Monday, August 22, 2022

How macOS tracks file metadata on non-Mac storage

No comments:
This article is based on a discussion thread on TidBITS Talk: Finding Type/Creator Tags in Old Mac Document Files.

In this thread, one reader asked how Macintosh file metadata (e.g. a file's type and creator codes) are preserved when a file is copied to non-Macintosh storage (e.g. a Windows file server or a FAT formatted hard drive). He observed that he can copy a file to a Windows server, then copy/move the file to several different locations from Windows, and then copy the file back to a Mac and the metadata is preserved.

Here is the result of my analysis.

Friday, May 27, 2022

Linkiest: 5 Classic Songs That were Ment to Be Jokes

No comments:
5 Classic Songs That were Ment to Be Jokes
By Don McMullen

Certain songs over the years were written to be joke but not exactly a novelty either. However too many people can’t see the jokes or the satire in those songs either because the audience eats it up and is into what the artists are mocking or even getting back at someone else or mocking a certain product or whatever. Regardless here a short list of classic songs that were meant to be jokes but were taken seriously enough to be hits in their own right.

A fun read. And you'll never hear these songs in the same way again.

h/t The Bongino Report

Wednesday, March 23, 2022

Don't believe the news

No comments:

Mallard Fillmore comic: March 23, 2022

Transcript (in case the image goes off-line in the future):

Mallard is watching TV, which is saying:

Coming up... We'll consult our panel of experts who've been proven dead wrong about every international conflict for the past two decades but are definitely NOT wrong about this one.

Monday, March 21, 2022

Healthline: Why Ditching Daylight Saving Time Would Be Healthier for Everyone

No comments:
Why Ditching Daylight Saving Time Would Be Healthier for Everyone
Written by Nancy Schimelpfening, MS on March 14, 2022. Fact checked by Jennifer Chesak

  • Each spring, people in the U.S. shift their clocks forward by 1 hour for daylight saving time.
  • Scientists say this long-standing practice may actually be detrimental to our health and safety.
  • Daylight saving time can disrupt our circadian rhythms, making us less alert and prone to illness or accident.
  • Many sleep experts are calling for it to be abolished.
  • In the meantime, a gradual shift in sleep schedule leading up to the time change may help minimize the effects.

I have been complaining about Daylight Saving time for as long as I can remember. It's good to learn that there is actually some science to back up my annual rants.

Friday, February 25, 2022

Comic and a bit of philosophy

No comments:
Saturday Morning Breakfast Cereal for Friday, February 25, 2022
  • How do you stop being jealous of other people?
  • The key is to always do what is true to you. Find your highest ideal and pursue it.
    Then, when other people have more success, you can recast your failure as a heroic struggle for purity or beauty or whatever.

This comic, which portrays a very cynical view of the world (a common feature of comics by its author), calls to mind a very famous quote from the Talmud (Pirkei Avot, aka "Ethics of the Fathers", Chapter 4, mishna 1):

Wednesday, February 23, 2022

Computer Weekly: Backups ‘no longer effective’ for stopping ransomware attacks

No comments:
Backups ‘no longer effective’ for stopping ransomware attacks
By Alex Scroxton. 23 Feb 2022 14:00

Data collated from Venafi’s worldwide survey of IT and security decision-makers reveal that 83% of successful ransomware attacks now involve alternative extortion methods – for example, using stolen data to extort customers (38%), leaking data to the dark web (35%), and informing customers that their data has been compromised (32%). A mere 17% of attacks merely ask for money for a decryption key.
Venafi also found that cyber criminals are increasingly following through on their threats whether or not they get paid. Indeed, 18% of victims had their data leaked despite paying, while more than the 16% who refused outright to pay anything and had their data leaked. Some 8% refused outright, but then had their customers extorted; and 35% paid, but were left hanging, unable to retrieve their data.

In other words, if you are victim of a ransomware attack, you're screwed no matter what you do. Even if you pay up, there's a good chance you won't get your data back and your confidential data may still be published.

So, (desptie the article's headline), the best you can hope for is to get yourself operational by restoring from a backup (be sure to retain several, in case your most recent one was corrupted by the attack), and don't pay the ransom.

Wednesday, October 06, 2021

SMBC: Love Modeling

No comments:
I'm a regular reader of Saturday Morning Breakfast Cereal, a very strange comic that has a lot of geek-appeal.

Today's comic is particularly amusing. I won't embed the image here, because of copyright, but please click through and read it.

The interesting part is that this has been demonstrated. Back in the 60's, researchers at MIT created ELIZA, a program that can (among other things) simulate a psychotherapy session. It mostly works by parroting back whatever the human user says, with occasional non-specific questions and statements. It is nothing close to AI, but it is nevertheless convincing to quite a lot of people, including many who understand software enough to know better.

Tuesday, October 05, 2021

The UN's two-faced policies

No comments:
This morning, I heard about this incredible news:
43 countries pledge to combat antisemitism at UNHRC session

Statement led by Austria, Czech Republic and Slovakia in coordination with World Jewish Congress

At least 43 countries signed a statement pledging to combat antisemitism that was issued at the 48th session of the United Nations Human Rights Council (UNHRC) in Geneva on Monday.

The statement was led by Austria, the Czech Republic and Slovakia with the coordination of the World Jewish Congress.

Austrian Foreign Minister Alexander Schallenberg warned of the dangers of antisemitism in a video statement, saying that "we will remain steadfast in our pledge, never again."

Which was a very welcome surprise. Then I saw the following article, posted only a few hours later:

UN Cuts Off UN Watch Director for Highlighting UNRWA Antisemitism
Aaron Bandler.

The United Nations Human Rights Council (UNHRC) cut off UN Watch Executive Director Hillel Neuer as he was highlighting antisemitic social media posts from various United Nations Relief and Works Agency for Palestine Refugees in the Near East (UNRWA).

Speaking virtually at the October 2 UNHRC session, Neuer cited UN Watch’s recent report about two UNRWA teachers in the Gaza Strip, one who posted an Adolf Hitler video to Facebook “with quotes to ‘enrich and enlighten your minds’” and another who posted “conspiracy theories” about Jews controlling the world, starting the COVID-19 pandemic aiming “to destroy Islam.” At that point, UNHRC President Nazhat Shameem Khan cut off Neuer’s video feed, accusing Neuer of making “insulting and inflammatory remarks.”

So, apparently, the Human Rights Council opposes Jew hatred, but not when it's coming from other UN agencies. Why am I not the least bit surprised?

Wednesday, September 22, 2021

Netflix acquires Roald Dahl's estate

No comments:
Netflix Acquires Prominent Anti-Semite’s Estate, Announces Epic Content Dump
Andrew Stiles • September 22, 2021 6:30 pm

Netflix, a media conglomerate with ties to former president Barack Obama, announced on Wednesday its acquisition of British author Roald Dahl's estate and promised to produce "a unique universe across animated and live action films and TV, publishing, games, immersive experiences, live theatre, consumer products and more."

In addition to authoring such classics as Matilda and Charlie and the Chocolate Factory, Dahl was a virulent anti-Semite who would have already been ruthlessly canceled by woke scolds if his bigotry had been directed at any other vulnerable minority.

I completely understand the desire to censor all of Dahl's work from history because of his anti-semitism.

On the other hand, with Netflix buying Dahl's estate, I no longer feel uncomfortable buying his famous children's books because the money will no longer be going to his family (which seems to have taken a conspicuously long time to publicly disagree with Roald's statements).

Of course, I don't approve of Netflix's politics very much either, but that's another discussion.

Tuesday, August 24, 2021

Naked Security: How a gaming mouse can get you Windows superpowers!

No comments:
How a gaming mouse can get you Windows superpowers!
By Paul Ducklin,

What if you’re a gamer who wants to be a sysadmin? On someone else’s computer?

Well, apparently, until last week at least, gamer-centric mice and keyboards from popular vendor Razer could help you to do just that.

  • You plug in a Razer gaming mouse for the first time.
  • Windows detects that this device type has special software and drivers that will make it work Even Better than a regular mouse.
  • Windows finds Razer’s official addons in the Windows Update cloud.
  • Windows downloads and launches the offical addons so you don’t have to.
  • The Razer app helpfully ends with a clickable directory name, showing you what ended up where in the installation process.

The problem in this case is the point at which Razer’s app helpfully displays the name of the software installation directory at the end, even though it doesn’t need to.

That’s an active link in Razer’s app, so you can right-click on it and view the directory in File Explorer.

Then, once you’re in Explorer, you can do a Shift-and-right-click and use the handy option Open PowerShell window here, giving you a command-line alternative to the existing Explorer window.

But that PowerShell prompt was spawned from the Explorer process, which was spawned from Razer’s installer, which was spawned by the automatic device installer process in Windows itself…

..which was running under the all-powerful NT AUTHORITY\SYSTEM account, usually referred to as NTSYSTEM or just System for short.

So the PowerShell window is now running as System too, which means you have almost complete control over the files, memory, processes, devices, services, kernel drivers and configuration of the computer.

Wow. A chain of good intentions all leading to an exploitable system vulnerability. I realize that Razer has (or will soon) fix this bug in their driver installation tool, but it seems to me that Microsoft should do something to prevent this from being possible in the future. Maybe do something so an installer trying to open a URL (or an Explorer process) does so at the user's normal privilege level instead of at the driver installer's level (which, of course, needs to be at a higher level in order to perform the installation).