Posts by Michael Wojcik 12336 publicly visible posts • joined 21 Dec 2007
Exactly. I've released stuff under various licenses. None of them are GPL. I'm willing to contribute fixes to GPL products, but I'm not interested in doing significant free labor on them. When I work on open-source software, I want it to be under a permissive license.
Others feel differently. That's their prerogative, but spare me the evangelism, thanks. I heard it from Stallman in the 1980s.
The Apache License has this clause:
Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
[emphasis added]
Whether that overrides the revocation clause in 17.203 is a question for the courts, I suppose. I'm kind of surprised that other FLOSS licenses don't include the "irrevocable" language (along with "perpetual" and "non-exclusive").
Agreed.
But here's an interesting twist. An organization drafts an email like this one – and note the one shown in the article is fairly long. Pick a dozen words with suitable synonyms and phrases that can be reworded, and make a list of their positions and alternatives. Now you can mechanically generate 212 different email messages that have the same semantic content but are unique.
Assuming you have fewer than 4096 recipients (find more alternative pairs if you have more), you can take your mailing list, compute a perfect hash, and use the binary representations of those values to select which alternative for each pair to use.
Now when a message leaks, you can instantly identify the leaker. All you need are the list of alternatives, the list of recipients, and the hash function. (This is not innovative; it's the same approach people used to find "birthday" collisions for digital signatures that used hash functions with too-short images.)
I doubt Fatface has anyone clever enough to do this sort of thing, but it's entirely possible to trace social-media leaks of "confidential" messages this way.
Yes.
It's interesting how companies that actually do extensive user testing, like, oh, TechSmith, say, so rarely seem to show up in this "we rolled something out and people hated it" stories.
(I don't have any connection to TechSmith. I've met a couple people who work there, and talked to some about their user testing, and I've used a couple of their products.)
Sure, just look at all the recent CVEs for NNTP and IRC implementations...
Hmm.
But then Slack hasn't had one since, um, February.
Yes, this is an extremely persuasive argument.
Slack: Proudly bringing you half-assed versions of things that have been around for decades.
I can kind of SWAG western Kansas at about 115 W
I haven't checked (where's the fun in that?), but that sounds about right. St Louis is right around 90° W. I remember that one from seeing the sign saying you're crossing the 90° meridian when driving through western Illinois on I-74. (Illinois extends further west in the northern part, thanks to the Mississippi refusing to run due north-south as a sensible river would.)
It's not as much fun as the "halfway to the North Pole" sign we pass when driving north in Michigan. I always think, "well, no point in going to the Equator now".
Same reason I decided to vacation in outer space instead of Australia. I mean, that and hordes of giant venomous spiders.
Presumably you mean "precedents", not "precedence".
It takes a long time to set precedents in the US for Federal laws, because for anything important decisions will be appealed up to the circuits, and the circuits can arrive at conflicting decisions. Unless and until SCOTUS takes it up, there's no national precedent. And even then there's no guarantee a court will take notice of precedent – that's something counsel has to raise once a suit or criminal case is in progress. So precedent is not particularly helpful for small organizations with limited resources.
Revoking S.230 would crush smaller players. Only the big ones would be left.
That's the whole damn point. Zuck wants to gut Section 230 because it will become infeasible for small players to comply, and that will drive them out, cementing Facebook's dominance. It's regulatory capture at its finest.
Being anti-230 is to be anti-open-Internet and pro-Facebook. They are one and the same.
Wyden is completely correct about the consequences of screwing with Section 230.
I remember when Plan 9 first went public.
A services-based microkernel? That was a departure from the norm, particularly the monolithic fixed-at-build-time kernels of OSes like *BSD; AIX's ability to dynamically load kernel modules was forward-thinking when it was introduced. But microkernels were already popular in the research community, and by '92 Mach was well on the way to being a true microkernel design.
The Plan 9 team made hay of the filesystem-based IPC mechanism, but we'd had essentially the same thing in UNIX for years, with UNIX-domain sockets (BSD) and the lesser-known FIFOs (AT&T V7, I think). It just wasn't so widely used. Promoting it in Plan 9 was a Good Idea, but not revolutionary.
What really made Plan 9 different was the per-process namespace. So rather than all processes seeing the same filesystem, modulo chroot(), each process would see its own version. And since pretty much everything was pushed to the filesystem as the One Abstraction to Rule Them All, that was important.
But of course in the early-to-mid-1990s it was going to be very difficult for an upstart OS to gain traction, even in the embedded market that AT&T initially targeted for commercialization. The big commercial UNIX players were fighting hard both among themselves and against various BSD distributions, against OS/2, against minicomputer platforms like the AS/400, and then against Linux and Windows. Few people wanted to bet on an outside chance. Linux and Windows were able to muscle their way into the mainstream – taking most of the market from the proprietary UNIXes – but Plan 9 really never had a chance.
There was also widespread perception that the performance cost of message-passing microkernels wasn't worth paying. This was the same period when Microsoft got rid of Windows NT's HAL, for example, and there was a general move back toward pushing all kinds of crap into kernel mode. Throw away the seatbelts to save weight.
Plan 9 might still be a nice choice for doing higher-end embedded stuff like routers, though.
Reminiscent of "COVID-19 is no worse for you than influenza". That bar is set a bit low.
That said, I take Citizen Labs' point: the sturm und drang over TikTok was largely due to people who are uninterested in making similar claims about Facebook. The Reg readership might not be surprised that the two are comparable, but I'm sure many who bought into the Former Fearful Leader's fear-mongering think Facebook is just peaches.
I honestly thought you were talking about beer for a good several seconds. I don't think I've ever seen anyone refer to COVID-19 or SARS-CoV-2 (which is what you'd really be "getting" in this case, or more accurately droplets containing SARS-CoV-2 virons) as "Corona" before. Occasionally "coronavirus", I guess, due to the giant spider principle. Maybe it's a regional thing?
For a few years I was able to commute to school and both of my jobs by train and a bit of walking, aside from driving a few miles to and from the train station; or if I didn't feel like driving to the train station, by bus and train and a bit of walking.
Those were good years. I got a lot of reading done. And even in Boston (which has nasty winter weather) I enjoyed having some outdoor time every day.
But since 1998 I've worked from home, which is even better.
Well, yeah. That's where most drownings occur. Go where the market is, man!
It's a straightforward externality. There's no cost to the organization for using these dangerous mechanisms, and using something better would be an additional cost -- at least the cost of changing an existing system or provider.
This situation won't improve until the externality is converted to a direct cost. The only (non-violent) mechanisms for doing that are market forces and regulation. Market forces often don't apply (how many water boards can you choose from?), and have generally failed where the do (because not enough customers care about this sort of thing, and often there's no better choice anyway). So until we regulate against this sort of practice it will continue.
In the case described in the article, it sounds like there ought to be some stiff GDPR fines being handed out. But I'm not holding my breath.
Oh, I know of a number of organizations that take GDPR and other privacy legislation quite seriously, because now there are direct costs associated with violations.
But it's true that many do not. And if the sanctions regimes for these laws -- that is, significant fines against offending organizations -- are not enforced, soon no one will bother.
QR codes are just as bad. For a while I had a web page which just said something along the lines of "if I weren't ethical, you'd be pwnd now", and I'd stick the QR-encoded URL for it in the security presentations I gave internally, just to see who'd bite. But it's like trying to ice-skate uphill.
At least these days a lot of phones will display the decoded URL from a QR code and ask you before following it. Still a stupid technology, though.
While plaintiffs almost always request a jury trial for patent cases in EDTX, researchers such as Iancu and Chung refute the claim that juries are particularly plaintiff-favoring there.
That said, I'm very dubious about the role of the jury in any patent case. I've served on a jury for a criminal trial, and that was difficult enough. I don't think most jurors, even with the best of intentions, are in much of a position to arrive at the correct decision in a patent case.
But the right to a jury trial -- even though it's rarely to the defendant's advantage, and that's whom it's supposed to protect -- is more important than patent abuse. I'll take the latter to protect the former.
USPTO rejects about 50% of the applications it receives each year, despite pressure from elsewhere in government and industry to grant patents. (They publish the annual statistics on their site; I'm not going to bother linking.)
So "just accept[ing] them all" would be a rather dramatic change, even if the behavior of submitters didn't change to follow suit.
Correct, thanks to Heartland v. Kraft. There are various articles explaining this, such as this one.
It's not clear how "patent-friendly" Eastern Texas actually is. While there's certainly a perception that the district favors plaintiffs in patent-infringement cases, some studies, such as Iancu & Chung [2011], refute some of the commonly-cited reasons for its popularity.
I have no opinion about this particular patent. We have conflicting court decisions about it, and the snippets in the article make it difficult to guess whether it really claims anything non-obvious to an ordinary practitioner.
Realistically, it's very unlikely that most people involved with creating and using ransomware will ever suffer any penalties for doing so. The myriad difficulties of attribution, proof of guilt, and jurisdiction make this sort of crime extremely difficult to police.
That also means that threat of prosecution isn't much of a deterrent. Neither, I'm afraid, is refusing to pay. While paying may not be a winning strategy (on average), even a concerted and widespread effort to suppress payment -- through social pressure, evidence against paying, legal penalties,1 or whatever -- will likely still leave a pool of potential victims who will pay that's large enough to be worth the low costs of deploying ransomware.
Beyond that, ransomware is already being spread by botnets and worms, so it will continue to be deployed even if no humans are involved in that process.
It's here to stay.
1As the US government and no doubt others have warned, paying ransoms may violate various laws against funding illegal activity and so forth.
The azusagakuyuki matter doesn't sound like catfishing to me, based on the description in the article, just bog-standard online impersonation -- something that became unremarkable many years ago, in my opinion. Catfishing is a particular species of fraud based on online impersonation. Here the only thing being "fraudulently" obtained by the perpetrator is attention, and the only thing lost by those supplying it are some trivial opportunity costs.
Men impersonating women in publication is much older than catfishing, of course. We're a few decades away from the Vicar and Virago, and that's just one notable modern instance.
The use of a GAN to alter the photos is a bit noteworthy (though only because it was being done by a private individual for personal satisfaction), but enough patience and GIMP or Photoshop would achieve the same effect.
The purpose of the First Amendment freedom of speech and freedom of the press can only be honestly read as the right of the minority to loudly make statements which the majority would consider either to be lies or to be offensive. Statements accepted as true and unoffensive by the (current) majority need no such protection.
Rubbish. Many people and corporations are all too happy to try to use the power of the state against any expression they dislike, regardless of the popularity of that expression. That's why we have anti-SLAPP statutes, and why we need better ones.
And before some ninny posts myths like "the First Amendment only applies to Congress": if you think that, you're wrong. Courts have consistently held that the First applies when a private party attempts to use the power of the state to suppress (or compel) speech.
#4 should be "Win a mega-lottery and keep the money", which seems to be beyond the capability of most winners. (I'd say that lottery players self-select for poor financial choices, but in moderation I suppose it's an entertainment expense. Not one I'm interested in paying, but then I don't spend a lot of money on opera tickets either, so who am I to judge?)
Those aren't disjoint sets, either.
I've told this story here before, so I'll just summarize: Many years ago I carefully backed all my personal projects up to quarter-inch tape (real work was on a network filesystem which was multiply backed up more or less continuously), then installed an additional hard disk, repartitioned, created filesystems, installed the OS -- and then discovered the tapes were not readable.
the content is tightly controlled
Sure! I'm confident that no one has ever, or will ever, use an Alexa device for anything which is illegal in any jurisdiction. Nor that illegal content will ever be captured and uploaded by a Ring device. Amazon's all about "tightly controlled" content. Why, their store is famous for ensuring the accuracy of every product advertisement.
Yes sir, I have no qualms whatsoever about allowing Amazon unfettered access to my network.
Just unpicklinng one can't run code."
Except when it does. See Marshalling Pickles (AppSecCali 2015).
This has been a well-known issue for over five years. And it's not just Python.
I've managed to avoid it so far -- though I also avoid shopping on Amazon as much as I can, these days, and that helps.
Another obnoxious Amazon quirk: every time I go to check out, they ask if I want a student discount. Every. Damn. Time. I'm not an (enrolled) student, and haven't been since I completed my most recent degree several years ago. Give it the fuck up, Amazon.
Cryptocurrency prices crash, the miners unplug their kit, least efficient first, and, again, sell cards.
The problem in this case is that (apparently, based on the article) the demand here is for Ethereum, which unlike Bitcoin and most other simple cryptocurrencies has use-value: it's used for smart contracts.1 And according to various academic papers I've read, there is an obscene amount of money tied up in Ethereum smart contracts. Losses due to breaking Ethereum exceed $200M, and they represent a relatively small portion of the total Ethereum value.
Apparently -- again per various academic studies I've read -- many of the DApps using Ethereum are doing real data processing for real companies that make real things. Personally I find the idea a bit horrifying, but I guess you can always find someone to try any damn thing.
So Ether (the cryptocurrency based on Ethereum) is in effect somewhat stabilized by this store of value, even if Ether is not technically a "stablecoin".
1Which are neither, of course. Even the founder of Ethereum has disavowed the term.
"Press play on tape #1" Ah, the memories. My first PC game was a cassette-loaded Hunt the Wumpus for the Commodore PET. It was mildly entertaining!
Though some of my friends had Atari 400s or 800s; with those, for games it was just a matter of slapping the cartridge in and powering it on. And if you had the 800, with its dual slots, and the debugger cartridge you could often get the game to boot and then break in the debugger, and then you could have all sorts of fun.
One friend even had the external floppy drive for his 800, and a couple had the Votrax speech synthesizer.
Yes, it's a standard marchen trope. In the Grimms you can find it in "Seven with One Blow", for example.
A decent dictionary of folklore tropes would probably cite older sources. Wouldn't surprise me if it shows up in Marie de France, for example.
I have a vague idea that there's a classical example, but I can't think of it offhand.
(Re Jabberwocky: "He was so terrified his teeth turned white overnight!" Or words to that effect.)
I expect this sort of thing varies widely. I've never had a bad experience with a taxi, minicab, or private-hire in the UK (out of, I dunno, a few dozen trips?), and only once in the US that I can think of -- and that one was really just that the driver got in a shouting match with another driver.
But I've no doubt other people have.
On the other hand, some people have also had bad experiences with Uber. So I'm not convinced that Uber, even aside from its various and egregious flaws as an organization, is actually providing objectively better service as a rule.
Most drivers own cars unsuitable for Uber so have to lease a prius.
Really? A majority of Uber drivers in the UK use leased Priuses? I refuse to use Uber, but I've never seen any Uber users in the US picked up or dropped off by a Prius. I know the Prius is a popular vehicle in some circles, but this claim is hard for me to believe.
I agree with your larger point that Uber drivers incur various expenses which "at least minimum wage while you're on a run" will not adequately cover. Of course, I'm here in the Land of the Ridiculously Inadequate Minimum Wage (Especially for People Who Might Receive Tips), so I'm inclined to view an employer's claim of "it's a living wage!" with suspicion, if not outright disdain.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
