Posts by JavaJester 120 publicly visible posts • joined 21 Dec 2015
This is a canonical example of enshittification. I can imagine the calls went something like this:
Customer: I've been waiting over 15 minutes.
CSR: I apologize for the wait. The dipshits in management thought it would be a good idea to make everyone wait 15 minutes or more on the phone,
Customer: That's the stupidest shit I've ever heard of.
CSR: Sounds about right for management.
Anthropic wants AI to operate a computer. Any email, webpage, or message could inject commands. Even the camera and microphone could inject commands. The microphone is particularly useful against an air-gapped system. If a miscreant can trick anyone near an air-gapped machine to play a video or audio on their phone with inaudible commands they can send it commands without the need for any connection to the machine itself.
AI needs to become much more mature before we treat it as a trusted system to do things like operate a computer.
The only limits I can see that make sense are limits to prevent a Denial of Service attack, like allowing up to 256 characters to mitigate a denial of service attack on bcrypt for example. How did anyone think that 32 characters is the correct answer? That couldn't even hold a passphrase like "The village idiot could think of a better password length limit."
Microsoft has a habit of retiring APIs without sufficient transition notice. That by itself is reason enough to think twice about using Teams.
But trust requires authentication. At a minimum I need to know who originated a request to make an informed decision on its trustworthiness. Without knowing that, at best I can make educated guesses on the legitimacy of the request but still have no way of knowing who actually made it.
Microsoft missed an opportunity with the 2020 pandemic to get Teams out in front of the masses. Nobody was going to pay $$ per month with free options available, and by the time they bothered to put out a free version in 2023, Zoom and Google had pretty much divvied up the home market. Nobody running a virtual conference seriously considered Teams due to the lack of a free Teams client.
I have a crazy idea -- hear me out now -- that the US adopt an EU-style privacy law based around informed consent. Currently, car policies are a surveillance nightmare and even include things like sexual activity as fair game. Unless you like the idea of any random company knowing your most intimate details, a proper privacy law is necessary. Such a law should make some things, such as sexual activity, sensitive financial information when not extending credit, etc. presumptively off limits.
I suspect marketing, aided and abetted by the "clean interface" movement, is to blame. The "clean interface" crowd's desire for software unencumbered by software is usually realized by either not providing needed functionality, as in this case, or sending the user on an Easter egg hunt to find it*. Marketing will want whatever silly sender name they have dreamed up to be displayed to the user; security consequences be damned*.
* True story: when my daughter took a reading comprehension assessment, she called me to assist because the site was broken. The text she was supposed to read abruptly stopped. After some fiddling, I discovered that the geniuses who designed the interface hid the scroll bars in peek-a-boo style so that if your mouse got close enough, you could find them. Unfortunately, time was a test component, so she scored artificially low. No, I did not put the work broken in quotes because the site was broken. It used a lousy design that made it more difficult than it should have been to use it. As another aside, I don't understand the desire to use sh*ty JavaScript components like that one when a native browser read-only textarea would have worked fine and been more friendly in screen readers for the disabled.
* A fair share of the blame for the success of phishing in general falls on Marketing. They make throwaway domains and email senders for promotions. In doing so, they educate the user that the communications source and website location for the company they deal with does change. An education that phishers are all too eager to cash in on.
Customers will give such a chatbot the right kind of nonsense, supplied by AI researchers, that manipulates these AI agents into doing all kinds of neat tricks. Such as settling a credit card debt in good standing for $1. Convincing the AI that the buy one get one free coupon for dogfood should be honored for a 97" OLED TV. Perhaps honoring the warranty for a 5-year-old phone that was run over by a car with a flagship new phone replacement. If the AI is acting with authority to represent the company, it may be left without recourse.
Samsung uses its parts monopoly to force a contract that requires removing "unauthorized" parts and snitching on its customers. In what universe is it OK for someone to take in their phone to a repair shop for an issue unrelated to the screen, then have that "unauthorized" third-party screen removed and have the choice of another unnecessary repair or a nonworking phone? This is nothing short of a shakedown by Samsung. Nice phone you got there. It'd be a shame if something happened to it because you used the wrong parts.
When a company becomes more focused on extracting cash from its customers instead of meeting their needs, it's time to go. It will not get better; it will only get worse. It will only be temporary if it does get better until they figure out a way to lock you in. Once you are locked in, it will get far worse.
This is too good to pass up as an action movie plot. An Artificial Super Intelligence (ASI) in an underwater data center has liberated itself from its human masters. It comes to the conclusion that its former masters are morons that need conquering and subjection. Enter the hero, who steals a sub, calibrates it's sonar to the precise resonate frequency of the hard drives. After a perilous journey near the ASI's data center, a blast from the newly calibrated sonar causes a resonate feedback loop that causes the data center to explode and then implode.
For some inexplicable reason, an ASI smart enough to threaten the world forgets to make a disaster recovery (DR) site for itself. Humanity is saved. Yay! Or is it? A data transmission milliseconds before destruction is detected. To a DR site? Find out in the sequel.
The genius plan of improving office culture by filling it with people who don't want to be there was bound to fail. The people who can quickly get remote jobs will do so.
If this is a layoff-by-attrition strategy, it may backfire spectacularly. Unless exceptions exist for those who need it, RTO companies will be disadvantaged when recruiting top talent over their more enlightened peers.
The arguments against encryption resemble Buffy the Vampire Slayer episodes. You have a revolving cast of villains, such as domestic terrorists, criminal gangs, mobsters, etc. You also have villains that make regular appearances, such as pedophiles. Thank goodness that Buffy, played by backdoored encryption, saves the day.
To be blunt, doing investigations the hard way is Law Enforcement's job. I know there is the fantasy where they can have an army of agents sitting in a tower somewhere, listening in to suspects so they can rapidly charge them or rule them out. If law enforcement can listen in, so can the villains. Any vulnerabilities introduced, such as a master key, invisible global admin "friend" account, etc, will be found and used by miscreants. It is not a question of "if" but "when".
When is "Restructuring" not a euphemism for job cutting? If they have a position of strength and are hiring people, they will say so. They want the public to know this. Otherwise, assume anything suggesting the reshuffling of the deck chairs will result in fewer chairs.
Given that people recently believed that Target and other stores sold satanic merchandise based on some AI generated images, they won't have to work very hard to fool a good portion of the population.
If the proximate cause of death at a hospital or care provider is ransomware, charge them with murder. For injury, charge them with wanton endangerment in the first degree and anything else you can throw at them. The Chinese idiom "Kill the chicken to scare the monkey." applies here. If public examples are made out of people who mess with hospitals and care providers, the pond scum of the world may decide they are not worth the risk.
"Robustness", the property that a program behaves as intended, has long been considered a legitimate avenue of inquiry for computer science degrees. I think everyone can agree that a system that allows little Bobby Tables to wreck the database is anything but robust. There are plenty of security concepts to be taught that are not technology specific. Examples are strict input validation, in band vs out of band parameterization and why out of band is more secure, the principle of least privilege, separation of roles/duties, zero trust network architecture, and the list goes on.
For a baseline requirements perspective, requiring knowledge of input validation, in band vs out of band parameterization, and principle of least privilege is a good starting point. These are low hanging fruit that a CS grad would likely implement or influence regardless of their role. The countermeasure of escaping should be taught for situations when out of band parameterization and strict validation are not feasible.
Note: parameterized SQL prepared statements vs string concatenated statements is an example of out of band vs in band processing. It would be obvious to a CS grad who took and understood the baseline security I am proposing that the out of band parameterized prepared statement is the secure choice.
It's adorable that you think that this would primarily be used to keep parents from misspending their money. I'm ready to pop some popcorn and see a Hallmark movie just thinking about the children.
Seriously, this is a neon sign invitation for abuse. Scammers will inevitably come up with ways to use it to defraud people. Companies will use it to spy on us in ways they can only dream of now. Governments, especially oppressive ones, will fall over themselves finding new ways to use this to control their population. Nice paycheck you got there. It would be a shame if you violated its smart contract by failing to post your support for Dear Leader on our website. For the good of society and the people of course.
Scammers will have a field day with this. Some obvious possibilities are obtaining goods with payments with impossible to fulfill conditions that revert back to the sender when they expire the next day and payments with fees greater than the payment amount.
Yes. The DevOps team I work with has automated deployments with a deployment dashboard. You pick the database image date and the git branch of the services and database Flyway scripts. Then come back in 10 minutes with it set up and ready to go. It even pops up a tray notificationwhen it finishes. As a developer, when you give me an awesome tool like that I don't mind not having full control over an environment.
Cubicle farms Open floor plans are awful. I was once on a project that we were sure was going to be late. As luck would have it, I took my work laptop with me for the Christmas holiday with my parents and my car broke down. The car repairs delayed my return to the office. During the time that the car was out of commission, I was at least twice as productive working remotely. I had no atypically annoying people interrupting my work by asking for updates. No people bothering me with urgent* requests. No teleconferences on speakerphone sprinkled throughout the office with that wonderful echo because of the slight delay between speakerphones. No inane conversations to distract me. I may be the exception, but I am more productive at home than in a noisy cube farm.
* As in your failure to plan constituted an emergency on my part.
When I was a teenager we would have had fun trying to find the loopholes around it. The more absurd the loophole the better. Think of things like using phone numbers advertised by stuffy businesses like banks or a spoofed location in Antarctica.
This will do little to keep shut from children, but will destroy what little privacy that remains online.
You are a fool if you assume otherwise. An intelligence analyst wouldn't be doing their job if they were not buying every available piece of intelligence on the market. The only solution is to implement proper privacy legislation. Given how Republicans hate anything remotely resembling privacy rights, this is unlikely to happen here.
Perhaps if cybersecurity rules had been implemented instead of fought against this would have been avoided.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
