Posts by Michael Wojcik

Re: On a more serious note...

The mere possibility taints all evidence gathered using Cellebrite.

In theory, perhaps. In practice US courts at least have routinely accepted evidence and "expert" testimony on much shakier grounds, and judges often refuse to allow counter-testimony challenging forensic evidence.

We see this very frequently with malware (and Cellebrite's products are malware, regardless of whom they sell them to).

Malvuln has been running a series on the Full Disclosure list of exploitable vulnerabilities found in malware samples. Typically this stuff is poorly written and, as Marlinspike wrote, uses outdated components. Malware tends to be created by developers who specialize in finding vulnerabilities, exploiting them, and chaining the exploits; they often have abysmal software-development practices.

Re: Colophon

Never found "colophon" useful? How do you talk about them then? I mean, it may not come up as often as indicia, but surely at least once or twice a week.

Why, I don't know how many times I've invited a young lady up to see some colophons.

Sometimes owners of books will add their own colophons. No doubt you remember one such forms a plot point early in Ransome's Missee Lee.

Re: "less accurate when people don’t fit the norm"

Younger man with very short hair and mustache = very likely homosexual

Based on the appearance of the students in the last couple of college courses I taught, I'd say that's statistically unlikely.

Of course, much of this thread has been wild, unsupportable generalizations about appearance. What else is new?

Re: "less accurate when people don’t fit the norm"

Very few men have long hair

Clearly you don't live anywhere near the Mountain Fastness. I'd guess around 15%-20% of the adult male population around here has long hair. It's so unremarkable most people don't even notice.

Worldwide, maybe the proportion is small enough to merit "very few", but I certainly wouldn't want to put money on that.

Re: Guy Montags worst nightmare...

Not that simple in fact. Stuff we do without thinking such as stepping over an obstacle that wasn't there last time we walked on that route, for example.

Hell, I routinely screw this one up. Some times I trip over obstacles that are no longer there.

Re: Robo Dog PC

Boston Dynomutt.

Now, now, let the lad have his inane conspiracy theory. What else has he got?

Oh, good, Disgusted has now degenerated into No True ScotsmanTwitter arguments.

Twitter doesn't have a monopoly; there are a great many channels for expression, public and private.

And Twitter isn't abusing anything. Freedom of the press belongs to the press.

Honestly, there's nothing sadder than butthurt right-wingers bitching about "cancel culture" and people being kicked of Twitter. Leaving Twitter, voluntarily or otherwise, has never harmed anyone's ability to communicate with any audience that's actually interested. If part of your audience is too damn lazy to seek you out elsewhere, that's not Twitter's problem.

I don't know. The whole exercise is so pointless and pathetic that few people might even bother to attack it.

Then again, it's probably built from misconfigured open-source components that are vulnerable to automated attacks by botnets, so it may just be killed by computer before any competent human attacker gets to it.

Re: It should be called RSI

I had hoped that all that died when we got past FORTRAN and into an Algol world

If only. Consider the original make(1) (Stuart Feldman, 1976), in which the distinction between space and tab is significant. Still true of many of its descendants.

Re: Backticks for the fail

I'm not a fan of excessive use of punctuation and line-noise languages. That's actually one of the things I like about COBOL; now that the Great Character Shortage is over, we can actually write things rather than expressing everything in half-assed ad hoc symbolic notation.

Symbolic notation has its place, of course. Mathematics would be dreadful without it (a point Beckmann makes nicely in A History of Pi). But programming is not mathematics, and in most problem domains only rarely involves much in the way of mathematical expression. A great many of the punctuation-constructed operators in popular programming languages would be more readable, and as you say easier for many people to use, if they were expressed using words.

However, these facts have yet to discourage the punctuation diarrhea that affects language designers.

(On a marginally related note, there's a fascinating article in a recent CACM about the design of the new French keyboard layout. The designers included programming as one of their use-case domains. The piece is really worth reading, though; it covers everything from usability studies to QAP optimization.)

Re: Backticks for the fail

I assume this is the usual IT-opinion meaning of "doomed", i.e. "I don't like it but it will persist for decades after I am long gone".

FORTRAN, COBOL, assembly, all 3GLs, mainframes, UNIX, command lines ... why, some days it seems everything in IT is doomed. Or so we've been told. We're surrounded by the technological walking dead.

And yet they continue to shuffle along.

Re: Simplifications

Look, I already have a hammer. Stop telling me about this "screwdriver".

C#'s LINQ uses a similar approach: a programmatic generic query language that can be applied to any backing store that supports it.

Embedded SQL is one of those things that was a neat idea decades ago and has become a maintenance nightmare, particularly when it's coupled with dynamic modification using string concatenation and interpolation, as beloved by PHP coders.

Re: Bring back QUEL

To a first approximation, anything database-related that Michael Stonebraker worked on is worth a look.

The QUEL article in Wikipedia suggests the language could use some enhancements (like a strict string-matching operator), but it's interesting.

Re: Focus Assist

Yeah, more than once I've had a colleague complain that they're not getting some set of emails, only to discover that they accidentally had the idiotic Focus misfeature enabled and it was hiding them.

Personally, I never enable the Preview Pane / Reading Pane in Outlook. There have been too many Outlook vulnerabilities that could be triggered through Preview/Reading. (And Outlook still – still – will render certain types of inline images even with all image-rendering options turned off. Despite the fact that was publicly raised as a vulnerability in 1998. Is the Windows Metafile renderer completely free of exploitable vulnerabilities? Want to bet on it?) At least when I have to open messages explicitly in a separate window, I have a moment to think about whether I actually want to do that.

From a recent story I understand the Windows Stores and UWP are also on the way out.

Not Win10 specific, but: Silverlight, WPF, and WCF.

I've never used any of the dead or dying Win10 features (because ugh), but I do work on a project that -- at considerable urging from Microsoft -- made heavy use of WCF, and Microsoft's abandonment of that in its new hippie incarnations of .NET is annoying. Microsoft has maybe twice the attention span of Google.

I would never want Windows doing any sort of "synchronization" with my non-Windows devices. But then I'm not a fan of integration in general.

Re: Fore!

Was this approved by a state judge and therefore were all of the servers in Texas?

No. Seriously, the answer to this question is right in the links in the article. You can't take a few minutes to check?

I admit the phrasing in the article is ambiguous: "The action was OK'd ... by a Texas court" is true, in the sense the court is in Texas, but it's not a court of the State of Texas. It's the US District Court for the Southern District of Texas. The servers were in several states. From the warrant application:

19. The presumptively U.S.-based Microsoft Exchange Servers, corresponding to the approximately web shells in Attachment A appear to be located in five or more judicial districts, according to publicly available Whois records and IP address geolocation. These districts include, but are not limited to, the following: Southern District of Texas, District of Massachusetts, Northern District of Illinois, Southern District of Ohio, District of Idaho, Western District of Louisiana, Northern District of Iowa and Northern District of Georgia.

Re: FTFY

Issued on the 9th, unsealed on the 13th. It's not like they kept it a secret for long. It's not out of the question that they kept it sealed to avoid tipping off Hafnium and others who might still be using those web shells.

Re: Now you know you can blame the FBI if similar things go TITSUP in the future? *

Not "essentially a warrant" – it was a warrant. It's unsealed now and mostly redacted; the article contains a link to the FBI announcement, and the announcement has a link to download the unsealing order and the related documents. They're right there to be read.

The warrant is pretty specific. It was signed by Magistrate Judge Peter Bray of the US District Court, Southern Texas. FWIW, Bray has an engineering degree, and he was a Public Defender for 14 years.

The warrant says it was requested by telephone, and it was issued the day it was requested, so it's not like Bray spent a lot of time agonizing over it. But I don't see any grounds for claiming it was just rubber-stamped.

(I know. What kind of a nerd does actual research before commenting?)

Re: Dangerous precedent.

I'm not complacent about this action, but it's significant that they did get a warrant – so they had legal authorization and satisfied the Fourth Amendment requirement – and they only got into the servers because malware was already installed on them, which means those sensitive documents were likely already in someone else's hands anyway.

Re: Why the fuck

Linux users know how to use their operating system and bash it into making it work how they want it to

Well, to be fair, I do use bash to make Linux work as I want it to. And for pretty much everything else I do in Linux.

Sometimes ksh, if that's what my account has been set up with on one of our build VMs and I haven't bothered to change it.

Re: Lord Hawley

Well, yes. He's a would-be autocrat hoping to become Trump 2.0.

I don't think he'll make it. He's better-educated (went to Stanford and Yale, don't'cha know) than Trump, even if he still manages to be dumb as a brick; and he's more successful. However much he panders to the deplorables, I don't think he'll wash off the perfume of the elite.

It's a stupid plan anyway, because Trump wasn't the real power for the past four years; McConnell was. If Hawley were half as smart as he thinks he is, he'd be aiming for Senate Majority Leader, and working to retake control of the Republican Party from the populists. Trump supporters aren't going to desert the Republicans any time soon even if the Republicans go back to ignoring them, and voter turnout is easy enough to crank up with some well-placed outrage at the last minute. The GOP doesn't need another Trump -- they just lost sight of the ball in 2016.

That said, I'm happy if they continue to fight internally for the foreseeable future, and Hawley continues to make an ass of himself.

Re: inertia by the incumbent telcos is also a big contributing factor

It wasn't "inertia"; it was baldfaced regulatory capture. Pai was there to do the industry's bidding and everyone knew it. (Simington is just as bad -- a toady if ever there was one -- but less dangerous since the balance of power has shifted.)

Re: It is fine

There's certainly something to be said for familiarity. I still write a fair number of ad hoc analysis scripts in awk (or gawk, really). I wouldn't argue awk is good in any objective sense – though when its three famous authors created it, it was a terrific tool that didn't have any rivals, at least on UNIX. But I know it, and the scripts I'm writing don't need to be maintained (they're one-offs, even if I put them in source control just like everything else), so it's useful for me.

I do not like Perl, but I respect it, because the things I don't like about it are mostly explicit design decisions by Larry Wall, and I respect Larry and his rationale. Contrast that with PHP, which seems to be awful mostly because there's no design at all.

By the same token, I don't actually like traditional COBOL – I don't really care to write or maintain code in it – but I respect it because it was designed, and designed according to the principles that were understood at the time. And it's evolved; the 1985 standard helped a lot, and the 2002 standard helped somewhat more, and the major implementations offer extensions and relaxations which help more. (And managed COBOL is a modern OO language with access to major frameworks. Aside from a few historical infelicities, managed COBOL is quite nice.)

Re: Toxicity

I recall highly contentious flamewars on Usenet back in the day

Definitely. This was true even pre-Usenet, in the era when listservs stalked the plains of BITNET and the IBM HONE network was larger than the Internet.

It's endemic to the nature of online written communication, which has nearly the immediacy of speech (because it's so easy to dash off a reply, compared to hand-writing a message; and even with email, delivery is much faster than the post or any other print transport), but lacks the additional channels of gesture, facial expression, prosody, etc. And it has the authority and durability of print.

'94 was also the year of the Flame Wars special issue of SCR, edited by Mark Dery, and if memory serves at least a couple of the pieces in that collection touch on the phenomenon too. I imagine Dery himself, a longtime observer of online discourse, could have discussed the question at length even some years before that.

It's not a matter of having "forgotten" how to discuss with respect. It's a frame that's strongly conditioned by the medium. We've known for decades in Composition Studies that media have a powerful influence on rhetoric and discursive pragmatics; methodologically-sound studies drawing on large corpora have shown that consistently. Similarly for work in sociolinguistics and probably in other fields. You can see that as confirming the theories of the Frankfurt School, or Marshall McLuhan, or Hayden White, etc, if you wish. (Personally I like the Frankfurt, find McLuhan rather lacking in rigor, and think White's Content of the Form is interesting but not particularly surprising.)

I touched on this topic in an article I published in Works and Days in 1994, and it was widely recognized then by people using online forums of various sorts.

Re: Cult and control

There have been at least a few longitudinal studies of interactions among contributors to large open-source projects, typically by doing things like discourse analysis of public mailing lists. (There have also been some studies of such interactions in large proprietary-software projects, but those often have the luxury of direct access to developers, so they can use additional methods such as ethnography.)

The politics of those groups are complicated and tend to lean very heavily on in-group recognition and reputation. In-group-ness is often signaled by references to shibboleths which are not apparent to outsiders – usually the result of historical feuds or the whims of project heroes.