Wednesday, March 23, 2022

Don't believe the news

No comments:

Mallard Fillmore comic: March 23, 2022

Transcript (in case the image goes off-line in the future):

Mallard is watching TV, which is saying:

Coming up... We'll consult our panel of experts who've been proven dead wrong about every international conflict for the past two decades but are definitely NOT wrong about this one.

Monday, March 21, 2022

Healthline: Why Ditching Daylight Saving Time Would Be Healthier for Everyone

No comments:
Why Ditching Daylight Saving Time Would Be Healthier for Everyone
Written by Nancy Schimelpfening, MS on March 14, 2022. Fact checked by Jennifer Chesak

  • Each spring, people in the U.S. shift their clocks forward by 1 hour for daylight saving time.
  • Scientists say this long-standing practice may actually be detrimental to our health and safety.
  • Daylight saving time can disrupt our circadian rhythms, making us less alert and prone to illness or accident.
  • Many sleep experts are calling for it to be abolished.
  • In the meantime, a gradual shift in sleep schedule leading up to the time change may help minimize the effects.

I have been complaining about Daylight Saving time for as long as I can remember. It's good to learn that there is actually some science to back up my annual rants.

Friday, February 25, 2022

Comic and a bit of philosophy

No comments:
Saturday Morning Breakfast Cereal for Friday, February 25, 2022
  • How do you stop being jealous of other people?
  • The key is to always do what is true to you. Find your highest ideal and pursue it.
    Then, when other people have more success, you can recast your failure as a heroic struggle for purity or beauty or whatever.

This comic, which portrays a very cynical view of the world (a common feature of comics by its author), calls to mind a very famous quote from the Talmud (Pirkei Avot, aka "Ethics of the Fathers", Chapter 4, mishna 1):

Wednesday, February 23, 2022

Computer Weekly: Backups ‘no longer effective’ for stopping ransomware attacks

No comments:
Backups ‘no longer effective’ for stopping ransomware attacks
By Alex Scroxton. 23 Feb 2022 14:00

...
Data collated from Venafi’s worldwide survey of IT and security decision-makers reveal that 83% of successful ransomware attacks now involve alternative extortion methods – for example, using stolen data to extort customers (38%), leaking data to the dark web (35%), and informing customers that their data has been compromised (32%). A mere 17% of attacks merely ask for money for a decryption key.
...
Venafi also found that cyber criminals are increasingly following through on their threats whether or not they get paid. Indeed, 18% of victims had their data leaked despite paying, while more than the 16% who refused outright to pay anything and had their data leaked. Some 8% refused outright, but then had their customers extorted; and 35% paid, but were left hanging, unable to retrieve their data.

In other words, if you are victim of a ransomware attack, you're screwed no matter what you do. Even if you pay up, there's a good chance you won't get your data back and your confidential data may still be published.

So, (desptie the article's headline), the best you can hope for is to get yourself operational by restoring from a backup (be sure to retain several, in case your most recent one was corrupted by the attack), and don't pay the ransom.

Wednesday, October 06, 2021

SMBC: Love Modeling

No comments:
I'm a regular reader of Saturday Morning Breakfast Cereal, a very strange comic that has a lot of geek-appeal.

Today's comic is particularly amusing. I won't embed the image here, because of copyright, but please click through and read it.

The interesting part is that this has been demonstrated. Back in the 60's, researchers at MIT created ELIZA, a program that can (among other things) simulate a psychotherapy session. It mostly works by parroting back whatever the human user says, with occasional non-specific questions and statements. It is nothing close to AI, but it is nevertheless convincing to quite a lot of people, including many who understand software enough to know better.

Tuesday, October 05, 2021

The UN's two-faced policies

No comments:
This morning, I heard about this incredible news:
43 countries pledge to combat antisemitism at UNHRC session
i24NEWS.

Statement led by Austria, Czech Republic and Slovakia in coordination with World Jewish Congress

At least 43 countries signed a statement pledging to combat antisemitism that was issued at the 48th session of the United Nations Human Rights Council (UNHRC) in Geneva on Monday.

The statement was led by Austria, the Czech Republic and Slovakia with the coordination of the World Jewish Congress.

Austrian Foreign Minister Alexander Schallenberg warned of the dangers of antisemitism in a video statement, saying that "we will remain steadfast in our pledge, never again."

Which was a very welcome surprise. Then I saw the following article, posted only a few hours later:

UN Cuts Off UN Watch Director for Highlighting UNRWA Antisemitism
Aaron Bandler.

The United Nations Human Rights Council (UNHRC) cut off UN Watch Executive Director Hillel Neuer as he was highlighting antisemitic social media posts from various United Nations Relief and Works Agency for Palestine Refugees in the Near East (UNRWA).

Speaking virtually at the October 2 UNHRC session, Neuer cited UN Watch’s recent report about two UNRWA teachers in the Gaza Strip, one who posted an Adolf Hitler video to Facebook “with quotes to ‘enrich and enlighten your minds’” and another who posted “conspiracy theories” about Jews controlling the world, starting the COVID-19 pandemic aiming “to destroy Islam.” At that point, UNHRC President Nazhat Shameem Khan cut off Neuer’s video feed, accusing Neuer of making “insulting and inflammatory remarks.”

So, apparently, the Human Rights Council opposes Jew hatred, but not when it's coming from other UN agencies. Why am I not the least bit surprised?

Wednesday, September 22, 2021

Netflix acquires Roald Dahl's estate

No comments:
Netflix Acquires Prominent Anti-Semite’s Estate, Announces Epic Content Dump
Andrew Stiles • September 22, 2021 6:30 pm

Netflix, a media conglomerate with ties to former president Barack Obama, announced on Wednesday its acquisition of British author Roald Dahl's estate and promised to produce "a unique universe across animated and live action films and TV, publishing, games, immersive experiences, live theatre, consumer products and more."

In addition to authoring such classics as Matilda and Charlie and the Chocolate Factory, Dahl was a virulent anti-Semite who would have already been ruthlessly canceled by woke scolds if his bigotry had been directed at any other vulnerable minority.

I completely understand the desire to censor all of Dahl's work from history because of his anti-semitism.

On the other hand, with Netflix buying Dahl's estate, I no longer feel uncomfortable buying his famous children's books because the money will no longer be going to his family (which seems to have taken a conspicuously long time to publicly disagree with Roald's statements).

Of course, I don't approve of Netflix's politics very much either, but that's another discussion.

Tuesday, August 24, 2021

Naked Security: How a gaming mouse can get you Windows superpowers!

No comments:
How a gaming mouse can get you Windows superpowers!
By Paul Ducklin,

What if you’re a gamer who wants to be a sysadmin? On someone else’s computer?

Well, apparently, until last week at least, gamer-centric mice and keyboards from popular vendor Razer could help you to do just that.
...

  • You plug in a Razer gaming mouse for the first time.
  • Windows detects that this device type has special software and drivers that will make it work Even Better than a regular mouse.
  • Windows finds Razer’s official addons in the Windows Update cloud.
  • Windows downloads and launches the offical addons so you don’t have to.
  • The Razer app helpfully ends with a clickable directory name, showing you what ended up where in the installation process.

...
The problem in this case is the point at which Razer’s app helpfully displays the name of the software installation directory at the end, even though it doesn’t need to.

That’s an active link in Razer’s app, so you can right-click on it and view the directory in File Explorer.

Then, once you’re in Explorer, you can do a Shift-and-right-click and use the handy option Open PowerShell window here, giving you a command-line alternative to the existing Explorer window.

But that PowerShell prompt was spawned from the Explorer process, which was spawned from Razer’s installer, which was spawned by the automatic device installer process in Windows itself…

..which was running under the all-powerful NT AUTHORITY\SYSTEM account, usually referred to as NTSYSTEM or just System for short.

So the PowerShell window is now running as System too, which means you have almost complete control over the files, memory, processes, devices, services, kernel drivers and configuration of the computer.

Wow. A chain of good intentions all leading to an exploitable system vulnerability. I realize that Razer has (or will soon) fix this bug in their driver installation tool, but it seems to me that Microsoft should do something to prevent this from being possible in the future. Maybe do something so an installer trying to open a URL (or an Explorer process) does so at the user's normal privilege level instead of at the driver installer's level (which, of course, needs to be at a higher level in order to perform the installation).

Tuesday, August 03, 2021

Homestar Runner rises again!

No comments:
If you have no idea what this subject line is talking about, then you missed out on what used to be one of the coolest parts of the Internet.

Homestar Runner is/was a web site full of silly animations and games, written almost entirely in Flash. Unfortunately, with the demise of Adobe Flash, most of the site ended up a giant mess of broken links. And for those of us who got rid of Flash before Adobe shut it down, the site stopped working a long time ago.

Fortunately, it appears that some enterprising engineers develpped Ruffle, a Flash Player emulator that can be embedded in web sites, and the Homestar Runner people have been busy converting their site over to it.

As its disclaimer says, "Not every cartoon and game works perfectly just yet so be patient and expect some jankiness here and there while we keep a-workin!", but it is pretty good. And I can once again enjoy all of the StrongBad Emails, not just the ones that have been converted to YouTube videos.

And since this post wouldn't be complete without them, here are a few of my all-time favorite StrongBad e-mail videos:

Tuesday, July 20, 2021

Google shutting down Bookmarks

1 comment:

I just saw this message this morning. So Google shuts down yet another really useful web service, forcing the rest of us to scramble in search of an alternative.

Once again, the point is hammered home: If you aren't paying for the service, then you are not the customer, you are the product. And cloud-based software means it can be taken away from you at any time and you will have absolutely no recourse when it happens.

And now I need to either switch back to using locally-stored bookmark files, create a web page somewhere to provide remote access, or switch to a different cloud service and risk them in turn going away.

And now my question to you: Is there a good alternative? Ideally, it should offer:

  • Stored on an Internet-hosted server so I can access bookmarks when I'm away from home
  • Cross-platform. Should work with multiple browsers (especially Firefox, but ideally others as well) and on multiple platforms (Windows, macOS and Linux)
  • Have a convenient browser add-on so the bookmarks can be presented as a menu somewhere (ideally on its bookmarks toolbar)
I know Apple supports shared bookmarks via iCloud, but it only supports their Safari browser on Apple devices. Firefox offers a sync service, but it only supports Firefox.

If you know of any other good alternatives, please let me know.