* Posts by Simian Surprise

86 publicly visible posts • joined 8 Jan 2020


BOFH: Smells like Teams spirit

Simian Surprise

Re: Work stuff

Only if you're in management, right? Serves them right...

US critical infrastructure cyberattack reporting rules inch closer to reality

Simian Surprise

> However, "key information" about a cyber attack – with the specific victim being anonymized – will be shared with the relevant industry sectors

Anonymized, hmm.

> A large, publicly traded ad-tech and search company was hacked

> An online-shopping and cloud-services company just reported a breach

etc etc, and even if it's only shared with "similar" companies you betcha a leak is happening if it's in the interest of a competitor.

Dave's not here, man. But this mind-blowingly huge server just, like, arrived

Simian Surprise

Re: It's a shame

What I gather from articles like this isn't that cannabis is especially awful, but that the dangers of alcohol have become more widely tolerated: all of the symptoms listed there are also caused by heavy alcohol consumption.

So (and I'm not assuming anything about your opinions specifically) I'd say that people who are concerned about the negative effects of cannabis but also consume even a socially acceptable amount of alcohol should reconsider the latter.

Forgetting the history of Unix is coding us into a corner

Simian Surprise

Heh, users

> He came across something that he strongly suspected carried a (non-bootsector) virus, and idly ran it

you're not supposed to run it, you're supposed to rm it (UNIXes only)

Critical vulnerability in Mastodon is pounced upon by fast-acting admins

Simian Surprise

Re: I told you guys

For $2000 I'll build you one that goes to 12.

Brit watchdog thinks Google's tweaked Privacy Sandbox still isn't cricket

Simian Surprise

Still a stupid idea

I work in ad tech. 3rd-party cookies definitely help us in many ways.

But also, non-Chrome browsers have already blocked 3rd-party cookies for years, and we've been just dealing with the lack of those signals, fine.

The amount of effort that Google is putting into "ok we're going to remove 3rd-party cookies but also kinda come up with a weird bundle of replacements which are shitty versions of what we think people want 3rd-party cookies for and also rework how RTB auctions work in Chrome" is just suspicious.

If they actually cared about privacy+tracking they'd just say "we're gonna do like Safari and just disallow that" and then everyone would have to deal with Chrome as we deal with Safari. Instead there's this opaque system, controlled by Google, which they pinky-swear has no backdoors or other ways for Google to get to keep all of your info.

I really, really can't buy the idea that this isn't a subtle land grab by Google that they're trying to sneak by regulators. Just say "no one gets 3rd-party cookies" and be done with it.

Kaspersky reveals previously unknown hardware 'feature' exploited in iPhone attacks

Simian Surprise

Or if nothing else, he got glowing review...

Bricking it: Do you actually own anything digital?

Simian Surprise

Re: Same fraud as 'lifetime' guarantee

It's doesn't work at all, you say?

Completely busted, even?

Would you go so far as to say your kit is dead?

... Well, it's past its lifetime then, no? No coverage for you!

Mr Cooper cyberattack laid bare: 14.7M people's info stolen, costs hit $25M

Simian Surprise

Oh hey nice

I just got a letter that my mortgage was sold to them!

Not that I *know* my previous mortgagee was any better at cybersecurity, but also not like I get a choice in the matter.

Shame about those wildfires. We'll just let the fossil fuel giants off the hook, then?

Simian Surprise

Re: When will Big Oil face the heat?

Astounding that it's 2023 and there are still naïfs thinking this way. (Or at least, cowards.)

We're discussing an issue which affects the entire world (albeit unevenly) and is caused by the actions of people* all across the world (albeit unevenly) and the precise scientific mechanisms underlying which are not as well understood as they could be, and proposed solutions to which are still under development.

But sure, let's just snap our fingers and get everyone to agree to your one simple trick to fix the climate (discovered by a mom!).

* yes, including corporations, which are run by people

EU running in circles trying to get AI Act out the door

Simian Surprise

First to legislate?!

I know how "first to market" can be a competitive advantage in commercial situations, but are they really so full of themselves to think they have to be the first to write the laws on something?

Is the hope to set expectations for other countries' own laws? Despite what the EU thinks, I doubt the US (e.g.) is going to decide to go along with Europe just because they got it out the door first.*

So now we've got legislation coming on a topic which has been developing for years (and months already at the level of hype we're dealing with) and it's important enough to miss bedtime for? We're not signing a war-ending treaty, people, go home and have a glass of wine and come back tomorrow.

I guess the upshot for the rest of the world is that the EU will show us what the worst regulatory cock-ups will be.

* (But compare CCPA and other non-European privacy-protection schemes, for instance: GDPR was significantly better thought out than I expect this to be, and jurisdictions passing "copycat" legislation had the benefit of watching what jappened with GDPR before nailing down their rules. So maybe this is for the best for everyone else.)

Pope tempted by Python! Signs off on coding scheme for kids

Simian Surprise

Re: Coding with Biblical proportions

Pointy-hatted, yes.

Apple jacks prices to juice profits because $19.3B a quarter isn't enough

Simian Surprise

Now tell us how you really feel...

It is 20 years since the last commercial flight of Concorde

Simian Surprise

Re: Gorgeous aircraft

I... think the idea is, you already have to fly, why not have a nice Cab while you're at it?

Ex-Fugees star accuses his lawyer of going full robot in corruption trial

Simian Surprise

Re: Oh brave new world

It's not easy at all, though. The government enjoys the presumption that the lawyer is competent and made decisions that could have been seen as reasonable at the time. E.g., "didn't make a different closing argument which might have worked better" is not usually going to cut it if the argument that the lawyer DID make is plausible.

Plus, you also have to convince the court that you could have gotten a different result had your lawyer not ****ed up as you allege.

It'll be interesting to see if "asked a computer what to say" qualifies, assuming the computer gave a reasonably lawyerly response. I bet it won't cut it.

Can open source be saved from the EU's Cyber Resilience Act?

Simian Surprise

Re: “… that program you wrote in 2019”

I've contributed large amounts of work to a rather well-known libre program which is commercially supported (by an EU-based company). I've never and won't ever be paid, but they've given me things of nominal value as unsolicited thanks.

Do I fall under the law? My code is used by many companies who pay the aforementioned company for support. I obviously can't retroactively change my license terms, and (more importantly) neither can they, as I own the copyright still.

Simian Surprise

Re: I see a LOT of software developers

Well, that's no longer free software, then, assuming it's intended to be legally binding.

And if it's not, it can't be much of a CYA (I'm not a lawyer and haven't read all the legalese, but I wouldn't be surprised if just saying "they used it in violation of the license" isn't a good enough defense).

So in the former case FOSS is just dead, and in the latter case devs are just as fucked.

Musk in hot water with SEC for failure to comply with subpoena

Simian Surprise

Re: Frog March Him Out of His Office in Handcuffs

It was going to be a cage match, as I recall.

Why not a prison-cell match instead? If Musk wins, we don't have to deal with Zuckerberg anymore, so there's no downside. (The best outcome of course is them both KO'ing each other and then neither can leave, that's how it works, right?)

Amazon had secret algorithm to hike prices, claims FTC

Simian Surprise

> we'd have to stop many of the things we do to offer and highlight low prices – a perverse result that would be directly opposed to the goals of antitrust law.

Every time! Say it with me: "the goal of antitrust legislation is not lower prices, but non-monopolistic competition".

See, e.g., the FTC (which is of course biased, but also likely the group that beat understands antitrust) (https://www.ftc.gov/advice-guidance/competition-guidance/guide-antitrust-laws/antitrust-laws):

> [the objective of antitrust is] to protect the process of competition for the benefit of consumers, making sure there are strong incentives for businesses to operate efficiently, keep prices down, and keep quality up.

So lower prices is expected as a result of a competitive marketplace for econ 101 reasons, but saying "we have low prices so we're not within the scope of antitrust law" is affirming the consequent pretty darn hard.

(n.b. that I obviously haven't read the whole action, so this is just my constant annoyance at companies that [pretend to] think that their monopolistic behavior is in fact fine because it [at this moment] is getting [purportedly] lower prices for the consumer)

MongoDB's SQL-to-NoSQL converter uses AI to smash the language barrier

Simian Surprise

Yes, but then you have your data in a NoSQL system...

Europe wants easy default browser selection screens. Mozilla is already sounding the alarm on dirty tricks

Simian Surprise

Growing, again. I remember "Best Viewed With Internet Explorer" being popular once.

On the other side, web developers don't usually enjoy having to test their work in multiple rendering engines (boo hoo, right?) and as Chrome is often the default browser they have access to, "works on Chrome" is going to be what they give us.

So you want to save energy? Ditch web apps and go native, boffins say

Simian Surprise

Last I checked this wasn't the case for Electron, and a lot of "native" apps are based on that, so in that case a perfectly fair comparison.

(I was shocked to find out that not only is it running Chrome, but it's even downloading the entire webapp JS etc. every time you launch it -- no cache!)

GNOME project considers adding window tiling by default

Simian Surprise

They're overcomplicating it again

> need for additional metadata about the contents of a window in order to decide where to put that window.


I use i3wm, which is tiling only* and it puts things where I want them, because I put them where I want them. I guess this makes me a "power user" because I don't mind pushing C-M-arrow on occasion?

And I'm pretty sure much of the group of people who don't like Windows's management thereof might also not want/need/like any feature like "huh looks like that one is your web mail".

* okay, you can have a pop-out window and nontiled dialogs

A federal watchdog to police Big Tech? Yeah, that'll do the trick, senators...

Simian Surprise

Gotta love delegation of authority

Is it just me, or does this look like Congress deciding that it won't ever manage to agree on any substantive legislation on (say) digital privacy, but just *maybe* it can agree to have someone else make the decisions, so that going forward the Rs can blame the Ds on the committee for decisions they don't like, and vice versa?

And we get yet another group of regulators who we have even less ability to influence.


Microsofties still digesting pay freeze upset by Nadella's 'landmark year' memo

Simian Surprise

Re: inhumanity

> CEO Worship is 2 words...

Surely 4?

You may have heard about AI defeating voice authentication. This research kinda proves it

Simian Surprise

A "secure" system identifying me based solely on my voice isn't something I'd trust with any amount of my data, let alone anything a hacker would care to get their hands on.

So as I see it, this is similar to the technique of lifting someone's fingerprints from a surface and using them to bypass a fingerprint scanner: not easy but doable with the right knowledge, effort, and a bit of luck... and then you can try guessing the password and such, maybe get your hands on my phone for 1TP.

US senators and spies spar over Section 702 warrantless surveillance

Simian Surprise

Ah, I see you haven't met the super-powered FISA Court, a _bona fide_ Article III judicial body, which hears surveillance-authorization requests in secret hearings and issues classified warrants and rulings regarding same, and if you were somehow able to learn that you were the subject of a case, your lawyer doesn't have the right of audience in that court anyways.

Simian Surprise

What's their problem with this?

If the law doesn't get re-authorized, the agencies will have to, uh, stop illegally spying on Americans using 702, and start illegally spying on everyone w/o 702, and we know what consequences they face for illegal espionage.


Professor freezes student grades after ChatGPT claimed AI wrote their papers

Simian Surprise

Yes, surely the best way to tell if a student wrote the paper is to make them answer questions about the topic and argument.

And if they use an LLM anyways, and produce a convincing paper, which they then study thoroughly that they might be able to pass the exam, I'd still say they've learned what they were supposed

Microsoft will upgrade Windows 10 21H2 users whether they like it or not

Simian Surprise

> losing everything in the incognito chromes

Well, if you'd had nothing to hide, you'd have had less to fear...

Online Safety Bill age checks? We won't do 'em, says Wikipedia

Simian Surprise

Re: The Lords said they felt that "anonymous age verification is possible."

Do try to stay even a little on topic.

Spain gets EU cash to test next gen network, and US 'scrum for 6G' already under way

Simian Surprise

Re: Oh great

So is the recommendation to put your cell phone in your *right* pocket, then?

Microsoft mucks with PrtScr key for first time in decades

Simian Surprise

I don't know, I'm totally fine with this random UX change (unlike almost everything else MSFT forces on me*).

Maybe this is because I already started using Snipping Tool; it's surprisingly pleasant and usable for modern Windows (doesn't need/push me to use OneDrive, no ribbon nonsense, starts up more-or-less instantaneously). The only downside is the occasional pop-up warning me that some emanation called "Snip 'n' Sketch" is waiting in the wings to fix all of those glaring issues I just mentioned.

(* And no, I have to use Windows for work.)

Smile! UK cops reckon they've ironed out gremlins with real-time facial recog

Simian Surprise

Re: 1 in 6000?

Ok, but think of it from the opposite perspective: you've got dozens of potential matches to known criminals a day (and I think you're low-balling it, even). There's not going to be even close to enough cops to deal with all those reports. So now they start having to triage whom to go after, they send an officer after an innocent look-alike, the "bad guy" (yes, I'm being very generous and assuming arguendo that this is to catch criminals) walks by 10 minutes later and bang! all we've done is waste police time.

I struggle to think of a way in which this can go well, even from the cops' perspective.

After 11 years, Atlassian customers finally get custom domains ... they don't want

Simian Surprise

Re: Oldest ticket

https://jira.atlassian.com/browse/JRASERVER-62554 is one I've been waiting on for years (2017): there's a "current time" field if you hover over a user's name, but it's always your timezone, very useful.

Privacy fail: Pictures cropped, redacted by Google Pixel phones can be recovered

Simian Surprise

Huh, I always thought I was being paranoid by cropping a screenshot and then taking a screenshot of *that*, but I was always just a bit suspicious.

Guess I was right this time! Sadly...

Eufy security cams 'ignore cloud opt-out, store unique IDs' of anyone who walks by

Simian Surprise

Who else?

Desai's complaint specifies the proposed class as

> All persons who purchased one or more of the eufy Security Cameras within the applicable statute of limitations

Oh come on, can I not be part of a lawsuit if any of my neighbors have one? Or if I can prove that I walked by one and it has me in the database? (In my case, they don't, and I can't without discovery, but it's the principle of the thing for others.)

I know that such people didn't rely on any misrepresentation of the company, so for this specific action they're not similarly situated, but why can't we have a law against doing this crap? People are having so much fun with internet-privacy laws like GDPR, but I'm much less concerned about advertisers knowing some stuff about my purchasing habits and interests than cops* and hackers knowing about my travel habits and recent locations.

* oh right, never mind, that's why.

You've been pwned, how much will each stolen customer SSN cost you? How about $7.5k?

Simian Surprise

SSN theft

> This included names; demographic information; health information, including diagnoses, providers and prescriptions; health insurance information, including legacy Medicare beneficiary number derived from the individual's Social Security number or other subscriber identification number; medical record numbers; patient account numbers; and passport numbers.

I've been a US citizen for decades and I've never understood the whole SSN thing. A single number, which you can't change, which gives people who find out about it the ability to see all sorts of personal info, apply for loans, access various government websites, ...

At least my passport number rotates every time I get a new passport.

I already assume that my (name, SSN, some current or previous address, birthday) tuple is leaked out there already. I'd be significantly more livid to know that my medical info got leaked: there's some things about my health I'd rather keep between me and my family. But that's not what gets the big bucks in compensation, I guess.

Google: Turn off Wi-Fi calling, VoLTE to protect your Android from Samsung hijack bugs

Simian Surprise

Re: Shitesung

I had a great Samsung phone (A5, I think) some time ago, lasted for years until I smashed it. Unfortunately that convinced me to buy Samsung for my next two phones: one stopped reliably taking/receiving calls about 2 years in; the other died completely the week before its first birthday.

I hadn't signed up for a phone protection plan, but seeing as that presumably would have gotten another of the same, I'm glad I didn't. Motorola makes some reasonably priced models.

And as others have said, I get great signal (5G) at my house, enough to replace my cable with, even... in one room on the top floor. So WiFi calling is a must-have. Apparently I dodged yet another bullet.

Binance robbed of $600 million in crypto-tokens

Simian Surprise

Re: the government pays up

I hope they take all my money if I ever become as much of a bleeding idiot as it takes to post something like this.

AI drug algorithms can be flipped to invent bioweapons

Simian Surprise

> having model APIs where you can cut off access if it looks like some bad actors are trying to use your toxicity models for these sorts of various purposes would be a step [towards harm reduction].

Great idea! We can analyze the model usage to see if it looks like what someone would be using to create toxic compounds. All we need to do is train a machine-learning model...

Driver in Uber's self-driving car death goes on trial, says she feels 'betrayed'

Simian Surprise
Black Helicopters

> Finally, the agency will consult legal counsel and experts in ethics

Ah yes, spend the time and money, and only *then* worry about whether it's legal. (I expect that the "experts in ethics" bit is dry humor.)

Food for thought on the return to the office

Simian Surprise

I downvoted you for not using vim and for systemd, but it turned into an upvote for clever idea.

BOFH: On Wednesdays, we wear gloves

Simian Surprise

Re: Clever writing

I choose to believe that the BOFH did none of that stuff at all. You think, given the kind of state that beancounter is in, that he's going to go check his credit-card statement first?

Laziness is a virtue in tech, I'm told (along with impatience and hubris). Why bother doing all that when you can spend a full 5 minutes in the lift and have your worries vanish?

Besides, it's not like he can't turn around and do it the next day if his advice goes unheeded...

IntelliJ IDEA plugin catches lazy copy-pasted Java source

Simian Surprise

> ... AntiCopyPaster will run the snippet through its onboard Gradient Boosting Classifier model to check whether it's a suitable candidate for refactoring (revision) using IntelliJ IDEA's built-in Extract Method.

They do know that this doesn't stop it from being a "derivative work", right? The licensing concerns are all still there.

If they really wanted to do some fancy analysis they should go and check for licensing issues and then block/complain because of *that*.

There's something to be said for delayed gratification when Windows 11 is this full of bugs

Simian Surprise

Re: Some things never change

"of ... memory"?

Lucky you!

Remember when you thought fax machines were dead-matter teleporters? Ah, just me, then

Simian Surprise

Re: A3? That's not big.

Man, nothing like coming to the comments on a SFTW and watching people making it about COVID again...

Aren't there enough COVID articles for you to comment on?

Ex-org? Not at all! Three and a half years after X.Org Server 1.20, 1.21 is released

Simian Surprise

Re: Wayland creators

And then do we tie him to a public urinal?

Jamstack research: Typescript and serverless are the winners

Simian Surprise

Re: "React (...) ...at 8 years old it should be over"

At my former job, the webdevs considered the 4-year-old front-end Angular code base becoming "legacy" and in need of a (React) rewrite, while us poor backend debs had to contend with a ten-year-old* Java codebase, the only truly "legacy" bits were support for features that had been dropped years back but the code kept for that one other bit of code that kinda sorta used it.

I'm tempted to guess that part of the problem is that large Javascript codebases are difficult to understand and maintain, so as developers come and go the project quickly reaches a point where few people really understand how all of it works. The way out? Rewrite it so now *you* understand it!

* yes, yes, you have your 30-year-old COBOL codebases, I know...

Clearview CEO doubles down, claims biz has now scraped over ten billion social media selfies for surveillance

Simian Surprise

Re: His muskiness tweets

It's "In Brief". The rest of the article also doesn't have anything to do with Clearview.

El Reg is just collecting a bunch of events they didn't publish as full articles.