Re: Contractor rights
my gaming PC popped up with a "windows needs to be activated" watermark much to my displeasure. Hopefully it goes away in a day or 2, but it is certainly not the end of the world.
75 posts • joined 24 Nov 2011
my gaming PC popped up with a "windows needs to be activated" watermark much to my displeasure. Hopefully it goes away in a day or 2, but it is certainly not the end of the world.
why don't we stop writing code in languages that make it easy to screw up so easily like this?
There are plenty about nowadays, I'd rather my DHCP client be a little bit slower at processing packets if I had more confidence it would not process then incorrectly and execute code hidden in said packets...
Its very hard to apply these wide sweeping policies. "Third party" cookies are not all bad. My company builds software which our clients embed in their site. That makes it hard for us to place cookies on the users browser, even though we have every right to be there, we have permission to do so as the user has agreed to cookies on the site, which we are a integral part of. We have workarounds in place, but its worrying that totally legitimate cookies are being dropped due to ever moving policies.
I just installed this in a VM. I'm impressed for several reasons.
1. It works, it works really well
2. The sheer amount of effort involved to do this is astronomical
3. They didn't give up in 22 years. Its basically redundant before its reached beta. There might be some uses for it, I guess. I liked windows 2000 more than I like anything released after, but there is no mass market for going back to it.
My hat tips in the direction of the developers who have worked on this. Its a massive achievement.
Thanks for the story. I'm sorry it happened to you and I'm glad you shared it. Really hits home.
My brother had a battery vent out of his own stupidity, his battery wrap was coming lose so he ripped it off and tried to use the battery. Which is obviously a stupid idea. He managed to throw it outside luckily and no harm was done. Now he has far more respect and knowledge, luckily.
He really had no idea about battery safety at all, which is worrying given the amount of readily available information.
I inspect my batteries regularly, change the cardboard circle on top and rewrap them when they're damaged. It costs about £3 for 25 sticky-back cardboard circles and £5 for about 20m of battery wrap, which will probably last me forever.
As much as I hate articles like this making out like my hobby (I guess you can call it that? I barely have any nicotine now, 1.5mg) is terribly dangerous, it might open people's eyes a bit that an 18650 battery isn't a toy and that they need proper maintenance and thought when handling.
Just reminded me of the guy who kept them loose in his pocket along with keys and coins. That didn't work out too well either.
That may be because when you smoke and people tell you its really bad for you and you're probably going to die, they're actually repeating scientifically verified facts. So you can't really get defensive can you?
Its slightly different when people are repeating bad things about vaping that they read in The Sun, who got it from a research paper "sponsored" by a tobacco company, that got shot down with real science almost instantly.
I do find it hard to believe that not sharing some information with an anti-virus company can be considered a criminal offence. It doesn't make what they were doing illegal. They were providing a service that others provide, but with the ability to keep things anonymous, as someone else stated, you might be testing proprietary software and not want an analysis of it shared with security researchers, if it flagged up a false positive.
I'm not saying they weren't in business to help malware authors, but I'm sure it was all written in a way that made it look legit, they didn't call it test-your-malware.com. Which brings it down to, they didn't do anything to stop criminals using their service. But then, there are many services used by criminals, WhatsApp isn't called TerroristSafeChat, they don't actively stop criminals using it, because its encrypted, they can't see who is talking about what, so can't do anything about it.
Just seems a bit of a stretch to me.
The whole extradition thing is crazy. Jurisdiction is such a grey area now the internet is a thing.
Such hate. I haven't developed for windows in years but I have read with interest all the stuff about .NET core and things - all moving in a good direction, seems positive.
To say that .NET is a shit copy of Java is a bit harsh..
Saying everything should be developed natively is far too optimistic in this day when everyone wants the same app on their PC (windows), their laptop (mac), their phone (android) and their TV (WebOS or whatever). No company wants to develop the same app in different ways many times and support them all individually. Attempts at cross platform frameworks are not perfect by any means, but they're better than the alternative.
You'd think with the cost of building, launching and controlling Galileo, when they had the data, they'd spend the time and resource analysing it properly... surely that cost is a drop in the ocean compared to the initial outlay..
Baking in encryption does not mean something is secure. Who'd have thought?
Thats long term hopes and dreams, not the current situation. It would be awesome if all companies in the country were to pay everyone more, train people up, etc. I can't see it happening though. No business looks that far ahead these days.
You're right of course. People keep cash in reserve for many reasons including when they want to pay themselves while sick. Permanent staff don't. Keeping cash in reserve is still removing it from your "take home pay" at some point.
Good catch/nitpicking! Doesn't invalidate any of the points made though.
That isn't the entire pay though is it, that is for tax purposes (fully legal ones, if you could take part of your salary in another legal way and pay a bit less tax, you'd do it right?).
Lets use the monthly take home pay after all the taxes and compare that to a permanent employee. If a contractor has a day off sick, it will decrease. As a permanent employee, it will not.
You don't really get £1000 a day tough do you, taking off the 20% corporation tax, thats already less than 3 times than the example permanent person is earning per day. Then take off all the other taxes, insurances, personal pension contributions and loss of money for sick days I can't be arsed to work out. You'll arrive at a very similar number, with far more hassle and less security.
In my area of tech, the contractor average is around £400 a day, as a guestimate. I've contracted in the past for between £375 and £500 a day for around 3 years. Its truly difficult to quantify as a simple salary what you earn as a contractor but I can tell you I'm permanent now (and have been for over 3 years) and its a lot less hassle for probably £10-15k a year more after all is said and done and that was all outside IR35. I can switch jobs and get £10-15k more as a permanent employee, so what does it matter?
I think all the permanent employees who feel jealous toward contractors need to try it. It was a good experience and now I can see the argument from both sides. I'd do it again but it is my opinion that it isn't worth it any more. Which is fine - I went perm. I haven't bitched about it. I like my perm job too.
Contractors are often required by employers for whatever reasons. Now there are far fewer, or they cost far more. It isn't the contractors or ex-contractors that are really losing out here, is it?
Why is this news? There are many linters. This one isn't special, other than being created by a company thats generally in the news for other reasons.
Hooking these calls in other processes is something that would require admin privileges, and if its against a built-in app (explorer, etc), would have to disable something (can't remember what its called) to work still... Chances are, if you're that far in, you don't need to get around defender any more
He spent how long getting this working? All in the name of reducing distractions so he can get on with his job...
Its getting better. Evolution is happening. It has its quirks like every language, but its definitely getting better.
I don't know about MongoDB, haven't used it extensively. ES on the other hand seems to do a very good job of cluster management and is pretty performant. The query syntax makes my eyes (and brain) bleed though.
Yes, I was also confused. You shouldn't be able to get remote code execution from an unsecured ES instance. If so, it needs to be patched - maybe the 2 versions mentioned are ones that have a vulnerability, but that also sounds weird - why would AWS lock you in to a vulnerable version of a piece of software?
When I tried out a mongoDB and ES, working through the getting started guide and seeing the "we don't provide HTTP authentication, thats not our job, put as behind a reverse proxy" My immediate thought was that at some point, someone is going to scan for all unsecured instances and steal a lot of data. Why didn't mongoDB or ES see that coming?! If they used the "do one thing and do it well" philosophy to decide not to include authentication, their definition of "one thing" is not big enough. Storing data is part of the job, another part is making sure nobody can steal it.
Youtube has a lot of learning material. People don't just watch cat videos. Some people use it as a tool to better themselves.
So.... there is no data security, if the production credentials are in a dev guide...
So.... there are no backups of production data...
So.... they let a junior developer who is totally new to their system set up it up on their own...
We all mess up once in a while. That is why we do things in such a way that its really damn hard to do things like this, without knowing what you are doing.
Sure at my company I can connect to our production system, and in theory could wipe it, if I wanted to. It would have to be very very deliberate. If it did happen, we have several layers of backup we can fall back on to. Fortunately it has never happened.
If something like this can happen so easily by accident, it is not the junior developers fault, it is the CTO for not ensuring that the systems are built with consideration for such things.
Hopefully the CTO gets fired. He deserves it. I'd like to say the junior dev could file for wrongful dismissal, but try explaining the above to a judge who has no idea how to computer. It'd be a waste of everyones time.
Even if Bixby was amazingly clever, I still wouldn't use it. My Bixby button switches to the most recently used app, good for switching between 2 things. That is far more useful than a voice assistant (even a good one).
After playing a fair bit with BMW computer systems, the key thing I noticed that I thought made it robust and easy to swap parts in and out was the fact that pretty much everything has its own individual computing module, which communicates with everything else via a network of some kind (CAN, Ethernet, Fibre for media stuff). This means if one module breaks, AC for instance, your airbags still work..
Putting everything in 1 module with containers sounds like half way to disaster. Sure if 1 container goes wrong, it can probably be easily restarted or fixed or whatever, but sounds like when something worse happens, the whole car will be useless until you buy a new computer for it..
So, erm, I'm going to say it first.. This is why government organisations shouldn't hoard vulnerabilities. They will get leaked and they will get used by others who are less trustworthy (grey area..). If you find a vulnerability and don't want to be a part of breaking the internets, please submit it in privacy to the vendor.
NEWS FLASH: Doing more uses more energy
I love reading stuff like this, absolutely fascinating. When will manufacturers of devices that are accessible over any kind of network (routers, ip cameras, clever cars, washing machines..) realise that they must do it responsibly or it will ruin their reputation and in the worst case, cause safety issues (cars crashing) or global internet fails (ip camera botnets)
I suspect a consultancy headed by these guys is the next step. Will manufacturers just continue to bury their head in the sand and continue to hope nobody looks to hard at their systems though?
The only way to be confident in your backup plan is to have tests to make sure its working.
If you backup nightly, you could automate grabbing the latest backup, restoring it to a throw away instance, ensuring that it completed properly by checking record counts in various tables. You could run that every other day. Or better yet, once your backup process has completed, to verify that it has indeed worked properly.
You could still get caught out in many ways but verification to some extent would give you more confidence.
I can understand how this has happened though, start-ups are not the same as large corporations with the resource to have people spent a long time ensuring backups are rock solid and testing disaster recovery efforts monthly etc. In an ideal world, that'd be quiet high on the agenda, but realistically, breaking even is the first hurdle and you don't (technically) need a backup plan for that, so it gets put to the bottom of the list.
Non-tech people don't understand the implications. They want a "smart" X because the marketing hype makes it sound awesome and that it'll make their life easier.
The marketing doesn't tell them it will require them to keep on top of updates if they like keeping their personal information personal. That'd be bad marketing, people will think "damn, I don't really want more things to worry about, and I don't want to spend more time administering my smart cat flap, because if I spend *any* time doing that, it basically negates its usefulness".
If your smart cat flap stops a neighbouring kitty getting in your house, thats awesome. Its one less thing to worry about, and will save you potentially an hour in the next 5 years. But if you have to spend half an hour updating it once every 3 months because someone worked out how to use it as a backdoor in to your network, whats the point?
I've always said this - its a game of cat and mouse, someone finds and exploits a bug, then it gets fixed. The only way to get ahead is to pay some cats to do it for you. The kind of people who'd happily spend days searching for something to exploit or sit staring at thousands of lines of assembly code trying to find a weakness. The same kind of person who'll be doing it without your knowledge. This is a different kind of job than someone who secures your systems and networks against attack. Both are required
I went to a friends house last night and played with a Vive for the first time. its far better than I expected and thoroughly enjoyable. If I could justify £700 on gaming, I would definitely buy one. This is all.
I don't think the problem is something that executes when you a file.. there are a lot of file types that do this, not just js files.. people just need to not be idiots and download and run files when they don't trust them.
I tried using a case sensitive file system on osx once already. never again. Lots of software just doesn't work, because it expects osx to be case insensitive.
Most importantly, Photoshop won't install (almost as important Hearthstone won't install).
I found some old thread about photoshop issue, boils down to the application linking to apple frameworks and xcode not being able to handle it, which left adobe basically saying, we can't fix it. It could be them passing the buck but either way, its something that'll need to be addressed by lots of application developers and apple themselves.
But good job on apple for bringing file systems in to the 21st century.
Was this in Camden by any chance? Sounds just like the place I used to work...
Is is possible that a large percentage of the population just don't have a need for super fast broadband? I would feel inconvenienced without at least 40mbps, but my in laws are very happy with their 3mbps even though there are bigger and better plans available, they can do all the things they need, so why pay more?
The whole premise that short urls are based on is in the name. They shorten urls to smaller ones. Whoever put pre-authenticated urls in to a short form should be shot. Its not the problem of the short url.
The FBI don't know the procedure to unlock it? So they just let some random guy/company have their possibly important piece of evidence to unlock it, without any idea how they were going to do it?
If i were the FBI, I'd want to know exactly what was being done and how it worked to ensure that it wouldn't in any way damage any evidence on the phone..
What if they attempted it and then it triggered the wipe procedure? Whoops sorry guys.. They'd have thought about that situation and would have sense checked what was going on themselves first.
Nothing to do with the admin, he shouldn't be reading the emails, should just forward them on.
Why even have a catch-all for misspelt emails? Let the user receive an undelivered mail message like every other mail server does.
Sounds like an excuse to read other peoples mail.
My company also loves slack - we use email for formal bits, everything else is on slack. Much quicker to communicate and bonus cat gifs.
Does it really matter what protocol it uses? You can hook in to it in several ways without caring..
People forget things sometimes, that doesn't make them an idiot, it makes them human. I see this as a failure of the team and processes. Code committed wasn't reviewed before it was pulled in to the main code base and there was no testing of the changes before they went live. And also, you'd expect a bunch of tests to pick up on the fact emails weren't trying to be sent to the right place. You can't place those failures on a single developer.
This isn't a new thing, this has always been the case. Its been reported many times and I'm sure its been highlighted in many news articles (maybe on El Reg)... Why do I think its not going to get fixed this time either?
rewrite of subways response: Hey, the personal data you gave us, that we gave to a third party got stolen, BUT IT WASN'T US! WE AREN'T RESPONSIBLE! LOL
It is definitely bollocks. Devs build what someone above them tell them to build, then there are other people that test it, and other people that sign it off, and other people that ensure that that particular change gets in to a final release build of the software..
Unless they seriously on their own accord snuck it in without anyone noticing for no reason other than thinking they were helping the company but not wanting any credit for it, the story doesn't fly. Even that doesn't make sense.
Maybe nobody considered it would interfere with the regulatory testing, could have been an honest mistake. That still doesn't make it the developers fault. Its a team/company problem, regardless of who done what. Stop pointing the blame at singular people and hold your hands up and say "yeah, we fucked up, sorry".
How fun would it be to shoot a drone out of the sky though? I envy him.
Employees shouldn't have the ability to generate legitimate certificates for testing. If its that easy, there is a bigger problem with their security and procedures and Symantec should no longer be trusted to issue certificates. Its that simple.
What if you want to login on your phone?
This article seems like a mash up between something about react native (a thing that lets you write native apps with react) and a comparison of web frameworks. Are these 2 things related? Not really. Does react native deserve an article? probably not. There are other frameworks that do exactly the same thing, except without react. Its not new(s)
Odd to review a car without posting a photo of it..
I love these in depth write-ups about why these kind of things happen. More of this.
Biting the hand that feeds IT © 1998–2018