Re: Sad
Like most of the 750 'resources' Infosys has hired?
Posts by FILE_ID.DIZ
174 posts • joined 26 Aug 2020
Indian state cuts off internet for millions to stop cheating in exams
Square-shaped hole in workers' wallets after payment system fails at peak tip time
Thursday 23rd September 2021 17:31 GMT 
Re: Tipping
Federal law requires that an employer "make up" the any "lost" wages between the tipped wage and the minimum wage of $7.25/hr. Federal tipped wage is $2.13/hour
For example, if a tipped employee works for 10 hours (just to keep the maths easy), their tipped wage for that period will be $21.30. If their tips do not exceed $51.20 (72.50 - 21.30), then the employer is required to pay the difference.
That is federal law, which is the floor for wages in the US. Many states exceed federal law, in both terms of minimum wage and tipped wage.
So, to your point - most likely that manager was running out because they knew they were going to have to come up with the difference... especially of the place was slow or they had too many people working.
My better half used to like working a few off-shifts bartending each month to keep her skills up. I'd audit her paystubs from time to time (it's the accountant in me that causes this disease) and tell her that her employer is shorting her - in that they were not making up the difference.
She chose not to push the issue for fear of retaliation, plus it was honestly a negligible amount given the trivial amount of hours she worked there - usually just a few dollars. However, the payroll provider is a massive company and I have to assume that all tipped employees at that employer are being given that same shaft that my better half was given. It is possible that the other full time employees are getting shafted harder, although my better half wasn't working prime-time shifts.
And if this massive payroll company allows one employer to flaunt wage laws, I have to image they allow everyone else to do so as well. Two decades ago it was much easier to weasel around this law because credit/debit cards didn't make up as much of the transactions as it does today, which means there's a proper paper trail.
Thursday 23rd September 2021 04:44 GMT
Re: I never get tired of saying it
I am unaware of a single case where the issuing bank owns the credit card network who in turn owns the acquirer who in turn owns the merchant.
Acquirers (and payment facilitators like Square) have outages from time to time, both large scale and small scale... although the small scale outages are probably becoming harder to find simply because "hard line" connections back to the acquirer aren't used much any more and instead the transaction data flows over internet to the acquirer's gateway.
Issuing banks have outages as well. Credit card networks are probably the most resilient of all the parts that make transactions possible.
Memory prices to dive in late 2022, says Gartner
Thursday 23rd September 2021 05:21 GMT 
Not if you...
The memo states that memory contributes even more – 40 percent – to the cost of a two-socket server.
... buy OEM-branded memory, what fucking highway robbery!
I always buy first-tier memory separately, just like what Dell/HP/Lenovo happily sell at an excessive up-charge: Samsung, Hynix and Micron.
Haven't been disappointed - with the savings I buy a few spares so that I can replace the memory faster than Dell/HP/Lenovo can get a courier over and have barrels of money left over.
Lithuania tells its citizens to throw Xiaomi mobile devices in the bin
SEC takes legal action after crowdfunded marijuana investment scheme appears to go up in smoke
Tuesday 21st September 2021 21:46 GMT
Re: Great business plan
Fortunately, the Excessive Fines Clause of the 8th amendment was recently (2019) incorporated under the Due Process clause of the 14th amendment.
Until that was incorporated, that clause of the 8th amendment did not apply to state and local governments.
(There are still a few clauses which have not been incorporated, such as the right to a jury trial or the right to be indited by a grand jury, however many states have those clauses in their constitution or through statue. And of course, the last BIG amendment to be incorporated was the 2nd in 2010.)
The case that led to the Excessive Fines Clause to be incorporated Timbs v. Indiana, was a result of the state taking someone's vehicle for the crime he committed, however - the vehicle was valued greatly over the maximum fine allowed under the law and thus was found unconstitutional.
Hopefully we'll be seeing a dramatic decrease in successful asset forfeitures in excess of any fines that can be levied.
Forget that Loon's balloon burst, we just fired 700TB of laser broadband between two cities, says Alphabet
Ransomware-hit law firm secures High Court judgment against unknown criminals
Hey – how did you get in here? Number one app security weakness of 2021 was borked access control, says OWASP
DoorDash, Grubhub, Uber Eats sue NYC for trying to permanently cap delivery fees
Saturday 11th September 2021 01:56 GMT
Yea...
I'll use grubhub and ubereats to find new places.... and then I use google to find the restaurant's actual website and/or their real phone number and order that way.
The shitty thing is I've noticed from time to time is when Uber Eats provides you a $20-$25 discount, that discount barely covers their fees.
So, thanks for the nice directory.
Big data means big money for the UK government as £2bn tender mooted
Arms not long enough to reach the plug socket? Room-wide wireless charging is on the way
Wednesday 1st September 2021 15:31 GMT
Re: Frequency? Effects OUTSIDE the room? Messaging IN ADDITION to power?
Or like how I noticed there was nothing hanging on the walls, like photos or paintings and the such.
With all that shit in the walls, I am reminded of a building that we did (network) cabling in. The building had a geothermal HVAC system, but it was weird in my experience with geoHVAC as it had pipping through all the walls (radiant system, I guess).
Anyway, we were informed that we NOT to penetrate any walls or floors without consulting the on-site engineer to verify that we wouldn't penetrate the system. What a real PITA that job was.
Wonder what this system would look like? And I can tell you that electricity probably bites a bit more than a liquid leak.
Children of China, your state-sanctioned hour of gaming begins … now!
Tuesday 31st August 2021 04:41 GMT
First China allows parents to have up to three kids.
Second China make overworked, near-absentee parents (some through no fault of their own) stop working 69-9 work weeks (wait, is that right?).
And now they've taken away the after school entertainer during the work week?
Might this be a bridge too far?
'No peeing towards Russia' sign appears on country's Arctic border with Norway
Saturday 28th August 2021 07:18 GMT
Re: Covered by cameras....
piss-poor? I thought that was just the smell going under the bay.
I will admit - BART train cars are considerably wider than the "standard" rail stock that I've ridden on through my travels.
Perhaps they provide a greater area to absorb urine? Or they allow everyone a seat so that those seated don't have to stare at the standing passengers derrière like in "standard" rail stock.
Thursday 26th August 2021 20:37 GMT
Re: Covered by cameras....
I have no clue about there or where you live either, but where I live, I've seen video released to the public by the Government from red light cameras (which double as stationary security cameras) about a vehicle crash (for example) and they're grainy as fuck.
However, catch a red-light ticket and that thing is all of a sudden high-def? I think they intentionally muck with the video when they those to the public versus the high-fidelity that they're actually watching and recording at.
But I have no actual knowledge, just my observation.
Start or Please Stop? Power users mourn features lost in Windows 11 'simplification'
America's Argonne lab buys AI super from HPE, AMD, Nvidia while waiting for Intel
Israeli firm Bright Data named as enabler of Philippines government DDOS attacks on opposition groups
Cop drone crashes into flight instructor's airplane
Japan's aerospace agency hooks up with Boeing to make planes quieter when they land
Watchdog 'disappointed' it took NHS England over a year to release details of access to Palantir COVID-19 data store
Apple says its CSAM scan code can be verified by researchers. Corellium starts throwing out dollar bills
SolarWinds urges US judge to toss out crap infosec sueball: We got pwned by actual Russia, give us a break
Wednesday 4th August 2021 16:33 GMT
Re: To be expected
What's wrong with capitalism?
I mean Thoma Bravo could have brought to bear at SolarWinds just a few of their other properties like Sophos and McAfee for end-point protection, Barracuda to filter their internet connections and emails, LogRhythm for SIEM, DynaTrace for application profiling, Connectwise to keep track of the tickets, Flexera[0] to eek out the maximum from their IT investment, Stamps.com to notify everyone of the break-in and JD Power to give someone else an award... or maybe give one to SolarWinds for the scale of the break-in.
TBH, the stamps.com deal hasn't closed yet. They're still in their "go-shop" phase for another week or so.
[0] - Yup. The same company that brought us InstallShield.
Twitter uses HackerOne bounties to find biases in its image-cropping AI model
Are you a 1%er? Windows 11 turns up in the usage figures
Thursday 29th July 2021 14:44 GMT
I can't tell if you're a troll or not.
Of course, who doesn't wipe a computer before being used.... but I still reinstall System Updater. No easier way to keep up to date on firmware updates for an individual laptop.
As for going no updates on a machine, well, that's stupid IMHO. And now that Microsoft has a monolithic/cumulative patching process (and has for years), how do you go about just applying just fixes that are reproducible? Install that one patch and you've installed all patches issued previously. Plus, let's not go into the problems with failing to install the appropriate SSU before attempting to install a patch.
If I attempt to install Lenovo's provided driver, that fails. I am required to go to Nvidia's Advanced Driver Search page and download the "Standard" driver (non-DCH).
Part of the problem I believe is that the DCH driver provided by Lenovo requires the installation of the Nvidia "Control Panel" and Intel "Graphics Command Center" tools which are UWP/DCH-only applications by default.
When I read further (albit a long time ago) into DCH drivers, it has UWP written all over it, as shown in the links I provided earlier and this overview.
Nvidia has a link on DCH drivers. Even their latest Release Notes has three mentions of DCH, here is the the first
Thursday 29th July 2021 05:51 GMT
Well...
Unless you went out of your way and installed Windows 10 LTSC, most likely your GPU driver is dependent on the Store, namely DCH-based video drivers.
These abominations are UWP, or just using a Desktop Bridge to help extinguish regular executables.
I first noticed this issue after my fresh installation of LTSC when my Lenovo System Update asked each day to install the newly released nvidia driver. After a few weeks of annoyance, I dug into it a bit deeper by manually attempting to install the Lenovo driver and watched it fail miserably.
An aside - having experienced all the pain formerly known as Nvidia Optimus on a much older and now retired Lenovo laptop, I half-expected to need to go to the BIOS/Setup and disable the iGPU once again.
But no... the problem wasn't due to mixed GPUs... but simply my blissfully ignorant version of Windows 10, edition LTSC. I knew I liked LTSC as soon as I opened up Calculator, but never did I think that GPU drivers would require the Store as well.
Nevertheless, each time I hear my little laptop CPU blower kick on high around 5PM for a few days in a row, I double-check to see if there's a pending GPU driver in System Update and I go to Nvidia's Advanced Driver Search and download the latest non-DCH driver and install that.
Hubble in another first: Water vapor spotted in atmosphere of Jupiter’s Ganymede
China sets goal of running single-stack IPv6 network by 2030, orders upgrade blitz
Tuesday 27th July 2021 07:02 GMT
Re: Democracy and capitalism fails when it comes to long term planning.
Technically the next "production" version of IP should be IPv10. Odd numbers typically are experimental, even numbers aren't and the next three numbers seem to be assigned already.
https://www.iana.org/assignments/version-numbers/version-numbers.xhtml
IPv4 is only elegant because millions of people were taught only IPv4 and a great deal of them are stuck in that sand trap. I will say that DNS is the best friend to IPv6. Who gives a shit anymore about remembering 192.168.1.223.
IPv4 however, is not economical. If it was, the whole world wouldn't need to try to move to IPv6. And if you really want to hold onto IPv4, as a carrier it is very much NOT economical. CG-NAT is a very expensive license to be sure.
Furthermore IPv6 is especially hard for those used to the belief that NAT is a mode of protection. Firewalls are just as effective with IPv6 as IPv4. NAT is no more secure than Linus' blanket.
Dell won't ship energy-hungry PCs to California and five other US states due to power regulations
Tuesday 27th July 2021 05:32 GMT
Actually, if you bothered to read the full article the law constrains quote "short-idle, long-idle, sleep and off-modes " power consumption.
It sounds to me that if you're playing a video game with 4 x GPUs with a 2KW power supply plugged into a 20A wall socket, that's allowed. What is not allowed is for an idle system to exceed specific power limits.
In the '80s, satellite comms showed promise – soon it'll be a viable means to punt internet services at anyone anywhere
Friday 23rd July 2021 21:57 GMT
As an admin at a small ISP who saw his bonded T1s fill up when users discovered alt.binaries, I did, but there weren't enough of us, I guess.
Same here, back in the mid 90's we went to a satellite feeding our nntp server. I assume that was considerably cheaper than hauling in another T1. I want to say the port and line costs for a T1 at the time were north of $2000/month.
Refreshing: An Office update that won't frighten the horses
What follows Patch Tuesday? Exploit Wednesday. Grab this bumper batch of security updates from Microsoft
Friday 16th July 2021 23:22 GMT
Re: #The Times They Are Not A-Changing#
Yes, I made a mistake, substitute private key for certificate, there fixed.. Everything else typed remains true. Must be nice not to make typos.
A CA does hold its own private key. How else can it sign a request presented to it?
A HSM is just a tamper-evident device which can store private keys and sign things with them. One among a whole slew of things that they can do.
Once and a while, a Root CA does need to sign a new sub-CA cert, so the story was plausible to me back then as it is still today. You want to ensure that the root CA is in a protected and trusted state so that it can not sign an unauthorized CSR.
Corollary is that with it physically disconnected from any network and physically secured, the private key is at a known and safe location.
Wednesday 14th July 2021 19:15 GMT
Re: #The Times They Are Not A-Changing#
At one point I believed that was how Microsoft stored their root CAs (think early oughts) at a Microsoft campus. I don't know if that was rumor or whatever.
I know that when I heard of that, I knew very little about PKI at the time and for sure didn't know about HSMs, which is where valuable data like root certificates reside these days.
The coming of Wi-Fi 6 does not mean it's time to ditch your cabled LAN. Here's why
Friday 16th July 2021 00:46 GMT
Re: What really grinds my gears.
First off, I did not propose a restriction. What I am proposing is an upgrade. While GMRS wasn't the best analog, it was a quick example that I could come up where licensed users are granted more transmitting power and more bandwidth where GMRS and FRS overlap (except for the 467MHz interstitial frequencies... those are identical) and granted access to repeater frequencies.
What I know is that the unregulated 2.4GHz non-ISM use is a hot mess in saturated environments because people simply believe that more power (transmitter output) and more APs is more better. They start buying these spider looking access points and place them in every corner of their home on odd-ball channels, thinking that more is always better.
That is no different than a large group of people in a room, subdivided into smaller groups of people conversing together and slowly each smaller group starts to speak louder to overcome the din of the entire room. Eventually all the smaller group are speaking louder and louder until everyone is screaming in order to be heard over the cacophony of the room.
That is my general impression of residential wifi today.
First topic, a firm understanding of wifi channels and what they actually represent.
Second topic, is related to channels are "wide" band settings.
Third topic is location, location, location. Poor AP positioning (physical) can do a lot to destroy throughput, even in low RF saturation areas.
Fourth topic is understanding mesh network design and understanding that wireless back haul is still shit in its current form and every form since 2007 when I tried to install my first wireless back haul. (To be clear, this is STRONGLY my personal opinion, but I think it is still an important topic nevertheless to understand everything going on behind the scenes.)
Fifth topic is understanding that it takes two to tango. Just because your signal strength is showing strongly on your device, that doesn't mean the same is true for that device talking back to the access point. Yea, there's RSSI/RCPI that's supposed to help.
So, there are some topics off the top of my head.
The obverse to those points is that is what is happening with some consumers of wifi today - an arms race thinking that more power and more antennas and wider bands are going to help them with higher speeds and/or lower latency or at least maybe the ability to out scream out their next door (or many doors down) neighbor(s).
How does one resolve that in an unlicensed space today?
1) Does one go and talk and try to educate other meatsacks about their RF pollution?
2) Does one foil their home over to prevent "noisy" meatsack's RF pollution who didn't take kindly to the earlier education attempt(s)?
3) Does one abandon wifi entirely?
4) Does one say fuckit and move to Green Bank, WV?
Personally, I've chosen option 3 as much as I can, except for where I can't - such as our iDevices and printer and laptops when they're not docked (which is most of the time).
Can an industry group get together and come up with an identical radio standard to Wifi, except instead of using the hot mess of an unlicensed space, carve out some licensed frequency where all participants of that space agree to the same set of rules by which all abide to with the ability to file grievances against other licensees and the ultimate penalty for failure of adherence when it causes undue interference - revocation of your license.
That space can even overlap with another licensed/restricted space with similar terms on how Wifi overlaps the 2.45GHz ISM band, except that you have to pass a test and pay a fee.
There you go, and I also didn't mention unwashed masses or plebs.
Thursday 15th July 2021 18:40 GMT
Re: What really grinds my gears.
What's your point that that a licensed frequency product is not called WiFi? I couldn't care less in the name of something, I'm not from the marketing department.
Amateur space cannot be used for commercial purposes, period. Furthermore, amateur space is not "assigned" to any one licensee.
And these last few years are even worst, but for different reasons. Today's problems are due to a proliferation of devices which use these frequencies with no way to mediate problems between different users.
I mean, in my building, I would LOVE to be able to have our property manager include in everyone's lease agreement that for the 2.4GHz band, that only channels 1,6 and 11 are to be used and only 20MHz is to be selected. But I can't, and they probably can't either. Only through talking to other the other meatsacks in the building and teaching them some basic RF/wifi knowledge, them maybe I could get some people to come to a common understanding on how we can all be "better RF neighbors". But that's not going to happen either.
Which is why I'd rather leave the unwashed masses behind in their cesspit.
Thursday 15th July 2021 18:26 GMT
Re: What really grinds my gears.
I wouldn't know what to put on the test. I am not qualified to write tests in the least. I am no psychometrician.
While I cannot design any test, that doesn't make what I've stated untrue about the unwashed masses using unlicensed spectrum who are doing exactly what one would expect in unlicensed space, which is why wifi is such a crap-in-shoot - especially in high-density environments.
Over the past year I have been working with numerous colleagues who have been struggling with mediocre wireless performance within their home. Things like average 30-40ms RTTs with the occasional 200ms+ from their laptop to their home's gateway... is pathetic.
The changes I make were generally small, rarely require purchasing additional hardware, but significant enough to resolve most of their problems and at a minimum, stabilize the latency inside the home.
Back to my original point, by providing a licensed chuck of frequency for those qualified to use it - it can segregate those with enough training to use that space responsibly from those who clearly aren't, much like how other licensed space is used today.
Finally, amateur bands cannot be used in a commercial application, full stop. I would anticipate a licensed chuck of frequency would be initially sought after by commercial users long before consumers pick it up, except maybe by gamers who (for whatever reason) haven't gone back to a wired connection.
I mean, I've done plenty of wifi designs for commercial users and in complex scenarios, that can take a lot of time and effort to fine-tune. And time = money.
Thursday 15th July 2021 13:04 GMT
Re: What really grinds my gears.
An exam and enforcement, to answer points one and three, respectively. No different than how FCC regulates amateur radio licensees or other radio frequencies that businesses use, such as licensed wireless microphone systems, two-way radio systems, radio data systems, so on and such forth.
As for point two, if the market demands it, it would behoove a manufacturer to make the product
Wednesday 14th July 2021 23:19 GMT 
What really grinds my gears.
"Importantly the transmission medium still hasn't magically become full-duplex. Stations may get around this with some kind of trickery, but they still need to wait for the all-clear to send data. Remember that all stations and APs still hear all the transmissions. It's still a broadcast medium at the most basic." (Emphasis mine)
This is the thing that I like to mention to people when they open up their wifi adapter and see two dozen SSIDs is what you don't see. You don't see any extra BSS's with the same SSID, less likely in a residential setting. More troubling are all the wireless clients, eg: phones, laptops, tablets, fire sticks, thermostats, so on and so forth which are also transmitting.
I kinda wish that that there could be a WIFI equivalent to GMRS (at least here in the US, it requires a license to use). This way the educated WIFI users can get out of the quagmire that the unwashed cause in high-density environments. Where everyone buys the access point with more antennas than a spider has legs, cranks their output to 11 and start using channels like 2,3,4,7,8,9 and 10, thinking that a channel is only a signal frequency wide. And let's not start on the "wide channel" users - fuck them.
Sure, 5GHz is a thing, and I use it everywhere I can, but it attenuates so rapidly. And for whatever reason (I forgot the reason, tbh) but a lot of the 5GHz channels overlap on Public Safety Networks, which is shitty. Sure, there's a(nother) fix for that, DFS, but for me, it is more polite to simply stay out of the DFS channels. Wouldn't want my crappy equipment to cause some PSN interference.
Report sheds light on 'cocky' but 'creative' Mespinoza ransomware group
Thursday 15th July 2021 13:51 GMT
Some Security Researcher....
"There's really no reason to expose RDP directly to the public internet in this day and age," security researcher Tom Hudson told The Register of the all-too-familiar entry point for Mespinoza's attacks. "If you need RDP access over the internet you should be requiring the use of a VPN with multi-factor authentication enforced."
FTFY.
Their prose is too wishy washy for me to take them seriously.
SolarWinds issues software update – one it wrote for a change – to patch hole exploited in the wild
Tuesday 13th July 2021 20:27 GMT
Re: A modest proposal
With few exceptions, I have found that inbound blocking those IPs from our datacenter networks hasn't had much impact, which makes a lot of sense (at least to me).
Most of the "cloud" is spoken to first, then it responds. So uninitiated traffic from cloud provider networks to our datacenter networks isn't generally expected, except where other vendors/partners/customers/whathaveyou are also hosted by one of those providers.
And the reason why I block cloud providers is that I've hosted more than a few honeypots over time and there is just so much dirty looking traffic coming from presumably compromised machines running in the AWS, Azure and GCP space.
Tuesday 13th July 2021 05:03 GMT
Re: A modest proposal
It's not that simple.
In the first (original?) SolarWinds data exfiltration service, the crims were using Azure compute nodes out of the US (or at least Azure IP addresses based in a US region), presumably to get past any obvious GeoIP filtering and keep suspicion down for as long as possible from a suspicious analyst.
These days its mandatory to not just GeoIP filter, but block all of the IP space that GCP, AWS and Azure use these days. Of course, whitelisting trusted sources might be simpler.
Quick Reference:
PS: In this case, at least the ".1" of each of the /24's provided, one was based in the US and two were from Canada (at least based on inference of their rDNS record), so probably not places that'd be likely excluded from a Geo-Fence... at least in the SSH setups that I have.
I also block based on the client connection string, like "SSH-2.0-libssh" and "SSH-2.0-Go". If only the idiots would be smart enough to use OpenSSH or PuTTY, or WinSCP in their string, they could easily slip past that filter.
Smuggler caught with 256 Intel Core processors wrapped around him in cling film
IBM email fiasco complicates sales deals, is worse than biz is letting on – sources
International law enforcement op nukes Russian-language DoubleVPN service allegedly favoured by cybercriminals
Thursday 1st July 2021 04:37 GMT 
Are there any smart criminals left?
So wait... just so that I understand what was going on here...
DoubleVPN was a single, monolithic company with multiple PoPs and they upcharged you to route your traffic through multiple PoPs before heading to the destination.
Yet the infrastructure was all owned by the same organization?
In the old hackers example provided in the article, the protection afforded was that you were bouncing off non-related infrastructures, so it'd take longer and be harder to back-trace the traffic. (According to a friend.)
It seems that all these clowns did is introduce excessive latency and hike the cost to connect to your destination.
