Archive for PEBKAC

Contempt for one’s users

It’s hard, I believe, to work up more contempt than this:

Lenovo is selling computers that come preinstalled with adware that hijacks encrypted Web sessions and may make users vulnerable to HTTPS man-in-the-middle attacks that are trivial for attackers to carry out, security researchers said.

The critical threat is present on Lenovo PCs that have adware from a company called Superfish installed. As unsavory as many people find software that injects ads into Web pages, there’s something much more nefarious about the Superfish package. It installs a self-signed root HTTPS certificate that can intercept encrypted traffic for every website a user visits. When a user visits an HTTPS site, the site certificate is signed and controlled by Superfish and falsely represents itself as the official website certificate.

But that’s merely heinous and reprehensible. From there, it gets worse:

Even worse, the private encryption key accompanying the Superfish-signed Transport Layer Security certificate appears to be the same for every Lenovo machine. Attackers may be able to use the key to certify imposter HTTPS websites that masquerade as Bank of America, Google, or any other secure destination on the Internet. Under such a scenario, PCs that have the Superfish root certificate installed will fail to flag the sites as forgeries — a failure that completely undermines the reason HTTPS protections exist in the first place.

So Lenovo bows its head, quietly admits to not having thought this through, and regrets its actions, right? Wrong:

The company this morning issued an oddly tone-deaf statement addressing the controversy with equal parts innocence and chutzpah. The Superfish software, Lenovo says, was “to help customers potentially discover interesting products while shopping” — apparently by throwing up related ads while visiting encrypted retail sites, which would otherwise be invisible to the adware.

This might sound like garden-variety horse manure, but Lenovo doubles down with the claim that this purported consumer benefit was the primary reason for installing Superfish on its laptops. It wasn’t — as cynics might suspect — about the cash at all! Well, not much, anyway.

“The relationship with Superfish is not financially significant,” the statement says. “Our goal was to enhance the experience for users. We recognize that the software did not meet that goal and have acted quickly and decisively.”

“Throwing up related ads.” The users I know would throw up a hell of a lot more than that if you inflict crapware — excuse me, “potentially unwanted programs,” as the antivirus guys say — upon them. The idea that someone might actually want that crap is so utterly improbable that one almost suspects it came from Washington.

Meanwhile:

A sprint over there with a Dell produces “Untrusted Connection,” exactly as it should.

Comments (2)




iWheels

Yours truly, mid-2006:

[B]y now everybody knows the joke about how if Microsoft built cars, they would run only on MS-GAS, and they would crash twice a day for no apparent reason.

(We will not discuss Bill Gates’ desire to reinvent the toilet.)

Now, all of a sudden, everyone is talking Apple as carmaker, presumably as rival to Google, and this is the new joke:

Windows vs. Apple cars

At least you can replace the battery on the Windowsmobile.

Comments (2)




Always be careful where you stick it

You never know when something like this may pop up:

I have no idea what the words outside the dialog box mean, but I suspect a Blue Screen of Death is either imminent or present.

Comments (1)




This much, and no more

What the hell kind of deal is this?

I live in a town where there is a “cap” on Internet users. The limit was reached about 6 yrs ago and unless someone cancels there’s you can’t get it. There’s a long list of people waiting, hundreds, so I don’t think I’ll ever be able to get it. Some of my neighbors have it and have agreed to split the bill and share it. There is about 200ft of thick pine trees between all houses. What are my options here? Dish Internet is a joke so please don’t recommend that. I know sharing the Internet is frowned upon but it’s 2015 and the Internet service providers are dragging their feet.

Yeah, well, that’s what ISPs do.

Still, you have to figure that whoever negotiated this franchise deal for the municipality had to have been way out of his depth — or that the ISP is substantially less competent than average. Or maybe both.

Comments (3)




Fifty strings of text

I am legendarily impatient with my own fiction, which always seems to need emergency rewrites, but I can’t much argue with this premise either:

Amid the Fifty Shades of Grey movie hooplah maybe you’ve found yourself grumbling, “I could’ve written that book.” Sure, maybe, but it’s not just you — there’s a text generator out there right now that does a pretty damn near perfect impersonation of the series.

This is the generator. How does it work so freaking well? The programmer explains:

Fifty Shades is especially good for the reasons it seems to be loathed: like most romance, it’s predictable and repetitive, especially the love scenes, and it has a lot of literary quirks that convey authenticity. For example, Ana’s tendency to say “Holy shit!” and “Jeez,” Christian’s grey eyes, and Ana’s “inner goddess.”

You could definitely portray another small scene like this — say Cinderella with her sisters — but nothing larger. The reason my code is able to generate fairly believable text is that it’s so limited in scope. I was able to hand-tune the adjectives and phrases until it felt just right. That’s not possible at scale.

On the upside, if literary quirks really do convey authenticity, I might be able to pass off some of my stuff as memoir.

Comments (1)




Folks, we got a live one

I just wonder if he’s ever seen Pete’s Dragon:

Yahoo Answers screenshot: How to intercept texts

If your immediate response is “Say what?” be assured that he “knows” what he’s talking about:

I’ve seen it in movies and I know it’s a real thing. I Really want to know how to intercept texts. I know you can download stuff online for it but I have a chrome book so I cant. My do have Linux though so does anyone know how to intercept texts from an iPhone. Please make it step by step

Emphasis added, though really it was hardly necessary.

Comments (3)




Version 19.8.41

If you were already somewhat miffed by the blithe assumption by Samsung that you’d keep your mouth shut in front of their Smart TVs, miffage is now intensified:

After Samsung calmed us all down, users of smart TV app Plex noticed a Pepsi commercial playing in the middle of content streamed from their own media server within the house. Plex simplifies using your home computer as a media server for smart TVs, streaming devices, tablets, phones, and game consoles. It is not supposed to inject ads in the middle of the program you’re enjoying. Yet that’s what users report happening: Pepsi ads pop up during shows streamed to their sets using Plex.

A spokesperson for Plex told GigaOm that they weren’t adding ads to users’ video streams. Users reported Pepsi ads interjected in other programs while playing programs directly on the TV from their computer, so the app wasn’t serving up the ads. This was caused by the TV, and only users of Samsung smart TVs have reported it.

Q. E. Farking D.

Temperature of hell when you buy a Samsung Smart TV:

  1. 32 °F
  2. 0 °F
  3. -40 °F
  4. 0 °K

Surely no good can come of schemes like this, even if you like Pepsi.

Comments (6)




Version 19.8.4

An excerpt from the Samsung Smart TV privacy policy:

Excerpt from Samsung Smart TV instructions

An excerpt from a popular novel:

Excerpt from George Orwell's Nineteen Eighty-Four

There’s a lot to be said for “dumb” hardware.

(Compiled by Parker Higgins.)

Comments (2)




Welcome to karma

It was all I could do to keep from spewing BWAHAHAHAHAHAH! all over the answer box:

Yahoo Answers screenshot: Downloaded the golf club off of piratebay.sx and it was a codex if thats any help but when i open the game it opens the steam store?

Thieves complaining about the merchandise they stole. Sheesh.

As we say in CL: CALL CURLIB/GALL *MITIGATE=NO.

Comments




Romantic illusions made simple

Yours truly, from November 2013:

It is said that you will be perceived as much more desirable if you are perceived as taken. I’ve never noticed any such thing, but then it’s been rather a long time — about half a lifetime — since I’ve been taken.

At the time, there was the announcement of an app that would create that perception. That app is now a reality:

Invisible Girlfriend and Invisible Boyfriend offer one way of dealing with this situation. The apps promise to “give you real-world and social proof that you’re in a relationship — even if you’re not — so you can get back to living life on your own terms.” Plainly put, these apps, created by Matthew Homann and Kyle Tabor, help you lie about being in a relationship by providing believable social proof of significant others in the form of crowdsourced selfies, text messages, voice mails and even written notes.

If you’re already horrified, this may not change your mind:

Having an imaginary relationship can be a lot easier than explaining why you’re not in a real one. I’ve lost count of how many times I’ve had to explain to bosses and friends why I’m not bringing a date to weddings, parties, company picnics and holiday events.

It’s not like I don’t want to find true love. But I have stuff to do. I like my freedom. I want to be in charge of the TV. My dog is usually first priority. And well, dating is a lot of work. I’m cool with being single. But after a while, it gets tiring to tell your mom that grandkids won’t be happening soon or ask your well-meaning friends to stop setting you up on blind dates with their newly divorced pals or friends who clearly just want a casual bed buddy. Sometimes white lies make everyone involved a little happier than the truth does.

There is a survey on that page — “Would you ever date an imaginary girlfriend/boyfriend?” — and as of last night, only 6 percent of respondents said they would. Then again, this is 5 percent higher than it was in the first hour after that report was published. (Disclosure: I follow author Bonnie Burton — @bonniegrrl — on Twitter, and she tweeted it the moment it went up.) Seventy-five percent said No, and I’m pretty sure at least some of them really mean it.

Comments (1)




All about that search

Yesterday, I was looking up something in Alaska, and before I ever got to the second A, this is what was thrown up on screen:

Screenshot from Google Instant Preview

Remind me to have a word with one of their staff Trainors.

Comments (1)




Not the best approach

Obviously I’m not the only person who gets spam. I usually don’t reply to it, though:

Then again, her initial reaction was less kindly:

Stabbiness is not an uncommon reaction to particularly noxious spammage.

Comments (1)




If you see this person, block him

He’s the one asking questions like this:

Yahoo Answers screenshot: Why is Twitter saying this?

And by “this,” he means this:

I literally just went to log in my Twitter account. When I logged in it said:

“Something is technically wrong.

Thanks for noticing — we’re going to fix it up and have things back to normal soon.”

Why is it saying that?

Because something was technically wrong.

I guess he was afraid to take it, um, literally.

Comments (3)




It’s all about keyboard feel

For the touch-typists among us, there is a little raised section on the F and J keys, so you’ll always know where your home row is. (Those of us who never learned to type that way and still worked up a modicum of speed, well, we pay no attention to it.) But that’s only two keys. What if you could distinguish every key by feel? If this is your desire, Michael Roopenian has something for you: wood-grained key tops, sliced from actual wood, with a distinct grain pattern on each key.

Okay, maybe not for you. This is available only for Apple wired keyboards with the integral keypad, and for two different Apple wireless keyboards. And I suspect it’s probably cumbersome to install. But you get a whole new set of tactile sensations, and the distinction of clicking away on a genuine, if quotidian, objet d’art.

(Via Pergelator.)

Comments




Traveling country breacher

The Oklahoman has been moving this week, to their new downtown digs in the old Century Center. This unexpected email notification almost certainly has nothing whatever to do with the move:

Dear Subscriber,

We have detected an unauthorized attempt to extract logins and passwords from our digital registration system. While we can’t confirm that your email and password were compromised, no access to your financial information occurred nor did this create an exposure for The Oklahoman systems. However, if you use this combination of email and password for other sites, we recommend you update your password on these sites to avoid any potential risks. If you used your Facebook credentials to login to Oklahoman.com, we can assure you that your Facebook information has not been compromised.

Which is better, I must admit, than getting a notice that my credentials had been compromised. And no, I don’t use that particular password anywhere else.

Addendum: This statement also appears on page 2A of the Thursday edition.

Comments (2)




And the singer sang her song

Nu metal, perhaps?

Earth and the stillness broken by reply
Through the night tide I lie down in the sky
Beyond the waves wipe out the joyous light
And dancing in the power of the night
Want things to go before it is too late
Night tide I lie here in this world of hate
Away like the mist of the desolate
I’ll show you all the world is full of hate

Not the beginning or the end: that section came out of the middle. And I can see someone screaming this into a microphone, maybe, though whether I want to hear someone screaming this into a microphone is another matter entirely.

Anyway, the poet apparently did not intend this to be a song:

We’ve seen (and heard) worse, believe me.

Comments




Convenience for all, like it or not

The IBM Model M keyboard on my desk has been on said desk more or less continuously — there was a brief period when I took it out of service because I thought I’d ruined it, only to discover that it was stronger than my stupidity — since my very first “PC Clone” in 1991, a wondrous little XT-compatible box running off an NEC V30 CPU at a startling 10 MHz. In the two dozen years since then, I’ve never once considered moving to a wireless keyboard, and apparently it’s just as well that I haven’t:

If you use a wireless keyboard you may be broadcasting everything you type to hackers — from passwords to credit cards numbers and private emails — as a researcher shows how a homemade bugging device can be made for just £6.

The creator of the listening device — who has also built a predatory drone which chases and hacks into other drones — has posted a list of components, instructions and source code online to allow anyone to make their own.

Samy Kamkar built the “KeySweeper” after discovering that Microsoft’s wireless keyboards sent keystrokes to PCs in a way that could be easily intercepted.

The tiny device cost just a few pounds to create and looks exactly like a USB charger that is shipped with any number of phones and other devices.

Ah, the charms of obsolete hardware — and, I suppose, software, since I didn’t actually move to Windows 7 until right before Microsoft took XP out behind the woodshed and shot it, and Windows 10 is now imminent.

(Via Bayou Renaissance Man.)

Comments (6)




Waiting for .gresham

The .click top-level domain is perfectly legitimate and open to all:

The reason .CLICK is such an attractive choice for a TLD is because it encompasses a highly used Internet buzzword, increasing memorability and functionality. But, because “click” also has a multitude of positive meanings, from getting along, to fitting together, is [sic] also works to create positive associations. This TLD is an open registry, meaning any individual, group, or business may register a .CLICK domain, making this extension choice flexible, memorable, unique, and marketable.

I have yet to see an actual .click site, though links to several of them have already shown up in my spam trap, substantially diminishing my “positive associations.”

Comments




Just Gopher it

There was an awful lot of Internet to be had before the World Wide Web, which dates to the early Nineties. But using it wasn’t the slightest bit intuitive, since everything needed either a properly configured terminal, a gateway from some online service, or a dedicated client. (That said, you can still get Gopher plugins for some Web browsers.)

One could argue that today’s wild and woolly Web is a step down from those halcyon days, and such an argument might begin this way:

The Internet has proven itself to be a place where any idiot can post anything he wants (I mean, look at this blog), and some other idiot will find it and agree with him. I long for a day that may never have existed in the first place, where the Internet was simply a repository of scholarly information about legitimate subjects. I look at the purity and innocence and wonderment with which my son has discovered it, and I remember my first internet searches in the library of Dublin Scioto High School in 1995. It was like finding the world’s greatest microfiche catalog.

Of course, in 1995, the Web had started to catch on, um, world-wide, a process that wasn’t even slightly accelerated by the opening of this site the following year. And, well, there were other factors:

Of course, being that I was seventeen years old in that library in 1995, my first web search ever was for “Pamela Anderson.” I then waited approximately ten minutes for a picture of her in that legendary red Baywatch bikini to load on my screen. It was a glorious day.

I may as well admit that I snagged a few pictures — GIF, of course, — from the barely raunchy Go Graphics forum on CompuServe, almost a decade earlier.

Which, in the end, proves that just having access to an encyclopedia won’t make anybody smarter. Teenaged boys will still look at pictures of girls in bikinis (or less). Old maids will still take pictures of cats. Twentysomethings living in their parents’ basements will still find ways to play RPGs. The Internet has just allowed us to be who we already were on a much grander scale. It hasn’t changed us. It’s magnified us.

Sometimes I think it’s engulfed us.

Comments




Is this a trick question?

It’s certainly baffled this guy:

Yahoo Answers screenshot: If I hold three digits up, how many are not pointed up with all my digits? This is a security question for fishtanktv.com and I cant answer

For what it’s worth, I’m holding up one digit.

Comments




Some kind of magic

Charles Pergiel sent this over from a Chromebook forum, and the truth of it hurts just a little:

I remember my early days with computers, asking a question of the developers of a fairly large (for 1980) piece of IBM mainframe software, and their response was “*We don’t know*.” At the time, I found this unbelievable — *you guys wrote it; why don’t you know how it works!?*”

Things have gotten more complicated by orders of magnitude since then, and sometimes the only reasonable answer is “We don’t know.”

I was working on an IBM mainframe in those days, and I can assure you that this wasn’t at all a unique situation: a lot of legacy stuff outlived its original developer, and subsequent developers opted, quite reasonably, to leave well enough alone.

Comments (2)




Meanwhile at your state healthcare exchange

Dave Schuler, who’s been working on exactly this sort of stuff of late, makes an unexpected disclosure:

There is apparently a known way to build a state healthcare insurance exchange website that flops: do it yourself. That’s what Oregon did. All of the states’ healthcare insurance exchanges that worked the best were apparently built by the technical wing of the same accounting company.

What could possibly be more unexpected than that? This:

[A] plurality of the states’ exchanges were built using WordPress.

Note that he’s not saying that the exchange sites that worked the best were the ones built on WordPress.

I pulled up one state at random: Rhode Island. Sure looks like WP, though they have a cloud-based backend.

Comments




A new lease on life

Microsoft Office 97, says Wikipedia, was born on 19 November 1996. Will it ever die? Redmond says it already has. Users, not so much:

We celebrated my dad’s 79th birthday Sunday.

Recently, his computer began acting flaky and my brother found him a new laptop to use. We just needed to find Microsoft Office for him to finish the transition.

New Office 2013 licensing is, of course, a pain in the epiglottis. What to do?

Fortunately, he saves stuff. Like the Office 97 CD and brick of a manual from back in the 20th century. And it loaded fine.

The road goes ever on. (And so, apparently, does Clippy.)

Comments (3)




Importuning the Googlebot

Sent to the help desk in just this side of despair:

Why is help chat unavailable? How do I turn off the blinking (that’s a euphemism) touchpad? How do I correct spelling errors? Nevermind, a mouse will fix that. Why isn’t touchpad in the dictionary? But that is all incidental to main issue. Why aren’t local files automatically uploaded to the net? And did you really download all of my documents from the net to my Chromebook? By the way I plugged the charger into an adapter and plugged that into the wall and I was rewarded with a big fat spark. I suspect the charger is toast, but I am loath to try it in case something worse happens. BA is a big city, but I am afraid finding a replacement charger is liable to take all my available time and cash. P.S. I was going to say chromebook isn’t in the dictionary, but it was only the lower case ‘C’ that was clamoring for attention. And why do I think adaptor should be spelled with an ‘O’?

BA, incidentally, denotes Buenos Aires, not Broken Arrow.

The result:

Update: A Google-bot called me back immediately after I sent my message, only to tell me that my wait time would be 30 minutes. Are you kidding me? I am going to hang on hold for half an hour waiting to talk to someone about something simple? Well, thanks but no. I will figure this out on my own.

This is the new standard for customer service: get on it right away, and then cough up the answer at about the time you probably would have gotten to it anyway.

Comments




Upgrading Detroit

The last time we checked in on Detroit’s computer system, we were snorting at the demand for $800k in Bitcoin by some hackish types who’d hoisted a city database; Detroit clearly didn’t have $800k to spare, in Bitcoin or any other currency you can name, but they didn’t need the database anyway, so they blithely blew off the extortionists.

This welcome bit of redundancy notwithstanding, we can’t really say that Detroit’s in good shape, computing-wise. Chief Information Officer Beth Niblock certainly won’t:

More than 80 percent of the city’s 5,500 computers are more than five years old, and 85 percent are equipped with Windows XP, an operating system that “by virtue of its age, is far from top of the line,” she wrote. Microsoft doesn’t even support XP anymore, and the city has been using a version of Microsoft Office that’s a decade old.

On top of that, the city has “serious” problems with the “resilience of its network,” she wrote, saying Detroit’s deficient network connections don’t allow employees to complete basic daily functions, such as accessing email. Employees can’t sync daily calendars to their smartphones.

I’m guessing it’s Office 2003 deployed to those Detroit computers, and support was pulled for that version about the same time support was pulled for XP.

Still, this isn’t the worst tech failure in Hockeytown, not by a long shot:

Chuck Moore, a consultant for the city, described one fire station’s Rube Goldberg machine in September during testimony in Detroit’s bankruptcy trial: When an emergency alert comes in, a fax machine is triggered. This shoots out a piece of paper, which knocks over a soda can full of change, notifying those at the station of the situation. At another station, a fax comes in and bumps a door hinge, which pulls a wire and rings a doorbell.

On the upside, they’re at least getting some use out of those fax machines, which are probably older than Windows XP.

(Via Hit Coffee.)

Comments




Two steps below the script kiddie

Is there a good reason why this guy shouldn’t be taken out behind the woodshed and put out of his misery?

Yahoo Answers screenshot: So I am pinging an IP Address but it seems like the site won't crash

Get this:

I am pinging a website to crash it, not a big website. But a small one. I opened 4 CMD windows using a batch file then sent a ping request like this: ping [IP ADDRESS] -t -l 65500

It is sending and responding. It has been 15 minutes and it seems to me like the site has not crashed yet. It is working fine with the same speed. The time ranges between 64ms and 167ms, and it is very random. Do I have to wait longer, can someone teach me another way to crash this website (my friends website). How long will it take, Help! Lol!

A ping constitutes a whole 32 bytes; it’s going to take a whole lot more than 2,620,000 pings (8.3 MB) to bring down his soon-to-be-ex-friend’s website.

I suggest we dig up his IP address and turn it over to the North Koreans.

Comments




Axe it anything

Sometimes it’s not always obvious where Apple should be going with a product line. And this is where the user base stands tall:

Of course, as an Apple accessory, it won’t be cheap, but so what else is new?

Comments (5)




Not one viewer more

For some time now, “Gangnam Style” by PSY has been the most-viewed video on all of YouTube. Now lesser-viewed videos — which is all of them — tend to run into difficulty after 301 views:

After a video reaches a certain number of views … YouTube tells the database to freeze the view count until YouTube can manually verify the correct count to protect against botting attempts — using automated computer processes to artificially inflate the number of views. YouTube view counts are initially tracked by servers near the end user. By looking at reports from these individual servers, YouTube engineers can detect suspicious patterns in the data.

“At some point the decision was made that we need to draw a line between what is innocuous and the database can handle and all of a sudden serious business … The proportion was calculated to be at about 300.”

So why 301? Blame it on one YouTube programmer’s errant less-than-or-equal-to sign. The code tells the database to keep counting views up to and including the time when the count is equal to 300, allowing one final view to get counted before it freezes.

At the other end of the spectrum, there’s PSY:

We never thought a video would be watched in numbers greater than a 32-bit integer (=2,147,483,647 views), but that was before we met PSY. “Gangnam Style” has been viewed so many times we had to upgrade to a 64-bit integer (9,223,372,036,854,775,808)!

Incidentally, since YouTube made this announcement (Monday), there have been six million more views.

Comments (2)




Stuck in the sticks

From the “There must be something someone can do about this” files:

Yahoo Answers screenshot: ISP is charging a ridiculous amount for my internet what can I do?

My dad is paying $45/mo for 1 Mbps… Tier 2 speed is 2 Mbps at $49.99, tier 3 is 3 Mbps at 59.99, tier 5 is 5 Mbps at $135, and tier 6 is 6 Mbps at ******* $190.00!!!! I live in a rural area and this is pretty much the only ISP around. Is there anything I could do other than having to move or switch to satellite? Because this is so unfair, there should be laws against this. This is a monopoly so they have no reason to upgrade their infrastructure.

If there exists anywhere on earth an ISP that is undercharging, we’d certainly like to know about it.

In the meantime, if it’s truly a ridiculous amount, the least we can do is to ridicule it. (Fairness, of course, is not a factor, as it usually isn’t.)

Comments (6)




Broke into the wrong database, didn’t you?

This isn’t technically funny, yet the laughs will not subside:

Hackers seized a database from the City of Detroit earlier this year before unsuccessfully demanding $800,000 in Bitcoin.

The failed extortion attempt back in April was disclosed by Detroit mayor Mike Duggan at the North American International Cyber Summit conference on Monday.

The stolen database wasn’t needed by the cash-strapped city so the ransom was never paid, according to local reports.

I mean, really. Extorting money from Detroit, of all places? You’d have better luck trying to sell snow shovels in San Diego.

(Via @SwiftOnSecurity. Of course.)

Comments (1)