* Posts by Donn Bly

444 publicly visible posts • joined 10 Jan 2008

Page:

The end of classic Outlook for Windows is coming. Are you ready?

Donn Bly

Re: Re:2FA

Exactly. He said that the SMS 2FA is regarded as insecure and that should be more to blame than IMAP. SMP 2FA is insecure because of things such as SIM cloning, which was admitted to have occurred in this case. Reading comprehension is a two-way street

Donn Bly

Re: I need classic outlook

And just how do you intend to archive IMAP into a local folder, which is really a PST file and the new outlook has no PST support?

Broadcom boss Hock Tan acknowledges 'some unease' among VMware community

Donn Bly

Yes, and it says a lot when Microsoft is the lesser of two evils

HP's CEO spells it out: You're a 'bad investment' if you don't buy HP supplies

Donn Bly

Re: You can embed viruses into cartridges

Buy a laser, and your print quality will be even better and your cost per page much less. THAT is the most reliable and best value.

What's the golden age of online services? Well, now doesn't suck

Donn Bly

Re: 2:254/86.1

1:236/7.0 - It has been years since I have even thought of my FidoNet days.

'Return to Office' declared dead

Donn Bly

Re: A sizeable chuck of my income comes from rent of the building that my company rents from me.

I didn't write the rules, I just have to play by them.

Besides, My company is not the only tenant. Why should my company, which does IT work, own the building and be a landlord to some other company? Plus, if I sell off the IT company and retire, I still have the buildings and the rental income from them - as I have more than one commercial building. Those buildings are my retirement fund, and to still generate passive income from them means that I don't need to draw as much from other investments when I retire.

Donn Bly

Re: There it is

Of course they do. A sizeable chuck of my income comes from rent of the building that my company rents from me. It is a very good way to structure the income (active vs passive) and if I wasn't paying myself then I would just have to be paying someone else.

That said, I work from home too, only going in to get the mail and do the small part of maintenance to the server room that can't be done remotely.

BOFH: Adventures in overenthusiastic automation

Donn Bly

Re: Robots

Our mail robot (circa early 1980's) followed a chemical trail in the carpet. We also used removable carpet squares. So to show displeasure with management, swapping the tile that had the "stop" signal from in front of the department secretary's desk and putting it just past the boss's door so that it would stop and block him in had been known to happen a time or two. For the more ambitious, swapping a line of carpet tiles so that it followed a route into someone's cubical and stop had also been known to happen.

Watermarking AI images to fight misinfo and deepfakes may be pretty pointless

Donn Bly

Re: A stupid idea

Sure, you an cryptographically sign a watermark. All that would mean is that you could establish that the image was watermarked by a specific entity, at a specific time and place. Like an SSL Certificate, you would rely on the authority and reputation of the signer. But there isn't just one entity that would be doing the signing, or even dozens. Because of the proliferation of technology you have MILLIONS of potential generators, thus millions of potential signers. Relying on a cryptographically signed watermark would be like relying on a self-signed certificate - it would prove that it is watermarked but would NOT prove whether the source was legitimate, or whether the source was AI generated.

if you can inject a detectable watermark, then I can build something that would detect it. If I can detect it, then I can make subtle changes to the source to corrupt, obscure, or entirely remove that watermark to the point where it is not detectable. That completely negates the idea that an image without a watermark wasn't generated by AI. Even a visible watermark like you would have on the comp images from any stock photography outlet can be obscured so that you don't know the source of the image. Invisible watermarks are even easier.

Conversely, I can take an existing image and watermark it. As mentioned above, you have millions of potential generators and signers. My camera doesn't watermark the images, so the existence of a watermark or lack thereof on an image I publish does not in any way change the underlying fact as to whether or not my original photo was created by me. A watermark just attests to the claim of whomever is signing it.

Lost your luggage? That's nothing – we just lost your whole flight!

Donn Bly

Re: This one command you must not enter

Reminds me of the time when I was trying to explain the difference between mapped and physical drives, and how some things didn't work quite the same, to a client who thought that he knew more than the Novell consultant (me) he hired. So I typed "format f: /y" and pressed enter to demonstrate the point and he nearly had a heart attack. Nearly 30 years later, he is still a client.

If you like to play along with the illusion of privacy, smart devices are a dumb idea

Donn Bly

Android Location Permission

From my understanding of the permission structure, access to Bluetooth and WiFi under Andriod version 8 thru 11 and is lumped into the location permission - something that was changed under Android 12 and later. Of course it should never have been put there in the first place, but that isn't the fault of the app developer. For these researchers to state that they have "no idea" why an app that has to use Bluetooth or WiFi to search for devices might request or require location permissions shows a lack of understanding profound enough that it undermines the credibility of the rest of their research.

Bombshell biography: Fearing nuclear war, Musk blocked Starlink to stymie Ukraine attack on Russia

Donn Bly

I am still trying to figure out how a starlink signal would even REACH a submersible drone traveling underwater. It isn't as though 11 or 40 GHz have much penetration in water.

Beware the techie who takes things literally

Donn Bly

Re: RS232 and DOS

But it couldn't handle the FIFO buffer of the 16550 UART unless you used a FOSSIL driver, and if you used a FOSSIL driver you could use BASIC, or Pascal, or C, or whatever you wanted.... Ah the amount of things that we went through in the old days - back then I ran a FidoNet Node, and I still shudder on how much I spent on hardware.

Tesla to disable 'self-driving' feature that allowed vehicles to roll past stop signs at junctions

Donn Bly
Joke

Re: Not a "bug"

This kind of "feature" is when you use machine learning to analyze the actions of human drivers and emulate them. If they want to make the car behave more like a human driver, then it is going to mimic the bad behaviors as well as the good.

I am waiting for the "feature" when the car starts telling off any police officer that pulls it over that "I pay your salary with my taxes"

In a first, FTC extracts millions of dollars from online store accused of blocking bad reviews on its website

Donn Bly

Re: Settle

People and companies do it (settle without admitting liability) all of the time because it often costs more to prove that you are in the right than it is to defend yourself against the accusation.

Have you ever had a traffic ticket and entered into a ticket deferment program, even though you felt that you weren't guilty? I know that I have, because if you use the ticket deferment program you don't end up with points against your license AND you don't have to take days off of work, hire a lawyer, etc. It is cheaper to pay the ticket than it is to defend yourself against it.

On the civil side, you see it all of the time in copyright and trademark infringement cases. In employment law or consumer liability, it is often cheaper just to pay them to go away than it is to pay lawyers to fight it - because you have to pay your own legal fees even if you win.

I have been on the receiving side of this kind of thing too, where their lawyer walks in and asks "what will it take to make this go away, he has $50K in E & O insurance." I told my lawyer to take the money and walk away, because I was made whole even if they didn't admit that they did wrong.

4 Million sounds like a lot of money, but a lot of it depends on how much insurance they have.

Electrocution? All part of the service, sir!

Donn Bly

Re: "The power lead approached the PC..."

From my research for a client, there is at least ONE country that has BOTH 120 and 240 and uses different plugs to differentiate.

It surprises me that it isn't more common, as having both 120 and 240 in the same room is quite common in about every residential kitchen and most laundry rooms in the USA and Canada. However, while we have both voltages the plugs for each are significantly different in design and not likely to be confused -- other than the NEMA 6-15 but that plug/outlet style is not common at all outside of industrial applications and I have NEVER seen one in a residence or office setting.

Ohio Attorney General asks courts to declare Google a public utility

Donn Bly

Re: Google does have problems....

I have NEVER seen google open anything in a new window from a search result. The behavior you describe sound more like you have adware or malware on your computer that is intercepting your search queries. I highly suggest running a scan with a reputable scanner, disabling unused plugins, etc.

Supreme Court narrows Computer Fraud and Abuse Act: Misusing access not quite the same as breaking in

Donn Bly

While it is great that the court narrowed the law, and it is great that members of Congress are talking about it and praising it -- both we and congress need to remember that it is the responsibility of CONGRESS to fix this, not the courts, and that it was CONGRESS that created the problem.

Help wanted, work from anywhere ... except if you're located in Colorado

Donn Bly

Re: I want to know the salary rang

You have made the faulty assumption that you are paid, or should be paid, according to your worth to the company.

Lets turn this around and you are doing the hiring, looking for someone to do work for you (paint your house, fix your driveway, whatever). You put together the requirements and you have a general idea what you are willing to pay, but you don't necessarily tell the prospective bidders what that amount would be.

You may interview multiple people or companies, and receive several bids. In the end, you accept the lowest bid that covers all of your requirements, or you adjust your requirements in order to get something that falls within your budget.

Nobody thinks that doing this is "unfair", they see it as getting the best value for the money and not overpaying -- yet somehow when those roles are reversed they complain.

The reality is that the job is only worth what the lowest bidder is willing to take. It is the same process whether you are the job applicant, the company hiring for a new position, or the company selling its services to another.

Cisco intros desktop switches, one with USB-C to power your laptop

Donn Bly

New product? Hardly.

Years (decades) ago 3Com had small POE-powered switches that you could duct mount. Nobody bought them because it was cheaper and better just to run more cable.

Feature-wise, how are these products any better than the small switches that I currently use that have SFP ports as well as RJ45? Now, if it had SFP+ ports then I could see it, for those use cases I currently use some Ubiquiti switches like the Pro 24 and would love to have smaller, quieter options.

Compsci guru wants 'right to be forgotten' for old email, urges Google and friends to expire, reveal crypto-keys

Donn Bly

Accountability

<quote>

If Google were to publish its DKIM keys after a certain period of time, then messages signed with those decommissioned keys could no longer be convincingly tied to a given author.

</quote>

If the keys were published, then I could forge a DKIM-signed message. Somehow, I don't think that criminals having the new ability to perfectly forge messages that they didn't have before is going to seriously DECREASE crime.

What Green wants to do is reduce or eliminate accountability. We need to increase accountability in communications, and society in general, not reduce it.

HP: That print-free-for-life deal we promised you? Well, now it's pay-per-month to continue using your printer ink

Donn Bly

Re: Lawyers not allowed in small claims court

In the vast majority of jurisdictions in the United States lawyers are allowed in small claims court, but the winning party cannot claim legal fees so it often is not cost-effective to do so.

You have a constitutional right to legal representation in a criminal case, but not a civil case - but that does not mean that you can be denied access to legal resources if you are willing to pay for it on your own.

From what I can tell, only California, Michigan, and Nebraska can require you to appear on your own, everywhere else your lawyer can handle it. I can tell you that here in Indiana every time I have had to sue a company in small claims court they showed up with their own attorney.

Right to repair? At least you still have the right to despair: Camera modules cannot be swapped on the iPhone 12

Donn Bly

Re: That's what you get

However, the lens and the image sensor are a single module on the iPhone and just about every other smartphone, and have previously been user-replaceable. I've replaced them in the past because of scratches on the lens, etc. With this model, the camera continues to be PHYSICALLY replaceable, but they have locked it up electronically.

The fact that they are making such things non-replaceable is just to enforce their monopoly over service parts and repair, to make it so that you have to buy a new phone instead of repairing an existing one.

It is no different than buying a car and then being told you can never replace the headlamps or windshield, and if one breaks you have to recycle the car and buy a new one, or take it to a factory-authorized repair center and then they can decide whether they want to bother repairing it or not.

The engineer lurking behind the curtain: Musical monitors on a meagre IT budget

Donn Bly

Re: All Hail.....

Because some applications were timing dependent on the 4.77 Mhz and literally ran too fast to function properly on the faster machines, especially a lot of early games.

IT Marie Kondo asks: Does this noisy PC spark joy? Alas, no. So under the desk it goes

Donn Bly

Re: Location location location

In case anyone forgets https://www.youtube.com/watch?v=5IlI2Myf1J8

Selling hardware on a pay-per-use or subscription model is a 'lie' created by marketing bods

Donn Bly

CapEx vs OpEx

I personally prefer to reduce operational expenses through strategic capital expenditures, however, there are often very good reasons for the reverse - at least in the eyes of the beancounters (and shareholders) - and it comes down to taxes.

If I buy a machine as a capital expense I have to pay property taxes on it every year until it is amortized off of the books, and often it is on the books longer than it has a useful life.

If I expense the equipment as a service, not only do I avoid property taxes on it but I can use pre-tax money to pay the bill. Couple that with not having to pay taxes on it after its useful life and the total cost of ownership may actually be lower.

The loser is the local government in the form of property tax income (since the company "servicing" me pays the property tax in their jurisdiction and not mine) but the government is the one who makes the rules, the rest of us just have to play by them.

There ain't no problem that can't be solved with the help of American horsepower – even yanking on a coax cable

Donn Bly

Re: Never work with children or animals?

I used to use a practice rubber baseball that had a hole drilled through it with an eyebolt to which I would tie a pull string. It was the PERFECT size and weight to throw somewhat accurately.

She was praised by the CEO and promoted. After her brother and mom died, she returned from compassionate leave. IBM laid her off

Donn Bly

Capitalism hasn't existed that much longer than 200 years

Someone REALLY doesn't know their history very well.

<quote>

Although the continuous development of capitalism as a system dates only from the 16th century, antecedents of capitalist institutions existed in the ancient world, and flourishing pockets of capitalism were present during the later European Middle Ages.

</quote>

source: https://www.britannica.com/topic/capitalism

Techie studied ancient ways of iSeries machine, saved day when user unleashed eldritch powers, got £50 gift voucher

Donn Bly

Re: However, he also got a reputation...

Only after the entitled parents leave

Donn Bly

Re: What do you get given .....

In my experience they take away your shovel, give it to someone else, and expect you to use your hands.

Oh what a feeling: New Toyotas will upload data to AWS to help create custom insurance premiums based on driver behaviour

Donn Bly

Re: It communicates the vehicle's exact location to emergency services

In order to know exact location in order to be able to transmit immediately when there is an accident, it must be active BEFORE the accident. Not every location has unobstructed views of positioning satellites, and even there were who is to say that the antennas wouldn't be damaged in a collision?

No, in order for the system to work it has to be active all of the time, updating location inside of a physically hardened "black box" type of container, so that it can be immediately retrieved and transmitted on demand.

Ever wonder how a pentest turns into felony charges? Coalfire duo explain Iowa courthouse arrest debacle

Donn Bly

Re: Authority to hire services

The powers granted to the counties were (and remain) whatever the state says, and the states can change that at any time

Actually, you will find that once authority is delegated it is not so easily withdrawn, and states CANNOT just change it at any time. The same principle exists between the states and the Federal government.

In the United States the power trickles from the bottom up, not from the top down, and the power of county officials over certain things, such as county buildings and infrastructure, is almost absolute. The State's control in those areas is pretty limited, and then usually by controlling how much in the way of tax dollars flows back into the county. It would usually require a subpoena for the state to reassert control.

Wrap it before you tap it? No, say Linux developers: 'GPL condom' for Nvidia driver is laughed out of the kernel

Donn Bly

Re: NVidia has the money and manpower

Anyone selling to the Linux market is making use of the labors of the kernel devs, the distribution maintainers, and everyone who is going to the effort of maintaining a Linux box. There is a price to be paid for the use of these efforts. Pay it, or stay away.

No, the END-USER is making use of those labors, not the person selling into that market.

To compare this to another common industry -- If I develop a new accessory for an automobile I'm not "making use of the labors" of the engineers and companies that made those automobiles as much as I am making something that compliments them. There is no reason why I should be forced to pay a licensing fee to Ford or Chrysler just so that the end-user can plug something into the cigarette lighter.

You call Verizon. A Google bot answers. You demand a human. The human is told what to say by the bot

Donn Bly

Robotic Overlords?

Is this one of the first documented and verifiable accounts of our robotic overlords in action? If we don't bow them, they just put us through to a human slave that does their bidding, taking their instructions in real-time?

You've accused Apple of patent infringement. You want to probe the iOS source in a closed-room environment. What to do in a pandemic?

Donn Bly

Why not use a screen and wireless keyboard?

1) It is trivial for me to install an HDMI recorder between a PC and a monitor

2) I can monitor wireless communications, including keystrokes, outside of the viewing area

ServiceNow slammed for 'tone deaf' letter telling customers contracts can't be tweaked as COVID-19 batters businesses

Donn Bly

A contract is a contract, not a suggestion

The problem we have here is that a contract is just that, a CONTRACT. A legally binding agreement, jointly entered, voluntarily, for the benefit of both parties. You don't just get to go in and change the terms whenever you like, no matter what the outside situation. You wouldn't like it if a service on which you depended said "Nope, I know we agreed to that price but we can't make enough profit at that price so we aren't going to honor the agreement". It goes both ways.

Most contracts have a "Force Majure" clause, and Covid should be enough to trigger it. If you signed the agreement without one, well, the onus is on you. (And, from the sounds of it, anybody who signed with them apparently deserves what they got. You signed a contract for crap service, you got the crap service for which you signed)

It is right to take up contract modifications on a case-by-case basis, it is not right to unilaterally change the contracts across the board unless every contract is canceled using an existing provision and then a new one signed with different conditions. Hopefully, all of this makes people more cognizant of the contracts that they sign and hold their future vendors to a higher standard.

No Wiggle room: Two weeks after angry bike shop customers report mystery orders on their accounts, firm confirms payment cards delinked

Donn Bly

Password Reuse? How about defense-in-depth?

All indications are that this was a "password re-use attack". It would be very interesting to see if a post-mortem can tie a high percentage of these accounts to one or more of the recent password dumps -- or even an old one such as Linked In.

However, we need to start demanding more defense-in-depth when it comes to e-commerce sites. Banning the storage of credit card details would be the most secure, but would not be consumer-friendly (think monthly subscriptions or sites where orders are placed frequently) so we need to find a middle ground.

I would start by requiring informed consent from the cardholder before allowing card information to retained for future purchases - something like a totally separate opt-in page and not just an opt-in or out-out checkbox on a shopping cart. This should be followed up with requiring multi-factor authentication before using any retained credit card information and/or requiring that any orders placed with a stored credit card are only shipped to the billing address.

The technology is already there, and multi-factor doesn't mean you have to use an authenticator app -- it could be something as simple as sending an email to a pre-registered email address with instructions and a pin # to release the order.

This doesn't even require legislation - all the payment processing companies have to do is put it in their contracts and ENFORCE it, holding the store owners financially responsible for any suspected fraud that occurs without following the contracted requirements. That way at least consumers have protection, and the protections would be consistent across government jurisdictions.

It is unclear why something designed to pump fuel into a car needs an ad-spewing computer strapped to it, but here we are

Donn Bly

The typical high school or college kid won't voluntarily read a chapter book, but will stay glued to any digital screen within viewing range. As such, the screens are more effective than paper and cardboard.

Add in that the signage can be updated remotely so that you don't pay someone to drive around and deliver and set up signage, and that the ad agency can sell more, different ads into the same space, and the cost-return probably isn't too hard to justify.

Does a .com suffix make a trademark? The US Supreme Court will decide as Booking marks its legal spot

Donn Bly

Trademarking an address

I would take issue with the PTO explanation on a trademarking an address in "that a street address really only conveys a physical address and nothing bigger". "1 Park Lane" may be part of an identification of a physical location, but every city could have a "1 Park Lane" and only one of them should be able to get a trademark. Domain names aren't like that.

While I can understand Booking.com wanting a trademark so that they could go after people who are using their name in trade and implying endorsement without their permission - what happens when someone trademarks a domain but then lets the domain expire. Should the next person who registers it be unable to use it because the previous owner trademarked it, even though the mark holder no longer owns it?

I'm doing this to stop humans ripping off brilliant ideas by computers and aliens, says guy unsuccessfully filing patents 'invented' by his AI

Donn Bly
Pint

Re: Plus ca change

"it's an interesting topic to discuss over a pint or six"

Sure, you buying?

A paper clip, a spool of phone wire and a recalcitrant RS-232 line: Going MacGyver in the wonderful world of hotel IT

Donn Bly

Re: Proper lash up

Nothing is more permanent than a temporary solution THAT WORKS

Google tests hiding Chrome extension icons by default, developers definitely not amused by the change

Donn Bly

Re: When will they learn?

Where are the greener pastures you ask? Well, Edge has now overtaken Firefox in market share, and runs the same rendering engine as Chrome. Right now that field is looking pretty attractive.

Instagram, YouTube 'iron man' marketer first to be nabbed by Feds cracking down on fake coronavirus web cures

Donn Bly

He should be given the opportunity to demonstrate it

He should be given the opportunity to demonstrate the immunity effects of his "cure". I propose washing him down in the spittle of the critically ill patients, then placed in public observation in a glass box where he and his vital signs are live-streamed to the world. Immagine the deterrent effects, especially if there are empty glass holding cells right next to him visible on the stream.

Surge in home working highlights Microsoft licensing issue: If you are not on subscription, working remotely is a premium feature

Donn Bly

Re: For a minute...

I just thought that someone forgot to switch over to their sock puppet account....

Yelp finally gets its chance to tell US Congress how Google screws its listings service every minute of every day

Donn Bly

Re: Yelp

Yelp is trying to compete with Google, not in level service but in the level of evil. People should watch the documentary "Billion Dollar Bully" for a better understanding.

I have personally documented them engage in deceptive practices in order to get my business to put in a credit card. I have watched positive reviews disappear from friend's businesses when they refused to pay for ads, and I have watched negative reviews disappear when they did.

Louis Rossman has also done a series of youtube videos documenting his experiences. Very enlightening if you are considering doing business with them.

It says a lot if Google is the LESSER of two evils.

Never thought we'd write this headline: Under Siege Steven Seagal is not Above The Law, must fork out $314,000 after boosting crypto-coin biz

Donn Bly

Celebrity Endorsements

While I don't have a problem with the fine (do the crime - do the time) my problem is with the premise that disclosure in a case like this would have made any difference.

Any individual who invests in something like this who DOESN'T assume that a celebrity endorsing it is receiving compensation is already too stupid for the lack of disclosure to have an impact on their decision process. It doesn't matter whether the amount of compensation is $100 or $1 Million.

Steve Jobs, executives shot down top Apple engineers' plea to design their own server CPU – latest twist in legal battle over chip upstart Nuvia

Donn Bly

Re: CPUs? Apple stopped making servers even though there was a demand

There probably isn't a huge benefit to using their own CPUs for their cloud - sure they would be cheaper but now that AMD is competitive Intel is being forced to drop their server CPU pricing so the delta is smaller than it was a couple years ago.

Given current server CPU chip shortages, I wouldn't be so sure about that. Once burned, Apple likes to own their supply chain.

You'll never select all and mark as read again after this tale of peril... Oh, who are we kidding? Of course you will

Donn Bly

Re: and it was said to rip the keys from your trousers.

The keys generally aren't, but the key RINGS often are.

Windows 7 will not go gentle into that good night: Ageing OS refuses to shut down

Donn Bly

Re: This sort of issue is not thought about

The point is that they can't upgrade the distribution because the newer distributions don't support their software. They are just as locked in as anybody else who is using old, unsupported software for business-critical applications, and as such are in the same boat as anybody else using proprietary software. Linux doesn't fix that.

Until they "discover" the budget to fix the problem, the systems will remain in production and they will rely on the archival backups to get them back up and running should the entire house of cards fall down around them. At least in this case the backups and recovery procedures have been tested, most companies in this situation can't even say that.

Donn Bly

Re: This sort of issue is not thought about

They can still run it for as long as they want, just that it becomes more dangerous to do so. Much like the Internet-facing Ubuntu 12 servers running Tomcat that one of my former clients still hasn't found the budget to replace.

Page: