Re: Why bother with 3D printing
Oh, come on. Most spiders can barely lift one of those cartridges, much less hold, aim, and fire the gun.
12299 publicly visible posts • joined 21 Dec 2007
The "too cheap to license Helvetica" canard is a myth.
IBM paid Monotype to supply fonts for a pair of typesetters, in the 3800 and 4250 lines. Monotype licensed Helvetica for the latter but created Arial for the former.
MIicrosoft subsequently paid Monotype a whole bunch of money to do further work on Arial. They could have easily licensed Helvetica with that budget.
Mind you, I think Helvetica is overrated – it's one of those geek touchstones heavily promoted by its fans but not objectively all that interesting (and, yes, I know about the damn movie) – and Arial is no more exciting.
I think the miniscule e's are significantly different. There's a substantial difference between Bierstadt's e, which almost doesn't have any opening at all, and the others; and Seaford's e is way too wide (like many of Seaford's glyphs).
I prefer Skeena, and I see nothing wrong with its g. Bierstadt is just boring, like most grotesques. Seaford and Tenorite are too damn wide, and Tenorite is like My First Typeface with its open g and closed a. Seriously, is it intended to be printed on lined paper? Will Microsoft make "pencil graphite" the default color?
And, as the TechCrunch article notes, the hinting for Tenorite is way off. It looks like it was kerned by ... well, by Word, but even worse than usual.
Ain't none of 'em Palatino.
Swindon's roundabout is no great shakes.
Massachusetts has been an innovator in traffic circles, or "rotaries" in the local argot, by US standards. Salem used to feature a large elliptical rotary with a parking lot in the center, so vehicles would be entering and exiting at both the periphery and the interior. East Longmeadow used to have a truly brilliant town center with five interconnected traffic circles in a glorious swooping maze of asphalt. Bell Circle on Route 1A in Boston's North Shore was (and may still be) a large rotary with a road cutting through it, controlled by traffic lights: it alternates between a traffic circle and a series of perpendicular intersections.
Kentucky, of course, is just barely past the horse-and-buggy stage. Wait'll they get their first diverging diamond.
(Diverging-diamond interchanges have become popular in Kansas, which, weirdly, is a leader in highway innovation in the US. Kansas had the first stretch of Interstate highway, for example. Presumably it's all designed so you can get through Kansas as quickly as possible, though to be honest if you're heading west on I-70 you'll just end up in eastern Colorado, which is worse. Imagine a vast expanse of nothing, then subtract.)
I've been working from home for almost a quarter-century, and I do just the opposite. I work at my job when that's what I'm in the mood to do. I make sure I'm available for a while in the morning when my colleagues in further-east timezones are about, and I'm on my scheduled calls; but if I want to take three or four hours in the middle of the afternoon to work on the house, that's what I do. Then I may work at the job in the evening when I'm not inclined to do physical labor.
As long as my work gets done, everyone's happy. It's easy for me to track the time I'm actually doing the job to make sure I'm putting in at least 40 hours (I enjoy my work, and often like to do more, particularly of R&D). I've never felt any desire to keep to a strict schedule.
In theory my colleagues could phone me if they needed me when I'm not around, but in practice that very rarely happens – only a few times a year.
or (as in the HashiCorp example) cryptographic certificates
Nope.
Certificates are attestations of identity that include a public key. They're public documents. Certificates don't get compromised.
What was compromised in the HashiCorp case was a gpg (OpenPGP) private key.
OpenPGP doesn't even really use certificates in its normal mode of operation – not X.509 certificates, at any rate. OpenPGP public keys are sometimes referred to as "certificates" (RFC 4880 acknowledges this usage), but it's informal at best and misleading since SSL/TLS has made X.509 the de facto digital-certificate format.
It shouldn't be part of CI/CD – at any rate, not part of the CI/CD pipeline – but it shouldn't be manual, either. Manual processes are difficult to perform consistently and to audit. Access to them is usually too broad, because humans aren't reliable. Repetitive processes, particularly those that involve security controls, are tiresome, and people will first stop being vigilant, and then actively try to circumvent safeguards.
A manual traditional (one-and-done) signing procedure might be safe if you only sign a few releases a year, but even then it's just a matter of time until someone screws it up.
Signing should be automated but invoked under human control, as part of promoting a build to release. Or it needs to be architected completely differently, e.g. using collaborative signing as in CHAINIAC.
Investigation and analysis are certainly welcome, but don't deceive yourself into thinking governments will ever cease this sort of thing. Now that they've done it successfully, they'll fight to the bitter end any attempt to constrain them; and even if people pushed through changes to restrict it, they'd just do it quietly.
I expect that even the most backwards company would get those systems offline in less than 24 hours.
Your optimism is adorable.
Also, of course, this proposal has technical issues, such as identifying infected machines and their owners; and legal ones, such as an unclear basis for threatening charges against companies (much less officers).
We have a vast body of experience with using regulatory regimes against private-sector offenders. I think it's the mechanism most likely to be broadly efficacious in improving IT security. But it's neither precise nor fast. There's no reason to believe it will be either of those things in this case. So "just enforce the law" is not a solution.
And like it or not, these sorts of actions by law enforcement will almost certainly continue. Now the government has a taste for it, they will be loathe to surrender the power.
That wouldn't significantly decrease the ransomware infection rate.
The economics are all wrong. Creating ransomware is inexpensive and has non-tangible returns such as intellectual curiosity and bragging rights. Deploying ransomware is nearly free; it's largely done by botnets and other automated systems. The success rate for ransomware attacks can be very, very low and still produce a positive return on investment.
Some victims will bypass any legal constraints in order to pay. Legal liability is a future risk; lack of access to data is a present risk. People overestimate present risks and underestimate future risks – that's why we continue to see stupid crimes with poor rate-of-return (such as bank robbery) being committed.
Consequently, attempts to cut off payment will not have much effect on ransomware attacks. They'll be no more effective than the War on Drugs (or, worse, the idiotic "War on Terror").
So do you want to know what the alternative for people like me out in the "sticks" currently is?
I'm in "the sticks" (at the Mountain Fastness). We don't get mail delivery or trash collection at the house. We're on well water and have a septic system. But we have fiber right to the home, because the electric co-operative ran it alongside the power lines on their poles.
It can be done. Just apply some regulation and shift the broadband subsidies to the power companies who actually roll it out. They already have most of the physical infrastructure in place, and they have to maintain their existing lines anyway. Defund the telcos who aren't running fiber to their rural customers – they've been feeding from this trough long enough.
Agreed. There are certainly some banking jobs that are more quickly, easily, and pleasantly accomplished by a visit to a branch and quick conversation with an officer. Particularly if, say, they involve getting some questions answered, or having some documents notarized, or proving identity.
And I wouldn't trust a banking phone app as far as I could throw it. There's a long, tiresome list of vulnerabilities in those things. They are not, in general, developed by teams who know what they're doing or care about secure development practices.
Are organisations legally permitted to monitor people in a public place in the USA?
In the US, there's a greatly reduced expectation of privacy in public spaces. So, generally, yes.
As the article mentioned, some local jurisdictions are constraining the use of some privacy-invading technologies. I'd be interested to see someone sue over this sort of thing in Illinois under their biometrics law, too, since facial recognition could certainly be construed as collecting biometric data.
Frankly, though, I don't know why most people would do retail banking with a large US bank. Most of the population has access to a decent Federal credit union (essentially a mutual bank) and/or a local bank. In Michigan we bank with an FCU that offers the same services, better terms, and much better service than any national bank I've ever dealt with, and in New Mexico with a local bank that has deep community roots and therefore a reputation to protect.
"... a quarter [25%] of voters' beliefs helped place them in the Remain camp."
Wouldn't that mean the religious types were more likely to vote Remain?
Actually, it appears to mean that people who voted Remain were influenced by 25% of their beliefs.
Frankly, the way this part of the article was written, I'd be very hesitant about drawing any conclusions whatsoever. I hope the actual study is clearer. Not that I can be bothered to read it.
(Oh, sorry, just remembered we were asked to rant in block capitals. THIS ARTICLE WAS MODERATELY INTERESTING AND I DIDN'T FIND IT VERY CONTROVERSIAL.)
Why have a slow database with a caching system to support it, when you can have a fast database that can respond in less than one millisecond under any transaction load?
Yes, because there are no imaginable criteria for a database rather than latency.
"Here's my hammer. Notice how every problem is a nail?"
The Redis team should be interested in my new NoSQL database, 14base. While it doesn't guarantee the correct answer, unless that answer is "14", it is exceedingly fast. It uses a proprietary search function which returns "14" in response to all queries.
Agreed – Proctorio is a horrible product from a horrible company. There have been numerous exposés and papers pointing out how invasive and ableist it is.
As someone who attended Miami, I'm very unhappy (though not surprised) to see they're using it.
Look, every business blessed by the golden hand of the Donald has been wildly successful. They just need to tweak things a bit.
Personally, I'm rather chuffed about the Foxconn plant, since it led to Walker's downfall. That dude needed to go.
I just want something that's easy to use, does NOT look "all 2D FLATTY FLATSO", doesn't require excessive "mousie clickie" operations that mean removing my fingers from home row a BOZILLIAN TIMES to get ANYTHING done, and so on.
I use an IDE that incorporates my preferred editor, build toolchain, debugger, and other tools as first-class components. It's called "bash". On Windows, I run it under Cygwin (because I'd been doing that long before WSU morphed into WSL). Lightweight, fast, extremely scriptable, no stupid eye candy, no mysterious black boxes to get in the way of doing work.
I've never yet seen an IDE with the power and transparency of the shell and a set of dedicated-purpose tools.
The university's apparent belief that research can only be unethical if it involves human subjects is just plain wrong.
That appearance is what's "just plain wrong". HSR (human-subjects research) is only one of the concerns of the IRB at any accredited US university. I haven't read the paper to find the authors' verbatim statement about IRB review, but it sounds like they don't understand it either.
They may have misled the IRB; the IRB panel at Minnesota which reviewed this project may not have been very good. But IRBs are not solely concerned with HSR.
Since Cellebrite could have closed most of the holes in the first place by keeping their third-party components up to date and employing decent development practices, this is rather a stretch. And their users will have to upgrade their Cellebrite software to get the fixes.
The mere possibility taints all evidence gathered using Cellebrite.
In theory, perhaps. In practice US courts at least have routinely accepted evidence and "expert" testimony on much shakier grounds, and judges often refuse to allow counter-testimony challenging forensic evidence.
We see this very frequently with malware (and Cellebrite's products are malware, regardless of whom they sell them to).
Malvuln has been running a series on the Full Disclosure list of exploitable vulnerabilities found in malware samples. Typically this stuff is poorly written and, as Marlinspike wrote, uses outdated components. Malware tends to be created by developers who specialize in finding vulnerabilities, exploiting them, and chaining the exploits; they often have abysmal software-development practices.
Never found "colophon" useful? How do you talk about them then? I mean, it may not come up as often as indicia, but surely at least once or twice a week.
Why, I don't know how many times I've invited a young lady up to see some colophons.
Sometimes owners of books will add their own colophons. No doubt you remember one such forms a plot point early in Ransome's Missee Lee.
Demanding that facial recognition tech isn't used until it's perfect is totally reasonable as humans have never mis-identified another human resulting in wrongful arest of conviction.
"Our current system is badly flawed, so let's also use this other badly-flawed system!" And, hey, this one is faster, so we can get a lot more crap results to justify our dangerous violations of civil rights.
I see you were able to find a couple dozen more technophiles to buy into your tu quoque, though. Well, critical thinking is hard.
Younger man with very short hair and mustache = very likely homosexual
Based on the appearance of the students in the last couple of college courses I taught, I'd say that's statistically unlikely.
Of course, much of this thread has been wild, unsupportable generalizations about appearance. What else is new?
Very few men have long hair
Clearly you don't live anywhere near the Mountain Fastness. I'd guess around 15%-20% of the adult male population around here has long hair. It's so unremarkable most people don't even notice.
Worldwide, maybe the proportion is small enough to merit "very few", but I certainly wouldn't want to put money on that.
Twitter doesn't have a monopoly; there are a great many channels for expression, public and private.
And Twitter isn't abusing anything. Freedom of the press belongs to the press.
Honestly, there's nothing sadder than butthurt right-wingers bitching about "cancel culture" and people being kicked of Twitter. Leaving Twitter, voluntarily or otherwise, has never harmed anyone's ability to communicate with any audience that's actually interested. If part of your audience is too damn lazy to seek you out elsewhere, that's not Twitter's problem.
I don't know. The whole exercise is so pointless and pathetic that few people might even bother to attack it.
Then again, it's probably built from misconfigured open-source components that are vulnerable to automated attacks by botnets, so it may just be killed by computer before any competent human attacker gets to it.
Because everyone always runs the latest software, of course.
And, no, it wouldn't be a sound idea, because there's an excellent chance that you'll continually be playing catch-up as you tweak your exploit for new releases, which come out frequently. Get the research done and get it out so people can build on it.