Archive for PEBKAC

Pop down

Few things in life are as exasperating as the pop-up window that suddenly engulfs the entire screen. Those who endure this on laptops or desktops will presumably have to continue, but if you’re suffering with this on a mobile, Google might actually have your back:

Although the majority of pages now have text and content on the page that is readable without zooming, we’ve recently seen many examples where these pages show intrusive interstitials to users. While the underlying content is present on the page and available to be indexed by Google, content may be visually obscured by an interstitial. This can frustrate users because they are unable to easily access the content that they were expecting when they tapped on the search result.

Pages that show intrusive interstitials provide a poorer experience to users than other pages where content is immediately accessible. This can be problematic on mobile devices where screens are often smaller. To improve the mobile search experience, after January 10, 2017, pages where content is not easily accessible to a user on the transition from the mobile search results may not rank as highly.

Which is probably more direct than the solution I thought of: a browser plugin that sends really horrible SQL-type codes to the goddamn mailing list to which they insist I must subscribe.

Comments (2)




I’m all about that baseball

While I was hospitalized, I rediscovered an old friend: baseball. In the period between the time they take the dinner dish away and the time they bring the nightly pain meds, baseball did a wonderful job of filling up the time I would otherwise use bewailing my fate and wishing I was dead.

Unfortunately for me, I managed to be in bed during the All-Star break, so there were a couple of rough nights to be faced. When I finally got out of there, I stayed with it, going back to the ancestral home of baseball: AM radio. No trick to pick up the local Triple-A club, the Oklahoma City Dodgers: they have a deal with one of the smaller stations. Getting the parent club is trickier: they have a nominal local affiliate, but not all the games get through the endless web of tedious talk shows.

When I discovered Sunday that the Pittsburgh Pirates/Los Angeles Dodgers game would not be carried here, I took action. I cranked up the tablet, which doesn’t get enough work, and installed Major League Baseball’s At Bat app, which gives me all the audio I can stand for twenty bucks a year. About halfway through the first inning, I had everything in place and running.

Standard MLB blackout rules apply to the Rangers, the Astros and the Cardinals, though not to the Royals.

Comments (8)




Piped in

This story has persisted literally for decades:

There have long been rumors that Microsoft copied CP/M to create MS-DOS for the IBM PC. Consultant Bob Zeidman in 2012 used forensic software tools to analyze the code for IEEE Spectrum and found no evidence of copying, as he reported in “Did Bill Gates Steal the Heart of DOS?” Since he did that analysis, Microsoft donated previously unavailable source code for MS-DOS to the Computer History Museum. (Zeidman did his original analysis using QDOS.). And the museum also located and released a more complete version of the CP/M source code. Zeidman reran his analysis and presented the results 6 August at the Vintage Computer Festival West.

The conclusion? Still no sign of copying of source code. And no evidence to support a long-running rumor that there is a secret command in MS-DOS that can be called to print out a copyright notice in Gary Kildall’s name.

Which is not to say that the two operating systems are completely and utterly dissimilar:

However, Zeidman did find that at least 22 system calls, the commands used to request an action, like sending text to a printer or reading from a hard disk, had the same function number and function. That, he says, might have meant that Kildall “might have had a copyright claim for the system calls that it could have litigated against Microsoft. On the other hand, there is a good chance Microsoft could have beaten such litigation by claiming it was a ‘fair use’.”

And there’s a prize for proving him wrong:

[Zeidman’s] putting up $200,000 in prize money, $100,000 for anyone who can use “accepted forensic techniques” to prove the copying, and another $100,000 for anyone who can find that secret Kildall copyright function.

If you ask me, there’s something sort of heartwarming about sustained interest in DOS after however many versions of Windows.

Comments (1)




We will control the environmental

We told you you didn’t want your thermostat hooked up to the Internet:

One day, your thermostat will get hacked by some cybercriminal hundreds of miles away who will lock it with malware and demand a ransom to get it back to normal, leaving you literally in the cold until you pay up a few hundred dollars.

For example:

Pay 1 Bitcoin to get control back

This was not an actual attack, but a proof of concept:

Andrew Tierney and Ken Munro, the two security researchers who created the ransomware, actually have no ill intention. They just wanted to make a point: some Internet of Things devices fail to take simple security precautions, leaving users in danger.

“We don’t have any control over our devices, and don’t really know what they’re doing and how they’re doing it,” Tierney told Motherboard. “And if they start doing something you don’t understand, you don’t really have a way of dealing with it.”

They expect the manufacturer to implement a fix shortly.

Comments (3)




The bad guys score again

This time they went for your iPhone:

This isn’t a new phenomenon, exactly, but it’s an exasperating one.

Comments (3)




Compatibility ho!

Yes, of course, let’s do this:

And why not make 802.11 work with something that existed two decades before 802.11 itself?

Comments




Farging text editors

A couple of weeks back, I complained that Chromebooks didn’t have any. Further research from elsewhere:

Today I am using a Chromebook and I have a couple of really feeble editors loaded: Text and Caret. Neither one can do a proper search and/or replace. Text doesn’t even offer replace. Caret’s search and replace function only works on regular characters, it can’t find line-feeds or tabs which makes it absolutely useless, absolutely useless I tell you.

So I’m looking around and I’m not finding much, mostly a bunch of articles about the ‘top 5 moronic editors for Chrome!’ and the ilk, but I do find one cool thing: a bit of html code that will turn an empty tab on your browser into a text editor. It will look like nothing happened, but click on the empty page and you get a cursor. Start typing.

Now they tell me.

What I wound up with was EditPad.

Comments (4)




There’s always another obstacle

In this case:

Sometimes, that thin wire is all you have.

Comments




Google eats the soul

And it chews at least 32 times per bite:

I sold my soul to GoogleDocs in exchange for autosave every fifteen seconds. But I sinned against Google or something, and Chrome decided it was no longer going to open for me. Uninstalled and reinstalled, checked for viruses, nothing. So I downloaded Firefox, which is … fine. Except that it will not allow me to copy/paste in GoogleDocs with my mouse. I tried the common fixes that pop up online, making sure “dom.event.clipboardevents.enabled” is set to “true” and trying to modify “user.js,” which I don’t seem to have (or at least it’s not where anyone says it should be and Windows refuses to find it for me.) Past those, everything I see seems to throw up their hands and says to use keyboard shortcuts, which is unacceptable to me because I am 32 years old, damnit, and I’m not going to change how I do things.

So there.

Comments




Perhaps a four-door

Says Google Groups:

Hi Charles G Hill,
sudanbrand13@gmail.com added you to the Sudan Brand 13 group.

Well, if you say so.

Comments




Screw you, pay us

It was just a matter of time, right?

First instance of ransomware showing up on campus. Ugh. Someone clicked on an attachment to an e-mail that was apparently claiming “here’s the invoice you asked for” and boom. I guess I better be extra careful (though I almost never open attachments, and only then if it’s something I KNOW I need and if it’s clearly sent by someone I know). Maybe time to send all the vital stuff I’ve not backed up yet to the campus cloud.

I tend to feel like penal colonies should be re-established for folks who commit cybercrimes (and people who do stuff like install skimmers on credit card readers). No, they wouldn’t have to be hellish pits, just places people could not leave and that would prevent them from having access to whatever technology they used to commit their crimes. Surely there are a few islands full of time-share properties people are looking to unload? There could be periodic air-drops of food and whatnot so the people stay alive, just, they have NO internet or cell phone access whatsoever.

Ransomware seems especially bad; Computer Services indicated this one was 128-bit encryption so hard for a white-hat hacker to fix it and of course it fundamentally “bricks” your computer. And if you pay the ransom, you’re just encouraging the goons to do it again. (And who knows where that money goes; it could even buy blocks of C4 for would-be terrorists, for all we know.)

But … but … they mean well, don’t they?

Comments




Technical difficulties

It is extremely difficult to run this place off a Chromebook; no respectable FTP clients, and Google of course thinks it knows what you want in a keyboard. (They don’t.) I had major problems with the next Vent, because CHROME DOESN’T HAVE A GODDAMN TEXT EDITOR and HALF THEIR APPS ARE FUCKING AD-DISTRIBUTION DEVICES. It will be very short, and mostly video.

Comments




Technical-ish difficulties

Yet another gambit in the ad-blocking war: pass it off as a technical issue.

Which is, of course, your fault:

Rendering Error which is actually a whine about ad blockers

Somewhere out there, I’m starting to think, is an Expedia-like compendium of bad ideas, specifically for those who want the rest of us to go on guilt trips.

Comments (2)




It doesn’t tear me apart

So I was just sitting around, minding my own business, when this fell into my lap: a good old-fashioned fugue based on Adele’s “Hello.”

“I’ll be Bach,” she didn’t say.

(Via Classic FM.)

Comments (1)




You can’t spell “toilet” without “to let”

They say it’s purely voluntary, and maybe it is, for now. But I suspect this is the future of apartment hunting, like it or not:

The personal data you share with Facebook and other social platforms is a treasure trove of information that can, according to one UK startup, prove whether or not you would be a good tenant.

Score Assured wants to take the data you share privately and publicly with social media and sell it to individuals, employers, and landlords. Tenant Assured, the first tool in the company’s potential suite of data mining-and-selling resources, will connect with your social accounts and give landlords a report based on your data.

The company says it uses machine learning software to predict what your data means—from your personality to “financial stress.” It also rates the “risk” you would be as a tenant. Cofounder Steve Thornhill declined to tell me how exactly the company pulls private data from Facebook, claiming it was part of the company’s intellectual property.

Piece of cake. They went up to the Zuckerborg and said “Can we have a custom API? Here’s a whole bunch of sterling.”

In order to scrape your data and assess your worthiness, you have to give the company full access to your social accounts, from news feed posts to messages to tweets to employment data. You can pick which accounts you permit to be scraped, but if a landlord is asking for it and you’re desperately trying to find a new place to live, then you’re probably going to succumb to their requests, no matter how invasive.

“Users can feel reassured that this is not an invasion of privacy but always done with their explicit consent,” Thornhill said in an email. “We are empowering tenants to make a choice as to whether they would like to use their social media information to support their application for a rental property that they have got their eyes on.”

Another reason to justify why I’ve pretty much thrown the book open on everything I do: I figure I’m probably no worse off than anyone else, and data jackals aren’t getting paid for my life history.

(Via @SwiftOnSecurity.)

Comments (2)




Some days life is like that

And this is definitely one of them. (You’ll need to look at each graphic separately.)

(Via Chris Lawrence.)

Comments




Not your space anymore

Myspace — remember Myspace? — has had a major data breach:

“Shortly before the Memorial Day weekend, we became aware that stolen Myspace user login data was being made available in an online hacker forum,” the site wrote in a blog post. The breach occurred on June 11, 2013, and affects a portion of accounts created on the old Myspace platform.

Myspace did not reveal how many accounts were affected, but LeakedSource, a search engine for leaked records, which claims to have obtained a copy of the stolen information, said the data set includes 360,213,024 records. Each record may contain an email address, username, one password, and in some cases a second password; no financial information was involved.

I have received the following notification from Myspace (note it’s no longer BiCapitalized) HQ:

Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk. As you know, Myspace does not collect, use or store any credit card information or user financial information of any kind. No user financial information was therefore involved in this incident; the only information exposed was users’ email address and Myspace username and password.

In order to protect our users, we have invalidated all user passwords for the affected accounts created prior to June 11, 2013 on the old Myspace platform. These users returning to Myspace will be prompted to authenticate their account and to reset their password.

As a test, I duly attempted to log back in, and was so prompted. Password has now been reset.

The LeakedSource page on this breach lists the top 50 passwords, some of which were used by literally thousands of people. I’m pretty sure no one else was using mine.

Comments (4)




On the off-chance that it might help

Microsoft has issued a paper on Password Guidance, and therein, these are considered the best practices:

  1. Maintain an 8-character minimum length requirement (and longer is not necessarily better).
  2. Eliminate character-composition requirements.
  3. Eliminate mandatory periodic password resets for user accounts.
  4. Ban common passwords, to keep the most vulnerable passwords out of your system.
  5. Educate your users not to re-use their password for non-work-related purposes.
  6. Enforce registration for multi-factor authentication.
  7. Enable risk based multi-factor authentication challenges.

I, for one, would not miss character-composition requirements: adding digits and shifted characters to the alphabet raises the number of available characters from 26 to about 72, meaning your average brute-force password guesser is going to take somewhere between two and three times as long to nail down your password. In the current state of the art, this delay is trivial.

Two-step — maybe three-step — authentication will eventually become the norm.

Comments (2)




You can’t use this

No, we don’t care who wrote it:

SoundCloud booted Chet Faker off the streaming platform today for copyright infringement … of one of his own tracks.

The Australian electronica megastar, real name Nick Murphy, tweeted that SoundCloud issued him with one of its infamous takedown notices for detecting that “one of his tracks may contain copyrighted content.”

This is the track in question:

Automated copyright-infringement detection. How does it work? (Answer: Not very well.)

Comments




True Cold War technology

Would you like to play Global Thermonuclear War? Bring your own diskettes:

Want to launch a nuclear missile? You’ll need a floppy disk.

That’s according to a new report by the U.S. Government Accountability Office (GAO), which found that the Pentagon was still using 1970s-era computing systems that require “eight-inch floppy disks.”

Such disks were already becoming obsolete by the end of that decade, being edged out by smaller, non-floppy 3.5 to 5.25-inch disks, before being almost completely replaced by the CD in the late 90s.

Except in Washington that is. The GAO report says that U.S. government departments spend upwards of $60 billion a year on operating and maintaining out-of-date technologies.

I dunno. The five-and-a-quarters seemed pretty darn floppy to me, especially compared to the nifty plastic-shelled three point fives.

The Soviet Union went bye-bye in 1991. At the time, I was working on an IBM System/36 with a startlingly huge 200-megabyte hard drive — ‘scuse me, DASD — though backups of Important Stuff were kept on magazines (capacity 10) of 8-inch floppies. Each disk held a shade over a single megabyte, so maybe 11 MB per magazine. Eventually we got a tape drive for backups. (We still have a tape drive for backups, but each tape holds 800 GB; it takes about two hours to fill it halfway.)

Comments (1)




Marked for death by Information Services (13)

If your site nags me about ad blockers, even while ad blockers are off, “too stupid to live” is far too kindly a description of you.

Comments




Measured desperation

See? You should have charged your phone before going out for the evening:

Dying phone batteries can lead to desperate measures when it comes to ordering an Uber.

The ride-hailing service has learned from its internal data that riders are much more likely to spring for surge-priced fares when their phone is nearing the end of its battery life.

Of course, they know exactly what you’re doing:

The reasoning here is pretty straightforward: Anyone with an amply charged phone can afford to wait and see if Uber’s real-time demand-based pricing system might let up on the extra charge. But the prospect of being stranded with a dead phone makes time more of the essence.

Uber knows when your phone battery is running low because its app collects that information in order to switch into power-saving mode. But [Uber head of economic research Keith] Chen swears Uber would never use that knowledge to gouge you out of more money.

Sure they wouldn’t.

(Via Rusty Surette.)

Comments (2)




Nearing the final Flickr

As Yahoo! circles the drain, its component parts are whirling around at comparable speeds, and Flickr, which they acquired in 2005, definitely appears to be tracing a similar spiral. Can it be saved? Geoff Livingston has some thoughts:

A lot depends on who buys Flickr. Doc Searls made an impassioned plea for Adobe to buy the social network, saying that Flickr was the best site for serious photographers.

And besides, Doc Searls has sixty thousand photos on Flickr. I’m almost embarrassed by my 159. But I haven’t left either, and neither has Geoff Livingston:

I’m not sure about the latter anymore, but I do believe Flickr still has value. I’m still there and still use it to house my library. I still get occasional media inquiries to use my pics from Flickr, too… The question is who will buy it? If Google or Facebook buys Flickr, I will be downloading all of my photos that day and closing my account. Warren Buffett would be more encouraging. At least you know Berkshire Hathaway would invest in the network again.

I shudder at the thought of Flickr being absorbed into Google Photos — or worse, into Instagram.

Now how do we persuade the Sage of Omaha to spend money on an Internet photo service? I mean, Flickr doesn’t sell insurance or anything like that.

Comments (2)




No one must ever know

Usually the guys who do this want to pretend that they wrote all that code. Then there’s this guy:

Yahoo Answers screenshot: How to remove template name from WordPress?

His motivations contain 50 percent more skulk:

I bought a WordPress template from a site for my business, and I want to know if there is a way to change the theme template name? I own a cafe and one of my competitors (who happens to be my ex-wife) figured out what template I’m using on my site and she bought the same template for her cafe site and now both of our sites look similar. I want to buy a new template but I want to know how I can prevent someone else learning what template I’m using. When someone goes to my site they are able to see what template I’m using when they look at the “Source Code” — how do I change that so the visitors (mainly my competition) can’t find out what template I’m using?

WordPress stores all the theme files in a themes/[theme name] directory; to conceal it would require rewriting every one of those files, plus all the code that connects to those files. It would almost be easier to write a theme from scratch, and there’s still the necessity of tweaking all that PHP. I’m thinking it might conceivably be done with a metric buttload of redirects, at the expense of speed: nothing makes people flee a site faster than lack of fastness.

Disabling right-click, which is where people usually try to View Source, is trivially easy via JavaScript. But it won’t do a thing to block, say, the Ctrl-U combination that Firefox devised.

And really, why did those two ever break up? They seem to be so perfect for each other in so many ways.

Comments (2)




Don’t be Evil McEvilface

This is the sort of thing that makes me think I need a Why The Hell Not? category:

At Google, we spend a lot of time thinking about how computer systems can read and understand human language in order to process it in intelligent ways. Today, we are excited to share the fruits of our research with the broader community by releasing SyntaxNet, an open-source neural network framework implemented in TensorFlow that provides a foundation for Natural Language Understanding (NLU) systems. Our release includes all the code needed to train new SyntaxNet models on your own data, as well as Parsey McParseface, an English parser that we have trained for you and that you can use to analyze English text.

Did he say what I thought he said?

Parsey McParseface is built on powerful machine learning algorithms that learn to analyze the linguistic structure of language, and that can explain the functional role of each word in a given sentence. Because Parsey McParseface is the most accurate such model in the world, we hope that it will be useful to developers and researchers interested in automatic extraction of information, translation, and other core applications of NLU.

And why the hell not?

(Via Selena Larson.)

Comments (2)




Insidiously hideous

This particular WordPress theme was two years old when I adopted (and to some small extent adapted) it, and that was eight years ago. Then again, we’re still talking the 21st century here, although the worst excrescences of the 20th seem to be coming back into style:

There’s an interesting trend in web design these days: Making websites that look, well … bad.

Look at Hacker News. Pinboard. The Drudge Report. Adult Swim. Bloomberg Businessweek features. All of these sites — some years old, some built recently — and hundreds more like them, eschew the templated, user-friendly interfaces that has long been the industry’s best practice. Instead they’re built on imperfect, hand-coded HTML and take their design cues from ’90s graphics.

Which is the way I learned to do things, back in the, um, Nineties. It has the advantage of familiarity.

Is there enough of this stuff to constitute a whole school of thought? Apparently so:

The name of this school, if you could call it that, is “web brutalism” — and there’s no question that much of the recent interest stems from the work of Pascal Deville.

In 2014 Deville, now Creative Director at the Freundliche Grüsse ad agency in Zurich, Switzerland, founded brutalistwebsites.com. He meant it as a place to showcase websites that he thought fit the “brutalist” aesthetic: Design marked by a “ruggedness and lack of concern to look comfortable or easy” in “reaction by a younger generation to the lightness, optimism, and frivolity of today’s web design.” (In architecture, brutalism describes a ’70s architectural movement characterized by large buildings with exposed concrete construction.)

I defend this sort of thing more or less reflexively. Then again, I defended Oklahoma City’s Stage Center for many years, and we all know what that got me.

“Bad is the new good,” tweeted Nancy Friedman.

Comments (2)




Potentially mortarfied

One of the great fears of our technological time is installing an update and then watching in horror as the device assumes the general position and activity level of a paperweight. I got a chance to anticipate just such a thing yesterday:

Some ASUS users are having UEFI-related Windows update problems that may brick their systems. A few news sites have stories on this:

[…] KB3133977, a security update for Windows 7, has been identified as the cause for this problem. Following its installation, it forces Windows 7 to enable Secure Boot, even though it is actually not supported by Microsoft anymore. This eventually prevents the system from properly rebooting. Microsoft has clearly stated that it is in no way responsible for this predicament. Providing clarification, a company spokesperson stated that the problem occurs because of how Asus has created some of its motherboards with its own modified version of the Secure Boot feature. In other words, users facing problems in this regard will have to contact Asus directly to have the issue addressed. […]

Well, actually, it was never supported in Win7; Secure Boot was an innovation, so to speak, that came with Windows 8. Still, I have an Asus mobo, I run Windows 7, and yesterday was the due date for Microsoft’s Patch of the Month Club. So when I got home, I dragged myself into UEFI — which, as the lovely and talented @SwiftOnSecurity reminds us, is not actually BIOS — drilled down a couple of levels, and hit the toggle on Secure Boot to match up, not with Windows, but with some mysterious “Other OS” that I don’t actually have on this machine.

And then down came fourteen patches, none of which turned out to be KB3133977.

I suppose I can toggle it back when I cede control to Windows 10 in the next couple of months.

Comments (2)




Boxed in

Well, the new Mini Boxes were not going to install themselves, and I wasn’t about to call in a tech for something I damned well ought to be able to do myself, so I set aside an hour to deal with both of my ancient television sets.

The Box box from Cox contains, in addition to the box and its power supply, a smallish remote (with a couple of AAA batteries), a large sheet of paper for the benefit of people with ancient television sets whose remotes need to be cloned, a Quick Start guide which I looked at once, and two cables: one HDMI and one with F connectors. The idea is that if you don’t have HDMI, as I don’t on the turn-of-the-century Sony WEGA, it will still be possible to hook up the box, though nothing is going to produce an actual HD picture. (With judicious use of a button on the remote, you can do the old letterboxing trick to get 16:9, albeit with the usual black bars at top and bottom.) The Vizio (2007) is a proper HD set, but the connectors, as I had forgotten, required me to turn the screen upside down to get to them.

That said, I didn’t actually use up the entire hour, though for some reason the install on the Vizio immediately phoned home for a software update, and it’s just as agonizing watching such things on TV screens as it is on proper computer monitors. And now, instead of 105 channels I don’t watch, I have about 225 channels I don’t watch.

Downside: Each box seems to eat up about 10 watts, whether anyone’s watching TV or not. This works out to somewhere around $20 a year on the electric bill. It’s not a Frigidaire, exactly, but it’s still noticeable.

Comments




A-peeling we will go

Chinese girl enjoying a CavendishChinese video-streaming services have apparently had it up to here with saucy banana clips, or something:

Chinese live-streaming services have banned people filming themselves eating bananas in a “seductive” fashion.

New regulations mean that live-streaming sites must monitor all their output round-the-clock to ensure nothing untoward is going on, keeping an eye out for any “erotic” banana-eating, according to New Express Daily. It’s not just fruit that’s on their radar though — the paper adds that wearing stockings and suspenders while hosting a live stream is now also forbidden.

The move is the authorities’ latest attempt to clamp down on “inappropriate and erotic” online content, state-controlled CCTV reports. In April, the Ministry of Culture announced it was investigating a number of popular live-streaming platforms for allegedly hosting pornographic or violent content that “harms social morality”.

Long version: I suspect this sort of action is inevitable from any government that has something called the Ministry of Culture.

Shorter version: This sucks.

(Via Keaton Fox.)

Comments




Kindly thieves

Yeah, you’d probably be somewhat resentful if a gaggle of cybercrooks gained access to your computer, encrypted all your files, and then demanded payment for their safe return.

But what if said cybercrooks claimed to be doing all this for a Good Cause? A new strain of ransomware, asking 5 bitcoin (about $2200), says exactly that:

Your money will be spent for the children charity. So that is mean that You will get a participation in this process too. Many children will receive presents and medical help!

And We trust that you are kind and honest person! Thank You very much! We wish You all the best! Your name will be in the main donors list and will stay in the charity history!

P.S> When your payment will be delivered you will receive your software with private key IMMEDIATELY!

P.P.S> In the next 24 hours your price will be doubled by the Main Server automatically. So now you have a chance to restore your PC with low price!

Best regards,

Charity Team

Well, at least we know they’re not spending any of this money on English lessons.

Oh, and they throw in “3 years of tech support” with the deal. I still think I’ll pass.

(Via @SwiftOnSecurity.)

Comments