Posts by big_D 6775 publicly visible posts • joined 27 Nov 2009
I agree. I've never understood people taking naked pictures of themselves or leaving them on their personal devices. Certainly not something I would do or recommend. Same with any confidential information, don't leave it where others can abuse it. But if people want to do that, that is their choice and if they have nowhere else to store them, or the device breaks, before the images can be removed, that isn't a free card for the repairers to post them online.
A device breaking, so that you can't remove the information, before sending it in for repair, definitely doesn't make you stupid or justify "victim blaming".
The lowlifes working for Apple/their agent are the ones in the wrong here and Apple's and Pegatron's vetting and control procedures.
For its part, the party said it had recently changed its bulk email provider and the "transfer of records had not been effected properly".
How can the records be transferred properly? You need proof of opt-in for each record you transfer, you can't just move them to a new service. If they don't have the proof of doubt-opt-in, the service will probably suspend their account... :-S
Except, nothing has changed, except the UK is no longer in the EU.
It has always tried to side-step its obligations under GDPR, and regularly got its knuckles wrapped and sent to the naughty step in the process. Now, it is outside and will actually have to fulfill those obligations, if it wants to continue.
And, as the article says, it isn't alone, the US has been in this boat for the best part of a decade, with successive treaties sorted out and then blatantly ignored by the US, until the treaty gets annulled by the EU courts and they have to start all over again.
Unfortunately, it doesn't work like that.
I am not a patent lawyer, but this gets reported often enough, so I'll give it a try.
The chip manufacturer pays his license fee in order to sell the chips... If he sells them to an end user, or builds them into a finished product themselves, that is the end of the story.
The problem is, Daimler isn't an end user. They buy those components and attach them to their car control systems and entertainment system, thus making an end-product that has technology that uses those patents, so those have to be licensed as well.
Nokia is legally obliged to provide Daimler access to use the patents at FRAND rates (i.e. if everybody else is paying 5c per chip, they can't turn to Daimler and say, "we don't like you, we want 1,000€ per chip.") and Daimler is legally obliged to license those patents for its finished products.
It is a bit of double-dipping, IMHO, but that seems to be the way the law works, from what I've seen reported here and elsewhere.
It is all fiendishly complex and that is the best I can do to approximate my understanding of how the situation works. But I might also have the wrong end of the stick...
Of course. I get the information about each launch here, in Lower Saxony, because it is a big event, getting those huge liners up the river to the sea, they have to remove power lines and swing bridges open all the way up the river, so it is always big news, when one of those monsters is launched.
Give me a classic car, easy to work on, no electronics, and a Bluetooth enabled radio and I'd be happy.
But some electronics are inevitable these days, to get through emissions regulations, for example. And it has to have ABS etc. All these add electronics to different places.
Maybe we should just keep those old cars going...
Yes, but still "in the cloud", as in accessible from the Internet.
There is a difference between an isolated bank that has not Internet access and one that has some server access through the Internet (i.e. the cloud, before folks at places like AWS, Microsoft Azure or Google Cloud Services made Cloud with a capital C something different).
Yes, as long as the users know what they are doing. I've tried it with non-technical users and it is a pain to set it up for them on each device and train them up.
The likes of 1Password, LastPass etc. aren't as autark as I would like, but it "just works" on any new device, without having to jump through too many hoops (i.e. just install the browser add-in, sign in and go.
With you solution, they have to sign into Dropbox or Nextcloud, install the PM and set-up the PM to read the right file. For a technically versed team, no problem. For users who don't know the difference between an ERP application and an RDP client, or accidentally click the "pin" in the Outlook menu ribbon, then call up to say Outlook is broken, that is too much.
If you try and enter your username and password using 1Password, it won't offer you any default credentials, if you visit a phishing site (same for LastPass and all other PMs I've used). If you really want to enter your banking credentials into a phishing site, you need to open 1Password and manually search for your bank logon and manually tell 1Password (or any other PM worth its salt) to fill it in for you or to copy and paste it manually.
On my account, it offers a drop-down with credentials that are used for the current site (E.g. Amazon I have private and business accounts, the same for Microsoft 365 etc.), but it never automagically fills in the details, I have to explicitly select them to be filled in.
If you land on a phishing site, you won't be offered anything to fill in, so it is fairly obvious it is a phishing site and the fact you have to manually search for the "correct" login for that site should be a huge warning that it isn't the site you are looking for...
I block Facebook on my home network.
My daughter came to visit. She claimed my Wi-Fi was broken, because she couldn't get to Instagram or send a WhatsApp message... I told her, I block Facebook...
"But, this is Instagram!"
"Yes, Facebook Instagram."
"And WhatsApp!"
"Yes, Facebook WhatsApp."
Long silence.
She now uses Signal, but still uses Instagram.
No, but the technology is maturing, there is no real need to update every 2 years - which was forced on us by the old carrier subsidy schtick.
PCs were improving so much in the 80s and 90s, that if you really used it, you needed to replace it every 18 months or so. Then the market matured and a 10 year old high-end device is still "adequate" today - I have an old 2010 Sony Vaio Core i7, which is still "fast enough" to run as a Linux Mint desktop (battery died about 2 years ago).
Smartphones are moving into the same category, especially mid range and high end devices. They don't need to be replaced every year or 2, a five year old phone is still "good enough" for most people. 10 years is probably still pushing it.
But everything is built down to a price and designed to break or be obsolete after a couple of years. That is why I very much like the EU initiatives to make everything repairable and force manufacturers to keep spare parts available to customer for at least 10 years.
I haven't had a headphone socket for, probably, 5 years now. To be honest, I don't really miss it.
The free USB-C <-> Jack dongle I got with my Huawei still works with my Samsung (although I got a pair of USB-C headphones with that) but I've used it twice, I think. I usually use the headphones when out walking the dog, and the lack of wires (using BT) means I am not constantly ripping the 'phones out of my ears, as the cable gets tangled up with the dog's lead.
I never heard any difference between the headset on my old phone (with jack) and the new phone with the dongle.
The removal saves only a couple of cents in the BOM, but it removes an additional point of failure and an additional ingress point for dust and moisture.
If you want to stick with a jack, fine. I can just tell you, that I noticed no real change in audio quality and I don't miss the jack and there are good technical reasons for removing it, in terms of device reliability.
I hope you can continue to find phones that suit your needs.
My brother-in-law finally updated his Galaxy S4 mini at the end of 2019 / beginning of 2020. That was released in 2013!
He only replaced it, because WhatsApp stopped working on it.
I doubt it has had an update in a good 6 years.
A lot of people can't afford to change their phones every couple of years and, if it is still working, many won't change it even then. It is "just another tool" to them, they replace their TV every 10 - 15 years, the toaster every 20 - 30 years, the landline telephone maybe every 20 years. They don't see their mobile phone as any different to the landline phone, in terms of its durability.
5 years should be the minimum, I think. It should at least be getting monthly security updates in cadence with Google releasing the information over the fixes publicly.
Microsoft release 1 set of updates each month, second Tuesday. Unless you go seeking (manually starting a search for updates), in which case, you will also be offered the "preview" updates for the next month at the end of the current month.
Reboot with security patches takes around a minute on my 2018 ThinkPad (Core i5). I've no idea why your machine is taking so long to reboot, I'd give it back to the IT support to be looked at, even an update to the current version of Windows 10 (20H2) shouldn't take more than 10 minutes. It sound like something is seriously wrong with the configuration of your machine.
And, with Google releasing critical bug fixes every month, the cadence must coincide with the release of those critical patches!
Samsung seem to have gotten much better. My wife's S10 and my S20+ get the monthly patches within about 3 - 5 days of Google announcing them. In fact, I'm also getting Samsung improvements twice a month, plus the security updates at the beginning of the month, at the moment.
The problem is, there are so many resellers cropping up, you can't swat them down quick enough, especially for smaller manufacturers. You need to keep somebody permanently looking for fakes on each platform and with some of the platforms being slow or just ignoring reports, unless you pay for their premium counterfeit reporting programme, it is difficult to play catch-up.
Recently, c't in Germany tried buying AirPods off eBay, they bought half a dozen pairs from different re-sellers, all fake. In most cases, they reported it to the police and were holding onto the fakes until the police could collect them, but eBay was stonewalling, wanted the fakes back, thus leaving the buyers with no proof that they were fakes for the police. Even with a police case number, without returning the fakes, they didn't want to refund the money or deal with the reseller, until really put under pressure.
Often, you have to look really hard, instead of SanDisk, it is SunDisk or they use the SanDisk name with a Samsung model number or vice versa. If you aren't paying attention and don't know exactly what you are looking for, it is all too easy to get caught.
c't magazine in German regularly reports on scammers on eBay and Amazon selling counterfeit memory cards and USB sticks, or currently, fake Apple Airpods, which are so well disguised, that only the poor sound quality and the lack of "learning" and the updates failing give them away at first glance (and a couple of spelling mistakes in the small print on the box.
Have you actually looked at the Rust for Windows source? It is a bunch of interface definitions, to allow programmers to target Windows for application development.
They aren't changing the language. Just like MFC, OWL, KDE or GTK class libraries for C++, for Windows and Linux, for example.
A lot of I/O and thread management is platform specific, for example, and you need the relevant interfaces in order to be able to develop fully functional applications on each platform.
Rust is at the same level as C/C++ and not a platform independent language, like Java.
Rust is a safe and system level programming language. That means that, Rust is a system level language, not a platform independent language. You will need to target each platform individually.
Providing a bunch of interfaces/functions that provide that support directly in Rust, as opposed to the programmer having to slog through the Win32 documentation and write their own interface calls, and hope they read the documentation correctly and have safely implemented the calls, will save a lot of time.
The same has always been the case for similar languages, such as C and C++, on Windows you either had MFC or WPF from Microsoft or OWL from Borland to provide the integration of the OS into your applications. Linux, macOS and other platforms have their own classes / interfaces for programming on them.
AFAIK, Microsoft aren't re-writing the Rust language, they are only providing translation layer libraries to make it easier for programmers, so they don't have to keep re-inventing the wheel.
Looking at the source code on Git, it is just a list of published interfaces. If you are programming on Linux, you'll need similar interfaces, the same of macOS or Android etc.
I've not read the fine print, but it sounds like this is only an issue if you do something foolish involving linking SQL Server to Access.
Possibly, although it might be possible to combine this with a script that searches the network for SQL Servers and then tries to use a standard password attack to get JET to access to the SQL Server. I haven't read the research, so I don't know for sure. But setting up a dynamic SQL Server connection is possible.
Of course it's a code smell to be writing a query like that anyway,
Yes, but code building a dynamic query (something that regularly happened at the time, in my experience) could quickly build up unmanageable query lengths buy concatenating code and looping through parameters pulled out of other systems.
Obviously, the safer way would be to use stored procedures, but they weren't always an option.
No install of Office includes SQL Server, but when JET or Access are installed, they included several methods of attaching to remote SQL Servers. Certainly, you shouldn't be installing Access on the server, where your SQL Server is installed.
And there is always malware infecting the host of a privileged user, or a non-privileged user and escalating privileges, to chain onto the JET vulnerabilities.
Likewise, unless you are a dev, you probably don't have IIS running locally either, that is also usually on a server somewhere in a server room.
Office Pro or Office 365.
Office Standard and Home & Student, for example, don't get Access and H&S doesn't get Outlook*, so probably many, especially private users, are not affected, unless they have installed additional third party software.
A lot of third party software, especially in-house bespoke software used to use JET as its database engine of choice, as it was integrated into Visual Studio.
* I'm not sure, whether Outlook uses JET internally.
Is it really SQL Injection, when you have a platform that can issue SQL commands directly? SQL Injection, per se, is injecting SQL code into normal inputs that are not properly escaped, before they are passed to the database.
In the case of JET, you have a database engine that is capable of sending raw SQL commands to a SQL Server, so the Injection part seems a little spurious, without further information. If it is feeding SQL Injection code into an existing JET database, which is then captured to send further code to the SQL Server, yes, SQL Injection. If it is local code using the JET engine to send raw SQL, not so much SQL Injection.
That doesn't make the attack any less noteworthy or less worrying - especially given the prevalence of Access 2003 and 2007 runtimes still used out in industry, because the systems that use the databases are critical and the devs no longer exist to convert it to later version.
Yes, in nearly 40 years of work, those have never been subjects that were allowed to be discussed on company resources - from noticeboards and email through chat systems, wikis and in-house forums, to things like Slack and Teams today.
It looks like Silicon Valley is slowly getting into the mainstream business mode and people are put out that they suddenly have to adhere to the same rules that everyone else has had since "time immemorial".
There usually isn't enough vaccine for that. You have to prioritise. You vaccinate employee 1 and his family, employee 2 gets COVID-19 and dies...
The advice is also to roll-out the vaccination to neighbouring communities, once the employees are vaccinated, which would include family, probably.
We are still vaccinating the over 70s, but in the last few days, doctors have been inviting anybody who is interested to turn up, once all the planned vaccinations for the day have been completed, if they still have any vials of vaccine left over.
As more vaccine becomes available and more people have been vaccinated, the vaccination of the wider community can be carried out. In the case of these companies, the equivalent of the "over 70s" group will be their employees and once that group has been vaccinated, they can then roll it out to the wider population in the area, including families of employees.
Unisys in Foxhills, Milton Keynes was good as well.
When I was there, it was the first public TV showing of The Blues Brothers. All throughout the residential halls, all you could hear was The Blues Brothers Band that night. The next morning, at the breakfast table was the only person on the course over 50, moaning that he didn't get any sleep last night, because the neighbouring room was playing some music at high volume! :-D
I was on a DEC training course in Reading, VMS Administration. I'd been a VAX programmer for a few years, but it was decided I should also get some mad admin skillz as well...
The first day of the course covered the basics, which I already knew - before joining my employer, I'd had a summer job working for an oil exploration company, working in administration and FORTRAN programming.
We then got onto the force logoff part of the day and, as expected, people were randomly logging the others off the system - it was a training machine, dedicated to our classroom.
I had a brainwave, wrote a few lines of DCL and ran it... It produced a list of logged in users and, if the username wasn't mine, it logged the user out. At the end of the run, it then re-submitted itself as a batch job, so it ran constantly. Oh, what a laugh...
The best bit was, whilst you were logging on, you had an entry with the username <LOGIN> and a process ID, so, everybody was being killed off, before they could even log on! A hoot!
Then, idiot that I am, I accidentally logged myself out! Not so funny now!
I couldn't log back in. Nobody could log in. The instructor took us into the backroom behind the classroom, sat at the console and started to logon directly at the console... BLAM! Session killed. Login, session killed, login, session killed. In the end, we had to perform an emergency stop and reboot the server.
The instructor was very good about it. I had no come back over the incident.
This is very true, but Apple can't then say, in the same breathe, that PWAs are equivalent to native apps, even though we restrict them from using the same APIs as native apps.
Native apps should have more access to the device, because they are installed from a trusted source and you want them installed. Website hijacking shouldn't enable the same level of access as a native app, certainly not without prompting for each piece of data it wants.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
