• 0 Posts
  • 11 Comments
Joined 1 year ago
cake
Cake day: August 3rd, 2023

help-circle

  • HyperMegaNettolinuxmemes@lemmy.worldActivate Linux
    link
    fedilink
    arrow-up
    2
    ·
    2 months ago

    I’m not sure if you’re being serious here or not, but I too have a tux tattoo. I knew at the time that it wasn’t a unique idea, but I’ve never met anyone else who has one. There must be dozens of us.

    Do people also ask you if it’s Pingu or something from club penguin?


  • There are lots of reasons to dislike Trump or question his ability to be a good president, but whether he uses adult incontinence products should not be one of them.

    A lot of people will experience incontinence issues at some point in their lives (roughly 1 in 3 women and 1 in 4 men), so it’s a surprisingly normal thing. Obviously not all of those people will need or want to use incontinence products, but many do, at least in some situations. That can be anything from relatively small liners designed for light leakage all the way to what many people would consider a “diaper” designed for greater absorption. In any case, none of those products prevent people from living normal lives and doing whatever activities they want with their day. I mean astronauts and fighter pilots wear them sometimes, and they have notoriously rigorous schedules and extremely demanding jobs.

    The idea that it should be treated as a disability because he’ll need to take longer toilet breaks is absurd. Different people take different amounts of time to go to the toilet, for any number of reasons, and many people who use incontinence products are perfectly capable of doing what they need to do in a “normal” time. I also just think it’s ridiculous to be considering how long it takes for someone to go to the toilet as part of their eligibility for a certain job. People should be allowed to take however long they want to go to the toilet, without concern for whether it’s taking too long. It’s really just basic human decency and respect to allow people to manage their own body.

    Finally, it’s worth noting that if Trump uses incontinence products, he faces a uniquely difficult situation because men’s toilets are often not equipped with facilities to dispose of sanitary products. Women’s toilets almost universally have bins or other systems to dispose of sanitary products, but it is relatively uncommon for men’s toilets.This means that men are often forced to either dispose of these products improperly (flushing them down the toilet, leaving them somewhere that isn’t designed for it, etc.) or taking the used products with them to dispose of elsewhere. Neither of those is a good option. Purpose built facilities to dispose of products like that should be available universally in all restrooms.


  • From what I’ve read, it sounds like the update file that was causing the problems was entirely filled with zeros; the patched file was the same size but had data in it.

    My entirely speculative theory is that the update file that they intended to deploy was okay (and possibly passed internal testing), but when it was being deployed to customers there was some error which caused the file to be written incorrectly (or somehow a blank dummy file was used). Meaning the original update could have been through testing but wasn’t what actually ended up being deployed to customers.

    I also assume that it’s very difficult for them to conduct UAT given that a core part of their protection comes from being able to fix possible security issues before they are exploited. If they did extensive UAT prior to deploying updates, it would both slow down the speed with which they can fix possible issues (and therefore allow more time for malicious actors to exploit them), but also provide time for malicious parties to update their attacks in response to the upcoming changes, which may become public knowledge when they are released for UAT.

    There’s also just an issue of scale; they apparently regularly release several updates like this per day, so I’m not sure how UAT testing could even be conducted at that pace. Granted I’ve only ever personally involved with UAT for applications that had quarterly (major) updates, so there might be ways to get it done several times a day that I’m not aware of.

    None of that is to take away from the fact that this was an enormous cock up, and that whatever processes they have in place are clearly not sufficient. I completely agree that whatever they do for testing these updates has failed in a monumental way. My work was relatively unaffected by this, but I imagine there are lots of angry customers who are rightly demanding answers for how exactly this happened, and how they intend to avoid something like this happening again.



  • I know you’re joking, but having a seperate phone exclusively for work stuff is actually great, specifically because it makes it easier to entirely seperate yourself from work. At my old job, I was given a work phone and it was the only phone number I used for all my work stuff. When I was at work, I would answer it, and outside of that it was off or on silent in my work bag. If they wanted me to answer outside of work hours, they had to pay me on-call rates. The same thing applied to group chats and other work-related stuff like that, (e.g. emails). It all went to that phone, and unless I was being paid to be contactable outside of work hours, I wouldn’t be.

    The only exception to that was my manager and a select few people who had my personal number for genuine emergencies, and if they used my personal number to contact me asking me about work, it was entirely at my discretion to respond and would mean I’d get on-call pay.

    It also meant I could keep my work and personal accounts/apps/etc. completely seperate. If they asked me to download some random app, I could do it on the work phone without worrying about whether they would be able to access other data on my phone or anything like that. Whenever I needed a phone number for 2FA or whatever, I could use the work number and not worry about where exactly that number would end up or how it might be used. For example, I used my work number to register for a conference, and then for months afterwards I would get calls and texts from sales people. That was still slightly annoying, but it was much better than getting calls on my personal phone.

    It also meant that when I left that job, I could just wipe that phone without having to worry about having personal data on there, because I never used it for anything except work stuff.

    It does sound like Microsoft is asking their employees to pay for an iPhone which is a bit dodgy in my opinion, but I’d still probably take the opportunity to use it completely for work and keep my personal phone seperate. It’s easy enough to get another number, and then when you leave that job you can cancel it and get a new number for the next job, cutting that link entirely.



  • It looks suspiciously like a pay-for-award company that gives out awards to just about any product for parents/educators/related to children or parenting, as long as you pay the “application fee” (although they specifically say an award isn’t guaranteed).

    I mean looking at their website they seem to give out an awful lot of awards, and they mention that for $500, you’ll get to use their award seal on your product and receive 100 award stickers, and for $1,500 you get more stickers, plus they’ll post about your product on their website.

    Call me crazy, but I’d think that if an award isn’t guaranteed, they’d make you pay for the initial application to start with, and then (assuming you “win” an award) they’d offer to promote your product for an additional payment, once they’ve decided that you’re eligible. The fact that they talk so openly about how paying a larger application fee gets you promoted on their site (and some other stuff) makes it seem suspiciously like a pay-for-award scheme to me.



  • I’m not the person you responded to, but the Assistance and Access Act 2018 is probably a good place to start. Here is a page from the Aus Government about it, but the very short version is that the government can ask tech providers to assist them with building capabilities into their systems to allow the government to access data to help with the investigation of certain crimes. In some cases these will be voluntary requests, in other cases they will be requests that must be fulfilled, including asking providers to add capabilities that the government has developed.

    There’s a lot more detail about it, and the government insists that they won’t ask providers to create systematic weaknesses or to decrypt communications entirely, but it’s not clear to me exactly how those ideas are actually implemented. Unfortunately, much of the process (likely the entire process) is not made public, so as far as I’m aware there aren’t any good examples of requests that the government has made and what sorts of things have or haven’t been implemented.


  • Although I might be telling you something you already know (and at risk of sounding really boring); it sounds like what they’re really doing here is standing up a system that is certified to handle data up to “top secret” classification. The fact that such a system exists, in and of itself, is clearly not a secret.

    There are a huge number of requirements for systems handling data like that, everything from specific requirements for how physical cables are labelled, to which cryptographic algorithms are used for encryption, all the way through to corporate governance and management plans within the organisations that are involved. It is essentially a giant exercise in bureaucratic box ticking (although I can understand why governments want to be thorough about this stuff).

    After completing that entire process, what you’re left with is usually a fairly standard computer system, plus a whole bunch of assurances that this specific system is okay to use for “top secret” information. The actual capabilities of the system (and certainly the data within it) may well be top secret, but the existence of the system isn’t.

    It’s broadly similar to the GovTeams PROTECTED system. The existence of the system itself is public information, complete with a relatively slick website, but the actual access to the system is controlled. A quick glance at that website makes it clear that GovTeams is essentially just MS Teams / MS365 but certified for “PROTECTED” information. In the same way, I would bet money on it that this "top secret " cloud system ends up just being a fairly standard commercial offering from a major cloud provider (Azure, AWS, etc.) which is approved for storing top secret information after the parties involved complete the required box ticking.