Re: Marmite
Isn't lube always de rigeur? If you don't have the rigor, the lube won't help.
12132 publicly visible posts • joined 21 Dec 2007
I know being fit it seems like your age shouldn't be a factor, but it is.
Is it? Do we have statistically-significant evidence, corrected for other factors, that age beyond X significantly increases risk? Or is that just a supposition?
The last I looked, cases and fatalities were pretty well distributed - certainly enough so that once corrected for other factors it seems plausible that age itself is not a significant risk contributor.
I also note at least some of the preliminary papers I've seen attribute a significant portion of fatalities to cytokine storms, which generally hit younger adults harder, as in the 1918 influenza pandemic.
I'm not claiming age isn't an independent risk factor, or that it's not prudent to assume it is one at this point. I'm simply questioning your claim that it is one, as a matter of fact.
I had three screens attached to my RT PC at IBM in 1990. For the past 15 years I've worked exclusively on laptops, and I've never bothered to hook multiple screens up to them. With my last couple of laptops the company ordered docking stations for me, and I shipped those back to IT to use as spares. They'd just sit in the box at my place.
Clearly many people find them desirable, and one might hope actually useful; but I haven't felt any desire to have a multiheaded system in decades.
The FDA expressly forbids the kind of remark that Trump made
"forbids" how? The FDA are not the speech police. Perhaps within the scope of their regulatory authority they can prohibit or penalize certain types of statements - for example, claims by companies regarding their products. But the FDA couldn't prohibit me from making public statements about medications, regardless of how stupid or dangerous. They can't shut down the antivaxxer idiots.
If he was anyone else he'd be looking at a massive fine and possibly even jail time + potential class action cases.
Complete nonsense. Let's see you cite a single case in which an individual in the US received a "massive fine" or "jail time" solely for making misleading statements regarding medical treatment. As for class action - good luck with that, particularly after Bristol-Meyer Squibb Co. v. Superior Court of California, and considering that there's little incentive for lawyers to go through the expense of organizing a class action when the defendant is an individual, unless that individual has very deep pockets indeed and the case is strong.
its 5G-capable 8K screens
Oh hell no. That's 5Gs and 7Ks more than I have any reason to want.1 It's getting harder and harder to find sets that don't have idiotic security holes built into them.
1I don't even bother with HD. I've found it adds nothing to the story, which is what I'm interested in.
Yes, this is just another variant of the Bus Factor problem.
Of course this can equally be an issue with proprietary software or other forms of industrial knowledge. At my job, we've been working on breaking developer silos for years, giving projects on various components to different developers to spread the expertise around. It can be done but it takes effort.
[Any] of the users *could* have maintained it, but only 2 were.
To be fair, during the Bad Old Days, the OpenSSL project was not taking patches from developers in the US and some other countries, due to legal concerns.
Also, some users - typically participants on the openssl-dev and openssl-users lists - did provide feedback and suggestions, sometimes including example code that looked a lot like a patch if someone wanted to incorporate it.
And it's not true there were only two contributors even then. The heartbeat implementation that led to Heartbleed was an outside contribution from Seggelmann, for example.
What's more important with OpenSSL is that any of its many, many large corporate users could have contributed funding, but very few did. Nor did many individuals.
When software is Open Source and free (as opposed to commercially supported Open Source software), is it really fair to expect the author/maintainer to produce the reams of documentation - that often take longer than the actual coding/testing work itself - necessary that you are implying?
I agree. It's not fair to expect much of anything of open-source software, beyond what's claimed by documents with some legal standing, such as licenses.
However, a wise developer might examine an open-source package to see if the source was developed using decently-written, maintainable code before adopting it. Or make the commitment to understand the code anyway (which was my position with OpenSSL back in the 0.9.8 days - the code was pretty awful, so I spent some time learning it).
The Javascript open-source ecosystem is toxic, with a vast array of poorly-written, poorly-maintained packages being used willy-nilly by developers who aren't interested in making the slightest effort to understand them, often for trivial things (need I mention left-pad?), and dependency graphs that surpasseth all understanding. But the situation is similarly bad in many parts of the open-source world. There are relatively few C programmers who are capable of writing decent C, for example, but there's a lot of open-source C. There are relatively few C++ programmers willing to write maintainable C++. Languages like Python also suffer from dependency disease.
There's updates and changes to the most fundamental part of our application stack - the end-users' browser - every few weeks, whether we like it or not
Ah, if only there were published standards for HTML, CSS, and ECMAScript so you didn't have to worry about all those updates.
For that matter, some have speculated that it's possible to build perfectly usable websites and web apps without using the latest idiot-bait built into browsers, Obviously that's lunacy, but it makes you think, no? Well, probably no, if you're a typical web developer.
I understand many people are sensitive about this sort of thing - and I think no less of them for it; we all have our personal concerns - but I, for one, wouldn't be worried if I got an unfortunate home trim. Particularly when I'm not supposed to be in public anyway. Frankly, it would probably bother my wife more than me.
These days, when my hair provides only marginal protection from sun and rain anyway, I don't much care what happens to it.
Didn't the article say he was tested? If so, his antigen count for SARS-Cov-2 must be too low for the test to be positive, right? (I haven't actually looked into the details for the test - maybe it tests viral load, rather than antigens.) That suggests he can't be an asymptomatic carrier, within the accuracy of the test.
"Stalking" here is being used as a term of art, not in its common sense. There's no point in discussing whether the charge makes sense until we know precisely how the law in the governing jurisdiction defines that term.
Some years ago, a man in California was charged with lynching himself - because in California, the law defined "lynching" as the forcible removal of someone from custody by a mob. The accused was arrested, and as officers were leading him to their car, he shouted out for help and incited a small riot, which ended with him escaping (briefly). So under the law (at the time - it's since been changed) he had participated in lynching himself. That's certainly not the common meaning of lynching. [Details can be found in Kevin Underhill's blog.]
Then their stash will be confiscated
Presumably by "then" you mean "after authorities review the complaint, decide it's actionable and worth investigating, investigate it, identify the perpetrators, bring charges, and secure a conviction". Because we are, still, sort of, in part, a nation of laws.
I wouldn't recommend holding your breath waiting for any of these confiscations.
Well, no, it isn't.
The inkjet cartridges are planned obsolescence, and they self-destruct on a programmed date, regardless of how much they've been used. The SSDs fail after doing a certain amount of (presumably useful) work, and if the comment above regarding a circular buffer is accurate, it's an actual mistake in the firmware (albeit one that should never have made it out the door).
Inkjet cartridges (and inkjet printers) are a scam. This is a stupid bug.
And, of course, HPE doesn't sell inkjet cartridges; that's HP Inc.
So ... the price stays the same, but the product gets better. An outrage!
Were I in the habit of buying computers,1 I'd be pleased to hear about this. Reducing power consumption alone is good.
1I've only ever bought one general-purpose computer, and that was 13 years ago. It was OK. I buy (used or remaindered) phones every few years, but that's because the damn things break and generally aren't repairable under reasonable conditions.
But RAM is much, much, much cheaper for the end customer, both byte-for-byte and in terms of what's suitable for a typical per-user workload, than it was a few decades ago.
In 1990, the cheapest RAM listed in John McCallum's data was $46 per MB. Adjusted for inflation that's about $91. The 2020 prices average out to around $0.0033 / MB, a factor of almost 40000.
I don't like PayPal, personally - they're under-regulated and have a history of bad practices (e.g. cutting off services for organizations they don't like, apparently on political grounds). And the transition from the vendor site to PayPal is ripe for phishing. It's probably more secure than paying directly with a conventional credit or debit account, particularly if the site wants to store your payment details - I wouldn't trust the vast majority of online vendors to do that to a reasonable degree of security under a reasonable threat model.
But virtual credit cards are very likely safer, and they provide more control and privacy than PayPal.
I haven't looked at this in any detail, but based on the article (as I remember it):
The "code" is just HTML, specifically an IFRAME element. That element was inserted into the content included in some page served by tupperware.com. (I'm not clear on the exact mechanism; the article mentions malware contained in an image file, but something had to decode that and inject the iframe into the page.)
The IFRAME's SRC is a URL referring to deskofhelp.com; that's the server controlled by the attacker. So the content of the IFRAME, which is a malicious payment-submission form, is loaded from the attacker's server.
So some of the "code" (such as it is) is hosted by tupperware.com, and the rest is hosted by deskofhelp.com.
It's all HTTPS, so the page doesn't contain mixed content. The padlock indicator is working as expected.
Single use, or for repeated payments (e.g. regular bills), dedicated virtual cards with tight limits.
I use privacy.com for that; so far it's worked well. I also like the fact that they'll accept any name + address information, so you don't have to provide real details to sites with no need for them.
In large areas of the US, these announcements are useful for warning about tornadoes, wildfires, and similar events which can surprise people in the area because they're relatively localized. Regions which are not so prone to natural disasters may have fewer good uses for them.
In the US the system is also used for "Amber Alerts", which are intended to help track child abductions, though in my experience the police are terrible at selecting the Amber-Alert geographic area. I've received a couple of those alerts for events 100+ miles away. And they typically don't contain much useful information ("believed to be in a light-colored truck" - oh good, that narrows it down), and if you're driving they're rather shocking (the alarm is loud), and you can't see the contents unless you read your phone, which at least a few of us still decline to do if we're operating a vehicle. So I've found the Ambers pretty much useless.
There are actually four alert levels - Amber, Severe, Extreme, and Presidential. Phones are supposed to let you turn any or all of the first three off, without having to root, though finding the setting can take some work. You can't disable the Presidential alerts because the President never says anything that's not accurate, useful, and terribly important.
Why would Dell want to trademark "Podference"?
Presumably because they're declaring war on the English language and good taste.
Anyone sufficiently tone-deaf to use a horrible portmanteau like "podference" isn't worth listening to.
(And as someone else already noted, appealing to the popularity of the iPod in 2020 is rather pathetic. What's next from Dell's crack marketing department? "Dell: The Pet Rock of computing!")
Tainted data used as the length argument to memcpy. That's not even a mistake; it's laziness, pure and simple.
Of course even in this code snippet we have C code written by someone who doesn't know that sizeof is an operator, not a function, and its argument does not need to be parenthesized unless it's a type name.
Most developers simply don't have the discipline to write in C.
And an unconstrained overflow of an automatic-storage-class1 very likely is an RCE vulnerability on popular platforms. It's the classic RCE, going back to Levi and to Morris before him.
1"Stack", though C does not require a traditional contiguous stack, and the language does not use that term.
These are "mechanic's liens", and they're governed by state law, not Federal, so the details vary among the states. Many states have imposed various requirements and constraints on mechanic's liens.
It's not just subcontractors - materials suppliers, such as lumberyards, can also file mechanic's liens in at least some states, as can architects and engineers.
Mechanic's liens encumber the title to the property, and are one reason why title insurance (which includes a search for encumbrances and irregularities) is required to secure a loan to purchase real property in the US.
There are ways for homeowners to protect themselves from mechanic's liens, typically including requiring the general contractor provide a Release of Lien when the final payment is made; the GC will have to obtain the dependent releases from the subs, which prevents them from filing liens.
That means that the miscreant is sending me a mail with a document attached
MIME called to let you know that many MUAs support embedding fonts for the main message text, no attached document necessary. Perhaps you have an MUA that's smart enough to ignore that bullshit, or at least let you configure it to be smart enough to ignore that bullshit.
In either case, it's more likely that said miscreant sends an email to someone you know, with some social engineering to get that person to forward it to various others. If I wanted to spread an email-borne virus around, I'd just send it to a mailing list, or kick off one of those agonizingly long everyone-forwards-the-entire-chain-thus-far email threads so popular at work.
Filtering by senders and subjects helps, but it's not perfect.
Actually, in the most recent releases of Win10, font parsing apparently runs in usermode with the privileges of the invoking user.
But note this is not the first RCE in Windows font processing. It's not even the first one in the Adobe Type Manager library. All of that crap needs to be taken out behind the shed, and replaced with something running in a safer environment. Font rendering has some excuse for wanting native-code processing for performance; font parsing does not. Routinely parsing thousands of font descriptions a second would be a very specialized use case.
Yes. @font-face is perhaps the stupidest idea in CSS, and CSS is not short on stupid ideas.
I routinely disable font downloading in my browsers, and I've never had reason to miss it. (And it's not that I don't appreciate a good typeface; I studied typography in one of my degree programs.) But few users will know how, or why, to do that.
Hell, no. That's one of the more pleasant billboards I've seen.
(When I'm driving through Kansas - which I do pretty frequently - one of the best moments is when I get the hell off I-70. Partly, of course, that's just because now I'm off I-70; but partly it's because billboards seem to be rare on the non-Interstate highways. US-40 is really quite pleasant with no giant advertisements to annoy you once you're through Oakley.)
Well, for one thing, it was written by people who aggressively refused to read, much less follow, the specification for the language they were using.
It may be better these days; I can't be bothered to check. But for many years jQuery was a fine example of how to do things The Wrong Way and then bitch when the broken code didn't work. And that alone is enough for me to reject it.
But then I've never needed it. When I wanted some scripting for some academic projects, I wrote my own library. It's not hard. And that way I could easily design the pages with graceful degradation for people who had scripting disabled, and readable scripts for people who wanted to copy them or hack them with Greasemonkey; and I knew the code complied with the standards; and I knew its provenance and that it was relatively trustworthy.
I don't agree with most of the recommendations in the article, or in most of the comments that offer them, frankly. But that's the point I made in other comments. People are different, and telling other people what they have to do in order to work from home successfully is a load of crap. It's fine to make suggestions, but those proffering them should acknowledge that they aren't right for everyone.
if you stick to a schedule and work 9-5 you'll be more productive than you have ever been
Sigh.
Perhaps this works for you. Not everyone is you.
I've been working from home for over 20 years. I don't stick to a 9-5 schedule. I work when I know I'm going to get something done; when I have to interact with other people in real time; when there's something that needs to be done soon. I get plenty done. Sometimes some of it gets done on Sunday afternoon or in the wee hours of a weekday, and that's the way I like it.
What if I'm a painter who gets important email regarding viridian pigments? Or Viridian laser signs for my guns? While I'm pursuing my day job as a virility researcher? And doing research for my fanfic about Viritus Unitis, the famous warship of the Austro-Hungarian Empire?
Or, I guess, if I were a virologist.