____

@____@infosec.pub

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Linus Torvalds affirms expulsion of Russian maintainers⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
I’ve worked side by side with RU devs who were both personable and damned competent. Never were their tech skills in doubt, and I retain quite a bit of respect for those individuals.

I’d not do the same today explicitly because of the political and compliance implications. It’s unfortunate, but necessary.
⁨Comment⁩ on ⁨Not allowed to work from home⁩ ⁨⁨3⁩ ⁨weeks⁩ ago⁩:
Feel ya, no job is perfect. My giant employer is great about WFH for those hired as such during a particular period of time, but they’ve outsourced HR entirely to a third party - a simple inquiry becomes a three day saga, abd if I’m talking in real time to HR, voluntarily, it’s because I’ve a concern of some immediacy.

WFH plus great benefits > downsides, but it’s always a balancing act of priorities for sure.
⁨Comment⁩ on ⁨Man-in-the-Middle PCB Unlocks HP Ink Cartridges⁩ ⁨⁨1⁩ ⁨month⁩ ago⁩:
Been looking for this sort of device for my Pantech laser.

The cartridge is good for 1,600 pages - no more, no less.

All well and good, they’re cheap, except… the vast majority of my printing is in A5 size (roughly half-letter, or exactly half-A4).

Those half pages count just like any other page against the total, and I get shorted by the better part of 800 pages or so.
⁨Comment⁩ on ⁨Should you have to pay for online privacy?⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Wasn’t sure I’d agree when I started reading, but I like the way you think.
⁨Comment⁩ on ⁨In Leaked Audio, Amazon Cloud CEO Says AI Will Soon Make Human Programmers a Thing of the Past⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Probably cheap at the price compared to burning Jet A by the tens or hundreds of gallons.

Not that I am unconcerned about the resource usage. Lesser of two evils.
⁨Comment⁩ on ⁨In Leaked Audio, Amazon Cloud CEO Says AI Will Soon Make Human Programmers a Thing of the Past⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
And no asinine private jet commute required for the AI CEO…
⁨Comment⁩ on ⁨iPhones in the EU get ability to set more default apps, delete more built-in ones⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Was always curious why there was an extra step to confirm when making a call through the GV app. Not using it anymore, but I see the logic behind requiring that confirmation.
⁨Comment⁩ on ⁨iPhones in the EU get ability to set more default apps, delete more built-in ones⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
Google Voice, with built-in dialer, voicemail, etc., was useful once upon a time, from when they acquired GrandCentral (original company) up through a few years ago.

Not so much anymore, just recently ported out the last couple of numbers I was using them for. I don’t see much use case for replacing the dialer, except insofar as the ability to do so has value in terms of freedom and open markets.
⁨Comment⁩ on ⁨iPhones in the EU get ability to set more default apps, delete more built-in ones⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
It’s already trivial to get local banking details from many countries, (e.g., ‘multi-currency’ debit cards) but as far as I’m aware there’s not a practical way to get a foreign debit card without the usual hoops that the full account would require.

Probably because demand for such a thing is low - I can generate disposable card numbers on the fly, but only from my home country. Can’t imagine (aside from this specific edge case in question) generating foreign card numbers would be all that useful most of the time.

End-user support for such a thing would also be a challenge - I’m very accustomed to entering the usual data points with my card, but users would forget the associated postal code, or any number of other things, and then call support whining that it’s ‘broken’.
⁨Comment⁩ on ⁨iPhones in the EU get ability to set more default apps, delete more built-in ones⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
IOW, not something that one stuck in Ameristan can realistically override. Damn.

A handful of those factors are fairly trivial, but addressing all of them concurrently sounds like a tall order - especially since presumably one can’t talk to countryd directly and feed it the desired data.

Appreciate the clarity - iOS just isn’t a platform I have a need or the tools to code in.
⁨Comment⁩ on ⁨Custom ROMs have had just about enough of being Android's second-class citizens⁩ ⁨⁨2⁩ ⁨months⁩ ago⁩:
There really is a dearth of choices. I’ve little love for Google’s version of android, mostly for privacy reasons.

If I could get a decent phone that ran at reasonable speed for a tolerable price, without the tracking, I’d be willing to give it a go - and endure more than a few pain points.
⁨Comment⁩ on ⁨A boomer gets just $1,056 a month in Social Security and works as a bus driver: 'I don't see myself being able to retire, but I'm grateful and healthy'⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
For me (mid-40s) from a quick glance at the SSA site, I surprisingly wouldn’t take a hit if I started at 62. That assuming it’s a) there and b) not privately invested in some shitshow tying it up, etc., of course.

Tentatively, given there’s no difference between 62 and 68 for me, and I’m not exactly in idea health already, the real motivation for me to work past 62 is the health insurance.

I have no illusion that the ACA or the Marketplace will exist in its current form nearly two decades from now; and Medicare seems to have a hard cut at 65 rather than the age range one could claim SS at.

That three years between 62 and 65, without Medicare, the Marketplace, or employer paid insurance, would be a far larger risk than I’m willing to take, barring a full and complete disability.
⁨Comment⁩ on ⁨If malls continue to shut down and decay over the next twenty years, someone should turn them into retirement communities for GenX and Millennials.⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Elsewhere, someone suggested that it would be necessary to take the rebuild down to the dirt to handle plumbing and the like for individual units, but I’m not sure I agree.

Generally there is significant excess ceiling height in these commercial spaces, no reason the floor couldn’t be raised throughout the space to accommodate plumbing and the like in a way that’s easily accessible for future maintenance. You still end up with 8’ ceilings (or probably rather more) throughout.

Over the years, I’ve watched a number of retail chains and malls die, sometimes suddenly and sometimes slowly. It’s continuously seemed like a huge waste to me, when conversion to residential space would be relatively easy, relatively affordable, could be funded by local gov or nonprofit, and would make a significant difference in net housing costs in a given area.

When ‘traditional’ residential developers are competing with that, and with the ability to slap down standard-sized (AKA easy) risers/walls/etc. within commercial spaces of defined sizes, a further reduction in local housing costs is likely.
⁨Comment⁩ on ⁨$1 million starter home? It's the norm in 237 cities, according to Zillow⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Billionaires and rent-seeking companies. There are at least three national companies I can think of who are hoarding single-family homes in major cities and renting them out.

Generally they purchase at scale via REO scenarios, and provide no value whatsoever while driving up prices drastically

One example is a company called “Progress,” no better or worse than the others but with a meaningful web presence if you’re curious.
⁨Comment⁩ on ⁨Wearables linked to ‘pathologic’ heart disease symptom monitoring⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Understanding the limits of the tech is key - I don’t equate the sleep tracking to the quality of the same I’d receive in a sleep lab, but I do value understanding my perception of sleep quality (i.e., totally subjective and rarely valid) vs the partially objective tracking I get from the watch.
⁨Comment⁩ on ⁨Why do so many people use NGINX?⁩ ⁨⁨3⁩ ⁨months⁩ ago⁩:
Right there with you on “just works,” as well as the simple fact that the config snippets you need are readily available - either in the repo of whatever you’re putting behind the proxy, or elsewhere on the internet.

I consistently keep in mind that it’s ultimately an RU product, of course. But since it’s open source and changes relatively infrequently, that’s mitigated to a large degree from where I sit.

Nothing against Caddy, though Apache gets heavy quickly from a maintenance standpoint, IMHO. But nginx has been my go to for many, many years per the above. It drops into oddball environments without having to rip and tear existing systems out by the roots, and it doesn’t care what’s behind it.

Ages ago, I had a Tomcat app that happened to be supported indirectly by an embedded Jetty (?) app that didn’t properly support SSL certs in a sane way on its own.

That was just fine to nginx and certbot, the little-but-important Jetty app just lived off to the side and functionally didn’t matter because with nginx and certbot, nothing else gave a crap - including the browser clients and the arcane build system that depended on that random Jetty app.
⁨Comment⁩ on ⁨Child care costs more than a mortgage payment or rent almost everywhere in the U.S.: ‘There is no escaping it’⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
There was a time when paperwork and such was defensible.

Now, if carriers had a lick of sense, they’d realize that forms are dirt cheap online; and that it’s drastically less expensive just to pay the claim vs fighting it.

They don’t, of course, because mergers and sole-source pharmacies for “scary” meds, but that’s neither here nor there.

Whole idea of PBMs is wrong, offensive, and has set back my care. Know who should manage my pharmacy benefits, my fucking doctor. Full stop.
⁨Comment⁩ on ⁨Child care costs more than a mortgage payment or rent almost everywhere in the U.S.: ‘There is no escaping it’⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
You are assuming they get healthcare. Dangerous assumption these days, as the ACA has been carved down.
⁨Comment⁩ on ⁨Child care costs more than a mortgage payment or rent almost everywhere in the U.S.: ‘There is no escaping it’⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
This is fucked up.

Affordable childcare, and living wages for those providing it, would mark a sea change in our system.

But letting parents believe it actually costs anywhere near that much to provide childcare - even considering overhead - is a crime.
⁨Comment⁩ on ⁨‘Quantum internet’ demonstration in cities is most advanced yet⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
“Almost unbreakable keys” - I’m not up to speed on what this race entails, relative to the current state of affairs. Does “almost” mean “any gov agency w/ a budget and quantum computers” can break it, it is it an actual step forward from the status quo?

A question worth asking, in context of article.

There’s not a ton of stuff I demand to be secure, full stop, but SSH and comms w/ my wife are among them. I need to dive deeper, and understand the actual risks.
⁨Comment⁩ on ⁨Nabiha Syed will join the Mozilla Foundation as [their] next Executive Director⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Executive Dir for an org that size is not an easy position to fill. Not that there isn’t a qualified JD within the org, but it also take personality and passion.

I’m going to err on the side of presuming there was an internal search, for now. If I’m later proven wrong, so be it.
⁨Comment⁩ on ⁨DWP told to pay £50,000 to Deaf job-seeker after repeated failure to provide BSL interpreter⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
What was said internally is absolutely brutal.

How many others lack the energy, strength, or (bs) “social skills” to work through this?

Might actually result in change.

My own lived experience is that the blind/deaf orgs who pursue these things should be a model for other orgs serving folks w/ other disabilities.
⁨Comment⁩ on ⁨Is This the End of Plastic? Visa's New Technology Could Replace Physical Cards⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Eh, somehow I missed that. Off to DDG for me, because I’m genuinely curious.
⁨Comment⁩ on ⁨Is This the End of Plastic? Visa's New Technology Could Replace Physical Cards⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Betteridge’s Law.

Generally proves deeply true.
⁨Comment⁩ on ⁨Slack has been scanning your messages to train its AI models⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Teams is bloated garbage.

I miss Slack, though circa several years back. “Just worked,” on most any platform, without the BS or “help”.

Wouldn’t like it now, I’m sure, but haven’t had a chance to use it since I started working for a co who is “all in” on MS, including foisting AI on us.

I am capable of drafting an email or message, bitches. If I am concerned about tone, etc., I’d prefer to employ an actual human I have a close relationship with to review the same.

I have zero desire to be constantly corrected, and there are certain niche scenarios where very minor errors are actually endearing, and indicate enthusiasm.

“Bob, I saw the posting for your role, can you tell me about your avg day?” is effective because it’s honest, coherent, and just excited enough that you made a minor error that slipped through.

When Bob gets 25 of those emails and they all look the same because AI, it’s much harder to make the connection.
⁨Comment⁩ on ⁨British tech firm Raspberry Pi lines up £500m float⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
On one hand, I’m a fan of the ESP32 as a challenge.

OTOH, sometimes you actually need a full fledged computer for your semi embedded task, and sometimes you just don’t want to (or can’t be seen to, from PR standpoint) support Beijing.

While arguments can be made either way about the prior para, from a biz POV, it’s pretty binary.

Would love to find similar platforms that don’t involve those concerns and might theoretically be commercializable by hackers, but I’m not aware of many.
⁨Comment⁩ on ⁨Self-hosted website for posting web novel/fiction⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Not aware of a FOSS 1:1, but that sounds like Ghost or your blogging platform of choice.

Except WP, if self hosting, IMHO. Wordpress == PHP == trouble and risk. I don’t mean to malign WP specifically, but if you’re a noob, you want to avoid exposing PHP to the public internet - especially if there’s any possibility you’ll eventually forget about maintaining and upgrading.

Just too damn easy for some threat actor to come along and exploit a vuln you missed, in the software or the web server or WP.

That said, years of WP taught me that, roughly, you want “pages” linking to “posts” ( == chapters). In theory, the former is a permanent reference and the latter is dynamic to some degree.

In reality, the existence of search engines before enshittification means the two have been conflated frequently.

Pages would often get links in a sidebar or menu. Posts might get buried much farther down, but can also be linked to. They’re often, but not always, time—specific.

“2023 NY [financial product] Guide” (page) might well link to a years-old post about subrogation regarding an attempted BBQ of a random wild animal that went wrong and caused a fire, because it’s a positively classic example of the same that makes a great deal of sense to most people, even if they don’t understand terms like subrogation.

Post/page are distinctions that WP makes, but are abstractly relevant to setting up abs any CMS (which is what you want, Content Management System) so that you (ideally) never have to figure out how or where to link something, its just native. Changing the structure means changing the URLs which is annoying at best, and fraught with peril at worst.

Above 2023 xxxx Guide page, would be example.org/NY-Xxxx-Guide and that way you DGAF about the sidebar links, for instance. Link it once, and then you only have to update 50 posts with the year and/or some change in the data, which can be done programmatically in the db as a trivial exercise. “UPDATE page SET title = (SELECT title FROM… WHERE ‘2022’ in title TO ‘2023’;”

Disclaimer: do not run that query as copypasta, it’s meant to illustrate a point and not to exhibit valid SQL on any db (Not least because I intentionally left out at least one closing paren and simplified a bit. I’m a PG guy, and I am 100% certain it would fail as written, but fully expect anything approaching the standard to reject it. But you get the idea, update 50 states at once with a fairly simple query, once a year.

Lots going on here, but go for a modern CMS and repeatable updates, not a legacy product with a bunch of tech debt accumulated. Build it clean, plan it out first, and know whatever DB is backing it fairly well.
⁨Comment⁩ on ⁨Why do arranged marriages persist in many cultures?⁩ ⁨⁨5⁩ ⁨months⁩ ago⁩:
Some of this - and I speak exclusively from a layman standpoint of having worked extensively with quite a few Indian colleagues - has to do with whether an education system (or culture) prioritizes rote memorization vs critical thinking. India tends towards the former, the West mostly tends towards the latter.

Much simpler to persist the practice across many years when the majority of folks are explicitly taught to accept what they are told and not to actually consider it.

Context, I’m an American working for a large public company whose execs appear to have actually realized they got too aggressive with offshoring in recent years and are actually reversing the practice to a relatively sensible degree.

There is shareholder value in workers who come from e.g., a caste system, but there is also a significant risk to shareholder value when too many levels of decision-making are sent to places where that mindset is common.
⁨Comment⁩ on ⁨People get addicted to delivery apps cause it lets you pretend you're on vacation all the time⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
Alternatively, someone has a sleep disorder and an ADA accom for a 2h lunch so they can take a nap.

Sleep cycles are 90 min give or take.

Clocking out the moment the food arrives, eating, and having 90+ min to nap so they can face the rest of their day is high value, and high yield.

That makes it practical for a person to work a traditional 8 hour day where otherwise they’d be unable to.

That person - generally - does not have the energy to put lunches together in advance after work, etc.

They wake up, stumble to work, nap midday, and stumble back to bed after.

What you’re calling out as a problem is what enables that person to function and work.

Not to argue w/ person who cited DSM below. Can be dangerous. But can also be life saving or enable a normal life and career vs the alternatives.
⁨Comment⁩ on ⁨Generative AI could soon decimate the call center industry, says CEO⁩ ⁨⁨6⁩ ⁨months⁩ ago⁩:
I work for a company that is “all in” on AI. And offshoring. But AI is unlikely to provide second or third level support for complex and poorly documented software that operates at the intersection of legislation and rule making.

Add to that, customers who are licensed in their field but cannot comprehend that software implementation of paper forms requires the same inputs generally, much less explain their objective…

Also, the implementations I’ve been presented with as a consumer have been hot garbage.

The front line folks who exist primarily so customers can yell at someone might be in trouble. But companies who put their people in that position are shit anyway.