Re: This yor folt
Damn it, now I want one of those mugs.
I suppose I could just pirate the design and make my own, but I have an aversion to stealing someone else's work. Silly, I know.
12266 publicly visible posts • joined 21 Dec 2007
I understand many people are sensitive about this sort of thing - and I think no less of them for it; we all have our personal concerns - but I, for one, wouldn't be worried if I got an unfortunate home trim. Particularly when I'm not supposed to be in public anyway. Frankly, it would probably bother my wife more than me.
These days, when my hair provides only marginal protection from sun and rain anyway, I don't much care what happens to it.
Didn't the article say he was tested? If so, his antigen count for SARS-Cov-2 must be too low for the test to be positive, right? (I haven't actually looked into the details for the test - maybe it tests viral load, rather than antigens.) That suggests he can't be an asymptomatic carrier, within the accuracy of the test.
"Stalking" here is being used as a term of art, not in its common sense. There's no point in discussing whether the charge makes sense until we know precisely how the law in the governing jurisdiction defines that term.
Some years ago, a man in California was charged with lynching himself - because in California, the law defined "lynching" as the forcible removal of someone from custody by a mob. The accused was arrested, and as officers were leading him to their car, he shouted out for help and incited a small riot, which ended with him escaping (briefly). So under the law (at the time - it's since been changed) he had participated in lynching himself. That's certainly not the common meaning of lynching. [Details can be found in Kevin Underhill's blog.]
Then their stash will be confiscated
Presumably by "then" you mean "after authorities review the complaint, decide it's actionable and worth investigating, investigate it, identify the perpetrators, bring charges, and secure a conviction". Because we are, still, sort of, in part, a nation of laws.
I wouldn't recommend holding your breath waiting for any of these confiscations.
Well, no, it isn't.
The inkjet cartridges are planned obsolescence, and they self-destruct on a programmed date, regardless of how much they've been used. The SSDs fail after doing a certain amount of (presumably useful) work, and if the comment above regarding a circular buffer is accurate, it's an actual mistake in the firmware (albeit one that should never have made it out the door).
Inkjet cartridges (and inkjet printers) are a scam. This is a stupid bug.
And, of course, HPE doesn't sell inkjet cartridges; that's HP Inc.
So ... the price stays the same, but the product gets better. An outrage!
Were I in the habit of buying computers,1 I'd be pleased to hear about this. Reducing power consumption alone is good.
1I've only ever bought one general-purpose computer, and that was 13 years ago. It was OK. I buy (used or remaindered) phones every few years, but that's because the damn things break and generally aren't repairable under reasonable conditions.
But RAM is much, much, much cheaper for the end customer, both byte-for-byte and in terms of what's suitable for a typical per-user workload, than it was a few decades ago.
In 1990, the cheapest RAM listed in John McCallum's data was $46 per MB. Adjusted for inflation that's about $91. The 2020 prices average out to around $0.0033 / MB, a factor of almost 40000.
I don't like PayPal, personally - they're under-regulated and have a history of bad practices (e.g. cutting off services for organizations they don't like, apparently on political grounds). And the transition from the vendor site to PayPal is ripe for phishing. It's probably more secure than paying directly with a conventional credit or debit account, particularly if the site wants to store your payment details - I wouldn't trust the vast majority of online vendors to do that to a reasonable degree of security under a reasonable threat model.
But virtual credit cards are very likely safer, and they provide more control and privacy than PayPal.
I haven't looked at this in any detail, but based on the article (as I remember it):
The "code" is just HTML, specifically an IFRAME element. That element was inserted into the content included in some page served by tupperware.com. (I'm not clear on the exact mechanism; the article mentions malware contained in an image file, but something had to decode that and inject the iframe into the page.)
The IFRAME's SRC is a URL referring to deskofhelp.com; that's the server controlled by the attacker. So the content of the IFRAME, which is a malicious payment-submission form, is loaded from the attacker's server.
So some of the "code" (such as it is) is hosted by tupperware.com, and the rest is hosted by deskofhelp.com.
It's all HTTPS, so the page doesn't contain mixed content. The padlock indicator is working as expected.
Single use, or for repeated payments (e.g. regular bills), dedicated virtual cards with tight limits.
I use privacy.com for that; so far it's worked well. I also like the fact that they'll accept any name + address information, so you don't have to provide real details to sites with no need for them.
In large areas of the US, these announcements are useful for warning about tornadoes, wildfires, and similar events which can surprise people in the area because they're relatively localized. Regions which are not so prone to natural disasters may have fewer good uses for them.
In the US the system is also used for "Amber Alerts", which are intended to help track child abductions, though in my experience the police are terrible at selecting the Amber-Alert geographic area. I've received a couple of those alerts for events 100+ miles away. And they typically don't contain much useful information ("believed to be in a light-colored truck" - oh good, that narrows it down), and if you're driving they're rather shocking (the alarm is loud), and you can't see the contents unless you read your phone, which at least a few of us still decline to do if we're operating a vehicle. So I've found the Ambers pretty much useless.
There are actually four alert levels - Amber, Severe, Extreme, and Presidential. Phones are supposed to let you turn any or all of the first three off, without having to root, though finding the setting can take some work. You can't disable the Presidential alerts because the President never says anything that's not accurate, useful, and terribly important.
Why would Dell want to trademark "Podference"?
Presumably because they're declaring war on the English language and good taste.
Anyone sufficiently tone-deaf to use a horrible portmanteau like "podference" isn't worth listening to.
(And as someone else already noted, appealing to the popularity of the iPod in 2020 is rather pathetic. What's next from Dell's crack marketing department? "Dell: The Pet Rock of computing!")
Tainted data used as the length argument to memcpy. That's not even a mistake; it's laziness, pure and simple.
Of course even in this code snippet we have C code written by someone who doesn't know that sizeof is an operator, not a function, and its argument does not need to be parenthesized unless it's a type name.
Most developers simply don't have the discipline to write in C.
And an unconstrained overflow of an automatic-storage-class1 very likely is an RCE vulnerability on popular platforms. It's the classic RCE, going back to Levi and to Morris before him.
1"Stack", though C does not require a traditional contiguous stack, and the language does not use that term.
These are "mechanic's liens", and they're governed by state law, not Federal, so the details vary among the states. Many states have imposed various requirements and constraints on mechanic's liens.
It's not just subcontractors - materials suppliers, such as lumberyards, can also file mechanic's liens in at least some states, as can architects and engineers.
Mechanic's liens encumber the title to the property, and are one reason why title insurance (which includes a search for encumbrances and irregularities) is required to secure a loan to purchase real property in the US.
There are ways for homeowners to protect themselves from mechanic's liens, typically including requiring the general contractor provide a Release of Lien when the final payment is made; the GC will have to obtain the dependent releases from the subs, which prevents them from filing liens.
That means that the miscreant is sending me a mail with a document attached
MIME called to let you know that many MUAs support embedding fonts for the main message text, no attached document necessary. Perhaps you have an MUA that's smart enough to ignore that bullshit, or at least let you configure it to be smart enough to ignore that bullshit.
In either case, it's more likely that said miscreant sends an email to someone you know, with some social engineering to get that person to forward it to various others. If I wanted to spread an email-borne virus around, I'd just send it to a mailing list, or kick off one of those agonizingly long everyone-forwards-the-entire-chain-thus-far email threads so popular at work.
Filtering by senders and subjects helps, but it's not perfect.
Actually, in the most recent releases of Win10, font parsing apparently runs in usermode with the privileges of the invoking user.
But note this is not the first RCE in Windows font processing. It's not even the first one in the Adobe Type Manager library. All of that crap needs to be taken out behind the shed, and replaced with something running in a safer environment. Font rendering has some excuse for wanting native-code processing for performance; font parsing does not. Routinely parsing thousands of font descriptions a second would be a very specialized use case.
Yes. @font-face is perhaps the stupidest idea in CSS, and CSS is not short on stupid ideas.
I routinely disable font downloading in my browsers, and I've never had reason to miss it. (And it's not that I don't appreciate a good typeface; I studied typography in one of my degree programs.) But few users will know how, or why, to do that.
Hell, no. That's one of the more pleasant billboards I've seen.
(When I'm driving through Kansas - which I do pretty frequently - one of the best moments is when I get the hell off I-70. Partly, of course, that's just because now I'm off I-70; but partly it's because billboards seem to be rare on the non-Interstate highways. US-40 is really quite pleasant with no giant advertisements to annoy you once you're through Oakley.)
Well, for one thing, it was written by people who aggressively refused to read, much less follow, the specification for the language they were using.
It may be better these days; I can't be bothered to check. But for many years jQuery was a fine example of how to do things The Wrong Way and then bitch when the broken code didn't work. And that alone is enough for me to reject it.
But then I've never needed it. When I wanted some scripting for some academic projects, I wrote my own library. It's not hard. And that way I could easily design the pages with graceful degradation for people who had scripting disabled, and readable scripts for people who wanted to copy them or hack them with Greasemonkey; and I knew the code complied with the standards; and I knew its provenance and that it was relatively trustworthy.
I don't agree with most of the recommendations in the article, or in most of the comments that offer them, frankly. But that's the point I made in other comments. People are different, and telling other people what they have to do in order to work from home successfully is a load of crap. It's fine to make suggestions, but those proffering them should acknowledge that they aren't right for everyone.
if you stick to a schedule and work 9-5 you'll be more productive than you have ever been
Sigh.
Perhaps this works for you. Not everyone is you.
I've been working from home for over 20 years. I don't stick to a 9-5 schedule. I work when I know I'm going to get something done; when I have to interact with other people in real time; when there's something that needs to be done soon. I get plenty done. Sometimes some of it gets done on Sunday afternoon or in the wee hours of a weekday, and that's the way I like it.
What if I'm a painter who gets important email regarding viridian pigments? Or Viridian laser signs for my guns? While I'm pursuing my day job as a virility researcher? And doing research for my fanfic about Viritus Unitis, the famous warship of the Austro-Hungarian Empire?
Or, I guess, if I were a virologist.
Compartmentalization is key in any home office.
For some, no doubt, but "any" simply isn't accurate. I've spent the past 18 years working from a home "office" that's just a table in the back hall, next to the door for the upstairs bathroom and the back stairs down to the kitchen. That's at the Stately Manor; when I'm in the Mountain Fastness I'm in the sunroom, but that building only has four rooms total. It's never been a problem.
But then I've worked from home for over two decades without needing most of the principles laid out in the article. Different people have different needs.
Indeed.
This idea of combining SSG in a hybrid way and giving people the options, it's a really big thing
Yeah, it was a "big thing", at least for certain values of "big", between the popularization of AJAX and the popularization of SPAs (Single-Page Applications). Roughly 2004 - 2012, by my estimation.
But, yes, by all means, let's trot this wheel out again and proudly announce we've reinvented it.
(Personally, I found Rauch's gushing a bit obnoxious. "My thing does another thing! It's big! Visual Studio Code is amazing! See, it does amazing things! Like suggest completions! Typescript is wonderful! Your applications must be full of Stupid UI Tricks - they're great!")
It's generally quite a bit easier to understand someone else's research, after they've already done the work, than it is to invent it on your own. That's the whole point of "standing on the shoulders of giants".
If none of us could understand ideas we didn't come up with ourselves, there'd be no communication.
And it's even possible - at least for some of us - to understand things in areas we don't work in. It does require some thinking and an open mind, which I know are insurmountable hurdles for some.
Catmull's dissertation is available online, albeit as a PDF of screenshots of the typed pages.
Quick take: State of the art at the time was rendering forms using Garoud-shaded triangles. The big problem with GS is that the first derivative is discontinuous which produces noticeable Mach banding. Various anti-aliasing techniques were applied to blur the bands and smooth the surface appearance, but that approach isn't ideal.
Catmull's approach uses bicubic patches1, which I believe are capable of expressing any smoothly-curved surface (but it's been a long time since I did any of this stuff). So each patch can accurately represent any smooth part of whatever you're rendering. Then he showed how to quickly subdivide each patch until you get to single pixels (which depends on viewport and distance), at which point you can render that subdivision of the patch. And he showed how to map 2D images to patches, so you could do texture-mapping.
So the old technique (which remained in use for many years after, since it was easier to do quickly) was "decompose into triangles and shade from the vertices in, by linear interpolation"2. Catmull's was "decompose into bicubic surfaces, then decompose those further".
It's good stuff, as was his later work, and he and Hanrahan are well-deserving. But then Turing Award recipients usually are; the ACM does a good job of selecting them. (Which is not to say there aren't plenty of other folks who would also be appropriate choices.)
1A bicubic patch is a surface defined by a parametric system of two parameters, s and t. You vary s and t each from 0 to 1 at whatever sampling rate you want, and each value is a point on the surface. Think Bezier curve extended to 2 dimensions.
2There are other triangle-shading algorithms, such as Phong.
Well, yes. He was well-known in some online circles before he coined (I think "founded" is a little strong) Godwin's Law. I knew him on rec.arts.books and other Usenet newsgroups; that was one of the place he first posted GL. I dare say there are plenty of other Reg readers who saw some of those initial formulations.
He's also well-known for his work with EFF, Wikimedia Foundation, etc. And recently and controversially with ISOC.
As for "still alive" - he's only in his mid-60s.