"Now you understand, so you have no excuse in the future, you sniveling fucking moron."
Stop projecting. Sad!
"CNN "journalists" like Anderson Cooper describe themselves as unbiased newsmen reporting facts, when they are unapologetically regurgitating DNC taking points and injecting personal bias."
Same as Fox.
CNN isn't better than Fox. But as bad as both are, NEITHER is simply a propaganda front like these websites are.
"The people you listed describe themselves as opinion commentators."
"There is absolutely nothing unethical about what they do."
They deliberately and knowingly lie and spread misinformation. Is that ethical?
Now CNN's full of opinion peddlers too who are equally out to lunch. Fox used to be way worse than anything on the left, but I honestly can't say that anymore. Its just as bad now. But lets not pretend the GOP is just catching up. It's the other way round.
Sure an actual news organization with a politcal bias is the same thing as a pretend news organization owned and operated by a political party for the sole purpose of influencing elections in its favor.
"So Stop bitching just cause Republicans are finally getting around to giving dems a taste of their own 30 years later."
"If you want me to integrate windows 3.11 with a trumpet winsock as your public facing mission critical whatever... You're not going to be a client."
Sure that's fair. You can easily afford to walk away from those potential clients. But can you really afford to walk away from everyone who uses office 365? And not just from clients, but also vendors, subcontractors, and other 3rd parties?
Ive got a few blockers, but one key area where linux falls flat in professional use:
skype for business meetings, microsoft teams meetings, ring central conference calls, teamviewer meetings, onedrive for business, and sharepoint document collaboration stuff.
Linux is very much a 2nd class citizen or excluded outright. Yes, some options support linux, and for office365 you've got the web-apps which do _some_ of the stuff, but it's limited and slower.
You can't dictate what your clients, and partner organizations use and its unprofessional and unacceptable to be "difficult" to meet with people, to only be able to join from a smart phone when training and presentations are being made etc. (And using your phone to get around limitations in linux still requires acknowledging that those are limitations with linux that you had to introduce a 2nd platform in order work around them.)
"Are there other tools than whois that give this information? I would like to try them."
Just google ip geolocation to start.
I tried mine, and a couple got within 30 feet. Most of the rest got at least the right city.
You then take that, and whatever you can clean from the xbox profile/steam profile, things the person has posted, comments they've made/etc, the sound of their voice over chat, and anything else you got while gaming...maybe they dropped part of their real name over chat... so 'raven1982' is named stu, probably born in 82, maybe you groomed him a bit first -- got him to mention what he did for work, or he bragged about something his school maybe or his army service or that he has a new muscle car... whatever, geolocation gives you a pretty good idea where he lives... then you hit hit facebook and linkedin and all that stuff looking for anything that links.
It won't out everyone. But will out a lot more people than you might think without much effort.
Send out a few probes... try a few numbers from your best guesses... maybe you hear a voicemail message and can tell its the same guy from the game. So now your 'best guess' becomes 'got him'...
Or maybe he just did a whois saw who your ISP was, and called a booty call he knows that works there in support to do a lookup... one and done.
"Oh, please. An average "smart" TV is dumber than a 4 year old Roku."
Extrapolate to a future where its got a 5g radio, and it'll have at least a mediocre mobile SoC like you'd see in an android or iphone, a couple GB ram, and enough SSD. You can already get android tvs.
"Even IF (big IF) future "smart" TVs include "free" 5G data service for some purpose"
You can already get lots of devices that include cellular data at no extra charge. Where 'lifetime data' has been prepaid in an arrangement with carriers; yes on the anticipation that *lifetime* data is going to be a couple GB or something. I've seen cellular timecard punch clocks for example. Company i worked with bought one not even realizing it; they were floored when it just worked and connected up without even being joined to the wifi.
"you can bet your ASS it's only going to be "free" to use for accessing the services of specific partner companies."
Sure. If you are using it properly for its intended purpose you'd be right. Once its been pwned all bets are off on what it can or can't do.
" and I probably won't BOTHER with the TV's "smart" functionality anyway, "
Who cares what you were bothering to do? Once its pwned it'll overheat and crash, and run out memory and crash, and run out of storage and crash... all while you are trying to use it as a dumb monitor.
"Camera? Meet electrical tape."
Really? I thought only people with tin foil hats wandered around taping up their appliances.
"20 million people inadvertently serving child porn via hacked smart TVs is a statistic"
I'm not suggesting you'll be legally liable. Just that you are contributing to the problem by running an insecure pwned piece of crap.
Grandma with her virus laden PC she only uses to look at cat pictures isn't really at risk of identity theft herself... she ONLY looks at cat pictures, so the viruses really don't pose her much of a threat... but she's still contributing yet another unit to the botnet knocking services out in DDOS,,sending spam, and so forth. Now her TV is another one. Just because its not draining her bank account doesn't make it ok.
" And worry MORE about the half-dozen OTHER cameras strewn around the house"
What other cameras? What other mics? my phone? lieing flat on a desk in the office on a charger. my laptop... sleeping. both are under support. both are updated constantly. the tv is upright in the living room facing into the room 24x7 and its never truly off.
and it hasn't gotten an update since i got it. But i do what you say. one hdmi cable up from my amp. a roku, pc, nintendo switch, connected to the amp. its not on wifi, its not on ethernet.
But it doesn't have a cellular connection; so its not really at risk. but cellular is coming. You sayd "big IF" but i say inevitable. the cost is dropping like a stone, and its soooo much easier to get it so that 'it just works' if you don't have to get the consumer to get it on to their wifi. no more support calls when the consumer gets a new wifiap and their tv stops working... etc etc. the manufacturers want this. badly.
"Worst-case, your 7 year old smart TV someday connects to a 5G network without your permission, gets bricked by hackers"
Worst case? You lack imagination friend.
Worst case hackers grab it via shodan etc; and turn it into a cryptocoin miner, so it cranks at full cpu usage 24x7 on you, while they allocate the rest of the available flash storage on it (since it needs to be able to download new apps and app updates) to serve child porn, while using the built in camera and mic (it came with skype video calls as it one of its apps...); to stream your living room out to creeps and wierdos...
Some of those TVs will belong to attractive women. Some to people with young kids. Some will be in bedrooms..... they tie the feed up to rudimentary AI to peek in now and again and flag interesting TVs / interesting content (for whatever value of interesting you care to apply.)
Then when someone sends your daughter a link to her live cam performance... you'll eventually join a class action lawsuit and collect a $45.08 settlement another decade after that.
Meanwhile your new TV is just as bad.
Really the smart TVs are *already* that bad; but they're safely behind quality consumer NAT routers from linksys and netgear... that are 7 years old with documented unpatched exploits.
"And, what? You think they won't have a HDMI port? "
You are Missing the point.
If it has a 5g radio built in, with its cellular network access cost worked out as some combination of an advertising deal with facebook, a bulk volume bandwidth pre-purchase from your local ISP. Then YOU won't need to hook it up to the internet, because when you turn it on out of the box, it already has an internet connection, ready to send all the telemetry while downloading software updates and advertising from the word go.
It doesn't need to be on your network, so it doesn't need to go through your firewall.
What possible security or control do you hope to gain from it having an hdmi port?
Maybe, if you are lucky, there will an option in settings to turn it off, and maybe if your are lucky they will honor that setting. Otherwise, unless you live in a concrete subbasement basement, a faraday cage, or the artic circle... your TV will be online.
Before we do even that -- consider that you are doing this development for a largely unresponsive and non-subscription userbase. (Home users / SMB users with no IT / etc)
You really just want one code base to maintain at the best of times; but in this case, you REALLY don't want to deal with a multitude of patch levels, and patch configurations.
New PATCH X for home users. Does it work if they are otherwise up to date? Yes. Done. That's all they want to deal with.
Does it break if they have only previous installed critical updates since 2011? Does it work if they have only installed feature updates to January 2017, and non-critical updates to May 2018? What about April 2018? Are category 3 feature updates non-cumulative? Can they skip feature updates? Do we need to write a version of the fix for users who didn't install Feature XYZ yet? For users who installed XYZ but didn't apply the non-critical fix for XYZ...
Do we need test all that? Do we need to support all that? That's an immense amount of extra thankless and mostly unpaid work.
Why not just make home users run the latest version; and cull the number of supported configurations down and focus nearly all our testing on that one patch level. There's a reason even pro users can basically just opt into a slightly slower update 'channel' now -- its all about reducing the number of possible patch configurations out there to the least that they can get away with.
"Windows should give a decent warning about skipping critical security patches, but ultimately it should be up to the user."
It's a bit like anti-vaxxers. If enough users turn off the updates, or just keep ignoring them, the health of the herd gets pretty vulnerable. And this is exactly what happened over and over again with windows over the last 20 years.
It's what's happening again now all over with IoT garbage, even if updates are available... unless they are forced almost nobody does them.
"Most home users shut down while at work or out."
True in the 90s. It's just not true anymore. These days some people might push a power button out of habit... but it just sleeps the unit. It's not a shutdown anymore. And most people just walk away and it goes to sleep by itself. Honestly, the number of users who DO NOT EVEN KNOW HOW to actually shutdown their computer is staggering.
" If a few days do go by without a restart, another reminder can pop-up. (I'm assuming Home Edition here."
Which will be ignored and dismissed, just like all the other popups. Seriously, if they can dismiss the 'your antivirus is expired' 365 days a year without once thinking maybe they should renewing or uninstall it if they don't want it. And then dismiss the 'printer communication error' popup for a printer they don't own anymore... they'll have no problem hitting 'later' on the updates reminder. They want to check facebook NOW.
"Also, Windows tends to get funky if you go a few weeks without a restart.)"
You don't HAVE to reboot, and do updates... but nothings going to work until you. Seens like you are back to forcing reboots.
"Remind me later" or "ask me tomorrow" -- can, and will be pushed infinitely. Install upon shutdown / startup -- only updates in the event of a power failure.
This was tried for 15 years from 2k through Win8.
Then you get some exploit that goes wild that was patched 3 months ago and 100 million fuckwits get infected because they refuse to ever do updates when prompted, and refuse to plan to ever do them.
The obnoxious overreach by microsoft here was to address this intractable problem -- regular users won't do critical updates because they're busy / lazy / don't care. And there's millions of them so MS decided listening to them scream about reboots was less bad than the damage done by exploits that were fixed months or even years ago spreading through millions of poorly managed PCs.
A better solution would be updates that don't need reboots. Or that could at least work with a hibernate restore mechanism... but in the absence of that... given the two choices; they went with forced updates are better than millions of people refused to manage their own updates properly. Arguably they made the right choice... as much as it drives me nuts personally.
It's not so much that only one person knows how to do it, its just that its not as rigid and simple as everyone assumes it is. A new hire can be trained on the basics in a day or two, and when exceptions come in they can just ask; the accountants all know or can deduce what to do with them on the fly. Or they can look how it was handled in the past to jog their memory.
Worst of all the specs are often constantly shifting. New customers and contracts are taken on and special handling is needed for them. The human data entry person can be advised pretty easily; for the next 2 weeks any jobs for this account for this description need to be discounted 50%, and the other half entered as a co-pay from marketings budget as a separate transaction with this memo attached... or whatever. And then 2 weeks later some other special handling is needed for something else. Then a new transaction coding is added. A new vendor comes online and formats their data just a bit differently.
The problem is that you can't tackle this problem by just attempting to automate the data entry persons job because that is doomed to fail. You need a broader vision -- you need to define and publish the data specs, and get your producers to adhere to the spec FIRST.
Then you can build automation to process it.
And if you defined a robust enough spec and implemented it, it will all just work. If you didn't then the minute something unusual is needed it grinds to a halt.
The problem is that you are still screwed. A simple spec isn't going to catch the edge cases and a robust enough spec is a big project; so its better to use an existing standard.
And you're going to soak a million bucks implementing it. And your smaller vendors are going to dump you if you demand they adhere to it if they don't already support it. So the solution there is to get 3rd party intermediaries translating their CSV and excel dumps to PIDX, to bring it into your system... and you've got an ongoing maintenance contract with PIDX experts to keep things humming.
And it all makes sense, and saves you money, and improves your efficiency if you were big enough; but in a lot of smaller cases it's better to just suck it up and pay someone to do the work manually.
One person spends a good day a week doing data entry into one system of data we already have in another system. Then they spend another half day dealing with the data entry errors causing problems down the line.
LMAO. You are so right.
On the other hand, it's not so simple a problem to solve; i've seen it tried. Sure it sounds like its a few lines of script... but inevitably there's a bunch of domain knowledge and data transformations being applied; and you end up 100k into developer time and it's still not quite right because the process was poorly documented, the consultants are money grubbing assholes, and the people with the information to fix it are the ones being fired so they're not exactly happy to help assuming they stuck around. Then it turns out you need a data feed from yet another system...
And the whole thing needs a highly technically skilled babysitter now to watch the logs and fix the problems in the automated process. He only needs 30 minutes a day instead of 1.5 days to do the data shunt, but he costs 10x as much; so the return on investment is taking a lot longer, especially after you factor the initial dev cost.
And then one morning the data format from one of the feeds changes without announcement from the producer (at the very least another department you don't have any control over... or often a customer, vendor, other 3rd party; and the whole thing implodes... and the consultants are billing doubletime to try and fix it.:p
That 'chrome mesh filter' probably looks like just the grease filter for a ducted system, but is probably actually a charcoal filter that should be replaced regularly.
Most are good for 3-6 months depending on what and how much you cook.
e.g. you probably have (need) something like this for your particular brand/model of course:
"It should also be noted that when you're blowing are out of the house at 400 CFM, that means 400 CFM worth of air is also being sucked into the house at some point. See "makeup air", and if you're not careful you can do things like back draft furnaces and water heaters."
That's correct. Open a window a bit in the kitchen; and that pretty much resolves any issues if the HVAC wasn't built to handle it.
Note that the 400 CFM fan isn't going to actually move 400CFM here; as a lot of those ratings assume an ideal 7+ inch diameter round duct going 6 feet straight up out the roof with a cap that doesn't impede flow... so in reality land, with far less than ideal ductwork that's far narrower, far longer, and with multiple turns, you get a 400CFM unit, and it actually moves half that.
"And natural gas (methane) only combusts into CO2 and H2O (water vapor) unless you introduce other reactants or starve it of oxygen."
Pretty much exactly right.:)
CO and NO2 are also produced as well as fine particles primarily from the burners volatizing dust. Surprisingly the levels can easily hit levels that would be illegal.
Ideally you should turn the fan on before you light the stove (or turn it on with electrics); its worst at the start as any dust, food residue, soap residue from cleaning etc on the burners gets burnt off. ie -- "Introducing other reactants"
Good point. A lot of range hoods are recirculating; and many models can be configured to use either ductwork or to recirculate.
If they recirculate they go through charcoal filters that should be replaced regularly. As you can imagine, many people with recirculating systems never replace the filters.
It's actually pretty well documented that the air quality from cooking can get to surprisingly bad levels quickly.
The range hoods in a lot of kitches are often only minimally up to code, too far from the cooking surface, and dirty, attached to ductwork that is too long with too many corners to deliver anything close to the rated air movement. And many homeowners don't think to even turn them on unless the cooking is active smoking.
An decent spec range hood, installed correctly, that is clean and not hobbled by inadequate ductwork is all you need. But it is shocking how rare this is.
As it happens, my current place, had been upgraded to a nice gas stove with no real thought to the range hood. The range hood is a cheap builders 280 CFM unit with around 25 feet of 5" diameter horizontal pipe with at least 3 90 degree turns. It also leaks air where it connects to the duct; so a good fraction of the air it sucks in is just blowing back into the kitchen
The range hood should be at least 400CFM for the gas stove that's installed. But due to the duct work, will need to be even higher. And it should be turned on to at least low even when just boiling water for tea.
If we roasted a turkey and let some fat drop; and have current fan on max, all the windows and doors open, the bathroom fans going, and all the ceiling fans going... we'd still set off the smoke detector.
We're in the process of getting it replaced.
Here's a couple article from 2013... this is not "new".
Exactly. Satellites -- which are basically just radios and cameras slowly falling back to earth. We hardly need a whole new uniformed and separately chartered division of the armed forces to manage that.
It's got less going on then the internet based electronic warfare "cyber warfare" (and we don't need a separately chartered cyber force either).
So lets rename the coast guard "Coast Force" the Navy, "Water Force", and the Army "Ground Force" right?
A couple hundred years of both Science and Science Fiction from NASA to Star Wars to Star Trek to Asimov's Foundation to Warhammer 40k to Clarke's Rendezvous with Rama to Jules Verne's From Earth to the Moon to 1970s Space lego, and Flash Gordon and Buck Rogers comic strips -- we've pretty solidly settled on space craft and space travel being like to ships, not planes.
A naval equivalent or metaphor would be much more natural sounding.
"When military airplanes became a mature part of warfare, it was time to split off the Army Air Core and make a new uniformed service. These days, the Air Force has a mature group within it that launches and uses spy satellites (and other secret missions). It's enough of a disjoint specialty that a new uniformed service makes sense."
Strongly disagree. There is no mature manned presence, no weapons to speak of, no unique and complex theatre, no combat personnel. Its a logistics and support team. Sure its quite specialized. But so is literally everything else.
Nobody suggested a police state where everything _must_ be thoroughly inspected. I only argued that it should be inspect-able.
I also don't claim it would be perfect, nor that every defect would always be caught in advance.
Most software is shit. Like unbelievably bad shit. If it were the wiring in your home, it wouldn't pass an inspection. Junction boxes missing, connections held together with electrical tape inside the walls, overloaded circuits...
Nobody would accept "as long as there is a regulation that makes prosecution and penalties possible" as good enough. People want inspections.
And you are wrong also about how onerous it needs to be; sure subtle bugs WILL get through and even blatant bugs, or the code might be written by genius hackers with clever 'underhanded C contest' type constructions. But i don't think you realize how poor quality a lot of code is. Server code without any authorization checks. I've seen that delivered by paid professional developers; and authorization was even called out in the spec as a requirement. No concurrency checking on updates... passwords stored in plaintext... tons of horrifically obvious bugs that wouldn't even pass a static analysis tool or that would even get caught by a linter...
Why? Because there is no accountability at all. No inspections at all. Not even spot checking or random audits.
A medical device lab I work with gets periodically audited by the FDA for example, and self-audits with 3rd parties annually to find issues before the FDA does. The auditors don't have knowledge of every detail of the product and production process. If the lab were deliberately sneaking little defects into the devices to kill people, the audit would never catch that. But it does catch stuff like a bad process where completed units and returned units aren't being properly isolated from eachother. And they do inspect log books, that tools are being calibrated on schedule, verify that complaints are being investigated, etc. Sure it could all be faked, but the reality is that for the most part everyone is acting in good faith and the inspection process takes an already good system and makes it better. But without any inspection then its very easy to get into bad habits, and to slide into bad process, and create easily avoidable problems.
Software is the same way. Do the unit tests work? Were unit tests even written? Did a second person review the code? Is that part of the process or is it just blind luck if it happens? Is it documented and planned? Did it pass a static analysis tool?... did anyone even run one? Are defects being logged and tracked? Is anyone anywhere involved with the project penetration testing or security? Is there any integration testing being done? Is there any control over the development environment?
Or is it... if it builds, then it ships?
I recently took over a project where that's what it was. There was NO control, no unit tests, a linter had been specified, but no-one was using it so if you turned it on it was just walls of red warnings. It was a multi-piece project client/server/middleware; and the previous developers working on it were basically cargo-culting their developer environments; they couldn't get it running under a debugger so that they could set breakpoints. So they were reduced to adding print statements to trace bugs. The build process reported tons of outdated packages with critical vulnerabilities. The server didn't properly authorize requests. The concurrency checking on database updates was done wrong. It didn't have a log. It didn't catch exceptions. It crashed and corrupted data all over the place. They were deploying the debug build to production because they didn't know how to build it so they were basically just recreating there dev environment on the production server and crossing their fingers; it took 2 days to stage a new build -- and they wanted $100s of thousands for their work.
"You are free to rip out the upholstery of a car just like you can put a firmware in a hex editor or disassembler."
No. While I AM free to rip out the upholstery of a car. I am NOT EVEN necessarily free to even put firmware into a hex editor or disassembler. Between licensing, DRM, and the DMCA I may be both legally and technically prevented from doing this.
There is a big difference between that and the company simply not going out of their way to make it easy for me.
" VW cheated and paid a hefty fine and people were put behind bars (or in house arrest). That's how regulation works."
Regulation didn't work. And the cheating would have been found out a lot sooner with access to the source. Sure they *eventually* got busted for not following them, but the harm was already done. A regulation that says 'no lead paint in toys' is worthless if nobody is able to effectively check the toys for lead paint.
I am not anti-regulation, I agree with you that regulations give the government the teeth it needs. But you need *both*. If I want to build a bridge, you can pass all the regulations you like, but i still have to provide the blueprints and the whole project is subject to inspections and audits from before you break ground until the day its torn down.
Regulation is only HALF the solution. Being able to inspect and audit the source is the other HALF.
"BTW go ahead and tell me how you are going to prove in court that the developers didn't work using the source code that was made available."
Subpoena the developers and ask them under oath. Inspect their source code repositories and development systems under warrant. Again, you are demanding some artificial requirement that I be able to 'prove' it from simply inspecting the source code itself; why?
" Enough with the fetishization of source code. "
Who is "fetishizing" it?
"Software needs to be delivered in a way that works and respects the customer out of the box."
How to you plan to enforce that without being able to inspect it?
" When you buy a car you don't rip the upholstery to see if there are any hidden microphones underneath"
But I am allowed to, and if i wanted to the manufacturer wouldn't try to stop me, and generally provides and so far to my knowledge the makers of cars have never been caught hiding mics in the upholstery.
"You also don't demand to examine the ECU software for any code designed to kill you on purpose while driving."
But you should be able to. 'Dieselgate' for the win right? software designed specifically to defeat pollution regulations so vehicles could get away with polluting more... maybe not designed to kill you personally, but leading to poorer air quality than there should have been which kills people daily.
"You trust there is regulation against this."
And even with the regulations actually being there, that trust was misplaced. I'm not sure you chose a very good example.
"To prove to you I am right, let me ask a question"
Wait, how on earth does that 'prove' you are right?
"I mean something that can be used in court against a vendor providing obfuscated (and unexaminable) GPL source code?"
I'm going to go out on a limb here and suggest that if's not the, you know "source" code the original developers actually work with then its not the source code. A simple litmus test of code inspection for X isn't necessary. The courts have the power to subpoena witnesses, and the necessary evidence.
And what pray tell is the significance of 'ATILA' ?
Everything is something spelled backwards. Did anyone notice that captquark is krauqtpac spelled backwards! I mean its true... but so what?
ALITA is also a near homophone for 'a liter', and if you take the i out it's ALTA which is sometimes an abbreviation for Alberta; and you can also rearrange the letters to "A TAIL" or "A LIT A" what's a lit "A" i wonder?:p
Slashdot Mirror
"Now you understand, so you have no excuse in the future, you sniveling fucking moron."
Stop projecting. Sad!
"CNN "journalists" like Anderson Cooper describe themselves as unbiased newsmen reporting facts, when they are unapologetically regurgitating DNC taking points and injecting personal bias."
Same as Fox.
CNN isn't better than Fox. But as bad as both are, NEITHER is simply a propaganda front like these websites are.
"The people you listed describe themselves as opinion commentators."
Where exactly does describe it as just 'opinion' ?
https://www.foxnews.com/shows/...
"There is absolutely nothing unethical about what they do."
They deliberately and knowingly lie and spread misinformation. Is that ethical?
Now CNN's full of opinion peddlers too who are equally out to lunch. Fox used to be way worse than anything on the left, but I honestly can't say that anymore. Its just as bad now. But lets not pretend the GOP is just catching up. It's the other way round.
Sure an actual news organization with a politcal bias is the same thing as a pretend news organization owned and operated by a political party for the sole purpose of influencing elections in its favor.
"So Stop bitching just cause Republicans are finally getting around to giving dems a taste of their own 30 years later."
'finally getting around'? Hannity, OReilly, Limbaugh, ... hellooooo?
"If you want me to integrate windows 3.11 with a trumpet winsock as your public facing mission critical whatever... You're not going to be a client."
Sure that's fair. You can easily afford to walk away from those potential clients. But can you really afford to walk away from everyone who uses office 365? And not just from clients, but also vendors, subcontractors, and other 3rd parties?
Ive got a few blockers, but one key area where linux falls flat in professional use:
skype for business meetings, microsoft teams meetings, ring central conference calls, teamviewer meetings, onedrive for business, and sharepoint document collaboration stuff.
Linux is very much a 2nd class citizen or excluded outright. Yes, some options support linux, and for office365 you've got the web-apps which do _some_ of the stuff, but it's limited and slower.
You can't dictate what your clients, and partner organizations use and its unprofessional and unacceptable to be "difficult" to meet with people, to only be able to join from a smart phone when training and presentations are being made etc. (And using your phone to get around limitations in linux still requires acknowledging that those are limitations with linux that you had to introduce a 2nd platform in order work around them.)
"Are there other tools than whois that give this information? I would like to try them."
Just google ip geolocation to start.
I tried mine, and a couple got within 30 feet. Most of the rest got at least the right city.
You then take that, and whatever you can clean from the xbox profile/steam profile, things the person has posted, comments they've made/etc, the sound of their voice over chat, and anything else you got while gaming...maybe they dropped part of their real name over chat... so 'raven1982' is named stu, probably born in 82, maybe you groomed him a bit first -- got him to mention what he did for work, or he bragged about something his school maybe or his army service or that he has a new muscle car... whatever, geolocation gives you a pretty good idea where he lives... then you hit hit facebook and linkedin and all that stuff looking for anything that links.
It won't out everyone. But will out a lot more people than you might think without much effort.
Send out a few probes... try a few numbers from your best guesses... maybe you hear a voicemail message and can tell its the same guy from the game. So now your 'best guess' becomes 'got him'...
Or maybe he just did a whois saw who your ISP was, and called a booty call he knows that works there in support to do a lookup... one and done.
"Oh, please. An average "smart" TV is dumber than a 4 year old Roku."
Extrapolate to a future where its got a 5g radio, and it'll have at least a mediocre mobile SoC like you'd see in an android or iphone, a couple GB ram, and enough SSD. You can already get android tvs.
"Even IF (big IF) future "smart" TVs include "free" 5G data service for some purpose"
You can already get lots of devices that include cellular data at no extra charge. Where 'lifetime data' has been prepaid in an arrangement with carriers; yes on the anticipation that *lifetime* data is going to be a couple GB or something. I've seen cellular timecard punch clocks for example. Company i worked with bought one not even realizing it; they were floored when it just worked and connected up without even being joined to the wifi.
"you can bet your ASS it's only going to be "free" to use for accessing the services of specific partner companies."
Sure. If you are using it properly for its intended purpose you'd be right. Once its been pwned all bets are off on what it can or can't do.
" and I probably won't BOTHER with the TV's "smart" functionality anyway, "
Who cares what you were bothering to do? Once its pwned it'll overheat and crash, and run out memory and crash, and run out of storage and crash... all while you are trying to use it as a dumb monitor.
"Camera? Meet electrical tape."
Really? I thought only people with tin foil hats wandered around taping up their appliances.
"20 million people inadvertently serving child porn via hacked smart TVs is a statistic"
I'm not suggesting you'll be legally liable. Just that you are contributing to the problem by running an insecure pwned piece of crap.
Grandma with her virus laden PC she only uses to look at cat pictures isn't really at risk of identity theft herself... she ONLY looks at cat pictures, so the viruses really don't pose her much of a threat... but she's still contributing yet another unit to the botnet knocking services out in DDOS, ,sending spam, and so forth. Now her TV is another one. Just because its not draining her bank account doesn't make it ok.
" And worry MORE about the half-dozen OTHER cameras strewn around the house"
What other cameras? What other mics? my phone? lieing flat on a desk in the office on a charger. my laptop... sleeping. both are under support. both are updated constantly. the tv is upright in the living room facing into the room 24x7 and its never truly off.
and it hasn't gotten an update since i got it. But i do what you say. one hdmi cable up from my amp. a roku, pc, nintendo switch, connected to the amp. its not on wifi, its not on ethernet.
But it doesn't have a cellular connection; so its not really at risk. but cellular is coming. You sayd "big IF" but i say inevitable. the cost is dropping like a stone, and its soooo much easier to get it so that 'it just works' if you don't have to get the consumer to get it on to their wifi. no more support calls when the consumer gets a new wifiap and their tv stops working... etc etc. the manufacturers want this. badly.
"Worst-case, your 7 year old smart TV someday connects to a 5G network without your permission, gets bricked by hackers"
Worst case? You lack imagination friend.
Worst case hackers grab it via shodan etc; and turn it into a cryptocoin miner, so it cranks at full cpu usage 24x7 on you, while they allocate the rest of the available flash storage on it (since it needs to be able to download new apps and app updates) to serve child porn, while using the built in camera and mic (it came with skype video calls as it one of its apps...); to stream your living room out to creeps and wierdos...
Some of those TVs will belong to attractive women. Some to people with young kids. Some will be in bedrooms. .... they tie the feed up to rudimentary AI to peek in now and again and flag interesting TVs / interesting content (for whatever value of interesting you care to apply.)
Then when someone sends your daughter a link to her live cam performance... you'll eventually join a class action lawsuit and collect a $45.08 settlement another decade after that.
Meanwhile your new TV is just as bad.
Really the smart TVs are *already* that bad; but they're safely behind quality consumer NAT routers from linksys and netgear... that are 7 years old with documented unpatched exploits.
Meanwhile... it's already been demonstrated... welcome to the future... 6 years ago.
https://www.iclarified.com/325...
"And, what? You think they won't have a HDMI port? "
You are Missing the point.
If it has a 5g radio built in, with its cellular network access cost worked out as some combination of an advertising deal with facebook, a bulk volume bandwidth pre-purchase from your local ISP. Then YOU won't need to hook it up to the internet, because when you turn it on out of the box, it already has an internet connection, ready to send all the telemetry while downloading software updates and advertising from the word go.
It doesn't need to be on your network, so it doesn't need to go through your firewall.
What possible security or control do you hope to gain from it having an hdmi port?
Maybe, if you are lucky, there will an option in settings to turn it off, and maybe if your are lucky they will honor that setting. Otherwise, unless you live in a concrete subbasement basement, a faraday cage, or the artic circle... your TV will be online.
Before we do even that -- consider that you are doing this development for a largely unresponsive and non-subscription userbase. (Home users / SMB users with no IT / etc)
You really just want one code base to maintain at the best of times; but in this case, you REALLY don't want to deal with a multitude of patch levels, and patch configurations.
New PATCH X for home users. Does it work if they are otherwise up to date? Yes. Done. That's all they want to deal with.
Does it break if they have only previous installed critical updates since 2011? Does it work if they have only installed feature updates to January 2017, and non-critical updates to May 2018? What about April 2018? Are category 3 feature updates non-cumulative? Can they skip feature updates? Do we need to write a version of the fix for users who didn't install Feature XYZ yet? For users who installed XYZ but didn't apply the non-critical fix for XYZ...
Do we need test all that? Do we need to support all that? That's an immense amount of extra thankless and mostly unpaid work.
Why not just make home users run the latest version; and cull the number of supported configurations down and focus nearly all our testing on that one patch level. There's a reason even pro users can basically just opt into a slightly slower update 'channel' now -- its all about reducing the number of possible patch configurations out there to the least that they can get away with.
"I don't think that's very common,"
What on earth are you basing that on?
"Windows should give a decent warning about skipping critical security patches, but ultimately it should be up to the user."
It's a bit like anti-vaxxers. If enough users turn off the updates, or just keep ignoring them, the health of the herd gets pretty vulnerable. And this is exactly what happened over and over again with windows over the last 20 years.
It's what's happening again now all over with IoT garbage, even if updates are available... unless they are forced almost nobody does them.
"Most home users shut down while at work or out."
True in the 90s. It's just not true anymore. These days some people might push a power button out of habit... but it just sleeps the unit. It's not a shutdown anymore. And most people just walk away and it goes to sleep by itself. Honestly, the number of users who DO NOT EVEN KNOW HOW to actually shutdown their computer is staggering.
" If a few days do go by without a restart, another reminder can pop-up. (I'm assuming Home Edition here."
Which will be ignored and dismissed, just like all the other popups. Seriously, if they can dismiss the 'your antivirus is expired' 365 days a year without once thinking maybe they should renewing or uninstall it if they don't want it. And then dismiss the 'printer communication error' popup for a printer they don't own anymore... they'll have no problem hitting 'later' on the updates reminder. They want to check facebook NOW.
"Also, Windows tends to get funky if you go a few weeks without a restart.)"
You don't HAVE to reboot, and do updates... but nothings going to work until you. Seens like you are back to forcing reboots.
The problem is users are fuckwits.
"Remind me later" or "ask me tomorrow" -- can, and will be pushed infinitely.
Install upon shutdown / startup -- only updates in the event of a power failure.
This was tried for 15 years from 2k through Win8.
Then you get some exploit that goes wild that was patched 3 months ago and 100 million fuckwits get infected because they refuse to ever do updates when prompted, and refuse to plan to ever do them.
The obnoxious overreach by microsoft here was to address this intractable problem -- regular users won't do critical updates because they're busy / lazy / don't care. And there's millions of them so MS decided listening to them scream about reboots was less bad than the damage done by exploits that were fixed months or even years ago spreading through millions of poorly managed PCs.
A better solution would be updates that don't need reboots. Or that could at least work with a hibernate restore mechanism... but in the absence of that... given the two choices; they went with forced updates are better than millions of people refused to manage their own updates properly. Arguably they made the right choice... as much as it drives me nuts personally.
It's not so much that only one person knows how to do it, its just that its not as rigid and simple as everyone assumes it is. A new hire can be trained on the basics in a day or two, and when exceptions come in they can just ask; the accountants all know or can deduce what to do with them on the fly. Or they can look how it was handled in the past to jog their memory.
Worst of all the specs are often constantly shifting. New customers and contracts are taken on and special handling is needed for them. The human data entry person can be advised pretty easily; for the next 2 weeks any jobs for this account for this description need to be discounted 50%, and the other half entered as a co-pay from marketings budget as a separate transaction with this memo attached ... or whatever. And then 2 weeks later some other special handling is needed for something else. Then a new transaction coding is added. A new vendor comes online and formats their data just a bit differently.
The problem is that you can't tackle this problem by just attempting to automate the data entry persons job because that is doomed to fail. You need a broader vision -- you need to define and publish the data specs, and get your producers to adhere to the spec FIRST.
Then you can build automation to process it.
And if you defined a robust enough spec and implemented it, it will all just work. If you didn't then the minute something unusual is needed it grinds to a halt.
The problem is that you are still screwed. A simple spec isn't going to catch the edge cases and a robust enough spec is a big project; so its better to use an existing standard.
And then you are looking at something like this
http://www.pidx.org/our-standa...
And you're going to soak a million bucks implementing it. And your smaller vendors are going to dump you if you demand they adhere to it if they don't already support it. So the solution there is to get 3rd party intermediaries translating their CSV and excel dumps to PIDX, to bring it into your system... and you've got an ongoing maintenance contract with PIDX experts to keep things humming.
And it all makes sense, and saves you money, and improves your efficiency if you were big enough; but in a lot of smaller cases it's better to just suck it up and pay someone to do the work manually.
One person spends a good day a week doing data entry into one system of data we already have in another system. Then they spend another half day dealing with the data entry errors causing problems down the line.
LMAO. You are so right.
On the other hand, it's not so simple a problem to solve; i've seen it tried. Sure it sounds like its a few lines of script... but inevitably there's a bunch of domain knowledge and data transformations being applied; and you end up 100k into developer time and it's still not quite right because the process was poorly documented, the consultants are money grubbing assholes, and the people with the information to fix it are the ones being fired so they're not exactly happy to help assuming they stuck around. Then it turns out you need a data feed from yet another system...
And the whole thing needs a highly technically skilled babysitter now to watch the logs and fix the problems in the automated process. He only needs 30 minutes a day instead of 1.5 days to do the data shunt, but he costs 10x as much; so the return on investment is taking a lot longer, especially after you factor the initial dev cost.
And then one morning the data format from one of the feeds changes without announcement from the producer (at the very least another department you don't have any control over... or often a customer, vendor, other 3rd party; and the whole thing implodes... and the consultants are billing doubletime to try and fix it. :p
Ducted units only have grease filters.
Recirculating hoods always have charcoal filters.
For example:
https://www.amazon.com/broan-r...
That 'chrome mesh filter' probably looks like just the grease filter for a ducted system, but is probably actually a charcoal filter that should be replaced regularly.
Most are good for 3-6 months depending on what and how much you cook.
e.g. you probably have (need) something like this for your particular brand/model of course:
https://www.amazon.com/Broan-B...
"It should also be noted that when you're blowing are out of the house at 400 CFM, that means 400 CFM worth of air is also being sucked into the house at some point. See "makeup air", and if you're not careful you can do things like back draft furnaces and water heaters."
That's correct. Open a window a bit in the kitchen; and that pretty much resolves any issues if the HVAC wasn't built to handle it.
Note that the 400 CFM fan isn't going to actually move 400CFM here; as a lot of those ratings assume an ideal 7+ inch diameter round duct going 6 feet straight up out the roof with a cap that doesn't impede flow... so in reality land, with far less than ideal ductwork that's far narrower, far longer, and with multiple turns, you get a 400CFM unit, and it actually moves half that.
"And natural gas (methane) only combusts into CO2 and H2O (water vapor) unless you introduce other reactants or starve it of oxygen."
Pretty much exactly right. :)
CO and NO2 are also produced as well as fine particles primarily from the burners volatizing dust. Surprisingly the levels can easily hit levels that would be illegal.
Ideally you should turn the fan on before you light the stove (or turn it on with electrics); its worst at the start as any dust, food residue, soap residue from cleaning etc on the burners gets burnt off. ie -- "Introducing other reactants"
Here's another couple references:
https://newscenter.lbl.gov/201...
https://www.aivc.org/sites/def...
Good point. A lot of range hoods are recirculating; and many models can be configured to use either ductwork or to recirculate.
If they recirculate they go through charcoal filters that should be replaced regularly. As you can imagine, many people with recirculating systems never replace the filters.
It's actually pretty well documented that the air quality from cooking can get to surprisingly bad levels quickly.
The range hoods in a lot of kitches are often only minimally up to code, too far from the cooking surface, and dirty, attached to ductwork that is too long with too many corners to deliver anything close to the rated air movement. And many homeowners don't think to even turn them on unless the cooking is active smoking.
An decent spec range hood, installed correctly, that is clean and not hobbled by inadequate ductwork is all you need. But it is shocking how rare this is.
As it happens, my current place, had been upgraded to a nice gas stove with no real thought to the range hood. The range hood is a cheap builders 280 CFM unit with around 25 feet of 5" diameter horizontal pipe with at least 3 90 degree turns. It also leaks air where it connects to the duct; so a good fraction of the air it sucks in is just blowing back into the kitchen
The range hood should be at least 400CFM for the gas stove that's installed. But due to the duct work, will need to be even higher. And it should be turned on to at least low even when just boiling water for tea.
If we roasted a turkey and let some fat drop; and have current fan on max, all the windows and doors open, the bathroom fans going, and all the ceiling fans going... we'd still set off the smoke detector.
We're in the process of getting it replaced.
Here's a couple article from 2013... this is not "new".
http://articles.latimes.com/20...
https://www.npr.org/sections/t...
"We do have a lot of military satellites."
Exactly. Satellites -- which are basically just radios and cameras slowly falling back to earth. We hardly need a whole new uniformed and separately chartered division of the armed forces to manage that.
It's got less going on then the internet based electronic warfare "cyber warfare" (and we don't need a separately chartered cyber force either).
"Why? Air Force; Space Force"
So lets rename the coast guard "Coast Force" the Navy, "Water Force", and the Army "Ground Force" right?
A couple hundred years of both Science and Science Fiction from NASA to Star Wars to Star Trek to Asimov's Foundation to Warhammer 40k to Clarke's Rendezvous with Rama to Jules Verne's From Earth to the Moon to 1970s Space lego, and Flash Gordon and Buck Rogers comic strips -- we've pretty solidly settled on space craft and space travel being like to ships, not planes.
A naval equivalent or metaphor would be much more natural sounding.
"When military airplanes became a mature part of warfare, it was time to split off the Army Air Core and make a new uniformed service. These days, the Air Force has a mature group within it that launches and uses spy satellites (and other secret missions). It's enough of a disjoint specialty that a new uniformed service makes sense."
Strongly disagree. There is no mature manned presence, no weapons to speak of, no unique and complex theatre, no combat personnel. Its a logistics and support team. Sure its quite specialized. But so is literally everything else.
You jumped straight into a strawman.
Nobody suggested a police state where everything _must_ be thoroughly inspected. I only argued that it should be inspect-able.
I also don't claim it would be perfect, nor that every defect would always be caught in advance.
Most software is shit. Like unbelievably bad shit. If it were the wiring in your home, it wouldn't pass an inspection. Junction boxes missing, connections held together with electrical tape inside the walls, overloaded circuits...
Nobody would accept "as long as there is a regulation that makes prosecution and penalties possible" as good enough. People want inspections.
And you are wrong also about how onerous it needs to be; sure subtle bugs WILL get through and even blatant bugs, or the code might be written by genius hackers with clever 'underhanded C contest' type constructions. But i don't think you realize how poor quality a lot of code is. Server code without any authorization checks. I've seen that delivered by paid professional developers; and authorization was even called out in the spec as a requirement. No concurrency checking on updates... passwords stored in plaintext... tons of horrifically obvious bugs that wouldn't even pass a static analysis tool or that would even get caught by a linter...
Why? Because there is no accountability at all. No inspections at all. Not even spot checking or random audits.
A medical device lab I work with gets periodically audited by the FDA for example, and self-audits with 3rd parties annually to find issues before the FDA does. The auditors don't have knowledge of every detail of the product and production process. If the lab were deliberately sneaking little defects into the devices to kill people, the audit would never catch that. But it does catch stuff like a bad process where completed units and returned units aren't being properly isolated from eachother. And they do inspect log books, that tools are being calibrated on schedule, verify that complaints are being investigated, etc. Sure it could all be faked, but the reality is that for the most part everyone is acting in good faith and the inspection process takes an already good system and makes it better. But without any inspection then its very easy to get into bad habits, and to slide into bad process, and create easily avoidable problems.
Software is the same way. Do the unit tests work? Were unit tests even written? Did a second person review the code? Is that part of the process or is it just blind luck if it happens? Is it documented and planned? Did it pass a static analysis tool?... did anyone even run one? Are defects being logged and tracked? Is anyone anywhere involved with the project penetration testing or security? Is there any integration testing being done? Is there any control over the development environment?
Or is it ... if it builds, then it ships?
I recently took over a project where that's what it was. There was NO control, no unit tests, a linter had been specified, but no-one was using it so if you turned it on it was just walls of red warnings. It was a multi-piece project client/server/middleware; and the previous developers working on it were basically cargo-culting their developer environments; they couldn't get it running under a debugger so that they could set breakpoints. So they were reduced to adding print statements to trace bugs. The build process reported tons of outdated packages with critical vulnerabilities. The server didn't properly authorize requests. The concurrency checking on database updates was done wrong. It didn't have a log. It didn't catch exceptions. It crashed and corrupted data all over the place. They were deploying the debug build to production because they didn't know how to build it so they were basically just recreating there dev environment on the production server and crossing their fingers; it took 2 days to stage a new build -- and they wanted $100s of thousands for their work.
This code was being delivered as
"You are free to rip out the upholstery of a car just like you can put a firmware in a hex editor or disassembler."
No. While I AM free to rip out the upholstery of a car. I am NOT EVEN necessarily free to even put firmware into a hex editor or disassembler. Between licensing, DRM, and the DMCA I may be both legally and technically prevented from doing this.
There is a big difference between that and the company simply not going out of their way to make it easy for me.
" VW cheated and paid a hefty fine and people were put behind bars (or in house arrest). That's how regulation works."
Regulation didn't work. And the cheating would have been found out a lot sooner with access to the source. Sure they *eventually* got busted for not following them, but the harm was already done. A regulation that says 'no lead paint in toys' is worthless if nobody is able to effectively check the toys for lead paint.
I am not anti-regulation, I agree with you that regulations give the government the teeth it needs. But you need *both*. If I want to build a bridge, you can pass all the regulations you like, but i still have to provide the blueprints and the whole project is subject to inspections and audits from before you break ground until the day its torn down.
Regulation is only HALF the solution. Being able to inspect and audit the source is the other HALF.
"BTW go ahead and tell me how you are going to prove in court that the developers didn't work using the source code that was made available."
Subpoena the developers and ask them under oath. Inspect their source code repositories and development systems under warrant. Again, you are demanding some artificial requirement that I be able to 'prove' it from simply inspecting the source code itself; why?
" Enough with the fetishization of source code. "
Who is "fetishizing" it?
"Software needs to be delivered in a way that works and respects the customer out of the box."
How to you plan to enforce that without being able to inspect it?
" When you buy a car you don't rip the upholstery to see if there are any hidden microphones underneath"
But I am allowed to, and if i wanted to the manufacturer wouldn't try to stop me, and generally provides and so far to my knowledge the makers of cars have never been caught hiding mics in the upholstery.
"You also don't demand to examine the ECU software for any code designed to kill you on purpose while driving."
But you should be able to. 'Dieselgate' for the win right? software designed specifically to defeat pollution regulations so vehicles could get away with polluting more... maybe not designed to kill you personally, but leading to poorer air quality than there should have been which kills people daily.
"You trust there is regulation against this."
And even with the regulations actually being there, that trust was misplaced. I'm not sure you chose a very good example.
"To prove to you I am right, let me ask a question"
Wait, how on earth does that 'prove' you are right?
"I mean something that can be used in court against a vendor providing obfuscated (and unexaminable) GPL source code?"
I'm going to go out on a limb here and suggest that if's not the, you know "source" code the original developers actually work with then its not the source code. A simple litmus test of code inspection for X isn't necessary. The courts have the power to subpoena witnesses, and the necessary evidence.
"the heroine's name is ATILA spelled backwards?"
And what pray tell is the significance of 'ATILA' ?
Everything is something spelled backwards. Did anyone notice that captquark is krauqtpac spelled backwards! I mean its true... but so what?
ALITA is also a near homophone for 'a liter', and if you take the i out it's ALTA which is sometimes an abbreviation for Alberta; and you can also rearrange the letters to "A TAIL" or "A LIT A" what's a lit "A" i wonder? :p