• 0 Posts
  • 332 Comments
Joined 2 years ago
Cake day: June 7th, 2023
  • sylver_dragon@lemmy.worldtoAsk Lemmy@lemmy.worldCould Microsoft/the USA technically turn off Windows and Office for Europe?English
    141·
    3 days ago

    Stopping Windows from running, probably not. MS could stop sending updates and could deactivate it, but it would mostly keep running. And, if any EU/Russian systems were not connected to the internet (yes, this sort of thing still happens in 2025), nothing MS did would matter. Office/Azure and other cloud based services are more vulnerable. Yes, Microsoft could geo-fence those services such that they did nor work if you were coming from an IP address in EU/Russia. Though, the simple workaround for this is to install a VPN. And given US sanctions on Russia, this is probably happening right now anyway.

    As much as the tin-foil hat crowd likes to think about MS having some master control switch, it’s incredibly unlikely. The problem with backdoors is that hackers are constantly looking for ways to attack systems, especially Windows. If there was some sort of master “off switch” baked into the code, it’s likely some one would have stumbled upon it by now. Even if it’s that well hidden, it’s a “one use” item with high reputational damage attached. Stop and consider for a moment, what happens when that kill switch gets used? It’s going to be picked up on. People record internet traffic for fun. As soon as that kill command went out, security researchers, the world over, would be dissecting logs to find the command, and then it would be reversed engineered. That MS had such a kill switch in their codebase would cause massive distrust in MS software going forward. No one would want to take the risk of having that kill switch running in their environment, certainly not on anything critical. Also, given how bad people are at updating Windows, we’d probably see a lot of systems killed by hackers just doing hacker things. Since the versions with the kill code would be know, you’d get bored teenagers searching Shodan for vulnerable systems and sending the kill command for fun. And all of this would be “Microsoft’s fault” for having the backdoor. It would be a PR nightmare. And since everyone would now know what the kill command looked like, anyone who mattered would install filters to block it at the firewall. So, it got used once, caused some damage with a lot of damage to MS’s reputation but is now neutralized. Was it worth it? Probably not to Microsoft.

  • sylver_dragon@lemmy.worldtoAsklemmy@lemmy.mlHow do people manage to actually get jobs through online applications (US citizen here)?English
    4·
    3 days ago

    I never get any responses, until like 3 days later when I check my spam folder and realize my scheduled interview appointment came from some random server that got deleted as spam mail.

    It sucks, but this is kinda on you. Spam filters are pretty terrible at what they do. And with everyone and their dog adding “AI” to their security tools, it’s only getting worse. There is a fuckton of spam being sent to email addresses all the time. And the spammers are doing their level best to make that spam look more and more like legitimate emails. So, the terrible spam filters and crappy AI are hard pressed to filter out all the crap and not catch legitimate emails. And this problem with false positives is one of the reasons a lot of spam still sneaks through, most of the filters tend to err towards false negatives over false positives. Still, false positives will happen. If you are expecting an important email, you’re going to need to dive into the cesspit which is your spam folder regularly and make sure that email didn’t end up there.

    As for the issues around job hunting, ya that whole process can suck. Depending on your skillset, experience and job criteria, the pool can get pretty small pretty fast. And online job hunting means that companies are getting hundreds of resumes for postings. On top of that, companies have stopped training and don’t do anything to build internal talent pipelines. So, if you are earlier in your career, you get stuck in a loop of not having experience, so no one will hire you to get experience. It just sucks and I don’t have an answer for you, only to keep plugging away and understand it’s a numbers game. Eventually the dice will come up for you, but that “eventually” can really, really suck.

  • sylver_dragon@lemmy.worldtoAsklemmy@lemmy.mlWhich die do you chose?English
    3·
    8 days ago

    Do note that I made a mistake in the original post, but the conclusion was still the same. I forgot to divide the Expected Value (EV) for all dice by 6 (the number of faces).

    If you could design a die with average face value of 3, min face value of 0, max face value of 6, what would be the best die?

    I’m not sure how to prove this empirically, but playing with it on my whiteboard I get a sense that the die 444222 is going to have the best EV, under the given constraints and my value assignments. The real kicker is “average face value of 3”. Given that constraint, you will never be able to create a die with a positive or even zero EV using my values. Consider die 333333 and each face’s value:

    3 3 3 3 3 3
    -1 -1 -1 -1 -1 -1

    This die has an average face value of 3 ( (3 * 6) / 3) and we can consider changing any face up or down. But, in order to keep the average a 3, moving one face up one number requires we move a different face down one number and vice-versa. For example, if we push one face from a 3 to a 4, we must also pull one face from a 3 to a 2 to balance out the average. And because the value for positive value numbers (4, 5, 6) starts off one doubling behind the values for the negative value numbers (3, 2, 1, 0), going any further than 4 in the positive direction on a face means that another face will be pushed down far enough to cancel out the benefit of going to a 5 or beyond.

    To look at it another way (the way I did on my whiteboard), let’s just consider a two sided die (a coin flip). Using the same values for each number, we can consider a 33 coin. This has an EV of -1 ( (-1 * 2) / 2) and an average of 3 ( (3 * 2) / 2 ). Now, move the numbers, but keep the same average of 3. Moving to a 42 coin changes the EV to -1/2 ( (+1 + (-2)) / 2 ) and the average is still 3 ( (4 + 2) / 2 ). The EV got better. So, let’s take another step in each direction. We get a 51 coin with an EV of -1 ( (+2 + (-4)) / 2) and the average is unchanged at 3 ( (5 + 1) / 2 ). And going to a 60 coin takes us to an EV of -2 ( (+4 + (-8)) /2 ) with a average of 3 ( (6 + 0) / 2 ). This means that the best coin for this scenario is a 42 coin. Taking that coin idea back to the die, you can think of the die as a bunch of linked coins. If you want one face to be a 5 the one face must be a 2, which would be worse than having the pair of faces be a 4 and a 2. So, to maximize the EV, you want to create a bunch of 42 pairs.

    Of course, we could fiddle with multiple faces at once. What about a 622233 die. Well, it gets worse. EV is -2/3 ( +4 + (-2) + (-2) + (-2) + (-1) + (-1))/6).
    Maybe a 522333, EV is -5/6 ( (+2 + (-2) + (-2) + (-1) + (-1) + (-1)) / 6). Again, since lower numbers get a more negative valuation faster than higher numbers get a positive valuation, you just really don’t want to let numbers get any lower than necessary. The 42 paring just happens to hit a sweet spot where that effect isn’t yet pronounced enough to cause the EV to drop off.

    So ya, while I don’t know the maths to prove it. I’m gonna say that the 444222 probably maximizes the EV under the given model.

  • sylver_dragon@lemmy.worldtoAsklemmy@lemmy.mlWhich die do you chose?English
    6·
    8 days ago

    Option C “222444”.
    I coded successes as positive values and failures as negative values. I arbitrarily used a doubling for each greater success/failure level and came up with the following value coding:

    0 1 2 3 4 5 6
    -8 -4 -2 -1 +1 +2 + 4

    This results in the following expected values for the offered dice:

    A: -2
    B: -1
    C: -1/2
    D: -1

    All dice are bad, option C is the least bad. And this kinda makes sense. For option A, you may have a fantastic success, but you are also just as likely to complete crash out. And a “crash out” should happen after very few rolls. Option B is a slightly less extreme version of this, but any gains from the 5 results should be more than wiped out by the 1 results. And those should be happening with similar frequency. Option C is again the same thing, but with a slower circling of the drain. 4 results let you recover some, but the 2 wipes out that 4’s benefits and more resulting in a slow decline. And option D is just straight out bad, every result is a failure.

    It seems that the only good choice is not to play. ;-)

    EDIT: I realized, I made a mistake in my original numbers, I forgot to divide by 6. And this is why coffee should come before math. The conclusions are still the same, but the numbers are different. I’ve corrected those.

  • sylver_dragon@lemmy.worldtoAsklemmy@lemmy.mlWhich die do you chose?English
    2·
    8 days ago

    I’m going to go with option C with the following reasoning:
    I’m going to assigned (somewhat arbitrarily) the following values to each outcome:

    0 | 1 | 2 | 3 | 4 | 5 | 6

    • | - | - | - | - | - | - -8 | -4 | -2 | -1 | +1 | +2 | +4

    This codes failure outcomes as having a negative value and success outcomes as having a positive value, with the value doubling for each increase in success/failure. So, the expected value for the 4 options are:

    A: -12 B: -6 C: -3 D: -6

    Meaning all of the options are bad, but the least bad is option C. And this makes some intuitive sense. You have an equal chance of success or failure and while no success will be all that spectacular, you will also never suffer a spectacular failure. Die A seems like an interesting choice, but you would expect to suffer a catastrophic failure about half the time and that may end your ability to keep rolling. Die B is a slightly less bad version of die A, and may be an ok choice, if a 1 result doesn’t result in you no longer being allowed to roll. Though, if you are not able to stop rolling whenever you want, a 5 outcome is likely to be wiped out fairly soon. Die D is just straight out bad. It always results in a failure; so, there is no point playing.

  • sylver_dragon@lemmy.worldtoLinux@lemmy.mlFOSS project attacks on Github, malware injected in forks ransomware Linux machinesEnglish
    6·
    12 days ago

    It depends on the environment. I’ve been in a couple of places which use Linux for various professional purposes. At one site, all systems with a network connection were required to have A/V, on-access scanning and regular system scans. So, even the Linux systems had a full A/V agent and we were in the process of rolling out EDR to all Linux based hosts when I left. That was a site where security tended to be prioritized, though much of it was also “checkbox security”. At another site, A/V didn’t really exist on Linux systems and they were basically black boxes on the network, with zero security oversight. Last I heard, that was finally starting to change and Linux hosts were getting the full A/V and EDR treatment. Though, that’s always a long process. I also see a similar level of complacency in “the cloud”. Devs spin random shit up, give it a public IP, set the VPS to a default allow and act like it’s somehow secure because, “it’s in the cloud”. Some of that will be Linux based. And in six months to a year, it’s woefully out of date, probably running software with known vulnerabilities, fully exposed to the internet and the dev who spun it up may or may not be with the company anymore. Also, since they were “agile”, the documentation for the system is filed under “lol, wut?”

    Overall, I think Linux systems are a mixed bag. For a long time, they just weren’t targeted with normal malware. And this led to a lot of complacency. Most sites I have been at have had a few Linux systems kicking about; but, because they were “one off” systems and from a certain sense of invulnerability they were poorly updated and often lacked a secure baseline configuration. The whole “Linux doesn’t get malware” mantra was used to avoid security scrutiny. At the same time, Linux system do tend to default to a more secure configuration. You’re not going to get a BlueKeep type vulnerability from a default config. Still, it’s not hard for someone who doesn’t know any better to end up with a vulnerable system. And things like ransomware, password stealers, RATs or other basic attacks often run just fine in a user context. It’s only when the attacker needs to get root that things get harder.

    In a way, I’d actually appreciate a wide scale, well publicized ransomware attack on Linux systems. First off, it would show that Linux is finally big enough for attackers to care about. Second, it would provide concrete proof as to why Linux systems should be given as much attention and centrally managed/secured in the Enterprise. I know everyone hates dealing with IT for provisioning systems, and the security software sucks balls; but, given the constant barrage of attacks, those sorts of things really are needed.

  • sylver_dragon@lemmy.worldtoAsklemmy@lemmy.mlWhy hasn't anyone tried making a combustion engine using fusion?English
    2·
    15 days ago

    It was kinda thought of in the '50s. Ford’s concept the Nucleon was to use a fission reaction to heat water, which was used in a steam turbine engine. One of the issues folks worried about was, what happens in a crash? No, no one with a clue worried about a nuclear explosion, but the release of radioactive material would have been a real concern.

    Some of this might change with the use of fusion. But, it’s going to be a long time before a fusion reactor would be small/light enough to slap in a car. At the moment, we haven’t really demonstrated a reactor which can commercially produce a net output of power. There has been some small scale experiments which technically produce more power than is used to initiate the fusion; but, that also relied a bit on an accounting trick (they only counted the energy of the lasers themselves, not the total energy used).

    Also, when you get down to it, this is the ultimate goal of electric vehicles. Maybe someday, most of our electricity will come from grid scale fusion reactors. Those will charge the batteries which drive EVs. Moving the reactor into the car itself could happen some day. On the other hand, considering how poorly some folks maintain their cars now, would your really trust them to maintain a reactor? Again, not worried about explosions or anything silly. But, the release of radioactive material might still be a concern. It’s probably safe to just use batteries and keep the reactors locked up in large facilities.

  • sylver_dragon@lemmy.worldtoTechnology@lemmy.mlFirmware update bricks HP printers, makes them unable to use HP cartridgesEnglish
    7·
    16 days ago

    This is exactly the problem, they have no accountability for bad updates causing hardware to become unusable. So, Q&A just becomes a needless expense and untested firmware is dropped on users. Sure, you could try and sue, or more likely get fucked by a binding arbitration clause. But, the cost would be far beyond what the device costs. So, it never makes sense. There need to be fines when this shit happens, which are significant percentages of worldwide revenue, to scare companies into actually testing updates before they are released.

    In the end, all we can do is shake our heads and remind folks to never buy HP. They put out great products 30 years ago, but those days are long gone. Now, they just put out crap.

  • sylver_dragon@lemmy.worldtoLinux@lemmy.mlBenefit of Ventoy/Vhd for Windows vs Dualbooting? or VMEnglish
    3·
    1 month ago

    It depends on what your goals are.

    • Ventoy is good for having an alternate OS on a Thumbdrive. Even with a USB 3 device, you may encounter I/O blocking and find this isn’t suitable as a “daily driver” OS. However,. for booting something like Tails or Windows/Linux for OS specific hardware/applications, it can be a good solution.
    • Dualbooting is a good way to “test drive” an alternate OS and also have a way to fallback to the other OS if you regularly need access to some software which only runs on that OS. This is likely to have better performance than the USB/Ventoy setup at the cost of Windows fucking up the bootloader config from time to time.
    • Windows/Linux with a Linux/Windows VM is useful when you know what OS you want to run on a day to day basis, but have some reason to reach into the other OS on occasion and aren’t too worried about performance and hardware access in the alternate OS.

    Ultimately, it’s going to come down to what you are trying to do and why you want to run multiple Operating Systems. For example, my main system is running Linux. But, I want the ability to run Windows malware in a controlled sandbox (not a euphemism, I work in cybersecurity and lab some stuff for fun). So, I have KVM setup to run Virtual Machines, including Windows.

    For another example, prior to making the switch to Linux, I had Windows as my primary OS and booted Linux on a USB stick (not Ventoy, but close enough). This let me gain confidence that I would be able to make the jump.

    I don’t have a good example for dual booting. Maybe something like a SteamDeck where you want a stable, functional OS most of the time; but, have some games which will only run in Windows.

  • sylver_dragon@lemmy.worldtoAsklemmy@lemmy.mlUSA: When do you file your taxes?English
    1·
    1 month ago

    Did it a couple weeks ago and already received my refunds.
    Ideally, I would balance by tax withholding such that I owe a small amount some tax time. And that payment would then be delayed as late as possible to provide the largest marginal value for that money. But, I’m lazy and instead have gone mostly with the defaults and that results in me getting a refund regularly. So, why let the government hold onto my money any longer than necessary? As soon as I have my documents in hand, I file.