Next big thing: bitcoin-mining malware that spends the mined bitcoins on sending sex toys to random people?
Scarlet_Manuka
@Scarlet_Manuka
Best posts made by Scarlet_Manuka
-
RE: Amazon says sex toys are being mailed to strangers and doesn’t know how to stop it
-
Oracle knows when you should change your password
I've submitted this to Error'd, but thought the fundamentals deserved an audience here as well.
First, I don't know why this would ever be a thing. What if I discover someone else knows my password?
But the real problem is the page I'm getting this error on.
Yep, I'm trying to log in and being redirected to a forced-reset page. Where it tells me that I can't change my password because Oracle knows best and I don't need to change it yet.
I did wonder if the real error was that the special characters in my password were too special and it was just throwing this up as a default error message, but even when I go to alphanumerics only I get the same message (and numerics are required by the password policy so I can't dial it back any further).
-
Let's rely on undefined behaviour for memory safety
I'm sure some of you saw this on The Old New Thing as well, but I couldn't find anything on it here, so.
Raymond Chen
Peter Atashian(in article): It is your responsibility as a programmer not to call AcquireSRWLockShared or AcquireSRWLockExclusive from a thread that has already acquired the lock. Failing to comply with this rule will result in undefined behavior.
: Wait, am I seriously not allowed to call these recursively? Rust legitimately relies on being able to safely call any of the acquire methods at any time even if it is already acquired in the same thread. If it seriously results in memory unsafe undefined behavior then that is a huge deal.
: The fact that they cannot be acquired recursively is what makes them slim! Attempting to acquire recursively results in undefined behavior.
: Rust currently relies on them being memory safe. So if by undefined behavior you mean that memory unsafety can occur, this means Rust cannot rely on SRWLocks anymore and will have to change its implementation to something else, such as a custom implementation on top of NT Keyed Events. Are keyed events de facto stable at this point? Can Rust rely on their API continuing to exist in the future and not changing?
: The behavior is undefined. It might deadlock. It might succeed. It might (and probably will) cause the lock to fail to fulfil its contract in the future. [...] Keyed events are not documented and therefore come with no stability guarantee.
: [...] so Rust cannot use SRWLocks. And because keyed events have no stability guarantee this means that Rust cannot implement its own locks on top of them either. So basically Rust is screwed in this regard. Thanks Microsoft.
: Let me get this straight. You intentionally invoked undefined behavior, and now you’re upset that the undefined behavior isn’t undefined in the way that you like, and somehow that’s Microsoft’s fault.
: Nah, it is Rust’s fault for not reading the documentation fully enough and understanding all the consequences. However, [...] it is Microsoft’s fault that we cannot use either keyed events or SRW Locks for it.
: Okay, so it’s Microsoft’s fault that it wrote a synchronization primitive that doesn’t exactly meets your needs. Gotcha.
: Are you sure SRWs and keyed events are your only options here? Windows has more synchronization objects than that…
: Exactly. Don’t blame Microsoft because someone apparently hasn’t heard of parts of the Windows API that have been around since the first version of Windows NT.
I particularly like the way the first reaction to "OMG we're invoking undefined behaviour here" is "let's use an undocumented feature instead!" Yeah, there's no way that could go wrong.
-
TRWTF is that they had to write this
Background information on Oracle database rowids, which are used internally in indexes and such:
The rowid of a row specifies the datafile and data block containing the row and the location of the row in that block. Locating a row by specifying its rowid is the fastest way to retrieve a single row, because the exact location of the row in the database is specified.
So I was looking up syntax for an Oracle index hint, and I came across this in the documentation:
Rowids are an internal Oracle representation of where data is stored. They can change between versions. Accessing data based on position is not recommended, because rows can move around due to row migration and chaining and also after export and import. Foreign keys should be based on primary keys. For more information on rowids, see Oracle Database Application Developer's Guide - Fundamentals.
The scary part is that you know this means that someone, somewhere, tried using rowids as a foreign key, and then complained to Oracle when it stopped working.
-
Blakeyxkcd and the years and years of struggling with broken software that just so happens to use git
Today's xkcd almost feels like it could have been written (though perhaps not drawn) by @blakeyrat.
... except there's not enough ranting about how broken the interface is.
-
RE: Good article on the root of Windows quality problems
I liked this, from one of the reader comments on the article:
Moving to Linux is like being stuck in a cage with a tiger, but I figured out, over time, that tigers are predictable. They can maul you with teeth and fangs, but they don't grow wings and carry you up 100 feet and drop you. Windows 10 is like being stuck in a cage with a very shadowy corner that holds a grue. The types of torment and even the shape of the tormentor are completely unknown and seem to strike without notice.
-
RE: WTF Bites
Our contacts table has a column called SUSP_WTCH_FLG. I can only parse this as "Suspected Witch Flag"; I refuse to accept any more reasonable explanation.
OK, I checked - It's referred to either as "Watchlist Flag" or "Global Watchlist Flag" in the places it's used.
-
RE: Windoze 10 Fall 2018 Flopdate, now with even more nothingness
Hearing about this issue with the October update gave me a bit of a quandary.
: Hmm, it's been a while since I did a backup, I'd better do one. System image backup please.
: Error, haha
: Strange, let's try that again.
: Error, haha. Do you want help with this error?
: Eh... sure, why not.
: Maybe this thread with somebody complaining about the same problem, but without any resolution, will help?
: ... no, not really.
: How about these other two threads on unrelated issues? Do they solve your problem?
: Why did I ever think this might help?
: Hey, lots of people have this issue starting with version 1703.
: Apparently it's fixed in the October update. -
RE: A fool and his not-really-money are soon parted
I know it's the Reg, but still relevant.
"We found a proliferation of press releases, white papers, and persuasively written articles," Burg et al wrote on Thursday. "However, we found no documentation or evidence of the results blockchain was purported to have achieved in these claims. We also did not find lessons learned or practical insights, as are available for other technologies in development."
Blockchain vendors were keen to puff the merits of the technology, but when the three asked for proof of success in the field, it all went very quiet.
Blockchain has been wildly mis-sold, but underneath it is a database with performance and scalability issues and a lot of baggage. Any claim made for blockchain could be made for databases, or simply publishing contractual or transactional data gathered in another form.
As with every bubble, whether it's Tulip Mania or the Californian Gold Rush, most investors lose their shirts while a fortune is being made by associated services – the advisors and marketeers can bank their cash, even if there's no gold in the river.
Latest posts made by Scarlet_Manuka
-
RE: Oracle knows when you should change your password
@Mason_Wheeler It had the password policy box there complete with indicators to show whether your suggested password was in compliance - as I recall it did have a "not the same as last 4 passwords" item, but the various passwords I attempted to change to fulfilled all requirements including that one.
I mean, my ultimate plan was indeed to cycle through a few dummy ones and then back to my normal password for that environment, but I didn't get far enough to try.
(In the end I just logged in using the same account our system uses to drop the files there. Worked well enough for what I needed, which was to delete one file from this system that I log in to less often than once a year.)
-
Oracle knows when you should change your password
I've submitted this to Error'd, but thought the fundamentals deserved an audience here as well.
First, I don't know why this would ever be a thing. What if I discover someone else knows my password?
But the real problem is the page I'm getting this error on.
Yep, I'm trying to log in and being redirected to a forced-reset page. Where it tells me that I can't change my password because Oracle knows best and I don't need to change it yet.
I did wonder if the real error was that the special characters in my password were too special and it was just throwing this up as a default error message, but even when I go to alphanumerics only I get the same message (and numerics are required by the password policy so I can't dial it back any further).
-
Electricity yay
A year or so ago we replaced the light in our bedroom with a ceiling fan / light combo. Since it's a retrofit the fan controls are on a different wall to the light switch.
For the last few weeks we've been having issues with the light: sometimes it won't turn on. There are no issues with the fan. When the light does turn on, it stays on until the switch is turned off. When the light doesn't turn on, flipping the switch again doesn't help; it generally won't turn on until quite some time later (maybe a few hours). The light bulb is secure in the socket. It's a CFL bulb.
Any ideas on what I should look for to find out what's going on here?
-
RE: WTF Bites
TLDR: Person A spent 4 weeks in jail earlier this year after a notebook containing terrorism plans was found. He was released when handwriting experts could not match his handwriting to the handwriting in the book. Now Person B has been arrested for planting the notebook in an attempt to frame Person A for terrorism - apparently due to a dispute over a girl.
Now I admit to having been out of the dating scene for a long time, but I can't imagine that framing your rival for a terrorist plot is a great winning move, romantically.
-
RE: Windoze 10 Fall 2018 Flopdate, now with even more nothingness
@topspin said in Windoze 10 Fall 2018 Flopdate, now with even more nothingness:
although from your screenshot it seems that in the start menu they’re only in the right click menu, whereas windows 7 showed an arrow next to it indicating you could open such a menu right there.
Yep, this. Until I read this thread just now I thought the jump lists had gone from the Start Menu, because the arrow that used to be there to access them isn't there any more and apparently we were supposed to just realise that right-clicking the item was the way to do it now. The only time I ever right-click a Start menu item normally is to launch an elevated command prompt, so I'd never seen the jump lists appear this way in Win10.
@acrow said in Windoze 10 Fall 2018 Flopdate, now with even more nothingness:
The best feature Microsoft could add to Windows now is an opt-in list of checkboxes of what pieces of bloat to include/exclude in the installation. To be presented at installation time and
respected ever sinceoverwritten with every update, and randomly by patches in between.FTFM
I mean, yes, your way would be nicer. But at this point I don't think it's within Microsoft's capabilities to actually deliver.
-
RE: WTF Bites
^^ Not sure where it gets that title from; the article headline is "CIMON, the International Space Station’s artificial intelligence, has turned belligerent" which is rather more descriptive.
Lots of HHGTTG references in the article. Key points:
In this case, the free-floating IBM artificial intelligence was — for the first time — interacting with ESA astronaut Alexander Gerst.
[...]
He then helps Gerst complete a task — and responds to a request to play the song Man Machine by Kraftwerk.From the article, it sounds like it basically froze at this point; it would not turn off the music or respond to any other commands. But then:
A flustered and bemused Gerst then appealed to Ground Control for some help: how does one put an obdurate robot back in its place?
CIMON overheard the appeal.
“Be nice, please,” it warned Gerst.And so:
CIMON’s now back in his box, powered down.
No further interactive sessions are planned for the immediate future. -
RE: Automation!
@kazitor said in Automation!:
@Eric-Ray I, uh... so "q" is near "2", I get that, but... how did they manage to capitalise it?
Autocorrect for "third quarter" abbreviation?
-
RE: WTF Bites
@Lorne-Kates said in WTF Bites:
If there is ever a way that I can kill someone through the Internet with a blog post
The one upthread praising the benefits of eating raw chicken seems to be on the right track.
-
RE: A fool and his not-really-money are soon parted
I know it's the Reg, but still relevant.
"We found a proliferation of press releases, white papers, and persuasively written articles," Burg et al wrote on Thursday. "However, we found no documentation or evidence of the results blockchain was purported to have achieved in these claims. We also did not find lessons learned or practical insights, as are available for other technologies in development."
Blockchain vendors were keen to puff the merits of the technology, but when the three asked for proof of success in the field, it all went very quiet.
Blockchain has been wildly mis-sold, but underneath it is a database with performance and scalability issues and a lot of baggage. Any claim made for blockchain could be made for databases, or simply publishing contractual or transactional data gathered in another form.
As with every bubble, whether it's Tulip Mania or the Californian Gold Rush, most investors lose their shirts while a fortune is being made by associated services – the advisors and marketeers can bank their cash, even if there's no gold in the river.
-
RE: WTF Bites
@Polygeekery I think it's reasonable for an unsophisticated user to assume that "press the power button and everything goes off, press it again and everything comes back on" is in fact doing a reboot.
I also don't think they were necessarily trying to do a hard reboot - they probably don't even understand what that is. I expect they were trying to do a shutdown-startup cycle, and if the power button behaviour had been set to shutdown, it would have worked.
I personally would like to be able to update as part of shutdown. But these days 95% of the update work seems to be deferred until startup, so (as happened last night) when there are pending updates I do "update and restart", then shutdown; it's silly and wasteful of my time, but better than doing "update and shutdown" and then turning on the computer in the morning and being unable to use it for 45 minutes while it finishes updating (including five minutes of the clearly inaccurate "100% complete" message).
You could consider asking your users about restarting, rather than rebooting. It's a tiny linguistic change but does correspond with the terminology displayed by Windows, so may be more likely to trigger the correct course of action.
Or just change the power plans so that power button = shutdown, I guess.