shield to the center conductor would disrupt communications.

Of course, there weren't really the many stations on the network in the early days of the Ethernet LAN in our 250-person office. A pair of VAXes (11/785 and an 8550 in a CI-based VAXcluster), a handful of DEC LAT terminal servers, and a few PCs for the folks who needed faster data transfers to/from the VAXes than asynchronous KERMIT file transfers could accomplish. DEC Pathworks/PCSA (Personal Computer Systems Architecture) reduced the mighty VAXes to mere file/print servers for the PCs, and added full DECnet node capabilities to the PCs as well.

Elon Musk 'violated' Twitter NDA over bot-check sample size


Pulling back the curtain

If Musk, by virtue of his due diligence in his purchase, draws back the curtain a bit on Twitter, and the revelation of what is really going on behind the curtain causes "people to get hurt" - should the messenger be blamed, or the people who were less than transparent about what was going on?

IoT biz Insteon goes silent, smart home gear plays dumb


Re: The LinkedIn Edits Are Suspect

According to a notice now posted on the website, the firm was struggling, COVID supply chain problems did them in, and a last-minute sale (started November 2021) that was to have concluded in March failed. The assets are now being "optimized" by a financial services firm.

I have INSTEON switches in my house, but they are interfaced directly with each other and with my Universal Devices automation system, so no cloud failure has impacted me.

I hope that they devices can continue to be marketed and sold, because their combination of power line and RF communications works in environments where one or the other isn't quite enough.

Editing out LinkedIn mentions of their relationship does seem a bit strange, but perhaps they didn't know how to kindly say "we managed the firm into the ground?"


The INSTEON website has been updated with the following message:

"Dear Insteon Community,

In 2017, after many successful years, Smartlabs, Inc found itself in financial difficulties and the path forward was unclear. That year, Smartlabs took in additional capital and brought in new management to turn the situation around. These efforts resulted in new investment into the fortification of the technology and development of new products. The future was looking bright.

In 2019, the onset of the global pandemic brought unforeseen disruption to the market, but the company continued to move forward. However, the subsequent (and enduring) disruption to the supply chain caused by the pandemic proved incredibly difficult and the company engaged in a sales process in November, 2021. The goal was to find a parent for the company and continue to invest in new products and the technology. The process resulted in several interested parties and a sale was expected to be realized in the March timeframe. Unfortunately, that sale did not materialize. Consequently, the company was assigned to a financial services firm in March to optimize the assets of the company.

The pioneering work in smart lighting and world-class products have created an extraordinary following and community. Clearly, all Smartlabs’ employees who have worked so hard to produce such world-class products and technology hope that a buyer can be found for the company.

Although incredibly difficult, we hope that the Insteon community understands the tireless efforts by all the employees to serve our customers, and deeply apologize to the community."


Re: I drove by the Edsel dealer today….

Sounds fishy to me.

National Security Agency employee indicted for 'leaking top secret info'


People are reading too many spy novels...

People who work with classified information know things. Classified things. Classified things that are as easy to remember as people's names, IP addresses, or someone's birthday. They don't need eidetic memory to know them, they just remember them. TS/SCI is not only broadly classified by level and need to know, it is specifically restricted (compartmentalized), so the relationship of fairly trivial to remember information to something that else makes it classified. It sounds to me that Person A sent an e-mail to person B with said e-mail contents containing some amount of information (possibly very small) that Person B wasn't authorized to know. It could have been people's names, it could have been IP addresses, it could be some dates/times.

Perhaps the individual in question can use the HRC defense.

FTC sues Intuit for false advertising, says 'free' TurboTax isn't always free


Re: Gotta love the US

Several conflated factors lead to the US tax reporting mess from what I have seen:

1. The tax code, as dictated to the IRS by the US Congress, is anything but simple. All kinds of political grandstanding from incentivizing people to jump on various "green" initiatives to encouraging college, medical, and retirement savings and spending to operating sideline federal welfare spending programs gets wrapped up in the guise of the "income tax" collection process.

2. The US tax system is a "voluntary tax program" (in the sense that it requires voluntary thinking and movement, not that you can volunteer [or not] to actually pay taxes). Although more and more types of data on citizens financial activity is reported directly to the IRS each year by various institutions, there is no single repository of all information, not even within the IRS. Citizens are required to understand, interpret, and apply tax laws to their own circumstances and self-report their interpretation of their financial obligation to the government. For some, with only a single employer, no investments, limited banking, and other simplicities, the government does have all of the data on-hand and has, at least in the past, offered some EZ file options. Many people have complications, though. I haven't been able to file my taxes easily without software or paying a preparer for fifteen or twenty years. Regardless, the IRS takes what the citizen self-reports and then determines whether it all hangs together, both what they already knew as well as what the citizen adds in their report. This process is more reactive than proactive, and how well it works depends on how much the Congress decides to fund the audit activity. This waxes and wanes due to political whimsy.

3. Some years ago I was involved in a large-scale effort on the part of the IRS to "modernize". This was right around when doing business on the web was becoming standard, but not yet the default way everyone was operating. The project requirements specified that it would provide a web-based way for citizens to interact with the IRS for many things, including filing taxes. You can imagine my surprise, then, when after months of effort defining requirements, doing analyses, and starting design work, I ended up in a room with some IRS folks who apparently didn't get the same memo as the ones pushing the project. They insisted that the IRS IT systems holding "corporate data" were forever and always barred from being connected in any way, even indirectly, to the Internet. Because security, of course. So direct service to taxpayers was out. But the IRS could let those systems connect with trusted "third party tax service providers". Thus the paradigm of submitting taxes completed using third-party tax software, submitted to that tax software vendor's corporate systems, and then and only then that information being sent along a trusted pathway to the IRS systems holding "corporate data".

It is definitely in the IRS' best interests to have tax preparation simple, relatively easy, and all electronic. There are lots of good folks there who want that to be the case. However, the US Congress needs to be convinced to manage the US tax code in a manner that permits that to happen, both in terms of its complexity and in terms of how often (and late in the yearly cycle) they make changes to it. And the "security" folks at the IRS need to (if they haven't already) put on their grown-up pants and face the reality that they can't hide behind outdated security rules forever.


Re: It’s government tax

The US IRS "Free file" program leverages the existing tax prep software companies to produce a citizen-facing friendly software product that the average person can use to complete their tax return and (ideally from the IRS point of view) file it electronically rather than on paper. This is a very desirable outcome on the part of the IRS.

Producing the tax prep software is not a trivial task, as the US tax code (and the IRS rules to implement/enforce it) are complicated and subject to change right up until the end of the tax year. Getting a government agency to produce a reasonable friendly software product that meets all of the government internal requirements (ADA compliance, anyone?) in that time frame is virtually impossible.

The tax software companies stand to make more money if they can get the citizen to pay for the tax prep software, however. They are incentivized to convince the citizen that they need the "for pay" version, and in some cases well-known companies have gone to extreme lengths to obfuscate the truly free tax prep software that they agreed to make available to citizens as part of their business arrangements with the US government.

What is it with cloud status pages not reflecting reality?


It can happen to the best of us

Just this morning I could reach theregister.com on my mobile phone, but not on my laptop. The laptop showed a resolution for the name, and I could ping the name/IP address, but trying to make an http(s) connection to theregister.com resulted in a "server not found" error in both Safari and Firefox. I rebooted my laptop and could then get to The Register's web pages.

I have suffered myself trying to figure out how to show how a service that I was responsible for was up or down when the answer was almost always "it's mostly up but decidedly down for some folks". The problem with obtaining an "are they up or not" view of any major Internet service is compounded by the fact that we don't all see the same view of the Internet due to things like different routing paths, proxies, and (for media) content delivery networks.

Watchdog rejects complaint over NASA IT contract


How the mighty have fallen

I worked for SAI (Science Applications, Incorporated) and then SAIC (Science Applications International Corporation) for a number of years before a) the original employee-owned company was taken public, and b) the eventual split into LEIDOS and SAIC. I left after it went public but just before the split. The SAIC name was the name of the overall entity before the split, by the way, with the LEIDOS name being invented as part of the breakup. The original firm, founded by Dr. J. Robert Beyster, prided itself on doing good work and being entirely employee-owned. It was a fantastic place to work, and a tribute to Dr. Beyster's original vision. One of the informal guidelines in the original company was to *not* protest contract awards. That makes it somewhat sad that there was a protest by one shard against the other. The writing was on the wall by the time the original company was taken public, something Dr. Beyster was against. He got old and eventually had to let go of the reins, at which point senior managers that I think had less conviction and more greed (they saw even bigger $$ for themselves by going public) took over. I saw the original internal ethics process morph from a "we want to do the right thing always" approach to a "compliance" approach, which certainly didn't help maintain the spirit of the original corporation. Ah, well. The king is dead, and the kingdom was raped, pillaged, then split asunder. (These views are my statements of my opinion in case any legal beagles are reading this.)

Wi-Fi not working? It's time to consult the lovely people on those fine Linux forums


Re: "first read the fine forum thread until the end"

I don't know why some consider it a badge of honor to NOT read instruction manuals. When I got started with VAX computers, I read the doc set. When I took a DEC Rainbow 100 out of its box, I read the manuals before I tried to turn it on. When I got started with Cisco routers, I read the doc set. When I got started with the Internet, I read the RFCs. I startled a friend who had a sendmail problem when he found out that I kept my sendmail book in my gun safe (so I always knew where to find it).

It is a strategy that has worked well, and led (eventually) to me being comfortably retired earlier than otherwise expected. The major downside to it is the strangled "thanks" I get from my spouse every time something "just works" for me that hasn't for her (she appreciates the fact that it works for me but somehow wants to hold me responsible for it not doing so for her).

It is hard to get engineers to document things, so when someone goes to the effort to write it up, the least I can do is take the time to read it. And due to a cumulative advantage effect, the more documentation I read, the easier it is to read and extract valuable knowledge from documentation.

West Sussex County Council faces two-year delay to replace ageing SAP system for Oracle


Re: Another important ERP project going off the rails before even going live

I think it is possibly a "mapping gap" between what Oracle sales staff led the council to believe they were buying for price X versus the much reduced functionality that was actually available at that price. During the "pre-design" phase there were probably a lot of "that's extra cost" revelations. I wouldn't be surprised to find out that there is a much higher price tag on the project as well as on-going operational costs once the project is complete.

There is almost always a big gap between the capabilities demonstrated to senior management types and the capabilities actually made available for the price that is mentioned. The ugly truth is only revealed once the required signatures are in place, the project has begun, and the technical staff (who know what the real requirements are) start digging into the actual implementation.

Calculating the big picture: Future HPC efforts will soon see off its von Neumann past


von Neumann architecture?

According to a book I have about ENIAC, John von Neumann, although a brilliant fellow, was not principally involved in developing the architecture that somehow became named after him. The Wikipedia article on von Newman says this:

While consulting for the Moore School of Electrical Engineering at the University of Pennsylvania on the EDVAC project, von Neumann wrote an incomplete First Draft of a Report on the EDVAC. The paper, whose premature distribution nullified the patent claims of EDVAC designers J. Presper Eckert and John Mauchly, described a computer architecture in which the data and the program are both stored in the computer's memory in the same address space. This architecture is the basis of most modern computer designs, unlike the earliest computers that were "programmed" using a separate memory device such as a paper tape or plugboard. Although the single-memory, stored program architecture is commonly called von Neumann architecture as a result of von Neumann's paper, the architecture was based on the work of Eckert and Mauchly, inventors of the ENIAC computer at the University of Pennsylvania.

I think Eckert and Mauchly deserve credit for their work.

Guy who wrote women are 'soft, weak, cosseted, naive' lasted about a month at Apple until internal revolt


Exercise for the reader

Three aphorisms:

o The punishment should fit the crime.

o Context is important.

o Let he/she who is without sin cast the first stone.

An observation:

Stereotyping, part of the cognitive process of inference/generalization, is part of the cognitive toolset used by humans to make sense of and communicate about the world.

Exercise for the reader:

Construct an argument for/against taking Action1 against PersonA based on PersonA’s vocalized ConceptAlpha. Use all three aphorisms and the observation in your argument.

Bonus Points:

Construct the reverse argument. Compare and contrast.

Bothering to upgrade the iPhone 12 over older models has proven to be worth its weight in gold for Apple


Re: Blower?

Star Trek - The Original Series - A Piece of the Action


What happens when the internet realizes the stock market is basically a casino? They go shopping at the Mall


Re: Would you pay $100 to screw a hedge fund?

Sounds something like a Distributed Denial of Service attack; leverage a large number of low bandwidth hosts (low $$ purchasers) to attach a high bandwidth host (high $$ hedge fund).

Start Me Up: 25 years ago this week, Windows 95 launched and, for a brief moment, Microsoft was almost cool


One of the most important bits missing from the article...

An important Windows 95 attribute that was left out of the article is the TCP/IP network stack. Prior desktop versions of Windows didn't come with a TCP/IP stack, leaving the third-party market open to "innovate." This led to multiple commercial TCP/IP implementations for those prior versions of Windows, and 3rd-party application vendors typically only worked with one of those alternatives. If a user wanted to use two different applications that themselves used different TCP/IP stacks, reboots were necessary to switch between applications. This was a pathetically non-user-friendly approach, and one that helped maintain about a 50-50 mix of Apple Macintosh (with Apple's MacTCP networking stack) and Windows desktops in the large corporation at which I worked at the time.

The Windows Sockets API (not from Microsoft!) was a step in the right direction, but the Windows 95 TCP/IP stack, included with the operating system (and actually released separately and earlier to run on Windows 3.1), was a major boon. If Microsoft had continued to keep its head in the sand with respect to TCP/IP and the Internet, Windows 95 might not have been quite so successful. You can write encomiums to the Start button, but the native Windows 95 TCP/IP stack was just (if not more) important to the success of Windows 95.

It's Terpin time: Bloke who was SIM jacked twice by Bitcoin thieves gets green light to sue telco for millions


Re: I hope he wins ...

I do not hope he wins. A telephone company's protections against unauthorized phone number hijacking should be sufficient for ordinary risks, not the pressure of a $24M payoff. If the phone company's protections must be proof against $24M, or $100M, or (what limit?) attack motivations, then the increased costs (both monetary and otherwise) will be borne by everyone all the time.

If the number had just been hijacked for ordinary reasons (someone wanted that number, someone wanted to hassle the owner) then when the hijack was discovered AT&T would have been able to restore the number to its rightful owner. The only loss would have been some inconvenience to the owner, perhaps some social relationship repair.

According to the story, AT&T didn't just fold and give away the number at the drop of a hat, but failed under sustained pressure by the baddies against the system. It wasn't just AT&T's failure that led to the loss of the $24M, it was a series of protections that failed. Ultimately much of this series of protections was the responsibility of the individual who lost the $24M to ensure that these protections were sufficient to the threat. I don't think it was reasonable for him to expect the AT&T protection against number hijacking to be designed to handle the pressure of a $24M threat.

Winner, Winner, prison dinner: Five years in the clink for NSA leaker


Re: I find it hard to credit the 'printer dots' with her indictment/conviction

"I can't reconcile laws limiting free speech, such as 'official secrets' with 1A myself. It's one, or the other, but not both. 1A would appear to make later laws invalid, but I'm in the UK, and this stuff doesn't apply here."

Anyone who receives a security clearance in the United States has voluntarily agreed to and signed a contract that restricts their ability to speak freely on certain matters. It is known to those signing the contract that violating the contract can result in a draconian effort to punish the violator. Snowden did his thing with the full knowledge of what would happen, apparently because he thought his sacrifice was for a greater good. The individual in question in this recent case did not appear to have had as lofty a purpose, nor the same understanding of the likely consequences of her action. I don't believe there are necessarily political motivations behind her punishment, it seems enough that she flouted what are very clear rules. It is not so much that she twisted the tail of a political figure by revealing "oooo - we know the Ruskies hacked us" but that she sinned against the system itself when she violated the terms of the agreement she made when given her clearance. If infractions like hers are not punished, then these agreements would cease to have meaning.

Muslim American woman sues US border cops: Gimme back my seized iPhone's data!


US customs has always had the authority to search through goods being brought into the United States, whether by a citizen or a visitor. I'm fairly certain every country reserves that right, and some probably exercise it even more frequently than the United States.

What is an evolving point of law is whether the right to search goods being brought into the United States includes the right to search through information contained on an electronic device, as opposed to merely searching the material nature of the electronic device, especially if the person to whom the electronic device belongs is a US citizen. There have been several somewhat recent court decisions that seem to be pushing back on the US customs claim that they have the authority to search the information as well as the physical device; it is unclear to me where the ball will fall with the final spin of the roulette wheel. It is difficult for the customs folks to claim that their search is necessary to prevent the introduction of illegal information into the US, or to claim that it is necessary in order to enforce US tax law or tariffs on the information, as far more information flows in (and out) of the US on data networks. In the case of a citizen, searching through that citizen's information (without a warrant) seems like an unwarranted invasion of privacy (pun intended), that murky right described (somewhat) in the 4th amendment to the US Constitution.


Re: When Booking-Travel now the first thing I usually do is:

I don't think the legal landscape is as wonky as suggested: "And coming to think of it, I'll store the PIN for the device on a classified network. Tell the TSA agent that the PIN is classified, which it then would be and if he or she insists, have them arrested for espionage."

The simple act of putting the PIN on a classified network would not make the PIN itself classified (it would make access to the PIN through the classified network require a security clearance, but not access to it through other means). The PIN exists outside of the classified network, and no reason exists for the data that is the PIN to become classified. If merely storing data on a classified network made that data classified, then a lot of public domain news would be classified as it is ingested into classified networks for analysis and situational awareness. If the PIN was classified, it would be illegal for a cleared individual to use it on the phone itself, as the phone is not authorized for the storage of classified data.

Just how rigged is America's broadband world? A deep dive into one US city reveals all


Re: need for speed

I lived through the Bell/AT&T break-up and the introduction of the Internet (first) and then widespread cellular service (second) in the US. If AT&T/Bell had been run as a semi-government corporation like the US Postal Service, the introduction of the Internet and cellular service would have been considerably slower. The breakup of AT&T lead to a dramatic reduction in telephone costs, especially long distance telephone costs, in the US, but in no way slowed down the introduction of Internet services.

AT&T had no clue about the Internet, and their moribund internal processes would have crept along ever so slowly. They had already spurned the idea of packet-based networks when the DoD first came calling with the ARPAnet. The Internet initially flourished because the only thing "the telephone company" needed to provide for subscriber connections was a voice-service telephone line, which practically every household already had (thanks to Universal Service mandates from the government) and which ISPs were able to request installation of en masse. Thousands of independent ISPs using dial-up modems met the need for last mile Internet connectivity; they rapidly broke out on every street corner it seemed once the "no commercial traffic" prohibition for the Internet backbone was laid to rest.

The RBOCs (Regional Bell Operating Companies, aka Baby Bells [what the local services part of AT&T were broken up into]) that provided local telephone service after the break-up only got into the Internet act when they saw there was an almost insatiable demand for connectivity and speed. They began buying up the little independent ISPs, and they developed digital subscriber line services that could be laid on top of the existing copper for voice services (DSL provided the "always on" Internet *and* allowed for simultaneous voice service as well). Cable companies started getting involved then as well, first with rather painful attempts to make their "barely functioning for one-way video cable plants" work with two way digital data, then upgrading their plants to provide better and better digital services. Eventually the battlefield in many areas had only two major combatants; the telephone company and the cable company. Oh, yeah... satellite providers tried to get their foot in the door, but the round-trip latency was (and is) a deal-killer for many folks.