Posts by Paul Hovnanian 2354 publicly visible posts • joined 16 Mar 2008
Employed by a service firm who contracts your labor out1. Being a sole proprieter contractor is rare in some industries. The tax collectors just don't like individuals off on their own, making use of all those juicy deductions reserved for corporations.
[1]Edward Snowden comes to mind.
"This means you can only try ONCE per 24hrs"
They've never seen me fat-finger a password then.
Anecdode: I type some (infequently changed) passwords by muscle memory. It's my version of touch typing (which I don't do). At work once, I had to log in to an admin account to fix an issue with some factory automated test equipment. Shop floor supervisor said "Just use the console on the ATE."
"Not a good idea, I replied." But rather than argue, I gave it a try on an unfamiliar keyboard. After three fumbles and a lockout, I had to return to the console terminal in my office to reset it anyway.
Google is making a mistake if they haven't considered the process I (and others) go through to enter a passwird om a taglet or sellphome.
This is true. It comes down to IP owners being involved in a pitched battle for consumers eyeball time. Which is the limiting resource in most cases. Invent a new tecnology to produce competing content and the studios will do what they can to stop it. Or acquire it.
Heck, even sitting around the campfire, telling stories may have to be outlawed. Carbon emissions and the risk of forest fires, you know. Now you kids get your noses back in those fondle-slabs.
What we really need is for someone to create a series about a superhero copyright attorney. Who swoops in to serve papers anywhere a violation occurs. And then sue all the people that copy this hero in real life.
Mine's the one with the mask and Batman cape (Oops!). -->
One could always use Professor Farnsworth's Universal Translator.
"SS7 won't help for encrypted calls"
You have to make the call. And so a record will be left within the telecoms systems (SS7). We may not be able to read or listen to the message, but the connection data exists. And in spite of all their other shortcomings, our phone companies are amazingly good at tracking calls when there's a fee collection involved.
"At least here in EU all SIMs need to be registered to a person"
Not sure about current law. On my last visit to the EU, I bought a cheap GSM phone and prepaid SIM in Germany. For cash.
And following that, I traveled to Greece. Where a local SIM required my passport number (or other ID).
Funny thing was: I only bought the Greek SIM to avoid outlandish roaming charges. The (anonymous) German SIM still worked, but would have been drained in short order.
Things may have changed in the last decade, but people who prize anonymity are sure to find new loopholes.
"Signal itself is (probably) pretty secure"
Secure against what? Sure, gov't intelligence may not be able to decrypt your messages. But often what they are doing is "link analysis". Who is talking to whom. This is enough to infiltrate most organizations. And from there, it's just the rubber hose.
This is what the FBI did in a few US cities. Grab protesters off the street, capture their phone IMEIs and trace connections back through the SS7 (notoriously insecure) records. Ring leaders identified.
You might be able to avoid this kind of surveilance by tossing burner phones frequently. But most of the aforementioned are so emotionally attached to their iDevices, that's not a frequent problem.
So, there's a hole in npm's security model that one can drive an aircraft carrier through.
What to do about it? Block npm from using URLs as dependency sources? Most package managers I've seen will recursively satisfy dependencies. But only from the top level repository or some list of approved sites (mirrors, etc.) I see some talk about this URL thing as being a "neat feature" in some cases. But it may be too dangerous to remain. Particularly as miscreants have discovered and used this loophole.
To all the innocent devs who used this as a shortcut for doing cool stuff without the overhead of checking code into a repository: Sorry. It might just have to go.
Reasonable odds.
Ever since Microsoft dodged that DOJ suit by agreeing to a consent decree. And soon after, entries were found in the registry looking something like NSA_KEY_... And the consent decree had to be overseen by a FISA court judge who had the knowledge (and clearance) to tell people, "Nothing to see here. Move along now."
Microsoft _appears_to_have_been_ compromised for a few decades. In much the same way John Profumo may have been with his teenage mistress. Prove it? That will be difficult. Drop him from a sensitive givernment post? Probably a good idea.
Ceaser's wife must be above reproach.
"Private Equity would have already built it quicker, cheaper and more efficiently"
Private Equity isn't stupid (I may be wrong). They aren't going to sign up for infrastructure development unless there's some guarantee that the customer (and revenue) will be there in the long term.
Silicon Valley is more like sports team owners. Build us a new stadium or we'll move your home team across the country. So the politicians build it (to avoid the wrath of the fans) and the team is sold anyway.
Here you go. Of course, you will probably still need the firmware blob, which technically makes it non-FOSS. But it's something we do in Linux all the time* to get WiFi cards running. As I understand it, most of these are basically USB back to the host machine. No DMA access to the host OS or data, so that can be secured/firewalled.
*Whilst holding our nose.
... I wonder if Washington State, home of Microsoft as well as the Climate Commitment Act will be levying a carbon tax per LLM query soon.
They are getting close to figuring out how to tax cow burps (methane) and adding that to our beef prices already. So this shouldn't be too much of a stretch.
Accounting rules.
They track capital equipment by asset tags, inventory everything periodically and demand that unused equipment be surplused to get it off the books. We used to run into this all the time. Not so much with PCs, routers and such. But pricier lab equipment that was expensive and difficult to procure if needed again. Due to ... accounting rules.
We tried to keep spares around to extend the life of difficult to maintain equipment. Accounting instated a "5S program" to clean out storage cabinets. We just started referring to 5S as "Same sh*it, stashed someplace sneaky."
This was my thought.
IT often objects to BYOD policies due to exfiltration from secure internal networks. To top that off, the Economist has a good article on the "Lethal Trifecta" of LLMs. This overcomes the problem of access to private data (for Microsoft, that is). Once the data is "out" and incorporated into ChatGPT (or whatever), it becomes a simple sales pitch to offer that AI service back to your company instead of those whiny, expensive employees.
That might have been an instance of very good aim.
Anecdote: Back in my power company days, a service lineman came back from a call. Seems that the fire department needed the power cut to fight a rural house fire. Not willing to wait to wait for one of our employees to make the long drive out, a police officer on scene just shot out the transformer fuse (so it was reported). The lineman dispatched envisioned shattered porcelain and other hardware. But when he arrived, he found that the cop had made a perfect shot, cutting the 1/4 inch thick fuse link in half from about 25 yards, hitting nothing else. With a handgun.
Our lineman was surprised in part at the cop's knowing exactly what to cut.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
