Posts by Michael Wojcik

Re: Wrong

A ban has no chance of "mak[ing] ransomware go away entirely". None. Zero. It is remarkable that so many are naive enough to believe otherwise.

"Just reinstall from backup" is the way commentators on ransomware stories spell "I can't be arsed to pay attention".

Re: Brutality

But since they're often state-sponsored, they're probably being given a flash car and a promotion.

Hell, in North Korea, "my family eats tonight!" is probably sufficient incentive.

Re: Escalation?

Oh, they have been attacking each other. There's plenty of turbulence in the IT crime sector.

The problem here is that there are at least two major sources of innovation in extortionate IT crimes (ransomware, etc). The private-sector gangs mostly operate on an affiliate model; since the gang leaders aren't performing the attacks themselves, they need to introduce innovation in order to justify their own existence and distinguish themselves from other gangs to their affiliates.

Meanwhile, the government-sponsored and -allied groups are under more direct performance pressure from their task masters. If you were running a North Korean ransomware team, would you want to show Kim a graph that's not trending in the right direction?

So some of the innovation may be due to supply constraints, probably as much because of competition as because of improving security posture by victims. But a lot of it is due to increasing demand.

Re: A far better

True. But security is a matter of economics. Improving defenses and removing the vulnerabilities you can identify raises costs for attackers, and that in turn reduces successful attacks.

Improving software security is justifiable even if it can't achieve perfection.

Re: A far better

There are alternatives to using passwords for authentication. While there are problems with all of them, there are problems with passwords, too.

Re: A far better

That's why either liability or regulation is needed. Those are the ways we turn externalities into direct costs, and make them apply equally (well, in an ideal world) to all vendors so as to remove the market incentive to violate them.

Re: Would it not be possible to give a patient list to the police...

I don't think those consequences were unintended.

Of course the situation is always more complex than any synopsis can convey. I have friends and relatives in the police, and I've known other good police officers who are deeply concerned with avoiding unnecessary violence and injury, applying the law fairly, and so forth. The post-2001 militarization of police forces is indeed a big problem. So is the ever-broadening mandate of police forces to deal with all the social problems that states and the public have given up on: domestic strife, child welfare (aggravated by popular dangerism), homelessness (often coupled with mental illness), alcohol and drug abuse, and various other ills. The war on social services that began during Nixon's presidency and has continued since has severely overburdened many police forces, and put officers in situations they're not adequately trained for, nor given resources to address properly.

Then we have the problem of similarly under-trained officers being asked to respond en masse to (supposed) hostage situations and the like, as in the Finch case, where they're inadequately informed and under-supervised.

And we have various Federal agencies trying to use local law enforcement as proxies (e.g. the TSA) or in conjunction with their own forces (e.g. the DEA, ATF, ICE, etc).

Meanwhile, abuse of qualified immunity, endorsed and encouraged by SCOTUS (particularly Antonin "Drop a Tree" Scalia, of blessed memory, and Clarence "Nothing's Cruel" Thomas), has emboldened those who'd like to see more police thuggery. And politicians know that on the balance "tough on crime" often gets them votes, particularly since a majority of Americans are convinced that violent crime is getting worse even though the opposite has been true for decades.

Re: Would it not be possible to give a patient list to the police...

Isn't any level of suspicion noted for calls originating outside the geographic area of the alleged SWAT worthy situation?

Yes, but that's not a reliable indicator. Barriss used VoIP (via a public library's guest WiFi) to call Wichita City Hall, where he convinced the person who answered the call to transfer him to Wichita PD. For the police in that case, the call was local, because it was routed through City Hall.

Now, they should have noted the call was not coming from the claimed address; and the person who transferred the call should have flagged that it was being transferred. There were a lot of mistakes made in the Finch case from the moment it started — and no one paid for any of them. (The officer who shot Finch was promoted to detective, for example. None of his superiors were disciplined for their mishandling of the situation either.) But it wasn't quite as simple as the police falling for an out-of-state caller.

Re: Would it not be possible to give a patient list to the police...

The police are pretty good at doing that already

Citation needed. What fraction of police responses are triggered by swatting? In what fraction of those have police identified the culprit? Show your work.

Re: Would it not be possible to give a patient list to the police...

if a swatting should be attempted (given that it has already been threatened), the police can visit the premises in a slightly less gung ho method

Yeah, good luck with that.

In smaller communities — towns and smaller cities — you're probably going to get a more careful and proportionate response regardless. In larger ones, there's a good chance the police force will go all Wichita without bothering to check any "list" that was provided to them. In the Wichita Finch case, the swatting call didn't even come through emergency response — Barriss called Wichita City Hall and asked to be transferred to Wichita PD. If that didn't give them pause, do you think they'd stop to look at a list provided by some random medical firm?

And, of course, since there are no consequences for the police, either for supervisors or for officers who actually pull the trigger, in these incidents, they have no institutional motivation to try to correct the problem. Certainly there are many good police officers who are sincerely troubled by it, but there's no structural pressure.

Yes, the only reason anyone would object to torture is because they support the potential victims. For our foes, it's just fine.

Or maybe you and the OP and all the upvoters should get a fucking grip and try to behave like civilized people?

Re: "is Perplexity's AI the answer?"

Kind of surprised I had to go halfway down the comments page to find a mention of it.

Re: AI not needed in search

Web search (I typically use DDG) works fine for me, for the cases where I've used it in the past. For real research, I use real tools.

Certainly web search could be better. What tool couldn't be?

But also certainly "AI" won't make it so. We already have a technology for doing conversational research; it's called "research librarians". SotA LLMs are far, far behind their capabilities.

Re: Where To Even Begin

Where do Trump and Xitler find these fools?

There are strategies under which this is a good tactic — particularly at this historical moment. Even if it had no chance of succeeding (and that's by no means certain in 2024), it's a way to exhaust the NLRB and the employees it's representing, and push for arbitration or a settlement.

Re: Dear Elon (you ignorant slut):

Since ~half the US population appears to have decided that an authoritarian con-man bully is the better alternative, I don't think that "rising up" will do us any favors.

Re: "SpaceX has sued America's National Labor Relations Board"

Normally I'd say it's just a stalling tactic, but considering SCOTUS will shortly be considering two cases with an eye to further stripping power from regulatory agencies (see my post in an earlier thread), it actually has a prayer, depending on how long they can delay the inevitable appeal. A circuit court might well wait for the SCOTUS decisions on Relentless and Loper.

It's going to be interesting to see what SCOTUS does with Relentless, Inc. v. Department of Commerce and Loper Bright Enterprises v. Raimondo. Thomas and Gorsuch, at least, have already signaled a desire to use those cases to gut, or at least limit, Chevron, on which much of the force of the regulatory agencies' powers rests.

Arguments come in on 17 January. Jackson recused herself from Loper, which is not great if you think the government should have some power to regulate.

There's also Murray v. UBS Securities, which is narrower but may restrict the SEC's interpretation of some aspects of SarbOx.

For all of Roberts' talk about stare decisis, this is a court which has not been particularly reluctant to override earlier SCOTUS decisions they don't like. 2024 could be a good year for jurisprudence for the rich.

Re: ALGOL 68 Blew My Mind

od is indeed required by the Single UNIX Specification (the successor to POSIX and XPG). The SUS Rationale says "The od utility has been available on all historical implementations", though it's not clear what they mean by "all historical implementations". Certainly versions (with certain differences) were present in both BSD 4.x and SysV.

Re: ALGOL 68 Blew My Mind

“name” for what everybody else called a “pointer” or “reference” or “address”

Except that an ALGOL-68 "name" is not the same thing as a "reference" in other languages. In particular, ALGOL's call-by-name has rather different semantics than call-by-reference, and is now justifiably obscure. And ALGOL-68 had call-by-name and call-by-reference (and call-by-value), so the two have to be kept distinct even in the context of ALGOL programs.

At least that's my understanding. I played around a very little with ALGOL; I've never used it in any significant way.

Re: Wirth, ALGOL68, and the Meta key

But where would we be without template metaprogramming and Koenig lookup and half a dozen kinds of smart pointers? You don't want to make programming easy, do you?

(Actually, I don't mind C++, when the source code I'm dealing with is well-written. The problem is that IME it almost never is. Generally it's a ghastly, unreadable mess that often misses several much better and idiomatically C++ ways to accomplish basic tasks — partially because the language is Too Damn Big and most practitioners never seem to have studied how to write good C++ code.)

Re: USCD

p-system was an early interpreted-intermediate-representation implementation. I'm not sure it was first. UCSD Pascal came out in 1977, which is a year after Micro Focus was founded, and I thought the MF COBOL INT format went back to their first compiler implementation.

IBM's System/38 was commercially released a year later, and it used an intermediate-representation abstraction as well; when that was carried over into the AS/400, it permitted architecture-independent binaries which enabled the 400's move from a CISC to a RISC ISA. And, of course, the S/360 was founded on the idea of keeping the same ISA across different hardware implementations, though of course it was "run anywhere as long as that anywhere is some sort of System/360".

But for all of that, p-system may well have been the first attempt at a truly architecture-neutral compiled format with the intent that it be executable on many target systems.

When I started with Pascal — using Turbo Pascal 3.0 and Borland's great Turbo Tutor book — I'd already written programs in BASIC, COBOL, and assembly for a handful of ISAs. I'd looked at samples of code in a number of other languages, including LISP, FORTRAN, PL/I, and even an inscrutable APL example.¹

Pascal was an epiphany. Oh, yes, of course that's how a programming language ought to work.

Not many years later I had something of a similar reaction when I learned LISP properly, and again with OCaml. But never as profoundly as when moving from a primarily-BASIC mindset to Pascal.

During my CS degree one of my projects was working on a Modula-2 compiler, so I got to play with that language a bit as well. Never used Oberon.

¹Many years later I got an interactive APL environment and learned the language well enough to write some small programs that actually did something useful. It's still inscrutable. I look at screenshots of code I wrote and I can't remember what half the operators do, or why in the world they'd do that.

Re: But, you know

I don't think there's any US president I'd want to be related to.

I mean, I wouldn't particularly care; but I wouldn't brag about it, either.

Re: I just never understand

Obtaining a specific person's DNA is trivial

If you're routinely near them, and know who they are, sure.

Obtaining the DNA for someone at a large distance, or someone only known by name and a few other pieces of information, is rather more difficult. As is obtaining DNA analysis for a large number of people.

Your objection is irrelevant to OP's point, which is that sending a sample to a bunch of charlatans in Silicon Valley, and then allowing that information to leak to all and sundry, is a rather bad idea.

Re: Explain please !!!

It's not clear to me that it is efficient. Socket could argue it's "effective" based on outcome: they do identify a lot of malicious packages.

It might be efficient if the model is more effective at the initial screening than humans are. Even with a high false-positive rate, if the model narrows the search space for malware in the packages under examination by, say, a couple of orders of magnitude, that might well mean a net gain over not using the model.

Again, we don't have enough evidence to assign a probability to that. We just have Socket's word on it.

Re: Piles of styles

There's a few thousand years' worth of European and European-derived speculation in a little philosophical field called "aesthetics" on this question, you know. And similar but different speculation in other cultures. Possibly too much to summarize in a post.

Re: Don't get this confused with free speech.

Nothing in the Bill of Rights restricts citizens (including employers); it's simply a list of limitations on what the government can do.

This is wrong, or at least inaccurate. It's established jurisprudence that the rights enumerated in the Bill of Rights also cannot be constrained by a citizen's deployment of state power — notably, by using the courts to infringe on those rights. That's a critical distinction from the common but incorrect inference that the Bill of Rights applies only to actions initiated by the state.

Re: Don't get this confused with free speech.

And, of course, they were quite correct to laugh at Columbus. He was wrong. And the outcome of his error was not "discovering the New World", but revealing the New World to the European aristocracy. The European merchant class was already well aware of the existence of the Americas. Giovanni Caboto ("John Cabot") sent Colón a letter taking him to task for letting Ferdinand and Isabella in on the secret (with predictably terrible consequences), and Basque fishermen had been fishing cod from the Grand Banks for centuries.

Columbus was by no means a genius. And neither is Musk.

Re: Don't get this confused with free speech.

It's not legally a free-speech issue. It is ideologically a free-speech issue, because of Musk's posturing about being a "free-speech absolutist". It's another of the many cases where his hypocrisy is obvious.

Re: Things Twitter/X is equivalent to in value

The responsibility for the death of local news lies with almost all of us who won't pay for news

It does seem hard to argue with that. Of course, at this point it may be difficult to find local news sources that you can support.

My wife and I buy a copy of our local weekly newspaper^1,2 each week. We pay for some online news services. We listen to local radio stations, which run advertisements (not a great many, and pretty much all for local businesses and services, and PSAs). But we can't, for example, watch advertising-supported broadcast television; we briefly tried to pick up some stations with an external antenna at Mountain Fastness 1.0, and basically couldn't get anything. There's no daily paper around these parts and no way to get one delivered — or even to buy one in local stores, as far as I recall.

On the other hand, I haven't looked at Twitter in many years, never posted anything on it, and never used it for news (just followed a few amusing accounts). I see no value in it whatsoever.

¹For those unfamiliar with the term, it's a bit like a lot of old-fashioned static websites, printed out onto relatively large sheets of paper. Sets of these sheets are folded and then sold to prospective readers.

²Our weekly is often both informative and entertaining, and regularly wins awards, but I'm not sure the competition is very fierce, to be honest. And I admit to a secondary motive: newsprint makes good tinder for the wood stove.

Re: There's no mention of Twitter in the linked-to report

Perhaps we just enjoy watching you whinge about downvotes?

(JFTR, I didn't downvote any of your posts. Seemed a bit low by this point.)

Re: Is It Even Worth That Much?

You don't get to be the world's richest man (off and on) by being stupid with your business arrangements.

Counterexample: Elon Musk.

Musk's riches are largely down to chance, with his ability to bamboozle investors in second place. The entire Twitter debacle, from Musk's initial statements about buying it until now, shows that he is, indeed, very stupid with at least some of his "business arrangements".