'pretend that the suggestion is bad' - do you listen to yourself? If you can't conceive that your suggestion may BE bad, then the problem is almost certainly you. Either in the way you approach things, or that your suggestions ARE bad.
Some hints: You are not the only smart person on the internet. Statistically, you probably aren't any nearer the smartest than I am.
If you've been using a package for a couple of weeks you might have some suggestions. If you act like you can't possibly be wrong, then your attitude alone will make the old timers ignore you.
Perfectionism is the enemy of actually getting shit done. Small improvements that make me re-learn how to do things are a big time suck in the near term. You know, when I have to get shit done. Even if the change is long-term beneficial, the amount of time lost right now is probably not worth it.
Asking questions generally gets a far better response than 'you should change this!' comments. Asking why it's done like X instead of Y indicates a willingness to understand. And frankly in many cases there is (or was) some good reason that things were done a given way. Asking questions can get to the bottom of that, and in some cases make it easy to show that it should be changed (because the original reason is gone).
Code talks, bullshit walks. If it's open source and you don't like how it works, submit a change set. It may still get rejected, but no one will question your willingness to make things better. Just your judgement about what 'better' might mean.
Google will demostrate it is serious about security
Snerk. Sorry, but voice interfaces are a MASSIVE security hole (think tape recorder). There's really no way to completely secure the damn things. You could prevent this attack, but there's lots more where that came from.
As long as Google thinks people want them (and, from the fact that people buy the things, I have to say it looks that way), Google will keep making them. The only way to clean up the mess is to point out the flaws to the point that people don't WANT an always-on voice command system. And the only way that happens is if people find it more annoying than helpful.
So kudos to Burger King for forcibly pointing out that there's a big problem in a way that DOESN'T drain customer's bank accounts.
is there a file anywhere with usernames and passwords? Is that jut mis-understanding and he cracked the hashes, or do these guys actually have everyone's password written down somewhere?
An yea these days, if your shit matters, you need 2FA of some sort.
Also, apparently, you need the guy who checks in the returned laptops to check serial & model numbers...
You have a basic lack of understanding of the purpose of certs. They guarantee that if you try to connect to phishme.com that you indeed are connecting to phishme.com and not being MITMed. It is NOT the purpose of a cert to say that phishme.com is or is not a safe place to go. The onus of that remains upon you regardless of if you use HTTP or HTTPS.
Yea, but have you noticed that the general public has no idea how much of anything actually works, or frankly what most things are actually for? Most people have no real idea what that little lock icon means, so (assuming that someone managed to train them to look for such things at all), they think the lock icon means they are good to go. The slightly more subtle message of 'yea, this website IS who it says it is, but that doesn't mean it's not a criminal' is lost on these people.
So yea, it's a problem, but at this point it's fairly obvious that trying to train the users to pay attention to the things the browser tells them, and teaching them what those things really mean IS NOT WORKING.
I can't fault Let's Encrypt for not wanting to try to police everything, but if they could do a few keyword matches and pay attention to the really blatant stuff, it would probably help.
Given how an EV produces a very clear and noticeable indication of the name of the organisation in the title bar, if someone doesn't "check" it then they should probably disconnect the internet as they are a danger to themselves.
If only. Most of the people who would be helped by such a thing are the sort of folks who would follow the instructions on how to disable their AV software to see the dancing cat video. EV is a nice mechanism, but PEBKAC still rules the day.
This is...quite something. She's still in charge (and collecting a paycheck, presumably). She'll get rid of some of her shares, AND drop being majority stakeholder, so she can get fired by the board, instead of quitting, thus triggering whatever golden parachute she's got. If she's smart she'll sell off the rest of her shares before the whole things winds down.
From the investor's side, I guess it makes sense - if they start suing, the lawyers probably end up with all the money, so just letting it play out might be their best hope for a return.
Sigh. For all the problems it has (and the FDA has many), this kind of nonsense is why it exists in the first place.
Getting mad at Google when you've decided to use their automated tools to place your ads is kinda stupid. Place your ads intentionally instead of automatically and you won't have this problem.
PayPal and eBay shared the same keyfobs for a long time, but sometime about two years ago, PayPal logins stopped working for me and nobody from their side could figure out why. Long story short, the only fix was to turn off the keyfob and use PIN codes sent by SMS.
I am not sure if this really impacts security as PayPal was trivially easy to social engineer and have the keyfob taken off a target account, so having a keyfob on your account really didn't mean that much.
Now eBay is doing the same thing. Oh well.
Interesting - my fob never stopped working. I changed over to using the android app instead of the physical fob (because my old fob looked like it had been through the wash too many times), but I've never had a problem with it.
My guess is that Paypal/Ebay don't actually know enough to debug subtle problems with the system, so you got screwed.
Annoying, and now we all get to be annoyed.
Note that so far my sign-in still works with the app - they haven't actually started forcing people off of the fob yet.
Honestly, the way the article is worded, it sounds like the 'safety doors' were supposed to lock out the other robots, rather than say a breaker being flipped. I'd love to know how those doors are supposed to work, I'd also love to know whether what she was doing was supposed to be done with the robots powered or not (not everything can be done with them powered down).
If I understand correctly, in India it's more or less illegal to have more than one job at a time. So, they have this thing called a 'relieving letter', which your old company gives you on the way out the door. You need this in order to become legally employed at your next company. (My understanding is that this law is intended to make as many people as possible employed by preventing one person from taking up two jobs. I've no idea if it's really working or not, and as in every culture, there's surely lots of under-the-table stuff going on).
So, they can basically prevent you becoming employed.
Yes, this sounds VERY strange to those of us outside of India, And from the little bit of reading I've done, it seems like some less-than-honest employers play games with these letters on a regular basis.
So, it's a totally suck-tastic situation for the employees, and I think that the guys petitioning the government are probably on the best track they can be.
But much more frequently, problems are caused by somebody f**king something up. You shouldn't be looking to cosmic rays until you're pretty sure it's not just stupidity in action.
I think virtue signaling is far more harmful to society than some moron's stupid jokes.
I tend to disagree, because human beings tend to take their ideas of what is OK and what isn't from the things they see around them. If you let small shit go, then it may embolden a moron to up the ante and do something worse. Broken Windows Theory, basically.
As for the doofus in question, there's always a line and if you cross it, you can expect to get spanked. For this one, I think the line is pretty easy to see, and if he's dumb enough to cross it, well, here we are.
I also think his assertion that the 'old media' are afraid of independent content producers - honestly, this dude isn't who the media are afraid of.
Ars Technica DID fix the headline at some point. It no longer implies that Musk said Unions were morally outrageous. The fact that they originally ran with that headline is...not a good thing.
Is there any evidence aside from Moran's statement that he's been with Tesla 4 years? Because if he has, it SERIOUSLY undermines Musk's contention that he's paid by the UAW to organize. I'd like to see Musk's evidence of that assertion, if any way.
Also: IF the UAW did pay someone to go to work somewhere else just to try to get the workers their to unionize, I would consider that a pretty reprehensible thing to do. Such a person is lying about why they are on the job, and are taking a job away from someone else, so no that's not OK.
But presently I don't think there's any evidence that's happened here, and baring actual evidence, I think Musk should probably shut up.
I would encourage the UAW to advertise where these workers are likely to see it, and try to make contact with as many of them as they can. These people could probably use the support of a union, and there's no reason it shouldn't be the UAW.
I thought of a domain that I would really like to have. I first tried to go to it in my browser and got a 404 error.
404 is an actual error code from a web server at the other end. That means someone ALREADY HAD the domain you thought of. Someone who does have working name servers, but whose web server is kinda crap (not surprising for a domain squatter).
Further, in order for Namecheap to have pulled the trick you described, they'd have be your DNS server, which they aren't.
The way to buy a domain name is to NOT try to hit it, ping it, or lookup the whois data first, but rather just go to your favorite registrar and try to buy it.
NOTE:If you want to get some clues about the domain you tried to buy, you can lookup the domain whois data at something like https://www.whois.net/. Among other things in that data set you'll see the creation date, and thus how long they've owned the domain.
Honestly, if there's a stack exchange site (for instance, stackoverflow.com for programming questions) for it, I ask there - the Q&A focused design is far from perfect, but the 'attitude' answers don't last long, and are removed pretty quickly.
It's got other problems of course, but for this particular problem, the Stack Exchange model works pretty well at keeping the stupid and useless answers to a lower level than other sites.
Beyond that, you've got to search out communities that aren't full of jerks and a-holes. Sadly, there's at least one in every crowd, but some communities are better at ejecting bad actors than others.
Visas, then MS should probably be taking this up with the courts as well - several courts have ruled on keeping various holders out already, if the people in question already have visas then I bet MS could get a court to rule in their favor long enough to get their people into the US.
Given the amount of money and time poured into these products, you'd think they'd have done proper EMI susceptibility at some point. It's moderately expensive, but easy enough for LG to afford.
If I owned one of these, I'd have to be pushing for them to take it back - there's bound to be other devices that trigger the problem than routers.
>Furthermore, the group that has hijacked the most MongoDB and ElasticSearch servers is also selling the scripts it used for the attacks.
Well yea, they've extracted much of the money they are going to get from the victims (people are fixing things, or failing to pay because they've been hacked 6 times in a row and have no idea how to get their data.)
>But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."
I was wondering when we'd start to see this kind of activity. I suspect we'll eventually start to see this with the IoT devices - someone will hack the botnet code to brick (perhaps temporarily, perhaps permanently) devices that are infectable, so as to reduce the havoc those devices are causing. Morally I can't justify breaking other people's stuff just because they are a pain in my ass, but clearly there's someone out there who doesn't share my values.
That I happen to dislike LG's gear anyway - there's NO freaking way that I'm letting my fridge onto my network. I have ENOUGH trouble keeping everything running at home and at work as it is - I don't need more stuff making noise on my networks.
I think their only hope is to actually make the minilab tech work, then sell the technology to some big medical player who can go through the required testing without the Theranos people being at all involved.
I suspect that what they'll ACTUALLY do is screw around, run out of money and close the doors. It'll be interesting to see if anyone actually buys their IP - even at fire sale prices, it's somewhat tainted if you want to actually produce a product. I can't imaging anyone who does anything based on this tech (or hires any of their people) isn't going to get a little extra scrutiny from the FDA.
Slashdot Mirror
'pretend that the suggestion is bad' - do you listen to yourself? If you can't conceive that your suggestion may BE bad, then the problem is almost certainly you. Either in the way you approach things, or that your suggestions ARE bad.
Some hints:
You are not the only smart person on the internet. Statistically, you probably aren't any nearer the smartest than I am.
If you've been using a package for a couple of weeks you might have some suggestions. If you act like you can't possibly be wrong, then your attitude alone will make the old timers ignore you.
Perfectionism is the enemy of actually getting shit done. Small improvements that make me re-learn how to do things are a big time suck in the near term. You know, when I have to get shit done. Even if the change is long-term beneficial, the amount of time lost right now is probably not worth it.
Asking questions generally gets a far better response than 'you should change this!' comments. Asking why it's done like X instead of Y indicates a willingness to understand. And frankly in many cases there is (or was) some good reason that things were done a given way. Asking questions can get to the bottom of that, and in some cases make it easy to show that it should be changed (because the original reason is gone).
Code talks, bullshit walks. If it's open source and you don't like how it works, submit a change set. It may still get rejected, but no one will question your willingness to make things better. Just your judgement about what 'better' might mean.
I'm upgrading soon from an S5 - I wonder if I should get a 7 while I still can and then wait to see what they do next instead of getting the 8.
Google will demostrate it is serious about security
Snerk. Sorry, but voice interfaces are a MASSIVE security hole (think tape recorder). There's really no way to completely secure the damn things. You could prevent this attack, but there's lots more where that came from.
As long as Google thinks people want them (and, from the fact that people buy the things, I have to say it looks that way), Google will keep making them. The only way to clean up the mess is to point out the flaws to the point that people don't WANT an always-on voice command system. And the only way that happens is if people find it more annoying than helpful.
So kudos to Burger King for forcibly pointing out that there's a big problem in a way that DOESN'T drain customer's bank accounts.
is there a file anywhere with usernames and passwords? Is that jut mis-understanding and he cracked the hashes, or do these guys actually have everyone's password written down somewhere?
An yea these days, if your shit matters, you need 2FA of some sort.
Also, apparently, you need the guy who checks in the returned laptops to check serial & model numbers...
Can we please just go back to making sure the BIOS is right BEFORE shipping the motherboard and putting it in ROM? That would really help, thanks!
Or at least put a 'write protect' jumper on there? The people who will actually update their BIOS can find a jumper...
You have a basic lack of understanding of the purpose of certs. They guarantee that if you try to connect to phishme.com that you indeed are connecting to phishme.com and not being MITMed. It is NOT the purpose of a cert to say that phishme.com is or is not a safe place to go. The onus of that remains upon you regardless of if you use HTTP or HTTPS.
Yea, but have you noticed that the general public has no idea how much of anything actually works, or frankly what most things are actually for? Most people have no real idea what that little lock icon means, so (assuming that someone managed to train them to look for such things at all), they think the lock icon means they are good to go. The slightly more subtle message of 'yea, this website IS who it says it is, but that doesn't mean it's not a criminal' is lost on these people.
So yea, it's a problem, but at this point it's fairly obvious that trying to train the users to pay attention to the things the browser tells them, and teaching them what those things really mean IS NOT WORKING.
I can't fault Let's Encrypt for not wanting to try to police everything, but if they could do a few keyword matches and pay attention to the really blatant stuff, it would probably help.
and very few people would check EV
Given how an EV produces a very clear and noticeable indication of the name of the organisation in the title bar, if someone doesn't "check" it then they should probably disconnect the internet as they are a danger to themselves.
If only. Most of the people who would be helped by such a thing are the sort of folks who would follow the instructions on how to disable their AV software to see the dancing cat video. EV is a nice mechanism, but PEBKAC still rules the day.
This is...quite something. She's still in charge (and collecting a paycheck, presumably). She'll get rid of some of her shares, AND drop being majority stakeholder, so she can get fired by the board, instead of quitting, thus triggering whatever golden parachute she's got. If she's smart she'll sell off the rest of her shares before the whole things winds down.
From the investor's side, I guess it makes sense - if they start suing, the lawyers probably end up with all the money, so just letting it play out might be their best hope for a return.
Sigh. For all the problems it has (and the FDA has many), this kind of nonsense is why it exists in the first place.
I mean, if you've got full surveillance of the workplace, then a camera can be looking at you keyboard as you type the password.
So what do you do instead of passwords? Biometrics? Some kind of plug-in token? Does Comcast get the business for your conversion of that too?
Or are the employees supposed to hunch over and shield the keyboard with their bodies when typing in passwords?
Who's taking bets on how long before some company is seriously compromised by this?
Getting mad at Google when you've decided to use their automated tools to place your ads is kinda stupid. Place your ads intentionally instead of automatically and you won't have this problem.
PayPal and eBay shared the same keyfobs for a long time, but sometime about two years ago, PayPal logins stopped working for me and nobody from their side could figure out why. Long story short, the only fix was to turn off the keyfob and use PIN codes sent by SMS.
I am not sure if this really impacts security as PayPal was trivially easy to social engineer and have the keyfob taken off a target account, so having a keyfob on your account really didn't mean that much.
Now eBay is doing the same thing. Oh well.
Interesting - my fob never stopped working. I changed over to using the android app instead of the physical fob (because my old fob looked like it had been through the wash too many times), but I've never had a problem with it.
My guess is that Paypal/Ebay don't actually know enough to debug subtle problems with the system, so you got screwed.
Annoying, and now we all get to be annoyed.
Note that so far my sign-in still works with the app - they haven't actually started forcing people off of the fob yet.
Honestly, the way the article is worded, it sounds like the 'safety doors' were supposed to lock out the other robots, rather than say a breaker being flipped. I'd love to know how those doors are supposed to work, I'd also love to know whether what she was doing was supposed to be done with the robots powered or not (not everything can be done with them powered down).
If I understand correctly, in India it's more or less illegal to have more than one job at a time. So, they have this thing called a 'relieving letter', which your old company gives you on the way out the door. You need this in order to become legally employed at your next company. (My understanding is that this law is intended to make as many people as possible employed by preventing one person from taking up two jobs. I've no idea if it's really working or not, and as in every culture, there's surely lots of under-the-table stuff going on).
So, they can basically prevent you becoming employed.
Yes, this sounds VERY strange to those of us outside of India, And from the little bit of reading I've done, it seems like some less-than-honest employers play games with these letters on a regular basis.
So, it's a totally suck-tastic situation for the employees, and I think that the guys petitioning the government are probably on the best track they can be.
But much more frequently, problems are caused by somebody f**king something up. You shouldn't be looking to cosmic rays until you're pretty sure it's not just stupidity in action.
Well, once you've got it, I suspect getting away from it is HARD.
And they sell it to the C-suite, not the people who will have to run it or use it.
Silly human: You expect their executives to think about the long term? Those guys are in it for the bonus this year.
I think virtue signaling is far more harmful to society than some moron's stupid jokes.
I tend to disagree, because human beings tend to take their ideas of what is OK and what isn't from the things they see around them. If you let small shit go, then it may embolden a moron to up the ante and do something worse. Broken Windows Theory, basically.
As for the doofus in question, there's always a line and if you cross it, you can expect to get spanked. For this one, I think the line is pretty easy to see, and if he's dumb enough to cross it, well, here we are.
I also think his assertion that the 'old media' are afraid of independent content producers - honestly, this dude isn't who the media are afraid of.
Ars Technica DID fix the headline at some point. It no longer implies that Musk said Unions were morally outrageous. The fact that they originally ran with that headline is...not a good thing.
Is there any evidence aside from Moran's statement that he's been with Tesla 4 years? Because if he has, it SERIOUSLY undermines Musk's contention that he's paid by the UAW to organize. I'd like to see Musk's evidence of that assertion, if any way.
Also: IF the UAW did pay someone to go to work somewhere else just to try to get the workers their to unionize, I would consider that a pretty reprehensible thing to do. Such a person is lying about why they are on the job, and are taking a job away from someone else, so no that's not OK.
But presently I don't think there's any evidence that's happened here, and baring actual evidence, I think Musk should probably shut up.
I would encourage the UAW to advertise where these workers are likely to see it, and try to make contact with as many of them as they can. These people could probably use the support of a union, and there's no reason it shouldn't be the UAW.
I thought of a domain that I would really like to have. I first tried to go to it in my browser and got a 404 error.
404 is an actual error code from a web server at the other end. That means someone ALREADY HAD the domain you thought of. Someone who does have working name servers, but whose web server is kinda crap (not surprising for a domain squatter).
Further, in order for Namecheap to have pulled the trick you described, they'd have be your DNS server, which they aren't.
The way to buy a domain name is to NOT try to hit it, ping it, or lookup the whois data first, but rather just go to your favorite registrar and try to buy it.
NOTE:If you want to get some clues about the domain you tried to buy, you can lookup the domain whois data at something like https://www.whois.net/. Among other things in that data set you'll see the creation date, and thus how long they've owned the domain.
Honestly, if there's a stack exchange site (for instance, stackoverflow.com for programming questions) for it, I ask there - the Q&A focused design is far from perfect, but the 'attitude' answers don't last long, and are removed pretty quickly.
It's got other problems of course, but for this particular problem, the Stack Exchange model works pretty well at keeping the stupid and useless answers to a lower level than other sites.
Beyond that, you've got to search out communities that aren't full of jerks and a-holes. Sadly, there's at least one in every crowd, but some communities are better at ejecting bad actors than others.
Visas, then MS should probably be taking this up with the courts as well - several courts have ruled on keeping various holders out already, if the people in question already have visas then I bet MS could get a court to rule in their favor long enough to get their people into the US.
Given the amount of money and time poured into these products, you'd think they'd have done proper EMI susceptibility at some point. It's moderately expensive, but easy enough for LG to afford.
If I owned one of these, I'd have to be pushing for them to take it back - there's bound to be other devices that trigger the problem than routers.
>Furthermore, the group that has hijacked the most MongoDB and ElasticSearch servers is also selling the scripts it used for the attacks.
Well yea, they've extracted much of the money they are going to get from the victims (people are fixing things, or failing to pay because they've been hacked 6 times in a row and have no idea how to get their data.)
>But the researchers also identified 124 Hadoop servers where the attacker simply replaced all the tables with a data entry named NODATA4U_SECUREYOURSHIT. "What's strange about these attacks is that the threat actor isn't asking for a ransom demand," reports Bleeping Computer. "Instead, he's just deleting data from Hadoop servers that have left their web-based admin panel open to remote connections on the Internet."
I was wondering when we'd start to see this kind of activity. I suspect we'll eventually start to see this with the IoT devices - someone will hack the botnet code to brick (perhaps temporarily, perhaps permanently) devices that are infectable, so as to reduce the havoc those devices are causing. Morally I can't justify breaking other people's stuff just because they are a pain in my ass, but clearly there's someone out there who doesn't share my values.
That I happen to dislike LG's gear anyway - there's NO freaking way that I'm letting my fridge onto my network. I have ENOUGH trouble keeping everything running at home and at work as it is - I don't need more stuff making noise on my networks.
I think their only hope is to actually make the minilab tech work, then sell the technology to some big medical player who can go through the required testing without the Theranos people being at all involved.
I suspect that what they'll ACTUALLY do is screw around, run out of money and close the doors. It'll be interesting to see if anyone actually buys their IP - even at fire sale prices, it's somewhat tainted if you want to actually produce a product. I can't imaging anyone who does anything based on this tech (or hires any of their people) isn't going to get a little extra scrutiny from the FDA.