* Posts by sev.monster

651 publicly visible posts • joined 9 Apr 2020

Page:

Larry Ellison wants to put all America's data, including DNA, in one big Oracle system for AI to study

sev.monster

Yes... That's the stated goal. But considering the sheer volume of issues that will inevitably fall from the branches when the trunk is shaken, I must reiterate my original post.

There is simply no excuse to have allowed such a malignant thought process, if one values the people behind the information he wishes to centralize.

Of course, that's the answer to the question, isn't it.

sev.monster

Re: Omniscience is the game

I would almost ask you how you came to that conclusion, but I get the feeling it would not be an unbiased take. As such, this comment is now redundant and reduced to public musing.

sev.monster

What absolute hubris. I can't even fathom how he could consider this a reasonable idea.

T-Mobile goes live with beta of satellite phone service for the US

sev.monster

Re: Does anyone want to talk tech?

I'd also be curious of the supported frequency bands, given each phone is permitted to/capable of utilizing fixed bands. Some phones probably won't be able to use the satellites because of that, right?

sev.monster

I didn't explicitly say it, so let me be clear: of course they're going to charge you for this. I don't mean to say they will bundle it in for free and I don't live under any illusion they are doing this purely out of some goodwill. I imagine they'll either raise the base price of plans that include satellite access, or enable Super Roaming Mode and charge absurd rates compared to normal use the second you get out of tower range.

This is definitely a "push innovation to later fill our coffers" kind of move, given that really you could already go out and buy a satellite phone. But now your smartphone can do it too! That'll be an extra $5/min, boss.

sev.monster

I assume by then they will begin to expand the offerings to data and calls. But it is true that satellite (especially fast links) are much more expensive than terrestrial offerings. I see this being useful as a fallback connection for areas with little to no reception—once this exits beta they will probably bundle it into existing plans for just that purpose.

Also, the more people use (or rather, pay for then underutilize) these services, the cheaper it will be for everyone. As satellite tech gets more robust and common, the price will come down. Probably not worth it to jump on the bandwagon until then unless you're an enthusiast or an Elon blowhard.

sev.monster

Elon didn't do any of this. Truly tired of people treating him like a saint. He's an awkward ideas guy that happened to come into some money, that he used to fuel the Next Big Thing, which made enough money to kick the can further down the lane.

He hired smarter managers to hire much smarter engineers to build these solutions. His job is to rake in the money while he tells his lackeys to do stupid shit, like rebrand Twitter or the Cybertruck.

Acting like Elon is some kind of messiah is offensive to the engineers and other techies that brought this to life.

China sticks antitrust probe into Google amid retaliation for Trump import tariffs

sev.monster

For once I am happy with what the CCP is doing. Please, by all means demolish Google. I'd celebrate the day.

DARPA asking for ideas on automating money laundering detection

sev.monster

Re: It's easy to spot in any country...

"papers of dead royalty" is probably the most metal way I've ever heard anyone refer to fiat currency. About as relevant too given the thing that used to give it value is also long gone.

FBI's secret UFO hunters fear Trump's January 6 purge will send them into orbit

sev.monster

Okay so, alternative take... Why was a department supposedly tasked with investigating UAPs also investigating January 6th?

Are they trying to say aliens did it? Is Trump an alien? Am I an alien? I don't know what to believe anymore.

$800 'AI' robot for kids bites the dust along with its maker

sev.monster

Re: Not A Bad Thing

You're getting a lot more than just what this toy can do, though. Feeding, safekeeping of the home where warranted, chores. If you consider those as additional costs it starts to make more sense. But yes, I was being facetious.

sev.monster

I agree. Bond is nice in theory, but I too see a much higher risk in implementation.

  • Regulators will need to be iron-fisted and straight-backed, with any slack on their part allowing companies to get away with much. For example, if they do not properly audit a bond, a company goes under, and it isn't nearly enough to support maintenance... Guess that's it? What now? That's what I was alluding to earlier.
  • Banks will need entire new departments and staff to understand the nuance of the companies that wish to take out bonds with them, to ensure the bond will be able to support the maintenance window as required by law. Or, if not the banks, the government could set up these departments. I suppose it doesn't need to be a dedicated team, and someone could fund researchers and industry experts to help when required, but that doesn't as well guarantee they will be impartial and honest in their assessment.
  • Government must also make sure audits are processed quickly and efficiently. Get too backed up and companies will fail before they have a chance to fix things. And by that point, regulators have lost the initiative to get the company to rectify the bond before they go under.
  • As mentioned, though in not so few words: no one is going to like this. Banks will hate having to set up these bonds, startups will hate having to set up an extra round of funding just to pay what will surely be exorbitant costs, investors will hate the initial round for startups skyrocketing, the government will hate having to constantly audit the bonds and the parties involved in them...
  • What if the product or its infrastructure is so horrendously unmaintainable, that not even what was thought to be a sufficiently sized bond can cover it? What if no one wants to maintain it? You surely can't force the original employees to do so if they quit, and third party companies/government orgs are not going to know enough about a product to keep it going without any hiccups. What if they fail to maintain it and everything falls over? When do you throw in the towel, when all the money dries up? What happens to then consumers then, with their promised 10 years of support is over in one?

I still prefer the code escrow idea, because it encourages community support and personal innovation over extended support of a product that, let's face it, probably wasn't that good to begin with if the company went the way of the dodo. Of course, this is showing my own bias, as I personally would much prefer having code to tinker with, over some gizmo to keep whizz-banging for a wee bit longer. But I'm sure the average consumer (in today's culture) would vastly prefer the latter, nor would most of them benefit from the former.

And I also think the requirements to properly implement would be significantly easier on companies, investors, banks, and regulators. No reliance on a bank willing to fund a bond (which they all may deny). No possibility for funny business in shorting the maintenance costs. Very very easy to audit, since all you need to check for is that contributors have signed their rights away.

Simply add this standard clause to your CLA, super straightforward, no fuss. If and when your company goes under, and if no one buys it, your code, schematics, and other intellectual property must be released to the public. Fail to do so, figureheads get fined or go to jail. Yes, products will stop working compared to extended maintenance on bond, but if the products are good enough and popular enough, someone will step up and get them working again. We already see this with products that aren't open, through the sheer power of hard work via reverse engineering.

You would also surely see new companies spun up simply to continue the maintenance of products, since the code is now open and people can do whatever they want with it. Now, you won't be able to guarantee your market, since someone else could step up and do the same thing, but you would surely be able to make some money through a bit of extended support, and consumers would get a working product for your effort.

sev.monster

This is the way. Telling someone “you can't go bankrupt” (which is essentially what a minimum duration of service would mean) is entirely unmaintainable. What are you going to do, take the money they don't have? Jail them? Cover the costs of the obviously failed product for a time? Buy back the merchandise?

Forcing all contributors to sign away their code under escrow as it is produced would make it possible to put it in the hands of the community if a company goes under or can otherwise not support their product with its required infrastructure. And any company would be terrified at the thought that their valuables could be left out to dry if they fail—many such stories of CEOs taking the assets of their failed companies and trying again next year. But now they won't have that cushion to fall back on, and whatever great idea they had is now open for anyone to replicate, and more succinctly, much less marketable.

sev.monster

Re: Not A Bad Thing

Honestly, the thing just looks and sounds creepy. Until we get past Uncanny Valley, I would never give this thing or anything like it to a child.

Just hire a nanny. Shit, it'd be no more expensive than buying a piece of kit like this and paying a monthly subscription.

Microsoft won't let customers opt out of passkey push

sev.monster

Re: Passkeys are a bad idea, or at least badly implemented

These posts seem to assume that your password management/"passkey"/other authentication mechanism must be tied to some cloud service or that it's insecure to take encrypted credentials with you... As long as your credentials are sufficiently secure, there's no issue copying e.g. your password vault to your phone. TOTP/HOTP/FIDO2 are all completely offline and do not require communication between an external server to authenticate, only FIDO2 needs a connection to the server directly (no external parties) in order to validate the private keys. It's very possible to remain safe and secure by taking advantage of available technology to its fullest without really much inconvenience... And in some cases it can even make things easier, like one-tap FIDO2 logins.

sev.monster

Re: Passkeys are a bad idea, or at least badly implemented

If you'd had read what I said, you'd know: I store my password in my password manager which is encrypted using credentials from my hardware key. The password is randomly generated and has enough entropy that it would take years and millions of attempts to brute force it.

I get you're implying skepticism for my chosen authentication methods for whatever reason that may be, but just because there's a lack of support doesn't give the excuse to be willfully negligent.

As much as I'd love all websites to at least offer the integration for FIDO2/etc, that is still a pipe dream. So for the time being, password managers and highly secure passwords are still required if you want to be even marginally more secure than using some simple rainbow-tableable password.

sev.monster

Re: Passkeys are a bad idea, or at least badly implemented

Passkeys aren't a bad idea. The technology underpinning them—WebAuthn, FIDO2, etc.—is sound, and has been sound for years. But the current marketing push, redefinition of terms, confusing technical landscape, and improper security posture of basically every layperson using them, has provided the vast majority of end users no tangible benefit.

The term "passkey" was created (by Apple as far as I know) to help signal-boost WebAuthn and related technologies. It was and is a marketing term, with no relation to the FIDO Alliance or the FIDO/WebAuthn specifications. The actual result of this independent third-party push has been endless confusion on what a "passkey" even is, with vendors fighting over the exact definition. Meanwhile, over a decade of existing technical and end-user documentation that talks about WebAuthn/CTAP/FIDO2/FIDO/U2F never mentions "passkeys". I've met people that think passkeys are a completely separate technology, incompatible with WebAuthn... And in some cases, that may even be true.

Current consensus is passkeys are "probably WebAuthn credentials". But who knows what anyone actually means by that when they say it.

I've been using hardware security keys for years for all of my credential needs, and not only does it make signing in faster compared to having to remember/type out passwords, it's substantially more secure. Each site with FIDO2 compatibility gets a separate credential on each of my keys, so if I lose one I can revoke the credentials that specific key stored. Everyone else with OATH 2nd factor gets that. Where a password is required, I use a static password stored on the key, combined with an easy to remember prefix/suffix—or a generated and saved password for services I don't think I'll need to log into without my password manager handy. In my opinion, this is the best security posture you can take—but there's absolutely no way you could get your average end user to adopt it... Meanwhile so many implementations of such forced security I've seen by providers has been lackluster to the point of irrelevance.

Encryption backdoor debate 'done and dusted,' former White House tech advisor says

sev.monster

Re: The world needs E2EE to keep the USA out

You kidding? The majority of chips are Taiwanese and the majority of tech exports are Chinese. For every US-based company that peddles tech, there is a foreign alternative: Vk is Russia's Facebook, Baidu is China's Google. And even then, the vast majority of the hardware American software runs on was manufactured and probably designed somewhere else.

sev.monster

Re: I am unsure

I am suitably convinced our mars-bound friend is simply perched on the edge of his rocker, nothing more. This dude has been around for those 10 years... What, is this your first exposure?

Facebook, Threads, WhatsApp, Instagram stumble on and offline in global outage

sev.monster

I mean, if what you're saying is that Daddy Musky should buy Meta, rebrand everything incomprehensibly, tank advertiser investment, "make redundant" 80% of staff, and nearly kill the company, I completely agree and fully support Elon in his decision.

Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket

sev.monster

The irony is real, but I doubt this is their only backup. These companies are still boned. This group might not be the only ones to break in, either.

Microsoft teases Copilot Vision, the AI sidekick that judges your tabs

sev.monster

Re: HAL, please explain the value of Copilot Vision subscriptions to me...

If I pay $2000, do I become the smartest man on earth?

iOS 18 added secret and smart security feature that reboots iThings after three days

sev.monster

GrapheneOS, a security-hardened Andoid fork, has had this for years. Some other flavors also ship with it. Nice that Apple is pushing it to all their new kit at least, I wish Google/et al. would do the same.

Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online

sev.monster
Childcatcher

Yawn...

I feel the biggest consequence of all of these breaches and their eventual publication is how so much less impactful they feel. Oh no, billions of rows... Ah, nothing exciting, happened last week too.

I worry for the layman that sees this and thinks nothing of it... including while they are being actively phished.

Trump's pick to run the FCC has told us what he plans: TikTok ban, space broadband, and Section 230 reform

sev.monster

Re: Tiktok ban

Modern life has its terrors, sure, but I would place no small onus on the people taking advantage of it for their own profit.

sev.monster

Why are you taking my biscuit? I have this bread roll you can have tho.

Smartphone is already many folks' only computer – say hi to optional desktop mode in Android 15 beta

sev.monster

Took the words out of my mouth.

I thought that's where the ferret went?

Chinese national accused by Feds of spear-phishing for NASA, military source code

sev.monster

Wow, color me surprised... Oh, I look the same? You don't say.

Google Chrome gets a mind of its own for some security fixes

sev.monster

It really doesn't, though there are workarounds. I've read there's been some flip-flopping on if uBO will be supported post-Mv3, or if uBO Lite will replace it permanently.

I'm sticking with LibreWolf.

sev.monster

Just because you don't see the benefit, doesn't mean there isn't any. And some (weird) people really do see enough benefit in the services they receive when they give away their info.

sev.monster

So how long until uBlock Origin's access to websites is considered a security threat and automatically removed?

EV sales hit speed bump as drivers unplug from the electric dream

sev.monster

Re: I was considering an electric car but...

I'm not sure what you're on about, but temperature differences and running AC impact fuel efficiency for petroleum engines too. Not as much as EV's, but still. An engine has to do extra work to provide more output, no matter what it is. Bit disingenuous.

sev.monster

Re: I was considering an electric car but...

It's not even that manufacturers are lying, it's that range estimates are just that. Battery temperature and health, as well as driving habits, heavily affect the potential range out of a charge. Software has to be very specifically calibrated to show the correct range estimations, which can fail due to bugs or unexpected battery state. Which, yeah, this is no excuse.

sev.monster

I would say both. EV tech, regardless of if the specific concept is good or not, needs significant infrastructure and support to be usable, and both aspects are still pretty weak right now compared to the alternatives. The EV market is still in its infancy; there is a lack of aftermarket/secondhand cars and parts, few third-party repair shops, iffy software with considerable privacy concerns, and chargers sparsely dotted around unless you're in a bigger city.

The lack of a mature market also makes one very dependent on the manufacturer, and with these EV companies sprouting up and failing over and over again, I imagine it's difficult to get consumer trust—not just with specific brands and companies, but with the industry and EVs as a whole. For example, manufacturer repair centers are basically the only places that can realistically service your car, and wait times can be incredibly high due to the lack of technicians and centers. Tesla owners can wait months on parts and service, and that's a non-starter for many people. Hell, only recently has a unified charging standard come about; previously, you would have to look for specific chargers that supported your specific brand of car, which is absurd. Naturally Tesla dominated the market, and they didn't share their charger design with anyone until recently, when they contributed to the new charger standard. But even then, not all chargers and cars have been updated—some can't be, and require the development and vendor/consumer purchase of adapter kits.

The best hope for the solidification of the EV market is to further standardize, and get more EVs into consumer hands to drive the need for more infrastructure... But manufacturers are still fighting over innovation, and you can't convince consumers to buy EVs without confidence in the infrastructure, so...

Starlink U-turns, will block X in Brazil after all

sev.monster

Re: 23 ground stations and a bunch of bank accounts

Gotta love how "when I want it" his idea of free speech is.

Over 40 million Kakao Pay users' data somehow ended up with Alipay

sev.monster
Boffin

"The Second Most Common Encryption Program"

SayingYourPasswordsAreSaltedButReallyIt'sPlainText13

Attacker steals personal data of 200K+ people with links to Arizona tech school

sev.monster

Re: burst your bubble

Correct. Some universities even have their own on-site doctors and practices. Mine does, with free checkups for employees and reduced prescription prices, filled on-site. It's the perfect place for nurses in training, and provides a great benefit to the university community at the same time. Now, that data isn't typically (or shouldn't be) stored in the SIS, but who knows how they organized that stuff at EVIT.

As long as it's HIPAA-compliant and the audits pass, they haven't done anything wrong. Maybe morally objectionable @Snake, but at least nothing legally wrong.

sev.monster

Re: That is a Chinese level of data monitoring.

Sorry to burst your bubble, but every higher ed school (uni, college, etc) collects and stores this information in their SIS. Whether or not it's good, it's standard practice. Much of it is required to be retained for regulatory compliance: those very same audits you want already exist and are done at least yearly or sometimes more often, but they are designed to ensure universities hold on to data as much as to safeguard it.

This was likely a direct breach of the SIS, based on the data they say was exfiltrated. Pretty much the worst thing that can happen. It's likely the systems were not connected to the Internet directly, but some API was exploited or they gained access to internal networks. Due to how these places are structured, complete isolation is not possible, and tons of APIs hook into the data at any one time. Could be a report was found on an insecure FTP sever somewhere too; it's amazing the number of cloud companies and integrations require you to dump tens of thousands of records into a CSV and push it to some FTP (no, not SFTP or FTPS, just FTP, our systems don't support anything else) site.

Hopefully it was an Ellucian product that was exploited, so we can continue to collectively shit on them as an industry.

Users call on Microsoft to update Outlook's friendly name feature

sev.monster

Re: [External]

Your email team(s) can definitely fix that. Sounds like they can't be arsed or don't know how.

sev.monster

Re: "more than 100 votes"

User Voice (the old forum that Microsoft shut down and wiped without migrating all the questions over) saw interactions in the hundreds and maybe thousands, and the new MS developed platform sees a bit less. These are expected numbers, and honestly I wouldn't be surprised if Microsoft ranks request popularity by "number of users each vote's admin represents in Entra ID". Which would quickly spiral into the hundreds of thousands if not millions.

There aren't a lot of votes but the votes that are there are massively important. But even with that pressure, Microsoft's track record includes more postponing and hand-waving than it does actual fixes. Guess they don't care if joeschmoe.onmicrosoft.com closes shop and dumps 10k users onto an internal Nextcloud instance instead.

Uber and China's BYD agree deal to roll out 100,000 EV fleet

sev.monster

I wish it were. I feel like society at large is ignoring the threat that EVs place on not just our supply chain but on the extremely difficult to douse fires they produce.

sev.monster

Considering avoideable flaws and design issues in teslas, BYD doesnt look too bad at all. [...] All in all, i dont believe they differ too much. Teslas flaws and BYD flaws somewhat cancel each other out. I still see BYD a better alternative or at least a long needed competitor

I am not a battery engineer so I can't comment on the quality of the battery tech. But comparing BYD to Tesla is comparing rotten apples to rotten oranges—both have flaws in their own unique ways, and rather than equate to a similar level of crapness, I would prefer one to be markedly better to the point of being an actual positive.

I am all for market competition but trying to displace one flawed product with another flawed (or unproven, take your pick) product is not my idea of a good time. I am not at all sold on EVs and have yet to see any company plan to make something I would actually want to drive—except maybe something from Caterham.

You have a good point about the status favoritism with Tesla. I didn't consider that angle. It's probably not possible to differentiate purchases for legitimate quality concerns vs face, so I'll reneg on that.

sev.monster

Despite what is talked about the Chinese vehicles are now very good, whether ICE or EV. The Chinese are very good at chipping away until what they have is just as good quality, if not better than Western products. They think long term.

I call bullshit on this entire paragraph.

Chinese corporations are known for stealing IP, copying designs, lying to regulators, and pushing cheaply produced crap. You can't honestly believe anything you just said when you look at the state of the market and general consumer feedback.

Furthermore, my default opinion for any shilled corporation—not just Chinese ones, and especially anything EV— is negative, and everything I've seen about BYD has cemented that belief. They came out of nowhere, claiming to be a market leader and innovator, like so many others. Yet Chinese social media shows their cars catching fire and failing at a concerning rate, where it's expected such information should generally be tightly restricted. In that regard, who knows how many instances of that we have not been able to see.

Getting into the car market is difficult enough as it is, and Western EV companies are flopping left and right. I fail to see how BYD will be able to break into the market with their lackluster products without cutting major corners, which is yet another reason I do not trust them.

I don't know anything about UK EV buses. Don't see how that's relevant to discussing BYD.

sev.monster

What does the lifecycle of flash storage (specifically eMMC, which may not even be used on BYDs) have to do with anything? Telemetry and other data is shipped off via data connection regardless. If everything stayed on-device I would care substantially less from a data privacy standpoint.

Anyway the point of my post is to reinforce what was said earlier. If government bodies can't trust telco OEMs, why should they trust driving cameras? Both with ties to the government?

And there is absolutely no difference, other the owner of the data, when it comes to siphoning information out of the average modern smart car. I don't know why you are being so defensive. Got some Pooh blood on you?

sev.monster

You're daft if you think BYD's cars are any better than Tesla. Mainland Chinese prefer buying Teslas over BYD's refuse for a reason. They are built to low standards and have a myriad of questionable design decisions. Five minutes of research will show you this.

I am not at all excusing Tesla's shoddy QC, staffing, or their very own questionable design decisions, mind you. But I'd rather be in a Tesla anything than a BYD anything, by a wide margin.

sev.monster

You would think having what equates to spy vans driving around on the streets, vans replete with multiple camera and microphone arrays, would be a call for worry. Especially since BYD is as much in the CCP's pocket as Huawei is. And if they're self-driving, who's to say a "BYD representative" could tell it to drive to any location? Let's call it a "bug" that it drove into a secure government facility. Yes, we "accidentally" recorded classified information, and we "promise" to delete it.

Tesla that killed motorcyclist was in Full Self-Driving mode

sev.monster

Re: Throw the book at him!

I'm curious why there was no preventative measure to block FSD in Washington. You'd think they'd do that to prevent future lawsuits. But I'm not particularly Musky, I guess I'm not allowed to understand.

sev.monster

Re: Not entirely true

Mustangs too, but only if an internal camera detects the driver is 23 years old or younger.

Google's plan to drop third-party cookies in Chrome crumbles

sev.monster

Re: Firefox

ETP is a major selling point for Firefox over Chrome right now, branding-wise. Everyone interested in what ETP can do surely knows Privacy Sandbox is a joke, so Mozilla has a vested interest in not changing it for now.

Mozilla is no saint, they just happen to be doing better than the other guys. I wait with bated breath to see how they footgun themselves this time.

Page: