Archive for PEBKAC

Upgrading Detroit

The last time we checked in on Detroit’s computer system, we were snorting at the demand for $800k in Bitcoin by some hackish types who’d hoisted a city database; Detroit clearly didn’t have $800k to spare, in Bitcoin or any other currency you can name, but they didn’t need the database anyway, so they blithely blew off the extortionists.

This welcome bit of redundancy notwithstanding, we can’t really say that Detroit’s in good shape, computing-wise. Chief Information Officer Beth Niblock certainly won’t:

More than 80 percent of the city’s 5,500 computers are more than five years old, and 85 percent are equipped with Windows XP, an operating system that “by virtue of its age, is far from top of the line,” she wrote. Microsoft doesn’t even support XP anymore, and the city has been using a version of Microsoft Office that’s a decade old.

On top of that, the city has “serious” problems with the “resilience of its network,” she wrote, saying Detroit’s deficient network connections don’t allow employees to complete basic daily functions, such as accessing email. Employees can’t sync daily calendars to their smartphones.

I’m guessing it’s Office 2003 deployed to those Detroit computers, and support was pulled for that version about the same time support was pulled for XP.

Still, this isn’t the worst tech failure in Hockeytown, not by a long shot:

Chuck Moore, a consultant for the city, described one fire station’s Rube Goldberg machine in September during testimony in Detroit’s bankruptcy trial: When an emergency alert comes in, a fax machine is triggered. This shoots out a piece of paper, which knocks over a soda can full of change, notifying those at the station of the situation. At another station, a fax comes in and bumps a door hinge, which pulls a wire and rings a doorbell.

On the upside, they’re at least getting some use out of those fax machines, which are probably older than Windows XP.

(Via Hit Coffee.)

Comments




Two steps below the script kiddie

Is there a good reason why this guy shouldn’t be taken out behind the woodshed and put out of his misery?

Yahoo Answers screenshot: So I am pinging an IP Address but it seems like the site won't crash

Get this:

I am pinging a website to crash it, not a big website. But a small one. I opened 4 CMD windows using a batch file then sent a ping request like this: ping [IP ADDRESS] -t -l 65500

It is sending and responding. It has been 15 minutes and it seems to me like the site has not crashed yet. It is working fine with the same speed. The time ranges between 64ms and 167ms, and it is very random. Do I have to wait longer, can someone teach me another way to crash this website (my friends website). How long will it take, Help! Lol!

A ping constitutes a whole 32 bytes; it’s going to take a whole lot more than 2,620,000 pings (8.3 MB) to bring down his soon-to-be-ex-friend’s website.

I suggest we dig up his IP address and turn it over to the North Koreans.

Comments




Axe it anything

Sometimes it’s not always obvious where Apple should be going with a product line. And this is where the user base stands tall:

Of course, as an Apple accessory, it won’t be cheap, but so what else is new?

Comments (5)




Not one viewer more

For some time now, “Gangnam Style” by PSY has been the most-viewed video on all of YouTube. Now lesser-viewed videos — which is all of them — tend to run into difficulty after 301 views:

After a video reaches a certain number of views … YouTube tells the database to freeze the view count until YouTube can manually verify the correct count to protect against botting attempts — using automated computer processes to artificially inflate the number of views. YouTube view counts are initially tracked by servers near the end user. By looking at reports from these individual servers, YouTube engineers can detect suspicious patterns in the data.

“At some point the decision was made that we need to draw a line between what is innocuous and the database can handle and all of a sudden serious business … The proportion was calculated to be at about 300.”

So why 301? Blame it on one YouTube programmer’s errant less-than-or-equal-to sign. The code tells the database to keep counting views up to and including the time when the count is equal to 300, allowing one final view to get counted before it freezes.

At the other end of the spectrum, there’s PSY:

We never thought a video would be watched in numbers greater than a 32-bit integer (=2,147,483,647 views), but that was before we met PSY. “Gangnam Style” has been viewed so many times we had to upgrade to a 64-bit integer (9,223,372,036,854,775,808)!

Incidentally, since YouTube made this announcement (Monday), there have been six million more views.

Comments (2)




Stuck in the sticks

From the “There must be something someone can do about this” files:

Yahoo Answers screenshot: ISP is charging a ridiculous amount for my internet what can I do?

My dad is paying $45/mo for 1 Mbps… Tier 2 speed is 2 Mbps at $49.99, tier 3 is 3 Mbps at 59.99, tier 5 is 5 Mbps at $135, and tier 6 is 6 Mbps at ******* $190.00!!!! I live in a rural area and this is pretty much the only ISP around. Is there anything I could do other than having to move or switch to satellite? Because this is so unfair, there should be laws against this. This is a monopoly so they have no reason to upgrade their infrastructure.

If there exists anywhere on earth an ISP that is undercharging, we’d certainly like to know about it.

In the meantime, if it’s truly a ridiculous amount, the least we can do is to ridicule it. (Fairness, of course, is not a factor, as it usually isn’t.)

Comments (6)




Broke into the wrong database, didn’t you?

This isn’t technically funny, yet the laughs will not subside:

Hackers seized a database from the City of Detroit earlier this year before unsuccessfully demanding $800,000 in Bitcoin.

The failed extortion attempt back in April was disclosed by Detroit mayor Mike Duggan at the North American International Cyber Summit conference on Monday.

The stolen database wasn’t needed by the cash-strapped city so the ransom was never paid, according to local reports.

I mean, really. Extorting money from Detroit, of all places? You’d have better luck trying to sell snow shovels in San Diego.

(Via @SwiftOnSecurity. Of course.)

Comments (1)




All about that guilt reflex

At least twice a day something like this comes up:

Yahoo Answers screenshot:<br />
Will my parents come to know about my net history from the MTS internet bill?

Oh, you poor, porn-obsessed adolescent!

Actually, they’ll probably figure it out the moment you come down with a malware infection from chasing down stuff you thought was “free.”

Comments




Techlet

Those of us who routinely outsource computer maintenance to younger folks will probably not be too surprised at this:

A boy from Coventry has become the youngest computer specialist in the world.

Ayan Qureshi is now a Microsoft Certified Professional after passing the tech giant’s exam when he was just five years old.

Ayan, now six, whose father is an IT consultant, has set up his own computer network at home.

He told the BBC he found the exam difficult but enjoyable, and hopes to set up a UK-based tech hub one day.

The Fark blurb for this: Five year old boy passes exam to become Microsoft Certified Professional in spite of being younger than most Microsoft bugs. And, I might add, way younger than this one.

Comments




Damn right they is

Screenshot from the Oklahoman: Personal info breaches is a concern, many say

From this morning’s Oklahoman, page 3C. I couldn’t find the story on NewsOK for some reason, but since it’s an AP wire story, it’s all over the place. Try here.

Comments




Bring your own leopard

In today’s episode of Security Theatre, we present the Password Rules from the Child Support division of the Texas Attorney General’s office:

  1. The password must be exactly 8 characters long.
  2. It must contain at least one letter, one number, and one special character.
  3. The only special characters allowed are: @ # $
  4. A special character must not be located in the first or last position.
  5. Two of the same characters sitting next to each other are considered to be a “set.” No “sets” are allowed.
  6. Avoid using names, such as your name, user ID, or the name of your company or employer.
  7. Other words that cannot be used are Texas, child, and the months of the year.
  8. A new password cannot be too similar to the previous password.
    1. Example: previous password – abc#1234, acceptable new password – acb$1243
    2. Characters in the first, second, and third positions cannot be identical. (abc*****)
    3. Characters in the second, third, and fourth positions cannot be identical. (*bc#****)
    4. Characters in the sixth, seventh, and eighth positions cannot be identical. (*****234)
  9. A password can be changed voluntarily (no Help Desk assistance needed) once in a 15-day period. If needed, the Help Desk can reset the password at any time.
  10. The previous 8 passwords cannot be reused.

Sheesh. Just hand them a DNA sample and let them figure it out on their own. They think they’re pretty damn smart in Austin anyway.

(From @RooneyMcNibNug via @SwiftOnSecurity. Title adapted from H2G2.)

Comments (2)




Keep stirring

Nobody sells software anymore. What is sold is “solutions,” amalgams of the stuff you wanted and the stuff they surrounded it with, neither of which works worth a damn after combining. A recent example:

[S]tuff needs to be simple and just work. Unfortunately, no one seems to be willing or able to design a system that works with default browser settings. In particular, everyone wants to design their software to require popups. I have no idea why. But time after time I put a system out for a subset of my employees to test and I immediately get 19 people calling me back saying that it does not work, they can’t get in, etc. The typical problem is that most of this software seems to require that the browser’s popup blocker be turned off. Why in the world would you design software for a feature that 99% of browsers today have turned off by default? And worse, that require users to change a setting that only exists deep in setup menus most users don’t even know exist. I am pretty capable and it took me some poking around to find the popup options in Chrome.

Not that you can complain about it, of course:

I had a long talk today with my onboarding company trying to explain why getting rid of an hour of HR time with their software at the cost of an extra hour of IT support time for each new employee trying to access the system does not save me any freaking money.

Went right over their heads, I’d wager.

Comments




Fresh Apple bugs

I have spoken before of the Randomator, a Smart Playlist I worked up on the work box’s iTunes install, which shuffles through 10 percent of the available tracks that haven’t been played in a while, and after playing a track, replaces it with the next one in the chronological list. (Right now, songs from the third week of August are being inserted into the rotation.)

If this sounds OCD, consider that I’ve inserted manual sort codes into the lot of them, so that the Jacksons, for instance, sort out Alan, Bull Moose, Chuck, Deon, Freddie, J. J., Janet, Joe, Michael, Stonewall, and Wanda, to appear in exactly that order. Unfortunately for my neurosis, iTunes 12.0.1 occasionally ignores the sort code when it adds a fresh track to the Randomator. It’s still there — Get Info reveals it under the correct tab — but at least once a day the code is disregarded, which is how I found Lisa Loeb right under Lisa Lisa and Cult Jam instead of under Hank Locklin. I’ve run this playlist through at least five full versions of iTunes; this is the first time it’s done this to me.

Comments




The need for feigned speed

If you’ve never believed computer benchmarks in your life, well, there were very good reasons not to:

Intel has agreed to settle a class action lawsuit that claims the company “manipulated” benchmark scores in the early 2000s to make its new Pentium 4 chip seem faster than AMD’s Athlon. Intel will pay affected consumers $15 if they purchased a Pentium 4 system between November 20, 2000 and June 30, 2002. Affected systems include all systems with a Pentium 4 CPU purchased between November 20, 2000 and December 31, 2001 — and all systems with a first-gen Willamette P4 or all P4s clocked below 2GHz, between January and June 2002. The exception is Illinois — if you live in Illinois and bought a P4, too bad for you.

Is this the same AMD that invented the “Performance Rating” that they hoped you believed was the chip speed? My work box used to be a Sempron 2800+, which despite that number ambled along at a mere 2.0 GHz.

I did own a P4 for many years, though it was not purchased during the time frame involved, and it involved a slightly faster CPU — not the Willamette, but the subsequent Northwood. (I am now running an AMD chipset instead. Go figure.)

Comments (1)




Sitting in his Nowhere Land

The other day (like you should care), they bought a house that wasn’t there:

A funny thing happened yesterday: Our house ceased to exist. In fact, our entire street.

On Google Maps, I mean. Put in our address and … nothing. Clancy was trying to map out her route to work, and this complicated that greatly.

It could be worse. Imagine this:

  • House catches fire.
  • Alarm system dials 911.
  • 911 dispatch computer records the address.
  • Address is automatically looked up on Google Maps.
  • Google Maps can’t find it.
  • Emergency call is blown off, and house burns down.

And you wouldn’t have a case against Google, because how would you know the 911 crew were even using it?

Comments (2)




The POODLE bites

In fact, the POODLE chews it, and the little bastard needs to be put out of its misery.

(Title from the late Frank Zappa.)

Comments




It Fappened just that way

Francis W. Porretto gets in the final word — well, it ought to be final — on that celebrity-nude-photo business:

The “she ought to have known better” crap is exactly that: crap. The companies that promote the use of their “cloud” services are forever telling us about the depth and power of their security measures. Is a very young professional actress, highly unlikely to have been schooled in the technologies and their vulnerabilities, supposed to be more aware of the risks than the average non-technical American? If the same thing were to happen to any of her detractors, would they enjoy the degree of opprobrium that they’ve heaped upon Jennifer Lawrence? Would they feel their naivety had earned it?

And the cloud doesn’t care what its proponents say about it, either:

Besides, there are non-technical issues to be dealt with:

Let’s not neglect the other aspect of the matter: that Lawrence photographed herself in the nude so her boyfriend would have a sensuous reminder of her when the two of them were far from one another. There are “conservatives” reproaching her for that, too. Apparently that Lawrence would permit someone — someone other than themselves, that is — to see her in all her unclothed glory grates unbearably across their neo-Grundyish sensibilities.

This is approximately where someone comes in and completes the circle by saying “But she should have considered the risks involved.” Well, yeah. But life itself is a prolonged exercise in risk management. If you haven’t noticed this by now, you’re either 8 years old or you’ve been appointed to a high government post.

And the little dweebs who spent their data allotments for the month begging for download links for these pictures? Morally indistinguishable from the little dweebs who spent their data allotments for the month pirating software.

Comments (2)




Time for another Unfortunate Juxtaposition

The ad placement to the right evokes a single sentiment: “Gee, ya think?”

(Via SwiftOnSecurity.)

Comments




Who put the bömp?

Opening statistic: Iceland has only 320,000 people, about as many as Corpus Christi, Texas. That number makes this more believable:

[T]wo random Icelanders have about as much in common as second cousins, once removed, according to Dr. Kári Stefansson, CEO and co-founder of deCODE Genetics. That might sound like a lot, but accounting for the vast possibilities for genetic recombination in each generation, it really isn’t.

A consequence of this genetic similarity:

A collaborative venture between deCODE and software engineer Friðrik Skúlason, the Íslendingabók site developed as a corollary to deCODE’s genealogical research. “The reason why we have been able to lead the world in genetic research,” Kári Stefansson says, “is because we understand the structure of Iceland’s population so well.” DeCODE has an advantage over “the big guys in human genetics” because the organisation has intimate understanding of Icelandic genealogy, he says. “Our history is mapped in our DNA.”

DeCODE has attracted no small amount of international press over the years, but it is unlikely that its student app competition would have created such fervour now were it not for one of the novelty features of the winning ÍslendingaApp: the Sifjaspellspillir or “Incest Spoiler” alarm which alerts a user if the person she plans on going home with is a near relation. Using the app’s “new bömp technology,” users can tap their phones together and see how closely they are related. If the alarm has been activated — it’s turned off in default settings — it will either erupt with a discouraging siren, or issue a gleeful “No relation: go for it!” message, while a Barry White-esque voice urges you on with a subtle “Oh, Yeeeaaah.”

There are parts of the US, I am told, where an application of this sort might be useful.

(Via TYWKIWDBI.)

Comments (2)




This is not a viral marketing campaign

It’s called the Sincerity Machine, which is off-putting enough: who, pray tell, seems less sincere than the person who loudly proclaims his sincerity? And there doesn’t seem to be a touch of irony in this production:

Still, it’s a one-off: the chap is not trying to sell you this contraption, and he deserves credit for that.

(Via mental_floss.)

Comments (1)




LaserJetsam

This is the next step beyond the infamous PC LOAD LETTER:

I think I’m in love.

Comments (2)




Perhaps they’re drugged

The old online prescription refill at Target was clunky in the extreme, but it worked most of the time. And then they decided to outsource it, to an operation called PDX, Inc. It’s still clunky, but now it doesn’t work at all: since it didn’t read any existing cookies, it defaulted to filling my order at a store in Pennsylvania — except that it refused to fill my order because it didn’t like any of the prescription numbers I keyed in. Twice.

What’s more, it has a CAPTCHA.

Whatever the opposite of “I wish them well” may be, that’s what I wish.

Addendum: I whined on Twitter about this, prompting Target HQ to ask me for an email report.

Comments (11)




Downtime a-comin’

The surfer dudes who host my sites have advised that said sites will be down for at least part of Sunday evening:

We’re continuing our roll-out of Ubuntu 12.04 Precise to an additional 150 web servers this Sunday, October 12th. As we’d like to get all of our customers over to this new OS, we will be upgrading 2 batches per week. While the total estimated maintenance is 5 hours, we expect actual downtime due to the upgrade to be around 45 minutes. A large part of the maintenance window will be spent testing all of the servers post-upgrade to ensure everything is in order.

And it is indeed a new OS for them: far back as I can remember — and I’ve been there almost 13 years — they’ve been running some flavor of Debian.

Of course, the major thrill with any such announcement is the list of actual machine names to be upgraded, which includes such august designations as “augusta,” “coweta,” “king-william,” “snowstorm” and “tricia-mcmillan.”

Comments




A site old enough to vote

Still like that old-time Robert Dole? Jonathan Blake advises that the Dole/Kemp 1996 campaign Web site is still up in more or less its original format, maintained by political-history site 4President.org.

I must tell you, it looks every one of its eighteen years. (Like I should talk, right?) Still, it’s no Space Jam, as Bob Dole would tell you if you were talking to Bob Dole.

Comments (1)




Whatever it is, it’s here

News Item: As expected, Microsoft launched a new version of Windows on Tuesday two years after the troubled release of its last operating system, Windows 8. But instead of introducing the expected name, “Windows 9,” Microsoft announced it will jump to “Windows 10.”

Top Ten designations considered by Microsoft before settling on “10”:

  1. 8.2
  2. 9000
  3. Post-Millennium
  4. Seven Classic
  5. XPdited
  6. 666
  7. 640K
  8. 20-20
  9. 9X
  10. OS XI

This seems to be the actual explanation for “10.” (As always, thanks to @SwiftOnSecurity.)

Comments (3)




Beyond here lies nothing

A fairly neutral definition from Wikipedia:

A site map (or sitemap) is a list of pages of a web site accessible to crawlers or users. It can be either a document in any form used as a planning tool for Web design, or a Web page that lists the pages on a Web site, typically organized in hierarchical fashion.

Sometimes they’re complicated. (I’d hate to sit down and draw one for this place.) The consumer-information site MainStreet.com, however, seems to have boiled it down to the basics:

Sitemap for Mainstreet.com

“That is all ye know on earth, and all ye need to know,” said John Keats, while not looking at this.

Comments (3)




Eyes glued to the screen

Until such time as someone develops a portable eye-glue dissolver — and someone (else) develops a way of deploying it without being obtrusive — this may be the answer:

I was driving across a college campus this week just as the night school students were getting out of long evening classes (during which they presumably had been abstaining from texting). I had to slow my car down to walking speed to avoid accidents because the majority of pedestrians were drifting about heads down with their eyes on their glowing screens held at waist level.

Here’s an idea for a Silicon Valley start-up: an app that will freeze your smartphone screen with “LOOK UP” if you are about to get hit by a car.

Yes, it’s come to this.

Comments (3)




64-bit ambition, two-bit laziness

Evidently this chap was hoping to be told that there would be no math:

Yahoo Answers screenshot: Which computer major doesn't have Maths in it and makes a lot of money?

Five will get you ten that a year from now he’s doing WordPress installs for cheap.

Note: The original title of this was “The blind fashion designer says hi,” but as I was doing the draft save it occurred to me that, well, what if there is a blind fashion designer? And of course there is.

Comments (5)




Easier than getting it to print

First you need to know this:

“Canon Pixma wireless printers have a web interface that shows information about the printer, for example the ink levels, which allows for test pages to be printed and for the firmware to be checked for updates.”

I have something like that on one of my printers, come to think of it.

Michael Jordon, Context Information Security analyst, having pointed out the interface, then pointed out what was wrong with it:

[T]he interface doesn’t need any sort of authentication to access. Off the bat the worst anyone could do would be print off hundreds of test pages and use up all of the printer’s ink. Jordon found you could do much more, though. The interface lets you trigger the printer to update its firmware. It also lets you change where the printer looks for the firmware update.

In theory, you could create a custom firmware that spies on everything that printer prints, it can even be used as a gateway into the network it’s tied into.

To show off what he’d learned Jordon opted for something far more deadly: “I decided to get Doom running on the printer.”

Which he did. [MP4 video, no audio, 28 seconds.]

Canon is working on a fix for both current and future models.

(Via Fark.)

Comments (6)




Always running out of room

Bill Quick tosses this one at us:

Was there even a terabyte of storage in the entire world when you first got into computing? Not when I did, but that was in 1965. According to Wikipedia, when I bought my first PC in 1986, there was about three exabytes in digital storage.

There’s a terabyte (about 75 percent empty) in the home box right now, which doesn’t seem like a whole lot. Then again, I started fooling around with these contraptions with the Commodore 64, which stored 170k on a single-sided floppy. Call it six to a megabyte; then you have six million to the terabyte.

An exabyte is one million TB, and to make sure I remembered that correctly I slid over to Wikipedia, where I found probably the same page WTQ did, in which I found the following tidbit:

The content of Library of Congress is commonly estimated to hold 10 terabytes of data in all printed material. Recent estimates of the size including audio, video, and digital materials is from 3 petabytes to 20 petabytes. Therefore, one exabyte could hold a hundred thousand times the printed material, or 500 to 3,000 times all content of the Library of Congress.

Or your backup copy of Windows 10.

Comments (4)




Somewhat lacking in dash

Attack with Numbers has a subtle little piece called “The laws of shitty dashboards,” the second of which is “If it’s called ‘Dashboard,’ it’s probably shitty.”

Of course, they’re talking software dashboards, but the principle could be extended further:

Take car dashboards for example. They use vast amount of real estate to display information that is useless 99% of the time. How often do you need to know the RPM on an automatic car? Can’t you just take that stupid dial out and put something useful instead?

Then again, if you don’t have that information in the remaining 1% of the time, you’re hosed. And I look at the RPM all the time, if only to see what sort of shift points I’m using. And there’s this, for instance: the car is fully warmed up when, and only when, 70 rpm can be had below 2500 rpm, useful information of the sort you can’t count on from today’s typically wonky temperature gauges.

On the other hand, I’m definitely down with this:

They also employ UX techniques that dates from a time where the only UI component you can use was a light bulb. If that red thing is critical, can’t you tell me right away what it means?

One wants to know, after all, what the engine is doing, not what it just quit doing.

Comments (8)