Tuesday, September 26, 2023

The oldest woden structure built by humans is almost half a million years old

That's longer than Homo Sapiens Sapiens has been around:

The well-preserved remains of a wooden structure that is no less than 476,000 years old, pre-dating the appearance of Homo sapiens by 100,000, have been discovered at Kalambo Falls in Zambia. Two logs were found in an interlocking position, joined by an intentionally cut notch. Early hominins whittled, shaped and stacked timbers into an unidentified structure that may have been a shelter, a raised track, a fishing platform or something else entirely.

That's really, really old.  And it's wood, not stone.

Monday, September 25, 2023


What do you call an apologywritten in dots and dashes?

A remorse code.

Sunday, September 24, 2023

This is why there's a shortage of Clorox bleach

They got hacked:

Shoppers are seeing shortages of some familiar household products, from cleaners like Clorox and Tilex to Burt's Bees balms and Glad trash bags, as The Clorox Company tries to recover from a cyberattack it disclosed in August.

The company reported on Monday that, because of the damage the cyberattack caused to its internal systems, it is processing orders at a slower-than-normal rate, in some cases bypassing its automated systems and handling orders manually.

We have constructed the infrastructure of the 21st century out of moonbeams and cotton candy.


Friday, September 22, 2023

Big security news

Via Dwight, Cisco buys security vendor Splunk for $28B:

Cisco is making its most expensive acquisition ever – by far - with an announcement it's buying data crunching software firm Splunk for $157 per share, or approximately $28 billion (£22.8b).


Per Cisco, the deal will bring Splunk's analytics capabilities to Cisco to create a new model of cybersecurity that prioritizes threat prediction and prevention over threat detection and response.

This is really big news.  I have no insight into what "threat prediction" is or how it would work other than to echo Yogi Berra - prediction is hard, especially about the future.


Monday, September 18, 2023

Huh. So they didn't do this?

Chrome browser to notify you when an extension is removed from the Chrome store:

Google is testing a new feature in the Chrome browser that will warn users when an installed extension has been removed from the Chrome Web Store, usually indicative of it being malware.

An unending supply of unwanted browser extensions is published on the Chrome Web Store and promoted through popup and redirect ads.

These extensions are made by scam companies and threat actors who use them to inject advertisements, track your search history, redirect you to affiliate pages, or in more severe cases, steal your Gmail emails and Facebook accounts.

The problem is that these extensions are churned out quickly, with the developers releasing new ones just as Google removes old ones from the Chrome Web Store.

Unfortunately, if you installed one of these extensions, they will still be installed in your browser, even after Google detects them as malware and removes them from the store.

Kudos to Google on this but it's a little surprising that this wasn't in from day one.  And the fact that they did this makes you wonder just how big a problem this is.  My take is "big".

And as to extensions, remember Borepatch's First Law of Security from back in 2008: "Free Download" is Interwebz-speak for "open your mouth and close your eyes."

Sunday, September 17, 2023


What kind of tree fits in your hand?

A Palm Tree.

Tuesday, September 12, 2023

Data privacy in cars is basically non-existent

This is not surprising, but a systematic analysis from the Mozilla Foundation shows that no car company takes data privacy seriously - and Tesla tops the list of shame by having serious shortfalls in each of the five key privacy areas.  Most of the other big names (Ford, Mercedes, BMW, the GM stable) have issues on four.

Here are some highlights:

Some not-so-fun facts about these rankings:

  • Tesla is only the second product we have ever reviewed to receive all of our privacy “dings.” (The first was an AI chatbot we reviewed earlier this year.) What set them apart was earning the “untrustworthy AI” ding. The brand’s AI-powered autopilot was reportedly involved in 17 deaths and 736 crashes and is currently the subject of multiple government investigations.
  • Nissan earned its second-to-last spot for collecting some of the creepiest categories of data we have ever seen. It’s worth reading the review in full, but you should know it includes your “sexual activity.” Not to be out done, Kia also mentions they can collect information about your “sex life” in their privacy policy. Oh, and six car companies say they can collect your “genetic information” or “genetic characteristics.” Yes, reading car privacy policies is a scary endeavor.
  • None of the car brands use language that meets Mozilla’s privacy standard about sharing information with the government or law enforcement, but Hyundai goes above and beyond. In their privacy policy, it says they will comply with “lawful requests, whether formal or informal.” That’s a serious red flag.
  • All of the car brands on this list except for Tesla, Renault, and Dacia signed on to a list of Consumer Protection Principles from the US automotive industry group ALLIANCE FOR AUTOMOTIVE INNOVATION, INC. The list includes great privacy-preserving principles such as “data minimization,” “transparency,” and “choice.” But the number of car brands that follow these principles? Zero. It’s interesting if only because it means the car companies do clearly know what they should be doing to respect your privacy even though they absolutely don’t do it.

So what do you do when choosing a new ride?  Some ideas come to mind ...