Re: The proof
Has it really been 8 years, or just 4 years that sometimes seemed like 8?
5878 posts • joined 21 Dec 2007
Yes, I'd be interested to know what now costs 13x what it cost in 1983.
Let's see... a Honda Civic cost $6900 in 1983; today one goes for $21500, or a bit more than 3x. And fond though I am of the third-gen Civic, today's car is much safer and more capable.
US median housing prices peaked (before the crash) at around 4x their 1983 value, according to Shiller's data. And today's houses are, on average, significantly larger than they were in 1983.
Ah, the tech treasures rotting away in our attics and basements...
A few months ago I hauled some electronics off to a recycler. They included the case, including power supply and backplane, for a 1988 IBM AS/400 Model B; and a dual-Pentium box from around 1996. I'd kept them because they seemed like they could make for some fun projects. (I particularly relished the idea of putting multiple modern motherboards and drives in the AS/400 case - the size of a half-height filing cabinet - and figuring out uses for its front-panel switches and LED display. "Oh, you don't have one of those?" I'd reply when anyone asked about it. Which no one ever would, of course, but it sounded good in my head.)
For quite a few years I had a nifty thing I'd fished out of the trash when I worked at IBM. It was a pair of AT-bus cards cabled together, one with a NatSemi 160321 CPU, a couple EPROMs, and assorted logic,2 and the other with a bunch of RAM. It had a SRITech logo, and serial number 31 was hand-written on it. I talked to a few people at SRITech and no one could find any record of it; their guess (which matched mine) was that it was a 16032-based machine which acted as a bus master in the AT and took over processing, using the 80286 to drive peripherals, and very likely running some sort of UNIX. IBM used the same approach in the Outrigger, their never-released RC-PC-on-a-card for the PS/2.
But I either threw away or misplaced the SRITech unit, and without the appropriate software I probably never would have been able to make it do anything anyway.
1Or possibly a 32016. Same chip; National Semiconductor just renamed it at some point to make it sound better. In any case, at the time it was a pretty cool CPU - 32-bit addressing, CISC instructions to make hand-rolling assembly easier, etc. More VAX-like than anything else.
2I think it may have had the corresponding NS MMU as well, which would mean it supported true paging rather than simple segmentation.
I know, replying to my own post ... but, dang, that old Byte is making me nostalgic. (I think I have some old issues lying around here, among my DDJs and the like; I should dig them out.) There's an ad for "Winchester subsystems". The CompuPro System 816/C. An S-100 memory expansion kit. Discount retailers like Ironsides. The IBM Instruments Computer with its softkeys and built-in printer! (Man, I always wanted one of those to play with.)
Joel Swank's article on adding a reset switch to the VIC-20. A friend and I used that article to add that switch to his VIC.
Look at the add for the QDP-300 on page 221. That is just an amazing piece of design. Light-up power switch! Runs MP/M! Serviced by GE!
Computers today are so boring. "Oh, look how thin the bezel is on our phone!" Shove it, designers.
From that Byte review: "Computers are worthless if nobody uses them, and the Lisa has made great strides toward eliminating that possibility." True, if you chose the correct antecedent.
This issue (as the cover proudly proclaims) featured reviews of both the Lisa and the Apple IIe. The latter would have been a better use for your money. And a complete IIe system, except for the printer, could be had for about $8K less than the Lisa.
siblings should [receive] the same answer if it were possible to do what the product says it does
Particularly given the vague ("European ancestry") and imprecise ("13%") nature of the results, the tests would only be useful if they represented a fairly strong signal. (That is, the vagueness implies that test is neither accurate nor precise; thus no result should be reported unless the test finds it with strong statistical confidence.)
That means a reputable organization would only report ancestry components supported by a relatively large number of markers.
Given a large number of markers, it becomes extremely improbable that they wouldn't return to the mean; and so very improbable that full siblings wouldn't receive fairly similar results.
Consider: Assume the presence of some gene M contributes to a finding of ancestry X. Sibling A is found to possess M. Does sibling B possess it?
- At least one parent has at least one copy of M. There's a chance that parent has two copies, and (barring mutation) all sibling children will have it; call that p1. Otherwise, a given sibling has 0.5 chance of getting M from this parent.
- There's some probability that the other parent has at least one copy of M. Call this p2. If p2 is true, there's a p1 chance1 that parent has two copies of p, in which case all sibs have it. Otherwise, there's a 0.5 chance that a given sibling will have received M from this parent.
So what's the chance of B possessing at least one copy of M? Let p3 = 0.5 + 0.5p1, the probability of getting it from the parent known to possess at least one copy. Then B's chance of getting at least one copy of M is p3 + (1 - p3)(p2)(p3), or p3(1 + 1 - p3) or p3(2 - p3). Note p3 is almost certainly > 0.5. So B's chances should be better than 0.75.
Unless I've messed something up in my calculations, which is entirely possible.
We assume p is fairly common among people with significant X ancestry - that's part of what makes it a good marker for ancestry. (We also assume it's significantly less common for people without X ancestry.) So if A and B's parents share significant ancestry - which is more common than not - then sibling ancestry results should converge even more strongly.
1p1 as well here because we take p1 to be the probability across the population of all people who have at least one copy of M that they have two copies of M. Obviously within that population it's likely there will be subgroups who have greater or lesser probability of having two copies, but we don't have any information to partition at that level.
It's quite common for epigenetic changes and differences in health, diet, and environment to cause them to not be actually physically identical.
Indeed, it would be astounding if it were otherwise. Apparently a couple Reg readers 1) haven't gotten the news that genotype does not solely control phenotype (far from it); and 2) think they can determine whether two people "look identical" from a single photograph.
I don't know which is the more depressing observation.
It's perfectly reasonable to claim their first-generation (genetic) descendants can be expected have at least 25% of the mother's ancestry in each category.
"25%" because some of the supposed ancestry-marking genes that these snake-oil vendors are identifying might appear only on one chromosome of a given pair, and consequently have only a 0.5 probability to be passed on to a given offspring. We can assume that a reputable ancestry-determining organization1 would want a sufficiently large number of markers for any given ancestry characterization that we can expect a return to the average. In practice it should be closer to 50%; 25% is a worst case.
"At least" because the other parent might, of course, have a greater share of ancestry in a given category, boosting the child's.
Now, that might seem like a fairly weak claim; but it is a claim that such a service could report to a subject, about the subject's potential descendants.
1Which these are not. But that's why I wrote "can be expected": if that expectation is violated, it's just more evidence that these five firms are peddling rubbish.
Voice-control systems are easy to build using off-the-shelf components. A few electronic pieces, CMU Sphinx, TensorFlow - you could have a pure-local voice-controlled "AI assistant" up and running in a couple of days, or maybe a week if you're technical but new to the domain.
Personally, I don't see the appeal. I find voice-controlled devices immediately and deeply obnoxious.
Oooh. Charles Stross takes one on the chin in that one.
Well, he's not a lawyer either, and he does write a good novel. (Plus, if memory serves, back in the day he was entertainingly grumpy on rec.arts.books.sf.)
I am also not in any way a lawyer, but a quick check of 18 USC 1962 leaves me wondering which RICO provision of unlawful conduct Turpin's lawyers think Truglia et alia engaged in. Maybe they can call the SIM fraud a case of interstate commerce (I have no idea what case law might say about that), and maybe SIM fraud could be construed as "racketeering activity" under 18 USC 1028 (relating to "identification documents") or 1029 ("access devices"), or one of the zillion other sections that can be used to claim racketeering.
But AIUI, that's just the start of what a plaintiff has to demonstrate to get a judge to even let a RICO civil case proceed.
The Krebs piece is also worth reading for its portrait of another of these psychologically-abnormal IT criminals. Truglia clearly had poor social and life skills, and limited ability to empathize. He treated life like an RPG-style video game: gathering coins, buying buffs, and grinding.
I think you'll find that any distributed ledger would be vulnerable to attack in such a circumstance.
This is precisely the problem, and why BGP attacks attempting to partition the Bitcoin mining network happen around a hundred times a month.
"Such a circumstance" turns out to be quite common.
Instead, after they leave they get big money as "consultants" that don't actually do anything, or for serving on boards that hardly ever meet.
Indeed. Pai was a Verizon employee before he was in the FCC. He's still a Verizon employee; it's just his compensation is deferred until he leaves the FCC.
They need to get taken to task.
I have to side with Chris and the Reg on this. They were pretty clearly taken to task in the article, and explicitly mocking the Amadeus response is unnecessary. Anyone capable of critical thought will see through it; anyone not capable won't profit from being told directly.
Surely "Secure Copy Protocol" is a bacronym. "scp" is just "secure cp", by analogy with "rcp" ("remote cp"), which in turn was named for UNIX "cp". And "cp" is just an abbreviation of "copy", not an acronym.1
I see Wikipedia uses the "Secure Copy Protocol" phrase in the relevant article, but the contributors hedge their bets by also using "secure copy", and they don't seem to cite any source for "Secure Copy Protocol". Some of their sources in fact use "scp protocol", which to my thinking has better etymological justification.
(Sure, there's a security issue here, but it's not nearly as important as arguing over terminology.)
1Or for pedants who adhere to the ill-founded "pronounced as a word" restriction for acronym, an "initialism".
Eh, I can see how this happens. Someone higher up in management who doesn't have a clue is aimlessly searching for mentions of the company online. They run across the Boing Boing post and fire an email at Legal. Legal looks at it, rolls their eyes, tells a paralegal to send a DMCA takedown notice without even checking who wrote the post.
Since DMCA notices are effectively free to the issuer, plenty of firms send them out on the flimsiest of pretexts (often the entire process is automated) as an initial salvo.
It'd be interesting to change the economics - say, to amend the DMCA so that each takedown notice must be filed with the Library of Congress at a fee that starts at $10 and is adjusted annually for inflation. Oh, the howls from Hollywood! It'll never happen, of course. (And I admit it has an unfair asymmetry anyway, because it's generally much cheaper for attackers to copy protected content to many sites.)
$150 for a second-hand scooter that cost around $30 new, sold by J Random Ebayer? Sounds like an excellent deal! For the seller, I mean.
Seriously, if you want these at anything like a reasonable price, go to a municipal auction. Bring cash, and decide ahead of time how much you're willing to pay. Be willing to walk away if the units are in poor shape.
They could possibly mitigate against this attack by pouring epoxy into the case that houses the board and using non standard screws. At least that way anyone expecting a cheap scooter has a lot more work on their hands to make it work.
I don't think this is cost-effective. What Hackaday reader doesn't have a set of security-screw bits? Anything more exotic would be prohibitively expensive for Bird. And if the case is filled with resin, just chuck the case with the board and fit a new case.
Seems to me the asymmetry here still favors the attackers (people who want to repurpose a Bird unit).
There was a recent call on Hackaday for a powerwall built from Bird scooter batteries...
And in the US, if all you need is a stern letter bearing a lawyer's letterhead, this can be done cheaply enough that pretty much anyone can afford it. If there's a legal assistance service in your area, this might even be as cheap as free.
Yep. My neighbor is a lawyer (among other pursuits) and she once wrote a stern letter of that sort for me, for a $1 retainer.
That's how these things often go. There's a quick round of bidding to see if one party will just fold immediately. Then if everyone stays in, things might start getting expensive.
Amana (Raytheon) Radarange oven, circa sometime after 1967 – the precursor to the microwave oven
The Radarange line was a line of microwave ovens. They were not "precursors". They used microwave-generating magnetrons, just like other microwave ovens.
And by 1967, the Radarage line had been in production (by Raytheon) for about 20 years, so this wasn't even an early model - though 1967 was when Amana started selling consumer (as opposed to commercial) units.
anyone who still thinks swatting people is harmless fun
I don't believe I've ever read an account of a swatting case where the swatter plausibly claimed he (I don't know of any female swatters) thought it was "harmless fun". Swatters are nasty, violent, and probably manifesting some form of antisocial personality disorder. They're perfectly aware that swatting is a form of violence. Was anyone surprised when swatter Mir Islam was arrested for helping to dispose of a murdered woman's body? I wasn't.
In the Finch case, Barriss (the swatter) didn't call 911. He spoofed a local number and called a non-emergency Wichita City Hall number, and someone there transferred him to the emergency services desk. Then Wichita PD took everything Barriss told them at face value, stationed themselves around Finch's house with weapons ready, and one officer fired seconds after Finch opened the door.
The department didn't do any critical thinking and an adrenaline-drunk trigger-happy asshole failed to control himself. And no, I'm not buying any "first responders have to make split-second decisions" bullshit - this is a direct consequence of police militarization, lousy training and procedures, poor screening, and a lack of consequences. You can't fix that by tweaking procedures at the 911 call center (and I don't think yours is workable anyway, to be honest).
This case has been discussed extensively by security experts and others. The Wikipedia article is decent.
Apple sell appliances. That has always been the strategy.
I don't think that's fair. The Apple //e wasn't an "appliance". It's only their post-1983 products that are aimed at people who just want a magic box of "stuff happens".
Kids these days.
I would have thought that contributory negligence - failure to patch - would have been the tack used by the insurance companies.
That would set a precedent with a strong chilling effect on the market.
When you insure for fire damage (in a stable, industrialized country), there are well-documented protocols to follow for the insured: building codes, fire codes, inspections, etc. It's pretty easy for the insured to be in compliance and demonstrate that.
With IT-security insurance, there are few or no regulations, depending on the business. There are no standard independent inspections, and no agreement on what you'd inspect for. Potential insurance customers know they'd have a hard time showing they weren't negligent. So if insurers look like they're going to weasel out of paying claims, the market will discount the value of IT-security insurance to the point where it's no longer a viable product.
The IT-insurance market is enough of a mess already. Policies are ill-defined, claims may be hard to prove (fires leave a lot of evidence; rootkits not so much), data for actuarial analysis is thin, the market is immature (so risk pools are small and reinsurance harder to come by), and it's largely untested in court. Apparently Zurich America have decided to risk the last, but as others have noted, there's an excellent chance this will settle out of court.
I know many people like multiple monitors, but personally I just find it irritating. I used a multi-headed UNIX workstation1 for several years earlier in my career, and found it ... fine, I suppose; but for the last quarter-century or so I just haven't felt the urge. There's always sufficient screen real estate for whatever I'm working on at the moment. I haven't even used virtual desktops in years, I think, not counting VMs.
Eh, tastes differ.
1IBM RT PC running AOS 4.3, which was IBM's rebranding of BSD. X11 driving the monitors, though some of them I generally just left in character mode.
But this should be simple, and not require arcane knowledge, surely?
And that's just one collection of problems with the X.509 PKIX. There are others, and since that one was written, we've introduced a whole bunch of additional things to worry about, like algorithm deprecation, OCSP Stapling, and Certificate Transparency.
There are already plenty of toolkits and tutorials for creating test CAs and issuing certificates. That hasn't measurably changed the number of people with some understanding of the ghastly, shambling horror that is the X.509v3 PKIX (i.e., few); or the number of people who understand it well (a handful).
Valsorda is a good researcher, but frankly I don't think there's much to get excited about here. Anyone who's likely to use mkcert could probably have gotten by just fine with one of the hundreds of online tutorials using "openssl ca". True masochists could fire up Windows Server Cryptography Services instead.
People who don't test their TLS apps with certificate chains skip it because of the cognitive load, not because there aren't relatively easy tools. (Yeah, openssl ca isn't user-friendly, but it's a walk in the park compared to actually understanding the X.509 PKIX in any depth. Look at the problems caused by OpenSSL's enforcement of RFC 5280 timestamp rules - those were due to other TLS implementations generating non-conforming certificates.)
Some people routinely have to do things with administrator permission. One of the products I work on, for example, must load a number of its assemblies from the Global Assembly Cache. Updating the GAC requires elevated privilege (thank goodness); so whenever I build that product, I have to do so as an admin.
Using domain admin for local development tasks would be idiotic, thus it's a local-admin account.
Windows is still (!) terrible at switching accounts1 for command-line and GUI applications. So-called "Fast User Switching" is not nearly fast enough and far too cumbersome to be useful in this context. The closest thing Windows provides to hybrid limited-privilege and elevated-privilege operation within a session is strong UAC (i.e. require explicit elevation with credential prompt on the secure desktop). UAC isn't a security boundary but with the strong SecPol setting the split token does close most of the straightforward vulnerabilities.
I haven't checked whether LocalAccountTokenFilterPolicy applies to UAC-downgraded tokens as well. It'll be interesting to find out. The point, though, is that Windows continues to encourage abuse of the Local Administrators group, not so much because of failings in the base OS, but because Microsoft refuses to try to get the user interaction model and user experience correct for people who actually need routine privilege elevation. Hell, Richie did a better job in this area just by inventing setuid and su, and that was in, what, 1971?
1Thread security tokens, to be more precise.
Uber drivers are still licensed [taxi] drivers. They still have to pass the same tests.
Not in the US, they're not. While there are no Federal requirements for taxi drivers in the US, many local jurisdictions require they have commercial license, and many use a medallion or similar licensing system as well.
Taxi owners usually carry, and in some jurisdictions may be required to carry, taxi insurance. Uber provides supplemental insurance to their (non-commercial) gig drivers, but I haven't seen any reliable claims that it's equivalent to taxi insurance. In any case, the two situations aren't identical.
You don't say what jurisdiction you're in, or provide any other support for your claim, so my guess is you're full of shit.
He doesn't. For precisely the reason cited.
Nor do I.
My employer has recently announced that they're "partnering with Uber" for business ground transportation, and asked us to register with the company. Nope. I'll pay for my own ground transport. It's a small concession to maintain my ethics.
an extraordinary 4.8 million vehicles
I suppose that's literally true, in the sense that it's out of the ordinary, but it pales in comparison to Ford's 1980 recall of 21M vehicles. Or their 1996 14M-vehicle recall. Not picking on Ford here - they just have three of the top five. And, of course, the size of a recall will be affected by how popular the brand is, and how much the manufacturer is able to achieve efficient reuse of components and designs across the product line.
Sure, Jeeps and other FC products generally suck, to a first approximation. I don't think they're extraordinarily sucky, though. Just ordinarily.
(Also, to be fair, cars these days are much better in pretty much every way than they were in the 1970s, with a few exceptions for value or aesthetics; much better in most ways than they were in the 1980s; and significantly better than they were in the 1990s. I'm not a fan of today's huge, overpowered vehicles, but they are far more reliable than the ones I drove when I were a lad.)
The "phone app" shipped for your vehicle is actually a proxy and most manufacturers tell you very little about what it does.
Indeed. I declined to install the Volvo app when my wife bought her XC60 last year, and I suspect I'll never buy another new Volvo - or any other make of car. My 2015 Volvo XC70, with its blissful lack of "connectivity", might be the last new car I ever have. I know too much to trust any of the manufacturers.
An MVNO uses a regular carrier. I would not be too sure that the carrier is not able to get to your whereabouts.
That's not in dispute. The question is whether MVNOs can also get your location data (via their agreement with the carrier) and thus also sell it. I'm not sure that's any worse (the carriers are happy to sell it to all comers, so it's not like the MVNOs would be increasing the supply), but it's conceivable that an MVNO might be able to undercut the carrier's price, or might be more likely to lose the data in a breach.
Personally, I suspect the MVNOs don't have access to the data, unless they buy it at the going rate from the carrier, so there's no additional exposure. But that's just a guess.
Biting the hand that feeds IT © 1998–2019