* Posts by OhForF'

426 publicly visible posts • joined 29 Mar 2022

Page:

IBM CEO pay jumps 23% in 2023, average employee gets 7%

OhForF' Silver badge

Re: Interesting because of the legal mess he just landed IBM in.

While i agree hiring quotas are fundamentally a political issue they can although become a legal issue. If the law says you must treat all races/ethnics equally and you refuse to hire someone because your quota for white caucasian males is already filled a judge may rule that you're breaking the law.

Having a different political opinion doesn't allow you to break the laws as they are currently in the books. You can decide you want to be a political activist and ignore the law but then you should be prepared to deal with the consequences (at least the minimum fine as set forth in law).

RISE with SAP plan fails to hit go-live date in West of England council

OhForF' Silver badge

Re: Liability?

It is very unlikely SAP itself is managing the delivery. More than likely it is some consulting agency.

How consultants get away with desigining a solution and managing its delivery for a lot of dosh while not being liable for anything is something i've never understood.

OhForF' Silver badge

>Councils could proactively link together<

They'd have to agree to do things the same way. If my own expierience from continental europe is any indication local fiefdoms will prefer to go bankrupt before giving up the smallest amount of influence.

"Allowing our <insert_vilification_of_choice> neighbours to have a say in how we run things here? Not gonna happen."

UK minister tells telcos to share telegraph poles if they can't lay cable underground

OhForF' Silver badge

Re: They do.

Then the MP should have approaced the minister with a draft of a bill and asked him to introduce it as a public bill - not to get him to publicly ask network providers to do better, pretty please.

Looks like they got enough comlaints to need to be seen to do something before the election but don't care enough to actually work on fixing the problem.

OhForF' Silver badge

Re: They do.

They should HAVE TO. Why are those MPs kicking the can down the road to the minister instead of working on laws that say infrastructure must be shared between providers using fair and reasonable terms?

Developers beware, Microsoft's domain shakeup is coming soon

OhForF' Silver badge
Windows

Re: I seem to have gotten to this planet by mistake. Does anyone here speak English?

If it worked as promoted currently by Micros~1 it would be a great way to filter the marketing stuff (*.microsoft.com) when using their services.

What are the odds that i'll be able to whitelist scripts in my browser for the "user-facing product experiences" *.cloud.microsoft (or even*.microsoft) only and have authentication and services working properly?

I fully expect this attempt at a "reduction in the fragmentation of domains" to work out like attempts at creating one univseral standard for all use cases.

Attacks on UK fiber networks mount: Operators beg govt to step in

OhForF' Silver badge

Getting the police to patrol network cables isn't going to work, they have limited manpower and have to prioritize events with more immediate safety concerns.

Asking for higher fines for those caught shouldn't be necessary as network providers should be able to sue them for damages which should be more than enough of a deterrent. Of course that kind of deterrent only works for those that actually think they will be caught, i.e. are as ineffective as higher fines.

If this is happening often enough network providers will have to invest in security infrastructure and personal and can't just rely on the government to do it for them.

Job interview descended into sweary shouting match, candidate got the gig anyway

OhForF' Silver badge

The MD likely didn't allow senior management to write down anything to avoid an auditable paper trail but still needed them to remember the things that need to be done.

Rapid7 throws JetBrains under the bus for 'uncoordinated vulnerability disclosure'

OhForF' Silver badge

Re: and these are the good guys?

I believe Rapid7 didn't try to dictate anything but were miffed that JetBrains didn't even attempt to coordinate when to disclose that information with them. If JetBrains doesn't bother to talk to Rapid7 about timelines there's not much room for them to complain any details were released to early.

IP address X-posure now a feature on Musk's social media thing

OhForF' Silver badge

Mark I 2 wasn't asking about the video and audio calling features but about the DM direct messaging feature.

They call me 'Growler'. I don't like you. Let's discuss your pay cut

OhForF' Silver badge

When talking directly to the prospective buyer its usually "VIP rates".

AI to fix UK Civil Service's bureaucratic bungling, deputy PM bets

OhForF' Silver badge
Devil

LLM says no

So instead of "computer says no" we'll get "LLM says no" but it won't be a simple no but a 3 page long essay why the citizen's submission can't be processed.

Great times, we can probably just use that essay and a LLM and a prompt like "write a legal statement that states why this breaks the law" and keep their law department and a judge busy for half a year.

Meta's pay-or-consent model hides 'massive illegal data processing ops': lawsuit

OhForF' Silver badge

Re: basically proposing you pay it in order to enjoy your fundamental rights under EU law

It doesn't. There is no fundamental right to a business model where service consumrs pay with their data either.

Cybercrims: When we hit IT, they sometimes pay, but when we hit OT... jackpot

OhForF' Silver badge

"Isolated" VPNs need constant vigilance

Those operational networks usually start out as an isolated VPN and devices on that network can only communicate on that network with the systems directly controling the operation.

After a while managers in the back office decide they need direct acces to the operational data and reports of the current opreation from their PC. The shift mangers in charge of the operational part want to be able to use those PC's in the operational network to access the ERP system and email and ...

Unless some CISO steps in the IT and network guys are not in a position to say no to managements requests. Before long you'll be able to use a PC in that isolated op's network to surf the Web and are one wrong click away from installing malware.

Even if the network is still isolated you'd need to have tight access controls. Let's say the third party technician in charge of maintenance of machines on the op network is connected with his laptop and decides to use his cell phone's internet connection to access some stream or surf the web at the same time.

I'd bet a lot of those OT cybersecurity incidents happened even though they believed they were safe as their OT network was segmented off.

Texas judge turns out the lights on federal survey of cryptominers' energy consumption

OhForF' Silver badge

According to the EIA the average US price for energy over all sectors was 12.41 cents per kilowatthour in Dec 2023. The average for industrial power consumers was 7.66 cents/kWh and according to your own research Riot Platforms paid a lot less with 3.5 cents/kWh. So much for the crypto miners argument "as long as we pay for the energy we should be allowed to do what we want with it".

In my opinion there should be a law that limits any rebates for big energy consumers to 25% of the residental consumer price. If you can't compete with that discount it is probably better to let someone else do it or not do it at all.

Uncle Sam tells nosy nations to keep their hands off Americans' personal data

OhForF' Silver badge

Why is it legal to collect this information (in bulk)?

FTFY

Mamas, don't let your babies grow up to be coders, Jensen Huang warns

OhForF' Silver badge

>"The technology divide has been completely closed."<

Dunning Kruger in full effect?

If you don't know how to interpret the code the LLM comes up with how will you spot it when it provides something that is likely according to the training data but still wrong?

Google Maps leads German tourists to week-long survival saga in Australian swamp

OhForF' Silver badge

Shortest route ...

Even with perfect mapping data shortest route setting is doing incredibly stupid things like having you leave the highway and drive alongside it stopping at traffic lights until you re-enter the highway at the next driveway. Technically the routing is correct as it is some 20 metres shorter and the GPS was asked to provide the "shortest route". Activating that setting should come with a warning.

Apple makes it official: No Home Screen web apps in European Union

OhForF' Silver badge

Security and safety guarantee?

If sensitive data is leaked by an app i installed from their store will Apple pay for any resulting damages and a premium for not fulfilling their promises of security or will they simply point to the application developer as the culprit?

If i pay for something in the app store and it turns out to be a scam will Apple reimburse me for the full amount or tell me to take it up with the scammer?

"Trust us, we're keeping you secure and safe by monitoring all the apps in the store" is not a meaningful security guarantee.

HP CEO pay for 2023 = 270,315 printer cartridges

OhForF' Silver badge

Re: AI PC no defined use case

Micros~1 seems to be convinced the use case for AI is user assistance.

Expect Clippy on steroids - as helpful as the original Clippy (in other words: getting in the way of work done) but using enough resources to slow down your PC enough to force you to upgrade to new hardware to keep HP and other manufacturers in business.

US regulators crack down on AI playing doctor in healthcare

OhForF' Silver badge

All insurance is a bet?

>All insurance is a bet. When you buy it, you are betting that the paid premiums will be lower than the possible bill for catastrophic health events.<

I hope and expect to be on the money loosing side of that bet and still pay for health insurance. As long as most of the money i 'loose' on that bet is used to pay for the treatments of those that 'won' their bet that is great.

The problem starts when a big part of the difference of all paid premiums and costs for treatment is used to bolster shareholder's accounts.

OhForF' Silver badge

Re: Crackdown on AI being used to determine eligibility??

Insurance companies don't want you to be sick (enough to need treatment) as that would cost them money. Insurance companies want you to be healthy but scared of not being able to pay the big bills when becoming sick.

If you complain about having to pay the rates even when you are healthy you haven't understood the basic idea behind insurance.

Drowning in code: The ever-growing problem of ever-growing codebases

OhForF' Silver badge
Devil

Re: Thank you Liam

Most modern systems design regarding performance seems to be done with the premise Moore's law will half the time the endless loop needs to finish every year.

Amazon overcharges shoppers with Buy Box algorithm, fresh lawsuit claims

OhForF' Silver badge

Merchant or market place provider?

>They are a merchant, and should be regarded as such.<

Amazon itself insist on being a marked place provider only unless you buy from them directly. The issue is that Amazon is not providing an even play field for all participants in that market but (unsurprisingly) shows a preference for Amazon making the sale.If the market place is big enough to distort the competition regulators have to do something.

In my opinion AMZN should have been forced to split off the market place as an independant company that sells its services using the same rules for Amazon and other merchants in that market place.

Anyone have an idea why the phrase "regulatory capture" keeps popping up in my mind?

FBI: Give us warrantless Section 702 snooping powers – or China wins

OhForF' Silver badge
Devil

When China is allowed to snoop on its own citizens and americans why should the FBI not be allowed to do the same?

Obviously american law enforcement and other snooping agencies are still the good guys (tm) as they only do that to protect us. /s

Raspberry Pi Pico cracks BitLocker in under a minute

OhForF' Silver badge

Re: A brilliant testament to analysis

>failed to encrypt comms between CPU and TPM

>OK, clever clogs, explain to me how this can be done, securely...<

E.g. using an encrypted keystore protected by a passphrase that has to be entered before the decryption process can start. See ohter comments about LUKS.

Having to enter a passphrase for every boot is inconvenient but it provides additional security.

That's not the web you're browsing, Microsoft. That's our data

OhForF' Silver badge

Re: "Hostile Environment"

As other commentards already have pointed out there is not you can do to secure data in the application if you can't trust the OS.

The only meaningful thing to stop the OS from snooping you can do as an application developer or system designer is not asking for any data you do not absolutely need for your use cases - unfortunately even that is not happening all that much.

Techie climbed a mountain only be told not to touch the kit on top

OhForF' Silver badge

Re: A wasted trip

>The gibberish could be telling them "Dangerous heat levels in the PSU" which they have previously seen cause a fire.<

In which case the only sensible instruction would be to do the first half of the power cycle - power it off and do it now.

Microsoft Edge ignores user wishes, slurps tabs from Chrome without permission

OhForF' Silver badge

>I use Edge for the Google apps ... and Chrome for the Microsoft apps<

I believe this is counterproductive when trying to protect your privacy as it potentially allows Micros~1 access to what the Google apps do and vice versa.

X hiring 100 content cops in bid to tame Wild West of online safety

OhForF' Silver badge

Too little too late?

With high profile cases like AI generated nudes of a certain celebrity showing they are unable to filter clearly problematic content in a timely manner X will probably have to face consequences unless they get working counter measures established much sooner then then end of the year.

Wait, security courses aren't a requirement to graduate with a computer science degree?

OhForF' Silver badge

There is a lot of stuff taken into consideration when building bridges but as far as i am aware making bridges safe to use even after active attacks is not part of the normal specification. Most bridges could be made unsafe to use or even brought down pretty fast if an attacker uses readily available tools (e.g. angle grinders applied to the rivets). Fortunately this doesn't have to be in the normal threat model when building a bridge.

Any program (at least if exposed on the internet) nowadays unfortunately has to take active attacks into consideration making that comparision a bit unfair.

If a certified civil engineer had to built a bridge secure against attackers bringing power tools or explosives he'd probably have to fall back to measures like access control as it would be pretty hard to build a bridge that is tamper proof.

CISA boss swatted: 'While my own experience was certainly harrowing, it was unfortunately not unique'

OhForF' Silver badge

Re: Some background

Alert readers may although ask why you try to change the topic of the discussion from swatting Easterly and election officials to the security of voting machines.

Do you think people believing those officials allowed and covered up fraud in the voting process have a good reason to get those officials harmed by swat teams?

IT consultant fined for daring to expose shoddy security

OhForF' Silver badge
FAIL

People who should know better

>I dispair when I read things like people who should know better condemning things like "Google slurping access point addresses". That's what stations do on a wireless network<

A node on a wireless network keeping a list of connected devices and deleting that information when a device is no longer connected to allow the wireless network to work as designed is legitimate interest and fine. Google collecting that information to create a movement profile of my device without my permission is a problem (and illegal in the scope of GDPR).

OhForF' Silver badge

Re: The problem is law is old and tech is new

>An only slightly generous reading of the law says he might have been okay if he'd connected to the database, thus confirming the password worked, and then immediately disconnected without even listing any tables etc.

According to the german heise article the "hacker" was hired by a client of Modern Solution to solve a problem with one of the clients databases being swamped with log entries and when initially connecting to the Modern Solution database thought it was one owned and run by his client. Our "hacker" claims he immediately closed the connection when he figured he saw data belonging to not only his client but all Modern Solution clients.

A more apt analogy is a service that destroys sensitive paper documents for his clients and hands clients a key to unlock a drop off point for documents to go to the shredder.

One client hires a private eye to asses the security procedures and gives the key to the investigator who wants to check his clients drop off room but unlocks and opens the wrong door and discovers documents of a different client. When he reports the key seesm to unlock all clients drop off points should the service provider be able to sue him for industrial espionage?

Australia imposes cyber sanctions on Russian it says ransomwared health insurer

OhForF' Silver badge

Travel ban

My guess is that Australia would be happy to lift the travel ban if Aleksandr is willing to join a jury trial in Australia.

Intel finds a friend in fight against $1.2B EU antitrust fine

OhForF' Silver badge

Fined in 2009 and still fighting?

This case should have been settled one way or the other long ago. More than a decade and the court proceedings are still going on...

The only ones that profit from that kind of justice are lawyers.

Fujitsu gets $1B market cap haircut after TV disaster drama airs

OhForF' Silver badge

Re: If government contracts with Fujitsu

I am not a lawyer but as far as i understand there is no need to add clauses to your contracts to deal with criminal activity. If you can prove the other contracting party did something criminal you can ask for them to pay for any resutling damage. Should be pretty straight forward as far as Fujitsu is concerned.

The case for the PO is probably more complicated as they were vested with special sovereign powers and thus should have special responsibilities as well - which makes this scandal much bigger than your usual commercial fraud cause.

Cloudflare defends firing of staffer for reasons HR could not explain

OhForF' Silver badge

The issue is that she should not have to asume what the target is. Her manager should have told her what the target is. HR should have been able to simply point out she missed the target of closing N sales in those 3 months. Even their CEO said it should not have come as a surprise.

OhForF' Silver badge

Pretty toxic work environment if there is a target you have to reach but you aren't told what it is. The other question is what the manager is paid for if he doesn't know the target either and is not involved in evaluating her performonce. Of course it is although possible that the manager did know and was involved but choose to pretend otherwise and let HR be the "bad guys" but that would bring the toxicity to the next level. All in all not something that makes me keen to work for them.

Study: Thousands of businesses just love handing over your info to Facebook

OhForF' Silver badge

Re: How do you know its the same person?

For most people it will be pretty trivial to use some identifier like the advertising Id on their mobile phone or browser finger printing to figure out that both the email adress for the online shopping and the facebook account is used by the same person. Simply using two different email adresses won't be enough.

OhForF' Silver badge

It's kind of amazing that even Facebook and Alphabet and Amazon that have a lot of data almost never show relevant ads.1

The Central Scrutinizer never asked the second question in your post, he merely pointed out targeted advertising didn't work in his case.

People that do not want to be tracked complaining about the tracking itself and pointing out it doesn't even work as advertised by the ad-slingers seems straight forward to me. Complaining about the targeted ads not working is done in the hope that advertisers check if their ad campaign increased sales and if not stop paying the ad slingers and thus stop funding the tracking. Of course the ad slingers love to give it a "it would work better with more data" spin instead.

1I believe some of the ad slingers have more than enough data to know i am not interested in most of those products they show me ads for but they'd rather take their customers money to show me irrelevant ads than telling those customers "Sorry, there are just not all that many people interested in your product":

Europe benched in high tech 'Champions League' says ASML

OhForF' Silver badge
WTF?

Re: Corruption

You seriously believe corruption is the big issue that stops the EU from playing in the same "high tech champion league" with China and the US?

Trump-era rules reversed on treating gig workers as contractors

OhForF' Silver badge

Less than minimum worker wage for contractors?!

If a contractor is getting less than the minimum wage an employee would have to receive by law something is very wrong.

As a contractor doesn't have the benefits an employee receives he will need to get more money up front than an employee doing the same task. The contractor has to pay for his own insurance/taxes/pension funds and build some rainy day fund for periods when business is slow.

So either that contractor has very poor business skills and should be barred from contracting for his own protection or he was somehow forced into that "contract".

Michael Dell: Don't worry about AGI, after all we solved that ozone layer thing

OhForF' Silver badge

>throw their budget to the wind in favor of taking a chance on productivity gains<

Ignoring spending limits for a chance on any gains doesn't sound like a good business case.

"If we heavily invest in AI now there are big opportunities to automatize things and cut costs and thus get an advantage over the competition"

"What budget would that project need?"

"Too early to tell but we have to be part of that."

"How much do you think we could save?"

"Too early to tell but there is enormous potential. Everybody is doing it - we can't be left behind."

Can you spot the snake oil salesman?

Ransomware payment ban: Wrong idea at the wrong time

OhForF' Silver badge

Re: Wrong

The CEO would not go to jail for a ransom attack hitting the company - only for agreeing to pay a ransom. Nobody said the CEO is going to jail when a ransomware attack is sucessfull unless the CEO was aiding it either on purpose or by being grossly negligent (e.g. not having ensured there are backups or not having any disaster recovery plan).

I am definitely very much opposed to your idea of making inadequate technical skills a crime. As you yourself wrote technical skills of employees must be tested and if they are not up to the minimum skill level for the job after training they can't do that job. If they are still being employed for that job (or no test of skill was done) the problem is not the technically unskilled employee but those that choose them for that particular job. We are back to deciding how for up the company ladder we want consequences to reach, is it the HR bod or the direct supervisor or should the CEO that gets the big bucks for having ultimate responsibility in the company be affected?

If you have a license to drive a forklift and cause an accident you wouldn't go to jail either unless you did it on purpose or were grossly negligent (e.g. drunk) and the damage would probably paid for by some insurance company. If Barbara from accounting doesn't spot a spear fishing mail with an attachment containing a zero day exploit even after having basic email and IT security training that is not (and should not be) a crime either. Firing those that make their first mistake will not result in improved safety or security.

Windows updates can easily be enforced by the admins in a corporate environment and thus is IT's job and not something everyone applying for any job should have to know about how to do that.

Pulling the network plug or even the power supply if you "cock up" is a nice idea and might even mitigate the damage but will usually not happen as infection will most likely not be noticed while working silently in the background. Your advice sounds like your experience with "quite few ransomware cleanups" is running some virus removal tools to get rid of things like the happy99 worm. Unfortunately email attachements are still one of the main sources of infection and even the IT securitry training almost all bigger companies make mandatory doesn't change a thing there.

Windows keyboards to get a Copilot key – but how quickly will users jump?

OhForF' Silver badge
Coffee/keyboard

If i wanted to use something like Cortana or Copilot i'd be able to download and install a program or application (1) - no need to force that on me when i install the OS or an (security?) update to it.

If i want to look at the latest news as aggregated by Micros~1 i am perfectly able to start the browser of my choice and point it to msn news - no need for any app feed in my taskbar.

The worst offence is when they insist on preinstalled apps to show me the local weather - i can get way more current and accurate weather information by looking out the old fashined non computerized window.

Are the decision makers at Micros~1 really stupid enough to believe i am going to pay for a new keyboard just to have a new button to more comfortably start Copilot?

(1)Still haven't figured out the difference between a program and an application.

Windows boss takes on taskbar turmoil, pledges to 'make Start menu great again'

OhForF' Silver badge
FAIL

Re: Honestly

I gave up on the windows search when i seached for a file in a folder using the exact file name as a search term and was told it couldn't find anyhting (i think back with Win7); Windows helpfully suggested to search the WWW for my file ....

Recently i had to work with a locked down virtual desktop with Windows11 and searched for putty which i was assured was available. The search in the start menu didn't show the local executable but a number of links in to the WWW. A co-worker showed me where putty.exe was on the machine, it was working fine.

It is possible that this putty folder was simply copied from some other machine instead of running a proper msi installer but i still consider the search functionality unreliable und not useful if it doesn't find what's on the local machine.

India's long-awaited telecoms bill drops language that would have regulated social media

OhForF' Silver badge

Re: Telecommunication identifier

As the definition for message seems to include radio broadcasts i wonder how they expect radio stations to identify everyone listening in occasionally - unless there is something that exempts them in the definition of "user".

CLIs are simply wizard at character building. Let’s not keep them to ourselves

OhForF' Silver badge

Re: Intuitive GUI? My arse.

I agree that the Windows GUI is not intuitive but neither are the various CLIs and editors in the terminal. I still remember having to suspend and kill the process to get out of vi the first time i started it.

Let's see if anyone hardcode vi fan manages to come up with an explanation why <ESC>:q! is intuitive and straight forward ;)

Page: